[symfony-users] Re: My attempt of a security/form strategy

[mlu...@gmail.com]

Thx!

Yes, this helps :-)

regards,

michael

On 6 Aug., 13:24, Florian  wrote:
> If you want to override the way CSRF token is created in a clean
> manner, you can override the getCsrfToken method in your BaseForm
> class.
>
>     protected function getCsrfToken()
>     {
>         return md5($this->csrfSecret.session_id().get_class($this)); // or 
> whatever else you
>
> want
>     }
>
> The BaseForm class is in the "user land", it has been created to
> customize all your application forms without having to modify core
> classes.
>
> Hope it helps!
>
> On Aug 6, 11:22 am, "mlu...@gmail.com"  wrote:
>
> > For functional tests i turn off captcha in general.
> > I do test them manually.
>
> > Isn't the way how the token is generated implemented in the symfony
> > framework?
> > I don't want to make any changes in the framework, because it leads to
> > problems when updating the framework.
> > Can I control this part?
>
> > On 6 Aug., 10:30, Florian  wrote:
>
> > > Use something else than the session_id to generate the CSRF token
> > > maybe ?
> > > Or increase the session timeout ;)
>
> > > what about functional tests with captcha ?
>
> > > On Aug 6, 7:57 am, "mlu...@gmail.com"  wrote:
>
> > > > Don't you really have an opinion about this?
> > > > I'm sure you have ;-)
>
> > > > On 4 Aug., 16:44, "mlu...@gmail.com"  wrote:
>
> > > > > Hi!
>
> > > > > I want to show you my attempt of a security/form strategy and want to
> > > > > know what you are thinking about it.
>
> > > > > *The problem:*
> > > > > If I read the source correct the CSRF_token is made of the session id
> > > > > and the class name of the form.
>
> > > > > When you load a form and submit it after a certain time you get a csrf
> > > > > attack because the session id has changed in the meanwhile. The
> > > > > problem is that the wrong tiken gets delivered with the form to the
> > > > > user again, so every time the user resubmitts the form you get an
> > > > > attack. The only way to get rid of the wrong token is to reload the
> > > > > form, but than the user will lose all entered values.
>
> > > > > A solution could be to reset the token when redelivering the form to
> > > > > the user. This way the user can resubmit the form with his/her values.
> > > > > But this makes the form accessable for XSS attacks, because an
> > > > > attacker just needs to submit the form twice, what can be done via
> > > > > javascript too.
>
> > > > > My ideas is to add a captcha to the form if it sees a csrf attack. The
> > > > > captcha can't be solved viy javascript.
>
> > > > > What does it look like for the user?
>
> > > > > 1. The user loads a form
> > > > > 2. After a certain time he submits the form.
> > > > > 3. The form gets delivered to the user with his values, with reset
> > > > > csrf_token and an added captcha.
> > > > > 4. The user solves the captcha and submits the form.
> > > > > 5. Everything is fine.
>
> > > > > What do you think about it.
>
> > > > > regards,
>
> > > > > michael

-- 
If you want to report a vulnerability issue on symfony, please send it to 
security at symfony-project.com

You received this message because you are subscribed to the Google
Groups "symfony users" group.
To post to this group, send email to symfony-users@googlegroups.com
To unsubscribe from this group, send email to
symfony-users+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/symfony-users?hl=en

[symfony-users] Re: My attempt of a security/form strategy

[mlu...@gmail.com]

For functional tests i turn off captcha in general.
I do test them manually.

Isn't the way how the token is generated implemented in the symfony
framework?
I don't want to make any changes in the framework, because it leads to
problems when updating the framework.
Can I control this part?



On 6 Aug., 10:30, Florian  wrote:
> Use something else than the session_id to generate the CSRF token
> maybe ?
> Or increase the session timeout ;)
>
> what about functional tests with captcha ?
>
> On Aug 6, 7:57 am, "mlu...@gmail.com"  wrote:
>
> > Don't you really have an opinion about this?
> > I'm sure you have ;-)
>
> > On 4 Aug., 16:44, "mlu...@gmail.com"  wrote:
>
> > > Hi!
>
> > > I want to show you my attempt of a security/form strategy and want to
> > > know what you are thinking about it.
>
> > > *The problem:*
> > > If I read the source correct the CSRF_token is made of the session id
> > > and the class name of the form.
>
> > > When you load a form and submit it after a certain time you get a csrf
> > > attack because the session id has changed in the meanwhile. The
> > > problem is that the wrong tiken gets delivered with the form to the
> > > user again, so every time the user resubmitts the form you get an
> > > attack. The only way to get rid of the wrong token is to reload the
> > > form, but than the user will lose all entered values.
>
> > > A solution could be to reset the token when redelivering the form to
> > > the user. This way the user can resubmit the form with his/her values.
> > > But this makes the form accessable for XSS attacks, because an
> > > attacker just needs to submit the form twice, what can be done via
> > > javascript too.
>
> > > My ideas is to add a captcha to the form if it sees a csrf attack. The
> > > captcha can't be solved viy javascript.
>
> > > What does it look like for the user?
>
> > > 1. The user loads a form
> > > 2. After a certain time he submits the form.
> > > 3. The form gets delivered to the user with his values, with reset
> > > csrf_token and an added captcha.
> > > 4. The user solves the captcha and submits the form.
> > > 5. Everything is fine.
>
> > > What do you think about it.
>
> > > regards,
>
> > > michael

-- 
If you want to report a vulnerability issue on symfony, please send it to 
security at symfony-project.com

You received this message because you are subscribed to the Google
Groups "symfony users" group.
To post to this group, send email to symfony-users@googlegroups.com
To unsubscribe from this group, send email to
symfony-users+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/symfony-users?hl=en

[symfony-users] Re: My attempt of a security/form strategy

[mlu...@gmail.com]

Don't you really have an opinion about this?
I'm sure you have ;-)

On 4 Aug., 16:44, "mlu...@gmail.com"  wrote:
> Hi!
>
> I want to show you my attempt of a security/form strategy and want to
> know what you are thinking about it.
>
> *The problem:*
> If I read the source correct the CSRF_token is made of the session id
> and the class name of the form.
>
> When you load a form and submit it after a certain time you get a csrf
> attack because the session id has changed in the meanwhile. The
> problem is that the wrong tiken gets delivered with the form to the
> user again, so every time the user resubmitts the form you get an
> attack. The only way to get rid of the wrong token is to reload the
> form, but than the user will lose all entered values.
>
> A solution could be to reset the token when redelivering the form to
> the user. This way the user can resubmit the form with his/her values.
> But this makes the form accessable for XSS attacks, because an
> attacker just needs to submit the form twice, what can be done via
> javascript too.
>
> My ideas is to add a captcha to the form if it sees a csrf attack. The
> captcha can't be solved viy javascript.
>
> What does it look like for the user?
>
> 1. The user loads a form
> 2. After a certain time he submits the form.
> 3. The form gets delivered to the user with his values, with reset
> csrf_token and an added captcha.
> 4. The user solves the captcha and submits the form.
> 5. Everything is fine.
>
> What do you think about it.
>
> regards,
>
> michael

-- 
If you want to report a vulnerability issue on symfony, please send it to 
security at symfony-project.com

You received this message because you are subscribed to the Google
Groups "symfony users" group.
To post to this group, send email to symfony-users@googlegroups.com
To unsubscribe from this group, send email to
symfony-users+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/symfony-users?hl=en

[symfony-users] My attempt of a security/form strategy

[mlu...@gmail.com]

Hi!

I want to show you my attempt of a security/form strategy and want to
know what you are thinking about it.

*The problem:*
If I read the source correct the CSRF_token is made of the session id
and the class name of the form.

When you load a form and submit it after a certain time you get a csrf
attack because the session id has changed in the meanwhile. The
problem is that the wrong tiken gets delivered with the form to the
user again, so every time the user resubmitts the form you get an
attack. The only way to get rid of the wrong token is to reload the
form, but than the user will lose all entered values.

A solution could be to reset the token when redelivering the form to
the user. This way the user can resubmit the form with his/her values.
But this makes the form accessable for XSS attacks, because an
attacker just needs to submit the form twice, what can be done via
javascript too.

My ideas is to add a captcha to the form if it sees a csrf attack. The
captcha can't be solved viy javascript.

What does it look like for the user?

1. The user loads a form
2. After a certain time he submits the form.
3. The form gets delivered to the user with his values, with reset
csrf_token and an added captcha.
4. The user solves the captcha and submits the form.
5. Everything is fine.

What do you think about it.

regards,

michael

-- 
If you want to report a vulnerability issue on symfony, please send it to 
security at symfony-project.com

You received this message because you are subscribed to the Google
Groups "symfony users" group.
To post to this group, send email to symfony-users@googlegroups.com
To unsubscribe from this group, send email to
symfony-users+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/symfony-users?hl=en

[symfony-users] Re: test stops at redirect without error :-(

[mlu...@gmail.com]

solved

On 3 Aug., 09:19, "mlu...@gmail.com"  wrote:
> Hi!
>
> I am writting tests for all my forms. Yesterday in the evening
> everything went fine and today it doesn't.
>
> This is the start of my test file:
> ...
>  include(dirname(__FILE__).'/../../bootstrap/functional.php');
> $browser = new sfTestFunctional(new sfBrowser());
> $browser->
>   get('/gamelists/index')->
>   with('request')->begin()->
>     isParameter('module', 'lists')->                                          
>        //1
>     isParameter('action', 'index')->                                          
>        //2
>   end()->
>   // check login
>   click('sign in', array( 'account' =>array(
>                                                 'user' => '',
>                                                 'pass' => ''
>   )))->
>   isRedirected()->
>   followRedirect()->
> ...
>
> The test simply stops at the redirect without ny errors. It says
> "everything went fine".
>
> 1. Can anybody say me please what i am doing wrong, I don't see it.
> 2. Is there a way to say how many tests are implemented in the file
> like for unit tests? So the framework can check if all test where
> made.
>
> michael

-- 
If you want to report a vulnerability issue on symfony, please send it to 
security at symfony-project.com

You received this message because you are subscribed to the Google
Groups "symfony users" group.
To post to this group, send email to symfony-users@googlegroups.com
To unsubscribe from this group, send email to
symfony-users+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/symfony-users?hl=en

[symfony-users] test stops at redirect without error :-(

[mlu...@gmail.com]

Hi!

I am writting tests for all my forms. Yesterday in the evening
everything went fine and today it doesn't.

This is the start of my test file:
...

  get('/gamelists/index')->
  with('request')->begin()->
isParameter('module', 'lists')->
//1
isParameter('action', 'index')->
//2
  end()->
  // check login
  click('sign in', array( 'account' =>array(
'user' => '',
'pass' => ''
  )))->
  isRedirected()->
  followRedirect()->
...

The test simply stops at the redirect without ny errors. It says
"everything went fine".

1. Can anybody say me please what i am doing wrong, I don't see it.
2. Is there a way to say how many tests are implemented in the file
like for unit tests? So the framework can check if all test where
made.

michael

-- 
If you want to report a vulnerability issue on symfony, please send it to 
security at symfony-project.com

You received this message because you are subscribed to the Google
Groups "symfony users" group.
To post to this group, send email to symfony-users@googlegroups.com
To unsubscribe from this group, send email to
symfony-users+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/symfony-users?hl=en

[symfony-users] Re: I am in doubt about admin generator and security. What do you think?

[mlu...@gmail.com]

I have found a solution to prevent changes of some values with usage
of admin generator:

1. In the generator.yml the used form class is defined. By default is
is sfGuardUserForm.
Build your own class which is extending the default class and
change the generator.yml

...
  form:
class: BackendUserForm
...

2.
Override the bind method and call the parent's one in it.
But before you call it you can reset some values to it's default
values.

...
  public function bind(array $taintedValues = null, array
$taintedFiles = null)
  {
$taintedValues["username"] = $this->getDefault("username");
return parent::bind($taintedValues,$taintedFiles);
  }
...

3. For a better usability define those values as readonly in the
generator.yml.

...
  edit:
title: Editing User "%%username%%"
fields:
  username:
attributes:
  readonly: readonly
...


regards,

Michael


On 29 Jul., 16:01, "mlu...@gmail.com"  wrote:
> In my app i am using sfGuardPlugin. In the frontend it's not possible
> the change the user name of an existing user, that's OK of course.
>
> But today I am working on the backend and I have seen there it's
> possible to change the user name.
> My first thought was to define the username as disabled in the
> generator.yml.
> But unfortunately html forms don't send disabled fields and so the
> save action results in a missing field.
> Than I made the username readonly, what worked in the first step. But
> if you change the username via firebug it's submitted and the server
> logic accepts it.
>
> So defining a field as readonly in generator.yml doesn't mean the
> serverlogic treats it as readonly. Just the HTML form field is
> readonly! This is ok to prevent editors to change fields they
> shouldn't change. But as far as WebAppSec is concerned it's the same
> as an editable field.
>
> Is there there a way to really define a field "not editable" in the
> admin generator?
>
> The only solution I see at the moment is to code everything in the
> backend myself and don't to use the admin generator at all. I see a
> high risc in case of a lazy XSS attack.
>
> What do you think?
>
> regards,
>
> michael

-- 
If you want to report a vulnerability issue on symfony, please send it to 
security at symfony-project.com

You received this message because you are subscribed to the Google
Groups "symfony users" group.
To post to this group, send email to symfony-users@googlegroups.com
To unsubscribe from this group, send email to
symfony-users+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/symfony-users?hl=en

[symfony-users] I am in doubt about admin generator and security. What do you think?

[mlu...@gmail.com]

In my app i am using sfGuardPlugin. In the frontend it's not possible
the change the user name of an existing user, that's OK of course.

But today I am working on the backend and I have seen there it's
possible to change the user name.
My first thought was to define the username as disabled in the
generator.yml.
But unfortunately html forms don't send disabled fields and so the
save action results in a missing field.
Than I made the username readonly, what worked in the first step. But
if you change the username via firebug it's submitted and the server
logic accepts it.

So defining a field as readonly in generator.yml doesn't mean the
serverlogic treats it as readonly. Just the HTML form field is
readonly! This is ok to prevent editors to change fields they
shouldn't change. But as far as WebAppSec is concerned it's the same
as an editable field.

Is there there a way to really define a field "not editable" in the
admin generator?

The only solution I see at the moment is to code everything in the
backend myself and don't to use the admin generator at all. I see a
high risc in case of a lazy XSS attack.

What do you think?

regards,

michael

-- 
If you want to report a vulnerability issue on symfony, please send it to 
security at symfony-project.com

You received this message because you are subscribed to the Google
Groups "symfony users" group.
To post to this group, send email to symfony-users@googlegroups.com
To unsubscribe from this group, send email to
symfony-users+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/symfony-users?hl=en

[symfony-users] Re: problems with credentials

[mlu...@gmail.com]

solved, my fault. thx

On 28 Jul., 14:24, "mlu...@gmail.com"  wrote:
> Hi!
>
> I chave got a problem with credentials. In my action I add a
> credential "beadmin"
>
> ...
> $this->getUser()->setAuthenticated(true);
> $this->getUser()->addCredential("beadmin");
> ...
>
> If I open the session file with a textedit I see the credential stored
> in the session.
>
> But My user doesn't have it.
>
> In my template I out put
>
> ...
> var_dump($sf_user->hasCredential("beadmin") );
> var_dump($sf_user->isAuthenticated() );
> ...
>
> and it says:
> ...
> bool(false)
> bool(true)
> ...
>
> Any ideas?
>
> regards,
>
> michael

-- 
If you want to report a vulnerability issue on symfony, please send it to 
security at symfony-project.com

You received this message because you are subscribed to the Google
Groups "symfony users" group.
To post to this group, send email to symfony-users@googlegroups.com
To unsubscribe from this group, send email to
symfony-users+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/symfony-users?hl=en

[symfony-users] problems with credentials

[mlu...@gmail.com]

Hi!

I chave got a problem with credentials. In my action I add a
credential "beadmin"

...
$this->getUser()->setAuthenticated(true);
$this->getUser()->addCredential("beadmin");
...

If I open the session file with a textedit I see the credential stored
in the session.

But My user doesn't have it.

In my template I out put

...
var_dump($sf_user->hasCredential("beadmin") );
var_dump($sf_user->isAuthenticated() );
...

and it says:
...
bool(false)
bool(true)
...


Any ideas?

regards,

michael

-- 
If you want to report a vulnerability issue on symfony, please send it to 
security at symfony-project.com

You received this message because you are subscribed to the Google
Groups "symfony users" group.
To post to this group, send email to symfony-users@googlegroups.com
To unsubscribe from this group, send email to
symfony-users+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/symfony-users?hl=en

[symfony-users] Re: sfGuardPlugin: checking username with regex

[mlu...@gmail.com]

Thx!

On 26 Jul., 15:50, Gábor Fási  wrote:
> It works, your expression is wrong. Try '/^[a-zA-Z]{1,}[a-zA-Z0-9]$/'.
>
> On Mon, Jul 26, 2010 at 15:34, mlu...@gmail.com  wrote:
> > Hi!
>
> > In my app i am using sfGuardPlugin. I have extended the class
> > sfGuardUserForm to build my own registration form class. In the
> > overridden configure method I have code below to define the rules for
> > the username:
>
> > $this->setValidator('username',
> >  new sfValidatorAnd(
> >    array(
> >      new sfValidatorString(
> >        array(
> >            'required' => true,
> >            'max_length' => 64,
> >            'min_length' => 4
> >        ),
> >        array(
> >            'invalid' => "The username isn't available.",
> >            'required' => 'Please enter a username.',
> >            'max_length' => 'The username can not be longer than
> > %max_length% characters.',
> >            'min_length' => 'The username can not be shorter than
> > %max_length% characters.'
> >        )
> >      ),
> >      new sfBlacklistValidator(
> >        array('listed_error' => "The username '%value%' isn't
> > available." )
> >      ),
> >      new sfValidatorRegex(
> >        array(
> >          'pattern' => '/[a-zA-Z]{1,}[a-zA-Z0-9]/'
> >        ),
> >        array(
> >          'invalid' => "Your username isn't valid. Please start with a
> > character and use characters from a to z and numbers only."
> >        )
> >      )
> >    )
> >  )
> > );
>
> > I want the username to begin with an character followed by any number
> > of characters ot numbers, but the RegexValidator doesn't seen to work,
> > because I can register the username "0" which is starting with a
> > zero.
>
> > Any ideas what I am doing wrong?
>
> > regards,
>
> > michael
>
> > --
> > If you want to report a vulnerability issue on symfony, please send it to 
> > security at symfony-project.com
>
> > You received this message because you are subscribed to the Google
> > Groups "symfony users" group.
> > To post to this group, send email to symfony-users@googlegroups.com
> > To unsubscribe from this group, send email to
> > symfony-users+unsubscr...@googlegroups.com
> > For more options, visit this group at
> >http://groups.google.com/group/symfony-users?hl=en

-- 
If you want to report a vulnerability issue on symfony, please send it to 
security at symfony-project.com

You received this message because you are subscribed to the Google
Groups "symfony users" group.
To post to this group, send email to symfony-users@googlegroups.com
To unsubscribe from this group, send email to
symfony-users+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/symfony-users?hl=en

[symfony-users] sfGuardPlugin: checking username with regex

[mlu...@gmail.com]

Hi!

In my app i am using sfGuardPlugin. I have extended the class
sfGuardUserForm to build my own registration form class. In the
overridden configure method I have code below to define the rules for
the username:

$this->setValidator('username',
  new sfValidatorAnd(
array(
  new sfValidatorString(
array(
'required' => true,
'max_length' => 64,
'min_length' => 4
),
array(
'invalid' => "The username isn't available.",
'required' => 'Please enter a username.',
'max_length' => 'The username can not be longer than
%max_length% characters.',
'min_length' => 'The username can not be shorter than
%max_length% characters.'
)
  ),
  new sfBlacklistValidator(
array('listed_error' => "The username '%value%' isn't
available." )
  ),
  new sfValidatorRegex(
array(
  'pattern' => '/[a-zA-Z]{1,}[a-zA-Z0-9]/'
),
array(
  'invalid' => "Your username isn't valid. Please start with a
character and use characters from a to z and numbers only."
)
  )
)
  )
);

I want the username to begin with an character followed by any number
of characters ot numbers, but the RegexValidator doesn't seen to work,
because I can register the username "0" which is starting with a
zero.

Any ideas what I am doing wrong?

regards,

michael

-- 
If you want to report a vulnerability issue on symfony, please send it to 
security at symfony-project.com

You received this message because you are subscribed to the Google
Groups "symfony users" group.
To post to this group, send email to symfony-users@googlegroups.com
To unsubscribe from this group, send email to
symfony-users+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/symfony-users?hl=en

[symfony-users] Re: preventing 's in sql created by Criteria

[mlu...@gmail.com]

I found a solution:

$criteria->add( " ", "'".$values["username"]."' LIKE
".UserblackListPeer::ENTRY." ", Criteria::CUSTOM );

=>

SELECT userBlacklist.ID, userBlacklist.ENTRY FROM `userBlacklist`
WHERE 'bad' LIKE userBlacklist.ENTRY

:-)


On 18 Jul., 23:53, nibsirahsieu  wrote:
> may be you can use zend lucene or solr
>
> On Jul 19, 4:26 am, "mlu...@gmail.com"  wrote:
>
> > I know what "%" is. It's a copy$paste failure. The second onw should
> > look like this:
>
> > SELECT *
> > FROM userblacklist u
> > where  "badNew" like entry;
>
> > On 18 Jul., 23:24, Gábor Fási  wrote:
>
> > > % is the wildcard similar to * in a like query
>
> > > On Sun, Jul 18, 2010 at 23:23, mlu...@gmail.com  wrote:
> > > > Thank you for the answer, but this isn't exactly what I need.
>
> > > > If I have "%bad%"  in the blacklist and a user enters "badNew" the
> > > > entry isn't cought with the SQL:
>
> > > > SELECT *
> > > > FROM userblacklist u
> > > > where entry LIKE "%badNew%";
>
> > > > But this would catch it
>
> > > > SELECT *
> > > > FROM userblacklist u
> > > > where  "%badNew%" like entry;
>
> > > > michael
>
> > > > On 18 Jul., 23:12, nibsirahsieu  wrote:
> > > >> $criteria->add( "'".$values["username"]."'",
> > > >> UserblackListPeer::ENTRY,
> > > >> Criteria::LIKE);
> > > >> i think it's should be:
> > > >> $criteria->setIgnoreCase(true); //add this If you want a column to be
> > > >> treated in case-sensitive fashion
> > > >> $criteria->add(UserblackListPeer::ENTRY, '%'.$values["username"].'%',
> > > >> Criteria::LIKE);
>
> > > >> On Jul 19, 4:03 am, "mlu...@gmail.com"  wrote:
>
> > > >> > Hi!
>
> > > >> > In my registration form I want to make a blacklist for user names. 
> > > >> > For
> > > >> > this i made a table containing entryies that are not allowed for user
> > > >> > names. My idea was to work with "like" which allows entries like 
> > > >> > "%bad
> > > >> > %" in the blacklist.
>
> > > >> > The SQL would look like this:
>
> > > >> > SELECT *
> > > >> > FROM userblacklist u
> > > >> > where entry like "baduser";
>
> > > >> > The problem is this SQL isn't working. This SQL is working:
>
> > > >> > SELECT *
> > > >> > FROM userblacklist u
> > > >> > where "basuser" like entry;
>
> > > >> > So I had the idea to build the criteria this way:
>
> > > >> > $criteria->add( "'".$values["username"]."'", 
> > > >> > UserblackListPeer::ENTRY,
> > > >> > Criteria::LIKE);
>
> > > >> > But the Criteria class adds ' to the second parameter and doesn't
> > > >> > resolve the field name, which leads to the following SQL:
>
> > > >> > SELECT *
> > > >> > FROM userblacklist u
> > > >> > where "basuser" like 'UserblackListPeer::ENTRY';
>
> > > >> > Any ideas how I can make this working properly?
>
> > > >> > regards,
>
> > > >> > michael
>
> > > > --
> > > > If you want to report a vulnerability issue on symfony, please send it 
> > > > to security at symfony-project.com
>
> > > > You received this message because you are subscribed to the Google
> > > > Groups "symfony users" group.
> > > > To post to this group, send email to symfony-users@googlegroups.com
> > > > To unsubscribe from this group, send email to
> > > > symfony-users+unsubscr...@googlegroups.com
> > > > For more options, visit this group at
> > > >http://groups.google.com/group/symfony-users?hl=en

-- 
If you want to report a vulnerability issue on symfony, please send it to 
security at symfony-project.com

You received this message because you are subscribed to the Google
Groups "symfony users" group.
To post to this group, send email to symfony-users@googlegroups.com
To unsubscribe from this group, send email to
symfony-users+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/symfony-users?hl=en

[symfony-users] Re: preventing 's in sql created by Criteria

[mlu...@gmail.com]

I know what "%" is. It's a copy$paste failure. The second onw should
look like this:

SELECT *
FROM userblacklist u
where  "badNew" like entry;



On 18 Jul., 23:24, Gábor Fási  wrote:
> % is the wildcard similar to * in a like query
>
> On Sun, Jul 18, 2010 at 23:23, mlu...@gmail.com  wrote:
> > Thank you for the answer, but this isn't exactly what I need.
>
> > If I have "%bad%"  in the blacklist and a user enters "badNew" the
> > entry isn't cought with the SQL:
>
> > SELECT *
> > FROM userblacklist u
> > where entry LIKE "%badNew%";
>
> > But this would catch it
>
> > SELECT *
> > FROM userblacklist u
> > where  "%badNew%" like entry;
>
> > michael
>
> > On 18 Jul., 23:12, nibsirahsieu  wrote:
> >> $criteria->add( "'".$values["username"]."'",
> >> UserblackListPeer::ENTRY,
> >> Criteria::LIKE);
> >> i think it's should be:
> >> $criteria->setIgnoreCase(true); //add this If you want a column to be
> >> treated in case-sensitive fashion
> >> $criteria->add(UserblackListPeer::ENTRY, '%'.$values["username"].'%',
> >> Criteria::LIKE);
>
> >> On Jul 19, 4:03 am, "mlu...@gmail.com"  wrote:
>
> >> > Hi!
>
> >> > In my registration form I want to make a blacklist for user names. For
> >> > this i made a table containing entryies that are not allowed for user
> >> > names. My idea was to work with "like" which allows entries like "%bad
> >> > %" in the blacklist.
>
> >> > The SQL would look like this:
>
> >> > SELECT *
> >> > FROM userblacklist u
> >> > where entry like "baduser";
>
> >> > The problem is this SQL isn't working. This SQL is working:
>
> >> > SELECT *
> >> > FROM userblacklist u
> >> > where "basuser" like entry;
>
> >> > So I had the idea to build the criteria this way:
>
> >> > $criteria->add( "'".$values["username"]."'", UserblackListPeer::ENTRY,
> >> > Criteria::LIKE);
>
> >> > But the Criteria class adds ' to the second parameter and doesn't
> >> > resolve the field name, which leads to the following SQL:
>
> >> > SELECT *
> >> > FROM userblacklist u
> >> > where "basuser" like 'UserblackListPeer::ENTRY';
>
> >> > Any ideas how I can make this working properly?
>
> >> > regards,
>
> >> > michael
>
> > --
> > If you want to report a vulnerability issue on symfony, please send it to 
> > security at symfony-project.com
>
> > You received this message because you are subscribed to the Google
> > Groups "symfony users" group.
> > To post to this group, send email to symfony-users@googlegroups.com
> > To unsubscribe from this group, send email to
> > symfony-users+unsubscr...@googlegroups.com
> > For more options, visit this group at
> >http://groups.google.com/group/symfony-users?hl=en

-- 
If you want to report a vulnerability issue on symfony, please send it to 
security at symfony-project.com

You received this message because you are subscribed to the Google
Groups "symfony users" group.
To post to this group, send email to symfony-users@googlegroups.com
To unsubscribe from this group, send email to
symfony-users+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/symfony-users?hl=en

[symfony-users] Re: preventing 's in sql created by Criteria

[mlu...@gmail.com]

Thank you for the answer, but this isn't exactly what I need.

If I have "%bad%"  in the blacklist and a user enters "badNew" the
entry isn't cought with the SQL:

SELECT *
FROM userblacklist u
where entry LIKE "%badNew%";

But this would catch it

SELECT *
FROM userblacklist u
where  "%badNew%" like entry;

michael


On 18 Jul., 23:12, nibsirahsieu  wrote:
> $criteria->add( "'".$values["username"]."'",
> UserblackListPeer::ENTRY,
> Criteria::LIKE);
> i think it's should be:
> $criteria->setIgnoreCase(true); //add this If you want a column to be
> treated in case-sensitive fashion
> $criteria->add(UserblackListPeer::ENTRY, '%'.$values["username"].'%',
> Criteria::LIKE);
>
> On Jul 19, 4:03 am, "mlu...@gmail.com"  wrote:
>
> > Hi!
>
> > In my registration form I want to make a blacklist for user names. For
> > this i made a table containing entryies that are not allowed for user
> > names. My idea was to work with "like" which allows entries like "%bad
> > %" in the blacklist.
>
> > The SQL would look like this:
>
> > SELECT *
> > FROM userblacklist u
> > where entry like "baduser";
>
> > The problem is this SQL isn't working. This SQL is working:
>
> > SELECT *
> > FROM userblacklist u
> > where "basuser" like entry;
>
> > So I had the idea to build the criteria this way:
>
> > $criteria->add( "'".$values["username"]."'", UserblackListPeer::ENTRY,
> > Criteria::LIKE);
>
> > But the Criteria class adds ' to the second parameter and doesn't
> > resolve the field name, which leads to the following SQL:
>
> > SELECT *
> > FROM userblacklist u
> > where "basuser" like 'UserblackListPeer::ENTRY';
>
> > Any ideas how I can make this working properly?
>
> > regards,
>
> > michael

-- 
If you want to report a vulnerability issue on symfony, please send it to 
security at symfony-project.com

You received this message because you are subscribed to the Google
Groups "symfony users" group.
To post to this group, send email to symfony-users@googlegroups.com
To unsubscribe from this group, send email to
symfony-users+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/symfony-users?hl=en

[symfony-users] preventing 's in sql created by Criteria

[mlu...@gmail.com]

Hi!

In my registration form I want to make a blacklist for user names. For
this i made a table containing entryies that are not allowed for user
names. My idea was to work with "like" which allows entries like "%bad
%" in the blacklist.

The SQL would look like this:

SELECT *
FROM userblacklist u
where entry like "baduser";

The problem is this SQL isn't working. This SQL is working:

SELECT *
FROM userblacklist u
where "basuser" like entry;

So I had the idea to build the criteria this way:

$criteria->add( "'".$values["username"]."'", UserblackListPeer::ENTRY,
Criteria::LIKE);

But the Criteria class adds ' to the second parameter and doesn't
resolve the field name, which leads to the following SQL:

SELECT *
FROM userblacklist u
where "basuser" like 'UserblackListPeer::ENTRY';

Any ideas how I can make this working properly?

regards,

michael

-- 
If you want to report a vulnerability issue on symfony, please send it to 
security at symfony-project.com

You received this message because you are subscribed to the Google
Groups "symfony users" group.
To post to this group, send email to symfony-users@googlegroups.com
To unsubscribe from this group, send email to
symfony-users+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/symfony-users?hl=en

[symfony-users] Re: Where to extend sfGuardUserPeer class?

[mlu...@gmail.com]

The class already has got this function. I just didn't saw it because
sfGuardPeer extends PluginsfGuardUserPeer instead of
BasesfGuardUserPeer.

Thx anyway.

PluginsfGuardUserPeer

On 18 Jul., 13:29, "mlu...@gmail.com"  wrote:
> Hi!
>
> I am working on a portal where users have a public profile. For this I
> would like to extend the sfGuardUserPeer class with a
> retrieveByUserName function.
>
> Can I do this in the in: plugins/sfGuardPlugin/lib/model/
> sfGuardUserPeer.php or will these files be overwritten when I update
> the plugin one day?
>
> I think I can create my own class(extending sfGuardUserPeer) in /lib/
> model too.
>
> thanky you,
>
> michael

-- 
If you want to report a vulnerability issue on symfony, please send it to 
security at symfony-project.com

You received this message because you are subscribed to the Google
Groups "symfony users" group.
To post to this group, send email to symfony-users@googlegroups.com
To unsubscribe from this group, send email to
symfony-users+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/symfony-users?hl=en

[symfony-users] Where to extend sfGuardUserPeer class?

[mlu...@gmail.com]

Hi!

I am working on a portal where users have a public profile. For this I
would like to extend the sfGuardUserPeer class with a
retrieveByUserName function.

Can I do this in the in: plugins/sfGuardPlugin/lib/model/
sfGuardUserPeer.php or will these files be overwritten when I update
the plugin one day?

I think I can create my own class(extending sfGuardUserPeer) in /lib/
model too.

thanky you,

michael

-- 
If you want to report a vulnerability issue on symfony, please send it to 
security at symfony-project.com

You received this message because you are subscribed to the Google
Groups "symfony users" group.
To post to this group, send email to symfony-users@googlegroups.com
To unsubscribe from this group, send email to
symfony-users+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/symfony-users?hl=en

[symfony-users] Re: accessing action instance in sfComponent

[mlu...@gmail.com]

p.s.:

@McCumskey:
There is no renderPartial in sfComponent.

I forgot:
The documentation would be much faster to navigate is class names in
function signature would be linked to the class' documentaion.

regards,

michael

On 10 Jun., 19:07, "mlu...@gmail.com"  wrote:
> Hi!
>
> @Eno:
> I searched the documentation, but I think it could be better.
> I started at the documentation of sfComponent and looked after a
> getter that gives something back that could lead to the action
> instance. Unfortunately no getter looked to me doing this.
> To be honest, I think to get from sfComponent to controller, to
> actionstack, to lastEntry, to actionInstance, to renderPartial is a
> bit of a kind of a luck game. The cotroller was the key I was looking
> for.
>
> @McCumskey:
> In my application I have a tellAFriend form. I want it to be used as
> easy as possible. I just want to include the component and it should
> do everything itself. So, the form is posted to the current page, the
> component is watching if it was submitted and reacts. If yes a mail is
> created(this is where I need renderPartial), afterwards the mail is
> serialized and stored in the db. In the form the recipientName and
> recipientMail is removed, some "mail sent" message is added and the
> form gets displayed again. So the user has prefilled senderName,
> senderEmail and message for next time.
>
> # Why don't send the form to an action and redirect to the previews
> url?
>   - With redirect I can't give the form the used custom data to show
> them again.
>   # I could store custom data on server to reuse them.
>     - If the user has more than one window and submits very fast,
> stored data could interfere.
>     # Use forward instead of redirect, this way you can forward the
> data to the form.
>       - This would change the URL.
>   - From software design point of view, there would be two points
> where the form is handled. The component to create it and the action
> to receive it. That doesn't look proper to me.
>
> # Create a mail, serialize it and store it in the DB :-0 ?
>   - If I send it directly in the form receive code. It's a fire and
> forget action. I have a cron job checking if there are mails to send
> and it can react on errors, prop. try to send it later again or
> something else.
>
> cons:
> - Normally to check if a form was sent $this->isMethod("post") is
> used. If you realize all forms this way and you have more than one
> form on a page, this doesn't work anymore. You have to give each form
> a hidden value identifying it and so you can check in the component if
> this form was sent.
> - If the user reloads the page the "send again" message appears.
>
> regards,
>
> michael
>
> On 10 Jun., 15:27, Gareth McCumskey  wrote:
>
> > I am just wondering why you would need to get the partial from within the
> > action? If you want a component to render a partial instead of a full 
> > template
> > why not just call $this->renderPartial('partial_name'); at the end of the
> > component method to make it display that partial?
>
> > On Thursday 10 June 2010 08:18:33 mlu...@gmail.com wrote:
>
> > > Hi!
>
> > > I need to access the action instance to use sfAction::getPartial in
> > > the executeXX function of sfComponent. Does anybody see a way how to
> > > do this? I tried to find a way, but didn't find one.
>
> > > regards,
>
> > > michael
>
>

-- 
If you want to report a vulnerability issue on symfony, please send it to 
security at symfony-project.com

You received this message because you are subscribed to the Google
Groups "symfony users" group.
To post to this group, send email to symfony-users@googlegroups.com
To unsubscribe from this group, send email to
symfony-users+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/symfony-users?hl=en

[symfony-users] Re: accessing action instance in sfComponent

[mlu...@gmail.com]

p.s.:

@McCumskey:
There is no renderPartial in sfComponent.

I forgot:
The documentation would be much faster to navigate if class names in
function signatures would be linked to the class decumentation.

regards,

michael

On 10 Jun., 19:07, "mlu...@gmail.com"  wrote:
> Hi!
>
> @Eno:
> I searched the documentation, but I think it could be better.
> I started at the documentation of sfComponent and looked after a
> getter that gives something back that could lead to the action
> instance. Unfortunately no getter looked to me doing this.
> To be honest, I think to get from sfComponent to controller, to
> actionstack, to lastEntry, to actionInstance, to renderPartial is a
> bit of a kind of a luck game. The cotroller was the key I was looking
> for.
>
> @McCumskey:
> In my application I have a tellAFriend form. I want it to be used as
> easy as possible. I just want to include the component and it should
> do everything itself. So, the form is posted to the current page, the
> component is watching if it was submitted and reacts. If yes a mail is
> created(this is where I need renderPartial), afterwards the mail is
> serialized and stored in the db. In the form the recipientName and
> recipientMail is removed, some "mail sent" message is added and the
> form gets displayed again. So the user has prefilled senderName,
> senderEmail and message for next time.
>
> # Why don't send the form to an action and redirect to the previews
> url?
>   - With redirect I can't give the form the used custom data to show
> them again.
>   # I could store custom data on server to reuse them.
>     - If the user has more than one window and submits very fast,
> stored data could interfere.
>     # Use forward instead of redirect, this way you can forward the
> data to the form.
>       - This would change the URL.
>   - From software design point of view, there would be two points
> where the form is handled. The component to create it and the action
> to receive it. That doesn't look proper to me.
>
> # Create a mail, serialize it and store it in the DB :-0 ?
>   - If I send it directly in the form receive code. It's a fire and
> forget action. I have a cron job checking if there are mails to send
> and it can react on errors, prop. try to send it later again or
> something else.
>
> cons:
> - Normally to check if a form was sent $this->isMethod("post") is
> used. If you realize all forms this way and you have more than one
> form on a page, this doesn't work anymore. You have to give each form
> a hidden value identifying it and so you can check in the component if
> this form was sent.
> - If the user reloads the page the "send again" message appears.
>
> regards,
>
> michael
>
> On 10 Jun., 15:27, Gareth McCumskey  wrote:
>
> > I am just wondering why you would need to get the partial from within the
> > action? If you want a component to render a partial instead of a full 
> > template
> > why not just call $this->renderPartial('partial_name'); at the end of the
> > component method to make it display that partial?
>
> > On Thursday 10 June 2010 08:18:33 mlu...@gmail.com wrote:
>
> > > Hi!
>
> > > I need to access the action instance to use sfAction::getPartial in
> > > the executeXX function of sfComponent. Does anybody see a way how to
> > > do this? I tried to find a way, but didn't find one.
>
> > > regards,
>
> > > michael
>
>

-- 
If you want to report a vulnerability issue on symfony, please send it to 
security at symfony-project.com

You received this message because you are subscribed to the Google
Groups "symfony users" group.
To post to this group, send email to symfony-users@googlegroups.com
To unsubscribe from this group, send email to
symfony-users+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/symfony-users?hl=en

[symfony-users] Re: accessing action instance in sfComponent

[mlu...@gmail.com]

Hi!

@Eno:
I searched the documentation, but I think it could be better.
I started at the documentation of sfComponent and looked after a
getter that gives something back that could lead to the action
instance. Unfortunately no getter looked to me doing this.
To be honest, I think to get from sfComponent to controller, to
actionstack, to lastEntry, to actionInstance, to renderPartial is a
bit of a kind of a luck game. The cotroller was the key I was looking
for.

@McCumskey:
In my application I have a tellAFriend form. I want it to be used as
easy as possible. I just want to include the component and it should
do everything itself. So, the form is posted to the current page, the
component is watching if it was submitted and reacts. If yes a mail is
created(this is where I need renderPartial), afterwards the mail is
serialized and stored in the db. In the form the recipientName and
recipientMail is removed, some "mail sent" message is added and the
form gets displayed again. So the user has prefilled senderName,
senderEmail and message for next time.

# Why don't send the form to an action and redirect to the previews
url?
  - With redirect I can't give the form the used custom data to show
them again.
  # I could store custom data on server to reuse them.
- If the user has more than one window and submits very fast,
stored data could interfere.
# Use forward instead of redirect, this way you can forward the
data to the form.
  - This would change the URL.
  - From software design point of view, there would be two points
where the form is handled. The component to create it and the action
to receive it. That doesn't look proper to me.

# Create a mail, serialize it and store it in the DB :-0 ?
  - If I send it directly in the form receive code. It's a fire and
forget action. I have a cron job checking if there are mails to send
and it can react on errors, prop. try to send it later again or
something else.

cons:
- Normally to check if a form was sent $this->isMethod("post") is
used. If you realize all forms this way and you have more than one
form on a page, this doesn't work anymore. You have to give each form
a hidden value identifying it and so you can check in the component if
this form was sent.
- If the user reloads the page the "send again" message appears.


regards,

michael



On 10 Jun., 15:27, Gareth McCumskey  wrote:
> I am just wondering why you would need to get the partial from within the
> action? If you want a component to render a partial instead of a full template
> why not just call $this->renderPartial('partial_name'); at the end of the
> component method to make it display that partial?
>
> On Thursday 10 June 2010 08:18:33 mlu...@gmail.com wrote:
>
> > Hi!
>
> > I need to access the action instance to use sfAction::getPartial in
> > the executeXX function of sfComponent. Does anybody see a way how to
> > do this? I tried to find a way, but didn't find one.
>
> > regards,
>
> > michael
>
>

-- 
If you want to report a vulnerability issue on symfony, please send it to 
security at symfony-project.com

You received this message because you are subscribed to the Google
Groups "symfony users" group.
To post to this group, send email to symfony-users@googlegroups.com
To unsubscribe from this group, send email to
symfony-users+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/symfony-users?hl=en

[symfony-users] Re: accessing action instance in sfComponent

[mlu...@gmail.com]

Hi!

Thank you very much! It was:

$this->getController()->getActionStack()->getLastEntry()-
>getActionInstance()->renderPartial();

regards,

michael

On 10 Jun., 09:38, Daniel Lohse  wrote:
> This actually is possible but it's pretty long-winded so here we go:
>
> In your component call 
> $this->getController()->getActionStack()->getLastEntry()->renderPartial();
>
> I'm not sure whether you'd have to call "getAction()" after the 
> "getLastEntry()" above, so try that out.
>
> And I'm also going to say this: use the API documentation to find out what 
> you want to do and how to get there. :)
>
> Cheers, Daniel
>
> Sent from my iPad
>
> On Jun 10, 2010, at 8:18 AM, "mlu...@gmail.com"  wrote:
>
> > Hi!
>
> > I need to access the action instance to use sfAction::getPartial in
> > the executeXX function of sfComponent. Does anybody see a way how to
> > do this? I tried to find a way, but didn't find one.
>
> > regards,
>
> > michael
>
> > --
> > If you want to report a vulnerability issue on symfony, please send it to 
> > security at symfony-project.com
>
> > You received this message because you are subscribed to the Google
> > Groups "symfony users" group.
> > To post to this group, send email to symfony-users@googlegroups.com
> > To unsubscribe from this group, send email to
> > symfony-users+unsubscr...@googlegroups.com
> > For more options, visit this group at
> >http://groups.google.com/group/symfony-users?hl=en
>
>

-- 
If you want to report a vulnerability issue on symfony, please send it to 
security at symfony-project.com

You received this message because you are subscribed to the Google
Groups "symfony users" group.
To post to this group, send email to symfony-users@googlegroups.com
To unsubscribe from this group, send email to
symfony-users+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/symfony-users?hl=en

[symfony-users] accessing action instance in sfComponent

[mlu...@gmail.com]

Hi!

I need to access the action instance to use sfAction::getPartial in
the executeXX function of sfComponent. Does anybody see a way how to
do this? I tried to find a way, but didn't find one.

regards,

michael

-- 
If you want to report a vulnerability issue on symfony, please send it to 
security at symfony-project.com

You received this message because you are subscribed to the Google
Groups "symfony users" group.
To post to this group, send email to symfony-users@googlegroups.com
To unsubscribe from this group, send email to
symfony-users+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/symfony-users?hl=en

[symfony-users] Re: link_to + parameter - my parameters get overridden

[mlu...@gmail.com]

Hi!

Problem is solved.

I have nested partial calls and I forgot to use $sf_data->getRaw() in
the parameter array for the nested call.

regards,

Michael

http://www.kineticarm.com
http://www.dikeytus.com
http://www.lueftenegger.at




On 23 Jul., 20:08, Eno  wrote:
> On Thu, 23 Jul 2009, mlu...@gmail.com wrote:
> > showcategory:
> >   url:   /category/:slug/:page
> >   param: { module: gamelists, action: category, slug: action, page:
> > 1 }
> > ...
>
> > A corrresponding url look like
> > /category/dress-up/1
>
> > The call to link_top looks like this:
> > link_to("dress-up","@showcategory?slug=dress-up&page=2")
>
> > The problem is, the page parameter in the generated link is always 1.
>
> Your routing rule has the default value for page if its not in the url.
> May be better to set a default value in your action if it isn't supplied
> instead?
>
> --
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
"symfony users" group.
To post to this group, send email to symfony-users@googlegroups.com
To unsubscribe from this group, send email to 
symfony-users+unsubscr...@googlegroups.com
For more options, visit this group at 
http://groups.google.com/group/symfony-users?hl=en
-~--~~~~--~~--~--~---

[symfony-users] solution for trailing slash problem

[mlu...@gmail.com]

Hi!

I was now looking for a solution for two days. And it's hard to find a
working one. Finally I found it and to make it easier for next one
looking for a solution, I will post it here:

  RewriteRule ^(.+)/$ http://%{HTTP_HOST}/$1 [R=301,L]

This line added into the .htaccess removes the trailing slash from the
requested url and redirects the the browser with a http 301(permanenly
moved) to the new url. So it's even search engine friendly(no
dublicates).

My .htaccess looks now this:

Options +FollowSymLinks +ExecCGI


  RewriteEngine On

  # uncomment the following line, if you are having trouble
  # getting no_script_name to work
  #RewriteBase /

  # we skip all files with .something
  #RewriteCond %{REQUEST_URI} \..+$
  #RewriteCond %{REQUEST_URI} !\.html$
  #RewriteRule .* - [L]

  RewriteRule ^(.+)/$ http://%{HTTP_HOST}/$1 [R=301,L]

  # we check if the .html version is here (caching)
  RewriteRule ^$ index.html [QSA]
  RewriteRule ^([^.]+)$ $1.html [QSA]
  RewriteCond %{REQUEST_FILENAME} !-f

  # no, so we redirect to our front web controller
  RewriteRule ^(.*)$ index.php [QSA,L]



Found here:
http://www.cakephp.nu/quick-tip-generic-nonwww-www-vice-versa-301-redirect-htaccess

best regards,

Michael

http://www.kineticarm.com
http://www.dikeytus.com
http://www.lueftenegger.at

--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
"symfony users" group.
To post to this group, send email to symfony-users@googlegroups.com
To unsubscribe from this group, send email to 
symfony-users+unsubscr...@googlegroups.com
For more options, visit this group at 
http://groups.google.com/group/symfony-users?hl=en
-~--~~~~--~~--~--~---

[symfony-users] link_to + parameter - my parameters get overridden

[mlu...@gmail.com]

Hi!

I have again a routing problem(It seems the routing system doesn't
like me very much :-))

On my site I have a category list, which shoes entries by category.
The routing is defined as:
...
showcategory:
  url:   /category/:slug/:page
  param: { module: gamelists, action: category, slug: action, page:
1 }
...

A corrresponding url look like
/category/dress-up/1

The call to link_top looks like this:
link_to("dress-up","@showcategory?slug=dress-up&page=2")

The problem is, the page parameter in the generated link is always 1.


On my page I have also a list with the newest entries:

routing:
...
newgames:
  url:   /newgames/:page
  param: { module: gamelists, action: new, page: 1 }
...

url:
/newgames/1

link_to:
link_to("new games","@newgames?page=2");

In this list the page parameter works fine. The only point I see, is
the quantity of parameters, but I don't see any reason why it should
not work.

Do you have any ideas?

regards,

Michael
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
"symfony users" group.
To post to this group, send email to symfony-users@googlegroups.com
To unsubscribe from this group, send email to 
symfony-users+unsubscr...@googlegroups.com
For more options, visit this group at 
http://groups.google.com/group/symfony-users?hl=en
-~--~~~~--~~--~--~---

[symfony-users] Re: routing + parameters

[mlu...@gmail.com]

THANK YOU!

I had to remove the "/*" from the url. The routing looks now like
this:

...
search:
  url:   /search
  options: { extra_parameters_as_query_string: true }
  param: { module: search, action: result }
...

regards,

Michael


On 21 Jul., 11:27, Tonio  wrote:
> Oups,
>
> too quick: options: { extra_parameters_as_query_string: true }
>
> On Jul 21, 11:24 am, Tonio  wrote:
>
> > Hello,
>
> > Try
> > options: { generate_shortest_url: false }
>
> > from:http://www.symfony-project.org/tutorial/1_2/whats-new#chapter_3fb3b0c...
>
> > Tonio
>
> > On Jul 21, 10:52 am, "mlu...@gmail.com"  wrote:
>
> > > Hi!
>
> > > has anybody an idea about this? it's really urgent. thank you.
>
> > > michael
>
> > > On 20 Jul., 19:09, "mlu...@gmail.com"  wrote:
>
> > > > Thank you for the feedback.
>
> > > > Now it's working, but the url looks like this:
>
> > > > /search/q/funny/page/2
>
> > > > Can I change this?
>
> > > > Michael
>
> > > > On 20 Jul., 18:14, Eno  wrote:
>
> > > > > On Mon, 20 Jul 2009, mlu...@gmail.com wrote:
> > > > > > I think I have to define something in the routing.yml, but I have no
> > > > > > idea what.
>
> > > > > > I want the url to look like this
>
> > > > > >www.example.com/search?q=word1+word2&p=1
>
> > > > > You could try:
>
> > > > >   url: /search/*
>
> > > > > --
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
"symfony users" group.
To post to this group, send email to symfony-users@googlegroups.com
To unsubscribe from this group, send email to 
symfony-users+unsubscr...@googlegroups.com
For more options, visit this group at 
http://groups.google.com/group/symfony-users?hl=en
-~--~~~~--~~--~--~---

[symfony-users] Re: routing + parameters

[mlu...@gmail.com]

Hi!

has anybody an idea about this? it's really urgent. thank you.

michael

On 20 Jul., 19:09, "mlu...@gmail.com"  wrote:
> Thank you for the feedback.
>
> Now it's working, but the url looks like this:
>
> /search/q/funny/page/2
>
> Can I change this?
>
> Michael
>
> On 20 Jul., 18:14, Eno  wrote:
>
> > On Mon, 20 Jul 2009, mlu...@gmail.com wrote:
> > > I think I have to define something in the routing.yml, but I have no
> > > idea what.
>
> > > I want the url to look like this
>
> > >www.example.com/search?q=word1+word2&p=1
>
> > You could try:
>
> >   url: /search/*
>
> > --
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
"symfony users" group.
To post to this group, send email to symfony-users@googlegroups.com
To unsubscribe from this group, send email to 
symfony-users+unsubscr...@googlegroups.com
For more options, visit this group at 
http://groups.google.com/group/symfony-users?hl=en
-~--~~~~--~~--~--~---

[symfony-users] Re: routing + parameters

[mlu...@gmail.com]

Thank you for the feedback.

Now it's working, but the url looks like this:

/search/q/funny/page/2

Can I change this?

Michael

On 20 Jul., 18:14, Eno  wrote:
> On Mon, 20 Jul 2009, mlu...@gmail.com wrote:
> > I think I have to define something in the routing.yml, but I have no
> > idea what.
>
> > I want the url to look like this
>
> >www.example.com/search?q=word1+word2&p=1
>
> You could try:
>
>   url: /search/*
>
> --
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
"symfony users" group.
To post to this group, send email to symfony-users@googlegroups.com
To unsubscribe from this group, send email to 
symfony-users+unsubscr...@googlegroups.com
For more options, visit this group at 
http://groups.google.com/group/symfony-users?hl=en
-~--~~~~--~~--~--~---

[symfony-users] routing + parameters

[mlu...@gmail.com]

Hi!

I am developing a web site with a search function.

For the search function I generated a module and an action.
in the routing.yml I made a rule for this action.

I have two parameters: q for query and p for page
...
search:
  url:   /search
  param: { module: search, action:result }
...

The problem is that link_to cuts all parameters off.

link_to('page 2',"@search?q=word1+word2&p=2);

I think I have to define something in the routing.yml, but I have no
idea what.

I want the url to look like this

www.example.com/search?q=word1+word2&p=1

Any ideas?

Michael

--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
"symfony users" group.
To post to this group, send email to symfony-users@googlegroups.com
To unsubscribe from this group, send email to 
symfony-users+unsubscr...@googlegroups.com
For more options, visit this group at 
http://groups.google.com/group/symfony-users?hl=en
-~--~~~~--~~--~--~---

[symfony-users] Re: escaping doesn't seem to work

[mlu...@gmail.com]

thanks for your tips, I found a solution.

I can't explain it, but all.settings.escaping_strategy doesn't work.
I fhave to activate it explicitly for the environment.
So, this

prod:
  .settings:
...
escaping_strategy:  on
escaping_method:ESC_ENTITIES

works. And now I have to rework all my templates :-(

thanky you,

Michael

On 16 Jul., 17:06, "mlu...@gmail.com"  wrote:
> No tabs and just frontend.
>
> On 16 Jul., 16:36, Eno  wrote:
>
> > On Thu, 16 Jul 2009, mlu...@gmail.com wrote:
> > > I added this line in an action
> > > ...
> > > var_dump( sfConfig::get('sf_escaping_strategy') );
> > > ...
>
> > > The result is
>
> > > bool(false)
>
> > > Yes, I cleared the cache.
>
> > > Any ideas?
>
> > > I can't find anything.
>
> > And the setting is in the correct application?
>
> > Maybe check you dont have tabs in the YAML?
>
> > --
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
"symfony users" group.
To post to this group, send email to symfony-users@googlegroups.com
To unsubscribe from this group, send email to 
symfony-users+unsubscr...@googlegroups.com
For more options, visit this group at 
http://groups.google.com/group/symfony-users?hl=en
-~--~~~~--~~--~--~---

[symfony-users] Re: escaping doesn't seem to work

[mlu...@gmail.com]

No tabs and just frontend.


On 16 Jul., 16:36, Eno  wrote:
> On Thu, 16 Jul 2009, mlu...@gmail.com wrote:
> > I added this line in an action
> > ...
> > var_dump( sfConfig::get('sf_escaping_strategy') );
> > ...
>
> > The result is
>
> > bool(false)
>
> > Yes, I cleared the cache.
>
> > Any ideas?
>
> > I can't find anything.
>
> And the setting is in the correct application?
>
> Maybe check you dont have tabs in the YAML?
>
> --
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
"symfony users" group.
To post to this group, send email to symfony-users@googlegroups.com
To unsubscribe from this group, send email to 
symfony-users+unsubscr...@googlegroups.com
For more options, visit this group at 
http://groups.google.com/group/symfony-users?hl=en
-~--~~~~--~~--~--~---

[symfony-users] escaping doesn't seem to work

[mlu...@gmail.com]

Hi!

In my project the escaping doesn't work.

These are my settings:

all:
  .settings:
...
# Output escaping settings
escaping_strategy:  on
escaping_method:ESC_ENTITIES


In the database I added html code to a field.
This is the source code of the delivered html page.
...eafdwaerfblaqwerfw...

I added this line in an action
...
var_dump( sfConfig::get('sf_escaping_strategy') );
...

The result is

bool(false)


Yes, I cleared the cache.

Any ideas?

I can't find anything.

regards,

Michael
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
"symfony users" group.
To post to this group, send email to symfony-users@googlegroups.com
To unsubscribe from this group, send email to 
symfony-users+unsubscr...@googlegroups.com
For more options, visit this group at 
http://groups.google.com/group/symfony-users?hl=en
-~--~~~~--~~--~--~---

[symfony-users] Re: some question for form renderError()

[mlu...@gmail.com]

I have now created two errors at one field with max_length=9,
min_length=11 and posting 10 characters.
It seems there always just returned one error.

My work around looks like this:

hasError()): ?>
getError();
$errors = is_array( $errors )? $errors: 
array($errors);
 foreach ($errors as $error): ?>




To be future proof I check if the value is already an array and if it
isn't I put the error into an array. The rest of the code stays as it
is.

Michael

On 20 Mai, 10:48, ctrlming  wrote:
> Oh my god~..
> I got another question .
> inhttp://www.symfony-project.org/forms/1_2/en/03-Forms-for-web-Designer...
>
> hasError()): ?>
>   
> getError() as $error): ?>
>   
> 
>   
> 
>
> when I use like this to print errors,there output none;
> "if ($form['email']->hasError()):" there is work,
> but I found "$form['email']->getError()" returns an object not an
> array.
> any one has this trouble?
>
> On 5月20日, 下午2时58分, ctrlming  wrote:
>
> > thank you, Frank.
> > But really is too much trouble to do so.
> > If there is no other way I can only do so
>
> > On 5月20日, 下午2时39分, Frank Stelzer  wrote:
>
> > > Hi,
> > > you have to decorate yourformon your own in this case.
> > > More details 
> > > here:http://www.symfony-project.org/forms/1_2/en/03-Forms-for-web-Designer...
>
> > > - Frank
>
> > > Am 20.05.2009 um 07:39 schrieb ctrlming:
>
> > > > in the template, I got some question.
> > > > symfony renderError() use default style like
> > > > 
> > > > some errors
> > > > 
>
> > > > but now I want use another style like some errors > > > div>
> > > > how can I do?
> > > > thanks!- 隐藏被引用文字 -
>
> > > - 显示引用的文字 -- 隐藏被引用文字 -
>
> > - 显示引用的文字 -

--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
"symfony users" group.
To post to this group, send email to symfony-users@googlegroups.com
To unsubscribe from this group, send email to 
symfony-users+unsubscr...@googlegroups.com
For more options, visit this group at 
http://groups.google.com/group/symfony-users?hl=en
-~--~~~~--~~--~--~---

[symfony-users] Re: some question for form renderError()

[mlu...@gmail.com]

It's the same to me.

The returned value isn't an array. You can display the error message
with __toString().
But what happens if there are more than one error to the field.

Michael

On 20 Mai, 10:48, ctrlming  wrote:
> Oh my god~..
> I got another question .
> inhttp://www.symfony-project.org/forms/1_2/en/03-Forms-for-web-Designer...
>
> hasError()): ?>
>   
> getError() as $error): ?>
>   
> 
>   
> 
>
> when I use like this to print errors,there output none;
> "if ($form['email']->hasError()):" there is work,
> but I found "$form['email']->getError()" returns an object not an
> array.
> any one has this trouble?
>
> On 5月20日, 下午2时58分, ctrlming  wrote:
>
> > thank you, Frank.
> > But really is too much trouble to do so.
> > If there is no other way I can only do so
>
> > On 5月20日, 下午2时39分, Frank Stelzer  wrote:
>
> > > Hi,
> > > you have to decorate yourformon your own in this case.
> > > More details 
> > > here:http://www.symfony-project.org/forms/1_2/en/03-Forms-for-web-Designer...
>
> > > - Frank
>
> > > Am 20.05.2009 um 07:39 schrieb ctrlming:
>
> > > > in the template, I got some question.
> > > > symfony renderError() use default style like
> > > > 
> > > > some errors
> > > > 
>
> > > > but now I want use another style like some errors > > > div>
> > > > how can I do?
> > > > thanks!- 隐藏被引用文字 -
>
> > > - 显示引用的文字 -- 隐藏被引用文字 -
>
> > - 显示引用的文字 -

--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
"symfony users" group.
To post to this group, send email to symfony-users@googlegroups.com
To unsubscribe from this group, send email to 
symfony-users+unsubscr...@googlegroups.com
For more options, visit this group at 
http://groups.google.com/group/symfony-users?hl=en
-~--~~~~--~~--~--~---

[symfony-users] Re: some question for form renderError()

[mlu...@gmail.com]

I have the same problem. The reason is getError doesn't return an
array. It's a string. But I don't know what happens if there are more
than one error on one field.

michael

On 20 Mai, 10:48, ctrlming  wrote:
> Oh my god~..
> I got another question .
> inhttp://www.symfony-project.org/forms/1_2/en/03-Forms-for-web-Designer...
>
> hasError()): ?>
>   
> getError() as $error): ?>
>   
> 
>   
> 
>
> when I use like this to print errors,there output none;
> "if ($form['email']->hasError()):" there is work,
> but I found "$form['email']->getError()" returns an object not an
> array.
> any one has this trouble?
>
> On 5月20日, 下午2时58分, ctrlming  wrote:
>
> > thank you, Frank.
> > But really is too much trouble to do so.
> > If there is no other way I can only do so
>
> > On 5月20日, 下午2时39分, Frank Stelzer  wrote:
>
> > > Hi,
> > > you have to decorate yourformon your own in this case.
> > > More details 
> > > here:http://www.symfony-project.org/forms/1_2/en/03-Forms-for-web-Designer...
>
> > > - Frank
>
> > > Am 20.05.2009 um 07:39 schrieb ctrlming:
>
> > > > in the template, I got some question.
> > > > symfony renderError() use default style like
> > > > 
> > > > some errors
> > > > 
>
> > > > but now I want use another style like some errors > > > div>
> > > > how can I do?
> > > > thanks!- 隐藏被引用文字 -
>
> > > - 显示引用的文字 -- 隐藏被引用文字 -
>
> > - 显示引用的文字 -

--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
"symfony users" group.
To post to this group, send email to symfony-users@googlegroups.com
To unsubscribe from this group, send email to 
symfony-users+unsubscr...@googlegroups.com
For more options, visit this group at 
http://groups.google.com/group/symfony-users?hl=en
-~--~~~~--~~--~--~---