Monday, July 28, 2008
By thomasw at 00:08:38
Hy interested ones,
a new feature has been added within Zend Framework. it now supports the usage of an application wide locale. Anyone who is using I18N classes in his application will love this feature.
So what’s all about this new feature…. let’s look into details. Until Zend Framework 1.5 when you wanted to use several I18N aware classes you had to set the locale you wanted to use within all classes. This looked like this:
$locale = new Zend_Locale('en_US');
$date1 = new Zend_Date($locale);
$date2 = new Zend_Date($locale);
$currency = new Zend_Currency($locale);
When you use only one or two instances there is not much difference. But the more instances you use the more work you would have with the syntax. Looking at this in detail I thought why not simply set the locale once within your bootstrap and let the framework do the rest.
The solution was the usage of the registry. So let’s look at the same example and the difference in the usage:
$locale = new Zend_Locale('en_US');
Zend_Registry::set('Zend_Locale', $locale);
...
$date1 = new Zend_Date();
$date2 = new Zend_Date();
$currency = new Zend_Currency();
As you can notice now, you can forget about the locale as it’s automatically taken from the registry. This is a small and simple solution but it will solve you several headache. You can use this feature within the actual trunk or you have to wait until 1.6GA is released.
Have fun with it, anyway.
Greetings,
Thomas Weidner, I18N Team Leader, Zend Framework
Sunday, July 20, 2008
By thomasw at 22:56:00
Hy interested ones,
the new Zend_File_Transfer component is growing day for day.
As incredible new feature this component allows to use file validators.
These are necessary to increase security and allow to define rules for file uploads (and also downloads in future). So let’s see some examples to get a feeling:
$upload = new Zend_File_Transfer_Adapter_Http();
$upload->addValidators('Size', '50kB)
->setDestination('C:/uploads')
->receive();
What we’ve done so far is to limit all sent files to 50kB filesize. Any file which is uploaded and exceeds the size of 50kB will throw an exception we can catch.
The more rules we define the more secure our upload will be.
So which other validators are supported until now:
- Size: We already know this validator. He checks the filesize of single file. You can set a minimum and a maximum filesize.
- Count: You should set this validator to represent exactly the amount of files you expect. He has also a mimimum and a maximum filecount. If this validator throws an error you are probably having an attack. But you can also limit the number of files to receive with this validator.
- Extension: This validator checks for the extension of files. You can set multiple extensions to be checked. But remember that an evil user can manually change the extension so you should not rely only on the extension.
- FilesSize: This validator also checks for the size of files. But different to the Size validator it checks for the size of ALL files. You could for example define that a single file must not exceed 50kB. But all files in sum must not exceed 200kB.
- ImageSize: The ImageSize validator checks the size of given files when they are images. You can define a mimimum and a maximum image size for width and height.
So let’s see a full example of validators and a more secure upload:
$upload = new Zend_File_Transfer_Adapter_Http();
$upload->addValidators('Size', '250kB')
->addValidators('Count', 5)
->addValidators('FilesSize', '1MB')
->addValidators('Extension', 'gif, jpg, png')
->addValidators('ImageSize', array(10, 10, 1024, 768))
->setDestination('C:/uploads');
if (!$upload->isValid()) {
print_r($upload->getMessages());
die();
}
try {
$upload->receive();
} catch (Zend_File_Transfer_Exception $e) {
$e->getMessage();
}
So what we’ve created now is a fileupload for images.
Each imagefile can have 250kB maximum filesize. We allow in sum 5 images but all images im sum are not allowed to exceed 1MB. Additionally we allow gif, jpg and png files and define a imagesize of 10×10 up to 1024×768. All files are uploaded to ‘C:\uploads’.
As you see it’s not complicated to define a more secure upload then just using php’s move_uploaded_file.
Feel free to play around with this example.
If future there will be additional validators like MimeType and FileName.
Also filter will be added which allow you to change uploaded files on the fly before they are stored.
Filters could contain the automatic change of imagesize or changing textfiles to have a proper lineending and much more.
Greetings
Thomas, I18N Team Leader, Zend Framework
Saturday, July 19, 2008
By thomasw at 23:24:07
Hy interested ones,
this time the reason for my announcement is somewhat private.
As you may have noticed, I’ve changed the look and feel of my blog. It’s, in my opinion, now much more comfortable. I also added links on the left side to a RSS blog and email subscription. They are handled by feedburner, a free blog service.
Feel free to subscribe to my feed per RSS or Email.
Greetings
Thomas, I18N Team Leader, Zend Framework
Friday, July 18, 2008
By thomasw at 22:55:15
Hy fellows,
a new version of Zend Framework will be released on Monday 21.July.2008.
It\’s the release canidate for 1.6. Even if it\’s until now not finished for public release, a release canidate can contain minor problems, it contains some new components and, of course, a huge amount of bugfixes and improvements.
My additions to this release are:
Zend_Transfer_Adapter_Ini: A adapter for using ini files for translations
Zend_File_Transfer: A component which handles file uploads and downloads for multiple transfer protocols.
Of course also a number of bugs and other small improvments to existing I18N components have been integrated.
Zend_File_Transfer is far away from being finished. But the ZF-devteam has decided that it should be integrated with 1.6. Actually it will support only the HTTP POST protocol. But it’s easy to use and it comes also with some validators especially created for file validation. As this component is not completly ready for now, it will additionally get an Zend_Form_Element_File which consumes this component, the decission has been made to delay it’s integration until RC2.
Yes, this are the bad news… we will have a RC2 anyway.
But the good news are, that we have some additionally days to fix some other issues.
Greetings
Thomas, I18N Team Leader, Zend Framework
Sunday, July 13, 2008
By thomasw at 20:01:36
Hy interested ones,
the Zend Framework has since today a new file transfer component ready for playing around.
Zend_File_Transfer allows file uploads and downloads when it’s finished.
For now, there is only HTTP POST upload available and it looks like it will be released with 1.6.
The component comes with several validators specially written for validating files with this component.
Below is an example of usage:
The example form looks like this:
<form enctype="multipart/form-data" action="index2.php" method="POST">
<input type="hidden" name="MAX_FILE_SIZE" value="100000" />
Choose a file to upload: <input name="uploadedfile" type="file" /><br />
Choose a file to upload: <input name="uploadedfiles[]" type="file" /><br />
Choose a file to upload: <input name="uploadedfiles[]" type="file" /><br />
<input type="submit" value="Upload File" />
</form>
The target looks like this:
<?php
require_once "Zend/File/Transfer/Adapter/Http.php";
require_once "Zend/File/Transfer/Exception.php";
$adapter = new Zend_File_Transfer_Adapter_Http();
$adapter->setValidators('size', '2000');
if ($adapter->isValid() === false) {
print_r($adapter->getMessages());
}
try {
$adapter->setDestination('C:\temp')
->receive();
} catch (Zend_File_Transfer_Exception $e) {
print $e->getMessage();
}
print "DOWNLOAD FINISHED!!";
As you see the usage is quite simple.
The seperated isValid() call is not necessary but will show you which failures occured while validation.
Any failure while uploading will also be returned as validation error even when you do not set any validator.
For now there are these validators available:
Zend_Validate_File_Count - validates the file count
Zend_Validate_File_DiskSpace - validates the disk usage of ALL files
Zend_Validate_File_Extension - validates the real file extension
Zend_Validate_File_Size - validates the size of single files
The Zend_Validate_File_Upload validator is the internal validator which checks for upload failures. There is no need to use it as it is automatically used by Zend_File_Transfer itself.
In future the component will be extended with other adapters and also with download capabilities.
I hope you enjoy testing and playing around.
Greetings
Thomas Weidner, I18N Team Leader, Zend Framework
http://www.thomasweidner.com
