[symfony-users] Re: My attempt of a security/form strategy
Thx! Yes, this helps :-) regards, michael On 6 Aug., 13:24, Florian wrote: > If you want to override the way CSRF token is created in a clean > manner, you can override the getCsrfToken method in your BaseForm > class. > > protected function getCsrfToken() > { > return md5($this->csrfSecret.session_id().get_class($this)); // or > whatever else you > > want > } > > The BaseForm class is in the "user land", it has been created to > customize all your application forms without having to modify core > classes. > > Hope it helps! > > On Aug 6, 11:22 am, "mlu...@gmail.com" wrote: > > > For functional tests i turn off captcha in general. > > I do test them manually. > > > Isn't the way how the token is generated implemented in the symfony > > framework? > > I don't want to make any changes in the framework, because it leads to > > problems when updating the framework. > > Can I control this part? > > > On 6 Aug., 10:30, Florian wrote: > > > > Use something else than the session_id to generate the CSRF token > > > maybe ? > > > Or increase the session timeout ;) > > > > what about functional tests with captcha ? > > > > On Aug 6, 7:57 am, "mlu...@gmail.com" wrote: > > > > > Don't you really have an opinion about this? > > > > I'm sure you have ;-) > > > > > On 4 Aug., 16:44, "mlu...@gmail.com" wrote: > > > > > > Hi! > > > > > > I want to show you my attempt of a security/form strategy and want to > > > > > know what you are thinking about it. > > > > > > *The problem:* > > > > > If I read the source correct the CSRF_token is made of the session id > > > > > and the class name of the form. > > > > > > When you load a form and submit it after a certain time you get a csrf > > > > > attack because the session id has changed in the meanwhile. The > > > > > problem is that the wrong tiken gets delivered with the form to the > > > > > user again, so every time the user resubmitts the form you get an > > > > > attack. The only way to get rid of the wrong token is to reload the > > > > > form, but than the user will lose all entered values. > > > > > > A solution could be to reset the token when redelivering the form to > > > > > the user. This way the user can resubmit the form with his/her values. > > > > > But this makes the form accessable for XSS attacks, because an > > > > > attacker just needs to submit the form twice, what can be done via > > > > > javascript too. > > > > > > My ideas is to add a captcha to the form if it sees a csrf attack. The > > > > > captcha can't be solved viy javascript. > > > > > > What does it look like for the user? > > > > > > 1. The user loads a form > > > > > 2. After a certain time he submits the form. > > > > > 3. The form gets delivered to the user with his values, with reset > > > > > csrf_token and an added captcha. > > > > > 4. The user solves the captcha and submits the form. > > > > > 5. Everything is fine. > > > > > > What do you think about it. > > > > > > regards, > > > > > > michael -- If you want to report a vulnerability issue on symfony, please send it to security at symfony-project.com You received this message because you are subscribed to the Google Groups "symfony users" group. To post to this group, send email to symfony-users@googlegroups.com To unsubscribe from this group, send email to symfony-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/symfony-users?hl=en
[symfony-users] Re: My attempt of a security/form strategy
For functional tests i turn off captcha in general. I do test them manually. Isn't the way how the token is generated implemented in the symfony framework? I don't want to make any changes in the framework, because it leads to problems when updating the framework. Can I control this part? On 6 Aug., 10:30, Florian wrote: > Use something else than the session_id to generate the CSRF token > maybe ? > Or increase the session timeout ;) > > what about functional tests with captcha ? > > On Aug 6, 7:57 am, "mlu...@gmail.com" wrote: > > > Don't you really have an opinion about this? > > I'm sure you have ;-) > > > On 4 Aug., 16:44, "mlu...@gmail.com" wrote: > > > > Hi! > > > > I want to show you my attempt of a security/form strategy and want to > > > know what you are thinking about it. > > > > *The problem:* > > > If I read the source correct the CSRF_token is made of the session id > > > and the class name of the form. > > > > When you load a form and submit it after a certain time you get a csrf > > > attack because the session id has changed in the meanwhile. The > > > problem is that the wrong tiken gets delivered with the form to the > > > user again, so every time the user resubmitts the form you get an > > > attack. The only way to get rid of the wrong token is to reload the > > > form, but than the user will lose all entered values. > > > > A solution could be to reset the token when redelivering the form to > > > the user. This way the user can resubmit the form with his/her values. > > > But this makes the form accessable for XSS attacks, because an > > > attacker just needs to submit the form twice, what can be done via > > > javascript too. > > > > My ideas is to add a captcha to the form if it sees a csrf attack. The > > > captcha can't be solved viy javascript. > > > > What does it look like for the user? > > > > 1. The user loads a form > > > 2. After a certain time he submits the form. > > > 3. The form gets delivered to the user with his values, with reset > > > csrf_token and an added captcha. > > > 4. The user solves the captcha and submits the form. > > > 5. Everything is fine. > > > > What do you think about it. > > > > regards, > > > > michael -- If you want to report a vulnerability issue on symfony, please send it to security at symfony-project.com You received this message because you are subscribed to the Google Groups "symfony users" group. To post to this group, send email to symfony-users@googlegroups.com To unsubscribe from this group, send email to symfony-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/symfony-users?hl=en
[symfony-users] Re: My attempt of a security/form strategy
Don't you really have an opinion about this? I'm sure you have ;-) On 4 Aug., 16:44, "mlu...@gmail.com" wrote: > Hi! > > I want to show you my attempt of a security/form strategy and want to > know what you are thinking about it. > > *The problem:* > If I read the source correct the CSRF_token is made of the session id > and the class name of the form. > > When you load a form and submit it after a certain time you get a csrf > attack because the session id has changed in the meanwhile. The > problem is that the wrong tiken gets delivered with the form to the > user again, so every time the user resubmitts the form you get an > attack. The only way to get rid of the wrong token is to reload the > form, but than the user will lose all entered values. > > A solution could be to reset the token when redelivering the form to > the user. This way the user can resubmit the form with his/her values. > But this makes the form accessable for XSS attacks, because an > attacker just needs to submit the form twice, what can be done via > javascript too. > > My ideas is to add a captcha to the form if it sees a csrf attack. The > captcha can't be solved viy javascript. > > What does it look like for the user? > > 1. The user loads a form > 2. After a certain time he submits the form. > 3. The form gets delivered to the user with his values, with reset > csrf_token and an added captcha. > 4. The user solves the captcha and submits the form. > 5. Everything is fine. > > What do you think about it. > > regards, > > michael -- If you want to report a vulnerability issue on symfony, please send it to security at symfony-project.com You received this message because you are subscribed to the Google Groups "symfony users" group. To post to this group, send email to symfony-users@googlegroups.com To unsubscribe from this group, send email to symfony-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/symfony-users?hl=en
[symfony-users] My attempt of a security/form strategy
Hi! I want to show you my attempt of a security/form strategy and want to know what you are thinking about it. *The problem:* If I read the source correct the CSRF_token is made of the session id and the class name of the form. When you load a form and submit it after a certain time you get a csrf attack because the session id has changed in the meanwhile. The problem is that the wrong tiken gets delivered with the form to the user again, so every time the user resubmitts the form you get an attack. The only way to get rid of the wrong token is to reload the form, but than the user will lose all entered values. A solution could be to reset the token when redelivering the form to the user. This way the user can resubmit the form with his/her values. But this makes the form accessable for XSS attacks, because an attacker just needs to submit the form twice, what can be done via javascript too. My ideas is to add a captcha to the form if it sees a csrf attack. The captcha can't be solved viy javascript. What does it look like for the user? 1. The user loads a form 2. After a certain time he submits the form. 3. The form gets delivered to the user with his values, with reset csrf_token and an added captcha. 4. The user solves the captcha and submits the form. 5. Everything is fine. What do you think about it. regards, michael -- If you want to report a vulnerability issue on symfony, please send it to security at symfony-project.com You received this message because you are subscribed to the Google Groups "symfony users" group. To post to this group, send email to symfony-users@googlegroups.com To unsubscribe from this group, send email to symfony-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/symfony-users?hl=en
[symfony-users] Re: test stops at redirect without error :-(
solved On 3 Aug., 09:19, "mlu...@gmail.com" wrote: > Hi! > > I am writting tests for all my forms. Yesterday in the evening > everything went fine and today it doesn't. > > This is the start of my test file: > ... > include(dirname(__FILE__).'/../../bootstrap/functional.php'); > $browser = new sfTestFunctional(new sfBrowser()); > $browser-> > get('/gamelists/index')-> > with('request')->begin()-> > isParameter('module', 'lists')-> > //1 > isParameter('action', 'index')-> > //2 > end()-> > // check login > click('sign in', array( 'account' =>array( > 'user' => '', > 'pass' => '' > )))-> > isRedirected()-> > followRedirect()-> > ... > > The test simply stops at the redirect without ny errors. It says > "everything went fine". > > 1. Can anybody say me please what i am doing wrong, I don't see it. > 2. Is there a way to say how many tests are implemented in the file > like for unit tests? So the framework can check if all test where > made. > > michael -- If you want to report a vulnerability issue on symfony, please send it to security at symfony-project.com You received this message because you are subscribed to the Google Groups "symfony users" group. To post to this group, send email to symfony-users@googlegroups.com To unsubscribe from this group, send email to symfony-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/symfony-users?hl=en
[symfony-users] test stops at redirect without error :-(
Hi! I am writting tests for all my forms. Yesterday in the evening everything went fine and today it doesn't. This is the start of my test file: ... get('/gamelists/index')-> with('request')->begin()-> isParameter('module', 'lists')-> //1 isParameter('action', 'index')-> //2 end()-> // check login click('sign in', array( 'account' =>array( 'user' => '', 'pass' => '' )))-> isRedirected()-> followRedirect()-> ... The test simply stops at the redirect without ny errors. It says "everything went fine". 1. Can anybody say me please what i am doing wrong, I don't see it. 2. Is there a way to say how many tests are implemented in the file like for unit tests? So the framework can check if all test where made. michael -- If you want to report a vulnerability issue on symfony, please send it to security at symfony-project.com You received this message because you are subscribed to the Google Groups "symfony users" group. To post to this group, send email to symfony-users@googlegroups.com To unsubscribe from this group, send email to symfony-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/symfony-users?hl=en
[symfony-users] Re: I am in doubt about admin generator and security. What do you think?
I have found a solution to prevent changes of some values with usage of admin generator: 1. In the generator.yml the used form class is defined. By default is is sfGuardUserForm. Build your own class which is extending the default class and change the generator.yml ... form: class: BackendUserForm ... 2. Override the bind method and call the parent's one in it. But before you call it you can reset some values to it's default values. ... public function bind(array $taintedValues = null, array $taintedFiles = null) { $taintedValues["username"] = $this->getDefault("username"); return parent::bind($taintedValues,$taintedFiles); } ... 3. For a better usability define those values as readonly in the generator.yml. ... edit: title: Editing User "%%username%%" fields: username: attributes: readonly: readonly ... regards, Michael On 29 Jul., 16:01, "mlu...@gmail.com" wrote: > In my app i am using sfGuardPlugin. In the frontend it's not possible > the change the user name of an existing user, that's OK of course. > > But today I am working on the backend and I have seen there it's > possible to change the user name. > My first thought was to define the username as disabled in the > generator.yml. > But unfortunately html forms don't send disabled fields and so the > save action results in a missing field. > Than I made the username readonly, what worked in the first step. But > if you change the username via firebug it's submitted and the server > logic accepts it. > > So defining a field as readonly in generator.yml doesn't mean the > serverlogic treats it as readonly. Just the HTML form field is > readonly! This is ok to prevent editors to change fields they > shouldn't change. But as far as WebAppSec is concerned it's the same > as an editable field. > > Is there there a way to really define a field "not editable" in the > admin generator? > > The only solution I see at the moment is to code everything in the > backend myself and don't to use the admin generator at all. I see a > high risc in case of a lazy XSS attack. > > What do you think? > > regards, > > michael -- If you want to report a vulnerability issue on symfony, please send it to security at symfony-project.com You received this message because you are subscribed to the Google Groups "symfony users" group. To post to this group, send email to symfony-users@googlegroups.com To unsubscribe from this group, send email to symfony-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/symfony-users?hl=en
[symfony-users] I am in doubt about admin generator and security. What do you think?
In my app i am using sfGuardPlugin. In the frontend it's not possible the change the user name of an existing user, that's OK of course. But today I am working on the backend and I have seen there it's possible to change the user name. My first thought was to define the username as disabled in the generator.yml. But unfortunately html forms don't send disabled fields and so the save action results in a missing field. Than I made the username readonly, what worked in the first step. But if you change the username via firebug it's submitted and the server logic accepts it. So defining a field as readonly in generator.yml doesn't mean the serverlogic treats it as readonly. Just the HTML form field is readonly! This is ok to prevent editors to change fields they shouldn't change. But as far as WebAppSec is concerned it's the same as an editable field. Is there there a way to really define a field "not editable" in the admin generator? The only solution I see at the moment is to code everything in the backend myself and don't to use the admin generator at all. I see a high risc in case of a lazy XSS attack. What do you think? regards, michael -- If you want to report a vulnerability issue on symfony, please send it to security at symfony-project.com You received this message because you are subscribed to the Google Groups "symfony users" group. To post to this group, send email to symfony-users@googlegroups.com To unsubscribe from this group, send email to symfony-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/symfony-users?hl=en
[symfony-users] Re: problems with credentials
solved, my fault. thx On 28 Jul., 14:24, "mlu...@gmail.com" wrote: > Hi! > > I chave got a problem with credentials. In my action I add a > credential "beadmin" > > ... > $this->getUser()->setAuthenticated(true); > $this->getUser()->addCredential("beadmin"); > ... > > If I open the session file with a textedit I see the credential stored > in the session. > > But My user doesn't have it. > > In my template I out put > > ... > var_dump($sf_user->hasCredential("beadmin") ); > var_dump($sf_user->isAuthenticated() ); > ... > > and it says: > ... > bool(false) > bool(true) > ... > > Any ideas? > > regards, > > michael -- If you want to report a vulnerability issue on symfony, please send it to security at symfony-project.com You received this message because you are subscribed to the Google Groups "symfony users" group. To post to this group, send email to symfony-users@googlegroups.com To unsubscribe from this group, send email to symfony-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/symfony-users?hl=en
[symfony-users] problems with credentials
Hi! I chave got a problem with credentials. In my action I add a credential "beadmin" ... $this->getUser()->setAuthenticated(true); $this->getUser()->addCredential("beadmin"); ... If I open the session file with a textedit I see the credential stored in the session. But My user doesn't have it. In my template I out put ... var_dump($sf_user->hasCredential("beadmin") ); var_dump($sf_user->isAuthenticated() ); ... and it says: ... bool(false) bool(true) ... Any ideas? regards, michael -- If you want to report a vulnerability issue on symfony, please send it to security at symfony-project.com You received this message because you are subscribed to the Google Groups "symfony users" group. To post to this group, send email to symfony-users@googlegroups.com To unsubscribe from this group, send email to symfony-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/symfony-users?hl=en
[symfony-users] Re: sfGuardPlugin: checking username with regex
Thx! On 26 Jul., 15:50, Gábor Fási wrote: > It works, your expression is wrong. Try '/^[a-zA-Z]{1,}[a-zA-Z0-9]$/'. > > On Mon, Jul 26, 2010 at 15:34, mlu...@gmail.com wrote: > > Hi! > > > In my app i am using sfGuardPlugin. I have extended the class > > sfGuardUserForm to build my own registration form class. In the > > overridden configure method I have code below to define the rules for > > the username: > > > $this->setValidator('username', > > new sfValidatorAnd( > > array( > > new sfValidatorString( > > array( > > 'required' => true, > > 'max_length' => 64, > > 'min_length' => 4 > > ), > > array( > > 'invalid' => "The username isn't available.", > > 'required' => 'Please enter a username.', > > 'max_length' => 'The username can not be longer than > > %max_length% characters.', > > 'min_length' => 'The username can not be shorter than > > %max_length% characters.' > > ) > > ), > > new sfBlacklistValidator( > > array('listed_error' => "The username '%value%' isn't > > available." ) > > ), > > new sfValidatorRegex( > > array( > > 'pattern' => '/[a-zA-Z]{1,}[a-zA-Z0-9]/' > > ), > > array( > > 'invalid' => "Your username isn't valid. Please start with a > > character and use characters from a to z and numbers only." > > ) > > ) > > ) > > ) > > ); > > > I want the username to begin with an character followed by any number > > of characters ot numbers, but the RegexValidator doesn't seen to work, > > because I can register the username "0" which is starting with a > > zero. > > > Any ideas what I am doing wrong? > > > regards, > > > michael > > > -- > > If you want to report a vulnerability issue on symfony, please send it to > > security at symfony-project.com > > > You received this message because you are subscribed to the Google > > Groups "symfony users" group. > > To post to this group, send email to symfony-users@googlegroups.com > > To unsubscribe from this group, send email to > > symfony-users+unsubscr...@googlegroups.com > > For more options, visit this group at > >http://groups.google.com/group/symfony-users?hl=en -- If you want to report a vulnerability issue on symfony, please send it to security at symfony-project.com You received this message because you are subscribed to the Google Groups "symfony users" group. To post to this group, send email to symfony-users@googlegroups.com To unsubscribe from this group, send email to symfony-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/symfony-users?hl=en
[symfony-users] sfGuardPlugin: checking username with regex
Hi! In my app i am using sfGuardPlugin. I have extended the class sfGuardUserForm to build my own registration form class. In the overridden configure method I have code below to define the rules for the username: $this->setValidator('username', new sfValidatorAnd( array( new sfValidatorString( array( 'required' => true, 'max_length' => 64, 'min_length' => 4 ), array( 'invalid' => "The username isn't available.", 'required' => 'Please enter a username.', 'max_length' => 'The username can not be longer than %max_length% characters.', 'min_length' => 'The username can not be shorter than %max_length% characters.' ) ), new sfBlacklistValidator( array('listed_error' => "The username '%value%' isn't available." ) ), new sfValidatorRegex( array( 'pattern' => '/[a-zA-Z]{1,}[a-zA-Z0-9]/' ), array( 'invalid' => "Your username isn't valid. Please start with a character and use characters from a to z and numbers only." ) ) ) ) ); I want the username to begin with an character followed by any number of characters ot numbers, but the RegexValidator doesn't seen to work, because I can register the username "0" which is starting with a zero. Any ideas what I am doing wrong? regards, michael -- If you want to report a vulnerability issue on symfony, please send it to security at symfony-project.com You received this message because you are subscribed to the Google Groups "symfony users" group. To post to this group, send email to symfony-users@googlegroups.com To unsubscribe from this group, send email to symfony-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/symfony-users?hl=en
[symfony-users] Re: preventing 's in sql created by Criteria
I found a solution: $criteria->add( " ", "'".$values["username"]."' LIKE ".UserblackListPeer::ENTRY." ", Criteria::CUSTOM ); => SELECT userBlacklist.ID, userBlacklist.ENTRY FROM `userBlacklist` WHERE 'bad' LIKE userBlacklist.ENTRY :-) On 18 Jul., 23:53, nibsirahsieu wrote: > may be you can use zend lucene or solr > > On Jul 19, 4:26 am, "mlu...@gmail.com" wrote: > > > I know what "%" is. It's a copy$paste failure. The second onw should > > look like this: > > > SELECT * > > FROM userblacklist u > > where "badNew" like entry; > > > On 18 Jul., 23:24, Gábor Fási wrote: > > > > % is the wildcard similar to * in a like query > > > > On Sun, Jul 18, 2010 at 23:23, mlu...@gmail.com wrote: > > > > Thank you for the answer, but this isn't exactly what I need. > > > > > If I have "%bad%" in the blacklist and a user enters "badNew" the > > > > entry isn't cought with the SQL: > > > > > SELECT * > > > > FROM userblacklist u > > > > where entry LIKE "%badNew%"; > > > > > But this would catch it > > > > > SELECT * > > > > FROM userblacklist u > > > > where "%badNew%" like entry; > > > > > michael > > > > > On 18 Jul., 23:12, nibsirahsieu wrote: > > > >> $criteria->add( "'".$values["username"]."'", > > > >> UserblackListPeer::ENTRY, > > > >> Criteria::LIKE); > > > >> i think it's should be: > > > >> $criteria->setIgnoreCase(true); //add this If you want a column to be > > > >> treated in case-sensitive fashion > > > >> $criteria->add(UserblackListPeer::ENTRY, '%'.$values["username"].'%', > > > >> Criteria::LIKE); > > > > >> On Jul 19, 4:03 am, "mlu...@gmail.com" wrote: > > > > >> > Hi! > > > > >> > In my registration form I want to make a blacklist for user names. > > > >> > For > > > >> > this i made a table containing entryies that are not allowed for user > > > >> > names. My idea was to work with "like" which allows entries like > > > >> > "%bad > > > >> > %" in the blacklist. > > > > >> > The SQL would look like this: > > > > >> > SELECT * > > > >> > FROM userblacklist u > > > >> > where entry like "baduser"; > > > > >> > The problem is this SQL isn't working. This SQL is working: > > > > >> > SELECT * > > > >> > FROM userblacklist u > > > >> > where "basuser" like entry; > > > > >> > So I had the idea to build the criteria this way: > > > > >> > $criteria->add( "'".$values["username"]."'", > > > >> > UserblackListPeer::ENTRY, > > > >> > Criteria::LIKE); > > > > >> > But the Criteria class adds ' to the second parameter and doesn't > > > >> > resolve the field name, which leads to the following SQL: > > > > >> > SELECT * > > > >> > FROM userblacklist u > > > >> > where "basuser" like 'UserblackListPeer::ENTRY'; > > > > >> > Any ideas how I can make this working properly? > > > > >> > regards, > > > > >> > michael > > > > > -- > > > > If you want to report a vulnerability issue on symfony, please send it > > > > to security at symfony-project.com > > > > > You received this message because you are subscribed to the Google > > > > Groups "symfony users" group. > > > > To post to this group, send email to symfony-users@googlegroups.com > > > > To unsubscribe from this group, send email to > > > > symfony-users+unsubscr...@googlegroups.com > > > > For more options, visit this group at > > > >http://groups.google.com/group/symfony-users?hl=en -- If you want to report a vulnerability issue on symfony, please send it to security at symfony-project.com You received this message because you are subscribed to the Google Groups "symfony users" group. To post to this group, send email to symfony-users@googlegroups.com To unsubscribe from this group, send email to symfony-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/symfony-users?hl=en
[symfony-users] Re: preventing 's in sql created by Criteria
I know what "%" is. It's a copy$paste failure. The second onw should look like this: SELECT * FROM userblacklist u where "badNew" like entry; On 18 Jul., 23:24, Gábor Fási wrote: > % is the wildcard similar to * in a like query > > On Sun, Jul 18, 2010 at 23:23, mlu...@gmail.com wrote: > > Thank you for the answer, but this isn't exactly what I need. > > > If I have "%bad%" in the blacklist and a user enters "badNew" the > > entry isn't cought with the SQL: > > > SELECT * > > FROM userblacklist u > > where entry LIKE "%badNew%"; > > > But this would catch it > > > SELECT * > > FROM userblacklist u > > where "%badNew%" like entry; > > > michael > > > On 18 Jul., 23:12, nibsirahsieu wrote: > >> $criteria->add( "'".$values["username"]."'", > >> UserblackListPeer::ENTRY, > >> Criteria::LIKE); > >> i think it's should be: > >> $criteria->setIgnoreCase(true); //add this If you want a column to be > >> treated in case-sensitive fashion > >> $criteria->add(UserblackListPeer::ENTRY, '%'.$values["username"].'%', > >> Criteria::LIKE); > > >> On Jul 19, 4:03 am, "mlu...@gmail.com" wrote: > > >> > Hi! > > >> > In my registration form I want to make a blacklist for user names. For > >> > this i made a table containing entryies that are not allowed for user > >> > names. My idea was to work with "like" which allows entries like "%bad > >> > %" in the blacklist. > > >> > The SQL would look like this: > > >> > SELECT * > >> > FROM userblacklist u > >> > where entry like "baduser"; > > >> > The problem is this SQL isn't working. This SQL is working: > > >> > SELECT * > >> > FROM userblacklist u > >> > where "basuser" like entry; > > >> > So I had the idea to build the criteria this way: > > >> > $criteria->add( "'".$values["username"]."'", UserblackListPeer::ENTRY, > >> > Criteria::LIKE); > > >> > But the Criteria class adds ' to the second parameter and doesn't > >> > resolve the field name, which leads to the following SQL: > > >> > SELECT * > >> > FROM userblacklist u > >> > where "basuser" like 'UserblackListPeer::ENTRY'; > > >> > Any ideas how I can make this working properly? > > >> > regards, > > >> > michael > > > -- > > If you want to report a vulnerability issue on symfony, please send it to > > security at symfony-project.com > > > You received this message because you are subscribed to the Google > > Groups "symfony users" group. > > To post to this group, send email to symfony-users@googlegroups.com > > To unsubscribe from this group, send email to > > symfony-users+unsubscr...@googlegroups.com > > For more options, visit this group at > >http://groups.google.com/group/symfony-users?hl=en -- If you want to report a vulnerability issue on symfony, please send it to security at symfony-project.com You received this message because you are subscribed to the Google Groups "symfony users" group. To post to this group, send email to symfony-users@googlegroups.com To unsubscribe from this group, send email to symfony-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/symfony-users?hl=en
[symfony-users] Re: preventing 's in sql created by Criteria
Thank you for the answer, but this isn't exactly what I need. If I have "%bad%" in the blacklist and a user enters "badNew" the entry isn't cought with the SQL: SELECT * FROM userblacklist u where entry LIKE "%badNew%"; But this would catch it SELECT * FROM userblacklist u where "%badNew%" like entry; michael On 18 Jul., 23:12, nibsirahsieu wrote: > $criteria->add( "'".$values["username"]."'", > UserblackListPeer::ENTRY, > Criteria::LIKE); > i think it's should be: > $criteria->setIgnoreCase(true); //add this If you want a column to be > treated in case-sensitive fashion > $criteria->add(UserblackListPeer::ENTRY, '%'.$values["username"].'%', > Criteria::LIKE); > > On Jul 19, 4:03 am, "mlu...@gmail.com" wrote: > > > Hi! > > > In my registration form I want to make a blacklist for user names. For > > this i made a table containing entryies that are not allowed for user > > names. My idea was to work with "like" which allows entries like "%bad > > %" in the blacklist. > > > The SQL would look like this: > > > SELECT * > > FROM userblacklist u > > where entry like "baduser"; > > > The problem is this SQL isn't working. This SQL is working: > > > SELECT * > > FROM userblacklist u > > where "basuser" like entry; > > > So I had the idea to build the criteria this way: > > > $criteria->add( "'".$values["username"]."'", UserblackListPeer::ENTRY, > > Criteria::LIKE); > > > But the Criteria class adds ' to the second parameter and doesn't > > resolve the field name, which leads to the following SQL: > > > SELECT * > > FROM userblacklist u > > where "basuser" like 'UserblackListPeer::ENTRY'; > > > Any ideas how I can make this working properly? > > > regards, > > > michael -- If you want to report a vulnerability issue on symfony, please send it to security at symfony-project.com You received this message because you are subscribed to the Google Groups "symfony users" group. To post to this group, send email to symfony-users@googlegroups.com To unsubscribe from this group, send email to symfony-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/symfony-users?hl=en
[symfony-users] preventing 's in sql created by Criteria
Hi! In my registration form I want to make a blacklist for user names. For this i made a table containing entryies that are not allowed for user names. My idea was to work with "like" which allows entries like "%bad %" in the blacklist. The SQL would look like this: SELECT * FROM userblacklist u where entry like "baduser"; The problem is this SQL isn't working. This SQL is working: SELECT * FROM userblacklist u where "basuser" like entry; So I had the idea to build the criteria this way: $criteria->add( "'".$values["username"]."'", UserblackListPeer::ENTRY, Criteria::LIKE); But the Criteria class adds ' to the second parameter and doesn't resolve the field name, which leads to the following SQL: SELECT * FROM userblacklist u where "basuser" like 'UserblackListPeer::ENTRY'; Any ideas how I can make this working properly? regards, michael -- If you want to report a vulnerability issue on symfony, please send it to security at symfony-project.com You received this message because you are subscribed to the Google Groups "symfony users" group. To post to this group, send email to symfony-users@googlegroups.com To unsubscribe from this group, send email to symfony-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/symfony-users?hl=en
[symfony-users] Re: Where to extend sfGuardUserPeer class?
The class already has got this function. I just didn't saw it because sfGuardPeer extends PluginsfGuardUserPeer instead of BasesfGuardUserPeer. Thx anyway. PluginsfGuardUserPeer On 18 Jul., 13:29, "mlu...@gmail.com" wrote: > Hi! > > I am working on a portal where users have a public profile. For this I > would like to extend the sfGuardUserPeer class with a > retrieveByUserName function. > > Can I do this in the in: plugins/sfGuardPlugin/lib/model/ > sfGuardUserPeer.php or will these files be overwritten when I update > the plugin one day? > > I think I can create my own class(extending sfGuardUserPeer) in /lib/ > model too. > > thanky you, > > michael -- If you want to report a vulnerability issue on symfony, please send it to security at symfony-project.com You received this message because you are subscribed to the Google Groups "symfony users" group. To post to this group, send email to symfony-users@googlegroups.com To unsubscribe from this group, send email to symfony-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/symfony-users?hl=en
[symfony-users] Where to extend sfGuardUserPeer class?
Hi! I am working on a portal where users have a public profile. For this I would like to extend the sfGuardUserPeer class with a retrieveByUserName function. Can I do this in the in: plugins/sfGuardPlugin/lib/model/ sfGuardUserPeer.php or will these files be overwritten when I update the plugin one day? I think I can create my own class(extending sfGuardUserPeer) in /lib/ model too. thanky you, michael -- If you want to report a vulnerability issue on symfony, please send it to security at symfony-project.com You received this message because you are subscribed to the Google Groups "symfony users" group. To post to this group, send email to symfony-users@googlegroups.com To unsubscribe from this group, send email to symfony-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/symfony-users?hl=en
[symfony-users] Re: accessing action instance in sfComponent
p.s.: @McCumskey: There is no renderPartial in sfComponent. I forgot: The documentation would be much faster to navigate is class names in function signature would be linked to the class' documentaion. regards, michael On 10 Jun., 19:07, "mlu...@gmail.com" wrote: > Hi! > > @Eno: > I searched the documentation, but I think it could be better. > I started at the documentation of sfComponent and looked after a > getter that gives something back that could lead to the action > instance. Unfortunately no getter looked to me doing this. > To be honest, I think to get from sfComponent to controller, to > actionstack, to lastEntry, to actionInstance, to renderPartial is a > bit of a kind of a luck game. The cotroller was the key I was looking > for. > > @McCumskey: > In my application I have a tellAFriend form. I want it to be used as > easy as possible. I just want to include the component and it should > do everything itself. So, the form is posted to the current page, the > component is watching if it was submitted and reacts. If yes a mail is > created(this is where I need renderPartial), afterwards the mail is > serialized and stored in the db. In the form the recipientName and > recipientMail is removed, some "mail sent" message is added and the > form gets displayed again. So the user has prefilled senderName, > senderEmail and message for next time. > > # Why don't send the form to an action and redirect to the previews > url? > - With redirect I can't give the form the used custom data to show > them again. > # I could store custom data on server to reuse them. > - If the user has more than one window and submits very fast, > stored data could interfere. > # Use forward instead of redirect, this way you can forward the > data to the form. > - This would change the URL. > - From software design point of view, there would be two points > where the form is handled. The component to create it and the action > to receive it. That doesn't look proper to me. > > # Create a mail, serialize it and store it in the DB :-0 ? > - If I send it directly in the form receive code. It's a fire and > forget action. I have a cron job checking if there are mails to send > and it can react on errors, prop. try to send it later again or > something else. > > cons: > - Normally to check if a form was sent $this->isMethod("post") is > used. If you realize all forms this way and you have more than one > form on a page, this doesn't work anymore. You have to give each form > a hidden value identifying it and so you can check in the component if > this form was sent. > - If the user reloads the page the "send again" message appears. > > regards, > > michael > > On 10 Jun., 15:27, Gareth McCumskey wrote: > > > I am just wondering why you would need to get the partial from within the > > action? If you want a component to render a partial instead of a full > > template > > why not just call $this->renderPartial('partial_name'); at the end of the > > component method to make it display that partial? > > > On Thursday 10 June 2010 08:18:33 mlu...@gmail.com wrote: > > > > Hi! > > > > I need to access the action instance to use sfAction::getPartial in > > > the executeXX function of sfComponent. Does anybody see a way how to > > > do this? I tried to find a way, but didn't find one. > > > > regards, > > > > michael > > -- If you want to report a vulnerability issue on symfony, please send it to security at symfony-project.com You received this message because you are subscribed to the Google Groups "symfony users" group. To post to this group, send email to symfony-users@googlegroups.com To unsubscribe from this group, send email to symfony-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/symfony-users?hl=en
[symfony-users] Re: accessing action instance in sfComponent
p.s.: @McCumskey: There is no renderPartial in sfComponent. I forgot: The documentation would be much faster to navigate if class names in function signatures would be linked to the class decumentation. regards, michael On 10 Jun., 19:07, "mlu...@gmail.com" wrote: > Hi! > > @Eno: > I searched the documentation, but I think it could be better. > I started at the documentation of sfComponent and looked after a > getter that gives something back that could lead to the action > instance. Unfortunately no getter looked to me doing this. > To be honest, I think to get from sfComponent to controller, to > actionstack, to lastEntry, to actionInstance, to renderPartial is a > bit of a kind of a luck game. The cotroller was the key I was looking > for. > > @McCumskey: > In my application I have a tellAFriend form. I want it to be used as > easy as possible. I just want to include the component and it should > do everything itself. So, the form is posted to the current page, the > component is watching if it was submitted and reacts. If yes a mail is > created(this is where I need renderPartial), afterwards the mail is > serialized and stored in the db. In the form the recipientName and > recipientMail is removed, some "mail sent" message is added and the > form gets displayed again. So the user has prefilled senderName, > senderEmail and message for next time. > > # Why don't send the form to an action and redirect to the previews > url? > - With redirect I can't give the form the used custom data to show > them again. > # I could store custom data on server to reuse them. > - If the user has more than one window and submits very fast, > stored data could interfere. > # Use forward instead of redirect, this way you can forward the > data to the form. > - This would change the URL. > - From software design point of view, there would be two points > where the form is handled. The component to create it and the action > to receive it. That doesn't look proper to me. > > # Create a mail, serialize it and store it in the DB :-0 ? > - If I send it directly in the form receive code. It's a fire and > forget action. I have a cron job checking if there are mails to send > and it can react on errors, prop. try to send it later again or > something else. > > cons: > - Normally to check if a form was sent $this->isMethod("post") is > used. If you realize all forms this way and you have more than one > form on a page, this doesn't work anymore. You have to give each form > a hidden value identifying it and so you can check in the component if > this form was sent. > - If the user reloads the page the "send again" message appears. > > regards, > > michael > > On 10 Jun., 15:27, Gareth McCumskey wrote: > > > I am just wondering why you would need to get the partial from within the > > action? If you want a component to render a partial instead of a full > > template > > why not just call $this->renderPartial('partial_name'); at the end of the > > component method to make it display that partial? > > > On Thursday 10 June 2010 08:18:33 mlu...@gmail.com wrote: > > > > Hi! > > > > I need to access the action instance to use sfAction::getPartial in > > > the executeXX function of sfComponent. Does anybody see a way how to > > > do this? I tried to find a way, but didn't find one. > > > > regards, > > > > michael > > -- If you want to report a vulnerability issue on symfony, please send it to security at symfony-project.com You received this message because you are subscribed to the Google Groups "symfony users" group. To post to this group, send email to symfony-users@googlegroups.com To unsubscribe from this group, send email to symfony-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/symfony-users?hl=en
[symfony-users] Re: accessing action instance in sfComponent
Hi! @Eno: I searched the documentation, but I think it could be better. I started at the documentation of sfComponent and looked after a getter that gives something back that could lead to the action instance. Unfortunately no getter looked to me doing this. To be honest, I think to get from sfComponent to controller, to actionstack, to lastEntry, to actionInstance, to renderPartial is a bit of a kind of a luck game. The cotroller was the key I was looking for. @McCumskey: In my application I have a tellAFriend form. I want it to be used as easy as possible. I just want to include the component and it should do everything itself. So, the form is posted to the current page, the component is watching if it was submitted and reacts. If yes a mail is created(this is where I need renderPartial), afterwards the mail is serialized and stored in the db. In the form the recipientName and recipientMail is removed, some "mail sent" message is added and the form gets displayed again. So the user has prefilled senderName, senderEmail and message for next time. # Why don't send the form to an action and redirect to the previews url? - With redirect I can't give the form the used custom data to show them again. # I could store custom data on server to reuse them. - If the user has more than one window and submits very fast, stored data could interfere. # Use forward instead of redirect, this way you can forward the data to the form. - This would change the URL. - From software design point of view, there would be two points where the form is handled. The component to create it and the action to receive it. That doesn't look proper to me. # Create a mail, serialize it and store it in the DB :-0 ? - If I send it directly in the form receive code. It's a fire and forget action. I have a cron job checking if there are mails to send and it can react on errors, prop. try to send it later again or something else. cons: - Normally to check if a form was sent $this->isMethod("post") is used. If you realize all forms this way and you have more than one form on a page, this doesn't work anymore. You have to give each form a hidden value identifying it and so you can check in the component if this form was sent. - If the user reloads the page the "send again" message appears. regards, michael On 10 Jun., 15:27, Gareth McCumskey wrote: > I am just wondering why you would need to get the partial from within the > action? If you want a component to render a partial instead of a full template > why not just call $this->renderPartial('partial_name'); at the end of the > component method to make it display that partial? > > On Thursday 10 June 2010 08:18:33 mlu...@gmail.com wrote: > > > Hi! > > > I need to access the action instance to use sfAction::getPartial in > > the executeXX function of sfComponent. Does anybody see a way how to > > do this? I tried to find a way, but didn't find one. > > > regards, > > > michael > > -- If you want to report a vulnerability issue on symfony, please send it to security at symfony-project.com You received this message because you are subscribed to the Google Groups "symfony users" group. To post to this group, send email to symfony-users@googlegroups.com To unsubscribe from this group, send email to symfony-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/symfony-users?hl=en
[symfony-users] Re: accessing action instance in sfComponent
Hi! Thank you very much! It was: $this->getController()->getActionStack()->getLastEntry()- >getActionInstance()->renderPartial(); regards, michael On 10 Jun., 09:38, Daniel Lohse wrote: > This actually is possible but it's pretty long-winded so here we go: > > In your component call > $this->getController()->getActionStack()->getLastEntry()->renderPartial(); > > I'm not sure whether you'd have to call "getAction()" after the > "getLastEntry()" above, so try that out. > > And I'm also going to say this: use the API documentation to find out what > you want to do and how to get there. :) > > Cheers, Daniel > > Sent from my iPad > > On Jun 10, 2010, at 8:18 AM, "mlu...@gmail.com" wrote: > > > Hi! > > > I need to access the action instance to use sfAction::getPartial in > > the executeXX function of sfComponent. Does anybody see a way how to > > do this? I tried to find a way, but didn't find one. > > > regards, > > > michael > > > -- > > If you want to report a vulnerability issue on symfony, please send it to > > security at symfony-project.com > > > You received this message because you are subscribed to the Google > > Groups "symfony users" group. > > To post to this group, send email to symfony-users@googlegroups.com > > To unsubscribe from this group, send email to > > symfony-users+unsubscr...@googlegroups.com > > For more options, visit this group at > >http://groups.google.com/group/symfony-users?hl=en > > -- If you want to report a vulnerability issue on symfony, please send it to security at symfony-project.com You received this message because you are subscribed to the Google Groups "symfony users" group. To post to this group, send email to symfony-users@googlegroups.com To unsubscribe from this group, send email to symfony-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/symfony-users?hl=en
[symfony-users] accessing action instance in sfComponent
Hi! I need to access the action instance to use sfAction::getPartial in the executeXX function of sfComponent. Does anybody see a way how to do this? I tried to find a way, but didn't find one. regards, michael -- If you want to report a vulnerability issue on symfony, please send it to security at symfony-project.com You received this message because you are subscribed to the Google Groups "symfony users" group. To post to this group, send email to symfony-users@googlegroups.com To unsubscribe from this group, send email to symfony-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/symfony-users?hl=en
[symfony-users] Re: link_to + parameter - my parameters get overridden
Hi! Problem is solved. I have nested partial calls and I forgot to use $sf_data->getRaw() in the parameter array for the nested call. regards, Michael http://www.kineticarm.com http://www.dikeytus.com http://www.lueftenegger.at On 23 Jul., 20:08, Eno wrote: > On Thu, 23 Jul 2009, mlu...@gmail.com wrote: > > showcategory: > > url: /category/:slug/:page > > param: { module: gamelists, action: category, slug: action, page: > > 1 } > > ... > > > A corrresponding url look like > > /category/dress-up/1 > > > The call to link_top looks like this: > > link_to("dress-up","@showcategory?slug=dress-up&page=2") > > > The problem is, the page parameter in the generated link is always 1. > > Your routing rule has the default value for page if its not in the url. > May be better to set a default value in your action if it isn't supplied > instead? > > -- --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "symfony users" group. To post to this group, send email to symfony-users@googlegroups.com To unsubscribe from this group, send email to symfony-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/symfony-users?hl=en -~--~~~~--~~--~--~---
[symfony-users] solution for trailing slash problem
Hi! I was now looking for a solution for two days. And it's hard to find a working one. Finally I found it and to make it easier for next one looking for a solution, I will post it here: RewriteRule ^(.+)/$ http://%{HTTP_HOST}/$1 [R=301,L] This line added into the .htaccess removes the trailing slash from the requested url and redirects the the browser with a http 301(permanenly moved) to the new url. So it's even search engine friendly(no dublicates). My .htaccess looks now this: Options +FollowSymLinks +ExecCGI RewriteEngine On # uncomment the following line, if you are having trouble # getting no_script_name to work #RewriteBase / # we skip all files with .something #RewriteCond %{REQUEST_URI} \..+$ #RewriteCond %{REQUEST_URI} !\.html$ #RewriteRule .* - [L] RewriteRule ^(.+)/$ http://%{HTTP_HOST}/$1 [R=301,L] # we check if the .html version is here (caching) RewriteRule ^$ index.html [QSA] RewriteRule ^([^.]+)$ $1.html [QSA] RewriteCond %{REQUEST_FILENAME} !-f # no, so we redirect to our front web controller RewriteRule ^(.*)$ index.php [QSA,L] Found here: http://www.cakephp.nu/quick-tip-generic-nonwww-www-vice-versa-301-redirect-htaccess best regards, Michael http://www.kineticarm.com http://www.dikeytus.com http://www.lueftenegger.at --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "symfony users" group. To post to this group, send email to symfony-users@googlegroups.com To unsubscribe from this group, send email to symfony-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/symfony-users?hl=en -~--~~~~--~~--~--~---
[symfony-users] link_to + parameter - my parameters get overridden
Hi! I have again a routing problem(It seems the routing system doesn't like me very much :-)) On my site I have a category list, which shoes entries by category. The routing is defined as: ... showcategory: url: /category/:slug/:page param: { module: gamelists, action: category, slug: action, page: 1 } ... A corrresponding url look like /category/dress-up/1 The call to link_top looks like this: link_to("dress-up","@showcategory?slug=dress-up&page=2") The problem is, the page parameter in the generated link is always 1. On my page I have also a list with the newest entries: routing: ... newgames: url: /newgames/:page param: { module: gamelists, action: new, page: 1 } ... url: /newgames/1 link_to: link_to("new games","@newgames?page=2"); In this list the page parameter works fine. The only point I see, is the quantity of parameters, but I don't see any reason why it should not work. Do you have any ideas? regards, Michael --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "symfony users" group. To post to this group, send email to symfony-users@googlegroups.com To unsubscribe from this group, send email to symfony-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/symfony-users?hl=en -~--~~~~--~~--~--~---
[symfony-users] Re: routing + parameters
THANK YOU! I had to remove the "/*" from the url. The routing looks now like this: ... search: url: /search options: { extra_parameters_as_query_string: true } param: { module: search, action: result } ... regards, Michael On 21 Jul., 11:27, Tonio wrote: > Oups, > > too quick: options: { extra_parameters_as_query_string: true } > > On Jul 21, 11:24 am, Tonio wrote: > > > Hello, > > > Try > > options: { generate_shortest_url: false } > > > from:http://www.symfony-project.org/tutorial/1_2/whats-new#chapter_3fb3b0c... > > > Tonio > > > On Jul 21, 10:52 am, "mlu...@gmail.com" wrote: > > > > Hi! > > > > has anybody an idea about this? it's really urgent. thank you. > > > > michael > > > > On 20 Jul., 19:09, "mlu...@gmail.com" wrote: > > > > > Thank you for the feedback. > > > > > Now it's working, but the url looks like this: > > > > > /search/q/funny/page/2 > > > > > Can I change this? > > > > > Michael > > > > > On 20 Jul., 18:14, Eno wrote: > > > > > > On Mon, 20 Jul 2009, mlu...@gmail.com wrote: > > > > > > I think I have to define something in the routing.yml, but I have no > > > > > > idea what. > > > > > > > I want the url to look like this > > > > > > >www.example.com/search?q=word1+word2&p=1 > > > > > > You could try: > > > > > > url: /search/* > > > > > > -- --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "symfony users" group. To post to this group, send email to symfony-users@googlegroups.com To unsubscribe from this group, send email to symfony-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/symfony-users?hl=en -~--~~~~--~~--~--~---
[symfony-users] Re: routing + parameters
Hi! has anybody an idea about this? it's really urgent. thank you. michael On 20 Jul., 19:09, "mlu...@gmail.com" wrote: > Thank you for the feedback. > > Now it's working, but the url looks like this: > > /search/q/funny/page/2 > > Can I change this? > > Michael > > On 20 Jul., 18:14, Eno wrote: > > > On Mon, 20 Jul 2009, mlu...@gmail.com wrote: > > > I think I have to define something in the routing.yml, but I have no > > > idea what. > > > > I want the url to look like this > > > >www.example.com/search?q=word1+word2&p=1 > > > You could try: > > > url: /search/* > > > -- --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "symfony users" group. To post to this group, send email to symfony-users@googlegroups.com To unsubscribe from this group, send email to symfony-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/symfony-users?hl=en -~--~~~~--~~--~--~---
[symfony-users] Re: routing + parameters
Thank you for the feedback. Now it's working, but the url looks like this: /search/q/funny/page/2 Can I change this? Michael On 20 Jul., 18:14, Eno wrote: > On Mon, 20 Jul 2009, mlu...@gmail.com wrote: > > I think I have to define something in the routing.yml, but I have no > > idea what. > > > I want the url to look like this > > >www.example.com/search?q=word1+word2&p=1 > > You could try: > > url: /search/* > > -- --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "symfony users" group. To post to this group, send email to symfony-users@googlegroups.com To unsubscribe from this group, send email to symfony-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/symfony-users?hl=en -~--~~~~--~~--~--~---
[symfony-users] routing + parameters
Hi! I am developing a web site with a search function. For the search function I generated a module and an action. in the routing.yml I made a rule for this action. I have two parameters: q for query and p for page ... search: url: /search param: { module: search, action:result } ... The problem is that link_to cuts all parameters off. link_to('page 2',"@search?q=word1+word2&p=2); I think I have to define something in the routing.yml, but I have no idea what. I want the url to look like this www.example.com/search?q=word1+word2&p=1 Any ideas? Michael --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "symfony users" group. To post to this group, send email to symfony-users@googlegroups.com To unsubscribe from this group, send email to symfony-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/symfony-users?hl=en -~--~~~~--~~--~--~---
[symfony-users] Re: escaping doesn't seem to work
thanks for your tips, I found a solution. I can't explain it, but all.settings.escaping_strategy doesn't work. I fhave to activate it explicitly for the environment. So, this prod: .settings: ... escaping_strategy: on escaping_method:ESC_ENTITIES works. And now I have to rework all my templates :-( thanky you, Michael On 16 Jul., 17:06, "mlu...@gmail.com" wrote: > No tabs and just frontend. > > On 16 Jul., 16:36, Eno wrote: > > > On Thu, 16 Jul 2009, mlu...@gmail.com wrote: > > > I added this line in an action > > > ... > > > var_dump( sfConfig::get('sf_escaping_strategy') ); > > > ... > > > > The result is > > > > bool(false) > > > > Yes, I cleared the cache. > > > > Any ideas? > > > > I can't find anything. > > > And the setting is in the correct application? > > > Maybe check you dont have tabs in the YAML? > > > -- --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "symfony users" group. To post to this group, send email to symfony-users@googlegroups.com To unsubscribe from this group, send email to symfony-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/symfony-users?hl=en -~--~~~~--~~--~--~---
[symfony-users] Re: escaping doesn't seem to work
No tabs and just frontend. On 16 Jul., 16:36, Eno wrote: > On Thu, 16 Jul 2009, mlu...@gmail.com wrote: > > I added this line in an action > > ... > > var_dump( sfConfig::get('sf_escaping_strategy') ); > > ... > > > The result is > > > bool(false) > > > Yes, I cleared the cache. > > > Any ideas? > > > I can't find anything. > > And the setting is in the correct application? > > Maybe check you dont have tabs in the YAML? > > -- --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "symfony users" group. To post to this group, send email to symfony-users@googlegroups.com To unsubscribe from this group, send email to symfony-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/symfony-users?hl=en -~--~~~~--~~--~--~---
[symfony-users] escaping doesn't seem to work
Hi! In my project the escaping doesn't work. These are my settings: all: .settings: ... # Output escaping settings escaping_strategy: on escaping_method:ESC_ENTITIES In the database I added html code to a field. This is the source code of the delivered html page. ...eafdwaerfblaqwerfw... I added this line in an action ... var_dump( sfConfig::get('sf_escaping_strategy') ); ... The result is bool(false) Yes, I cleared the cache. Any ideas? I can't find anything. regards, Michael --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "symfony users" group. To post to this group, send email to symfony-users@googlegroups.com To unsubscribe from this group, send email to symfony-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/symfony-users?hl=en -~--~~~~--~~--~--~---
[symfony-users] Re: some question for form renderError()
I have now created two errors at one field with max_length=9, min_length=11 and posting 10 characters. It seems there always just returned one error. My work around looks like this: hasError()): ?> getError(); $errors = is_array( $errors )? $errors: array($errors); foreach ($errors as $error): ?> To be future proof I check if the value is already an array and if it isn't I put the error into an array. The rest of the code stays as it is. Michael On 20 Mai, 10:48, ctrlming wrote: > Oh my god~.. > I got another question . > inhttp://www.symfony-project.org/forms/1_2/en/03-Forms-for-web-Designer... > > hasError()): ?> > > getError() as $error): ?> > > > > > > when I use like this to print errors,there output none; > "if ($form['email']->hasError()):" there is work, > but I found "$form['email']->getError()" returns an object not an > array. > any one has this trouble? > > On 5月20日, 下午2时58分, ctrlming wrote: > > > thank you, Frank. > > But really is too much trouble to do so. > > If there is no other way I can only do so > > > On 5月20日, 下午2时39分, Frank Stelzer wrote: > > > > Hi, > > > you have to decorate yourformon your own in this case. > > > More details > > > here:http://www.symfony-project.org/forms/1_2/en/03-Forms-for-web-Designer... > > > > - Frank > > > > Am 20.05.2009 um 07:39 schrieb ctrlming: > > > > > in the template, I got some question. > > > > symfony renderError() use default style like > > > > > > > > some errors > > > > > > > > > but now I want use another style like some errors > > > div> > > > > how can I do? > > > > thanks!- 隐藏被引用文字 - > > > > - 显示引用的文字 -- 隐藏被引用文字 - > > > - 显示引用的文字 - --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "symfony users" group. To post to this group, send email to symfony-users@googlegroups.com To unsubscribe from this group, send email to symfony-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/symfony-users?hl=en -~--~~~~--~~--~--~---
[symfony-users] Re: some question for form renderError()
It's the same to me. The returned value isn't an array. You can display the error message with __toString(). But what happens if there are more than one error to the field. Michael On 20 Mai, 10:48, ctrlming wrote: > Oh my god~.. > I got another question . > inhttp://www.symfony-project.org/forms/1_2/en/03-Forms-for-web-Designer... > > hasError()): ?> > > getError() as $error): ?> > > > > > > when I use like this to print errors,there output none; > "if ($form['email']->hasError()):" there is work, > but I found "$form['email']->getError()" returns an object not an > array. > any one has this trouble? > > On 5月20日, 下午2时58分, ctrlming wrote: > > > thank you, Frank. > > But really is too much trouble to do so. > > If there is no other way I can only do so > > > On 5月20日, 下午2时39分, Frank Stelzer wrote: > > > > Hi, > > > you have to decorate yourformon your own in this case. > > > More details > > > here:http://www.symfony-project.org/forms/1_2/en/03-Forms-for-web-Designer... > > > > - Frank > > > > Am 20.05.2009 um 07:39 schrieb ctrlming: > > > > > in the template, I got some question. > > > > symfony renderError() use default style like > > > > > > > > some errors > > > > > > > > > but now I want use another style like some errors > > > div> > > > > how can I do? > > > > thanks!- 隐藏被引用文字 - > > > > - 显示引用的文字 -- 隐藏被引用文字 - > > > - 显示引用的文字 - --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "symfony users" group. To post to this group, send email to symfony-users@googlegroups.com To unsubscribe from this group, send email to symfony-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/symfony-users?hl=en -~--~~~~--~~--~--~---
[symfony-users] Re: some question for form renderError()
I have the same problem. The reason is getError doesn't return an array. It's a string. But I don't know what happens if there are more than one error on one field. michael On 20 Mai, 10:48, ctrlming wrote: > Oh my god~.. > I got another question . > inhttp://www.symfony-project.org/forms/1_2/en/03-Forms-for-web-Designer... > > hasError()): ?> > > getError() as $error): ?> > > > > > > when I use like this to print errors,there output none; > "if ($form['email']->hasError()):" there is work, > but I found "$form['email']->getError()" returns an object not an > array. > any one has this trouble? > > On 5月20日, 下午2时58分, ctrlming wrote: > > > thank you, Frank. > > But really is too much trouble to do so. > > If there is no other way I can only do so > > > On 5月20日, 下午2时39分, Frank Stelzer wrote: > > > > Hi, > > > you have to decorate yourformon your own in this case. > > > More details > > > here:http://www.symfony-project.org/forms/1_2/en/03-Forms-for-web-Designer... > > > > - Frank > > > > Am 20.05.2009 um 07:39 schrieb ctrlming: > > > > > in the template, I got some question. > > > > symfony renderError() use default style like > > > > > > > > some errors > > > > > > > > > but now I want use another style like some errors > > > div> > > > > how can I do? > > > > thanks!- 隐藏被引用文字 - > > > > - 显示引用的文字 -- 隐藏被引用文字 - > > > - 显示引用的文字 - --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "symfony users" group. To post to this group, send email to symfony-users@googlegroups.com To unsubscribe from this group, send email to symfony-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/symfony-users?hl=en -~--~~~~--~~--~--~---