PHP · Reads
A walkthrough of a developer's dotfile repository—shell aliases, functions, and CLI tools that enable rapid machine setup. Covers modern replacements for Unix utilities (eza, bat, ripgrep, fd, zoxide, delta) with transpa…
PHP · RFC Watch
An RFC is open for discussion and vote on the PHP internals list proposing a new Duration class. The proposal draws inspiration from Java, Rust and Temporal while defining requirements based on PHP-specific constraints a…
PHP · RFC Watch
The RFC proposes a compound assignment form of the pipe operator: $x |>= callable becomes shorthand for $x = $x |> callable. Chaining is supported. An implementation including tests has been submitted as a pull request a…
PHP · Reads
Jarred Sumner explains why the Bun team is moving parts of the runtime from Zig to Rust after repeated memory-safety problems in a codebase that combines garbage collection with manual memory management. The piece also d…
PHP · RFC Watch
Proposal to allow default values on readonly class properties, enabling strict contracts with constant-like behaviour that cannot change at runtime. The RFC introduces a minimal change to permit initialization of readonl…
PHP · Archive
Canonical Stack Overflow thread cataloging PHP operators and symbols: `$`, `->`, `=>`, `::`, `&`, `*`, `@`, and more. Essential reference for beginners decoding unfamiliar syntax and for experienced developers brushing u…
PHP · Reads
This article shows a real prompt-injection attack that extracts a Laravel AI support agent's system prompt and customer data. It then presents four practical defenses: hardened prompts, a local Ollama guard, tool-level a…
PHP · RFC Watch
An RFC proposes multiple deprecations targeting PHP 8.6. Discussion on the internals list focuses on the absence of impact analysis for existing code in many proposals. Contributors debate the need for systematic assessm…
PHP · Security
FrankenPHP 1.12.4 closes HTTP header spoofing via underscore collision, bundles Caddy 2.11.4 and Mercure 0.24.2 security patches, and fixes worker-mode crashes and data races. The CGI dash-to-underscore mapping allowed a…
PHP · Releases
Composer 2.10.2 delivers multiple security fixes: package name validation, protection against path traversal in bin paths, sanitization of credentials in verbose output, stricter redirect handling, and prevention of phar…