[fw-general] Zend_Filter_Input filtering not triggering
Hi all,
I'm using Zend_Filter_Input on my magic getter / setter methods to validate
my input and cast fields to the type I desire.
The validation portion is working great, but it's like the filters aren't
working at all.
My model, with Zend_Filter_Input logic, is here:
http://pastebin.com/m7950c5a0
Example output is here:
object(MyApp_Model_User)#19 (1) {
["_data:protected"]=>
array(15) {
["id"]=>
string(1) "4"
["email"]=>
string(19) "andyba...@gmail.com"
["password"]=>
string(32) "594851275f207072b172d7508f037d78"
["username"]=>
string(6) "abaird"
["first"]=>
string(4) "Andy"
["last"]=>
string(5) "Baird"
["phone"]=>
string(10) "111222"
["email_opt_in"]=>
int(1)
["zip"]=>
string(5) "5"
["birthyear"]=>
string(4) "1984"
["gender"]=>
string(4) "male"
["activated"]=>
int(1)
["date_joined"]=>
string(10) "2008-03-11"
["admin"]=>
string(1) "1"
["active"]=>
string(1) "1"
}
}
I can't figure out if it's a usage error, but I've tried tracing through the
code and can't figure out why the filters don't seem to be applying.
Any insight on this would be appreciated!
-Andy
Re: [fw-general] Zend_Filter_Input and EscapeFilter
Justin Verweel wrote:
>
> There is an other way of 'disabling' the default escape behavior.
> You could create a custom class My_Filter_DoNothing, which implements
> the Zend_Filter_Interface and set that filter as the default escape
> filter (see the setDefaultEscapeFilter() method ).
> The filter( $value ) method of this class returns the $value directly,
> without modifications.
> The data will still be 'filtered' when you call $input->{key} or
> $input->getEscaped( $key ), but the used filter does nothing
>
I think it's crutch, but isn't good way.
Thank you.
--
View this message in context:
http://www.nabble.com/Zend_Filter_Input-and-EscapeFilter-tp25291137p25293241.html
Sent from the Zend Framework mailing list archive at Nabble.com.
Re: [fw-general] Zend_Filter_Input and EscapeFilter
The default behavior of zend_input_filter is escaping the data, it's not
possible to disable this behavior in a way of setEscape( false ) or
something like that.
As Thomas and I told you, the easiest way of getting unescaped data is
to call the getUnescaped( $key ) method.
There is an other way of 'disabling' the default escape behavior.
You could create a custom class My_Filter_DoNothing, which implements
the Zend_Filter_Interface and set that filter as the default escape
filter (see the setDefaultEscapeFilter() method ).
The filter( $value ) method of this class returns the $value directly,
without modifications.
The data will still be 'filtered' when you call $input->{key} or
$input->getEscaped( $key ), but the used filter does nothing
Justin
Serkys wrote:
It's not important for me, escaped or unescaped values I will use.
I think I can don't use escaper, becouse it's not need for me. I wanna
disable escaper.
Re: [fw-general] Zend_Filter_Input and EscapeFilter
It's not important for me, escaped or unescaped values I will use. I think I can don't use escaper, becouse it's not need for me. I wanna disable escaper. thomasW wrote: > > I don't understand... > You don't want to have escaped values, but you also don't want to have > unescaped values ? > > Do you want to have any value ??? > What do you precisly want ? > > Maybe it would be more clear when you give an example. > > Greetings > Thomas Weidner, I18N Team Leader, Zend Framework > http://www.thomasweidner.com > > - Original Message - > From: "Serkys" > To: > Sent: Friday, September 04, 2009 11:40 AM > Subject: Re: [fw-general] Zend_Filter_Input and EscapeFilter > > >> >> I know this method, but I can't use it. I don't want use escaper. Can I >> it? >> >> >> thomasW wrote: >>> >>> Try getUnescapedValue() to get the unescaped value. >>> >>> Greetings >>> Thomas Weidner, I18N Team Leader, Zend Framework >>> http://www.thomasweidner.com >>> >>> - Original Message - >>> From: "Serkys" >>> To: >>> Sent: Friday, September 04, 2009 11:27 AM >>> Subject: [fw-general] Zend_Filter_Input and EscapeFilter >>> >>> >>>> >>>> Hello. >>>> >>>> I use Zend_Filter_Input and don't want to use escapeFilter. But >>>> Zend_Filter_Input requires it. How can I make it optional? >>>> -- >>>> View this message in context: >>>> http://www.nabble.com/Zend_Filter_Input-and-EscapeFilter-tp25291137p25291137.html >>>> Sent from the Zend Framework mailing list archive at Nabble.com. >>> >>> >>> >> >> -- >> View this message in context: >> http://www.nabble.com/Zend_Filter_Input-and-EscapeFilter-tp25291137p25291333.html >> Sent from the Zend Framework mailing list archive at Nabble.com. > > > -- View this message in context: http://www.nabble.com/Zend_Filter_Input-and-EscapeFilter-tp25291137p25291644.html Sent from the Zend Framework mailing list archive at Nabble.com.
Re: [fw-general] Zend_Filter_Input and EscapeFilter
I don't understand... You don't want to have escaped values, but you also don't want to have unescaped values ? Do you want to have any value ??? What do you precisly want ? Maybe it would be more clear when you give an example. Greetings Thomas Weidner, I18N Team Leader, Zend Framework http://www.thomasweidner.com - Original Message - From: "Serkys" To: Sent: Friday, September 04, 2009 11:40 AM Subject: Re: [fw-general] Zend_Filter_Input and EscapeFilter I know this method, but I can't use it. I don't want use escaper. Can I it? thomasW wrote: Try getUnescapedValue() to get the unescaped value. Greetings Thomas Weidner, I18N Team Leader, Zend Framework http://www.thomasweidner.com - Original Message - From: "Serkys" To: Sent: Friday, September 04, 2009 11:27 AM Subject: [fw-general] Zend_Filter_Input and EscapeFilter Hello. I use Zend_Filter_Input and don't want to use escapeFilter. But Zend_Filter_Input requires it. How can I make it optional? -- View this message in context: http://www.nabble.com/Zend_Filter_Input-and-EscapeFilter-tp25291137p25291137.html Sent from the Zend Framework mailing list archive at Nabble.com. -- View this message in context: http://www.nabble.com/Zend_Filter_Input-and-EscapeFilter-tp25291137p25291333.html Sent from the Zend Framework mailing list archive at Nabble.com.
Re: [fw-general] Zend_Filter_Input and EscapeFilter
I know this method, but I can't use it. I don't want use escaper. Can I it? thomasW wrote: > > Try getUnescapedValue() to get the unescaped value. > > Greetings > Thomas Weidner, I18N Team Leader, Zend Framework > http://www.thomasweidner.com > > - Original Message - > From: "Serkys" > To: > Sent: Friday, September 04, 2009 11:27 AM > Subject: [fw-general] Zend_Filter_Input and EscapeFilter > > >> >> Hello. >> >> I use Zend_Filter_Input and don't want to use escapeFilter. But >> Zend_Filter_Input requires it. How can I make it optional? >> -- >> View this message in context: >> http://www.nabble.com/Zend_Filter_Input-and-EscapeFilter-tp25291137p25291137.html >> Sent from the Zend Framework mailing list archive at Nabble.com. > > > -- View this message in context: http://www.nabble.com/Zend_Filter_Input-and-EscapeFilter-tp25291137p25291333.html Sent from the Zend Framework mailing list archive at Nabble.com.
Re: [fw-general] Zend_Filter_Input and EscapeFilter
I think you mean the getUnescaped() method :-) Thomas Weidner wrote: Try getUnescapedValue() to get the unescaped value. Greetings Thomas Weidner, I18N Team Leader, Zend Framework http://www.thomasweidner.com - Original Message - From: "Serkys" To: Sent: Friday, September 04, 2009 11:27 AM Subject: [fw-general] Zend_Filter_Input and EscapeFilter Hello. I use Zend_Filter_Input and don't want to use escapeFilter. But Zend_Filter_Input requires it. How can I make it optional? -- View this message in context: http://www.nabble.com/Zend_Filter_Input-and-EscapeFilter-tp25291137p25291137.html Sent from the Zend Framework mailing list archive at Nabble.com.
Re: [fw-general] Zend_Filter_Input and EscapeFilter
Try getUnescapedValue() to get the unescaped value. Greetings Thomas Weidner, I18N Team Leader, Zend Framework http://www.thomasweidner.com - Original Message - From: "Serkys" To: Sent: Friday, September 04, 2009 11:27 AM Subject: [fw-general] Zend_Filter_Input and EscapeFilter Hello. I use Zend_Filter_Input and don't want to use escapeFilter. But Zend_Filter_Input requires it. How can I make it optional? -- View this message in context: http://www.nabble.com/Zend_Filter_Input-and-EscapeFilter-tp25291137p25291137.html Sent from the Zend Framework mailing list archive at Nabble.com.
[fw-general] Zend_Filter_Input and EscapeFilter
Hello. I use Zend_Filter_Input and don't want to use escapeFilter. But Zend_Filter_Input requires it. How can I make it optional? -- View this message in context: http://www.nabble.com/Zend_Filter_Input-and-EscapeFilter-tp25291137p25291137.html Sent from the Zend Framework mailing list archive at Nabble.com.
Re: [fw-general] Zend_Filter_Input problem in Zend Framework 1.9
-- nickt66 wrote
(on Thursday, 06 August 2009, 12:52 PM -0700):
> I've run into a problem with Zend_FIlter_Input and the ZF1.9 release. I have
> various controller actions that start by doing something like this:
>
> $input = new Zend_Filter_Input(array('lesson' => 'digits'), array('lesson'
> => 'int'), $this->getRequest()->getUserParams());
>
> and then go on to use retrieved params like this: $input->lesson
>
> This code has worked fine on various versions of the Framework up until 1.9.
> Now, on 1.9 running on Production (PHP 5.2.1) $input->lesson is NULL.
>
> If I dump out $input, the debug output is identical under 1.8 and 1.9. (see
> below for output). And in either case I can see the correct value for
> lesson. But when I retrieve it, as above, I get NULL.
>
> Even more curiously, the code continues to work fine with 1.9 on my
> development machine (OS X 10.4.11, PHP 5.2.4).
Please note that ZF versions >= 1.7.0 have a minimum required PHP
version of 5.2.4. While a lot of functionality works fine with earlier
versions of PHP, we cannot guarantee it will work correctly unless you
are using at least version 5.2.4. If your production server is running
PHP 5.2.1, you will either need to:
* upgrade your PHP version to a 5.2.4 or greater
* use a version of ZF < 1.7.0
> Obviously it is a show stopper for me as none of my controller actions can
> retrieve URL params any more! I'm a newbie, so this kind of system specific
> problem has me scratching my head.
--
Matthew Weier O'Phinney
Project Lead| matt...@zend.com
Zend Framework | http://framework.zend.com/
[fw-general] Zend_Filter_Input problem in Zend Framework 1.9
I've run into a problem with Zend_FIlter_Input and the ZF1.9 release. I have
various controller actions that start by doing something like this:
$input = new Zend_Filter_Input(array('lesson' => 'digits'), array('lesson'
=> 'int'), $this->getRequest()->getUserParams());
and then go on to use retrieved params like this: $input->lesson
This code has worked fine on various versions of the Framework up until 1.9.
Now, on 1.9 running on Production (PHP 5.2.1) $input->lesson is NULL.
If I dump out $input, the debug output is identical under 1.8 and 1.9. (see
below for output). And in either case I can see the correct value for
lesson. But when I retrieve it, as above, I get NULL.
Even more curiously, the code continues to work fine with 1.9 on my
development machine (OS X 10.4.11, PHP 5.2.4).
Obviously it is a show stopper for me as none of my controller actions can
retrieve URL params any more! I'm a newbie, so this kind of system specific
problem has me scratching my head.
Nick
DUMP OUTPUT
object(Zend_Filter_Input)#58 (12) {
["_data:protected"] => array(4) {
["controller"] => string(6) "lesson"
["action"] => string(6) "browse"
["lesson"] => string(2) "44"
["module"] => string(7) "default"
}
["_filterRules:protected"] => array(1) {
["lesson"] => string(6) "digits"
}
["_validatorRules:protected"] => array(1) {
["lesson"] => string(3) "int"
}
["_validFields:protected"] => array(0) {
}
["_invalidMessages:protected"] => array(0) {
}
["_invalidErrors:protected"] => array(0) {
}
["_missingFields:protected"] => array(0) {
}
["_unknownFields:protected"] => array(0) {
}
["_defaultEscapeFilter:protected"] => NULL
["_loaders:protected"] => array(0) {
}
["_defaults:protected"] => array(6) {
["allowEmpty"] => bool(false)
["breakChainOnFailure"] => bool(false)
["escapeFilter"] => string(12) "HtmlEntities"
["missingMessage"] => string(70) "Field '%field%' is required by rule
'%rule%', but the field is missing"
["notEmptyMessage"] => string(51) "You must give a non-empty value for
field '%field%'"
["presence"] => string(8) "optional"
}
["_processed:protected"] => bool(false)
}
--
View this message in context:
http://www.nabble.com/Zend_Filter_Input-problem-in-Zend-Framework-1.9-tp24853238p24853238.html
Sent from the Zend Framework mailing list archive at Nabble.com.
Re: [fw-general] Zend_Filter_Input: problem with presence required and null values
On Mon, Jul 20, 2009 at 2:04 PM, Jordan Moore wrote: > I created an issue in the issue tracker on June 26th, and there have > been multiple emails on the mailing list about this BC break. > > http://framework.zend.com/issues/browse/ZF-7135 > > Unfortunately, it appears that nobody thinks it's significant enough to > fix. > Meaning that it isn't slated for fixing in 1.9? My, that truly sucks. -- David Mintz http://davidmintz.org/ The subtle source is clear and bright The tributary streams flow through the darkness
Re: [fw-general] Zend_Filter_Input: problem with presence required and null values
I created an issue in the issue tracker on June 26th, and there have
been multiple emails on the mailing list about this BC break.
http://framework.zend.com/issues/browse/ZF-7135
Unfortunately, it appears that nobody thinks it's significant enough to fix.
On Mon, Jul 20, 2009 at 10:45 AM, Jonas Fischer wrote:
> Hi,
>
> $validators = array(
> 'requiredFieldName' => array('presence' => 'required', 'allowEmpty' => true)
> )
>
> Before Zend Framework Version 1.8.2 this validator definition worked
> fine for me but in later versions it does not work with null values.
>
> Prior to r15646 the presence of a value was checked using
> array_key_exists() but now it is checked using isset().
>
> This results in null values being recognized as not present. Is this
> intended? And if so, how can I check that a field is specified (but
> can be null, false, 0 etc.)?
>
> Has anybody a solution to this problem?
>
> Thanks in advance.
>
>
> Best regards,
>
> Jonas
>
--
Jordan Ryan Moore
[fw-general] Zend_Filter_Input: problem with presence required and null values
Hi,
$validators = array(
'requiredFieldName' => array('presence' => 'required', 'allowEmpty' => true)
)
Before Zend Framework Version 1.8.2 this validator definition worked
fine for me but in later versions it does not work with null values.
Prior to r15646 the presence of a value was checked using
array_key_exists() but now it is checked using isset().
This results in null values being recognized as not present. Is this
intended? And if so, how can I check that a field is specified (but
can be null, false, 0 etc.)?
Has anybody a solution to this problem?
Thanks in advance.
Best regards,
Jonas
[fw-general] Zend_Filter_Input: problem with presence required and null values
Hi,
$validators = array(
'requiredFieldName' => array('presence' => 'required', 'allowEmpty' => true)
)
Before Zend Framework Version 1.8.2 this validator definition worked
fine for me but in later versions it does not work with null values.
Prior to r15646 the presence of a value was checked using
array_key_exists() but now it is checked using isset().
This results in null values being recognized as not present. Is this
intended? And if so, how can I check that a field is specified (but
can be null, false, 0 etc.)?
Has anybody a solution to this problem?
Thanks in advance.
Best regards,
Jonas
Re: [fw-general] Zend_Filter_Input and Arrays
Glad to help! Incidentally, I already have a few implementations of such validator decorators in the Laboratory here: http://framework.zend.com/svn/framework/laboratory/library/Zend/Validate/ See the file Array.php, which does exactly what I had mentioned. Regards, Bryce Lohr cvogt wrote: Hej Bryce, Another, perhaps simpler, approach would be to create an array-aware decorator that decorates a validator object with the ability to validate arrays. That might be the easiest way to let a scalar-only validator automatically validate each element of a given array. you are right, decorators seem to be the way to go. I implemented it this way and added it as a feature request including code to the issue tracker. http://framework.zend.com/issues/browse/ZF-4354 Best Regards Christopher
Re: [fw-general] Zend_Filter_Input and Arrays
Hej Bryce, > Another, perhaps simpler, approach would be to create an array-aware > decorator that decorates a validator object with the ability to validate > arrays. That might be the easiest way to let a scalar-only validator > automatically validate each element of a given array. you are right, decorators seem to be the way to go. I implemented it this way and added it as a feature request including code to the issue tracker. http://framework.zend.com/issues/browse/ZF-4354 Best Regards Christopher -- View this message in context: http://www.nabble.com/Zend_Filter_Input-and-Arrays-tp17131495p19619388.html Sent from the Zend Framework mailing list archive at Nabble.com.
Re: [fw-general] Zend_Filter_Input and Arrays
Another, perhaps simpler, approach would be to create an array-aware decorator that decorates a validator object with the ability to validate arrays. That might be the easiest way to let a scalar-only validator automatically validate each element of a given array. Regards, Bryce Lohr cvogt wrote: I was a little to quick with my idea of wrapping $value into an array. Apparently it is not that easy :). But still overwriting _validateRule and _filterRule is the right way to solve it in a custom solution. The permanently best thing however would be to write a patch that factors out array handling into a Strategy and propose it to the Zend Framework developers. Let's see if I find the time to do this. Christopher
Re: [fw-general] Zend_Filter_Input and Arrays
I was a little to quick with my idea of wrapping $value into an array. Apparently it is not that easy :). But still overwriting _validateRule and _filterRule is the right way to solve it in a custom solution. The permanently best thing however would be to write a patch that factors out array handling into a Strategy and propose it to the Zend Framework developers. Let's see if I find the time to do this. Christopher -- View this message in context: http://www.nabble.com/Zend_Filter_Input-and-Arrays-tp17131495p18992433.html Sent from the Zend Framework mailing list archive at Nabble.com.
Re: [fw-general] Zend_Filter_Input and Arrays
Kevin McArthur-2 wrote: > > Is there a way to validate array inputs with Zend_Filter_Input? > [...] > This info might be in the manual, but I can't seem to locate it. > Hej Kevin, if it's not in the Manual, read the code :). I also wanted to validate and filter arrays and I found that the way Zend_Filter_Input handles arrays is determined in the methods _validateRule and_filterRule. I have to mention that these investigations are based on SVN Revision 6309, 2007-09-11 20:38:27Z. In _validateRule you can find is_array($field) and in _filterRule you can find is_array($this->_data[$field]). This is the point where Zend_Filter_Input distinguishes normal values and arrays. The way Zend_Filter_Input actually handles arrays is that it applies the validation or filter to every element of the array. However it only handles 1-dimensional arrays. In case of multidimensional arrays it passes the arrays of the second dimension to the validators and filters. This can lead to some nasty bugs if you are not perfectly aware of this. For example Zend_Validate_Alpha casts the value it is supposed to validate to a string. If the value is an array it is cast to the string 'Array' which of course passes the alpha validation eventhough an array is not clearly alpha, especially if it contains numbers like array(5). I plan to extend Zend_Filter_Input in order to enable array validation and filtering. My idea is to overwrite the methods _validateRule and _filterRule in a subclass. The simplest way to allow array validation and filtering would be if the methods just wrap the value into an additional array like array( $value ) and pass it to the parent method. This way Zend_Filter_Input would always pass the real value to validators and filter, since it only recurses the first dimension. However this leaves the bug described above which makes some validators falsely accept arrays as valid. This could be countered by making the new methods _validateRule and _filterRule distinguish filters and validators, which can handle arrays from those which cannot and then react in some way in case of a problem. The distinction could for example be done by making array-aware validators and filters implement a certain interface. I haven't yet thought this through completely. I hope this helps :). Best regards Christopher -- View this message in context: http://www.nabble.com/Zend_Filter_Input-and-Arrays-tp17131495p18992326.html Sent from the Zend Framework mailing list archive at Nabble.com.
[fw-general] Zend_Filter_Input and Arrays
Is there a way to validate array inputs with Zend_Filter_Input? Both single dimension name='array[0]' and multi-dimensional where one wants to validate multiple levels of keys like (name="array['input1']['input2']" value="input3") This info might be in the manual, but I can't seem to locate it. Kevin -- Kevin McArthur StormTide Digital Studios Inc. Author of the recently published book, "Pro PHP" http://www.stormtide.ca
Re: [fw-general] Zend_Filter_Input Checkboxes
Ok I've fixed it, the problem was actually a change to the formCheckbox view helper which used to add a hidden element for when the checkbox was unchecked. Now it's simply a checkbox so as far as ZFI is concerned it's not been 'unchecked'. To fix this I loop through the form data looking for the checkboxes and setting them to an empty string or 0. Is there a better way to do this? How else would you filter and validate a checkbox? Thanks Simon - Simon Corless http://www.ajb007.co.uk/ -- View this message in context: http://www.nabble.com/Zend_Filter_Input-Checkboxes-tp1660p16647532.html Sent from the Zend Framework mailing list archive at Nabble.com.
[fw-general] Zend_Filter_Input Checkboxes
I am sure ZFI used to filter checkbox values whether they were checked or
not. In 1.5 however I can't get it to filter the value as it's strictly not
been set by the form.
I want it to filter to either 1 or 0 so that I don't get left with null
values.
My filter is simply:
public function filter($value) {
if (!empty($value)) {
return 1;
} else {
return 0;
}
}
However the filter doesn't even get called as the checkbox doesn't exist,
but I'm sure it used to do it! (Having just tested it I'm correct!) Am I
wrong?! How do I force Zend_Filter_Input to filter empty values. I am using
'allowEmpty' => true which still doesn't work.
Thanks for any help.
Simon
-
Simon Corless
http://www.ajb007.co.uk/
--
View this message in context:
http://www.nabble.com/Zend_Filter_Input-Checkboxes-tp1660p1660.html
Sent from the Zend Framework mailing list archive at Nabble.com.
Re: [fw-general] Zend_Filter_Input and Unicode
I've discovered my issue is related to the /u switch. Interestingly enough,
the moment I add /u it no longer matches anything, and returns an empty
string. I've even added A-z, a-zA-Z, and [:alpha:] to the pattern at
different times. If I remove the 'u' (unicode switch) from the pattern, I
get the ascii chars back. But if I put it in, it strips out everything:
Returning: 'Bertr'; from: 'Bertrán '; pattern; /[^\p{L}]/
Returning: '''; from: 'Bertrán ''; pattern; /[^\p{L}]/u
Maybe this will narrow down more exactly what's going on. It's really hard
Googleiing this issue.
Philip
On Wed, Mar 26, 2008 at 1:44 AM, Karl Katzke <[EMAIL PROTECTED]> wrote:
> I'll run some tests on it tomorrow, but I think that Zend_Filter_Input
> pulls from the post variables in the request object, which are processed
> before the $_POST variable that you set above would be set.
>
> Unicode issues are *tricky* to get pinned down. You also need to have the
> right charset being passed in the headers from the server, the right
> override in your browser, etc. so on so forth. We've had problems with a
> bunch of our servers when they were going through a misconfigured squid
> cache that stripped the UTF-8 headers off ... but only when you hit it with
> a request for the site in the Turkish charset. All kinds of things could
> cause the behaviour you're seeing. And knowing how much translation and
> internationalization that is happening, I think we'd have seen this fairly
> simple case show up before now.
>
> -K
>
> On Tue, Mar 25, 2008 at 11:53 PM, Philip G <[EMAIL PROTECTED]> wrote:
>
> >
> > Well, the script I wrote was a hack job to show what I was doing.
> > Technically, the data is being based through _POST. Are you saying the only
> > way to get this to work is to Unicode the scripts on the file system? I
> > never herd of that requirement.
> >
> > I'm trying to make a form submit function more unicode friendly. I have
> > the required UTF-8 accet charset in place. I have verified that 'Bertrán'
> > is being passed across properly. I even verified that PHP doesn't mess with
> > it (by printing out _POST). However, once it goes through the filter
> > process, it gets stripped.
> >
> > Philip
> >
> >
> > On Tue, Mar 25, 2008 at 7:20 PM, Guillaume Rossolini <
> > [EMAIL PROTECTED]> wrote:
> >
> > > Hi,
> > >
> > > I suppose the script is encoded as Unicode in your filesystem? Your
> > > sample code fails if encoded as ANSI, but succeeds if encoded as UTF-8.
> > >
> > > > > require_once 'Zend/Filter/Input.php';
> > >
> > > $_POST['first_nm'] = "Bertrán";
> > >
> > > $filters = array ( 'first_nm' => 'Alpha' );
> > > $validators = array( 'first_nm' => array ('Alpha', 'presence' =>
> > > 'required') );
> > > $input = new Zend_Filter_Input($filters, $validators, $_POST);
> > >
> > > echo $input->isValid() ? 'ok' : 'dead';
> > >
> > >
> > > Regards,
> > >
> > >
> > >
> > >
> > > On 3/25/08, Philip G <[EMAIL PROTECTED]> wrote:
> > > >
> > > >
> > > > I'm trying to get a form to validate with unicode characters.
> > > >
> > > > For a very simple example, I have:
> > > >
> > > > $_POST['first_nm'] = "Bertrán";
> > > >
> > > > $filters = array ( 'first_nm' => 'Alpha' );
> > > > $validators = array( 'first_nm' => array ('Alpha', 'presence' =>
> > > > 'required) );
> > > > $input = Zend_Filter_Input($filter, $validators, $_POST);
> > > >
> > > >
> > > > Now, a simple $input->isValid() call and it fails. Returns:
> > > > [first_nm] => Array ( [stringEmpty] => ' ' is an empty string )
> > > >
> > > > Is there something special I need to do in order to get
> > > > Zend_Filter_Input to understand UTF-8? I've checked the data being
> > > > passed to
> > > > PHP; it is valid. I checked the code and it seems to do some utf8
> > > > check, but
> > > > apparently it's not working for some reason.
> > > >
> > > > Thanks
> > > >
> > > > --
> > > > Philip
> > > > [EMAIL PROTECTED]
> > > > http://www.gpcentre.net/
> > >
> > >
> > >
> > >
> > > --
> > > Guillaume Rossolini
> >
> >
> >
> >
> > --
> > Philip
> > [EMAIL PROTECTED]
> > http://www.gpcentre.net/
> >
>
>
--
Philip
[EMAIL PROTECTED]
http://www.gpcentre.net/
Re: [fw-general] Zend_Filter_Input and Unicode
I'll run some tests on it tomorrow, but I think that Zend_Filter_Input pulls
from the post variables in the request object, which are processed before
the $_POST variable that you set above would be set.
Unicode issues are *tricky* to get pinned down. You also need to have the
right charset being passed in the headers from the server, the right
override in your browser, etc. so on so forth. We've had problems with a
bunch of our servers when they were going through a misconfigured squid
cache that stripped the UTF-8 headers off ... but only when you hit it with
a request for the site in the Turkish charset. All kinds of things could
cause the behaviour you're seeing. And knowing how much translation and
internationalization that is happening, I think we'd have seen this fairly
simple case show up before now.
-K
On Tue, Mar 25, 2008 at 11:53 PM, Philip G <[EMAIL PROTECTED]> wrote:
>
> Well, the script I wrote was a hack job to show what I was doing.
> Technically, the data is being based through _POST. Are you saying the only
> way to get this to work is to Unicode the scripts on the file system? I
> never herd of that requirement.
>
> I'm trying to make a form submit function more unicode friendly. I have
> the required UTF-8 accet charset in place. I have verified that 'Bertrán'
> is being passed across properly. I even verified that PHP doesn't mess with
> it (by printing out _POST). However, once it goes through the filter
> process, it gets stripped.
>
> Philip
>
>
> On Tue, Mar 25, 2008 at 7:20 PM, Guillaume Rossolini <
> [EMAIL PROTECTED]> wrote:
>
> > Hi,
> >
> > I suppose the script is encoded as Unicode in your filesystem? Your
> > sample code fails if encoded as ANSI, but succeeds if encoded as UTF-8.
> >
> > > require_once 'Zend/Filter/Input.php';
> >
> > $_POST['first_nm'] = "Bertrán";
> >
> > $filters = array ( 'first_nm' => 'Alpha' );
> > $validators = array( 'first_nm' => array ('Alpha', 'presence' =>
> > 'required') );
> > $input = new Zend_Filter_Input($filters, $validators, $_POST);
> >
> > echo $input->isValid() ? 'ok' : 'dead';
> >
> >
> > Regards,
> >
> >
> >
> >
> > On 3/25/08, Philip G <[EMAIL PROTECTED]> wrote:
> > >
> > >
> > > I'm trying to get a form to validate with unicode characters.
> > >
> > > For a very simple example, I have:
> > >
> > > $_POST['first_nm'] = "Bertrán";
> > >
> > > $filters = array ( 'first_nm' => 'Alpha' );
> > > $validators = array( 'first_nm' => array ('Alpha', 'presence' =>
> > > 'required) );
> > > $input = Zend_Filter_Input($filter, $validators, $_POST);
> > >
> > >
> > > Now, a simple $input->isValid() call and it fails. Returns: [first_nm]
> > > => Array ( [stringEmpty] => ' ' is an empty string )
> > >
> > > Is there something special I need to do in order to get
> > > Zend_Filter_Input to understand UTF-8? I've checked the data being passed
> > > to
> > > PHP; it is valid. I checked the code and it seems to do some utf8 check,
> > > but
> > > apparently it's not working for some reason.
> > >
> > > Thanks
> > >
> > > --
> > > Philip
> > > [EMAIL PROTECTED]
> > > http://www.gpcentre.net/
> >
> >
> >
> >
> > --
> > Guillaume Rossolini
>
>
>
>
> --
> Philip
> [EMAIL PROTECTED]
> http://www.gpcentre.net/
>
Re: [fw-general] Zend_Filter_Input and Unicode
Well, the script I wrote was a hack job to show what I was doing.
Technically, the data is being based through _POST. Are you saying the only
way to get this to work is to Unicode the scripts on the file system? I
never herd of that requirement.
I'm trying to make a form submit function more unicode friendly. I have the
required UTF-8 accet charset in place. I have verified that 'Bertrán' is
being passed across properly. I even verified that PHP doesn't mess with it
(by printing out _POST). However, once it goes through the filter process,
it gets stripped.
Philip
On Tue, Mar 25, 2008 at 7:20 PM, Guillaume Rossolini <[EMAIL PROTECTED]>
wrote:
> Hi,
>
> I suppose the script is encoded as Unicode in your filesystem? Your
> sample code fails if encoded as ANSI, but succeeds if encoded as UTF-8.
>
> require_once 'Zend/Filter/Input.php';
>
> $_POST['first_nm'] = "Bertrán";
>
> $filters = array ( 'first_nm' => 'Alpha' );
> $validators = array( 'first_nm' => array ('Alpha', 'presence' =>
> 'required') );
> $input = new Zend_Filter_Input($filters, $validators, $_POST);
>
> echo $input->isValid() ? 'ok' : 'dead';
>
>
> Regards,
>
>
>
>
> On 3/25/08, Philip G <[EMAIL PROTECTED]> wrote:
> >
> >
> > I'm trying to get a form to validate with unicode characters.
> >
> > For a very simple example, I have:
> >
> > $_POST['first_nm'] = "Bertrán";
> >
> > $filters = array ( 'first_nm' => 'Alpha' );
> > $validators = array( 'first_nm' => array ('Alpha', 'presence' =>
> > 'required) );
> > $input = Zend_Filter_Input($filter, $validators, $_POST);
> >
> >
> > Now, a simple $input->isValid() call and it fails. Returns: [first_nm]
> > => Array ( [stringEmpty] => ' ' is an empty string )
> >
> > Is there something special I need to do in order to get
> > Zend_Filter_Input to understand UTF-8? I've checked the data being passed to
> > PHP; it is valid. I checked the code and it seems to do some utf8 check, but
> > apparently it's not working for some reason.
> >
> > Thanks
> >
> > --
> > Philip
> > [EMAIL PROTECTED]
> > http://www.gpcentre.net/
>
>
>
>
> --
> Guillaume Rossolini
--
Philip
[EMAIL PROTECTED]
http://www.gpcentre.net/
[fw-general] Zend_Filter_Input and Unicode
I'm trying to get a form to validate with unicode characters.
For a very simple example, I have:
$_POST['first_nm'] = "Bertrán";
$filters = array ( 'first_nm' => 'Alpha' );
$validators = array( 'first_nm' => array ('Alpha', 'presence' => 'required)
);
$input = Zend_Filter_Input($filter, $validators, $_POST);
Now, a simple $input->isValid() call and it fails. Returns: [first_nm] =>
Array ( [stringEmpty] => ' ' is an empty string )
Is there something special I need to do in order to get Zend_Filter_Input to
understand UTF-8? I've checked the data being passed to PHP; it is valid. I
checked the code and it seems to do some utf8 check, but apparently it's not
working for some reason.
Thanks
--
Philip
[EMAIL PROTECTED]
http://www.gpcentre.net/
Re: [fw-general] Zend_Filter_Input and messages
Hi,
The intention is to create a custom message template for missing input
values for Zend_Filter_Input. I would hope to set the 'notEmptyMessage'
meta attribute in the $options array getting fed to Zend_Filter_Input.
I thought the meta attribute would have allowed me to create default
messages for every missing input value, but it did not work, I kept
receiving default messages from some validators.
Some validator types (Digits, Alnum) have a notEmpty validator whose
message is used instead of the notEmptyMessage message template I
defined in the options array.
After a few hours of puzzlement, I checked the bugs affecting
Zend_Filter_Input and yes there is a bug report for it.
I should have checked the outstanding bugs, something I will remember to
do next time because I did spend a chunk of time wondering if I was
doing something wrong.
The bug: http://framework.zend.com/issues/browse/ZF-1912
The workaround is to set each message type manually, a bit of pain and
extra code but the fix in the Zend framework should be coming soon I hope.
// Works.
$validators = array(
'month' => array(
'Digits',
array('Between', array(1, 12)),
'messages' => array(
array( Zend_Validate_Digits::STRING_EMPTY => "A month
value is required", Zend_Validate_Digits::NOT_DIGITS => "Month must only
consist of numbers or letters" ),
'Month must be between 1 and 12'
)
)
);
Thanks.
Paul
Lepidosteus wrote:
I did not fully understand what you are trying to achieve here ?
Do you try without success to change an error message ? To allow an
empty value ? To disallow an empty value ?
Re: [fw-general] Zend_Filter_Input and messages
I did not fully understand what you are trying to achieve here ? Do you try without success to change an error message ? To allow an empty value ? To disallow an empty value ? -- Vianney Devreese - Lepidosteus http://lepidosteus.com
Re: [fw-general] Zend_Filter_Input and messages
The only way I have found to get around the misbehaving notEmpty message
template found in validators like Digits and Alnum is to manually set it.
Surely there must be another way, with the templates in options not working
for me, I have to manually set every notEmpty message which adds quite a few
lines on a complex form. Setting options for the notEmpty messages isn't
working, have I missed something?
Looking forward to a reply from somone :)
The code below works, but shouldn't the 'notEmptyMessage' template have
picked up on the notEmpty message from the digits validator and replaced it?
Code:
$options = array(
'notEmptyMessage' => "A non-empty value is required for field
'%field%'",
'missingMessage' => "'%field%' is missing",
'presence' => 'required',
'breakChainOnFailure'=>true,
'allowEmpty' => false,
);
$validators = array(
'month' => array(
'Digits',
array('Between', array(1, 12)),
'messages' => array(
array( Zend_Validate_Digits::STRING_EMPTY => "A month value is
required" ), // WORKS, but without this I just get the default not empty
message from the digits validator!
'Month must be between 1 and 12'
)
)
);
$input = new Zend_Filter_Input($filters, $validators, $_POST, $options);
fugazied wrote:
>
>
> I know its bad discussion etiquette, but does anyone have a possible
> solution to my problem below? I have tried it with 1.5 RC 1 and still
> have the same issue.
>
> fugazied wrote:
>> I am having some issues with the custom messaging and Zend Input Filter.
>> Probably something obvious I am missing, but a search couldn't help me
>> find
>> a solution. Some Code:
>>
>> //
>> $validators = array(
>> 'email' => array('EmailAddress', 'presence'=>'required',
>> ,'allowEmpty'=>false ),
>> 'month' => array('Digits', 'presence'=>'required',
>> ,'allowEmpty'=>false,
>> array('Between', 1, 10) )
>> );
>>
>> $options = array(
>> 'missingMessage' => "Field '%field%' is required",
>> 'notEmptyMessage' => "A non-empty value is required for field
>> '%field%'"
>> );
>>
>> $input = new Zend_Filter_Input(null, $validators);
>> $input->setOptions($options);
>> $input->setData($_POST);
>>
>> if ($input->hasInvalid() || $input->hasMissing()) {
>> $invalidFields = $input->getInvalid();
>> Zend_Debug::dump($invalidFields);
>>
>> /*
>> Produces -
>> array(2) {
>> ["email"] => array(1) {
>> ["emailAddressInvalid"] => string(71) "'' is not a valid email
>> address
>> in the basic format [EMAIL PROTECTED]"
>> }
>> ["month"] => array(2) {
>> ["stringEmpty"] => string(21) "'' is an empty string"
>> ["notBetween"] => string(43) "'' is not between '1' and '10',
>> inclusively"
>> }
>> }
>> */
>> }
>> //
>>
>> I was under the impression that my custom messages would replace the " ''
>> is
>> an empty string ".
>> And to avoid the other error messages appearing, display empty ' ' field
>> values I need to chain the validators correct?
>>
>> Thanks!
>>
>>
>>
>
>
>
--
View this message in context:
http://www.nabble.com/Zend_Filter_Input-and-messages-tp15782618s16154p15921984.html
Sent from the Zend Framework mailing list archive at Nabble.com.
Re: [fw-general] Zend_Filter_Input 'presence'=>'required'
Try 'missingMessage' if you are still having problems. thurting wrote: > > Hi Brian, > > You can change the relative message by setting it as an option of your > Zend_Filter_Input instance. This can be done during instantiation or > through the setOptions() method. You can not set different messages for > different filters/validators - only one message format per instance. You > may want to use Zend_Validate_NotEmpty if you need more flexibility. > There is sample code in the docs, but I will post it here to save you the > trouble. > > > $options = array( > 'notEmptyMessage' => "A non-empty value is required for field > '%field%'" > ); > > $input = new Zend_Filter_Input($filters, $validators, $data, $options); > > // alternative method: > > $input = new Zend_Filter_Input($filters, $validators, $data); > $input->setOptions($options); > > -- View this message in context: http://www.nabble.com/Zend_Filter_Input-%27presence%27%3D%3E%27required%27-tp15865637s16154p15912885.html Sent from the Zend Framework mailing list archive at Nabble.com.
Re: [fw-general] Zend_Filter_Input 'presence'=>'required'
Hi Brian, You can change the relative message by setting it as an option of your Zend_Filter_Input instance. This can be done during instantiation or through the setOptions() method. You can not set different messages for different filters/validators - only one message format per instance. You may want to use Zend_Validate_NotEmpty if you need more flexibility. There is sample code in the docs, but I will post it here to save you the trouble. "A non-empty value is required for field '%field%'" ); $input = new Zend_Filter_Input($filters, $validators, $data, $options); // alternative method: $input = new Zend_Filter_Input($filters, $validators, $data); $input->setOptions($options); -- View this message in context: http://www.nabble.com/Zend_Filter_Input-%27presence%27%3D%3E%27required%27-tp15865637s16154p15885531.html Sent from the Zend Framework mailing list archive at Nabble.com.
Re: [fw-general] Zend_Filter_Input and messages
I know its bad discussion etiquette, but does anyone have a possible
solution to my problem below? I have tried it with 1.5 RC 1 and still
have the same issue.
fugazied wrote:
I am having some issues with the custom messaging and Zend Input Filter.
Probably something obvious I am missing, but a search couldn't help me find
a solution. Some Code:
//
$validators = array(
'email' => array('EmailAddress', 'presence'=>'required',
,'allowEmpty'=>false ),
'month' => array('Digits', 'presence'=>'required', ,'allowEmpty'=>false,
array('Between', 1, 10) )
);
$options = array(
'missingMessage' => "Field '%field%' is required",
'notEmptyMessage' => "A non-empty value is required for field '%field%'"
);
$input = new Zend_Filter_Input(null, $validators);
$input->setOptions($options);
$input->setData($_POST);
if ($input->hasInvalid() || $input->hasMissing()) {
$invalidFields = $input->getInvalid();
Zend_Debug::dump($invalidFields);
/*
Produces -
array(2) {
["email"] => array(1) {
["emailAddressInvalid"] => string(71) "'' is not a valid email address
in the basic format [EMAIL PROTECTED]"
}
["month"] => array(2) {
["stringEmpty"] => string(21) "'' is an empty string"
["notBetween"] => string(43) "'' is not between '1' and '10',
inclusively"
}
}
*/
}
//
I was under the impression that my custom messages would replace the " '' is
an empty string ".
And to avoid the other error messages appearing, display empty ' ' field
values I need to chain the validators correct?
Thanks!
Re: [fw-general] Zend_Filter_Input 'presence'=>'required'
I'm still having trouble with this. I can set error messages for individual
validators that I use, like the documentation describes:
array(
'digits',
'messages' => 'A month must consist only of digits'
)
);
However, I'm unable to do this for the metacommands 'precence'. When I
change the code above to check for presence and try to supply an error
message:
array(
'digits',
'presence' => 'required',
'messages' => array('A month must consist only of digits',
array('missingMessage' => "A value is required
for field 'Month'"))
)
);
I get the error message: Fatal error: Uncaught exception
'Zend_Validate_Exception' with message 'No message template exists for key
'missingMessage'' in library\Zend\Validate\Abstract.php:129
I am able to set and error message globally for the 'presence' metacommand
using:
"A value is required for field '%field%'"
);
$input = new Zend_Filter_Input($filters, $validators, $data, $options);
But this doesn't allow me to put a user presentable field name into the
message.
Brian
SiCo007 wrote:
>
> Brian you need to take a look at the message system that accompanies the
> filter_input
>
> http://framework.zend.com/manual/en/zend.filter.input.html#zend.filter.input.metacommands.messages
>
> Then it's just a case of specifying the correct message for the correct
> action. Sometimes you will need to look in the validator to check what
> messages it sets up.
>
> Simon
>
>
> brian3f wrote:
>>
>> I'm using Zend_Filter_Input to validate form data. I'm trying to use the
>> 'presence' => 'required', metacommand. My problem is, the error message
>> generated by this command includes the actual field name that is being
>> checked. my field name is something 'first_name' but I want to display
>> 'First Name'. Here is some pseodo code representing what I'm doing.
>
>
--
View this message in context:
http://www.nabble.com/Zend_Filter_Input-%27presence%27%3D%3E%27required%27-tp15865637s16154p15877121.html
Sent from the Zend Framework mailing list archive at Nabble.com.
Re: [fw-general] Zend_Filter_Input 'presence'=>'required'
Brian you need to take a look at the message system that accompanies the filter_input http://framework.zend.com/manual/en/zend.filter.input.html#zend.filter.input.metacommands.messages Then it's just a case of specifying the correct message for the correct action. Sometimes you will need to look in the validator to check what messages it sets up. Simon brian3f wrote: > > I'm using Zend_Filter_Input to validate form data. I'm trying to use the > 'presence' => 'required', metacommand. My problem is, the error message > generated by this command includes the actual field name that is being > checked. my field name is something 'first_name' but I want to display > 'First Name'. Here is some pseodo code representing what I'm doing. - Simon Corless http://www.ajb007.co.uk/ -- View this message in context: http://www.nabble.com/Zend_Filter_Input-%27presence%27%3D%3E%27required%27-tp15865637s16154p15873112.html Sent from the Zend Framework mailing list archive at Nabble.com.
[fw-general] Zend_Filter_Input 'presence'=>'required'
I'm using Zend_Filter_Input to validate form data. I'm trying to use the 'presence' => 'required', metacommand. My problem is, the error message generated by this command includes the actual field name that is being checked. my field name is something 'first_name' but I want to display 'First Name'. Here is some pseodo code representing what I'm doing: $validators = array( 'first_name' => array( 'presence' => 'required' ) ); $input = new Zend_Filter_Input(null, $validators, $data); If the field is missing the error message I get is: "Field 'first_name' is required by rule 'first_name', but the field is missing" I would like to display: "Field 'First Name' is required." Thanks for any help, Brian -- View this message in context: http://www.nabble.com/Zend_Filter_Input-%27presence%27%3D%3E%27required%27-tp15865637s16154p15865637.html Sent from the Zend Framework mailing list archive at Nabble.com.
[fw-general] Zend_Filter_Input and messages
I am having some issues with the custom messaging and Zend Input Filter.
Probably something obvious I am missing, but a search couldn't help me find
a solution. Some Code:
//
$validators = array(
'email' => array('EmailAddress', 'presence'=>'required',
,'allowEmpty'=>false ),
'month' => array('Digits', 'presence'=>'required', ,'allowEmpty'=>false,
array('Between', 1, 10) )
);
$options = array(
'missingMessage' => "Field '%field%' is required",
'notEmptyMessage' => "A non-empty value is required for field '%field%'"
);
$input = new Zend_Filter_Input(null, $validators);
$input->setOptions($options);
$input->setData($_POST);
if ($input->hasInvalid() || $input->hasMissing()) {
$invalidFields = $input->getInvalid();
Zend_Debug::dump($invalidFields);
/*
Produces -
array(2) {
["email"] => array(1) {
["emailAddressInvalid"] => string(71) "'' is not a valid email address
in the basic format [EMAIL PROTECTED]"
}
["month"] => array(2) {
["stringEmpty"] => string(21) "'' is an empty string"
["notBetween"] => string(43) "'' is not between '1' and '10',
inclusively"
}
}
*/
}
//
I was under the impression that my custom messages would replace the " '' is
an empty string ".
And to avoid the other error messages appearing, display empty ' ' field
values I need to chain the validators correct?
Thanks!
--
View this message in context:
http://www.nabble.com/Zend_Filter_Input-and-messages-tp15782618s16154p15782618.html
Sent from the Zend Framework mailing list archive at Nabble.com.
[fw-general] Zend_Filter_Input refactoring
Hi everyone A heads-up to anyone using Zend_Filter_Input - there's a refactored version of Zend_Filter_Input added to the incubator that's ready for testing and comment by the community. It was refactored after noticing the E_WARNING's being thrown up after the improvements made to Zend_Loader - the warnings were being thrown because Zend_Filter_Input cycled through a number of namespaces to try and match class names. E.g. if I wanted to access the validator 'Between' then firstly Zend_Filter_Input would try and match 'Zend_Filter_Between' (and fail) before finding Zend_Validate_Between. Previously no such warnings were emitted because Zend_Loader suppressed error messages. The new component leverages the flexibility of the plugin loader and performs equally as well if not slightly more efficiently. A couple of notes:- * The protected properties '_namespaces' and '_userNamespaces' are removed (made redundant) * The 'addNamespace()' method has been marked as deprecated but maintained for BC. It proxies to addFilterPrefixPath and addValidatePrefixPath to provide essentially the same functionality Could anyone who uses (and perhaps subclasses) Zend_Filter_Input please give this a test run and make comment on it as soon as possible? I'd like to gauge if there's likely to be any conflicts before this can be added to trunk. Cheers -- Simon Mundy | Director | PEPTOLAB """ " "" "" "" "" """ " "" " " " " "" "" " 202/258 Flinders Lane | Melbourne | Victoria | Australia | 3000 Voice +61 (0) 3 9654 4324 | Mobile 0438 046 061 | Fax +61 (0) 3 9654 4124 http://www.peptolab.com
[fw-general] Zend_Filter_Input - replace all errors with a single error in validator?
Using Zend_Filter_Input is it possible to specify the same error for all errors on a validator with several errors? tried 'messages' => 'value must be between 5 and 128', but only the first of the templates got replaced, i want to replace both of course you could define both constants to the same message, but it's lot easier just setting all errors to one message with 'messages' => 'same error for all errors' $validators = array( 'description' => array( new Zend_Validate_StringLength(5, 128), 'messages' => 'Must be between 5 and 128' ), Note: StringLength has two error messages -- View this message in context: http://www.nabble.com/Zend_Filter_Input---replace-all-errors-with-a-single-error-in-validator--tp14600224s16154p14600224.html Sent from the Zend Framework mailing list archive at Nabble.com.
Re: [fw-general] Zend_Filter_Input, no toArray()
Aaaah, thank you for pointing out what was too obvious for me to see (-:
On Dec 28, 2007 3:31 PM, Eric Coleman <[EMAIL PROTECTED]> wrote:
>
> $row->setFromArray($input->getUnescaped())->save();
>
> Or, you can also call $input->getEscaped() to get an array of escaped
> values...
>
> You'll probably want to save the unescaped versions though ;)
>
> Regards,
> Eric
>
> On Dec 28, 2007, at 2:04 PM, David Mintz wrote:
>
> > Any way to get all the filtered/validated data out of your
> > Zend_Filter_Input
> > object in one shot?
> >
> > It would be nice to say
> >
> > $input = new Zend_Filter_Input($filters, $validators,$data);
> >
> >
> > if ($input->isValid()) {
> >
> >$row->setFromArray($input->toArray())->save();
> >
> > }
> >
> > and be done with it. It seems that all we need in Zend_Input_Filter is
> >
> > function toArray() { return this->_data; }
> >
>
>
>
--
David Mintz
http://davidmintz.org/
The subtle source is clear and bright
The tributary streams flow through the darkness
Re: [fw-general] Zend_Filter_Input, no toArray()
$row->setFromArray($input->getUnescaped())->save();
Or, you can also call $input->getEscaped() to get an array of escaped
values...
You'll probably want to save the unescaped versions though ;)
Regards,
Eric
On Dec 28, 2007, at 2:04 PM, David Mintz wrote:
Any way to get all the filtered/validated data out of your
Zend_Filter_Input
object in one shot?
It would be nice to say
$input = new Zend_Filter_Input($filters, $validators,$data);
if ($input->isValid()) {
$row->setFromArray($input->toArray())->save();
}
and be done with it. It seems that all we need in Zend_Input_Filter is
function toArray() { return this->_data; }
--
David Mintz
http://davidmintz.org/
The subtle source is clear and bright
The tributary streams flow through the darkness
[fw-general] Zend_Filter_Input, no toArray()
Any way to get all the filtered/validated data out of your Zend_Filter_Input
object in one shot?
It would be nice to say
$input = new Zend_Filter_Input($filters, $validators,$data);
if ($input->isValid()) {
$row->setFromArray($input->toArray())->save();
}
and be done with it. It seems that all we need in Zend_Input_Filter is
function toArray() { return this->_data; }
--
David Mintz
http://davidmintz.org/
The subtle source is clear and bright
The tributary streams flow through the darkness
Re: [fw-general] Zend_Filter_Input + Validator options.
I think the only real way to find the options for each filter / validator is
to check the code itself as only the actual filters and validators are
listed in the manual.
To send options to individual filters or validators encase it as an array.
'class_name' => array(array('Alnum', true), 'presence' => 'required');
And that will allow white space in the Alnum validator / filter (depending
on where you use it!).
To set options to be used globally, for which I believe only the meta
commands can be used I will pass you tot he manual as it's as clear as I can
make it (and I've never used it!).
http://framework.zend.com/manual/en/zend.filter.input.html#zend.filter.input.metacommands.global
I hope this answers your question.
Simon
Philip Gabbert wrote:
>
> (This is a resend cause I think I sent it under the wrong email address)
>
> This is kind of a two part question... First one is how do I find all
> the valid filter options? I see StringTrim and Digits within the
> examples, but I can't locate any list showing all possible options.
>
> Second is Validator, how do I send in options? Say, I use Alpha, but I
> want to include spaces, too.
>
> My Code looks like so:
>
> /* Validation Process */
> $filters = array ( 'class_name' => 'StringTrim' );
> $validators = array('class_name' => array('alnum', 'presence' =>
> 'required') );
>
> /*
> * Validate input
> * -- I would prefer a more built in way to validate input, vs
> uses the actual
> * super global.
> */
> $input = new Zend_Filter_Input($filters, $validators, $_POST);
>
>
> I need to pass in the option to enable white space in validation. How
> would I do that?
>
> --
> Philip
> [EMAIL PROTECTED]
> http://www.gpcentre.net/
>
>
-
Simon Corless
http://www.ajb007.co.uk/
--
View this message in context:
http://www.nabble.com/Zend_Filter_Input-%2B-Validator-options.-tp14309591s16154p14314127.html
Sent from the Zend Framework mailing list archive at Nabble.com.
[fw-general] Zend_Filter_Input + Validator options.
(This is a resend cause I think I sent it under the wrong email address)
This is kind of a two part question... First one is how do I find all
the valid filter options? I see StringTrim and Digits within the
examples, but I can't locate any list showing all possible options.
Second is Validator, how do I send in options? Say, I use Alpha, but I
want to include spaces, too.
My Code looks like so:
/* Validation Process */
$filters = array ( 'class_name' => 'StringTrim' );
$validators = array('class_name' => array('alnum', 'presence' =>
'required') );
/*
* Validate input
* -- I would prefer a more built in way to validate input, vs
uses the actual
* super global.
*/
$input = new Zend_Filter_Input($filters, $validators, $_POST);
I need to pass in the option to enable white space in validation. How
would I do that?
--
Philip
[EMAIL PROTECTED]
http://www.gpcentre.net/
[fw-general] Zend_Filter_Input + Validator options.
This is kind of a two part question... First one is how do I find all
the valid filter options? I see StringTrim and Digits within the
examples, but I can't locate any list showing all possible options.
Second is Validator, how do I send in options? Say, I use Alpha, but I
want to include spaces, too.
My Code looks like so:
/* Validation Process */
$filters = array ( 'class_name' => 'StringTrim' );
$validators = array('class_name' => array('alnum', 'presence' =>
'required') );
/*
* Validate input
* -- I would prefer a more built in way to validate input, vs
uses the actual
* super global.
*/
$input = new Zend_Filter_Input($filters, $validators, $_POST);
I need to pass in the option to enable white space in validation. How
would I do that?
--
Philip
[EMAIL PROTECTED]
http://www.gpcentre.net/
Re: [fw-general] Zend_Filter_Input and unknown fields
Hi Laurent, Thanks for the link. Hope that gets taken care of soon. However, I'm still sort of confused as to how you are supposed to use Zend_Filter_Input. What if you have a couple of fields in your form that doesn't need a validator, and doesn't need filtering, but you want to run your escape filter on them? Are you supposed to do something like: $field_1 = $input->field_1; $field_2 = Zend_Filter_HtmlEntities::filter($_POST['field_2']); $field_3 = $input->field_3; I dunno, but that looks sort of wrong. Would be nice to have a unified way of doing filtering, validation AND escaping. Or should you just add a filter or validator to every field? /Jens Ljungblad Laurent Melmoux wrote: > > Hi pakmannen, > > You can have a look at this issue : > http://framework.zend.com/issues/browse/ZF-2128 > > -- > Laurent Melmoux - [EMAIL PROTECTED] > > > > pakmannen a écrit : >> Hi all, >> >> Have a question regarding Zend_Filter_Input and unknown fields. >> Basically, I >> have a form with, say, five fields. I want to apply a filter on all of >> them, >> but only need to validate two. I thought I could do something like this: >> >> $filters = array( >> '*' => new Zend_Filter_Trim >> ); >> >> $validators = array( >> 'field_1' => new Zend_Validator_NotEmpty, >> 'field_3' => new Zend_Validator_NotEmpty >> ); >> >> $input = new Zend_Filter_Input($filters, $validators); >> >> However, only field_1 and field_3 exists in the result and are availible >> for >> escaping and has the filter applied, the other fields end up as >> "unknown". >> That is: >> >> $field_1 = $input->field_1; // Escaped and filtered >> $field_2 = $input->field_2; // Empty >> $field_3 = $input->field_3; // Escaped and filtered etc.. >> >> Any way around this or have I just misunderstood how to use >> Zend_Filter_Input? >> >> Edit - messed up the formating.. >> > > > > -- View this message in context: http://www.nabble.com/Zend_Filter_Input-and-unknown-fields-tf4821361s16154.html#a13824055 Sent from the Zend Framework mailing list archive at Nabble.com.
[fw-general] Zend_Filter_Input and unknown fields
Hi all, Have a question regarding Zend_Filter_Input and unknown fields. Basically, I have a form with, say, five fields. I want to apply a filter on all of them, but only need to validate two. I thought I could do something like this: $filters = array( '*' => new Zend_Filter_Trim ); $validators = array( 'field_1' => new Zend_Validator_NotEmpty, 'field_3' => new Zend_Validator_NotEmoty ); $input = new Zend_Filter_Input($filters, $validators); However, only field_1 and field_3 exists in the result and are availible for escaping with the filters (the other fields end up as "unknown") so: $field_1 = $input->field_1; // Escaped $field_2 = $input->field_2; // Empty $field_3 = $input->field_3; // Escaped etc.. Any way around this or have I just misunderstood how to use Zend_Filter_Input? Edit - messed up the formating.. -- View this message in context: http://www.nabble.com/Zend_Filter_Input-and-unknown-fields-tf4821361s16154.html#a13793444 Sent from the Zend Framework mailing list archive at Nabble.com.
Re: [fw-general] Zend_Filter_Input and unknown fields
Hi pakmannen, You can have a look at this issue : http://framework.zend.com/issues/browse/ZF-2128 -- Laurent Melmoux - [EMAIL PROTECTED] pakmannen a écrit : Hi all, Have a question regarding Zend_Filter_Input and unknown fields. Basically, I have a form with, say, five fields. I want to apply a filter on all of them, but only need to validate two. I thought I could do something like this: $filters = array( '*' => new Zend_Filter_Trim ); $validators = array( 'field_1' => new Zend_Validator_NotEmpty, 'field_3' => new Zend_Validator_NotEmpty ); $input = new Zend_Filter_Input($filters, $validators); However, only field_1 and field_3 exists in the result and are availible for escaping and has the filter applied, the other fields end up as "unknown". That is: $field_1 = $input->field_1; // Escaped and filtered $field_2 = $input->field_2; // Empty $field_3 = $input->field_3; // Escaped and filtered etc.. Any way around this or have I just misunderstood how to use Zend_Filter_Input? Edit - messed up the formating..
Re: [fw-general] Zend_Filter_Input returns gibberish input values
You have to use $input->getUnescaped('fieldname');
Joó Ádám wrote:
Hello,
I use Zend_Filter_Input to validate my input data, and when I' m
trying to get the data back through $input->fieldname I recieve it
encoded in the wrong way. I'm passing in UTF-8 text. Is this a known
problem?
Ádám
--
Jack
[fw-general] Zend_Filter_Input returns gibberish input values
Hello, I use Zend_Filter_Input to validate my input data, and when I' m trying to get the data back through $input->fieldname I recieve it encoded in the wrong way. I'm passing in UTF-8 text. Is this a known problem? Ádám
Re: [fw-general] Zend_Filter_Input converting to String
Hi Mathew,
Perhaps it is the default HtmlEntities output filter that is causing your issue.
If so, then the following should show the expected integer value.
var_dump ($input->getUnescaped('field'));
Hope this helps.
Best regards,
Eric
- Original Message -
From: Mathew Byrne
To: fw-general@lists.zend.com
Sent: Monday, October 22, 2007 6:31 AM
Subject: [fw-general] Zend_Filter_Input converting to String
Why is it that Zend_Filter_Input appears to convert items that have been
filtered to Int values back into a String?
For instance:
$filters = array ('field' => 'Int');
$validators = array ('field' => 'Digits');
$data = array ('field' => '1234');
$input = new Zend_Filter_Input ($filters, $validators, $data);
var_dump ($input->field);
The following gives:
string(4) "1234"
Is this by design or am I missing something along the line somewhere?
--
Mathew Byrne, Lead Developer
JB Interactive Pty. Ltd.
222 Latrobe Street, Melbourne Victoria 3000
1300 724 144
www.jbinteractive.com.au
[fw-general] Zend_Filter_Input converting to String
Why is it that Zend_Filter_Input appears to convert items that have
been filtered to Int values back into a String?
For instance:
$filters = array ('field' => 'Int');
$validators = array ('field' => 'Digits');
$data = array ('field' => '1234');
$input = new Zend_Filter_Input ($filters, $validators, $data);
var_dump ($input->field);
The following gives:
string(4) "1234"
Is this by design or am I missing something along the line somewhere?
--
Mathew Byrne, Lead Developer
JB Interactive Pty. Ltd.
222 Latrobe Street, Melbourne Victoria 3000
1300 724 144
www.jbinteractive.com.au
[fw-general] Zend_Filter_Input retrive value
If I have some values wich are not valide, but I want to retrieve that value filtering. How can I do it ? -- Yannux http://blog.onbebop.net
Re: [fw-general] Zend_Filter_Input get all data
Yann Nave wrote:
>
> I would like to retrieve all data that I've submitted once they
> process filters and validators whereas if the is some errors.
>
> Zend_Filter_Input doesn't have method like that ? :s
>
Using getEscaped() or getUnescaped() will return an array of all valid
filtered and validated values. While getInvalid(), getMissing(), etc.
return the invalid and missing fields.
I do something like this:
$filters = array('*'=> 'Digits');
$validators = array(array('StringLength', 1, 5))
$input = new Zend_Filter_Input($filters, $validators, $paramsToFilter);
if (!$input->isValid) {
$invalidFields = $input->getInvalid();
//process invalid fields.
}
$validFields = $input->getEscaped();
--
View this message in context:
http://www.nabble.com/Zend_Filter_Input-get-all-data-tf4379891s16154.html#a1243
Sent from the Zend Framework mailing list archive at Nabble.com.
Re: [fw-general] Zend_Filter_Input get all data
Yann Nave a écrit : Hello, I would like to retrieve all data that I've submitted once they process filters and validators whereas if the is some errors. Zend_Filter_Input doesn't have method like that ? :s I need such functionality too, would be nice to have it with Zend_Filter_Input without extending it. -- Laurent Melmoux, [EMAIL PROTECTED]
[fw-general] Zend_Filter_Input get all data
Hello, I would like to retrieve all data that I've submitted once they process filters and validators whereas if the is some errors. Zend_Filter_Input doesn't have method like that ? :s -- Yannux http://blog.onbebop.net
Re: [fw-general] Zend_Filter_Input custom messages walked on...
Mmm. I figured out the problem was just confusion between the meaning
of "missingMessage" and "notEmptyMessage".
--
Drew
Drew Bertola wrote:
> Hi,
>
> I'm trying to figure out why I can't set custom messages in
> Zend_Filter_Input. Is this a known bug? I've searched around by
> haven't found anything.
>
> Then again, it could be me. It's happened once or twice before ;^)
>
> If I do something like this:
>
>
> ...
>
> $filters= array("name" => array("StringTrim", "StripTags"));
> $validators = array("name" => array("presence" => "required"));
> $options = array("missingMessage" => "%field% is required.");
>
> $input = new Zend_Filter_Input($filters,
>$validators,
>$data,
>$options);
>
> if ( $input->hasInvalid() )
> {
> $messages = $input->getMessages();
> }
>
> Zend_Debug::dump($messages);
>
> ...
>
> When I have an empty name in $data, I see the default missingMessage,
> rather than my custom message passed in $options. I think the problem
> is actually in Zend_Validate, but I haven't tracked it down that far.
> Any ideas?
>
--
Drew Bertola
-
* PHP/LAMP Consultant, ZCE-1000 *
* *
* Tel: 408-966-6671 *
* *
* current resume: *
* http://drewb.com/resume.pdf *
-
[fw-general] Zend_Filter_Input custom messages walked on...
Hi,
I'm trying to figure out why I can't set custom messages in
Zend_Filter_Input. Is this a known bug? I've searched around by
haven't found anything.
Then again, it could be me. It's happened once or twice before ;^)
If I do something like this:
array("StringTrim", "StripTags"));
$validators = array("name" => array("presence" => "required"));
$options = array("missingMessage" => "%field% is required.");
$input = new Zend_Filter_Input($filters,
$validators,
$data,
$options);
if ( $input->hasInvalid() )
{
$messages = $input->getMessages();
}
Zend_Debug::dump($messages);
...
When I have an empty name in $data, I see the default missingMessage,
rather than my custom message passed in $options. I think the problem
is actually in Zend_Validate, but I haven't tracked it down that far.
Any ideas?
--
Drew Bertola
-
* PHP/LAMP Consultant, ZCE-1000 *
* *
* Tel: 408-966-6671 *
* *
* current resume: *
* http://drewb.com/resume.pdf *
-
RE: [fw-general] Zend_Filter_Input: extending the wildcard feature
I considered making a more feature-rich wildcard syntax in
Zend_Filter_Input, and I saw what Bryce did in his Zend_Validate_Builder
solution. But I decided to favor simplicity.
One of the goals of Zend Framework from the beginning was explicitly
_not_ to solve all possible use cases, but to solve 80% of the use cases
and so make the usage simple. Where possible, classes should be
extensible to allow people to make their own solutions that solve their
custom cases. But in this case, I do understand that Zend_Filter_Input
doesn't support this kind of extensibility.
Regards,
Bill Karwin
> -Original Message-
> From: Mark Maynereid [mailto:[EMAIL PROTECTED]
> Sent: Wednesday, August 15, 2007 3:49 AM
> To: fw-general@lists.zend.com
> Subject: [fw-general] Zend_Filter_Input: extending the
> wildcard feature
>
> Hi,
>
> I'm interested in seeing Zend_Filter_Input's wildcard feature
> extended to support wildcard expressions similar to file
> globbing eg. 'someRule*whatever*bla*'.' I've added a code
> snippet below that seems to provide it.
>
> I see the manual supports only '*' as a wildcard in
> filter/validator chains but I'm finding myself in a situation
> where I want to create a rule like
> this: 'searchFilter*' whereby all variable names beginning
> with 'searchFilter...' are caught by the rule expression.
>
> My use case is that I have a form where the application user
> is allowed to tailor the presence of fields by using, for
> example an 'Add filter' droplist in combination with one or
> more addfilter attribute droplists.
>
> To illustrate, as the user builds the form I might find
> myself with this form variable to process:
> searchfilter_height_max = '5'
> searchfilter (telling me it's a search filtering type of form
> variable) height (telling me the actual field name to work
> on) max (telling me the filter should compare using the value
> as an upper limit)
> 5 (the actual value the user desires to use)
>
> Why so compacted like this? My form needs to use the GET
> method and I'm already looking at ong urls. Splitting this
> info up in the form would massively complicate the HTML side.
>
> An alternative might be to dynamically manage the rule naming
> so I don't need wildcard expressions, and so it might look like:
>
> $staticValidators = array(
> 'title' => 'Alnum',
> 'someOtherStaticRule' => 'Alnum',
> );
> // Now the ones I have to build dynamically build by snooping on
> $request->getParams()
> $validatorSearchFilters = array(
> 'searchFilter_height_max' => array('Alnum',
> 'allowEmpty' => true),
> 'searchFilter_country_negate' => array('Alnum',
> 'allowEmpty' => true), ); $validators =
> array_merge($staticValidators, $validatorSearchFilters);
>
>
> But this seems messy to me. I think I would prefer:
>
> $validators = array(
> 'title' => 'Alnum',
> 'someOtherStaticRule' => 'Alnum',
> 'searchFilter*' => array('Alnum', 'allowEmpty' => true),
> );
>
>
> Looking at the Zend_Filter_Input code, the validator part
> dealing with
> wildcards looks like this in _validate():
>
> if ($ruleName == self::RULE_WILDCARD) {
> foreach (array_keys($this->_data) as $field) {
> -
> -
> -
>
> By overriding the method with the code like this I seem to be
> able to get
> wildcard expression support:
>
> if (false !== strstr($ruleName, self::RULE_WILDCARD)) {
> $rulePregex = '/' . str_replace(self::RULE_WILDCARD, '.*?',
> $ruleName) . '/';
> foreach (array_keys($this->_data) as $field) {
> -
> -
> -
>
> As both _filter() and _validate() methods are quite big, if I
> privately
> override them I might come unstuck with future ZF released
> modifications to
> these methods.
>
> So if you are still reading this :) any views on the subject?
> Is there a
> better way? Or is this a reasonable code suggestion? Should I
> raise an issue
> ticket as a feature request?
>
> Regards,
> Mark Maynereid
>
>
[fw-general] Zend_Filter_Input: extending the wildcard feature
Hi,
I'm interested in seeing Zend_Filter_Input's wildcard feature extended to
support wildcard expressions similar to file globbing
eg. 'someRule*whatever*bla*'.' I've added a code snippet below that seems to
provide it.
I see the manual supports only '*' as a wildcard in filter/validator chains
but I'm finding myself in a situation where I want to create a rule like
this: 'searchFilter*' whereby all variable names beginning
with 'searchFilter...' are caught by the rule expression.
My use case is that I have a form where the application user is allowed to
tailor the presence of fields by using, for example an 'Add filter' droplist
in combination with one or more addfilter attribute droplists.
To illustrate, as the user builds the form I might find myself with this form
variable to process: searchfilter_height_max = '5'
searchfilter (telling me it's a search filtering type of form variable)
height (telling me the actual field name to work on)
max (telling me the filter should compare using the value as an upper limit)
5 (the actual value the user desires to use)
Why so compacted like this? My form needs to use the GET method and I'm
already looking at ong urls. Splitting this info up in the form would
massively complicate the HTML side.
An alternative might be to dynamically manage the rule naming so I don't need
wildcard expressions, and so it might look like:
$staticValidators = array(
'title' => 'Alnum',
'someOtherStaticRule' => 'Alnum',
);
// Now the ones I have to build dynamically build by snooping on
$request->getParams()
$validatorSearchFilters = array(
'searchFilter_height_max' => array('Alnum', 'allowEmpty' => true),
'searchFilter_country_negate' => array('Alnum', 'allowEmpty' => true),
);
$validators = array_merge($staticValidators, $validatorSearchFilters);
But this seems messy to me. I think I would prefer:
$validators = array(
'title' => 'Alnum',
'someOtherStaticRule' => 'Alnum',
'searchFilter*' => array('Alnum', 'allowEmpty' => true),
);
Looking at the Zend_Filter_Input code, the validator part dealing with
wildcards looks like this in _validate():
if ($ruleName == self::RULE_WILDCARD) {
foreach (array_keys($this->_data) as $field) {
-
-
-
By overriding the method with the code like this I seem to be able to get
wildcard expression support:
if (false !== strstr($ruleName, self::RULE_WILDCARD)) {
$rulePregex = '/' . str_replace(self::RULE_WILDCARD, '.*?',
$ruleName) . '/';
foreach (array_keys($this->_data) as $field) {
-
-
-
As both _filter() and _validate() methods are quite big, if I privately
override them I might come unstuck with future ZF released modifications to
these methods.
So if you are still reading this :) any views on the subject? Is there a
better way? Or is this a reasonable code suggestion? Should I raise an issue
ticket as a feature request?
Regards,
Mark Maynereid
Re: [fw-general] Zend_Filter_Input()
Brenton Alker wrote:
>
>
> ivo trompert wrote:
>>
>>
>> ...
>>
>> But the problem now is that if I give the second field a message (the
>> second field is the 'username') like this:
>>
>> 'name' => array('NotEmpty', 'messages' => 'Voornaam is verplicht!'),
>> 'username' => array('NotEmtpy', 'messages' => 'De
>> gebruikers naam
>> is verplicht!'),
>> 'password1' => array('Alpha', 'allowEmpty'=> true),
>> 'password2' => array('allowEmpty' => true)
>> );
>> I get the folowing error:
>>
>> Fatal error: Uncaught exception 'Zend_Filter_Exception' with message
>> 'Unable to find the implementation of the 'NotEmtpy' class' in
>> /storage/wwwroot/Zend/Filter/Input.php:830 Stack trace: #0
>>
>> ...
>>
>> What is wrong with this code?
>>
>>
>
> It's Just a simple typo by the looks.
>
>
> 'username' => array('NotEmtpy', 'messages' => 'De gebruikers naam is
> verplicht!'),
>
> Fatal error: Uncaught exception 'Zend_Filter_Exception' with message
> 'Unable to find the implementation of the 'NotEmtpy' class' in
> /storage/wwwroot/Zend/Filter/Input.php:830 Stack trace: #0
>
>
> You've got NotEmtpy instead of NotEmpty.
>
>
>
Thank you that was the problem.
Ivo Trompert
--
View this message in context:
http://www.nabble.com/Zend_Filter_Input%28%29-tf4269740s16154.html#a12158145
Sent from the Zend Framework mailing list archive at Nabble.com.
Re: [fw-general] Zend_Filter_Input()
ivo trompert wrote:
>
>
> ...
>
> But the problem now is that if I give the second field a message (the
> second field is the 'username') like this:
>
> 'name' => array('NotEmpty', 'messages' => 'Voornaam is verplicht!'),
> 'username' => array('NotEmtpy', 'messages' => 'De
> gebruikers naam
> is verplicht!'),
> 'password1' => array('Alpha', 'allowEmpty'=> true),
> 'password2' => array('allowEmpty' => true)
> );
> I get the folowing error:
>
> Fatal error: Uncaught exception 'Zend_Filter_Exception' with message
> 'Unable to find the implementation of the 'NotEmtpy' class' in
> /storage/wwwroot/Zend/Filter/Input.php:830 Stack trace: #0
>
> ...
>
> What is wrong with this code?
>
>
It's Just a simple typo by the looks.
'username' => array('NotEmtpy', 'messages' => 'De gebruikers naam is
verplicht!'),
Fatal error: Uncaught exception 'Zend_Filter_Exception' with message 'Unable
to find the implementation of the 'NotEmtpy' class' in
/storage/wwwroot/Zend/Filter/Input.php:830 Stack trace: #0
You've got NotEmtpy instead of NotEmpty.
--
View this message in context:
http://www.nabble.com/Zend_Filter_Input%28%29-tf4269740s16154.html#a12154729
Sent from the Zend Framework mailing list archive at Nabble.com.
Re: [fw-general] Zend_Filter_Input()
ivo trompert wrote:
>
> For Zend_Filter_Input() I need a custom error message because I'm dutch
> and the website I make is also dutch. I have setup validators as follows:
>
> $validators = array(
> 'name' => array('allowEmpty' => false,
> 'username' => array('Alpha','allowEmpty' => false),
> 'password1' => array('Alpha', 'allowEmpty' => true),
> 'password2' => array('allowEmpty' => true)
> );
>
> If 'name' is empty I want to show the users the following error "Voornaam
> is verplicht!" (this is dutch). I have read in the user manual the
> following code:
>
> $validators = array(
> 'month' => array(
> 'digits', new Zend_Validate_Between(1, 12),
> 'messages' => array(
> 'A month must consist only of digits',
> array(
> Zend_Validate_Between::NOT_BETWEEN =>
> 'Month value %value% must be between %min% and %max%',
> Zend_Validate_Between::NOT_BETWEEN_STRICT =>
> 'Month value %value% must be strictly between %min%
> and %max%'
> )
> )
> )
> );
>
> This is the code I need for the custom message. But when I transform the
> code to this code:
>
> 'name' => array('allowEmpty' => false, 'messages' =>
> array(Zend_Validate_NotEmpty::IS_EMPTY => 'Voornaam is verplicht!')),
> 'username' => array('Alpha','allowEmpty' => false),
> 'password1' => array('Alpha', 'allowEmpty' => true),
> 'password2' => array('allowEmpty' => true)
> );
>
> I get the standard error message:"You must give a non-empty value for
> field 'name'".
>
> My question is: How can I change this message field independent (with out
> setup a message in the option section).
>
> Thank you,
>
> Ivo Trompert
>
I found the solution but now I have a another problem with input. My new
code is this:
'name' => array('NotEmpty', 'messages' => 'Voornaam is verplicht!'),
'username' => array('NotEmtpy'),
'password1' => array('Alpha', 'allowEmpty'=> true),
'password2' => array('allowEmpty' => true)
);
But the problem now is that if I give the second field a message (the second
field is the 'username') like this:
'name' => array('NotEmpty', 'messages' => 'Voornaam is verplicht!'),
'username' => array('NotEmtpy', 'messages' => 'De
gebruikers naam is
verplicht!'),
'password1' => array('Alpha', 'allowEmpty'=> true),
'password2' => array('allowEmpty' => true)
);
I get the folowing error:
Fatal error: Uncaught exception 'Zend_Filter_Exception' with message 'Unable
to find the implementation of the 'NotEmtpy' class' in
/storage/wwwroot/Zend/Filter/Input.php:830 Stack trace: #0
/storage/wwwroot/Zend/Filter/Input.php(786):
Zend_Filter_Input->_getFilterOrValidator('Zend_Validate_I...', 'NotEmtpy')
#1 /storage/wwwroot/Zend/Filter/Input.php(628):
Zend_Filter_Input->_getValidator('NotEmtpy') #2
/storage/wwwroot/Zend/Filter/Input.php(556): Zend_Filter_Input->_validate()
#3 /storage/wwwroot/Zend/Filter/Input.php(328):
Zend_Filter_Input->_process() #4
/storage/wwwroot/app/modules/default/controllers/UsersController.php(63):
Zend_Filter_Input->isValid() #5
/storage/wwwroot/Zend/Controller/Action.php(497):
UsersController->editAction() #6
/storage/wwwroot/Zend/Controller/Dispatcher/Standard.php(237):
Zend_Controller_Action->dispatch('editAction') #7
/storage/wwwroot/Zend/Controller/Front.php(911):
Zend_Controller_Dispatcher_Standard->dispatch(Object(Zend_Controller_Request_Http),
Object(Zend_Controller_Response_Http)) in
/storage/wwwroot/Zend/Filter/Input.php on line 830
There is no different error if I put the messages in a array like this:
$validators = array(
'name' => array('NotEmpty', 'messages' =>
array(Zend_Validate_NotEmpty::IS_EMPTY =>'Voornaam is verplicht!')),
'username' => array('NotEmtpy', 'messages' =>
array(Zend_Validate_NotEmpty::IS_EMPTY => 'De gebruikers naam is
verplicht!')),
'password1' => array('Alpha', 'allowEmpty'=> true),
'password2' => array('allowEmpty' => true)
);
What is wrong with this code?
thank you,
Ivo Trompert
--
View this message in context:
http://www.nabble.com/Zend_Filter_Input%28%29-tf4269740s16154.html#a12154558
Sent from the Zend Framework mailing list archive at Nabble.com.
[fw-general] Zend_Filter_Input()
For Zend_Filter_Input() I need a custom error message because I'm dutch and
the website I make is also dutch. I have setup validators as follows:
$validators = array(
'name' => array('allowEmpty' => false,
'username' => array('Alpha','allowEmpty' => false),
'password1' => array('Alpha', 'allowEmpty' => true),
'password2' => array('allowEmpty' => true)
);
If 'name' is empty I want to show the users the following error "Voornaam is
verplicht!" (this is dutch). I have read in the user manual the following
code:
$validators = array(
'month' => array(
'digits', new Zend_Validate_Between(1, 12),
'messages' => array(
'A month must consist only of digits',
array(
Zend_Validate_Between::NOT_BETWEEN =>
'Month value %value% must be between %min% and %max%',
Zend_Validate_Between::NOT_BETWEEN_STRICT =>
'Month value %value% must be strictly between %min% and
%max%'
)
)
)
);
This is the code I need for the custom message. But when I transform the
code to this code:
'name' => array('allowEmpty' => false, 'messages' =>
array(Zend_Validate_NotEmpty::IS_EMPTY => 'Voornaam is verplicht!')),
'username' => array('Alpha','allowEmpty' => false),
'password1' => array('Alpha', 'allowEmpty' => true),
'password2' => array('allowEmpty' => true)
);
I get the standard error message:"You must give a non-empty value for field
'name'".
My question is: How can I change this message field independent (with out
setup a message in the option section).
Thank you,
Ivo Trompert
--
View this message in context:
http://www.nabble.com/Zend_Filter_Input%28%29-tf4269740s16154.html#a12152306
Sent from the Zend Framework mailing list archive at Nabble.com.
[fw-general] Zend_Filter_Input bug OR a new metacommand "DISCARD"
Hi,
Imagine the situation where you have a form with password and
password_confirm fields and you want to make sure the values match. Now,
in the Zend_Filter_Input validation array you can either put the
StringEquals validator under the password field or the password_confirm
field.
If you put it under the password field--and because you then have to
specify the FIELDS metacommand--other validators, such as StringLength,
don't work any more, I think this is because they don't know how to deal
with the multiple fields? Is this a bug? Here is my code:
'password' => array(
new Zend_Validate_StringLength(6),
new Zend_Validate_StringEquals(),
'fields' => array('password', 'password_confirm'),
),
The Zend_Validate_StringLength always returns false, not matter what I
enter.
Alternatively, you can specify the StringEquals validator under the
password_confirm field. Now this (in my mind) makes a lot more sense, as
it is only relevant if that field exists, and it solves the above
problem. However, it introduces one as well. As the password_confirm
field is *only* there for the sake of validation, and the value entered
into it will *never* be used, really you don't want it to stay within
your Zend_Filter_Input as a valid field. This becomes obvious when you
try to do something like:
$user = $users->createRow();
$user->setFromArray($input->getUnescaped());
Because the array returned from getUnescaped will contain the
password_confirm field, but the database table does not have this field,
an error is thrown. Now I know this is very easy to get around, but I
think it would be benefical to have a new metacomand called DISCARD (or
something similar), which basically tells Zend_Filter_Input to discard
the value rather than saving it, once validated.
What to other people think?
Thanks,
--
Jack
RE: [fw-general] Zend_Filter_Input fields metacommand not working as described
> -Original Message- > From: news [mailto:[EMAIL PROTECTED] On Behalf Of Joshua Ross > > When using the fields meta command if the rule name is different than > the fields metacommand then to access the value via magic accessors > you should use the rule name not the fields name, correct? That is > what is implied in the documentation. No -- The rule name is used in keys of the assoc array returned by getMessages() and getErrors(), because messages correspond to validator failures, not individual input data fields. You need to request the field value by the field name, not the rule name. Because multiple rules might have been applied to the field before it is ready to be retrieved. The value is returned after it has been filtered and validated by all applicable rules. Regards, Bill Karwin
[fw-general] Zend_Filter_Input fields metacommand not working as described
I am having another issue using the Zend_Filter_Input fields metacommand.
When using the fields meta command if the rule name is different than the
fields metacommand then to access the value via magic accessors you should
use the rule name not the fields name, correct? That is what is implied in
the documentation.
For example, if you have the following Zend_Filter_Input:
$validators = array('myfield' => array('fields' => 'somefield'));
$input = new Zend_Filter_Input(array(), $validators,
$this->getRequest()->getParams());
Then you should be able to use the rule name 'myfield' as a magic accessor
to retrieve the 'somefield' value:
echo $input->myfield;
This returns null. The 'somefield' value is only available via magic
accessor using 'somefield' as the rule name:
echo $input->somefield;
The problem is that I am not entirely sure that the value accessed using
$input->somefield has actually been properly validated or filters(beyond
standard htmlentities). I tested this using the fields command with a
string value and an array of string values, both return null when attempting
to access the value using the rule name.
I believe this is a bug however I am surprised no-one else has ran into this
problem. Is there something I missed in the documentation or am I doing
something wrong here? If not, shall I add this to the issue tracker?
Thanks,
-Joshua-
[fw-general] Zend_Filter_Input and accessing values that is not validated
Hi all.
I am having troubles with the new Zend_Filter_Input.
It is quite possible that I've missed something obvious, but here is my
problem.
'22',
'test2' => '22'
);
$filters = array('*'=> 'Digits');
$validators = array('test2' => 'Digits');
$input = new Zend_Filter_Input($filters, $validators, $values);
echo "";
var_dump($input->test);
var_dump($input->test2);
echo "";
?>
This gives me:
NULL
string(2) "22"
How can I access the filtered value of test, without adding a validator
for it?
(If I add test to the list of validators, it works).
Best regards,
Bjarte
[fw-general] Zend_Filter_Input fields meta command with arrays problem
I am having a problem with Zend_Filter_Input when attempting to validate an
array of values using the fields meta command. What happens is that ZFI
passes the array of values to my filter which correctly returns true and
then ZFI passes each value separately which fails. Here is my
code(simplified) pretty much straight from the doc:
$validators = array('password_check' => array('StringEquals',
'presence' => 'required',
'fields' => array('password0', 'password1'));
$input = new Zend_Filter_Input(array(), $validators,
$this->getRequest()->getPost());
$input->addNamespace('Local_Validate');
if (!$input->isValid()) {
}
What happens is StringEquals is called three times, once with an array, and
once with each string. Some debug output dumping the value passed to my
StringEquals validator produces the following:
array(2) {
["password0"] => string(9) "Testing1!"
["password1"] => string(9) "Testing1!"
}
string(9) "Testing1!"
string(9) "Testing1!"
So I looked into ZFI and it appears it handles arrays of fields (line 720 in
ZF 1.0.0 v5344) but then it continues to evaluate all fields in the data
array *seperately* validating it against the current validator chain which
happens to be the validator StringEquals which only validates arrays...
which of course returns false.
Basically, it appears either I am missing something or having the fields
meta command set to an array will not work if the validator validates that
the value is in fact an array. Anyone else come across this? Should my
validator simply return true if the value is not an array? I'm not sure I
care too much for that work around. To me, if you pass the fields meta
command with an array value it should only validate the array, not each
seperately. Any help is appreciated,
Thanks
Josh
RE: [fw-general] Zend_Filter_Input 'missing' question
This is intended behavior.
Missing fields are not reported as missing unless you specify
'presence'=>'required' in the rule.
If a field is not required to be present, nobody misses it when it's not
there. :-)
Regards,
Bill Karwin
> -Original Message-
> From: Lepidosteus [mailto:[EMAIL PROTECTED]
> Sent: Monday, July 02, 2007 6:22 PM
> To: fw-general@lists.zend.com
> Subject: [fw-general] Zend_Filter_Input 'missing' question
>
> Hello,
>
> I'm using a Zend_Filter_Input to get my data from the user.
>
> I'm not correctly understanding its behavior with missing
> fields (zf 1.0.0),
>
> here is some code:
>
> $filters = array(
> 'description' => array('StringTrim', 'HtmlEntities'),
> 'upload' => 'StringTrim',
> 'whateverwrongvalue' => 'StringTrim',
> 'review' => 'Int'
> );
> $validators = array(
> 'description' => 'NotEmpty',
> 'upload' => 'NotEmpty',
> 'whateverwrongvalue' => 'NotEmpty',
> 'review' => array(array('Between', 0, 1))
> );
> $input = new Zend_Filter_Input($filters, $validators, $_POST);
> if ($input->hasInvalid() || $input->hasMissing()) {
> format_error_message($input->getInvalid(),
> $input->getMissing(), $input->getUnknown());
> }
>
> I then create a form which contains all these fields except
> 'whateverwrongvalue' (aka, it should be reported as a missing
> field if I get it).
>
> Problem is, it isn't. If some field (say, 'description') is
> invalid, the 'if' fails and I get a valid error message etc ...
>
> But I never get anything about a missing field
>
> (unknown fields are reported the way they should be)
>
> Is it me misunderstanding the behavior or did I do something wrong ?
>
> --
> Vianney Devreese - Lepidosteus
> http://lepidosteus.com
>
[fw-general] Zend_Filter_Input 'missing' question
Hello,
I'm using a Zend_Filter_Input to get my data from the user.
I'm not correctly understanding its behavior with missing fields (zf 1.0.0),
here is some code:
$filters = array(
'description' => array('StringTrim', 'HtmlEntities'),
'upload' => 'StringTrim',
'whateverwrongvalue' => 'StringTrim',
'review' => 'Int'
);
$validators = array(
'description' => 'NotEmpty',
'upload' => 'NotEmpty',
'whateverwrongvalue' => 'NotEmpty',
'review' => array(array('Between', 0, 1))
);
$input = new Zend_Filter_Input($filters, $validators, $_POST);
if ($input->hasInvalid() || $input->hasMissing()) {
format_error_message($input->getInvalid(),
$input->getMissing(), $input->getUnknown());
}
I then create a form which contains all these fields except
'whateverwrongvalue' (aka, it should be reported as a missing field if
I get it).
Problem is, it isn't. If some field (say, 'description') is invalid,
the 'if' fails and I get a valid error message etc ...
But I never get anything about a missing field
(unknown fields are reported the way they should be)
Is it me misunderstanding the behavior or did I do something wrong ?
--
Vianney Devreese - Lepidosteus
http://lepidosteus.com
Re: [fw-general] Zend_Filter_Input and overriding default error message
You have to setup the error messages as an array with all of the
possible error values. Using your example:
$validators = array('fname' => array('Alpha',
'presence' => 'required',
'messages' => array(
Zend_Validate_Alpha::NOT_ALPHA => 'Custom not alpha
error message.',
Zend_Validate_Alpha::STRING_EMPTY => 'Custom empty
string error message.'
));
Hope that helps.
Arthur
Joshua Ross wrote:
I have a question about Zend_Filter_Input. I have read and reread the
documentation and I am confused about the what can be done with the messages
parameter when defining a validator. The problem is that if I have a value
string that is empty it seems I cannot override the error message that is
returned. Maybe I am just not understanding the documentation fully? Here
is the code(generecized):
$validators = array('fname' => array('Alpha',
'presence' => 'required',
'messages' => 'Invalid First Name'));
$filters = array();
$options = array('missingMessage' => 'test message 2',
'notEmptyMessage' => 'test message 3');
$input = Zend_Filter_Input($filters, $validators,
$this->getRequest()->getPost(), $options);
if ($input->hasMissing() || $input->hasInvalid()) {
$msg ='';
foreach($input->getMessages() as $error) {
$msg .= implode("\n", $error);
}
throw new My_Exception($msg);
}
I expect to receive one of my three test messages for any error from this
validator and I have tried both $input->getMessages() and
$input->getErrors()... however when the string is empty I always receive
the following message.
'' is an empty string
When I dump the $input after it processes I see:
...
...
...
["_validatorRules:protected"] => array(8) {
["fname"] => array(9) {
[0] => string(5) "Alpha"
["presence"] => string(8) "required"
["messages"] => array(1) {
[0] => string(19) "Invalid First Name."
}
["rule"] => string(5) "fname"
["fields"] => string(5) "fname"
["breakChainOnFailure"] => bool(false)
["allowEmpty"] => bool(false)
["validatorChain"] => object(Zend_Validate)#187 (3) {
["_validators:protected"] => array(1) {
[0] => array(2) {
["instance"] => object(Zend_Validate_Alpha)#188 (6) {
["allowWhiteSpace"] => bool(false)
["_messageTemplates:protected"] => array(2) {
["notAlpha"] => string(19) "Invalid First Name."
["stringEmpty"] => string(28) "'%value%' is an empty string"
}
["_value:protected"] => string(0) ""
["_messageVariables:protected"] => array(0) {
}
["_messages:protected"] => array(1) {
[0] => string(21) "'' is an empty string"
}
["_errors:protected"] => array(1) {
[0] => string(11) "stringEmpty"
}
}
["breakChainOnFailure"] => bool(false)
}
}
["_messages:protected"] => array(1) {
[0] => string(21) "'' is an empty string"
}
["_errors:protected"] => array(1) {
[0] => string(11) "stringEmpty"
}
}
["validatorChainCount"] => int(1)
}
...
...
...
["_invalidMessages:protected"] => array(1) {
["fname"] => array(1) {
[0] => string(21) "'' is an empty string"
}
}
["_invalidErrors:protected"] => array(1) {
["fname"] => array(1) {
[0] => string(11) "stringEmpty"
}
}
Any help here understanding my mistake or what I'm doing wrong would be
appreciated. Thanks
Josh
[fw-general] Zend_Filter_Input and overriding default error message
I have a question about Zend_Filter_Input. I have read and reread the
documentation and I am confused about the what can be done with the messages
parameter when defining a validator. The problem is that if I have a value
string that is empty it seems I cannot override the error message that is
returned. Maybe I am just not understanding the documentation fully? Here
is the code(generecized):
$validators = array('fname' => array('Alpha',
'presence' => 'required',
'messages' => 'Invalid First Name'));
$filters = array();
$options = array('missingMessage' => 'test message 2',
'notEmptyMessage' => 'test message 3');
$input = Zend_Filter_Input($filters, $validators,
$this->getRequest()->getPost(), $options);
if ($input->hasMissing() || $input->hasInvalid()) {
$msg ='';
foreach($input->getMessages() as $error) {
$msg .= implode("\n", $error);
}
throw new My_Exception($msg);
}
I expect to receive one of my three test messages for any error from this
validator and I have tried both $input->getMessages() and
$input->getErrors()... however when the string is empty I always receive
the following message.
'' is an empty string
When I dump the $input after it processes I see:
...
...
...
["_validatorRules:protected"] => array(8) {
["fname"] => array(9) {
[0] => string(5) "Alpha"
["presence"] => string(8) "required"
["messages"] => array(1) {
[0] => string(19) "Invalid First Name."
}
["rule"] => string(5) "fname"
["fields"] => string(5) "fname"
["breakChainOnFailure"] => bool(false)
["allowEmpty"] => bool(false)
["validatorChain"] => object(Zend_Validate)#187 (3) {
["_validators:protected"] => array(1) {
[0] => array(2) {
["instance"] => object(Zend_Validate_Alpha)#188 (6) {
["allowWhiteSpace"] => bool(false)
["_messageTemplates:protected"] => array(2) {
["notAlpha"] => string(19) "Invalid First Name."
["stringEmpty"] => string(28) "'%value%' is an empty string"
}
["_value:protected"] => string(0) ""
["_messageVariables:protected"] => array(0) {
}
["_messages:protected"] => array(1) {
[0] => string(21) "'' is an empty string"
}
["_errors:protected"] => array(1) {
[0] => string(11) "stringEmpty"
}
}
["breakChainOnFailure"] => bool(false)
}
}
["_messages:protected"] => array(1) {
[0] => string(21) "'' is an empty string"
}
["_errors:protected"] => array(1) {
[0] => string(11) "stringEmpty"
}
}
["validatorChainCount"] => int(1)
}
...
...
...
["_invalidMessages:protected"] => array(1) {
["fname"] => array(1) {
[0] => string(21) "'' is an empty string"
}
}
["_invalidErrors:protected"] => array(1) {
["fname"] => array(1) {
[0] => string(11) "stringEmpty"
}
}
Any help here understanding my mistake or what I'm doing wrong would be
appreciated. Thanks
Josh
RE: [fw-general] Zend_Filter_Input and $_FILES
That's a tough question. I don't think there is a way to solve this if
you want to pass the entire $_FILES array.
A different solution would be to test the fields in each entry of
$_FILES, not the array itself. Set up a ruleset with Zend_Filter_Input
and then loop through $_FILES, validating each entry individually:
$validators = array('size' => array('Int', array('LessThan',
10)));
$input = new Zend_Filter_Input(null, $validators);
foreach ($_FILES as $field => $filedata) {
$input->setData($filedata);
if ($input->hasInvalid()) {
echo "File upload error for field $field: ".implode(', ',
$input->getMessages())."\n";
}
}
Regards,
Bill Karwin
> -Original Message-
> From: Marcin Stefaniak [mailto:[EMAIL PROTECTED]
> Sent: Sunday, June 03, 2007 2:39 AM
> To: Zend Framework General
> Subject: [fw-general] Zend_Filter_Input and $_FILES
>
> I'm trying to validate file upload with Zend_Filter_Input.
> I've created my own class, which implements
> Zend_Validate_Interface, for file size validating. My
> isValid() method is simple comparing file size
> $_FILES['myfile']['size'] with assumed value. The problem is
> that Zend_Filter_Input iterates all arrays he finds in input
> array, so in my case he will make my test on all items he
> will find in $_FILES['myfile'] array -
> $_FILES['myfile']['tmp_name'], $_FILES['myfile']['name'],
> $_FILES['myfile']['type'] and so on. And I want to check only
> $_FILES['myfile']['size'] value. Is there a solution, which
> let me pass full $_FILES['myfile'] array to my validate
> class? I know I can use only validate class to make this
> test, but I'd like to use Zend_Filter_Input.
>
> --
> Marcin Stefaniak
>
>
[fw-general] Zend_Filter_Input and $_FILES
I'm trying to validate file upload with Zend_Filter_Input. I've created my own class, which implements Zend_Validate_Interface, for file size validating. My isValid() method is simple comparing file size $_FILES['myfile']['size'] with assumed value. The problem is that Zend_Filter_Input iterates all arrays he finds in input array, so in my case he will make my test on all items he will find in $_FILES['myfile'] array - $_FILES['myfile']['tmp_name'], $_FILES['myfile']['name'], $_FILES['myfile']['type'] and so on. And I want to check only $_FILES['myfile']['size'] value. Is there a solution, which let me pass full $_FILES['myfile'] array to my validate class? I know I can use only validate class to make this test, but I'd like to use Zend_Filter_Input. -- Marcin Stefaniak
RE: [fw-general] Zend_Filter_Input::getEscaped()
> -Original Message- > From: Shaun Rowe [mailto:[EMAIL PROTECTED] > > Yes, I'd be very interested in writing an article. Are you > referring to my existing solution? Or to my (impending) > refactoring? Or both? :) I was thinking of the refactoring, showing how to manage Zend_Filter_Input rules using Zend_Config. Bill
Re: [fw-general] Zend_Filter_Input::getEscaped()
Bill Karwin wrote: -Original Message- From: Shaun Rowe [mailto:[EMAIL PROTECTED] Now all I have to do is refactor my code a bit to use this component and I'm laughing. As mine is already configured via an xml document, I reckon the config for Zend_Filter_Input can be described a similar way and held in a Zend_Config object. Would anyone be interested in how I get on? That's great! Yes, the idea was to make the rules declared as data, so one could easily store it in one of the Zend_Config back-ends. Would you consider writing an article for DevZone with your solution? They're always looking for good ZF content. Regards, Bill Karwin Yes, I'd be very interested in writing an article. Are you referring to my existing solution? Or to my (impending) refactoring? Or both? :) Cheers Shaun
RE: [fw-general] Zend_Filter_Input::getEscaped()
> -Original Message- > From: Shaun Rowe [mailto:[EMAIL PROTECTED] > > Now all I have to do is refactor my code a bit to use this > component and I'm laughing. As mine is already configured via > an xml document, I reckon the config for Zend_Filter_Input > can be described a similar way and held in a Zend_Config > object. Would anyone be interested in how I get on? That's great! Yes, the idea was to make the rules declared as data, so one could easily store it in one of the Zend_Config back-ends. Would you consider writing an article for DevZone with your solution? They're always looking for good ZF content. Regards, Bill Karwin
Re: [fw-general] Zend_Filter_Input::getEscaped()
Bill Karwin wrote:
Zend_Filter_Input is in core now.
The purpose of requiring getUnescaped() to be called explicitly is to
force the application developer to acknowledge the fact that the value
is in a form that is potentially not safe to output.
And yes, you can subclass Zend_Filter_Input and redefine its __get()
method if you want to.
Alternatively, you can set the Zend_Filter_Input escape filter to
something else:
$input = new Zend_Filter_Input( ... );
$input->setDefaultEscapeFilter('StringTrim'); // for example
Regards,
Bill Karwin
I have to say a big thanks to everyone who has worked on the re-design
of Zend_Filter_Input. Having developed something quite similar myself
using the ZF I'm pleased to see it now in the core.
Now all I have to do is refactor my code a bit to use this component and
I'm laughing. As mine is already configured via an xml document, I
reckon the config for Zend_Filter_Input can be described a similar way
and held in a Zend_Config object. Would anyone be interested in how I
get on?
Cheers
Shaun
RE: [fw-general] Zend_Filter_Input::getEscaped()
Zend_Filter_Input is in core now.
The purpose of requiring getUnescaped() to be called explicitly is to force the
application developer to acknowledge the fact that the value is in a form that
is potentially not safe to output.
And yes, you can subclass Zend_Filter_Input and redefine its __get() method if
you want to.
Alternatively, you can set the Zend_Filter_Input escape filter to something
else:
$input = new Zend_Filter_Input( ... );
$input->setDefaultEscapeFilter('StringTrim'); // for example
Regards,
Bill Karwin
From: Pádraic Brady [mailto:[EMAIL PROTECTED]
Sent: Wednesday, May 30, 2007 1:30 AM
To: Jur Jean
Cc: Zend Framework General
Subject: Re: [fw-general] Zend_Filter_Input::getEscaped()
Hi Jur,
I have the same preference as yourself. I'm not using the component yet
until it either reaches Core or is updated to reflect other potential
solutions. But for now you can subclass Zend_Filter_Input and override its
__get() method to change the default treatment of values to avoid the automated
escaping.
A few other options are also available - check the proposal comments
over at:
http://framework.zend.com/wiki/display/ZFPROP/Zend_Filter_Input+redesign+-+Bill+Karwin
Pádraic
Pádraic Brady
http://blog.astrumfutura.com
http://www.patternsforphp.com
- Original Message
From: Jur Jean <[EMAIL PROTECTED]>
To: fw-general@lists.zend.com
Sent: Wednesday, May 30, 2007 9:17:49 AM
Subject: [fw-general] Zend_Filter_Input::getEscaped()
Why is Zend_Filter_Input::getEscaped() called by default when magic
accessing
vars? I use getUnescaped() a lot more often.
In the view, you should use $this->escape(), the form helpers escapes
values, and when writing to my database i also don't want to escape
using
this method, but use the db's escape method.
--
View this message in context:
http://www.nabble.com/Zend_Filter_Input%3A%3AgetEscaped%28%29-tf3838924s16154.html#a10869449
Sent from the Zend Framework mailing list archive at Nabble.com.
Ready for the edge of your seat? Check out tonight's top picks
<http://us.rd.yahoo.com/evt=48220/*http://tv.yahoo.com/> on Yahoo! TV.
Re: [fw-general] Zend_Filter_Input::getEscaped()
I'm at least as dumb as everyone else, Bryce. :) Whenever you get around to coding I'll have an svn external pointing at the laboratory to grab the code ;). Look forward to reviewing and testing. Pádraic Brady http://blog.astrumfutura.com http://www.patternsforphp.com - Original Message From: Bryce Lohr <[EMAIL PROTECTED]> To: Pádraic Brady <[EMAIL PROTECTED]>; Zend FW General List Sent: Wednesday, May 30, 2007 5:08:47 PM Subject: Re: [fw-general] Zend_Filter_Input::getEscaped() I literally busted out laughing when I read that... I'll take that as a compliment. :) I'll get back working on that in a few days (I have a beta release of my own to get through first). As always, I'm wide open to suggestions for the "dumbing down" part... ;) Regards, Bryce Lohr Pádraic Brady wrote: > Probably worth noting Bryce Lohr's proposal is now in the Laboratory but > will not make it into the framework until after 1.0.0. It's a really > powerful approach but it's needs some dumbing down for the rest of us ;). > > http://framework.zend.com/wiki/display/ZFPROP/Zend_Validate_Builder+-+Bryce+Lohr > > Pádraic Brady > http://blog.astrumfutura.com > http://www.patternsforphp.com > > > - Original Message > From: Pádraic Brady <[EMAIL PROTECTED]> > To: Jur Jean <[EMAIL PROTECTED]> > Cc: Zend Framework General > Sent: Wednesday, May 30, 2007 9:29:37 AM > Subject: Re: [fw-general] Zend_Filter_Input::getEscaped() > > Hi Jur, > > I have the same preference as yourself. I'm not using the component yet > until it either reaches Core or is updated to reflect other potential > solutions. But for now you can subclass Zend_Filter_Input and override > its __get() method to change the default treatment of values to avoid > the automated escaping. > > A few other options are also available - check the proposal comments > over at: > http://framework.zend.com/wiki/display/ZFPROP/Zend_Filter_Input+redesign+-+Bill+Karwin > > Pádraic > > Pádraic Brady > http://blog.astrumfutura.com > http://www.patternsforphp.com > > > - Original Message > From: Jur Jean <[EMAIL PROTECTED]> > To: fw-general@lists.zend.com > Sent: Wednesday, May 30, 2007 9:17:49 AM > Subject: [fw-general] Zend_Filter_Input::getEscaped() > > > Why is Zend_Filter_Input::getEscaped() called by default when magic > accessing > vars? I use getUnescaped() a lot more often. > > In the view, you should use $this->escape(), the form helpers escapes > values, and when writing to my database i also don't want to escape using > this method, but use the db's escape method. > -- > View this message in context: > http://www.nabble.com/Zend_Filter_Input%3A%3AgetEscaped%28%29-tf3838924s16154.html#a10869449 > Sent from the Zend Framework mailing list archive at Nabble.com. > > > > > Ready for the edge of your seat? Check out tonight's top picks > <http://us.rd.yahoo.com/evt=48220/*http://tv.yahoo.com/> on Yahoo! TV. > > > > Choose the right car based on your needs. Check out Yahoo! Autos new Car > Finder tool. > <http://us.rd.yahoo.com/evt=48518/*http://autos.yahoo.com/carfinder/;_ylc=X3oDMTE3NWsyMDd2BF9TAzk3MTA3MDc2BHNlYwNtYWlsdGFncwRzbGsDY2FyLWZpbmRlcg-- > > > Be a better Globetrotter. Get better travel answers from someone who knows. Yahoo! Answers - Check it out. http://answers.yahoo.com/dir/?link=list&sid=396545469
Re: [fw-general] Zend_Filter_Input::getEscaped()
I literally busted out laughing when I read that... I'll take that as a compliment. :) I'll get back working on that in a few days (I have a beta release of my own to get through first). As always, I'm wide open to suggestions for the "dumbing down" part... ;) Regards, Bryce Lohr Pádraic Brady wrote: Probably worth noting Bryce Lohr's proposal is now in the Laboratory but will not make it into the framework until after 1.0.0. It's a really powerful approach but it's needs some dumbing down for the rest of us ;). http://framework.zend.com/wiki/display/ZFPROP/Zend_Validate_Builder+-+Bryce+Lohr Pádraic Brady http://blog.astrumfutura.com http://www.patternsforphp.com - Original Message From: Pádraic Brady <[EMAIL PROTECTED]> To: Jur Jean <[EMAIL PROTECTED]> Cc: Zend Framework General Sent: Wednesday, May 30, 2007 9:29:37 AM Subject: Re: [fw-general] Zend_Filter_Input::getEscaped() Hi Jur, I have the same preference as yourself. I'm not using the component yet until it either reaches Core or is updated to reflect other potential solutions. But for now you can subclass Zend_Filter_Input and override its __get() method to change the default treatment of values to avoid the automated escaping. A few other options are also available - check the proposal comments over at: http://framework.zend.com/wiki/display/ZFPROP/Zend_Filter_Input+redesign+-+Bill+Karwin Pádraic Pádraic Brady http://blog.astrumfutura.com http://www.patternsforphp.com - Original Message From: Jur Jean <[EMAIL PROTECTED]> To: fw-general@lists.zend.com Sent: Wednesday, May 30, 2007 9:17:49 AM Subject: [fw-general] Zend_Filter_Input::getEscaped() Why is Zend_Filter_Input::getEscaped() called by default when magic accessing vars? I use getUnescaped() a lot more often. In the view, you should use $this->escape(), the form helpers escapes values, and when writing to my database i also don't want to escape using this method, but use the db's escape method. -- View this message in context: http://www.nabble.com/Zend_Filter_Input%3A%3AgetEscaped%28%29-tf3838924s16154.html#a10869449 Sent from the Zend Framework mailing list archive at Nabble.com. Ready for the edge of your seat? Check out tonight's top picks <http://us.rd.yahoo.com/evt=48220/*http://tv.yahoo.com/> on Yahoo! TV. Choose the right car based on your needs. Check out Yahoo! Autos new Car Finder tool. <http://us.rd.yahoo.com/evt=48518/*http://autos.yahoo.com/carfinder/;_ylc=X3oDMTE3NWsyMDd2BF9TAzk3MTA3MDc2BHNlYwNtYWlsdGFncwRzbGsDY2FyLWZpbmRlcg-- >
Re: [fw-general] Zend_Filter_Input::getEscaped()
Probably worth noting Bryce Lohr's proposal is now in the Laboratory but will not make it into the framework until after 1.0.0. It's a really powerful approach but it's needs some dumbing down for the rest of us ;). http://framework.zend.com/wiki/display/ZFPROP/Zend_Validate_Builder+-+Bryce+Lohr Pádraic Brady http://blog.astrumfutura.com http://www.patternsforphp.com - Original Message From: Pádraic Brady <[EMAIL PROTECTED]> To: Jur Jean <[EMAIL PROTECTED]> Cc: Zend Framework General Sent: Wednesday, May 30, 2007 9:29:37 AM Subject: Re: [fw-general] Zend_Filter_Input::getEscaped() Hi Jur, I have the same preference as yourself. I'm not using the component yet until it either reaches Core or is updated to reflect other potential solutions. But for now you can subclass Zend_Filter_Input and override its __get() method to change the default treatment of values to avoid the automated escaping. A few other options are also available - check the proposal comments over at: http://framework.zend.com/wiki/display/ZFPROP/Zend_Filter_Input+redesign+-+Bill+Karwin Pádraic Pádraic Brady http://blog.astrumfutura.com http://www.patternsforphp.com - Original Message From: Jur Jean <[EMAIL PROTECTED]> To: fw-general@lists.zend.com Sent: Wednesday, May 30, 2007 9:17:49 AM Subject: [fw-general] Zend_Filter_Input::getEscaped() Why is Zend_Filter_Input::getEscaped() called by default when magic accessing vars? I use getUnescaped() a lot more often. In the view, you should use $this->escape(), the form helpers escapes values, and when writing to my database i also don't want to escape using this method, but use the db's escape method. -- View this message in context: http://www.nabble.com/Zend_Filter_Input%3A%3AgetEscaped%28%29-tf3838924s16154.html#a10869449 Sent from the Zend Framework mailing list archive at Nabble.com. Ready for the edge of your seat? Check out tonight's top picks on Yahoo! TV. Park yourself in front of a world of choices in alternative vehicles. Visit the Yahoo! Auto Green Center. http://autos.yahoo.com/green_center/
Re: [fw-general] Zend_Filter_Input::getEscaped()
Hi Jur, I have the same preference as yourself. I'm not using the component yet until it either reaches Core or is updated to reflect other potential solutions. But for now you can subclass Zend_Filter_Input and override its __get() method to change the default treatment of values to avoid the automated escaping. A few other options are also available - check the proposal comments over at: http://framework.zend.com/wiki/display/ZFPROP/Zend_Filter_Input+redesign+-+Bill+Karwin Pádraic Pádraic Brady http://blog.astrumfutura.com http://www.patternsforphp.com - Original Message From: Jur Jean <[EMAIL PROTECTED]> To: fw-general@lists.zend.com Sent: Wednesday, May 30, 2007 9:17:49 AM Subject: [fw-general] Zend_Filter_Input::getEscaped() Why is Zend_Filter_Input::getEscaped() called by default when magic accessing vars? I use getUnescaped() a lot more often. In the view, you should use $this->escape(), the form helpers escapes values, and when writing to my database i also don't want to escape using this method, but use the db's escape method. -- View this message in context: http://www.nabble.com/Zend_Filter_Input%3A%3AgetEscaped%28%29-tf3838924s16154.html#a10869449 Sent from the Zend Framework mailing list archive at Nabble.com. Got a little couch potato? Check out fun summer activities for kids. http://search.yahoo.com/search?fr=oni_on_mail&p=summer+activities+for+kids&cs=bz
[fw-general] Zend_Filter_Input::getEscaped()
Why is Zend_Filter_Input::getEscaped() called by default when magic accessing vars? I use getUnescaped() a lot more often. In the view, you should use $this->escape(), the form helpers escapes values, and when writing to my database i also don't want to escape using this method, but use the db's escape method. -- View this message in context: http://www.nabble.com/Zend_Filter_Input%3A%3AgetEscaped%28%29-tf3838924s16154.html#a10869449 Sent from the Zend Framework mailing list archive at Nabble.com.
RE: [fw-general] Zend_Filter_Input problem
Thanks for fix and sorry for my bad english
_
From: Bill Karwin [mailto:[EMAIL PROTECTED]
Sent: Saturday, May 26, 2007 6:59 PM
To: fw-general@lists.zend.com
Subject: RE: [fw-general] Zend_Filter_Input problem
Thanks for the issue report Jakub, I have logged it as
http://framework.zend.com/issues/browse/ZF-1437 and I will begin working on
it.
Regards,
Bill Karwin
_
From: Jakub Podhorský [mailto:[EMAIL PROTECTED]
Sent: Saturday, May 26, 2007 3:47 AM
To: fw-general@lists.zend.com
Subject: [fw-general] Zend_Filter_Input problem
Hello,
I've got one problem with Zend_Filter_Input and I don't know how to solve
it. I have:
'',
'email' => '[EMAIL PROTECTED]',
'message' => 'my long message'
);
$filters = array( '*' => new Zend_Filter_StringTrim(),
'nick' => new Zend_Filter_StripTags()
);
$validators = array('email' => array( new
Zend_Validate_EmailAddress(),
Zend_Filter_Input::ALLOW_EMPTY => true
),
'nick' => array(
Zend_Filter_Input::PRESENCE => Zend_Filter_Input::PRESENCE_REQUIRED,
Zend_Filter_Input::ALLOW_EMPTY => false
)
);
$input = new Zend_Filter_Input($filters, $validators, $data);
if ($input->hasInvalid())
{
$message = $input->getMessages();
}
?>
If I have empty string in nick field it can't pass but it doesn't work. I
don't need to make any other validation on that field.
Thanks for every help,
Jakub Podhorský
RE: [fw-general] Zend_Filter_Input problem
Thanks for the issue report Jakub, I have logged it as
http://framework.zend.com/issues/browse/ZF-1437 and I will begin working on it.
Regards,
Bill Karwin
From: Jakub Podhorský [mailto:[EMAIL PROTECTED]
Sent: Saturday, May 26, 2007 3:47 AM
To: fw-general@lists.zend.com
Subject: [fw-general] Zend_Filter_Input problem
Hello,
I've got one problem with Zend_Filter_Input and I don't know how to
solve it. I have:
'',
'email' => '[EMAIL PROTECTED]',
'message' => 'my long message'
);
$filters = array( '*' => new Zend_Filter_StringTrim(),
'nick' => new Zend_Filter_StripTags()
);
$validators = array('email' => array( new
Zend_Validate_EmailAddress(),
Zend_Filter_Input::ALLOW_EMPTY => true
),
'nick' => array(
Zend_Filter_Input::PRESENCE => Zend_Filter_Input::PRESENCE_REQUIRED,
Zend_Filter_Input::ALLOW_EMPTY => false
)
);
$input = new Zend_Filter_Input($filters, $validators, $data);
if ($input->hasInvalid())
{
$message = $input->getMessages();
}
?>
If I have empty string in nick field it can't pass but it doesn't work.
I don't need to make any other validation on that field.
Thanks for every help,
Jakub Podhorský
[fw-general] Zend_Filter_Input problem
Hello,
I've got one problem with Zend_Filter_Input and I don't know how to solve
it. I have:
'',
'email' => '[EMAIL PROTECTED]',
'message' => 'my long message'
);
$filters = array( '*' => new Zend_Filter_StringTrim(),
'nick' => new Zend_Filter_StripTags()
);
$validators = array('email' => array( new
Zend_Validate_EmailAddress(),
Zend_Filter_Input::ALLOW_EMPTY => true
),
'nick' => array(
Zend_Filter_Input::PRESENCE => Zend_Filter_Input::PRESENCE_REQUIRED,
Zend_Filter_Input::ALLOW_EMPTY => false
)
);
$input = new Zend_Filter_Input($filters, $validators, $data);
if ($input->hasInvalid())
{
$message = $input->getMessages();
}
?>
If I have empty string in nick field it can't pass but it doesn't work. I
don't need to make any other validation on that field.
Thanks for every help,
Jakub Podhorský
[fw-general] Zend_Filter_Input
Hi, I am trying this: $filters = array( 'from'=>'digits' ); $validators = array( 'from'=>'digits' ); $input = new Zend_Filter_Input($filters,$validators,array()); $input->process(); This gives me three notices about 'from' not being set. I can see that this is correct, but as I read the manual only fields marked as 'required' are required... What am I doing wrong? Jacob -- View this message in context: http://www.nabble.com/Zend_Filter_Input-tf3773840s16154.html#a10670740 Sent from the Zend Framework mailing list archive at Nabble.com.
[fw-general] Zend_Filter_Input is in the incubator
Hi, I have committed a significant update to the proposed new Zend_Filter_Input class. Unit tests provide 100% code coverage, and I have written documentation content. It's now ready for more review, as of revision 4776. The code, tests, and docs are in the incubator. Please post replies to [EMAIL PROTECTED], or in the proposal page: http://framework.zend.com/wiki/x/D2k Regards, Bill Karwin
Re: [fw-general] Zend_Filter_Input on ZFW 0.9.1
On 4/3/07, Juan Felipe Alvarez Saldarriaga <[EMAIL PROTECTED]> wrote: Well, so I need to to filter all data one per one ? Cause when I was doing it with Zend_Filter_Input the result object was a protect object of the ZFW, there's a way to do this ? or just making a $this->getRequest on the Controller ? Yes. No. Not sure I understand. -- - Ed Finkler http://funkatron.com/
Re: [fw-general] Zend_Filter_Input on ZFW 0.9.1
Ed Finkler wrote:
On 4/3/07, Juan Felipe Alvarez Saldarriaga <[EMAIL PROTECTED]> wrote:
Hey :).
Im trying to migrate from ZFW 0.8 to 0.9.1 and I saw that I have a lot
of issues there, for example, Zend_Input_Filter was dropped :S, so how
can I filter the POST or GET methods ? cause actually im doing something
like this:
class MyControllerController extends Zend_Controller_Action
{
public function MyAccionAction
{
// Filter $_POST method.
$objFilterPost = new Zend_Filter_Input( $_POST );
// Get array data.
$arrMyArray = $objFilterPost->getRaw( 'my_array' );
}
}
There is no comparable functionality remaining in ZFW. It may appear
after Version 1.0. You'll need to filter all of your input "by hand"
using the Filter and Validator components.
Well, so I need to to filter all data one per one ? Cause when I was
doing it with Zend_Filter_Input the result object was a protect object
of the ZFW, there's a way to do this ? or just making a
$this->getRequest on the Controller ?
Thx.
[fw-general] Zend_Filter_Input on ZFW 0.9.1
Hey :).
Im trying to migrate from ZFW 0.8 to 0.9.1 and I saw that I have a lot
of issues there, for example, Zend_Input_Filter was dropped :S, so how
can I filter the POST or GET methods ? cause actually im doing something
like this:
class MyControllerController extends Zend_Controller_Action
{
public function MyAccionAction
{
// Filter $_POST method.
$objFilterPost = new Zend_Filter_Input( $_POST );
// Get array data.
$arrMyArray = $objFilterPost->getRaw( 'my_array' );
}
}
Thx.
RE: [fw-general] Zend_Filter_Input...
I agree users should definitely know where their data comes from. Obviously reliance simply on POST is silly. That's where Zend_Validate/Filter type functions come into play. I think Chris is getting at the fact GET shouldn't be used for actions that change data (i.e. delete, add records, etc). Though many apps do this, it is against the HTTP spec and can lead to unpredictable results (i.e. when Google Accelerator followed all links in a document and started actioning delete links). I've been guilty of this myself in the past. I originally made this comment since it seemed that functions within ZF were returning POST variables not purely from POST, but from a mulch of POST/GET/URL. If the function exists, chances are users will use them. And that seems to promote bad practise. I'm in favour of users sticking to good old $_POST and $_GET so they know exactly where things come from and can plan their security appropriately. The old Zend_Filter_Input used to give users access to $_POST and unset _POST so they were encouraged to filter all incoming data. That seemed useful, though I understand progress has made that undesirable now. If any ZF functions do return POST to the user for their own scripts, they should have a good reason for doing so (and ideally add functionality / or encourage security practises) otherwise it seems simpler to just stick with existing superglobals that people understand. Security is a big thing, more so perhaps in the PHP world where there has been bad press in the past. Seems like a good topic for a tutorial, or even an additional manual section, for ZF 1.0 ... best wishes, Si
Re: [fw-general] Zend_Filter_Input...
Chris, I was clearly not arguing in favor of ignorance, or that it's a valid method of security. Please re-read my messages. -Matt - Original Message - From: "Chris Shiflett" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Cc: "Zend Framework General" Sent: Sunday, March 25, 2007 7:31 AM Subject: Re: [fw-general] Zend_Filter_Input... Matthew Ratzloff wrote: Well, my point was that because any of those can be manipulated (POST, GET, COOKIE, etc.), selecting from a specific source can lead to a false sense of added security. The idea that ignorance promotes security is fundamentally flawed. Pádraic clearly understands the risks associated with this perspective. In addition, this approach works against the HTTP spec, eroding the important distinction between GET and POST requests. Chris
Re: [fw-general] Zend_Filter_Input...
Chris Shiflett wrote: The idea that ignorance promotes security is fundamentally flawed. Pádraic clearly understands the risks associated with this perspective. In addition, this approach works against the HTTP spec, eroding the important distinction between GET and POST requests. Thats a bit loaded :) I would consider the web in general to be the eroder of GET and POST as the current web browers do not make it easy for developers to easily make truly RESTful applications for browsers. From my (albeit limited) knowledge, ZF is not RESTful and I am not sure if its a goal. Currently (across the web), we simulate PUT and DELETE by loading variables into our GET and POST, which, I can only imagine is one reason why you might see Get/Post variables accessible via the get/setParam utilities.. so that we can further simulate a RESTful architecture via a modern browser with so easily implements GET/POST. On the subject of Filtering, I did like the previous method of pulling directly from source $input = new Zend_Filter_Input($_POST/$_GET).. But I am interested to see what the future plans have in store for us. But, then again, I haven't written an HTTP Developers Handbook ;) -ralph
Re: [fw-general] Zend_Filter_Input...
Matthew Ratzloff wrote: > Well, my point was that because any of those can be manipulated > (POST, GET, COOKIE, etc.), selecting from a specific source can > lead to a false sense of added security. The idea that ignorance promotes security is fundamentally flawed. Pádraic clearly understands the risks associated with this perspective. In addition, this approach works against the HTTP spec, eroding the important distinction between GET and POST requests. Chris
Re: [fw-general] Zend_Filter_Input...
>Not trying to pick on you, Simon and Pádraic. :-) But I would actually
>PREFER that developers always be aware that their data can come from
>anywhere, just so they stay paranoid.
np ;), but isn't that the same or a related point I reiterated? Yes, developers
should be aware data can come from anywhere, which also makes it important they
know to narrow down access methods to eliminate unexpected ones - standard
security practice. Surely that was always the problem of using $_REQUEST in
preference to deliberately selecting one of $_POST, $_GET, $_COOKIE. Just as
improperly relying on getParam (since it's currently an accessible public
method) instead of getPost hides where the data came from, adding an
unnecessary element of risk which today we see in CSRF vectors. All I intended
to note (sorry if my wording was obscure!) was using a multi-source method was
bad practice. I have bad habit I think of stating the obvious across a page of
text :). Yep, definitely bad.
Also, I wish I understood or had read more about the Request object. It was my
impression the Request object was not solely intended for controller logic. I
guess I misinterpreted its uses since it seemed a natural fit for any standard
Request object - really should note the distinction in the manual because it
should be avoided if that's the case. Or maybe I should read the manual more
often in case it already is!
Pádraic Brady
http://blog.astrumfutura.com
http://www.patternsforphp.com
- Original Message
From: Matthew Ratzloff <[EMAIL PROTECTED]>
To: Zend Framework General
Sent: Thursday, March 22, 2007 6:23:47 PM
Subject: Re: [fw-general] Zend_Filter_Input...
"[I]f we have too many sources for input variables, some of which check
varying sources in priority it's just another $_REQUEST situation where
these values could conceivably come from anywhere."
The data DOES come from anywhere. Data is not somehow more secure if it
is POST. POST variables can be manipulated with only slightly more
difficulty in a browser than modifying the query string, and when using
something like cURL or Zend_Http_Client the difference is insignificant.
Data should be checked not only for "well-formedness" (e.g., correct data
type) but also for validity and access rights. Whatever filtering
solution is created post-1.0, it is not going to be a comprehensive
solution unless used in combination with Zend_Validate, Zend_Auth, and
Zend_Acl.
Most PHP developers either don't understand this, don't care about this,
or their development timeline is paced so ridiculously short that they
don't have time to deal with it. Most of the time it's one of the first
two. In the third case, I've had to show clients numerous times how easy
it is to get into supposedly secure web applications, just to show how
important it is to get it right. You would be surprised how little
difficulty you encounter when trying to gain access to supposedly secure
web systems because of attitudes like "it comes from POST, therefore it's
more secure".
Not trying to pick on you, Simon and Pádraic. :-) But I would actually
PREFER that developers always be aware that their data can come from
anywhere, just so they stay paranoid.
-Matt
On Thu, March 22, 2007 3:36 am, Pádraic Brady wrote:
> In agree with you Simon - if we have too many sources for input
> variables, some of which check varying sources in priority it's just
> another $_REQUEST situation where these values could conceivably come
> from anywhere. It's better practice to use a method which selects
> values from a known source on the basis if it comes from anywhere else
> unexpectedly it should ring a few alarm bells for the developer. I'd
> actually call it first line filtering/validation - if we know a value
> should be received via POST then if the same value is retrievable from
> GET it should be ignored unless it's for a valid reason.
> Pádraic Brady
> http://blog.astrumfutura.com
> http://www.patternsforphp.com
>
>
> - Original Message ----
> From: Simon R Jones <[EMAIL PROTECTED]>
> To: Zend Mailing List
> Sent: Thursday, March 22, 2007 8:13:19 AM
> Subject: RE: [fw-general] Zend_Filter_Input...
>
>> You can use $this->_getParam('key', 'default'); in a Controller, because
>> _getParam() use the Request->getParam() method, which tries first to
>> load the param from the url, then from $_GET and after this from $_POST.
>
> If $this->_getParam() looks at the URL, GET and POST isn't it a potential
> security issue to use it for POST variables since you don't know exactly
> where your input variables are coming from?
>
> Seems rather similar to $_REQUEST to me which should also be avoided for
> similar reasons -
> http://shiflett.org
Re: [fw-general] Zend_Filter_Input...
Well, my point was that because any of those can be manipulated (POST, GET, COOKIE, etc.), selecting from a specific source can lead to a false sense of added security. Better to make your application capable of reliably accepting data from any source and acting on it appropriately. In other words, to deal with user data as if it had come from a single source: the user. -Matt On Thu, March 22, 2007 3:27 pm, Pádraic Brady wrote: > np ;), but isn't that the same or a related point I reiterated? Yes, > developers should be aware data can come from anywhere, which also makes > it important they know to narrow down access methods to eliminate > unexpected ones - standard security practice. Surely that was always the > problem of using $_REQUEST in preference to deliberately selecting one of > $_POST, $_GET, $_COOKIE. Just as improperly relying on getParam (since > it's currently an accessible public method) instead of getPost hides where > the data came from, adding an unnecessary element of risk which today we > see in CSRF vectors. All I intended to note (sorry if my wording was > obscure!) was using a multi-source method was bad practice. I have bad > habit I think of stating the obvious across a page of text :). Yep, > definitely bad. > > Also, I wish I understood or had read more about the Request object. It > was my impression the Request object was not solely intended for > controller logic. I guess I misinterpreted its uses since it seemed a > natural fit for any standard Request object - really should note the > distinction in the manual because it should be avoided if that's the case. > Or maybe I should read the manual more often in case it already is! > > Pádraic Brady > http://blog.astrumfutura.com > http://www.patternsforphp.com > > > - Original Message > From: Matthew Ratzloff <[EMAIL PROTECTED]> > To: Zend Framework General > Sent: Thursday, March 22, 2007 6:23:47 PM > Subject: Re: [fw-general] Zend_Filter_Input... > > "[I]f we have too many sources for input variables, some of which check > varying sources in priority it's just another $_REQUEST situation where > these values could conceivably come from anywhere." > > The data DOES come from anywhere. Data is not somehow more secure if it > is POST. POST variables can be manipulated with only slightly more > difficulty in a browser than modifying the query string, and when using > something like cURL or Zend_Http_Client the difference is insignificant. > > Data should be checked not only for "well-formedness" (e.g., correct data > type) but also for validity and access rights. Whatever filtering > solution is created post-1.0, it is not going to be a comprehensive > solution unless used in combination with Zend_Validate, Zend_Auth, and > Zend_Acl. > > Most PHP developers either don't understand this, don't care about this, > or their development timeline is paced so ridiculously short that they > don't have time to deal with it. Most of the time it's one of the first > two. In the third case, I've had to show clients numerous times how easy > it is to get into supposedly secure web applications, just to show how > important it is to get it right. You would be surprised how little > difficulty you encounter when trying to gain access to supposedly secure > web systems because of attitudes like "it comes from POST, therefore it's > more secure". > > Not trying to pick on you, Simon and Pádraic. :-) But I would actually > PREFER that developers always be aware that their data can come from > anywhere, just so they stay paranoid. > > -Matt > > On Thu, March 22, 2007 3:36 am, Pádraic Brady wrote: >> In agree with you Simon - if we have too many sources for input >> variables, some of which check varying sources in priority it's just >> another $_REQUEST situation where these values could conceivably come >> from anywhere. It's better practice to use a method which selects >> values from a known source on the basis if it comes from anywhere else >> unexpectedly it should ring a few alarm bells for the developer. I'd >> actually call it first line filtering/validation - if we know a value >> should be received via POST then if the same value is retrievable from >> GET it should be ignored unless it's for a valid reason. >> Pádraic Brady >> http://blog.astrumfutura.com >> http://www.patternsforphp.com >> >> >> - Original Message >> From: Simon R Jones <[EMAIL PROTECTED]> >> To: Zend Mailing List >> Sent: Thursday, March 22, 2007 8:13:19 AM >> Subject: RE: [fw-general] Zend_Filter_Input... >> >>> Y
Re: [fw-general] Zend_Filter_Input...
"[I]f we have too many sources for input variables, some of which check
varying sources in priority it's just another $_REQUEST situation where
these values could conceivably come from anywhere."
The data DOES come from anywhere. Data is not somehow more secure if it
is POST. POST variables can be manipulated with only slightly more
difficulty in a browser than modifying the query string, and when using
something like cURL or Zend_Http_Client the difference is insignificant.
Data should be checked not only for "well-formedness" (e.g., correct data
type) but also for validity and access rights. Whatever filtering
solution is created post-1.0, it is not going to be a comprehensive
solution unless used in combination with Zend_Validate, Zend_Auth, and
Zend_Acl.
Most PHP developers either don't understand this, don't care about this,
or their development timeline is paced so ridiculously short that they
don't have time to deal with it. Most of the time it's one of the first
two. In the third case, I've had to show clients numerous times how easy
it is to get into supposedly secure web applications, just to show how
important it is to get it right. You would be surprised how little
difficulty you encounter when trying to gain access to supposedly secure
web systems because of attitudes like "it comes from POST, therefore it's
more secure".
Not trying to pick on you, Simon and Pádraic. :-) But I would actually
PREFER that developers always be aware that their data can come from
anywhere, just so they stay paranoid.
-Matt
On Thu, March 22, 2007 3:36 am, Pádraic Brady wrote:
> In agree with you Simon - if we have too many sources for input
> variables, some of which check varying sources in priority it's just
> another $_REQUEST situation where these values could conceivably come
> from anywhere. It's better practice to use a method which selects
> values from a known source on the basis if it comes from anywhere else
> unexpectedly it should ring a few alarm bells for the developer. I'd
> actually call it first line filtering/validation - if we know a value
> should be received via POST then if the same value is retrievable from
> GET it should be ignored unless it's for a valid reason.
> Pádraic Brady
> http://blog.astrumfutura.com
> http://www.patternsforphp.com
>
>
> - Original Message ----
> From: Simon R Jones <[EMAIL PROTECTED]>
> To: Zend Mailing List
> Sent: Thursday, March 22, 2007 8:13:19 AM
> Subject: RE: [fw-general] Zend_Filter_Input...
>
>> You can use $this->_getParam('key', 'default'); in a Controller, because
>> _getParam() use the Request->getParam() method, which tries first to
>> load the param from the url, then from $_GET and after this from $_POST.
>
> If $this->_getParam() looks at the URL, GET and POST isn't it a potential
> security issue to use it for POST variables since you don't know exactly
> where your input variables are coming from?
>
> Seems rather similar to $_REQUEST to me which should also be avoided for
> similar reasons -
> http://shiflett.org/articles/ideology
>
> A quick look at the (nicely growing) manual it seems you can do the
> following which does the job nicely for POST variables:
>
> $myVar = $this->getPost('name');
>
> (See API docs / Zend_Controller_Request_Http for more)
>
> There do seem to be a lot of methods that return variables from GET, POST,
> COOKIE, etc. I think it would be a good idea to mention the security
> implications of depending on these in the manual..
>
> Si
