PHP 7 Introduction

1. PHP 7 Introduction
Speaker: Vo Hoang Long - Web Developer <vlong@yahoo-corp.jp>
Company: Techbase VietNam

2. $agenda
 Brief of PHP 7
 New PHP Engine
 Benchmark speed PHP 7 vs PHP 5
 Some new things in PHP 7
 Setup environment to testing PHP 7
 Quick view about CVE-201504024

3. Brief of PHP 7
The current stable release uses the version number PHP 5.6.
After some dispute the development team decided they would
omit the PHP 6 name for the next major release. PHP 6 already
existed in the past as an experimental project but never reached
the production phase.
To prevent users from mixing up the former attempt with the
latest development, the new major release will run under the
name of PHP 7.
It released in 03 Dec 2015

4. The New Zend Engine
• The current PHP 5.X series use Zend Engine II that enhanced
the funtionality of the initial engine and adds an extensible
object model and a significant performance enhancement to
the language.
• PHP 7 receives a brand new version of the engine coming
under the code name of PHP#NG (Next Generation).

5. Benchmark PHP 7 vs PHP 5
• The development team of PHPNG refactored the Zend Engine,
remarkably optimized memory usage and added just-in-time
compilation (JIT) which allows compilation at run time rather
than prior to execution.
• The results? You can see the performance benchmarks
provided by the Zend Performance Team below. By using PHP
7 not only your code will be executed faster but you will also
need fewer servers to serve the same amount of users.

8. Code demo benchmark

9. Some new things in PHP 7

10. Uniform Variable Syntax
 Code demo
 Read more :
https://wiki.php.net/rfc/uniform_variable_syntax

11. Exceptions in the engine
 Code demo
 Read more :
https://wiki.php.net/rfc/engine_exceptions_for_php7

12. Combined Comparison
(Spaceship) Operator
 Code demo
 Read more :
https://wiki.php.net/rfc/combined-comparison-operator

13. Combined Comparison
(Spaceship) Operator
 Code demo
 Read more :
https://wiki.php.net/rfc/combined-comparison-operator

14. Null Coalesce Operator
 Code demo
 Read more :
https://wiki.php.net/rfc/isset_ternary

15. Null Coalesce Operator
 Code demo
 Read more :
https://wiki.php.net/rfc/isset_ternary

16. Group Use Declarations
 Code demo
 Read more :
https://wiki.php.net/rfc/group_use_declarations

17. Anonymous classes
 Code demo
 Read more :
http://php.net/manual/en/language.oop5.anonymous.php

18. Return Type Declarations
Code demo
 Read more :
https://wiki.php.net/rfc/return_types

19. Setup environment to testing
PHP 7
• Install Vagrant and Virtualbox
• Then:
$ git clone https://github.com/rlerdorf/php7dev.git
$ cd php7dev
$ vagrant up
... (takes a bit - it is downloading 1.5G)
$ vagrant ssh
• It will NAT, DHCP and also has a fixed address of 192.168.7.7
• http://192.168.7.7/ will show you the PHP 7 phpinfo() page
• View more : github.com/rlerdorf/php7dev

20. CVE-201504024
• Vulnerability CVE - 2015-4024 code is considered serious
when allowing an attacker perform denial-of-service attack (
DoS ) caused major losses to the server with a small code
snippet . If a system is equipped botnet using this strategy ,
the damage caused would be terrible .
• CVE - 2015-4024 was reported by a security researcher at
Baidu , China , based on logic bug in the HTTP header analysis
of PHP , which if created a special HTTP header section , you
can push CPU of the server is up 100 % makes all other
functions become paralyzed .

21. PHP version has error
PHP 5.6.(<9)
PHP 5.5.(<25)
5.4.(<41)
5.3.*
5.2.*

22. What is problem ?
Content-Disposition: form-data; name="file"; filename="test.txt”
Content-Type: application/octet-stream
Content-Disposition: form-data; name="file"; filename="s
a
a
a
a"
Content-Type: application/octet-stream
<?php phpinfo();?>

23. Demo attacking

24. Q&A

25. Thank you !