Last (2) Month(s) in PHP
July & August 2016
Kansas City PHP User Group

Mentor with LaunchCode!
Thursday, September 8
Where: Sprint Accelerator - 6:00 PM - 8:30 PM
What: Give feedback on some beginner projects
from students who just finished CS50X.
Think: UX and Features, not Code Review
Email kathryn@launchcode.org if interested
Sign up as a mentor at:
https://www.eventbrite.com/e/launchcode-projec
t-review-feedback-tickets-27076050195
Saturday, September 10
Where: Sprint Accelerator - 10:00 AM - 5:00 PM
What: Technical mentoring while same students
implement final steps to their projects.
Email kathryn@launchcode.org if interested
Sign up as a mentor at:
https://www.eventbrite.com/e/launchcode-projec
t-lock-in-tickets-27077080276

PHP Patch Releases
PHP 7.0.10 - Upgrade!
● Security fixes
● See:
php.net/ChangeLog-7.php#7.0.1
0
PHP 5.6.25 - Upgrade!
● Security fixes
● See:
php.net/ChangeLog-5.php#5.6.2
5
PHP 5.5.38 - Upgrade!
● Security fixes
● Last Ever
● See:
php.net/ChangeLog-5.php#5.5.3
7

Security Bulletin...
ImageMagick
● Remote Code Execution
● Mitigation recommendation:
○ Sandbox ImageMagick
■ If you find a good way to do this, it might make a good KCPUG talk!
○ Update your policy.xml file.
■ See: imagetragick.com

Upcoming Features via PHP RFC
Add session_create_id() function
● Target: PHP 7.1
● Tl;dr: session_create_id(optional-prefix) will create a 128-bit
session ID. The optional prefix does not count against the 128-bits in the
session ID.
● See: wiki.php.net/rfc/session-create-id

Upcoming Features via PHP RFC
Session ID without hashing
● Target: PHP 7.1
● tl;dr: Instead of hash and RNG, php_random_bytes is used to generate
session ID; 2x speed increase.
● What do I change: php.ini
○ Add: session.sid_length=26
○ Change: session.hash_bits_per_character=5 →
session.sid_bits_per_character=5
● See: wiki.php.net/rfc/session-id-without-hashing

Upcoming Features via PHP RFC
Additional Context in pcntl_signal
● Target: PHP 7.1
● tl;dr: Adds a second parameter to
pcntl_signal’s callback that includes
$siginfo
● See:
wiki.php.net/rfc/additional-context-in-pcntl-
signal-handler

Upcoming Features via PHP RFC
Asynchronous Signal Handling (without
TICKs)
● Target: PHP 7.1
● tl;dr: Reduces overhead of async signals
by giving the option to not use ticks.
● Note: Appears to be default behavior in
PHP 7.1
● See: wiki.php.net/rfc/async_signals
Enable tickless via:
pctnl_async_signals(bool = true)

Upcoming Features via PHP RFC
Iterable
● Target: PHP 7.1
● tl;dr: Introduces new iterable pseudo-type that can stand in for both arrays
and objects implementing Traversable
● New function: is_iterable($thing) : bool
● See: wiki.php.net/rfc/iterable

Upcoming Features via PHP RFC
RNG fixes and changes
● Target: PHP 7.1
● tl;dr: fixes mt_rand(), aliases rand() to mt_rand(), fixes large ranges
for rand_range(), replaces insecure uses of php_rand() with
php_random_bytes(), improve array_rand()
● Note: bc breaks for srand() and mt_srand()
● See: wiki.php.net/rfc/rng_fixes
● See: 3v4l.org/hGHde

Upcoming Features via PHP RFC
Throw Error in Extensions
● Target: PHP 7.1
● tl;dr: Changes most conditions raising an E_*ERROR in extensions to throw
instance of Error instead.
● See: wiki.php.net/rfc/throw_error_in_extensions

Upcoming Features via PHP RFC
More precise float value handling in serialization
● Target: PHP 7.1
● tl;dr: increases serialization float precision from 14 decimal places to the
more-standard 17 decimal places
● What do I change: php.ini
○ Change: precision:14 → precision:-1
○ Change: serialize_precision:14 → serialize_precision:-1
● See: wiki.php.net/rfc/precise_float_value

Upcoming Features via PHP RFC
Add session_gc()
● Target: PHP 7.2
● tl;dr: Enable Garbage Collection for
sessions.
● See: wiki.php.net/rfc/session-gc

Upcoming Features via PHP RFC
Implement C function socket_getaddrinfo()
● Target: PHP 7.2
● tl;dr: complements the existing PHP
socket functions with getaddrinfo().
● See: wiki.php.net/rfc/socket_getaddrinfo
● See: man 3 getaddrinfo
Adds methods:
● Socket_addrinfo_lookup
○ returns: [$resource]
● Socket_addrinfo_connect
○ returns: $resource
● Socket_addrinfo_bind
○ returns: $resource
● socket_addrinfo_explain
○ returns: [$resource]

Upcoming Features via PHP RFC
E_WARNING for invalid container read
array-access
● Target: PHP 7.2
● tl;dr: Throw an E_WARNING when using
short-array syntax to access non-existent
locations in containers & non-containers;
currently returns a NULL
● See:
wiki.php.net/rfc/notice-for-non-valid-array-c
ontainer
Who knew this was seemingly valid?

CMSes: Drupal
Drupal 8.1.[7,8] & 7.5.0
● Drupal 8: Security & Patch Releases - Upgrade!
○ “httpoxy” injection via Guzzle
○ See: drupal.org/SA-CORE-2016-003
● Drupal 7: Maintenance Release
○ Adds support for full UTF-8 on MySQL when both site & db are configured to support it
○ Robots.txt now allows search engines access to CSS, JS, & image files

CMSes: WordPress
WordPress 4.6 - “Pepper”
● Feature Release
○ Editor improvements:
■ Content recovery: draft is saved to browser
■ Inline link checker (no more 404 when publishing a mal-formed URL
● See: wordpress.org/news/2016/08/pepper

Frameworks - CakePHP
CakePHP 3.3.[0,1,2,3] & 2.8.6
● 3.3.0 - minor release
○ See: bakery.cakephp.org/2016/08/12/cakephp_330_released.html
● Some bugfix and maintenance updates
● See:
○ bakery.cakephp.org/2016/09/02/cakephp_333_released.html
○ bakery.cakephp.org/2016/08/02/cakephp_286_released.html

Frameworks - Laravel
Laravel 5.2.[40,41,42,43,44,45], 5.3.[0,1,2,3,4,6]
● Laravel 5.3
○ Several cool new features and tools
■ See: laravel-news.com/2016/08/laravel-5-3-is-now-released/
○ See: github.com/laravel/framework/blob/5.3/CHANGELOG-5.3.md
● Laravel 5.2
○ See: github.com/laravel/framework/blob/5.3/CHANGELOG-5.2.md

Frameworks - Symfony
Symfony [3.1.3, 3.0.9, 2.8.9, 2.7.16]
● Maintenance Releases
○ See:
■ symfony.com/blog/symfony-2-7-16-released
■ symfony.com/blog/symfony-2-8-9-released
■ symfony.com/blog/symfony-3-0-9-released
■ symfony.com/blog/symfony-3-1-3-released
● SymfonyLive Chicago - Canceled :(
○ See:
symfony.com/blog/we-re-sorry-to-announce-the-cancellation-of-the-symfonylive-chicago-2016

Frameworks - Zend
ZF 1.12.19
● Security patch - Upgrade!
○ See: framework.zend.com/blog/2016-07-13-ZF-1.12.19-Released.html
● Probably the last ZF1 release
○ See: framework.zend.com/blog/2016-06-28-zf1-eol.html

PHP: The Right Way
● Updated URL for PHP Mentoring
○ Was phpmentoring.org; now
php-mentoring.org
● Deleted dead tools from Code Style Guide
● Added text and examples for phpcbf and
php-cs-fixer
○ phptherightway.com/#code_style_guide
● Corrected and improved wording in The
Basics
○ phptherightway.com/pages/The-Basics.ht
ml
● Updated ZF2 DB abstraction layer to
“Zend-db”
○ phptherightway.com/#databases_abstracti
on_layers
● Added two new PaaS Providers
○ phptherightway.com/#php_paas_providers
● Updated “jeckyll serve” command for
building PHPtRW locally
○ github.com/codeguy/php-the-right-way/blo
b/gh-pages/CONTRIBUTING.md
● Note: Every open-source project can use
your help with documentation. What are
you waiting for?

PHP Conferences
Midwest.io
● August 20-23 - Kansas City, MO
● See: midwest.io
Pacific Northwest PHP 2016
● Sept 15-17 - Seattle, WA
● See: pnwphp2016.dryfta.com
StrangeLoop
● Sept 15-17 - St. Louis, MO
● See: thestrangeloop.com
Bulgaria PHP 2016
● Oct 7-9 - Sofia, Bulgaria
● See: bgphp.org

PHP Conferences - Continued
True North PHP
● Nov 3-5 - Toronto, Canada
● truenorthphp.ca
PHP[WORLD] 2016
● Nov 14-18 - Washington, D.C.
● 10% KCPUG Discount: REDACTED
● world.phparch.com
ZendCon
● Nov 18-21 - Las Vegas, NV
● zendcon.com
SunshinePHP 2017
● Feb 2-4 - Miami, FL
● 2017.sunshinephp.com/
● Call for Papers due: Sept 30
○ See: cfp.sunshinephp.com/

Nomad PHP (Online) - September 22
Nomad PHP EU - 01:00 PM CDT
A Deepdive Into the .git Directory
● Joshua Thijssen (@jaytaph)
● nomadphp.com/4378-2
Nomad PHP US - 08:00 PM CDT
CommonMark: Markdown Done Right
● Colin O’Dell (@colinodell)
● nomadphp.com/commonmark-markdown-
done-right

Next Month in KCPHPUG
● Looking for Speakers!
● Nomad PHP edition?
● Hack Night?