Matthew Ishii wrote:
Thank you all for your suggestions. Regarding using the controller
action to render my css, it dawned on me to create a similar, but
different solution. I figured why not create a class that writes a
dynamically generated file to the disk? That way, I can take
advantage of the config.ini and any other framework toys I need. I
thought I might include the class (its not rocket science, but I
thought if some of you thought this was useful enough, it might be
added to the framework as a tool):
class generateCSS
{
private function createCode()
{
$config = Zend_Registry::get('config');
$lgnbtn = $config->c_forms->site->input->submit;
$header = $config->c_general->site->headers;
$css = <<<END
body
{
margin: 0px;
padding: 0px;
}
.login_submit_button
{
margin: 0px 52px 0px 0px;
color: $header;
background: $lgnbtn; /* #6678C4; */
}
END;
return $css;
}
public function generateCSS()
{
if (!file_exists('includes/style.css'))
{
$css = $this->createCode();
exec("echo '$css' > includes/style.css");
exec("chmod 777 includes/style.css");
}
}
}
Don't use exec....
file_put_contents()
and
chmod()
should be sufficient.
Shelling out wastes time (albeit a minimal on-hit in this case) but in
this code here, some malicious content in $css could do very evil things....
If the user has control over the .ini file, they could inject some
single quotes into the values for $lgnbtn or $header and then
essentially run system commands... :s
If you do have to shell out, use escapeshellarg().
Also, as a general concept, your code sensible, but I would consider
looking at Zend_Cache here. In your example above, the CSS file will not
be regenerated when the .ini file changes, but with Zend_Cache you can
make the cache depend on the modification date of a file so that the
cache will be automatically invalidated when the .ini file changes. This
may be worth looking at :)
HTHs
Col
--
Colin Guthrie
gmane(at)colin.guthr.ie
http://colin.guthr.ie/
Day Job:
Tribalogic Limited [http://www.tribalogic.net/]
Open Source:
Mandriva Linux Contributor [http://www.mandriva.com/]
PulseAudio Hacker [http://www.pulseaudio.org/]
Trac Hacker [http://trac.edgewall.org/]
