Re: [fw-general] Zend_Filter_StripTags strips attributes even when told not to
Thanks for the reply Matthew.
I'm using 1.84
Still not working. After executing the code below (see form and controller
code) and putting this into the textarea:
p
This is a onClick=foo.bar() href=http://foo.com/;
title=Foo!linked text/a.
/p
The following is entered into the MySql DB:
[image:
Edit]http://localhost/phpmyadmin/tbl_change.php?db=jasondeb_jdnet_Zendtable=messagesprimary_key=+%60messages%60.%60id%60+%3D+49sql_query=SELECT+%2A+FROM+%60messages%60goto=sql.phptoken=e863630c23d959b05950ce1d215c6df5
[image:
Delete]http://localhost/phpmyadmin/sql.php?db=jasondeb_jdnet_Zendtable=messagessql_query=DELETE+FROM+%60jasondeb_jdnet_Zend%60.%60messages%60+WHERE+%60messages%60.%60id%60+%3D+49+LIMIT+1zero_rows=The+row+has+been+deletedgoto=sql.php%3Fdb%3Djasondeb_jdnet_Zend%26table%3Dmessages%26sql_query%3DSELECT%2B%252A%2BFROM%2B%2560messages%2560%26zero_rows%3DThe%2Brow%2Bhas%2Bbeen%2Bdeleted%26goto%3Dtbl_structure.php%26token%3De863630c23d959b05950ce1d215c6df5token=e863630c23d959b05950ce1d215c6df5
49 2009-07-15 07:54:32 1 This is alinked text/a.
Everything but the a tag is stripped as expected, but the href is still
being stripped. Could it have something to do with the Zend_Db_Table's
insert method?
FORM:
?php
class Form_NewMessage extends Form_Default {
public function init() {
$this-setMethod('post');
$this-setAttrib('id', 'new_message');
$this-setDescription(What are you doing? What's new?);
$textarea = new Zend_Form_Element_Textarea('message', array(
'id' = 'message',
'filters' = array(
array('StripTags', array(array('a'), array('href',
'title'))),
'StringTrim',
),
'validators' = array(),
'rows' = 2,
'cols' = 40,
));
$this-addElement($textarea);
$this-addElement('Submit', 'submit', array(
'Decorators' = array('ViewHelper'),
'class' = 'submit',
'Label' = 'Post Your Message!',
'Ignore' = true,
));
$this-setDecorators(array(
'Description',
'FormElements',
'Fieldset',
'Form'
));
}
}
CONTROLLER (postnewAction is the relevant piece):
public function indexAction() {
$this-view-headTitle('Message Board');
$this-view-newMessageForm = $this-_getNewMessageForm();
}
public function postnewAction() {
$request = $this-getRequest();
if(!$request-isPost()) {
$this-_helper-redirector('notauthorized', 'error');
}
$form = $this-_getNewMessageForm();
if (!$form-isValid($request-getPost())) {
$this-view-newMessageForm = $form;
return $this-render('index');
}
$values = $form-getValues();
$values['user_id'] = Zend_Auth::getInstance()-getIdentity()-id;
$model = new Model_DbTable_Messages;
$result = $model-insert($values);
if(!$result) {
throw new Zend_Exception('Problem adding message to database');
}
$this-_helper-redirector('index', 'messageboard');
}
protected function _getNewMessageForm() {
$form = new Form_NewMessage;
$form-setAction('/messageboard/postnew/');
return $form;
}
Again, I really appreciate your help.
Thanks!
J
On Tue, Jul 14, 2009 at 11:06 PM, Matthew Weier O'Phinney
matt...@zend.comwrote:
-- J DeBord jasdeb...@gmail.com wrote
(on Tuesday, 14 July 2009, 08:29 PM +0200):
I've tried to make StripTags leave the href attribute, but it strips it
out. I
can't find the right syntax or it just doesn't work. The a tag is left
intact, every other tag is stripped, but the href and title get stripped
as
well.
I've also used the fluid interface when adding the Textarea, but changed
it to
what is below in hopes that it would work.
What am I doing wrong?
What version of ZF are you using?
I did the following using current trunk:
$element = new Zend_Form_Element_Textarea('foo', array(
'filters' = array(
array('StripTags', array(array('a'), array('href', 'title'))),
'StringTrim',
),
'value' = 'p
This is a onClick=foo.bar() href=http://foo.com/;
title=Foo!linked text/a.
/p',
));
echo $element-getValue();
and got exactly what I expected:
This is a href=http://foo.com/; title=Foo!linked text/a.
?php
class Form_NewMessage extends Form_Default {
public function init() {
$this-setMethod('post');
$this-setAttrib('id', 'new_message');
$textarea = new Zend_Form_Element_Textarea('message');
$textarea-setDecorators($this-_defaultDecorators);
$stripTags = new Zend_Filter_StripTags(array('a'), array('href',
'title'));
$textarea-addFilter('StringTrim');
Re: [fw-general] Zend_Filter_StripTags strips attributes even when told not to
To add:
public function postnewAction() {
$request = $this-getRequest();
if(!$request-isPost()) {
$this-_helper-redirector('notauthorized', 'error');
}
$form = $this-_getNewMessageForm();
if (!$form-isValid($request-getPost())) {
$this-view-newMessageForm = $form;
return $this-render('index');
}
$values = $form-getValues(); Zend_Debug::dump($values); exit;
Outputs:
array(1) {
[message] = string(27) This is alinked text/a.
}
On Wed, Jul 15, 2009 at 8:13 AM, J DeBord jasdeb...@gmail.com wrote:
Thanks for the reply Matthew.
I'm using 1.84
Still not working. After executing the code below (see form and controller
code) and putting this into the textarea:
p
This is a onClick=foo.bar() href=http://foo.com/;
title=Foo!linked text/a.
/p
The following is entered into the MySql DB:
[image:
Edit]http://localhost/phpmyadmin/tbl_change.php?db=jasondeb_jdnet_Zendtable=messagesprimary_key=+%60messages%60.%60id%60+%3D+49sql_query=SELECT+%2A+FROM+%60messages%60goto=sql.phptoken=e863630c23d959b05950ce1d215c6df5
[image:
Delete]http://localhost/phpmyadmin/sql.php?db=jasondeb_jdnet_Zendtable=messagessql_query=DELETE+FROM+%60jasondeb_jdnet_Zend%60.%60messages%60+WHERE+%60messages%60.%60id%60+%3D+49+LIMIT+1zero_rows=The+row+has+been+deletedgoto=sql.php%3Fdb%3Djasondeb_jdnet_Zend%26table%3Dmessages%26sql_query%3DSELECT%2B%252A%2BFROM%2B%2560messages%2560%26zero_rows%3DThe%2Brow%2Bhas%2Bbeen%2Bdeleted%26goto%3Dtbl_structure.php%26token%3De863630c23d959b05950ce1d215c6df5token=e863630c23d959b05950ce1d215c6df5
49 2009-07-15 07:54:32 1 This is alinked text/a.
Everything but the a tag is stripped as expected, but the href is still
being stripped. Could it have something to do with the Zend_Db_Table's
insert method?
FORM:
?php
class Form_NewMessage extends Form_Default {
public function init() {
$this-setMethod('post');
$this-setAttrib('id', 'new_message');
$this-setDescription(What are you doing? What's new?);
$textarea = new Zend_Form_Element_Textarea('message', array(
'id' = 'message',
'filters' = array(
array('StripTags', array(array('a'), array('href',
'title'))),
'StringTrim',
),
'validators' = array(),
'rows' = 2,
'cols' = 40,
));
$this-addElement($textarea);
$this-addElement('Submit', 'submit', array(
'Decorators' = array('ViewHelper'),
'class' = 'submit',
'Label' = 'Post Your Message!',
'Ignore' = true,
));
$this-setDecorators(array(
'Description',
'FormElements',
'Fieldset',
'Form'
));
}
}
CONTROLLER (postnewAction is the relevant piece):
public function indexAction() {
$this-view-headTitle('Message Board');
$this-view-newMessageForm = $this-_getNewMessageForm();
}
public function postnewAction() {
$request = $this-getRequest();
if(!$request-isPost()) {
$this-_helper-redirector('notauthorized', 'error');
}
$form = $this-_getNewMessageForm();
if (!$form-isValid($request-getPost())) {
$this-view-newMessageForm = $form;
return $this-render('index');
}
$values = $form-getValues();
$values['user_id'] = Zend_Auth::getInstance()-getIdentity()-id;
$model = new Model_DbTable_Messages;
$result = $model-insert($values);
if(!$result) {
throw new Zend_Exception('Problem adding message to database');
}
$this-_helper-redirector('index', 'messageboard');
}
protected function _getNewMessageForm() {
$form = new Form_NewMessage;
$form-setAction('/messageboard/postnew/');
return $form;
}
Again, I really appreciate your help.
Thanks!
J
On Tue, Jul 14, 2009 at 11:06 PM, Matthew Weier O'Phinney
matt...@zend.com wrote:
-- J DeBord jasdeb...@gmail.com wrote
(on Tuesday, 14 July 2009, 08:29 PM +0200):
I've tried to make StripTags leave the href attribute, but it strips it
out. I
can't find the right syntax or it just doesn't work. The a tag is left
intact, every other tag is stripped, but the href and title get stripped
as
well.
I've also used the fluid interface when adding the Textarea, but changed
it to
what is below in hopes that it would work.
What am I doing wrong?
What version of ZF are you using?
I did the following using current trunk:
$element = new Zend_Form_Element_Textarea('foo', array(
'filters' = array(
array('StripTags', array(array('a'), array('href', 'title'))),
'StringTrim',
),
'value' = 'p
Re: [fw-general] XSS Prevention with Zend Framework
On 15 Jul 2009, at 03:30, Matthew Weier O'Phinney wrote: 80/20 is a nice rule but not for security. I went through this way few years ago and as you mention it was so convenient to don't care in 80% of cases but the rest was pain in the ass. The setEscape() method doesn't help too much when you have to mix css/js/html code in a single phtml file. Why are you mixing them into a single file? Why not have separate files for separate types of code? This simplifies the story for escaping, allows you to run linters specific to the markup and/or language, and allows you to factor out things like CSS and JS to your presentation layer (where, arguably, it belongs -- *not* in your view scripts). Just an idea/suggestion here, could we have an optional second param to escape() which if provided would override the default (just for that usage)? I see this as helpful when quickly putting together a page and just wanting to inline the css/js for a sketch or a work in progress -- I know I'm gonna move it out eventually...
[fw-general] how to force zend form to submit to new action
hello nabble!!
I'm trying to integrate my zend application with pommo.
I don't want to replicate pommo's logic on new user subscription by creating
zend_db objects for every pommo's table... I just want to:
1) create the subscription form with zend_form,
2) validate the form on zend side
3) submit the form to the pommo's page used to insert new user
I've already completed the first 2 steps... here's the code in my controller
to validate the form:
public function newsletterAction()
{
$newsletterForm = new Default_Model_NewsletterForm();
$this-view-newsletterForm = $newsletterForm;
if ($this-getRequest()-isPost())
{
$formData = $this-getRequest()-getPost();
if ($newsletterForm-isValid($formData))
{
$newsletterForm-setAction('/areaprivata/pommo/user/process.php');
HERE GOES THE MISSING CODE #
}
else
{
$newsletterForm-populate($formData);
}
}
}
If anyone has an idea, please let me know.
Many Thanks
--
View this message in context:
http://www.nabble.com/how-to-force-zend-form-to-submit-to-new-action-tp24495073p24495073.html
Sent from the Zend Framework mailing list archive at Nabble.com.
Re: [fw-general] Action names
Muhammad Ali wrote:
I have ACL plugin to restrict different controllers and User
controller have action called changePasswordAction. I can get to
action using /user/change-password/ and it works fine, but before
while i am constructing my Acl action name comes as change-password
rather changePassword.
Is this how it should work?
Hi Muhammad,
I'd advise handling your ACL at service level, not controller /
dispatcher level. In steno:
Controller {
someAction {
getRequestedThing()-doAction()
}
}
RequestedThing {
doAction() {
if(!acl-audit(thisAction)) {
throw new RequestedThing_ServiceDeniedException();
}
getModel()-doAction()
}
}
You can of course still keep your acl naming based on methods, but this
way it keeps the ACL clear from the controllers, and therefore much
easier to test.
drm / Gerard
Re: [fw-general] Url helper ignores setParams() - why?
hussdl wrote: The reasoning behind all this is that I have a search form that uses GET instead of POST to prevent browser warnings about expired post data. So in order to preserve the search criteria when sorting or changing the page I have to convert GET params to ZF params as the url helper doesn't preserve GET params at all. I think you'd find it easier to implement your own url helper, extending the standard url helper and returning the url preserving the sticky vars you need for the search action.
[fw-general] Cookie Usage
Hi, on my project I want to save all the location where the user was ( maybe last 5 locations ) and show to him as a reminder. Then I thought to use the zend_cookie object to store all the visited page ids ( or urls ), my problem is that, after I read the documentation here: http://framework.zend.com/manual/en/zend.http.cookies.html I am a little confused on how to use it. What I want is to save an array in the cookie object, add to it a page_id ( or url ) every time a page is requested, and then retrieve it anywhere I want to use it in my application. Some advices about the code to use? Thanks S. _ Naviga più semplice, più veloce e più sicuro. Scarica Internet Explorer 8 per MSN! http://cid-16be95750dd16d04.skydrive.live.com/self.aspx/le%20PV%20in%20viaggio!/89.JPG
[fw-general] Zend_Form_Element can't assign value via factory / addElements
Hi all,
i'm fighting with Zend_Form_Element factory and can't fix the following
problem (ZF 1.8.4 patch 1):
$fields = array(
'id_ue' = array(
'type'= 'text',
'name'= 'id_ue',
'options' = array('label' = 'code UE',
'size' = 6,
'required' = true,
'value' = 'test')),
'id_session'= array(
'type'= 'hidden',
'name'= 'id_session',
'options' = array('value' = 'test'))
);
$form = new Zend_Form();
$form-addElements($fields);
When rendering the form, all seems right but values are not set in input
tags :
input type=text size=6 value= id=id_ue name=id_ue/
input type=hidden id=id_session value= name=id_session/
I have tried a lot of things (setting value outside of 'options', using
'attrib' in options but don't the syntax...).
I did not find any examples of this use case.
Thanks for help.
Denis.
Re: [fw-general] Action names
-- Muhammad Ali imjob@live.com wrote (on Wednesday, 15 July 2009, 02:43 AM +0100): I have ACL plugin to restrict different controllers and User controller have action called changePasswordAction. I can get to action using /user/ change-password/ and it works fine, but before while i am constructing my Acl action name comes as change-password rather changePassword. Is this how it should work? Yes. The URL representation is what is passed via the request object. The dispatcher maps hyphenated-names to camelCase. -- Matthew Weier O'Phinney Project Lead| matt...@zend.com Zend Framework | http://framework.zend.com/
Re: [fw-general] Zend_Filter_StripTags strips attributes even when told not to
-- J DeBord jasdeb...@gmail.com wrote
(on Wednesday, 15 July 2009, 08:13 AM +0200):
Thanks for the reply Matthew.
I'm using 1.84
Still not working. After executing the code below (see form and controller
code) and putting this into the textarea:
p
This is a onClick=foo.bar() href=http://foo.com/;
title=Foo!linked text/a.
/p
The following is entered into the MySql DB:
[ ] Edit Delete 49 2009-07-15 07:54:32 1 This is alinked text/a.
Everything but the a tag is stripped as expected, but the href is still
being
stripped. Could it have something to do with the Zend_Db_Table's insert
method?
There was a problem with attribute stripping identified and fixed in the
1.7 series, and what you're showing looks similar to that case -- but,
as noted, the same code you have below is working for me (I just retried
with your exact code, as well).
I'm wondering if there is an older version of ZF on your include_path...
FORM:
?php
class Form_NewMessage extends Form_Default {
public function init() {
$this-setMethod('post');
$this-setAttrib('id', 'new_message');
$this-setDescription(What are you doing? What's new?);
$textarea = new Zend_Form_Element_Textarea('message', array(
'id' = 'message',
'filters' = array(
array('StripTags', array(array('a'), array('href', 'title'))),
'StringTrim',
),
'validators' = array(),
'rows' = 2,
'cols' = 40,
));
$this-addElement($textarea);
$this-addElement('Submit', 'submit', array(
'Decorators' = array('ViewHelper'),
'class' = 'submit',
'Label' = 'Post Your Message!',
'Ignore' = true,
));
$this-setDecorators(array(
'Description',
'FormElements',
'Fieldset',
'Form'
));
}
}
CONTROLLER (postnewAction is the relevant piece):
public function indexAction() {
$this-view-headTitle('Message Board');
$this-view-newMessageForm = $this-_getNewMessageForm();
}
public function postnewAction() {
$request = $this-getRequest();
if(!$request-isPost()) {
$this-_helper-redirector('notauthorized', 'error');
}
$form = $this-_getNewMessageForm();
if (!$form-isValid($request-getPost())) {
$this-view-newMessageForm = $form;
return $this-render('index');
}
$values = $form-getValues();
$values['user_id'] = Zend_Auth::getInstance()-getIdentity()-id;
$model = new Model_DbTable_Messages;
$result = $model-insert($values);
if(!$result) {
throw new Zend_Exception('Problem adding message to database');
}
$this-_helper-redirector('index', 'messageboard');
}
protected function _getNewMessageForm() {
$form = new Form_NewMessage;
$form-setAction('/messageboard/postnew/');
return $form;
}
Again, I really appreciate your help.
Thanks!
J
On Tue, Jul 14, 2009 at 11:06 PM, Matthew Weier O'Phinney matt...@zend.com
wrote:
-- J DeBord jasdeb...@gmail.com wrote
(on Tuesday, 14 July 2009, 08:29 PM +0200):
I've tried to make StripTags leave the href attribute, but it strips it
out. I
can't find the right syntax or it just doesn't work. The a tag is left
intact, every other tag is stripped, but the href and title get stripped
as
well.
I've also used the fluid interface when adding the Textarea, but changed
it to
what is below in hopes that it would work.
What am I doing wrong?
What version of ZF are you using?
I did the following using current trunk:
$element = new Zend_Form_Element_Textarea('foo', array(
'filters' = array(
array('StripTags', array(array('a'), array('href', 'title'))),
'StringTrim',
),
'value' = 'p
This is a onClick=foo.bar() href=http://foo.com/;
title=Foo!linked text/a.
/p',
));
echo $element-getValue();
and got exactly what I expected:
This is a href=http://foo.com/; title=Foo!linked text/a.
?php
class Form_NewMessage extends Form_Default {
public function init() {
$this-setMethod('post');
$this-setAttrib('id', 'new_message');
$textarea = new Zend_Form_Element_Textarea('message');
Re: [fw-general] XSS Prevention with Zend Framework
Hi On Wed, Jul 15, 2009 at 5:12 PM, Carlton Just an idea/suggestion here, could we have an optional second param to escape() which if provided would override the default (just for that usage)? You need at least two parameters additional for escaping because you have to sometimes specify context. For example, value of style attribute: escape function needs to know context (= html attribute) and value (= css expression) -- Ondrej Ivanic (ondrej.iva...@gmail.com)
Re: [fw-general] XSS Prevention with Zend Framework
Hi,
On 15 Jul 2009, at 13:21, Ondrej Ivanič wrote:
On Wed, Jul 15, 2009 at 5:12 PM, Carlton
Just an idea/suggestion here, could we have an optional second
param to
escape() which if provided would override the default (just for
that usage)?
You need at least two parameters additional for escaping because you
have to sometimes specify context. For example, value of style
attribute: escape function needs to know context (= html attribute)
and value (= css expression)
Perhaps I'm not fully on board with what you're after but, I imagined
all of that to be taken care of by the callback (closure?) passed in
as the second parameter.
Then, say it's html by default, normally I just do this:
$this-title
But if, for the sake of trying something out I've embedded some non-
html, I do this:
$this-escape($this-script, function($value) { ... });
IMO, this is no worse than the current situation and (if I understand
you right) it gives you the flexibility you need?
Regards,
Carlton
Re: [fw-general] XSS Prevention with Zend Framework
Hi Why are you mixing them into a single file? Why not have separate files for separate types of code? This simplifies the story for escaping, Sametimes you have to mix everything together because you need dynamically generate values of certain attributes like onXXX, style, ... We can provide tools for the developer -- it's up to the developer to use them properly. Again, the 80% use case for view scripts is HTML, so heh, it's up to the developer to use them properly... little bit wrong premise. autoescaping using htmlentities or htmlspecialchars is the appropriate There is only one correct solution: htmlspecialchars($s, ENT_QUOTES). -- Ondrej Ivanic (ondrej.iva...@gmail.com)
Re: [fw-general] XSS Prevention with Zend Framework
Hi Why are you mixing them into a single file? Why not have separate files for separate types of code? This simplifies the story for escaping, Sametimes you have to mix everything together because you need dynamically generate values of certain attributes like onXXX, style, ... We can provide tools for the developer -- it's up to the developer to use them properly. Again, the 80% use case for view scripts is HTML, so heh, it's up to the developer to use them properly... little bit wrong premise. autoescaping using htmlentities or htmlspecialchars is the appropriate There is only one correct solution: htmlspecialchars($s, ENT_QUOTES). -- Ondrej Ivanic (ondrej.iva...@gmail.com)
Re: [fw-general] XSS Prevention with Zend Framework
Hi 2009/7/15 Carlton Gibson carlton.gib...@noumenal.co.uk: Perhaps I'm not fully on board with what you're after but, I imagined all of that to be taken care of by the callback (closure?) passed in as the second parameter. Then, say it's html by default, normally I just do this: Yes, then you are right. in that case is enough to have only one extra parameter. -- Ondrej Ivanic (ondrej.iva...@gmail.com)
[fw-general] Example for calling stored function on ZF1.8
Hi, I have a stored function which need to be called from module. mine application.ini is some thing like this resources.db.adapter = pdo_mysql resources.db.params.host = localhost resources.db.params.username = root resources.db.params.password = zendframe resources.db.params.dbname = bris_app resources.db.params.driver_options=PDO::MYSQL_ATTR_DIRECT_QUERY = true resources.db.params.date_format = -MM-ddTHH:mm:ss resources.db.isDefaultTableAdapter = true I don't know wether my app.ini is wrong or what can any body provide me working example ??? I am learner so its should be simple and easier. Any help would be appreciated. - -- View this message in context: http://www.nabble.com/Example-for-calling-stored-function-on-ZF1.8-tp24497204p24497204.html Sent from the Zend Framework mailing list archive at Nabble.com.
Re: [fw-general] Zend_Form_Element can't assign value via factory / addElements
Matthew,
you pointed it, i was effectively using populate() which reseted the
values ! It works now.
Thank you.
Denis.
Matthew Weier O'Phinney a écrit :
-- Denis Fohl d.f...@df-info.com wrote
(on Wednesday, 15 July 2009, 01:08 PM +0200):
i'm fighting with Zend_Form_Element factory and can't fix the following
problem (ZF 1.8.4 patch 1):
$fields = array(
'id_ue' = array(
'type'= 'text',
'name'= 'id_ue',
'options' = array('label' = 'code UE',
'size' = 6,
'required' = true,
'value' = 'test')),
'id_session'= array(
'type'= 'hidden',
'name'= 'id_session',
'options' = array('value' = 'test'))
);
$form = new Zend_Form();
$form-addElements($fields);
When rendering the form, all seems right but values are not set in input
tags :
input type=text size=6 value= id=id_ue name=id_ue/
input type=hidden id=id_session value= name=id_session/
I have tried a lot of things (setting value outside of 'options', using
'attrib' in options but don't the syntax...).
I did not find any examples of this use case.
Odd -- I took your above code, and added the following two lines:
$form-setView(new Zend_View);
echo $form;
And got the expected output:
form enctype=application/x-www-form-urlencoded action= method=postdl
class=zend_form
dt id=id_ue-labellabel for=id_ue class=requiredcode
UE/label/dt
dd id=id_ue-element
input type=text name=id_ue id=id_ue value=test size=6/dd
dt id=id_session-labelnbsp;/dt
dd id=id_session-element
input type=hidden name=id_session value=test
id=id_session/dd/dl/form
Note that the values are appropriately set.
What version of ZF are you using? Do you call setDefaults() or
populate() at any point?
[fw-general] Zend_Db_Table concrete instantiation
Hello all!
I have commited to trunk a new feature for Zend_Db_Table that will be in
ZF 1.9. That feature is the ability to use concrete instantiation on
tables. What does that mean? It means this is possible:
$authorTable = new Zend_Db_Table('author');
$authors = $authorTable-fetchAll();
foreach ($authors as $author) {
echo $author-id . ': '
. $author-first_name . ' '
. $author-last_name . PHP_EOL;
}
On the more complex side, you are able to define a definition that would
house all the same rules you previously had to define your Zend_Db_Table
inherited classes with.
Without going into the gory details, please see this url below for all
of the working use cases I have attempted to solve:
http://framework.zend.com/svn/framework/standard/branches/user/ralph/ZendDbTable/scripts/
You are free to check out that folder from svn, and run and play with
those scripts. There is a complete sqlite database, and the bootstrap
for that mini set of script will recreate the sqlite file database on
each run.
The only use case which is deprecated as of 1.9 will be if you are
extending Zend_Db_Table (not Zend_Db_Table_Abstract), and are attempting
to instantiate the class via a string, where the string represents the
key name in the registry of the database adapter. Since Zend_Db_Table
has been deprecated since 0.9, I don't this should be a problem for anyone.
Please test out this new feature, and report back any issues to me.
Thanks Happy ZF'ing!
-ralph
Re: [fw-general] Zend_Filter_StripTags strips attributes even when told not to
Thanks again Matthew. I just downloaded ZF from the trunk and I am 99% sure
it is the only copy on the include path.
From my bootstrap:
define('LIBRARY_PATH', APPLICATION_PATH . '/../library');
define('APPLICATION_ENVIRONMENT', 'development');
set_include_path(LIBRARY_PATH);
In fact the library folder is the only thing on the include path.
phpinfo() after setting the include path in the bootstrap:
include_path/home/jasondeb/workspace/JDnetZend/application/../library
.:/usr/share/php:/usr/share/pear
I deleted the copy that was in /usr/share/php just to be sure. Still not
working. Any other ideas?
Thanks,
Jason
On Wed, Jul 15, 2009 at 2:09 PM, Matthew Weier O'Phinney
matt...@zend.comwrote:
-- J DeBord jasdeb...@gmail.com wrote
(on Wednesday, 15 July 2009, 08:13 AM +0200):
Thanks for the reply Matthew.
I'm using 1.84
Still not working. After executing the code below (see form and
controller
code) and putting this into the textarea:
p
This is a onClick=foo.bar() href=http://foo.com/;
title=Foo!linked text/a.
/p
The following is entered into the MySql DB:
[ ] Edit Delete 49 2009-07-15 07:54:32 1 This is alinked text/a.
Everything but the a tag is stripped as expected, but the href is still
being
stripped. Could it have something to do with the Zend_Db_Table's insert
method?
There was a problem with attribute stripping identified and fixed in the
1.7 series, and what you're showing looks similar to that case -- but,
as noted, the same code you have below is working for me (I just retried
with your exact code, as well).
I'm wondering if there is an older version of ZF on your include_path...
FORM:
?php
class Form_NewMessage extends Form_Default {
public function init() {
$this-setMethod('post');
$this-setAttrib('id', 'new_message');
$this-setDescription(What are you doing? What's new?);
$textarea = new Zend_Form_Element_Textarea('message', array(
'id' = 'message',
'filters' = array(
array('StripTags', array(array('a'), array('href',
'title'))),
'StringTrim',
),
'validators' = array(),
'rows' = 2,
'cols' = 40,
));
$this-addElement($textarea);
$this-addElement('Submit', 'submit', array(
'Decorators' = array('ViewHelper'),
'class' = 'submit',
'Label' = 'Post Your Message!',
'Ignore' = true,
));
$this-setDecorators(array(
'Description',
'FormElements',
'Fieldset',
'Form'
));
}
}
CONTROLLER (postnewAction is the relevant piece):
public function indexAction() {
$this-view-headTitle('Message Board');
$this-view-newMessageForm = $this-_getNewMessageForm();
}
public function postnewAction() {
$request = $this-getRequest();
if(!$request-isPost()) {
$this-_helper-redirector('notauthorized', 'error');
}
$form = $this-_getNewMessageForm();
if (!$form-isValid($request-getPost())) {
$this-view-newMessageForm = $form;
return $this-render('index');
}
$values = $form-getValues();
$values['user_id'] = Zend_Auth::getInstance()-getIdentity()-id;
$model = new Model_DbTable_Messages;
$result = $model-insert($values);
if(!$result) {
throw new Zend_Exception('Problem adding message to
database');
}
$this-_helper-redirector('index', 'messageboard');
}
protected function _getNewMessageForm() {
$form = new Form_NewMessage;
$form-setAction('/messageboard/postnew/');
return $form;
}
Again, I really appreciate your help.
Thanks!
J
On Tue, Jul 14, 2009 at 11:06 PM, Matthew Weier O'Phinney
matt...@zend.com
wrote:
-- J DeBord jasdeb...@gmail.com wrote
(on Tuesday, 14 July 2009, 08:29 PM +0200):
I've tried to make StripTags leave the href attribute, but it
strips it
out. I
can't find the right syntax or it just doesn't work. The a tag is
left
intact, every other tag is stripped, but the href and title get
stripped
as
well.
I've also used the fluid interface when adding the Textarea, but
changed
it to
what is below in hopes that it would work.
What am I doing wrong?
What version of ZF are you using?
I did the following using current trunk:
$element = new Zend_Form_Element_Textarea('foo', array(
'filters' = array(
array('StripTags', array(array('a'), array('href',
'title'))),
'StringTrim',
Re: [fw-general] Cookie Usage
Why not use session instead? Regards, Saša Stamenković On Wed, Jul 15, 2009 at 12:36 PM, Sergio Rinaudo kaiohken1...@hotmail.comwrote: Hi, on my project I want to save all the location where the user was ( maybe last 5 locations ) and show to him as a reminder. Then I thought to use the zend_cookie object to store all the visited page ids ( or urls ), my problem is that, after I read the documentation here: http://framework.zend.com/manual/en/zend.http.cookies.html I am a little confused on how to use it. What I want is to save an array in the cookie object, add to it a page_id ( or url ) every time a page is requested, and then retrieve it anywhere I want to use it in my application. Some advices about the code to use? Thanks S. -- Preparati alla sfida all'ultima combinazione, gioca con Crosswire!http://livesearch.games.msn.com/crosswire/default_it/
FW: [fw-general] Cookie Usage
Hi, I would like that when the user close the browser, reopen it, and comes to the website again, he can see this remainder, also if he is not logged or registered. S. Date: Wed, 15 Jul 2009 16:52:22 +0200 From: umpir...@gmail.com To: kaiohken1...@hotmail.com CC: fw-general@lists.zend.com Subject: Re: [fw-general] Cookie Usage Why not use session instead? Regards, Saša Stamenković On Wed, Jul 15, 2009 at 12:36 PM, Sergio Rinaudo kaiohken1...@hotmail.com wrote: Hi, on my project I want to save all the location where the user was ( maybe last 5 locations ) and show to him as a reminder. Then I thought to use the zend_cookie object to store all the visited page ids ( or urls ), my problem is that, after I read the documentation here: http://framework.zend.com/manual/en/zend.http.cookies.html I am a little confused on how to use it. What I want is to save an array in the cookie object, add to it a page_id ( or url ) every time a page is requested, and then retrieve it anywhere I want to use it in my application. Some advices about the code to use? Thanks S. Preparati alla sfida all'ultima combinazione, gioca con Crosswire! Preparati alla sfida all'ultima combinazione, gioca con Crosswire! _ Naviga al sicuro, usa Windows Live Messenger! http://messenger.it/home_sicurezza.aspx
[fw-general] SubForms | MultiPage Forms | Validation
Question about multi page forms using subforms. Ok so I have been looking at the example on http://framework.zend.com/manual/en/zend.form.advanced.html#zend.form.advanced.multiPage http://framework.zend.com/manual/en/zend.form.advanced.html#zend.form.advanced.multiPage%20which is all good. However, when you move to the next subform it validates the previous subform to see if it isValid(). If so it checks to see if the whole form (all the subforms) are isValid() and if it's not it moves onto the next subform in the list. It all works but the problem is when you move to the next form which is a isPost() it automatically checks the validation on the full form and subsequently displays the errors on the form that is the new next form. The problem is that you are already posting when you display the next form and I don't want the errors to display! anyone know a good way to remove validation errors when initially loading the 2nd and *n *subforms? I am using this code http://framework.zend.com/manual/en/zend.form.advanced.html#zend.form.advanced.multiPage Thanks, Shaun Farrell
Re: FW: [fw-general] Cookie Usage
Didn't use cookies in zf, but I know they are used in Zend_Http_Client, so you can check the source ;) Regards, Saša Stamenković 2009/7/15 Sergio Rinaudo kaiohken1...@hotmail.com Hi, I would like that when the user close the browser, reopen it, and comes to the website again, he can see this remainder, also if he is not logged or registered. S. -- Date: Wed, 15 Jul 2009 16:52:22 +0200 From: umpir...@gmail.com To: kaiohken1...@hotmail.com CC: fw-general@lists.zend.com Subject: Re: [fw-general] Cookie Usage Why not use session instead? Regards, Saša Stamenković On Wed, Jul 15, 2009 at 12:36 PM, Sergio Rinaudo kaiohken1...@hotmail.com wrote: Hi, on my project I want to save all the location where the user was ( maybe last 5 locations ) and show to him as a reminder. Then I thought to use the zend_cookie object to store all the visited page ids ( or urls ), my problem is that, after I read the documentation here: http://framework.zend.com/manual/en/zend.http.cookies.html I am a little confused on how to use it. What I want is to save an array in the cookie object, add to it a page_id ( or url ) every time a page is requested, and then retrieve it anywhere I want to use it in my application. Some advices about the code to use? Thanks S. -- Preparati alla sfida all'ultima combinazione, gioca con Crosswire!http://livesearch.games.msn.com/crosswire/default_it/ -- Preparati alla sfida all'ultima combinazione, gioca con Crosswire!http://livesearch.games.msn.com/crosswire/default_it/ -- Vesti Messenger come piu ti piace. Scarica la nuova Raccolta scene!http://messenger.it/raccoltaScene.aspx
Re: [fw-general] How to dispatch a 404 error
I think you can use
throw new Zend_Controller_Dispatcher_Exception('Your message here');
gllop wrote:
I'm trying to thow a Zend_Controller_Action_Exception to dispatch a 404
page error. The ErrorController and the Plugin_Handler instance are
already implemented but I don't know how can i exactly dispatch the
exception. I supose it will be something like:
throw new Zend_Controller_Action_Exception('Error exception');
But this don't render my corresponent 404 page. I get only Error
exception message.
Any help would be apreciated. Thx!
--
View this message in context:
http://www.nabble.com/How-to-dispatch-a-404-error-tp22242790p24502873.html
Sent from the Zend Framework mailing list archive at Nabble.com.
Re: [fw-general] how to force zend form to submit to new action
If I understand correctly what you are trying to do, I think all you
need to do is immediately after you instantiate the $newsletterForm,
set its action to what you want (not after it's posted) ...
i.e.,
$newsletterForm = new Default_Model_NewsletterForm();
$newsletterForm-setAction('/areaprivata/pommo/user/process.php');
Does that help?
On Wed, Jul 15, 2009 at 5:08 AM, nulelenul...@gmail.com wrote:
hello nabble!!
I'm trying to integrate my zend application with pommo.
I don't want to replicate pommo's logic on new user subscription by creating
zend_db objects for every pommo's table... I just want to:
1) create the subscription form with zend_form,
2) validate the form on zend side
3) submit the form to the pommo's page used to insert new user
I've already completed the first 2 steps... here's the code in my controller
to validate the form:
public function newsletterAction()
{
$newsletterForm = new Default_Model_NewsletterForm();
$this-view-newsletterForm = $newsletterForm;
if ($this-getRequest()-isPost())
{
$formData = $this-getRequest()-getPost();
if ($newsletterForm-isValid($formData))
{
$newsletterForm-setAction('/areaprivata/pommo/user/process.php');
HERE GOES THE MISSING CODE #
}
else
{
$newsletterForm-populate($formData);
}
}
}
If anyone has an idea, please let me know.
Many Thanks
--
View this message in context:
http://www.nabble.com/how-to-force-zend-form-to-submit-to-new-action-tp24495073p24495073.html
Sent from the Zend Framework mailing list archive at Nabble.com.
[fw-general] Route Rewrite not working...
Dear All, I am new to zend framework got stuck in a problem... i have some navigation links on my main page... My url goes like http://localhost:8001/photoshop/public/ and on my page i have link as li article/success/sss navigation /li here article is my controller,success is action and sss is any random articlename which i have to use in my controller in my config.ini i am using the rewrite code as: - routes.archive.route = article/success/:articlename/* routes.archive.defaults.controller = article routes.archive.defaults.action = success routes.archive.defaults.article = add WHen i click on link it takes me to correct url like http://localhost:8001/photoshop/public/article/success/sss but when i get params there i dont get any parameter its empty array Now i am not sure if i am doing it all correct May be i need to add anything It would be realy great if anyone can help Regards Kusum -- View this message in context: http://www.nabble.com/Route-Rewrite-not-working...-tp24505415p24505415.html Sent from the Zend Framework mailing list archive at Nabble.com.
[fw-general] Confusion about open source licensing
Hi Question: If i were to release an opensource project under GPL, but which uses Zend Framework (released under BSD license), am I not allowed to do so? OR my sourcecode should not contain Zend Framework and be downloaded separately, just because these licenses are not compatible. Your help would be much appreciated? Sorry and please ignore if this question is inappropriate for this mailing list. Thanks
[fw-general] Confusion about open source licensing
Hi Question: If i were to release an opensource project under GPL, but which uses Zend Framework (released under BSD license), am I not allowed to do so? OR my sourcecode should not contain Zend Framework and be downloaded separately, just because these licenses are not compatible. Your help would be much appreciated? Sorry and please ignore if this question is inappropriate for this mailing list. Thanks
Re: [fw-general] Confusion about open source licensing
Hi Muhammad, ZF is released under the New BSD Licensehttp://framework.zend.com/license/new-bsd. Yes, you can use it in and ship it with a GPL project. Best regards, Tobias 2009/7/15 Muhammad Ali imjob@live.com: Hi Question: If i were to release an opensource project under GPL, but which uses Zend Framework (released under BSD license), am I not allowed to do so? OR my sourcecode should not contain Zend Framework and be downloaded separately, just because these licenses are not compatible. Your help would be much appreciated? Sorry and please ignore if this question is inappropriate for this mailing list. Thanks
[fw-general] Re: [fw-db] Zend_Db_Table concrete instantiation
That's neat. I've always wondered why Zend_Db_Table is an abstract class
extending another abstract class while not adding any new methods.
-- Mon
On Wed, Jul 15, 2009 at 9:49 PM, Ralph Schindler
ralph.schind...@zend.comwrote:
Hello all!
I have commited to trunk a new feature for Zend_Db_Table that will be in ZF
1.9. That feature is the ability to use concrete instantiation on tables.
What does that mean? It means this is possible:
$authorTable = new Zend_Db_Table('author');
$authors = $authorTable-fetchAll();
foreach ($authors as $author) {
echo $author-id . ': '
. $author-first_name . ' '
. $author-last_name . PHP_EOL;
}
On the more complex side, you are able to define a definition that would
house all the same rules you previously had to define your Zend_Db_Table
inherited classes with.
Without going into the gory details, please see this url below for all of
the working use cases I have attempted to solve:
http://framework.zend.com/svn/framework/standard/branches/user/ralph/ZendDbTable/scripts/
You are free to check out that folder from svn, and run and play with those
scripts. There is a complete sqlite database, and the bootstrap for that
mini set of script will recreate the sqlite file database on each run.
The only use case which is deprecated as of 1.9 will be if you are
extending Zend_Db_Table (not Zend_Db_Table_Abstract), and are attempting to
instantiate the class via a string, where the string represents the key name
in the registry of the database adapter. Since Zend_Db_Table has been
deprecated since 0.9, I don't this should be a problem for anyone.
Please test out this new feature, and report back any issues to me.
Thanks Happy ZF'ing!
-ralph
[fw-general] Inserting Zend_Form_Elements into a Zend_Form
I am finding the Zend_Form hard to use. Currently all form elements usable in a Zend_Form have order property that specify an integer. This number is used to sort the form elements. The problem I have is that I have extended the implementation of a form several times. In an extending class, I wish to insert an elements in between 2 existing elements. Currently this means that if in the element before has an order number of 5 and the element after has an order number of 10, the element I want to insert needs to have an order number of 7 or so. After extending a few times, the order numbers get hard to keep track of. If you have items with order numbers of 5 and 6, then you can not seem to place an element in the middle. Does anyone have code, or do people think code could be added to Zend_Form to the following: - $Zend_Form-InsertAtBeginning(Zend_Form_Element) - $Zend_Form-InsertBefore(Zend_Form_Element1,Zend_Form_Element2) - $Zend_Form-InsertAfter(Zend_Form_Element1,Zend_Form_Element2) - $Zend_Form-InsertAtEnd(Zend_Form_Element) -- View this message in context: http://www.nabble.com/Inserting-Zend_Form_Elements-into-a-Zend_Form-tp24510428p24510428.html Sent from the Zend Framework mailing list archive at Nabble.com.
