Talk was given at WebConf Riga 2012. There was some trolling about Symfony 2 and ZF2 just for fun. I actually think these are great projects so sorry if it hury your feelings.
Go beyond the documentation and explore some of what's possible if you stretch symfony to its limits. We will look at a number of aspects of symfony 1.4 and Doctrine 1.2 and tease out some powerful functionality you may not have expected to find, but will doubtless be able to use. Topics covered will include routing, forms, the config cache and record listeners. If you're comfortable in symfony and wondering what's next, this session is for you.
AST - the only true tool for building JavaScriptIngvar Stepanyan
The document discusses working with code abstract syntax trees (ASTs). It provides examples of parsing code into ASTs using libraries like Esprima, querying ASTs using libraries like grasp-equery, constructing and transforming ASTs, and generating code from ASTs. It introduces aster, an AST-based code builder that allows defining reusable AST transformations as plugins and integrating AST-based builds into generic build systems like Grunt and Gulp. Aster aims to improve on file-based builders by working directly with ASTs in a streaming fashion.
Security Meetup 22 октября. «Реверс-инжиниринг в Enterprise». Алексей Секрето...Mail.ru Group
This document discusses exploiting PHP unserialization vulnerabilities. It begins by introducing the presenter and explaining what unserialization is and how it can be insecure if magic methods like __wakeup or __destruct are executed after unserialization. Potential vulnerabilities are demonstrated through examples. The document then discusses more complex chains that can be used to exploit unserialization, including examples from real-world projects like Kohana and exploiting serialized data stored in databases. It describes building a tool to automatically find chains in PHP code that could be exploited via unserialization and demonstrates its use on sample code. The document concludes by noting the challenges of automatically generating exploits due to the lack of static analysis in the tool.
PHP Object Injection Vulnerability in WordPress: an AnalysisPositive Hack Days
This document summarizes a presentation about remote code execution in WordPress. It discusses how PHP object injection can allow arbitrary code execution by abusing PHP's unserialize function. It explains how a vulnerability in WordPress' user meta data serialization could allow storing a serialized PHP object in the database that executes code upon unserialization. The presentation provides details on UTF-8 encoding issues in MySQL that can be leveraged as part of an exploit. It then demonstrates a proof-of-concept exploit that uses custom PHP classes to write a file upon page load via callback functions.
PHP unserialization vulnerabilities: What are we missing?Sam Thomas
Video at: https://www.youtube.com/watch?v=PqsudKzs79c
An introduction to PHP unserialization vulnerabilities, with some practical tips on methodology. Based around three new exploits for old vulnerabilities (CVE-2011-4962, CVE-2013-1453, CVE-2013-4338).
Rich Model And Layered Architecture in SF2 ApplicationKirill Chebunin
Presentation for Symfony Camp UA 2012.
* What are Rich Model, Service Layer & Layered Architecture
* Layered architecture in Sf2 Application
* Integration with 3rd party bundles
This document introduces Assetic, an asset management library for PHP. It allows developers to work with assets like CSS, JavaScript, images and more. Key features include:
- Asset collections to merge multiple assets into one file for fewer HTTP requests
- Filters to minify, compress, compile or otherwise process asset contents
- Caching of processed assets for improved performance
- Integration with Symfony and other frameworks
- Tools to deploy optimized static assets to servers or content delivery networks
“Writing code that lasts” … or writing code you won’t hate tomorrow. - PHP Yo...Rafael Dohms
The document provides advice and best practices for writing code that lasts over time. It discusses improving code through practices like making it more comprehensible, flexible, tested, and refactorable. Specific techniques mentioned include object calisthenics exercises like limiting indentation levels and instance variables, using first class collections, and avoiding getters/setters. The document emphasizes continuously improving code through practices like reading and sharing code with others.
This document introduces Scala ActiveRecord, an ORM library for Scala that aims to provide an ActiveRecord-like experience. It summarizes the motivations for creating Scala ActiveRecord, which were to have a more usable database library that supports type-safety, conventions over configuration, and avoids repetition. It describes key features of Scala ActiveRecord like validations, associations, and callbacks. It also provides examples of basic CRUD operations and queries using Scala ActiveRecord's interface.
This document provides an introduction and overview of using MongoDB and the Doctrine MongoDB ODM with code examples. It demonstrates basic MongoDB operations like saving, finding, and updating documents. It then shows how the Doctrine MongoDB ODM can be used to map documents to PHP objects to work with them in an object-oriented way, including associations, queries, and lifecycle callbacks. The presenter encourages interested developers to contact them about open positions at OpenSky.
The document discusses PHP traits and how they can be used to create reusable XML conversion functionality. A XmlConversion trait is defined that contains a toXml() method to convert a class to XML. This trait uses the abstract getXmlAttributes() method to retrieve attribute data. The trait is used in Person and Log classes, which both gain the toXml() conversion method. Objects of these classes can then be converted to XML.
This document discusses various techniques for debugging and customizing SOAP requests and responses using PHP's SOAP extension (ext/soap). It covers topics like:
- Debugging SOAP calls by enabling tracing and accessing request/response data
- Adding authentication headers to SOAP requests
- Overriding the endpoint location for individual calls
- Intercepting calls to modify requests or responses
- Mapping complex XML types to PHP classes
- Setting custom XML schema types
Reviews the basis of using JavaScript within WordPress. How to load in scripts correctly and move PHP data into JavaScripts for later use. Presented at WordCamp Las Vegas 2013
This document provides an introduction to jQuery, including:
- jQuery is a JavaScript library that simplifies HTML document interaction and event handling. It was created by John Resig in 2006.
- The current version is 1.3.2 and version 1.4 is coming soon. John Resig continues to develop jQuery in Boston.
- jQuery selects elements, changes their properties, handles events, and makes AJAX calls to simplify common JavaScript tasks. It works by selecting DOM elements and running functions on the selection.
This document provides an overview of JavaScript including its history, key features, and comparisons to other languages. It also discusses important JavaScript concepts like objects, functions, events, and libraries like jQuery. Key topics covered include the window, document, location, and history objects, arrays, cookies, closures, inheritance, callbacks, and popular JavaScript libraries and frameworks.
This document provides an overview of jQuery, a JavaScript library for DOM manipulation. It discusses jQuery's CSS selector syntax, methods for manipulating DOM elements and collections, event handling, AJAX support through methods like load() and get(), and how jQuery is extensible through plugins. The document also provides examples of DOM traversal, value retrieval, event binding, and chaining methods.
The document discusses abstract syntax trees (ASTs) and parsing of code. It provides examples of parsing JavaScript code into tokens and then building a syntax tree. It also discusses common JavaScript parsers like Esprima and Acorn, and AST specifications like ESTree. Homomorphic parsing is shown where code and AST are equivalent. Common uses of ASTs include transpilation, linting, minification, and code transformation.
WordPress allows plugins and themes to modify its core functionality through hooks called actions and filters. Actions allow plugins to specify functions that are executed at certain points, like before or after specific events. Filters allow functions to modify content, like text, before it is saved or output. The document discusses how a basic widget can be modified to use actions and filters to allow other code to add puppy images and warnings. This allows expanding the widget's capabilities without directly editing its code.
The document discusses conducting a PHP code audit. It outlines steps like interviewing developers, performing black box testing, and conducting an open code audit. When auditing code, the speaker searches for injections like SQL, PHP, and HTML injections. Variables used in includes are reviewed, as are comments, variables, functions, and conditions. Register_globals is identified as a risk that can be emulated. The report would provide an executive summary, problems summary, and details on vulnerabilities found. Community involvement and continuous auditing are recommended for security.
YiiConf 2012 - Alexander Makarov - Yii2, what's newAlexander Makarov
Yii 2 is a new major version of the Yii PHP framework that aims to improve on Yii 1.1. Key changes in Yii 2 include using namespaces, removing dependencies on certain classes, improving documentation, and restructuring some core components like the ActiveRecord and query objects. The Yii 2 team is working on finishing core functionality before releasing an alpha version publicly on GitHub. The presentation provides an overview of planned changes and improvements in Yii 2 compared to the previous version.
This presentation shall address the web2py web framework, my favorite way to develop web apps.
web2py is a free, open-source web framework for agile development of secure database-driven web applications; it is written in Python and programmable in Python. web2py is a full-stack framework, meaning that it contains all the components you need to build fully functional web applications.
Ease of use is the primary goal for web2py. For us, this means reducing the learning and deployment time. This is why web2py is a full-stack framework without dependencies. It requires no installation and has no configuration files. Everything works out of the box, including a web server, database and a web-based IDE that gives access to all the main features.
I will show you why web2py can make you more productive by bringing the result of a reflection over the best ideas of the most popular MVC based web frameworks enforcing the best practices for a fast, scalable and secure web application with minimal effort. There will be a live demo where you can get a faster grasp on how does it work and how fun it can be.
For more: www.web2py.com
The document discusses developing your own PHP framework and provides tips on when it makes sense. It summarizes common issues with existing frameworks like CakePHP and Zend Framework. It also outlines how to take a broader view when designing a framework, including using a model-view-controller push or pull approach and implementing hierarchical model-view-controller. The document provides examples of how to structure controllers for a master, group, and element to implement this pattern.
WebNet Conference 2012 - Designing complex applications using html5 and knock...Fabio Franzini
This document provides an overview of designing complex applications using HTML5 and KnockoutJS. It discusses HTML5 and why it is useful, introduces JavaScript and frameworks like KnockoutJS and SammyJS that help manage complexity. It also summarizes several JavaScript libraries and patterns including the module pattern, revealing module pattern, and MV* patterns. Specific libraries and frameworks discussed include RequireJS, AmplifyJS, UnderscoreJS, and LINQ.js. The document concludes with a brief mention of server-side tools like ScriptSharp.
Devconf 2011 - PHP - How Yii framework is developedAlexander Makarov
This document discusses the development of the Yii PHP framework. It was originally developed from Prado in 2004 and became Yii 1.0 in 2008. The framework uses an MVC architecture and takes inspiration from other frameworks like Rails and Symfony. It focuses on being easy to use, powerful, and flexible. The framework is developed as an open source project under the BSD license to encourage contributions from the community.
Redis is a NoSQL technology that rides a fine line between database and in-memory cache. Redis also offers "remote data structures", which gives it a significant advantage over other in-memory databases. This session will cover several PHP clients for Redis, and how to use them for caching, data modeling and generally improving application throughput.
How to measure and optimize performance of applications that use Zend Framework 1.x. A talk presented at the New York City Zend Framework Meetup (http://www.meetup.com/ZendFramework-NYCmetro/) on August 23, 2011.
Codemotion 2013 - Designing complex applications using html5 and knockoutjsFabio Franzini
The document discusses tools and frameworks for building complex applications using HTML5 and JavaScript. It begins with introductions and background on the speaker. The rest of the document outlines various topics: HTML5 and its benefits, JavaScript and patterns like modularity, client-side frameworks like KnockoutJS, server-side tools like TypeScript, packaging apps with Cordova or AppJS, and demonstrates some of the frameworks.
The document discusses building testable PHP applications. It covers topics like testing code, testable architecture, dependency injection, and static code analysis tools like PHP Code Sniffer, PHP Mess Detector, and PHP Copy Paster Detector. The document emphasizes that writing tests and designing for testability leads to fewer bugs and more maintainable code. It provides examples of unit testing and recommends test-driven development practices.
This document discusses using PHP for both web and desktop applications. It introduces PHP-GTK, which allows PHP to create graphical desktop applications with a native look and feel across platforms. It provides examples of creating windows, containers, working with signals and the main loop. The document also discusses installing PHP-GTK, some key considerations for desktop applications, and examples of creating widgets like trees and working with models.
This document provides an overview of object-oriented design principles and patterns as they relate to PHP programming. It discusses some key concepts:
1. It introduces some basic OOP concepts in PHP like creating objects, using references, and late binding.
2. It discusses design patterns that can be applied in PHP like the singleton pattern for creating a single instance of a class and working around the lack of static properties.
3. It covers why metaphors like "software as construction" that informed heavy methodologies don't apply as well to modern web application development with its changing requirements and constant release cycles. Lightweight agile processes are better suited.
Getting up & running with zend frameworkSaidur Rahman
This document provides an overview of getting started with the Zend Framework. It discusses what a framework is, why use the Zend Framework specifically, and its MVC architecture and components. It then covers setting up the development environment, creating a sample project with the Zend tool, and performing basic CRUD operations with a controller and model. Finally, it demonstrates connecting to a database and consuming web services like Flickr using Zend components.
This document provides an overview of getting started with the Zend Framework. It discusses what a framework is, why use the Zend Framework specifically, and its MVC architecture and components. It then covers setting up the development environment, creating a sample project with CRUD operations, and connecting to a database. Finally, it demonstrates using the Zend framework to access web services like Flickr and provides additional resources for learning more.
This document discusses decoupling a Drupal backend from a React frontend using JSONAPI. It provides an overview of the technology stack including Express, React, Redux and Drupal with JSONAPI. It discusses reasons for the decoupled approach including performance improvements. It also covers editorial workflows, structured vs unstructured content, and implementing a content preview feature between the decoupled systems.
The potential problem with caching in update_homepage is that deleting the cache key after updating the page could lead to a race condition or stampede.
Since the homepage is being hit 1000/sec, between the time the cache key is deleted and a new value is set, many requests could hit the database simultaneously to refetch the page, overwhelming it.
It would be better to set a new value for the cache key instead of deleting it, to avoid this potential issue.
How to organize the business layer in softwareArnaud LEMAIRE
The document discusses where to place business logic in an MVC application. It argues that the business layer should not be placed in the view or controller, as those deal with user interface concerns like HTTP requests. The model is also not a good fit, as it is often misunderstood and can become a bloated "God object" that violates principles like single responsibility.
Instead, it recommends creating separate classes for business logic following object-oriented principles like high cohesion and loose coupling. These could include value objects, entity objects, repositories, validation objects, view objects, policy objects, decorators, and service objects. It also discusses organizing these objects either by domain or type. Finally, it notes some pitfalls to avoid and
Using Play Framework 2 in production
- Play Framework 2 is a web framework for Scala that embraces HTTP and allows codebases to stay readable and DRY as they grow large.
- As a startup, Play Framework 2 and Scala can attract developers who want to learn and find better ways to develop for the web using a powerful yet stable language and bleeding edge yet stable framework.
- Some early mistakes included slow CSS compilation, not properly configuring for asynchronous code like Slick, and not managing JavaScript, but Play is forgiving and allows replacing pieces as needs become more advanced.
The Solar Framework for PHP 5 (2010 Confoo)Paul Jones
This presentation is a whirlwind tour of the Solar framework for PHP 5. After a short bit of background, the presentation will outline the major concepts in Solar: everything is a library, the unified constructor, unified configuration, inherited configuration and localization, unified factory and adapter systems, lazy-loading registry, and the dependency-injection system. Next is an overview of how the dynamic dispatch cycle works in Solar, and how it compares to other framework dispatch cycles. From there we will move on to the SQL system, including the MysqlReplicated adapter, and lead into the ORM system. The ORM overview will briefly cover models, collections, records, automated filters, automated form generation, and more. After discussing the authentication layer, CLI tooling, and command-line controllers, it will wrap up with a brief discussion of Solar project architecture, and a short note on Solar's performance in relation to other popular frameworks.
This document discusses JavaScript performance best practices. It covers loading and execution performance, DOM scripting performance, and patterns to minimize repaints and reflows. Some key points include batching DOM changes, event delegation to reduce event handlers, and taking elements out of the document flow during animations. References are provided to resources on JavaScript performance testing and design patterns.
This document provides an overview of using jQuery for user interface development. It discusses what jQuery is, provides a JavaScript 101 refresher, and covers key jQuery concepts like selecting elements, manipulating the DOM, attaching events, and making AJAX requests. The document outlines an example workshop agenda that demonstrates finding elements, modifying attributes and styles, binding events, and more through hands-on exercises using jQuery.
Similar to Yii, frameworks and where PHP is heading to (20)
1. Yii, frameworks and where PHP is
heading to
Alexander Makarov
Yii core team, Stay.com
2. Is PHP still there?
• Developers are migrating to
– Ruby
– Python
– Java
– C++
• Developers are migrating…
• Because… PHP sucks?!
3. Well, it sucks a bit. Not that much!
• Very good choice for web development.
• Will be there for a long time.
• Programming language is just a tool… one of
the tools.
• With a good framework bad parts aren’t that
visible.
4. PHP is good for business
• It’s web-focused.
• Lots of ready to use stuff.
• PHP makes everything easy.
• Easy to find and replace
developers.
• Less risky.
• Project costs less.
6. PHP itself is heading towards
simplicity and usability
• Password hashing API.
• Generators.
• More consistency.
• Built-in webserver.
• More performance.
• Better syntax.
• etc.
9. Good things first
• github = standard for hosting cool PHP stuff.
• PSR-0 = interoperable & faster class loading.
• At least some stable frameworks are there
and definitely ready for business: BC and
maintained.
14. “ZF2 is too "scientific". You can write a thesis
about ZF2 and its design. Don't get me wrong, I
love best practices, standards, design patterns
etc., but ZF2 devs dive too deep into "science".
Symfony2 is better but not enough.”
16. Why ZF2 is what it is
• Zend is the PHP company, they’ll have enough
customers no matter what they’ll release.
• Main customers are of enterprise type.
• Not really interested in 80% projects out
there.
• Consulting isn’t profitable if product isn’t
complex enough ;)
• Heading into J2EE direction they have a
chance to get former EE-companies on board.
18. What about Symfony2?
• Personally I think they’re trying to be “enterpise”
(=complex) as well.
• Sensio labs is a commercial company earning for
framework support and consulting.
• http://fabien.potencier.org/article/65/why-
symfony
• Good thing is that framework is a bit more
practical than ZF2.
• Still very complex.
19. What’s bad in these “enterprise”
things?
• Design-patterns oriented instead of practically
oriented. Emphasizing on patterns.
• Easier to unit-test, harder to develop and
learn.
• Almost impossible to delegate routine work to
less competent developers w/o spending lots
of time teaching them first.
• High risk for project owner.
20. That reminds me… Java past
• “Their main thesis to support that complexity
is… hold your breath… fasten your seatbelts: if
it were easier, more stupid people would be
using it!. Ta-da!!”
• “J2EE is no way simple. However the reality is
simple: for J2EE to survive - we have to make
it simple to build, deploy and manage”
21. Java is simpler now compared to what
it was
• Play
• Apache Wicket
• Even Spring is much more usable and simple
than what it was before
24. Enterprise isn’t only complexity
• Stable API.
• Well-tested code.
• Backwards-compatible regular releases.
• Guarantee that vendor will support product
for at least X years.
• Well-documented.
• Commercial support, trainings.
• And more…
26. Practical frameworks
• Development should be straightforward.
We’re not doing complex stuff for webapps
most of the time.
• Easy learning.
• Less magic.
• Less configuration.
• As simple API as possible.
27. If good parts of enterprise are still
there it’s perfect
31. Framework myths
• If framework reinvented the wheel, it's a bad
one.
• If there is DI container and design patterns all
over the place, it's a good one.
• If framework X implemented feature Y first,
it's better.
• Loosely coupled framework is always a good
choice.
• If there’s no feature X it’s a bad one.
32. What’s really important
• Easy to learn.
• Easy to debug and fix.
• Doesn’t mess with your code or any good third-
party code.
• Friendly active community.
• BC and stable.
• No roadblocks when trying to extend or
customize it.
• Feels good ;)
45. Flexibility should not mess with
simplicity
• As less abstraction as possible.
• It’s simple to make things complex. Making things
simple isn’t.
• Conventions.
• Hide complexity.
46. There’s not a single
setMyCoolFactoryDependencyInjection
Container()
in Yii
47. Docs are very important
— We’re documenting as soon as writing code.
— Definitive guide and blog tutorial translated
into 16 languages.
— phpdoc.
— Examples.
— Great books.
48. Yii can work with components from
Symfony 2 and ZF2.
That's what these are for, right? ;)
52. —PHP 5.3.8+ —Better structured
—Namespaced classes —Less entities
—PSR-0 —All the good things are
still there
v2
53. Yii2: base
— New aliases class MyComponent extends
@yii/base/Component yiibaseObject
{
— CComponent →
public $x;
Object + Component public function __construct($a, $b)
— SPL instead of custom {
collections //…
— Killed CFormModel. }
}
Model should be
used instead.
$component = MyComponent::newInstance(
— Better rules and array('x'=>10),
scenarios. 'a', 'b'
);
54. Yii2: View Object
—render(), widget(),
beginCache() →
viewObject
—View: $owner = class
that called render
—$this = View.
—No need for renderers.
—Can be used in console.
—CHtml is still there.
55. Yii2: events
$post->on('add', • No need to declare
function($event) { ... • jQuery-like syntax
}); • Behaviors instead of
filters
$post->trigger('add',
new Event($this));
$post->off('add',
$callback);
$handlers = $post-
>getEventHandlers('add'
);
57. Yii2: Even better ActiveRecord
$customer = Customer::find(2) – Finder / Model
->active() – Can create your own
->one(); finder
$customer->name = 'Qiang';
– ::model()
$customer->save();
– Autoquotes.
$customers = Customer::find() – Method chains.
->order('id') – Dirty attributes.
->asArray(true) – Less memory.
->all();
– Can get arrays from AR.
58. Yii2: AR
$postFinder = Post::find() – Criteria
->where(array( – You can merge finders
'active' => true
– You can add conditions
));
on the fly
if($isPrivate) {
$postFinder->addWhere(array(
'createdBy' => $userId,
));
}
$posts = $postFinder
->mergeWith($anotherFinder)
->all();
59. Yii2: AR
class Customer extends ActiveRecord {
– tableName(), const STATUS_ACTIVE = 1;
relations(), scopes() = public static function tableName() {
static. return 'tbl_customer';
}
– HAS_ONE,
public static function relations() {
HAS_MANY relations. return array(
'orders:Order[]' => array(
– link = FKs 'link' => array('customer_id'
=> 'id'),
– via = through ),
);
– Scopes via }
anonymous functions. public static function scopes() {
return array(
– "@." and "?" tokens. 'active' => function($q) {
Automatic alias. Own return $q-
>andWhere('@.`status` = ' . self::STATUS_ACTIVE);
table. Foreign table. },
);
}
}
60. Yii2: AR
$customers = $customers =
Customer::find()-> Customer::find()->active()
asArray()->all(); ->all();
foreach (Customer::find() $customers =
as $customer) Customer::find()
->where('name like :name',
$count = Customer::count() array(
->value(); ':name' => '%customer%'
))->order('id')->all();
61. TODO (if there will be enough time)
• HTTP (CURL) wrapper • jQueryUI-based widgets
• Package manager (not just jQueryUI
• Mailer widgets)
• Twitter Bootstrap • Commercial support
(most probably not by
• Debug toolbar Yii core team members)
• Console requirements
• More helpers
62. 1 or 2?
Work with the stable one. 1.1 will be
supported till December 31, 2015.
63. When?
Before we’ll push alpha • i18n
code to github repo we • Controller + webapp
need to finish at least → • A solid base for widgets
• URL manager
64. The end (really)
• Questions?
• Suggestions?
• sam@rmcreative.ru
• @sam_dark
• http://yiiframework.com/