Why I Am Actively Going to Drop PHP 5.3 Compatibility

PHP Supported Versions

It’s simple and elegant, since PHP 5.4 introduced short array syntax:

$everySingleArrayInitializationFromNowOn = [];

Why this step? An alarming large amount of websites still runs on PHP 5.3, which does not get updated anymore since 2014/08/14, after one year of “security only” support. In other words, the next critical security hole will only be fixed for versions above 5.4. By the way, active development of the PHP 5.4 branch was discontinued on 2014/09/14. it’s already in the “security only” phase. On 2014/08/28, PHP 5.6 has been released, on 2013/06/20, almost 1.5 years ago, PHP 5.5.

So, by now, in the year 2014 everybody should work on PHP 5.5, right? That’s the theory, in practice it looks like this:
PHP versions statistics - October 2014 - Pascal MARTIN
Source: http://blog.pascal-martin.fr/post/php-versions-stats-2014-10-en

Almost half of the Alexa Top 1M Sites that run on PHP, state the version 5.3, ca. one quarter even 5.2, which is not supported since Jan. 2011. PHP 5.2.17 even is the most used patch version in this statistic.

There are probably many reasons:

  • “never touch a running system” mentality
  • Not or not sufficiently maintained servers
  • Incompatible frameworks and legacy applications

I want to go into some background briefly.

Continue reading “Why I Am Actively Going to Drop PHP 5.3 Compatibility”

Magento: How To use the Secure Base URL for Custom Controllers

This question came up on Magento.SE and more people should know, how dead simple it actually is.

If you look at core/Mage/Checkout/etc/config.xml you can see how Magento defines for the checkout to use the secure base URL, i.e. HTTPS:

<frontend>
    <secure_url>
        <checkout_onepage>/checkout/onepage</checkout_onepage>
        <checkout_multishipping>/checkout/multishipping</checkout_multishipping>
    </secure_url>
</frontend>

That’s all. You can configure your own controllers to use the secure URL in the same way and now Mage::getUrl() returns the secure URL for the configured routes and any unsecure request will be redirected.

Problem: Double Accents (“^^”) in Windows 7

Something you should know: If you are using Windows 7 and get double accents when typing, you might have a serious problem, because it seems like this is a side effect of any activated keyloggers. While it’s nice that these cannot be active entirely unnoticed, it is annoying if you use a program that you want to log your keyboard actions.

In my case, the text expander FastFox was acting as a desired keylogger to supply shortcuts while I typed.