Welcome to this week's Symfony Station Communiqué. It's your weekly review of the most essential news in the Symfony and PHP development communities. Take your time and enjoy the items most valuable for you.
Thanks to Javier Eguiluz and Symfony for sharing our last communiqué in their Week of Symfony.
Please note that links will open in a new browser window. My opinions, if I present any, will be in bold.
As always, we will start with the official news from Symfony.
Highlight -> "This week, Symfony 4.4.37, 5.3.14, 5.4.3 and 6.0.3 maintenance versions were released. In addition, a potential security vulnerability related to CSRF tokens in forms was found and fixed in security releases for all maintained versions."
A Week of Symfony #787 (24-30 January 2022)
The team fixed a security issue. “The Symfony form component provides a CSRF protection mechanism by using a random token injected in the form and using the session to store and control the token submitted by the user. When using the FrameworkBundle, this protection can be enabled or disabled with the configuration. If the configuration is not specified, by default, the mechanism is enabled as long as the session is enabled.
In a recent change in the way the configuration is loaded, the default behavior has been dropped and, as a result, the CSRF protection is not enabled in form when not explicitly enabled, which makes the application sensible to CSRF attacks.”
CVE-2022-xxxx: CSRF token missing in forms
They also fixed an issue with Twig. "When in a sandbox mode, the
arrow parameter of the
sort filter must be a closure to avoid attackers being able to run arbitrary PHP functions."
Twig security release: disallow non closures in the sort filter
SymfonyCasts unveiled a Symfony 6 track with courses on Symfony 6, EasyAdmin, and Upgrading to Symfony 6. The Harmonious Development with Symfony 6 course is free!
Learn Symfony 6: Unlock new possibilities with PHP's most powerful framework
Via SensioLabs: at Symfony World Winter 2021, two experts from SensioLabs were speakers. Following this online conference where more than 1,000 people attended in two days, they shared with us their experience and talked about their topic. A glimpse behind the scenes of the SymfonyWorld!
Symfony World Winter 2021: the interview with two speakers from SensioLabs
Platform.sh consolidates its management team with appointment of Ori Pekelman and Fabien Potencier as CSO and CPO. Don’t worry, Fabien isn’t leaving Symfony.
Platform.sh consolidates its management team with appointment of Ori Pekelman and Fabien Potencier as CSO and CPO
Symfony is excited to announce the organization of the international Symfony conference as initially planned at Disneyland Paris from November 15 to 18, 2022 for a full week of Symfony. Join us at SymfonyCon Disneyland Paris 2022 to learn and share the latest about Symfony while having fun at Disneyland Paris with us! The conference will be held at the newly redesigned Disney's Hotel New York - Art of Marvel!
Excited to announce SymfonyCon Disneyland Paris 2022
Block Protocol is a new project that aims to build a block system for embedding interactive blocks in any web application. The goal is to create a more interoperable and open web where these blocks can be shared through a standardized protocol. The initial draft of the Block Protocol spec is being incubated by the team at HASH, an open source data, modeling, and simulation platform.
Making the web better. With blocks!
By the way we are currently moving a site from WordPress site to Drupal and will be using HASH’s Web Components block module along with Gutenberg blocks module for the content creation. There is more on this below.
These type of posts are a dime a dozen, but this is a comprehensive one.
Symfony vs Laravel: Choosing The Right PHP Framework
Mert Simseck (great name) writes “I don’t know where to start but I was excited to write this post. I haven’t been developing applications with PHP and Symfony for a few years. Luckily I’ve built my latest API with Symfony 6 and PHP 8 and I feel like I’m back home.”
Voila! Symfony and PHP 8.1
.com Software says “Today we’re going to write a Symfony validator using the Test-Driven-Development technique. As you may know, it requires writing the test first, only then the code itself.”
Designing a Symfony Validator - the TDD way
Mike Milano explores:
Symfony Development with Lando
There will be more on PHP local development tools below.
Fabio Hiroki has another solid article for us. He says “in this article I'll show basic concepts for handling concurrent requests by building a banking web application. When coding there are some traps we need to pay attention specially because it's not a scenario easy to test.”
Database concurrency as simple as possible
Smaine Milianni always has something useful to share. Here he asks “emojis are part of our way of communicating, what about adding them to your Symfony form when a user needs to select a country?”
Emoji flag in the Symfony CountryType
Cool Zero parle the Power of the interface in Symfony. (en francais)
Le pouvoir de l’interface
Lindevs shows us:
2 Methods to Clear Cache using Console Command in Symfony 6
Cory Weinberg writes “although Drupal is not the most popular CMS, it is by far the best solution for non-standard and highly loaded services. Drupal is a free and open-source system that boasts high engine power, solid security, and reliability. Therefore, it is highly popular with many companies, regardless of the niche your business operates in.
With Drupal, you get the limitless possibilities of a framework and the convenience of a full-fledged CMS.”
Drupal Website Development – Key Features & Specs
Many of his points are why Symfony Station uses it.
PHP annotations will be replaced by attributes in upcoming versions according to Danial Sipos. “PHP 8 came with a lot of cool new features in the language. Among them, we finally have a native way of “annotating” classes, methods and all sorts of things. I used quotes because of the very ubiquitous Annotations library from Doctrine which we are using now to do similar things. PHP attributes are on their way to slowly replace those. I think. Don’t hold me to it though.”
PHP 8 attributes: Drupal 9 plugin discovery proof of concept
Mathias Noback writes about technical writing in:
Millennials doing things everyone should know about
We published our second sponsored article on Symfony Station exploring how code-driven monitoring helps you deliver successful Symfony products. Like all our articles it is now available via audio.
How code-driven monitoring helps you deliver successful Symfony products
All sponsored articles are for products we have vetted and stand behind. We either use them or would do so if they were applicable to the Symfony Station site.
Erik the Coder continues his look at modern PHP.
PHP crash course : require, include, files manipulation and enumerations
Ajay Kapoor notes “With PHP being the most widely used web programming language, it’s easy to forget that it will be twenty-eight years old in 2022. In the tech world, that’s an eternity, but in business, it’s barely any time at all. If you’re currently using PHP or considering using it in the future, you might be wondering what the top benefits of using this technology are.”
Top Business Benefits of PHP for Web Development in 2022
Andrea Pollastri shares his PHP development stack.
PHP Developer Tools (2022)
Speaking of tools, for local development I have long used Local for WordPress projects. I am moving our parent organization, Mobile Atom Code’s, site over to Drupal. I am using Lando to convert the backend and DDEV to build a new theme for the frontend.
This article shows you how to use DDEV with GitPod.
DDEV and GitPod
Vonage Dev writes “it may surprise some readers that asynchronous PHP is nothing new. PHP5.5 introduced generators way back in 2014 which set us on this path, and since then we have seen the creation of amphp, ReactPhp, and OpenSwoole.”
Asynchronous PHP With Revoltphp & Vonage Voice API
Will Earp has a two-part series for us on PHP minification.
The State of Minification in PHP – How 1 Project Grew into 6
The State of Minification in PHP – How 1 Project Grew into 6 (Part 2)
I plan on testing his Torque WordPress plugin.
Ostell notes “when you think of command-line applications, PHP doesn't immediately come to mind. Yet the language powers many popular tools, either as independent programs or intended to be used within projects. Be it through its vast ecosystem of libraries and frameworks, its ability to interact with the host, or the versatility of its dependency manager, PHP features everything you need to build and ship powerful CLI applications.”
How to build and distribute beautiful command-line applications with PHP and Composer
Doğukan Akkaya shares:
How did we reduce Memcached memory usage in PHP
Anders Björkland continues his exploration of SilverStripe CMS.
Configure Email over SMTP with SilverStripe
Exakat notes “While doing a crowd review of naval battle code at @afup_rennes , it appeared that the ‘no array_merge() in loops’ rule was known but not clear. Indeed, why is it that this function in particular, should be avoided in loops. Hence, this article, with a journey to memory management, coding and classic PHP features. Here we go.
Speeding up array_merge()
The Backend Developer says “today I want to write about new 2 features about array that are newly added in php 8.1. Array unpack method was added PHP in 7.4 version but we could only use it for integers. But now we can use it for all types of arrays. This is a good 8.1 development for us.
Php 8.1-New Features | Array is a list? & Array Unpack
This one is self-explanatory.
PhpStorm 2021.3.2 is released
Kateryna Shlyakhovetska writes “when you’re tired of endless code reviews and debugging, you may start wondering if there are ways to automate tedious tasks without it backfiring on you later in development. If this is something you or your team are interested in, you may want to take a closer look at server-side static analysis.”
Cut Time on Code Reviews and Project Planning With Static Analysis
Michael Cobb notes “API security cannot be overlooked. Learn how security testing can detect API vulnerabilities and weaknesses before attackers can take advantage of them.”
Protect APIs against attacks with this security testing guide
Aaron Francis writes “paginating records across large datasets in a web application seems like an easy problem that can actually be pretty tough to scale. The two main pagination strategies are offset/limit and cursors. We'll first take a look at the two methods and then a slight modification that can make offset/limit extremely performant.”
Efficient Pagination Using Deferred Joins
MySQL has multiple storage engines, and one of those is the blackhole engine. It acts as a "black hole" that accepts data but throws it away and does not store it*.*
Safer Staging Environments with Blackhole Storage
GitHub has a new way to monetize your repositories.
GitHub launches Sponsors-only repositories to help foster engagement with project backers
A deeper integration between Microsoft Sentinel and GitHub is a win for application security, marking a major step toward helping companies address security challenges in the software supply chain, cybersecurity industry executives told VentureBeat.
Microsoft adds ‘critical’ feature for GitHub security
Tanvir Safar says “Cloud computing and blockchain industries may very well have one property in common; both are growing rapidly while having the potential to revolutionize their respective fields. However, up until now, pioneers within the two industries have not yet found a common interest. That could soon change as projects have started embracing the idea of integrating the blockchain into the cloud computing sector, and we could soon see a future of endless possibilities.”
Integration of the Blockchain is a Game Changer in the Cloud Computing Sector
So what exactly is Web3, and why is everyone in Silicon Valley obsessed with it?
Web3 is the future, or a scam, or both
I don’t know myself, but the “art” perpetrated in NFTs is horseshit. And I grew up on a cattle farm so I know what I’m talking about. ;)
Have you published or seen something related to Symfony or PHP that we missed? If so, please get in touch.
That's it for this week. Thanks for making it to the end of another extended edition. I look forward to sharing next week's Symfony and PHP news with you on Friday.
Please share this post. :) Be sure to join our newsletter list at the bottom of our site’s pages. Joining gets you each week's communiqué in your inbox (a day early). And follow us on Twitter at @symfonfystation.
Do you own or work for an organization that would be interested in our promotion opportunities? If so, please contact us. We’re in our infancy so it’s extra economical. ;)
Happy Coding Symfonistas!