Magento has just released the SUPEE-10415 security patch for the following versions:

• Magento Commerce 1.9.0.0-1.14.3.7 (formerly known as Enterprise Edition)
• Magento Open Source 1.5.0.0-1.9.3.7 (formerly known as Community Edition)

The patch contains fixed for several security vulnerabilities including cross-site request forgery (CSRF), Denial-of-Service (DoS), and authenticated Admin user remote code execution (RCE).

This weekend I released an open-source JSON5 parser for PHP!

JSON5 is a JS-compatible extension to JSON which allows comments, trailing commas, single-quoted strings, and more:

I recently came across this really helpful PHP trick:

You can cast a numeric string to either int or float, depending on its contents, by simply adding 0:

var_dump("1" + 0);
// int(1)

var_dump("1." + 0);
// float(1)

var_dump("1.0" + 0);
// float(1)

var_dump("1.5" + 0);
// float(1.5)

That's much cleaner than trying to make a conditional cast yourself:

Several months ago I blogged about compiling open-zwave for Home Assistant 0.45 on Docker. There were two reasons I did this:

PKCS#12 archives (commonly known as .pfx files) usually contain both a certificate and its private key, sometimes with password protection. In order to use these with a server like nginx or Apache, we need to extract these objects and convert them using openssl.

(The commands below assume your file is named certificate.pfx.)

I recently inherited a legacy PHP project built on a closed-source framework where all the core classes were encrypted with IonCube. Not knowing what classes and methods exist makes it extremely difficult to use that functionality. In order to make life easier, I set out to create a stubs.php file listing all of those "hidden" classes and methods.

This morning I came into work to find my Packagist download counter had rolled over: league/commonmark now has over 1,000,000 downloads!

To celebrate this milestone I thought I'd share the story of how this package came about, how it's grown, and how I couldn't have reached this milestone without the PHP community's help.

PHP 7.2 is slated for release in November 2017, but you don't have to wait until then to start testing your applications! We can easily use Docker to test against the latest pre-release versions of 7.2.

PHP 7.2 Pre-Release Images

PHP now has official pre-release Docker builds available. You should use those instead.

I recently needed the ability to perform a RIGHT JOIN in a Symfony project. While Doctrine's DBAL library seems to support this, the ORM's QueryBuilder does not. Unfortunately, the suggested workaround of inverting the query wouldn't work in my situation. I also didn't feel like rewriting the query into DQL, so I ultimately hacked in my own support by duplicating the LEFT JOIN functionality. I figured I'd share my patch in case it helps others facing a similar issue.