PHP UK Conference
19 Feb 2025 at The Brewery, 52 Chiswell Street, London, EC1Y 4SD

Talk comments

Tom Knox at 09:13 on 24 Feb 2025

Hand off for the prizes at the end was really lumpy and cumbersome, the panel was kind of repetitive and you wonder if it would've made more sense to allow time for that and less emphasis on rushing out for the social. Audience questions etc.

on Panel

Tom Knox at 09:11 on 24 Feb 2025

Mind boggling the potential that Kevin and the team have brought forward and he speaks with such well deserved enthusiasm about it

on Give your PHP apps superpowers with FrankenPHP

Tom Knox at 09:04 on 24 Feb 2025

Liam spoke really well, very conversational and had really good examples set up for what he was covering in such a short time

on Beyond Requests: Supercharging API Monitoring with Guzzle Middleware

Tom Knox at 09:03 on 24 Feb 2025

Awesome talk from a guy who's clearly spent a lot of time solving interesting problems

on Deploying at scale with a single click

Craig Francis at 23:54 on 21 Feb 2025

Slides at:

https://www.slideshare.net/slideshow/php-uk-2005-ending-injection-vulnerabilities/275820149

---

Matt, as to the Twig examples, they start on slide 55:

https://www.slideshare.net/slideshow/php-uk-2005-ending-injection-vulnerabilities/275820149#55

The first one is fairly boring (more of a developer not using Twig correctly), but the `<a href="{{ url }}">` example is fairly common when the URL is user controlled (e.g. a profile page, and they should set a link to their website, but instead a "javascript:" URL is provided)... and the `<img src={{ url }}>` shows an example where the attribute isn't quoted (so the default html encoding is not enough).

As to the static analysis examples, that's a good point, I'll try to provide some more next time, but if you want to see it in action, have a look at:

https://github.com/craigfrancis/php-is-literal-rfc/blob/main/examples/readme.md

on Ending Injection Vulnerabilities

Gary Fuller at 10:12 on 20 Feb 2025

I think this could have been improved with more audience participation from the floor, especially when discussing the teaching of PHP (which does occur on some degrees). That said, it was interesting to hear the viewpoints of experienced figures in the community and I like the idea of building evangelism for PHP through a community of writers/bloggers. I already read PHP Weekly and PHP architect, and often their stuff reminds me of the simple joys of building something for fun and/or curiosity.

on Panel

Gary Fuller at 10:08 on 20 Feb 2025

This talk made me realise how much better our APIs could be, having never come across OpenAPI before. I foresee a lot of work ahead, but the pay off will be worth it. I'm particularly keen to play with some of the tools that were suggested.

on OpenAPI for Web Developers

Gary Fuller at 10:02 on 20 Feb 2025

I could have watched this talk for hours. Some great examples of weird and wonderful edge cases that I'll be sharing with colleagues. My favourite was probably the effects of incrementing strings that appear to be denoting an exponential notation.

on Modernizing PHP one edge case at a time

Gary Fuller at 09:58 on 20 Feb 2025

A wealth of examples that really made me think about our use of dependencies. I'll be doing some research into wpackagist as a result, which we use for WordPress projects, to see if it follows the same model as packagist in storing metadata but not code.

on Composer Guide to Supply Chain Security

Gary Fuller at 09:56 on 20 Feb 2025

Incredibly well thought out analogies that made me realise I'm a terrible gardener and chef, but helped me to understand the beauty of Monionliths.

on Shrek, Onions and Architecture