Pádraic Brady: A Hitchhiker’s Guide to Cross-Site Scripting (XSS) in PHP (Part 1)

Pádraic Brady has posted A Hitchhiker’s Guide to Cross-Site Scripting (XSS) in PHP (Part 1): How Not To Use Htmlspecialchars() For Output Escaping: Always set the third parameter to htmlspecialchars(), set it correctly, and make sure your document is never served with a mismatched or invalid character encoding! Don’t expect some theoretically perfect world to magically appear – browsers are filthily efficient at doing weird things you don’t expect. With a nod to the anniversary… continue reading.

Posted on 13 March 2012 in Around the web

Some Zend\View examples

With the release of Beta 3 of Zend Framework, we now have a significantly refactored the ZendView component. One of the changes made is that there is a ViewModel object that is returned from a controller which contains the variables to be used within the view script along with meta information such as the view script to render. The really nice thing about ViewModels is that they can be nested and this is how the… continue reading.

Posted on 12 March 2012 in Zend Framework, Zend Framework 2

Module specific bootstrapping in ZF2

Update As of Beta 4, this method no longer works. Evan Coury's post on Module-specific layouts in Zend Framework 2 is the correct way to do this. Following on from the discussion on modules, we can hook into the event system to do module specific bootstrapping. By this, I mean, if you have some code that you want to run only if the action to be called is within this module, you can hook into… continue reading.

Posted on 8 March 2012 in Zend Framework, Zend Framework 2

Matthew Weier OPhinney: View Layers, Database Abstraction, Configuration, Oh, My!

Matthew Weier OPhinney has posted View Layers, Database Abstraction, Configuration, Oh, My! Late last week, the Zend Framework community 2.0.0beta3, the latest iteration of the v2 framework. What have we been busy doing the last couple months? In a nutshell, getting dirty with view layers, database abstraction, and configuration. This is a must read article if you want to know what's new in ZendView, ZendDb and ZendConfig!

Posted on 6 March 2012 in Around the web

Modules in ZF2

A Zend Framework 2 application is made up of a number of modules which each contain the controllers, models, views and other support code required to implement a specific part of the application. Within a standard ZF2 application, modules live in one of two places: /module – for application specific modules /vendor – for 3rd party modules It follows that you are not expected to ever modify 3rd party modules that are stored in /vendor.… continue reading.

Posted on 5 March 2012 in Zend Framework, Zend Framework 2

An introduction to Zend\Di

Zend Framework 2 provides its own dependency injection container, Zend\Di which is a key underpinning of the entire framework and especially the MVC system. I have covered before, my thoughts on the reasons for using dependency injection, so this article looks at the fundamentals of using Zend\Di. Constructor injection Consider this code: namespace My; class DatabaseAdapter { } class UserTable { protected $db; public function __construct (DatabaseAdapter $db) { $this->db = $db; } } This… continue reading.

Posted on 29 February 2012 in Zend Framework, Zend Framework 2

Sublime Text 2 Plugin: Function Name Display

As I'm using Sublime Text 2 more and more, I thought it would be useful to display the current method name in the status bar. I poked around on the forums and created a plugin from ideas I found in a couple of different threads. This plugin is imaginatively titled Sublime Function Name Display! As I've hooked into the on_selection_modified event handler, I was keen to avoid slowing down the editor too much when you… continue reading.

Posted on 27 February 2012 in Software

Overriding module configuration in ZF2

Let's say that you install the ZF-Common's User module. By default, it sets up its routes under the /user path segment like this: vendor/ZfcUser/config/module.config.php return array( // lots of config stuff here /** * Routes */ 'ZendMvcRouterRouteStack' => array( 'parameters' => array( 'routes' => array( 'zfcuser' => array( 'type' => 'Literal', 'priority' => 1000, 'options' => array( 'route' => '/user', 'defaults' => array( 'controller' => 'zfcuser', 'action' => 'index', ), ), 'may_terminate' => true, 'child_routes'… continue reading.

Posted on 23 February 2012 in Zend Framework, Zend Framework 2

Shahar Evron: Generating ZF Autoloader Classmaps with Phing

Shahar has posted a new article about how to generate ZF2 autoloader classmaps with phing. As the ZF2 classmap autoloader is quicker than the standard autoloader, this can be a benefit in production, so being able to automate the creation is beneficial. Fortunately, using ZF2′s autoloader stack and Phing, we can enjoy both worlds: while in development, standard PSR-0 autoloading is used and the developer can work smoothly without worrying about updating class maps. As… continue reading.

Posted on 21 February 2012 in Around the web, Zend Framework 2

What problem does dependency injection solve?

Zend Framework 2 comes with a dependency injection container (DIC), as does Symfony 2 and Aura, along with many other PHP frameworks that target PHP 5.3 or higher nowadays. This article attempts to explore the problem that a DIC tries to solve. Consider this simple (contrived!) example of an Album object that has an Artist object: class Album { protected $artist; public function getArtistName() { return $artist->getName(); } } The question is how to we… continue reading.

Posted on 20 February 2012 in Zend Framework, Zend Framework 2

Yearly Archives: 2012