Texy 3.1.6 introduces the {texy} tag for Latte 3 – three lines of configuration and you're writing directly in Texy syntax in your templates. Static content is translated at compile time, dynamic content at runtime. I'll also show a trick with a custom callback function and passing parameters.
For five years, I was afraid to take the plunge. A completely rewritten compiler, a custom PHP parser, an AST tree – not a single line of the original code remains. Latte now has the internals I've been dreaming about for eleven years.
For twenty years I dutifully wrote static on constant properties
and SCREAMED IN CAPS for constants, because “that's how it's done.” One
stopped making sense sometime around PHP 7.3, the other never made sense in PHP
at all. The bigger the nonsense, the deeper its roots.
For years I refused to write the question mark for nullable types, because redundancy physically hurts me. Then PHP 8.0 came along with promoted properties and consistency forced me to capitulate. A story about how your own principles catch up with you.
How to objectively compare framework documentation? I measured the documentation-to-code ratio for seven major players. The result is surprisingly even – and that's actually the most interesting takeaway. Nette is above average and is the only one with a complete Czech translation.
Shutdown in PHP has its own ritual, and destructors play a role in it that few
people understand correctly. Global objects are torn down in reverse order by a
clever algorithm, while the rest only get a courtesy __destruct
without actually being destroyed. And the best part saved for last: calling the
destructor is not guaranteed at all.
A custom error handler in PHP looks trivial until you break half the ecosystem. Just ignore a few rules about suppressed errors and return values, and you've got a trap in your code that nobody expects. Here's how to do it right.
The CSRF attack has been haunting us for twenty years, and frameworks address it in a way that essentially invites users to bypass the protection. SameSite cookies finally offer a systemic way out. I break down Lax, Strict, None, cookie stuffing, and why when it comes to the attack, the right answer is: run.
Whitelisting domains in CSP is a Sisyphean task that ends up so full of holes it loses all meaning – even Google has proven that. A solution called nonce and strict-dynamic exists, but you need to combine it correctly for older browsers. A specific guide for PHP and Nette, including dry-run testing.
Fifteen years, several versioning systems, several encodings, several of my life relationships – and Texy is still here. Version 3.0 brings PHP 7.1 goodies, but otherwise it's exactly the same. And one day it will insert a non-breaking space between your “in” and “peace.”
That's all. More articles are on the way.