Free The Cuban Five! 12. September 2013

Especially for our German speaking visitors: Unterstützen und Verbreiten –

And for our US-visitors: Miami, FL, Sept. 8 | Washington, DC, Sept. 12 (White House) | Washington, DC, Sep 13 (University of the District of Columbia Law School)

Posted in Linked, Pressed, Uncategorized | Tagged , | Leave a comment

Greeting, Greetings and the GreetingFactory

Just stumbled over: If you ask Is this correct object oriented programing in php? and then get an answer from Gordon, well, see for yourself. (via)

Posted in Linked, Pressed | Tagged , | 1 Comment

The Sky. The Universe. The Missing Unit Tests

Out there in the Universe. Now comparisons get Epic Pictures when it comes to WordPress and Unit Tests: Beta Sagittae. via The Loop.

Reminded me of Development By The Numbers – Slides (May 2013; by ircmaxell) having also nice comparisons for numbers.

Posted in Code Smells, Hacking The Core, Linked, PHP Code Smells, Pressed | Tagged , , , , , | Leave a comment

Your Guide to Composer in WordPress

Your Guide to Composer in WordPress and there is WordPress Packagist. I only knew about Composer Installers (incl. WordPress ones) so far.

Aside | Posted on by | Tagged , , | Leave a comment

The Negative Influence of WordPress on PHP

The current The TIOBE Programming Community Index for July 2013 shows an increase for PHP, gaining grounds fast and as an ongoing trend over the last year:

If compared to January 2013, PHP is the fastest climber with an increase of +1.64% […]. The major driver behind PHP’s popularity seems to be the new PHP Zend Framework that was released in September 2012.

It clearly shows the stamina and power PHP as a programming language has, with the two recent milestones of the two popular PHP 5.4 and 5.5 releases. Those new releases are a key driver for next generation frameworks like the bespoken Zend Framework 2.

PHP is strong standing against negative influences popular but legacy PHP applications put onto it, namely and most foremost the most popular of all these: WordPress. WordPress is continuously bringing down PHP since years as Google Trends shows:

As this Google Trends graph revals, WordPress popularity is constantly hurting PHP

As this Google Trends graph revals, WordPress popularity is constantly hurting PHP

So how long can PHP resist against this bad influence? What will happen when those two lines cross? Will the world as we know it fall apart?

You probably have come to the conclusion that comparing two independent statistics allows you to draw all kind of crazy assumptions – so do I. What has been outlined above is pure irony as you might have already noticed (but it’s said that irony does not work well in the internet, so you probably didn’t even notice).

Manuel Lemos (Google Profile) from yesterday was spreading his opinion that WordPress has made PHP popular – not PHP and not any PHP Frameworks.

Well, make your own mind, what I just wanted to show is that running wild assumptions normally does work even badlier than irony in the internets. And comparing two totally unrelated statistics (“small lies, big lies, …”) shows more about your own opinion than anything else.

My 2 cents.

Posted in Hakre's Tips, Linked, Pressed, Surviving the Internet | Tagged , , , , , | 2 Comments

Atomic deploys at Etsy

Link | Posted on by | Tagged , , | Leave a comment

Mitigating XPath Injection Attacks in PHP

PHP has two libxml based extensions that allow to execute XPath 1.0 expressions: DOM (by the DOMXPath class) and SimpleXML (with its xpath() method).

Both extensions are prone to XPath Injection Attacks, a common attack form. Albeit all this, and information about the topic is available, it seems that concrete PHP code to deal with these is harder to find. Continue reading

Posted in Hakre's Tips, PHP Development, Pressed, Surviving the Internet | Tagged , , , , , , , | 1 Comment

SimpleXML and JSON Encode in PHP – Part III and End

The previous two parts (Part I; Part II) did outline PHP’s standard behaviour when JSON encoding a SimpleXMLElement with json_encode().

As outlined this does not always fits the encoding needs and for some potential problems some workarounds have been showed. However those worked by affecting the XML document instead of affecting the JSON serialization.

By default what json_encode() contains as data and structure is exactly following the rules of casting a SimpleXMLElement to an array. This is because internally (see lxr json.c) json_encode() does this cast and then builds the JSON object output based on that structure.

Luckily since PHP 5.4 the JsonSerializable interface allows to interfere exactly at that point. Instead of the standard array cast, a more tailored array or object – even a string or number – can be returned. Just anything which json_encode() would normally accept. This allows to create an own JSON encoding easily by extending from SimpleXMLElement and implementing the interface as I will show now. Continue reading

Posted in Developing, PHP Development, PHP Development, Pressed, Tools | Tagged , , , , , | 1 Comment

SimpleXML and JSON Encode in PHP – Part II

In the previous post (Part I) I was giving a little overview for common woes turning a SimpleXMLElement into JSON when XML structural information is available that JSON is not capable to encode easily. The explanations given there were intended to users new to the matter and to understand the general dilemma that kind of encoding/serialization is dealing with.

In this part I will point onto some more detailed issues and show straight-forward ways how to deal with them specific to encoding a SimpleXMLElement object as JSON.

As it might be known, SimpleXML is simple and like PHP which wants to do things the simple way, it turns out that within the details, these simple things are extremely differentiated and complicated. In short: Next to dealing with what JSON can’t deal with of XML from the last part, in this part I’m more concerned about what SimpleXMLElement can’t deal with of XML. Continue reading

Posted in Developing, PHP Development, PHP Development, Pressed, Tools | Tagged , , , , , | 2 Comments

SimpleXML and JSON Encode in PHP – Part I

With SimpleXMLElement it is often easy and looks like a very quick way to turn some XML into JSON. But not everything in PHP that has an easy interface works out of the box. In this three part series I’ll cover the basics of using the json_encode() function on a SimpleXMLElement, will make problematic areas visible and explain them by their limitations in JSON and Simplexml and will show how it is possible to deal with them and showing how alternative JSON encoding can be easily done even with advanced options. Continue reading

Posted in Developing, PHP Development, PHP Development, Pressed, Tools | Tagged , , , , , | Leave a comment

PHP: XPath on HTML and XHTML

Christan Weiske has published a nice summarizing article with the same title. It contains some detailed information I haven’t found so far on the web so worth the link: PHP: XPath on HTML and XHTML.

It also reminds me of some of the inaccuracies I still have in my earlier post on converting CSS Selectors to XPath, namely that casing is dependent to whether you use HTML or XML with DOMDocument in PHP. And also Weiske focuses on namespaces and suggests to use the self::-Axis instead of local-name() for matching the element(s) which I have not considered so far in the expressions.

Posted in Developing, Hakre's Tips, PHP Development, Pressed | Tagged , , , , | Leave a comment

PHP on Google App Engine – Quick First Review


This is fresh out of the news (Ars; Wired; WHIR; VB), and what Google wants to offer looks like a very cool package. So if you hadn’t had the time to view the video, here is a quick summary and some first comments. Please mind that this is really fresh.

It’s basically PHP 5.4 in a “hardened edition”[1]. I think starting with PHP 5.4 on going live is a great achievement here, so this gets my PHP Applicatoratores Badge.

Also the extensions offered so far give a nice outlook, e.g. you find ZLlib and GD in there for example so you don’t hit a show stopper that fast. I name those two specifically because they became a burden with the CV-Backlog example application installment on Heroku.

However, this selection of extensions has somewhat to be improved. Default PHP extensions like iconv which actually need to be active to have other extensions properly work are not yet part of the Google PHP Runtime. To give a practical example with this iconv one, as it has got the DOM extensions activated but not the iconv extension, there is not much to deal with character encodings for our beloved DOMDocument:

$doc = new DOMDocument();
$doc->loadXML('<?xml version="1.0" encoding="Windows-1252"?><root />');
$doc->documentElement->appendChild($doc->createElement('füürüü', 'ärööö'));
echo $doc->saveXML();

This little example leaves you with a recoding related error, and no, users don’t love these (and sadly many PHP developers won’t even understand it either):

DOMDocument::saveXML(): output conversion failed due to conv error, bytes 0xFC 0xFC 0x72 0xFC
<?xml version="1.0" encoding="Windows-1252"?>

So this needs feedback from the community I think to get the rough edges out. That one here is to make the faux-pas to not deliver PHP with iconv. But I think by the spirit of the video, these things are expected to be cleaned out after they get reported to the PHP Runtime Team @ Google (Ref: Issue 9340: ICONV PHP extension support).

For your encryption needs, this is not that harsh, even mcrypt is missing openssl is available.

However extension are not everything (and obviously something more easily to fix I assume) and these other parts are quite well solved for the PHP worlds in PHP Runtime for Google App Engine. I would say this is where it actually already shines with the now available preview.

That is: The mysql libraries work out of the box with Google CloudSQL, a Mysql 5.5 compliant managed database server on the App Engine cloud.

/* FIXME this needs a PDO example */
$connection = mysql_connect(
    $host = ":/cloudsql/project_name:instance_name", $username, $password

So this is quasi with zero code-changes to get an existing application run that uses any of the three Mysql client libraries (mysql_*, mysqli_*, PDO).

Similarly easy have been the problems of file storage solved. Like with other cloud-appserver-platforms, in Google App Engine you can’t change application files (and yes, your live-application deployment should not even expect to do so [yes I look at you WordPress]). However you need a place to store files to, for example for file-uploads. Google offers here something named Google Cloud Storage and it’s easily integrate with PHP via stream-wrappers. This equally should allow to port a PHP app with none or very little code-changes and especially with easy to be done changes:

$text = file_get_contents("gs://my_bucket/shakespeare.txt");

So this is really nifty, because this comes out of the box. And btw, both these features work with the development server for App Engine, so you can develop and test your apps.

Another goodie App Engine comes with is Memcached (The video has a WordPress demo that runs Batcache and this worked out of the box for example, WordPressians know what this means). And there’s Task Queue, a goodie (and fully integrated for PHP tasks now) that allows you to schedule long-taking actions inside App Engine. And there are more services in App Engine.


This Post is just a little summary of the video and some little tests I could run so far, so really a quick review. I think the package Google offers here is heading right into the right direction for todays PHP developers that are looking for a cloud platform serving PHP needs. It’s good to see more alternatives here and if you’re interested for more starting from 27:30 Jason Cartwright shows step-by-step what they did to put a Drupal based real-life site on it, which I think should show pretty well about the pros/cons such a deployment has but also how it’s done.

Compared with Heroku for PHP, I’d say Google stands out because they really put some love into getting PHP as runtime there – for the out-of-the-box experience. So I can only give the best wishes for their launch with this quick review and hope for a good working together with the PHP community. Compared with Heroku again this is necessary because different to Heroku where you can actually compile what you need, this is not possible with Google App Engine. You’re bound to the Runtime they “allow you to use”. As you know, Vendor Lock-In can have multiple Angles, so take care for directions you want to head to and try before you buy.

I will for sure give this a test-drive and let you know how it worked out. Maybe the CV-Backlog sample application with memcached temp-storage?


Jetbrains also fired-up some support for it close to the launch, a plugin for Phpstorm:

[1] Google did not specify what “hardened” actually means, I would say this translates well that the codebase has been slightly changed in a willing to improve it so you *might* find some differences in behaviour at some edges, but I have no further information about this so far.

Update: There is a list of disabled PHP functions and the /e modifer (eval) from preg_replace has been removed.

Posted in Features, Hakre's Tips, PHP Development, Pressed, Reports, Tools | Tagged , , , , , , , , , , , | 7 Comments

Event-driven PHP – Igor Wiedler

Nice talk by Igor at TakeOff 2013: Event-driven PHP – Igor Wiedler.

Posted in Linked, PHP Development, PHP Frameworks, Pressed, Tools, Video | Tagged , , | Leave a comment

The Greatest PHP Value

Just two days ago I asked a PHP-quiz-question in the chatroom on Stackoverflow, something along the lines:

PHP: Which one is greatest?

PHP has a comparison operator to compare if one value is greater than the other (>). Which one of the three values INF, array() and (object) array() is the greatest?

  1. Infinity – INF
  2. Array – array()
  3. Object – (object) array()
  4. undefined

and it really is a PHP Quiz. The undefined means that you can not find out if a single one is the largest. If you want to guess your own, you should not read further yet.

Even the Array is greater than Infinity in PHP, the Array is less than an Object. Now you could say that Object then must be the greatest, however the Object is less than Infinity.

So between these three values you can not formulate any expression in PHP that describes the greatest one therefore the answer is undefined.

$inf    = INF;
$array  = array();
$object = (object) $array;

var_dump($object > $array  and $object > $inf  ); # bool(false)
var_dump($array  > $object and $array  > $inf  ); # bool(false)
var_dump($inf    > $object and $inf    > $array); # bool(false)

So maybe some of them is equal to another? No not as well ;).

So what are the practical implications of this? A simple example that is impacted by that is the sort() function. When a sorting behavior that does not do any type-conversion is used (default), then the result is based on the order in the array and not on the values. That might be unexpected.

As always when I’m puzzled with PHP I write a more or less well formulated question on Stackoverflow about it and ping NikiC. Because he not only answers the question but also makes me learn a lot of new terms and is so firm with PHP internals. See for yourself: PHP Type-Juggling and (strict) Greater/Lesser Than Comparisons which has got quite some traction already.


And if you’re using an older PHP version, the answer might not be undefined. Until PHP 5.1.6 Objects were greater than Infinity like Arrays are but less than Arrays allowing a clear winner: Array is greatest! 🙂

Read On: Comparison operators – PHP Sadness #52 – Very detailed and impressive description and visualization of comparison in PHP.

Posted in Developing, PHP Development, Pressed, The Know Your Language Department | Tagged , , , , , | Leave a comment

The Annotated XML Specification

The Annotated XML Specification (by Tim Bray; 1998)

Aside | Posted on by | Tagged , , | Leave a comment

Late Static Bindings in PHP Callbacks

No idea if this is ever useful, but just found this not documented in the PHP manual so far (and the Callbacks entry looks already chaotic so I don’t edit it right now):

You can write callbacks of static class methods as a string in the form of "classname::methodname". This should be commonly known, an example of that is:


echo Module::work('hello world'), "\n";              # HELLO WORLD
echo call_user_func('Module::work', 'hello world');  # HELLO WORLD

abstract class Module
    public static function work($it) {
        return strtoupper($it);

What I stumbled over and which I didn’t know is that since PHP 5.3 it is also possible to reference the current class with three additional strings for the classname placeholder above:

  1. "self::methodname" – use the current class.
  2. "parent::methodname" – use the parent class.
  3. "static::methodname" – use the class that was initially called at runtime.

Here an example that uses a callback function inside the module class to do some string replacements with the "static" string:


echo Module::work('hello world.'), "\n";  # [[[hello]]] [[[world]]].
echo MyModule::work('hello world.');      # {{{hello}}} {{{world}}}.

abstract class Module
    public static function work($it) {
		return preg_replace_callback('~\w+~', 'static::replace', $it);

    protected static function replace($matches) {
        return sprintf('[[[%s]]]', $matches[0]);

abstract class MyModule extends Module
    protected static function replace($matches) {
        return sprintf('{{{%s}}}', $matches[0]);


Sidenote: The array callback notation works for that as well:

    preg_replace_callback('~\w+~', array('static', 'replace'), $it);

This came a bit unexpected to me because in another feature introduced in PHP 5.3: A call of static class methods with a variable for the classname PHP:


echo Module::work('hello world'), "\n";  # HELLO WORLD

abstract class Module
    public static function work($it) {
        $module = 'Module';
        return $module::strtoupper($it);

    private static function strtoupper($it) {
		return strtoupper($it);


Unexpected because it does not allow to use the strings "self", "parent" or "static" inside that variable:


echo Module::work('hello world'), "\n";  # Fatal error: Class 'self' not found

abstract class Module
    public static function work($it) {
        $module = 'self';
        return $module::strtoupper($it);

    private static function strtoupper($it) {
		return strtoupper($it);


Last but not least, there is this very special callback, I don’t have any name for. What it does is working exactly like the "self::methodname" callback:

    preg_replace_callback('~\w+~', array('self',   'self::replace'),   $it);
                                         // like self -

    preg_replace_callback('~\w+~', array('static', 'static::replace'), $it);
                                       // like static -

    preg_replace_callback('~\w+~', array('static', 'self::replace'),   $it);
                                       // like static -

    preg_replace_callback('~\w+~', array('self',   'static::replace'), $it);
    // like "final" (invalid callback in LSB context) -

So much for the magic static and self-self life in callbacks and class method calls. PHP is not well known for language consistency and I put that one as well into the book. One should not exploit this static feature anyway and a module class should be abstract final probably but sadly, PHP does not know that.

This post is just another write-up for the know-your-language department and not a recommendation at all.

Edit: Parts of my first conclusion on self-self were wrong, it does not do any LSB, what I thought was LSB was in the first static::replace example was wrong. I also made that example more distinct.

Posted in PHP Development, Pressed, The Know Your Language Department | Tagged , , , , , , , , , , , | 1 Comment

SymfonyLive San Francisco 2012 – David Zuelke – Designing HTTP Interfaces and RESTful Web Services

Link | Posted on by | Tagged , , | Leave a comment

Dive Into HTML5 (by Mark Pilgrim with contributions from others)

Link | Posted on by | Tagged , | Leave a comment

New Year – New Attacks on your Freedoms

This year is business as usual, join the protests on February 23. #idp13

Posted in Pressed | Tagged , , , , , , , , , | Leave a comment

Strange Icons

The Noun Project

Read On: Visualizing Change: An Interview with The Noun Project (16 Jul 2012; by Valerie Casey)

Link | Posted on by | Tagged , , | Leave a comment