With the recent announcement that PHP 6 development has been halted, I'm confused as to what the PHP 5.x and 6.x road map includes.
The current version of PHP is 5.3.2.
There were quite a few significant features to come in PHP 6.0, such as:
APC include for automatic bytecode caching
Unicode support
etc..
Question: What is the new road map of PHP given 6.0 has been canceled? What major features will be available next and in what release?
Features:
Unicode support;
APC opcode cache as standard;
Removal of several deprecated features (eg magic quotes, register globals, the ereg library and safe mode).
No firm date has been set. Anything you read is purely conjecture.
You may want to read Future of PHP 6. PHP6 has somewhat stalled, particularly on the Unicode issues. Just to set the level of your expectations, people have been discussing PHP6 since at least 2006.
Here's an article I read recently on the matter: Resetting PHP 6
It goes into some detail the cause of the delay.
Horizontal code reuse!
Actually, I'm surprised it's not mentioned yet, it's the biggest feature IMO.
Basically, it's a way to ease code reuse, by adding methods to classes without inheriting from another class. It's similar to multiple inheritance, but avoids the diamond problem.
Unicode branch is on hold for now. Nobody knows what happens with it yet, until there's a good plan how to proceed. The trunk branch - probably to be named 5.4 (or, less probably, 6) - is being actively developed, is to feature significant performance improvements, traits (already in) and some other goodies you can find on http://wiki.php.net/rfc/ or directly from the SVN NEWS file. It would probably be released reasonably soon, but no set dates yet.
P.S. "active development" also means "don't rely on anything you see there too much yet unless you are ready for big changes without notice". Consider yourself warned :)
The recent release of PHP 5.3 included most of what was originally desirable about PHP6. At last year's Zendcon there was a presentation titled "State of PHP 6", you can see the slides of this presentation here: http://zmievski.org/files/talks/zendcon-2009/php-code-ideas-people.pdf
Related
We have a requirement to allow users to customise the CSS for a PHP app. In general, only that user will be able to view the custom CSS, but there are cases when other users in their group could also view the CSS, hence the need to ensure that its sanitized.
I am aware that HTMLPurifier and CSSTidy can be used for PHP, but CSSTidy is extremely outdated, and apparently can't handle everything that we need to throw at it.
I havent found any other PHP libs that can do this.
One alternative that I am exploring is taking a ruby library (http://apidock.com/rails/HTML/WhiteListSanitizer/sanitize_css or https://github.com/courtenay/css_file_sanitize/blob/master/lib/css_sanitize.rb) and converting it into php.
Before I go down that route, are there any alternatives to the above? And are there any pitfalls that I should be aware of before using one of the Ruby libs?
Update:
After almost eight years later, I wanted to leave a second note
because my answer start getting downvotes.
I am not dealing with JS/CSS anymore as much as my early career years. I
did mostly focus on building backend services and tools recent years. So, my knowledge on this subject may be outdated, even if I tried to keep it sharp, which requires discipline and hard work.
Neverthless, nicer tools may exist today other than HtmlPrufier and/or TidyCSS. I am not saying those tools are bad. But community support and active maintenance is important. As a thumb of rule, I am staying away from dead or unmaintained dependencies in my applications.
If PHP is a MUST here to sanitize, I would look into Wikimedia's CSS sanitizer first if it works for me. More or less, it's doing the job. Persisting a minified version of given CSS in filesystem, updating as modified on application side also would be a secondary goal for me. A pre-generated version could make my life easier when sending to browser. Any tooling would work there, PHP may just fire a dedicated event for it. Creating sanitized version of CSS may also be a background process candidate rather than generating on demand. Maybe via available tools from other platforms beyond PHP. So there are a lot more options and possibilities out there nowadays.
Hope my explanations shed some light for people trying to achieve something similar.
Original answer was:
HTMLPurifier and CSSTidy are right tools. CSSTidy still maintaining by Cedric Morin and few other developers on Github. Also default CSS level of CSSTidy is CSS3.0 since April 2012.
You may use that.
Or is it just at a 'finished' state? I've used PHPDoc for many years on all my PHP projects, but I recently noticed that the last post on the PHPDoc website was from 2008. So I'm wondering if it's time to look into other alternatives like Doxygen. Are there any advantages to using something other than PHPDoc?
EDIT: Interesting post on Dev Zone today when Matthew announced the release of Zend Framework 1.11.5 he wrote:
"Mike van Riel offered to convert our API documentation generation to DocBlox. We'd already been considering it for ZF2, but on seeing the flexibility of the templating system, and, more importantly for us in terms of packaging, the speed and minimal resources it utilizes in generating the output, we were sold. (API documentation generation time was reduced from taking 80-100 minutes to less than 10.) You can view the results for yourself." http://devzone.zend.com/article/13643
This is why I'm concerned, if large projects like Zend Framework are dropping phpDoc, it seems to me the inactivity of phpDoc is not going unnoticed. 100 minutes down to 10..that's what I like to hear.
#gms8994 good call
*UPDATE: So turns out DocBlox is PHPDocumentor2 in disguise/re-branded. http://www.docblox-project.org/
Although I currently use doxygen, too, I have to post that PHPDocumentor is not dead. Instead the attempts made by the DocBlox project are joined to form the basis for PHPDocumentor2 which sports a brand new website. These days I'm not convinced it's production ready but it does already look really promising.
I have recently used Doxygen for generating documentation for PHP.This is open-source tool for documentation and support other languages too.I would say this is a good tool and it easily generate documentation as well as class diagrams and have lots of configurable features.It is available for Windows as well as UNIX/LINUX
Can Find the latest release and DOWNLOAD Here
Why fix something that isn't broken? PHPDoc works great, doesn't need anything else really. They're not trying to innovate, just to help create documentation. Which they did, very well.
I had several problems with phpDocumentor. One of them was the xml export. After a few attempts to fix the code I decided to look for an alternative.
What I found and liked was: Rarangi
https://bitbucket.org/laurentj/rarangi/wiki/Home
Rarangi is a generator of documents from php source code.
The interesting thing about it was that it saves the information in a mysql db and you can make your own custom reports.
phpDocumentor v3 (with proper PHP 7 support) is currently alpha, getting real close to a stable release. The problem is that they don't have a lot of people working on it, so development is slow.
I've tested the latest alpha on one of my Symfony projects and it does the job okay, although it's missing some features and has a couple of bugs. They were all reported, of course.
https://github.com/phpDocumentor/phpDocumentor/releases
Update: phpDocumentor v3 just went beta. Check releases.
Yesterday Facebook launched HipHop, a sourcecode-converter from php to c++. The set of php functions and constructions is more limited than in standard php.
Are the current popular php frameworks (ZF, CakePHP, symfony) compatible with HipHop? If not, which parts of these frameworks are not usable?
If I'm not mistaken, HipHop has not been released yet -- even the wiki page linked from the Facebook annoucement yesterday is not up yet.
So, it's going to be a bit hard to answer, right now.
I suppose it'll all depend on :
The features used by the Frameworks -- like already said here and there, stuff like eval is not supported by HipHop
The PHP extensions used by the Frameworks : only a couple of those have been ported by Facebook to HipHop.
Depending on the Frameworks and your specific needs, maybe/probably some subsets of the Frameworks you are using will be supported, even if not every available components... I suppose time will tell which ;-)
With at least ZF and Symfony being used for Enterprise level applications, chances are pretty good they will run with HipHop. If not now, then sooner or later. However, the question is not so much if they can run with these frameworks, but how your supporting IT architecture looks like.
HipHop is for scaling large multiserver high traffic sites like Facebook. In your regular web application, you will likely get no advantage out of it. Just continue to use memcache and APC.
See these related articles:
http://www.readwriteweb.com/archives/rasmus-lerdorf-php-hiphop-facebook.php
http://ilia.ws/archives/213-My-Thoughts-on-HipHop.html
http://terrychay.com/article/hiphop-for-faster-php.shtml
http://www.brandonsavage.net/hiphop-for-php-who-benefits-who-doesnt/
While I'm sure most of us are curious about what HipHop is going to be, I know it will not be a replacement for PHP - it's very much a niche product: unless you're running a large server farm then the performance benefits vs the maintenance costs just wouldn't justify it.
Perhaps it might be an interesting alternative to use encoded PHP for some people - but again this introduces even greater maintenance overheads. The only low-volume scenario where a compiled PHP would seem to make a lot of sense is for embedded devices (where the software exists to support the hardware and not vice versa) and for very high security installations (where its not a good idea to have a interpreter available).
It's far to early to be able to say what PHP software will work with it. However even once thats established, I'd want to see a solid commitment from any supplier that they were going to explicitly support HipHop in the future before I switched.
C.
I won't repeat what has already been said, I'll just add that as soon as HipHop is released you can count on the opensource community to submit patches for your favorite framework for increased compatibility with HipHop.
Also, one good way to test whether your favorite framework is compatible or not would be to launch the test suite using HPHPi (you then know where to concentrate your patching effort ;).
Searching for 'eval' gives a lot of false positives, as you get hits for the word "evaluate" in comments, or escapeValue if the search isn't case sensitive, etc.
If you search for 'eval(' in ZF 1.11 you'll find in once in Zend/Serializer/Adapter/PhpCode.php on line 59, in a method that unserializes stored PHP code. The method isn't a part of the MVC architecture, db component, and actually isn't used anywhere else in the framework (Zend_Serializer_Adapter_PhpCode isn't instantiated anywhere else in the code base).
So if eval breaks your ZF-Hip Hop app, don't use Zend_Serializer_Adapter_PhpCode, or eval in your consumer code.
Simple answer: I don't think it would.
Just saw this on hiphop page: https://github.com/facebook/hiphop-php/wiki/
"You keep coding in simpler PHP, then HipHop executes your source code in a semantically equivalent manner and sacrifices some rarely used features – such as eval() – in exchange for improved performance."
Did a search for 'eval' on ZF 1.9 and there are over 100 occurrences.
If I'm building a PHP system which I expect to port to many different servers, should I avoid relying on PHP 5 features such as exceptions and final methods? How widespread is PHP 5 by now? Should I be worried about compatibility and ditch exceptions and other features not available in PHP 4?
This depends on what type of servers that you expect to port to.
If you're looking at military contractors that are still using 486's because that's the last thing that was approved for shuttle missions, then, yes, you should use old software.
If you're considering hosted servers, the latest rev of whatever you're using will be available. If you are reselling a product to customers, you will be able to tell them what the system requirements are - OS, DB, scripting language and version, etc.
A lot of OSS fanboys will tell you two different arguments: avoid any proprietary extensions to anything because it harms portability, and 2) use the latest rev available. These are diametrically opposed points of view.
The reality is that in the web development world, I try not to let these types of debates keep me from developing using the best tools available. The one exception is browser compatibility, which is one thing that we don't have control over.
PHP4 is actually no longer supported. Only "old" distributions and installations will support it. All major Linux distributions only support PHP5 in their latest releases.
To still offer support for PHP4 would be a bad strategy for new applications.
It's definitely not a bad idea. PHP5 is much better than PHP4, it has better suport for OOP and references and it is available on the market for quite a long time. If you rely on PHP4 because of compatibility issues, then why not rely on PHP 1.0? ;)
BTW you can write portable code with version checks but in my opinion it is completely redundant at this time. PHP5 is a hard ground standard.
Should you ever run into somebody who wants the software to run on their PHP 4, the strongest argument is the support cycle. PHP4 is ten years old, and will not be supported very long any more (although I haven't been able to find out from the PHP web site how long exactly.)
The page at http://php.net/archive/2007.php clearly states that PHP 4 is no longer supported since august 2008. (Php 4 end of life announcement)
(look at the news published in 2008 to see the last maintenance release, published on august 7, 2008)
From the announcment in 2007, but certainly from the end of security support, I think new applications should no longer be developed for php 4, unless explicitly requested by the customer (allthough I would rather advice the customer to change his mind on that requirement). Keeping support for PHP 4 in older applications may be a bit different.
Has anybody forked PHP4 to continue support for this version?
EDIT: This isn't a question about migrating to PHP5.
As far as I know - no. PHP5 is pretty good with backwards compatibility and you should not run PHP4 on any publicly facing webserver if security is even a little bit important to you.
I would estimate that PHP5 is 99% backwards compatible. Here is a blog post with typical (small) issues you might run into, usually the way that functions behave in corner cases. Two other resources you might want to look at are Migrating from PHP 4 to PHP 5 in the PHP manual and the PHP5 Migration Appendix, particularly the backwards incompatible changes.
To sum it up: you will need to test in a detailed manner after migration. Most of the things will work, but some might fail in corner cases. Some things can be fixed by tweaking the php.ini, some need a few changes. In general, applications written for PHP4 are less secure than those written for PHP5, because some security features didn't exist or were not widely used. So something like mod_security or PHPIDS (or both) should also be considered.
There have been no known forks of PHP4 to continue its support.
PHP4's code is pretty large, and with all its extensions it would be a pretty large project to support as a legacy application.