Re: [fw-general] Zend_Filter_StripTags strips attributes even when told not to
Thanks for the reply Matthew. I'm using 1.84 Still not working. After executing the code below (see form and controller code) and putting this into the textarea: p This is a onClick=foo.bar() href=http://foo.com/; title=Foo!linked text/a. /p The following is entered into the MySql DB: [image: Edit]http://localhost/phpmyadmin/tbl_change.php?db=jasondeb_jdnet_Zendtable=messagesprimary_key=+%60messages%60.%60id%60+%3D+49sql_query=SELECT+%2A+FROM+%60messages%60goto=sql.phptoken=e863630c23d959b05950ce1d215c6df5 [image: Delete]http://localhost/phpmyadmin/sql.php?db=jasondeb_jdnet_Zendtable=messagessql_query=DELETE+FROM+%60jasondeb_jdnet_Zend%60.%60messages%60+WHERE+%60messages%60.%60id%60+%3D+49+LIMIT+1zero_rows=The+row+has+been+deletedgoto=sql.php%3Fdb%3Djasondeb_jdnet_Zend%26table%3Dmessages%26sql_query%3DSELECT%2B%252A%2BFROM%2B%2560messages%2560%26zero_rows%3DThe%2Brow%2Bhas%2Bbeen%2Bdeleted%26goto%3Dtbl_structure.php%26token%3De863630c23d959b05950ce1d215c6df5token=e863630c23d959b05950ce1d215c6df5 49 2009-07-15 07:54:32 1 This is alinked text/a. Everything but the a tag is stripped as expected, but the href is still being stripped. Could it have something to do with the Zend_Db_Table's insert method? FORM: ?php class Form_NewMessage extends Form_Default { public function init() { $this-setMethod('post'); $this-setAttrib('id', 'new_message'); $this-setDescription(What are you doing? What's new?); $textarea = new Zend_Form_Element_Textarea('message', array( 'id' = 'message', 'filters' = array( array('StripTags', array(array('a'), array('href', 'title'))), 'StringTrim', ), 'validators' = array(), 'rows' = 2, 'cols' = 40, )); $this-addElement($textarea); $this-addElement('Submit', 'submit', array( 'Decorators' = array('ViewHelper'), 'class' = 'submit', 'Label' = 'Post Your Message!', 'Ignore' = true, )); $this-setDecorators(array( 'Description', 'FormElements', 'Fieldset', 'Form' )); } } CONTROLLER (postnewAction is the relevant piece): public function indexAction() { $this-view-headTitle('Message Board'); $this-view-newMessageForm = $this-_getNewMessageForm(); } public function postnewAction() { $request = $this-getRequest(); if(!$request-isPost()) { $this-_helper-redirector('notauthorized', 'error'); } $form = $this-_getNewMessageForm(); if (!$form-isValid($request-getPost())) { $this-view-newMessageForm = $form; return $this-render('index'); } $values = $form-getValues(); $values['user_id'] = Zend_Auth::getInstance()-getIdentity()-id; $model = new Model_DbTable_Messages; $result = $model-insert($values); if(!$result) { throw new Zend_Exception('Problem adding message to database'); } $this-_helper-redirector('index', 'messageboard'); } protected function _getNewMessageForm() { $form = new Form_NewMessage; $form-setAction('/messageboard/postnew/'); return $form; } Again, I really appreciate your help. Thanks! J On Tue, Jul 14, 2009 at 11:06 PM, Matthew Weier O'Phinney matt...@zend.comwrote: -- J DeBord jasdeb...@gmail.com wrote (on Tuesday, 14 July 2009, 08:29 PM +0200): I've tried to make StripTags leave the href attribute, but it strips it out. I can't find the right syntax or it just doesn't work. The a tag is left intact, every other tag is stripped, but the href and title get stripped as well. I've also used the fluid interface when adding the Textarea, but changed it to what is below in hopes that it would work. What am I doing wrong? What version of ZF are you using? I did the following using current trunk: $element = new Zend_Form_Element_Textarea('foo', array( 'filters' = array( array('StripTags', array(array('a'), array('href', 'title'))), 'StringTrim', ), 'value' = 'p This is a onClick=foo.bar() href=http://foo.com/; title=Foo!linked text/a. /p', )); echo $element-getValue(); and got exactly what I expected: This is a href=http://foo.com/; title=Foo!linked text/a. ?php class Form_NewMessage extends Form_Default { public function init() { $this-setMethod('post'); $this-setAttrib('id', 'new_message'); $textarea = new Zend_Form_Element_Textarea('message'); $textarea-setDecorators($this-_defaultDecorators); $stripTags = new Zend_Filter_StripTags(array('a'), array('href', 'title')); $textarea-addFilter('StringTrim');
Re: [fw-general] Zend_Filter_StripTags strips attributes even when told not to
To add: public function postnewAction() { $request = $this-getRequest(); if(!$request-isPost()) { $this-_helper-redirector('notauthorized', 'error'); } $form = $this-_getNewMessageForm(); if (!$form-isValid($request-getPost())) { $this-view-newMessageForm = $form; return $this-render('index'); } $values = $form-getValues(); Zend_Debug::dump($values); exit; Outputs: array(1) { [message] = string(27) This is alinked text/a. } On Wed, Jul 15, 2009 at 8:13 AM, J DeBord jasdeb...@gmail.com wrote: Thanks for the reply Matthew. I'm using 1.84 Still not working. After executing the code below (see form and controller code) and putting this into the textarea: p This is a onClick=foo.bar() href=http://foo.com/; title=Foo!linked text/a. /p The following is entered into the MySql DB: [image: Edit]http://localhost/phpmyadmin/tbl_change.php?db=jasondeb_jdnet_Zendtable=messagesprimary_key=+%60messages%60.%60id%60+%3D+49sql_query=SELECT+%2A+FROM+%60messages%60goto=sql.phptoken=e863630c23d959b05950ce1d215c6df5 [image: Delete]http://localhost/phpmyadmin/sql.php?db=jasondeb_jdnet_Zendtable=messagessql_query=DELETE+FROM+%60jasondeb_jdnet_Zend%60.%60messages%60+WHERE+%60messages%60.%60id%60+%3D+49+LIMIT+1zero_rows=The+row+has+been+deletedgoto=sql.php%3Fdb%3Djasondeb_jdnet_Zend%26table%3Dmessages%26sql_query%3DSELECT%2B%252A%2BFROM%2B%2560messages%2560%26zero_rows%3DThe%2Brow%2Bhas%2Bbeen%2Bdeleted%26goto%3Dtbl_structure.php%26token%3De863630c23d959b05950ce1d215c6df5token=e863630c23d959b05950ce1d215c6df5 49 2009-07-15 07:54:32 1 This is alinked text/a. Everything but the a tag is stripped as expected, but the href is still being stripped. Could it have something to do with the Zend_Db_Table's insert method? FORM: ?php class Form_NewMessage extends Form_Default { public function init() { $this-setMethod('post'); $this-setAttrib('id', 'new_message'); $this-setDescription(What are you doing? What's new?); $textarea = new Zend_Form_Element_Textarea('message', array( 'id' = 'message', 'filters' = array( array('StripTags', array(array('a'), array('href', 'title'))), 'StringTrim', ), 'validators' = array(), 'rows' = 2, 'cols' = 40, )); $this-addElement($textarea); $this-addElement('Submit', 'submit', array( 'Decorators' = array('ViewHelper'), 'class' = 'submit', 'Label' = 'Post Your Message!', 'Ignore' = true, )); $this-setDecorators(array( 'Description', 'FormElements', 'Fieldset', 'Form' )); } } CONTROLLER (postnewAction is the relevant piece): public function indexAction() { $this-view-headTitle('Message Board'); $this-view-newMessageForm = $this-_getNewMessageForm(); } public function postnewAction() { $request = $this-getRequest(); if(!$request-isPost()) { $this-_helper-redirector('notauthorized', 'error'); } $form = $this-_getNewMessageForm(); if (!$form-isValid($request-getPost())) { $this-view-newMessageForm = $form; return $this-render('index'); } $values = $form-getValues(); $values['user_id'] = Zend_Auth::getInstance()-getIdentity()-id; $model = new Model_DbTable_Messages; $result = $model-insert($values); if(!$result) { throw new Zend_Exception('Problem adding message to database'); } $this-_helper-redirector('index', 'messageboard'); } protected function _getNewMessageForm() { $form = new Form_NewMessage; $form-setAction('/messageboard/postnew/'); return $form; } Again, I really appreciate your help. Thanks! J On Tue, Jul 14, 2009 at 11:06 PM, Matthew Weier O'Phinney matt...@zend.com wrote: -- J DeBord jasdeb...@gmail.com wrote (on Tuesday, 14 July 2009, 08:29 PM +0200): I've tried to make StripTags leave the href attribute, but it strips it out. I can't find the right syntax or it just doesn't work. The a tag is left intact, every other tag is stripped, but the href and title get stripped as well. I've also used the fluid interface when adding the Textarea, but changed it to what is below in hopes that it would work. What am I doing wrong? What version of ZF are you using? I did the following using current trunk: $element = new Zend_Form_Element_Textarea('foo', array( 'filters' = array( array('StripTags', array(array('a'), array('href', 'title'))), 'StringTrim', ), 'value' = 'p
Re: [fw-general] XSS Prevention with Zend Framework
On 15 Jul 2009, at 03:30, Matthew Weier O'Phinney wrote: 80/20 is a nice rule but not for security. I went through this way few years ago and as you mention it was so convenient to don't care in 80% of cases but the rest was pain in the ass. The setEscape() method doesn't help too much when you have to mix css/js/html code in a single phtml file. Why are you mixing them into a single file? Why not have separate files for separate types of code? This simplifies the story for escaping, allows you to run linters specific to the markup and/or language, and allows you to factor out things like CSS and JS to your presentation layer (where, arguably, it belongs -- *not* in your view scripts). Just an idea/suggestion here, could we have an optional second param to escape() which if provided would override the default (just for that usage)? I see this as helpful when quickly putting together a page and just wanting to inline the css/js for a sketch or a work in progress -- I know I'm gonna move it out eventually...
[fw-general] how to force zend form to submit to new action
hello nabble!! I'm trying to integrate my zend application with pommo. I don't want to replicate pommo's logic on new user subscription by creating zend_db objects for every pommo's table... I just want to: 1) create the subscription form with zend_form, 2) validate the form on zend side 3) submit the form to the pommo's page used to insert new user I've already completed the first 2 steps... here's the code in my controller to validate the form: public function newsletterAction() { $newsletterForm = new Default_Model_NewsletterForm(); $this-view-newsletterForm = $newsletterForm; if ($this-getRequest()-isPost()) { $formData = $this-getRequest()-getPost(); if ($newsletterForm-isValid($formData)) { $newsletterForm-setAction('/areaprivata/pommo/user/process.php'); HERE GOES THE MISSING CODE # } else { $newsletterForm-populate($formData); } } } If anyone has an idea, please let me know. Many Thanks -- View this message in context: http://www.nabble.com/how-to-force-zend-form-to-submit-to-new-action-tp24495073p24495073.html Sent from the Zend Framework mailing list archive at Nabble.com.
Re: [fw-general] Action names
Muhammad Ali wrote: I have ACL plugin to restrict different controllers and User controller have action called changePasswordAction. I can get to action using /user/change-password/ and it works fine, but before while i am constructing my Acl action name comes as change-password rather changePassword. Is this how it should work? Hi Muhammad, I'd advise handling your ACL at service level, not controller / dispatcher level. In steno: Controller { someAction { getRequestedThing()-doAction() } } RequestedThing { doAction() { if(!acl-audit(thisAction)) { throw new RequestedThing_ServiceDeniedException(); } getModel()-doAction() } } You can of course still keep your acl naming based on methods, but this way it keeps the ACL clear from the controllers, and therefore much easier to test. drm / Gerard
Re: [fw-general] Url helper ignores setParams() - why?
hussdl wrote: The reasoning behind all this is that I have a search form that uses GET instead of POST to prevent browser warnings about expired post data. So in order to preserve the search criteria when sorting or changing the page I have to convert GET params to ZF params as the url helper doesn't preserve GET params at all. I think you'd find it easier to implement your own url helper, extending the standard url helper and returning the url preserving the sticky vars you need for the search action.
[fw-general] Cookie Usage
Hi, on my project I want to save all the location where the user was ( maybe last 5 locations ) and show to him as a reminder. Then I thought to use the zend_cookie object to store all the visited page ids ( or urls ), my problem is that, after I read the documentation here: http://framework.zend.com/manual/en/zend.http.cookies.html I am a little confused on how to use it. What I want is to save an array in the cookie object, add to it a page_id ( or url ) every time a page is requested, and then retrieve it anywhere I want to use it in my application. Some advices about the code to use? Thanks S. _ Naviga più semplice, più veloce e più sicuro. Scarica Internet Explorer 8 per MSN! http://cid-16be95750dd16d04.skydrive.live.com/self.aspx/le%20PV%20in%20viaggio!/89.JPG
[fw-general] Zend_Form_Element can't assign value via factory / addElements
Hi all, i'm fighting with Zend_Form_Element factory and can't fix the following problem (ZF 1.8.4 patch 1): $fields = array( 'id_ue' = array( 'type'= 'text', 'name'= 'id_ue', 'options' = array('label' = 'code UE', 'size' = 6, 'required' = true, 'value' = 'test')), 'id_session'= array( 'type'= 'hidden', 'name'= 'id_session', 'options' = array('value' = 'test')) ); $form = new Zend_Form(); $form-addElements($fields); When rendering the form, all seems right but values are not set in input tags : input type=text size=6 value= id=id_ue name=id_ue/ input type=hidden id=id_session value= name=id_session/ I have tried a lot of things (setting value outside of 'options', using 'attrib' in options but don't the syntax...). I did not find any examples of this use case. Thanks for help. Denis.
Re: [fw-general] Action names
-- Muhammad Ali imjob@live.com wrote (on Wednesday, 15 July 2009, 02:43 AM +0100): I have ACL plugin to restrict different controllers and User controller have action called changePasswordAction. I can get to action using /user/ change-password/ and it works fine, but before while i am constructing my Acl action name comes as change-password rather changePassword. Is this how it should work? Yes. The URL representation is what is passed via the request object. The dispatcher maps hyphenated-names to camelCase. -- Matthew Weier O'Phinney Project Lead| matt...@zend.com Zend Framework | http://framework.zend.com/
Re: [fw-general] Zend_Filter_StripTags strips attributes even when told not to
-- J DeBord jasdeb...@gmail.com wrote (on Wednesday, 15 July 2009, 08:13 AM +0200): Thanks for the reply Matthew. I'm using 1.84 Still not working. After executing the code below (see form and controller code) and putting this into the textarea: p This is a onClick=foo.bar() href=http://foo.com/; title=Foo!linked text/a. /p The following is entered into the MySql DB: [ ] Edit Delete 49 2009-07-15 07:54:32 1 This is alinked text/a. Everything but the a tag is stripped as expected, but the href is still being stripped. Could it have something to do with the Zend_Db_Table's insert method? There was a problem with attribute stripping identified and fixed in the 1.7 series, and what you're showing looks similar to that case -- but, as noted, the same code you have below is working for me (I just retried with your exact code, as well). I'm wondering if there is an older version of ZF on your include_path... FORM: ?php class Form_NewMessage extends Form_Default { public function init() { $this-setMethod('post'); $this-setAttrib('id', 'new_message'); $this-setDescription(What are you doing? What's new?); $textarea = new Zend_Form_Element_Textarea('message', array( 'id' = 'message', 'filters' = array( array('StripTags', array(array('a'), array('href', 'title'))), 'StringTrim', ), 'validators' = array(), 'rows' = 2, 'cols' = 40, )); $this-addElement($textarea); $this-addElement('Submit', 'submit', array( 'Decorators' = array('ViewHelper'), 'class' = 'submit', 'Label' = 'Post Your Message!', 'Ignore' = true, )); $this-setDecorators(array( 'Description', 'FormElements', 'Fieldset', 'Form' )); } } CONTROLLER (postnewAction is the relevant piece): public function indexAction() { $this-view-headTitle('Message Board'); $this-view-newMessageForm = $this-_getNewMessageForm(); } public function postnewAction() { $request = $this-getRequest(); if(!$request-isPost()) { $this-_helper-redirector('notauthorized', 'error'); } $form = $this-_getNewMessageForm(); if (!$form-isValid($request-getPost())) { $this-view-newMessageForm = $form; return $this-render('index'); } $values = $form-getValues(); $values['user_id'] = Zend_Auth::getInstance()-getIdentity()-id; $model = new Model_DbTable_Messages; $result = $model-insert($values); if(!$result) { throw new Zend_Exception('Problem adding message to database'); } $this-_helper-redirector('index', 'messageboard'); } protected function _getNewMessageForm() { $form = new Form_NewMessage; $form-setAction('/messageboard/postnew/'); return $form; } Again, I really appreciate your help. Thanks! J On Tue, Jul 14, 2009 at 11:06 PM, Matthew Weier O'Phinney matt...@zend.com wrote: -- J DeBord jasdeb...@gmail.com wrote (on Tuesday, 14 July 2009, 08:29 PM +0200): I've tried to make StripTags leave the href attribute, but it strips it out. I can't find the right syntax or it just doesn't work. The a tag is left intact, every other tag is stripped, but the href and title get stripped as well. I've also used the fluid interface when adding the Textarea, but changed it to what is below in hopes that it would work. What am I doing wrong? What version of ZF are you using? I did the following using current trunk: $element = new Zend_Form_Element_Textarea('foo', array( 'filters' = array( array('StripTags', array(array('a'), array('href', 'title'))), 'StringTrim', ), 'value' = 'p This is a onClick=foo.bar() href=http://foo.com/; title=Foo!linked text/a. /p', )); echo $element-getValue(); and got exactly what I expected: This is a href=http://foo.com/; title=Foo!linked text/a. ?php class Form_NewMessage extends Form_Default { public function init() { $this-setMethod('post'); $this-setAttrib('id', 'new_message'); $textarea = new Zend_Form_Element_Textarea('message');
Re: [fw-general] XSS Prevention with Zend Framework
Hi On Wed, Jul 15, 2009 at 5:12 PM, Carlton Just an idea/suggestion here, could we have an optional second param to escape() which if provided would override the default (just for that usage)? You need at least two parameters additional for escaping because you have to sometimes specify context. For example, value of style attribute: escape function needs to know context (= html attribute) and value (= css expression) -- Ondrej Ivanic (ondrej.iva...@gmail.com)
Re: [fw-general] XSS Prevention with Zend Framework
Hi, On 15 Jul 2009, at 13:21, Ondrej Ivanič wrote: On Wed, Jul 15, 2009 at 5:12 PM, Carlton Just an idea/suggestion here, could we have an optional second param to escape() which if provided would override the default (just for that usage)? You need at least two parameters additional for escaping because you have to sometimes specify context. For example, value of style attribute: escape function needs to know context (= html attribute) and value (= css expression) Perhaps I'm not fully on board with what you're after but, I imagined all of that to be taken care of by the callback (closure?) passed in as the second parameter. Then, say it's html by default, normally I just do this: $this-title But if, for the sake of trying something out I've embedded some non- html, I do this: $this-escape($this-script, function($value) { ... }); IMO, this is no worse than the current situation and (if I understand you right) it gives you the flexibility you need? Regards, Carlton
Re: [fw-general] XSS Prevention with Zend Framework
Hi Why are you mixing them into a single file? Why not have separate files for separate types of code? This simplifies the story for escaping, Sametimes you have to mix everything together because you need dynamically generate values of certain attributes like onXXX, style, ... We can provide tools for the developer -- it's up to the developer to use them properly. Again, the 80% use case for view scripts is HTML, so heh, it's up to the developer to use them properly... little bit wrong premise. autoescaping using htmlentities or htmlspecialchars is the appropriate There is only one correct solution: htmlspecialchars($s, ENT_QUOTES). -- Ondrej Ivanic (ondrej.iva...@gmail.com)
Re: [fw-general] XSS Prevention with Zend Framework
Hi Why are you mixing them into a single file? Why not have separate files for separate types of code? This simplifies the story for escaping, Sametimes you have to mix everything together because you need dynamically generate values of certain attributes like onXXX, style, ... We can provide tools for the developer -- it's up to the developer to use them properly. Again, the 80% use case for view scripts is HTML, so heh, it's up to the developer to use them properly... little bit wrong premise. autoescaping using htmlentities or htmlspecialchars is the appropriate There is only one correct solution: htmlspecialchars($s, ENT_QUOTES). -- Ondrej Ivanic (ondrej.iva...@gmail.com)
Re: [fw-general] XSS Prevention with Zend Framework
Hi 2009/7/15 Carlton Gibson carlton.gib...@noumenal.co.uk: Perhaps I'm not fully on board with what you're after but, I imagined all of that to be taken care of by the callback (closure?) passed in as the second parameter. Then, say it's html by default, normally I just do this: Yes, then you are right. in that case is enough to have only one extra parameter. -- Ondrej Ivanic (ondrej.iva...@gmail.com)
[fw-general] Example for calling stored function on ZF1.8
Hi, I have a stored function which need to be called from module. mine application.ini is some thing like this resources.db.adapter = pdo_mysql resources.db.params.host = localhost resources.db.params.username = root resources.db.params.password = zendframe resources.db.params.dbname = bris_app resources.db.params.driver_options=PDO::MYSQL_ATTR_DIRECT_QUERY = true resources.db.params.date_format = -MM-ddTHH:mm:ss resources.db.isDefaultTableAdapter = true I don't know wether my app.ini is wrong or what can any body provide me working example ??? I am learner so its should be simple and easier. Any help would be appreciated. - -- View this message in context: http://www.nabble.com/Example-for-calling-stored-function-on-ZF1.8-tp24497204p24497204.html Sent from the Zend Framework mailing list archive at Nabble.com.
Re: [fw-general] Zend_Form_Element can't assign value via factory / addElements
Matthew, you pointed it, i was effectively using populate() which reseted the values ! It works now. Thank you. Denis. Matthew Weier O'Phinney a écrit : -- Denis Fohl d.f...@df-info.com wrote (on Wednesday, 15 July 2009, 01:08 PM +0200): i'm fighting with Zend_Form_Element factory and can't fix the following problem (ZF 1.8.4 patch 1): $fields = array( 'id_ue' = array( 'type'= 'text', 'name'= 'id_ue', 'options' = array('label' = 'code UE', 'size' = 6, 'required' = true, 'value' = 'test')), 'id_session'= array( 'type'= 'hidden', 'name'= 'id_session', 'options' = array('value' = 'test')) ); $form = new Zend_Form(); $form-addElements($fields); When rendering the form, all seems right but values are not set in input tags : input type=text size=6 value= id=id_ue name=id_ue/ input type=hidden id=id_session value= name=id_session/ I have tried a lot of things (setting value outside of 'options', using 'attrib' in options but don't the syntax...). I did not find any examples of this use case. Odd -- I took your above code, and added the following two lines: $form-setView(new Zend_View); echo $form; And got the expected output: form enctype=application/x-www-form-urlencoded action= method=postdl class=zend_form dt id=id_ue-labellabel for=id_ue class=requiredcode UE/label/dt dd id=id_ue-element input type=text name=id_ue id=id_ue value=test size=6/dd dt id=id_session-labelnbsp;/dt dd id=id_session-element input type=hidden name=id_session value=test id=id_session/dd/dl/form Note that the values are appropriately set. What version of ZF are you using? Do you call setDefaults() or populate() at any point?
[fw-general] Zend_Db_Table concrete instantiation
Hello all! I have commited to trunk a new feature for Zend_Db_Table that will be in ZF 1.9. That feature is the ability to use concrete instantiation on tables. What does that mean? It means this is possible: $authorTable = new Zend_Db_Table('author'); $authors = $authorTable-fetchAll(); foreach ($authors as $author) { echo $author-id . ': ' . $author-first_name . ' ' . $author-last_name . PHP_EOL; } On the more complex side, you are able to define a definition that would house all the same rules you previously had to define your Zend_Db_Table inherited classes with. Without going into the gory details, please see this url below for all of the working use cases I have attempted to solve: http://framework.zend.com/svn/framework/standard/branches/user/ralph/ZendDbTable/scripts/ You are free to check out that folder from svn, and run and play with those scripts. There is a complete sqlite database, and the bootstrap for that mini set of script will recreate the sqlite file database on each run. The only use case which is deprecated as of 1.9 will be if you are extending Zend_Db_Table (not Zend_Db_Table_Abstract), and are attempting to instantiate the class via a string, where the string represents the key name in the registry of the database adapter. Since Zend_Db_Table has been deprecated since 0.9, I don't this should be a problem for anyone. Please test out this new feature, and report back any issues to me. Thanks Happy ZF'ing! -ralph
Re: [fw-general] Zend_Filter_StripTags strips attributes even when told not to
Thanks again Matthew. I just downloaded ZF from the trunk and I am 99% sure it is the only copy on the include path. From my bootstrap: define('LIBRARY_PATH', APPLICATION_PATH . '/../library'); define('APPLICATION_ENVIRONMENT', 'development'); set_include_path(LIBRARY_PATH); In fact the library folder is the only thing on the include path. phpinfo() after setting the include path in the bootstrap: include_path/home/jasondeb/workspace/JDnetZend/application/../library .:/usr/share/php:/usr/share/pear I deleted the copy that was in /usr/share/php just to be sure. Still not working. Any other ideas? Thanks, Jason On Wed, Jul 15, 2009 at 2:09 PM, Matthew Weier O'Phinney matt...@zend.comwrote: -- J DeBord jasdeb...@gmail.com wrote (on Wednesday, 15 July 2009, 08:13 AM +0200): Thanks for the reply Matthew. I'm using 1.84 Still not working. After executing the code below (see form and controller code) and putting this into the textarea: p This is a onClick=foo.bar() href=http://foo.com/; title=Foo!linked text/a. /p The following is entered into the MySql DB: [ ] Edit Delete 49 2009-07-15 07:54:32 1 This is alinked text/a. Everything but the a tag is stripped as expected, but the href is still being stripped. Could it have something to do with the Zend_Db_Table's insert method? There was a problem with attribute stripping identified and fixed in the 1.7 series, and what you're showing looks similar to that case -- but, as noted, the same code you have below is working for me (I just retried with your exact code, as well). I'm wondering if there is an older version of ZF on your include_path... FORM: ?php class Form_NewMessage extends Form_Default { public function init() { $this-setMethod('post'); $this-setAttrib('id', 'new_message'); $this-setDescription(What are you doing? What's new?); $textarea = new Zend_Form_Element_Textarea('message', array( 'id' = 'message', 'filters' = array( array('StripTags', array(array('a'), array('href', 'title'))), 'StringTrim', ), 'validators' = array(), 'rows' = 2, 'cols' = 40, )); $this-addElement($textarea); $this-addElement('Submit', 'submit', array( 'Decorators' = array('ViewHelper'), 'class' = 'submit', 'Label' = 'Post Your Message!', 'Ignore' = true, )); $this-setDecorators(array( 'Description', 'FormElements', 'Fieldset', 'Form' )); } } CONTROLLER (postnewAction is the relevant piece): public function indexAction() { $this-view-headTitle('Message Board'); $this-view-newMessageForm = $this-_getNewMessageForm(); } public function postnewAction() { $request = $this-getRequest(); if(!$request-isPost()) { $this-_helper-redirector('notauthorized', 'error'); } $form = $this-_getNewMessageForm(); if (!$form-isValid($request-getPost())) { $this-view-newMessageForm = $form; return $this-render('index'); } $values = $form-getValues(); $values['user_id'] = Zend_Auth::getInstance()-getIdentity()-id; $model = new Model_DbTable_Messages; $result = $model-insert($values); if(!$result) { throw new Zend_Exception('Problem adding message to database'); } $this-_helper-redirector('index', 'messageboard'); } protected function _getNewMessageForm() { $form = new Form_NewMessage; $form-setAction('/messageboard/postnew/'); return $form; } Again, I really appreciate your help. Thanks! J On Tue, Jul 14, 2009 at 11:06 PM, Matthew Weier O'Phinney matt...@zend.com wrote: -- J DeBord jasdeb...@gmail.com wrote (on Tuesday, 14 July 2009, 08:29 PM +0200): I've tried to make StripTags leave the href attribute, but it strips it out. I can't find the right syntax or it just doesn't work. The a tag is left intact, every other tag is stripped, but the href and title get stripped as well. I've also used the fluid interface when adding the Textarea, but changed it to what is below in hopes that it would work. What am I doing wrong? What version of ZF are you using? I did the following using current trunk: $element = new Zend_Form_Element_Textarea('foo', array( 'filters' = array( array('StripTags', array(array('a'), array('href', 'title'))), 'StringTrim',
Re: [fw-general] Cookie Usage
Why not use session instead? Regards, Saša Stamenković On Wed, Jul 15, 2009 at 12:36 PM, Sergio Rinaudo kaiohken1...@hotmail.comwrote: Hi, on my project I want to save all the location where the user was ( maybe last 5 locations ) and show to him as a reminder. Then I thought to use the zend_cookie object to store all the visited page ids ( or urls ), my problem is that, after I read the documentation here: http://framework.zend.com/manual/en/zend.http.cookies.html I am a little confused on how to use it. What I want is to save an array in the cookie object, add to it a page_id ( or url ) every time a page is requested, and then retrieve it anywhere I want to use it in my application. Some advices about the code to use? Thanks S. -- Preparati alla sfida all'ultima combinazione, gioca con Crosswire!http://livesearch.games.msn.com/crosswire/default_it/
FW: [fw-general] Cookie Usage
Hi, I would like that when the user close the browser, reopen it, and comes to the website again, he can see this remainder, also if he is not logged or registered. S. Date: Wed, 15 Jul 2009 16:52:22 +0200 From: umpir...@gmail.com To: kaiohken1...@hotmail.com CC: fw-general@lists.zend.com Subject: Re: [fw-general] Cookie Usage Why not use session instead? Regards, Saša Stamenković On Wed, Jul 15, 2009 at 12:36 PM, Sergio Rinaudo kaiohken1...@hotmail.com wrote: Hi, on my project I want to save all the location where the user was ( maybe last 5 locations ) and show to him as a reminder. Then I thought to use the zend_cookie object to store all the visited page ids ( or urls ), my problem is that, after I read the documentation here: http://framework.zend.com/manual/en/zend.http.cookies.html I am a little confused on how to use it. What I want is to save an array in the cookie object, add to it a page_id ( or url ) every time a page is requested, and then retrieve it anywhere I want to use it in my application. Some advices about the code to use? Thanks S. Preparati alla sfida all'ultima combinazione, gioca con Crosswire! Preparati alla sfida all'ultima combinazione, gioca con Crosswire! _ Naviga al sicuro, usa Windows Live Messenger! http://messenger.it/home_sicurezza.aspx
[fw-general] SubForms | MultiPage Forms | Validation
Question about multi page forms using subforms. Ok so I have been looking at the example on http://framework.zend.com/manual/en/zend.form.advanced.html#zend.form.advanced.multiPage http://framework.zend.com/manual/en/zend.form.advanced.html#zend.form.advanced.multiPage%20which is all good. However, when you move to the next subform it validates the previous subform to see if it isValid(). If so it checks to see if the whole form (all the subforms) are isValid() and if it's not it moves onto the next subform in the list. It all works but the problem is when you move to the next form which is a isPost() it automatically checks the validation on the full form and subsequently displays the errors on the form that is the new next form. The problem is that you are already posting when you display the next form and I don't want the errors to display! anyone know a good way to remove validation errors when initially loading the 2nd and *n *subforms? I am using this code http://framework.zend.com/manual/en/zend.form.advanced.html#zend.form.advanced.multiPage Thanks, Shaun Farrell
Re: FW: [fw-general] Cookie Usage
Didn't use cookies in zf, but I know they are used in Zend_Http_Client, so you can check the source ;) Regards, Saša Stamenković 2009/7/15 Sergio Rinaudo kaiohken1...@hotmail.com Hi, I would like that when the user close the browser, reopen it, and comes to the website again, he can see this remainder, also if he is not logged or registered. S. -- Date: Wed, 15 Jul 2009 16:52:22 +0200 From: umpir...@gmail.com To: kaiohken1...@hotmail.com CC: fw-general@lists.zend.com Subject: Re: [fw-general] Cookie Usage Why not use session instead? Regards, Saša Stamenković On Wed, Jul 15, 2009 at 12:36 PM, Sergio Rinaudo kaiohken1...@hotmail.com wrote: Hi, on my project I want to save all the location where the user was ( maybe last 5 locations ) and show to him as a reminder. Then I thought to use the zend_cookie object to store all the visited page ids ( or urls ), my problem is that, after I read the documentation here: http://framework.zend.com/manual/en/zend.http.cookies.html I am a little confused on how to use it. What I want is to save an array in the cookie object, add to it a page_id ( or url ) every time a page is requested, and then retrieve it anywhere I want to use it in my application. Some advices about the code to use? Thanks S. -- Preparati alla sfida all'ultima combinazione, gioca con Crosswire!http://livesearch.games.msn.com/crosswire/default_it/ -- Preparati alla sfida all'ultima combinazione, gioca con Crosswire!http://livesearch.games.msn.com/crosswire/default_it/ -- Vesti Messenger come piu ti piace. Scarica la nuova Raccolta scene!http://messenger.it/raccoltaScene.aspx
Re: [fw-general] How to dispatch a 404 error
I think you can use throw new Zend_Controller_Dispatcher_Exception('Your message here'); gllop wrote: I'm trying to thow a Zend_Controller_Action_Exception to dispatch a 404 page error. The ErrorController and the Plugin_Handler instance are already implemented but I don't know how can i exactly dispatch the exception. I supose it will be something like: throw new Zend_Controller_Action_Exception('Error exception'); But this don't render my corresponent 404 page. I get only Error exception message. Any help would be apreciated. Thx! -- View this message in context: http://www.nabble.com/How-to-dispatch-a-404-error-tp22242790p24502873.html Sent from the Zend Framework mailing list archive at Nabble.com.
Re: [fw-general] how to force zend form to submit to new action
If I understand correctly what you are trying to do, I think all you need to do is immediately after you instantiate the $newsletterForm, set its action to what you want (not after it's posted) ... i.e., $newsletterForm = new Default_Model_NewsletterForm(); $newsletterForm-setAction('/areaprivata/pommo/user/process.php'); Does that help? On Wed, Jul 15, 2009 at 5:08 AM, nulelenul...@gmail.com wrote: hello nabble!! I'm trying to integrate my zend application with pommo. I don't want to replicate pommo's logic on new user subscription by creating zend_db objects for every pommo's table... I just want to: 1) create the subscription form with zend_form, 2) validate the form on zend side 3) submit the form to the pommo's page used to insert new user I've already completed the first 2 steps... here's the code in my controller to validate the form: public function newsletterAction() { $newsletterForm = new Default_Model_NewsletterForm(); $this-view-newsletterForm = $newsletterForm; if ($this-getRequest()-isPost()) { $formData = $this-getRequest()-getPost(); if ($newsletterForm-isValid($formData)) { $newsletterForm-setAction('/areaprivata/pommo/user/process.php'); HERE GOES THE MISSING CODE # } else { $newsletterForm-populate($formData); } } } If anyone has an idea, please let me know. Many Thanks -- View this message in context: http://www.nabble.com/how-to-force-zend-form-to-submit-to-new-action-tp24495073p24495073.html Sent from the Zend Framework mailing list archive at Nabble.com.
[fw-general] Route Rewrite not working...
Dear All, I am new to zend framework got stuck in a problem... i have some navigation links on my main page... My url goes like http://localhost:8001/photoshop/public/ and on my page i have link as li article/success/sss navigation /li here article is my controller,success is action and sss is any random articlename which i have to use in my controller in my config.ini i am using the rewrite code as: - routes.archive.route = article/success/:articlename/* routes.archive.defaults.controller = article routes.archive.defaults.action = success routes.archive.defaults.article = add WHen i click on link it takes me to correct url like http://localhost:8001/photoshop/public/article/success/sss but when i get params there i dont get any parameter its empty array Now i am not sure if i am doing it all correct May be i need to add anything It would be realy great if anyone can help Regards Kusum -- View this message in context: http://www.nabble.com/Route-Rewrite-not-working...-tp24505415p24505415.html Sent from the Zend Framework mailing list archive at Nabble.com.
[fw-general] Confusion about open source licensing
Hi Question: If i were to release an opensource project under GPL, but which uses Zend Framework (released under BSD license), am I not allowed to do so? OR my sourcecode should not contain Zend Framework and be downloaded separately, just because these licenses are not compatible. Your help would be much appreciated? Sorry and please ignore if this question is inappropriate for this mailing list. Thanks
[fw-general] Confusion about open source licensing
Hi Question: If i were to release an opensource project under GPL, but which uses Zend Framework (released under BSD license), am I not allowed to do so? OR my sourcecode should not contain Zend Framework and be downloaded separately, just because these licenses are not compatible. Your help would be much appreciated? Sorry and please ignore if this question is inappropriate for this mailing list. Thanks
Re: [fw-general] Confusion about open source licensing
Hi Muhammad, ZF is released under the New BSD Licensehttp://framework.zend.com/license/new-bsd. Yes, you can use it in and ship it with a GPL project. Best regards, Tobias 2009/7/15 Muhammad Ali imjob@live.com: Hi Question: If i were to release an opensource project under GPL, but which uses Zend Framework (released under BSD license), am I not allowed to do so? OR my sourcecode should not contain Zend Framework and be downloaded separately, just because these licenses are not compatible. Your help would be much appreciated? Sorry and please ignore if this question is inappropriate for this mailing list. Thanks
[fw-general] Re: [fw-db] Zend_Db_Table concrete instantiation
That's neat. I've always wondered why Zend_Db_Table is an abstract class extending another abstract class while not adding any new methods. -- Mon On Wed, Jul 15, 2009 at 9:49 PM, Ralph Schindler ralph.schind...@zend.comwrote: Hello all! I have commited to trunk a new feature for Zend_Db_Table that will be in ZF 1.9. That feature is the ability to use concrete instantiation on tables. What does that mean? It means this is possible: $authorTable = new Zend_Db_Table('author'); $authors = $authorTable-fetchAll(); foreach ($authors as $author) { echo $author-id . ': ' . $author-first_name . ' ' . $author-last_name . PHP_EOL; } On the more complex side, you are able to define a definition that would house all the same rules you previously had to define your Zend_Db_Table inherited classes with. Without going into the gory details, please see this url below for all of the working use cases I have attempted to solve: http://framework.zend.com/svn/framework/standard/branches/user/ralph/ZendDbTable/scripts/ You are free to check out that folder from svn, and run and play with those scripts. There is a complete sqlite database, and the bootstrap for that mini set of script will recreate the sqlite file database on each run. The only use case which is deprecated as of 1.9 will be if you are extending Zend_Db_Table (not Zend_Db_Table_Abstract), and are attempting to instantiate the class via a string, where the string represents the key name in the registry of the database adapter. Since Zend_Db_Table has been deprecated since 0.9, I don't this should be a problem for anyone. Please test out this new feature, and report back any issues to me. Thanks Happy ZF'ing! -ralph
[fw-general] Inserting Zend_Form_Elements into a Zend_Form
I am finding the Zend_Form hard to use. Currently all form elements usable in a Zend_Form have order property that specify an integer. This number is used to sort the form elements. The problem I have is that I have extended the implementation of a form several times. In an extending class, I wish to insert an elements in between 2 existing elements. Currently this means that if in the element before has an order number of 5 and the element after has an order number of 10, the element I want to insert needs to have an order number of 7 or so. After extending a few times, the order numbers get hard to keep track of. If you have items with order numbers of 5 and 6, then you can not seem to place an element in the middle. Does anyone have code, or do people think code could be added to Zend_Form to the following: - $Zend_Form-InsertAtBeginning(Zend_Form_Element) - $Zend_Form-InsertBefore(Zend_Form_Element1,Zend_Form_Element2) - $Zend_Form-InsertAfter(Zend_Form_Element1,Zend_Form_Element2) - $Zend_Form-InsertAtEnd(Zend_Form_Element) -- View this message in context: http://www.nabble.com/Inserting-Zend_Form_Elements-into-a-Zend_Form-tp24510428p24510428.html Sent from the Zend Framework mailing list archive at Nabble.com.