Welcome to this week's Symfony Station Communiqué. It's your weekly review of the most essential news in the Symfony and PHP development communities. Take your time and enjoy the items most valuable for you.
Please note that links will open in a new browser window. My opinions, if I present any, will be in bold.
As always, we will start with the official news from Symfony.
Highlight -> "This week, Symfony 4.4.37, 5.3.14, 5.4.3 and 6.0.3 maintenance versions were released. In addition, a potential security vulnerability related to CSRF tokens in forms was found and fixed in security releases for all maintained versions."
The team fixed a security issue. “The Symfony form component provides a CSRF protection mechanism by using a random token injected in the form and using the session to store and control the token submitted by the user. When using the FrameworkBundle, this protection can be enabled or disabled with the configuration. If the configuration is not specified, by default, the mechanism is enabled as long as the session is enabled.
In a recent change in the way the configuration is loaded, the default behavior has been dropped and, as a result, the CSRF protection is not enabled in form when not explicitly enabled, which makes the application sensible to CSRF attacks.”
They also fixed an issue with Twig. "When in a sandbox mode, the
arrow parameter of the
sort filter must be a closure to avoid attackers being able to run arbitrary PHP functions."
SymfonyCasts unveiled a Symfony 6 track with courses on Symfony 6, EasyAdmin, and Upgrading to Symfony 6. The Harmonious Development with Symfony 6 course is free!
Via SensioLabs: at Symfony World Winter 2021, two experts from SensioLabs were speakers. Following this online conference where more than 1,000 people attended in two days, they shared with us their experience and talked about their topic. A glimpse behind the scenes of the SymfonyWorld!
Platform.sh consolidates its management team with appointment of Ori Pekelman and Fabien Potencier as CSO and CPO. Don’t worry, Fabien isn’t leaving Symfony.
Symfony is excited to announce the organization of the international Symfony conference as initially planned at Disneyland Paris from November 15 to 18, 2022 for a full week of Symfony. Join us at SymfonyCon Disneyland Paris 2022 to learn and share the latest about Symfony while having fun at Disneyland Paris with us! The conference will be held at the newly redesigned Disney's Hotel New York - Art of Marvel!
Block Protocol is a new project that aims to build a block system for embedding interactive blocks in any web application. The goal is to create a more interoperable and open web where these blocks can be shared through a standardized protocol. The initial draft of the Block Protocol spec is being incubated by the team at HASH, an open source data, modeling, and simulation platform.
By the way we are currently moving a site from WordPress site to Drupal and will be using HASH’s Web Components block module along with Gutenberg blocks module for the content creation. There is more on this below.
These type of posts are a dime a dozen, but this is a comprehensive one.
Mert Simseck (great name) writes “I don’t know where to start but I was excited to write this post. I haven’t been developing applications with PHP and Symfony for a few years. Luckily I’ve built my latest API with Symfony 6 and PHP 8 and I feel like I’m back home.”
.com Software says “Today we’re going to write a Symfony validator using the Test-Driven-Development technique. As you may know, it requires writing the test first, only then the code itself.”
Mike Milano explores:
There will be more on PHP local development tools below.
Fabio Hiroki has another solid article for us. He says “in this article I'll show basic concepts for handling concurrent requests by building a banking web application. When coding there are some traps we need to pay attention specially because it's not a scenario easy to test.”
Smaine Milianni always has something useful to share. Here he asks “emojis are part of our way of communicating, what about adding them to your Symfony form when a user needs to select a country?”
Cool Zero parle the Power of the interface in Symfony. (en francais)
Lindevs shows us:
Cory Weinberg writes “although Drupal is not the most popular CMS, it is by far the best solution for non-standard and highly loaded services. Drupal is a free and open-source system that boasts high engine power, solid security, and reliability. Therefore, it is highly popular with many companies, regardless of the niche your business operates in.
With Drupal, you get the limitless possibilities of a framework and the convenience of a full-fledged CMS.”
Many of his points are why Symfony Station uses it.
PHP annotations will be replaced by attributes in upcoming versions according to Danial Sipos. “PHP 8 came with a lot of cool new features in the language. Among them, we finally have a native way of “annotating” classes, methods and all sorts of things. I used quotes because of the very ubiquitous Annotations library from Doctrine which we are using now to do similar things. PHP attributes are on their way to slowly replace those. I think. Don’t hold me to it though.”
Mathias Noback writes about technical writing in:
We published our second sponsored article on Symfony Station exploring how code-driven monitoring helps you deliver successful Symfony products. Like all our articles it is now available via audio.
All sponsored articles are for products we have vetted and stand behind. We either use them or would do so if they were applicable to the Symfony Station site.
Erik the Coder continues his look at modern PHP.
Ajay Kapoor notes “With PHP being the most widely used web programming language, it’s easy to forget that it will be twenty-eight years old in 2022. In the tech world, that’s an eternity, but in business, it’s barely any time at all. If you’re currently using PHP or considering using it in the future, you might be wondering what the top benefits of using this technology are.”
Andrea Pollastri shares his PHP development stack.
Speaking of tools, for local development I have long used Local for WordPress projects. I am moving our parent organization, Mobile Atom Code’s, site over to Drupal. I am using Lando to convert the backend and DDEV to build a new theme for the frontend.
This article shows you how to use DDEV with GitPod.
Vonage Dev writes “it may surprise some readers that asynchronous PHP is nothing new. PHP5.5 introduced generators way back in 2014 which set us on this path, and since then we have seen the creation of amphp, ReactPhp, and OpenSwoole.”
Will Earp has a two-part series for us on PHP minification.
I plan on testing his Torque WordPress plugin.
Ostell notes “when you think of command-line applications, PHP doesn't immediately come to mind. Yet the language powers many popular tools, either as independent programs or intended to be used within projects. Be it through its vast ecosystem of libraries and frameworks, its ability to interact with the host, or the versatility of its dependency manager, PHP features everything you need to build and ship powerful CLI applications.”
Doğukan Akkaya shares:
Anders Björkland continues his exploration of SilverStripe CMS.
Exakat notes “While doing a crowd review of naval battle code at @afup_rennes , it appeared that the ‘no array_merge() in loops’ rule was known but not clear. Indeed, why is it that this function in particular, should be avoided in loops. Hence, this article, with a journey to memory management, coding and classic PHP features. Here we go.
The Backend Developer says “today I want to write about new 2 features about array that are newly added in php 8.1. Array unpack method was added PHP in 7.4 version but we could only use it for integers. But now we can use it for all types of arrays. This is a good 8.1 development for us.
This one is self-explanatory.
Kateryna Shlyakhovetska writes “when you’re tired of endless code reviews and debugging, you may start wondering if there are ways to automate tedious tasks without it backfiring on you later in development. If this is something you or your team are interested in, you may want to take a closer look at server-side static analysis.”
Michael Cobb notes “API security cannot be overlooked. Learn how security testing can detect API vulnerabilities and weaknesses before attackers can take advantage of them.”
Aaron Francis writes “paginating records across large datasets in a web application seems like an easy problem that can actually be pretty tough to scale. The two main pagination strategies are offset/limit and cursors. We'll first take a look at the two methods and then a slight modification that can make offset/limit extremely performant.”
MySQL has multiple storage engines, and one of those is the blackhole engine. It acts as a "black hole" that accepts data but throws it away and does not store it*.*
GitHub has a new way to monetize your repositories.
A deeper integration between Microsoft Sentinel and GitHub is a win for application security, marking a major step toward helping companies address security challenges in the software supply chain, cybersecurity industry executives told VentureBeat.
Tanvir Safar says “Cloud computing and blockchain industries may very well have one property in common; both are growing rapidly while having the potential to revolutionize their respective fields. However, up until now, pioneers within the two industries have not yet found a common interest. That could soon change as projects have started embracing the idea of integrating the blockchain into the cloud computing sector, and we could soon see a future of endless possibilities.”
So what exactly is Web3, and why is everyone in Silicon Valley obsessed with it?
I don’t know myself, but the “art” perpetrated in NFTs is horseshit. And I grew up on a cattle farm so I know what I’m talking about. ;)
Have you published or seen something related to Symfony or PHP that we missed? If so, please get in touch.
That's it for this week. Thanks for making it to the end of another extended edition. I look forward to sharing next week's Symfony and PHP news with you on Friday.
Please share this post. :) Be sure to join our newsletter list at the bottom of our site’s pages. Joining gets you each week's communiqué in your inbox (a day early). And follow us on Twitter at @symfonfystation.
Do you own or work for an organization that would be interested in our promotion opportunities? If so, please contact us. We’re in our infancy so it’s extra economical. ;)
Happy Coding Symfonistas!