Monday
28
July
2008

Application wide locale in Zend Framework

Hy interested ones,

a new feature has been added within Zend Framework. it now supports the usage of an application wide locale. Anyone who is using I18N classes in his application will love this feature.

So what’s all about this new feature…. let’s look into details. Until Zend Framework 1.5 when you wanted to use several I18N aware classes you had to set the locale you wanted to use within all classes. This looked like this:

$locale = new Zend_Locale('en_US');
$date1 = new Zend_Date($locale);
$date2 = new Zend_Date($locale);
$currency = new Zend_Currency($locale);

When you use only one or two instances there is not much difference. But the more instances you use the more work you would have with the syntax. Looking at this in detail I thought why not simply set the locale once within your bootstrap and let the framework do the rest.

The solution was the usage of the registry. So let’s look at the same example and the difference in the usage:

$locale = new Zend_Locale('en_US');
Zend_Registry::set('Zend_Locale', $locale);
	
...
$date1 = new Zend_Date();
$date2 = new Zend_Date();
$currency = new Zend_Currency();

As you can notice now, you can forget about the locale as it’s automatically taken from the registry. This is a small and simple solution but it will solve you several headache. You can use this feature within the actual trunk or you have to wait until 1.7 is released.

Have fun with it, anyway.

Greetings,
Thomas Weidner, I18N Team Leader, Zend Framework

Back to top
Sunday
20
July
2008

Zend_File_Transfer examples or using validators to increase security

Hy interested ones,

the new Zend_File_Transfer component is growing day for day.
As incredible new feature this component allows to use file validators.

These are necessary to increase security and allow to define rules for file uploads (and also downloads in future). So let’s see some examples to get a feeling:

$upload = new Zend_File_Transfer_Adapter_Http();
$upload->addValidators('Size', '50kB)
          ->setDestination('C:/uploads')
          ->receive();

What we’ve done so far is to limit all sent files to 50kB filesize. Any file which is uploaded and exceeds the size of 50kB will throw an exception we can catch.

The more rules we define the more secure our upload will be.
So which other validators are supported until now:

  • Size: We already know this validator. He checks the filesize of single file. You can set a minimum and a maximum filesize.
  • Count: You should set this validator to represent exactly the amount of files you expect. He has also a mimimum and a maximum filecount. If this validator throws an error you are probably having an attack. But you can also limit the number of files to receive with this validator.
  • Extension: This validator checks for the extension of files. You can set multiple extensions to be checked. But remember that an evil user can manually change the extension so you should not rely only on the extension.
  • FilesSize: This validator also checks for the size of files. But different to the Size validator it checks for the size of ALL files. You could for example define that a single file must not exceed 50kB. But all files in sum must not exceed 200kB.
  • ImageSize: The ImageSize validator checks the size of given files when they are images. You can define a mimimum and a maximum image size for width and height.

So let’s see a full example of validators and a more secure upload:

$upload = new Zend_File_Transfer_Adapter_Http();
$upload->addValidators('Size', '250kB')
          ->addValidators('Count', 5)
          ->addValidators('FilesSize', '1MB')
          ->addValidators('Extension', 'gif, jpg, png')
          ->addValidators('ImageSize', array(10, 10, 1024, 768))
          ->setDestination('C:/uploads');
	
if (!$upload->isValid()) {
    print_r($upload->getMessages());
    die();
}
try {
    $upload->receive();
} catch (Zend_File_Transfer_Exception $e) {
    $e->getMessage();
}

So what we’ve created now is a fileupload for images.
Each imagefile can have 250kB maximum filesize. We allow in sum 5 images but all images im sum are not allowed to exceed 1MB. Additionally we allow gif, jpg and png files and define a imagesize of 10×10 up to 1024×768. All files are uploaded to ‘C:\uploads’.

As you see it’s not complicated to define a more secure upload then just using php’s move_uploaded_file.
Feel free to play around with this example.

If future there will be additional validators like MimeType and FileName.
Also filter will be added which allow you to change uploaded files on the fly before they are stored.
Filters could contain the automatic change of imagesize or changing textfiles to have a proper lineending and much more.

Greetings
Thomas, I18N Team Leader, Zend Framework

Back to top
Saturday
19
July
2008

Feeds simplificated

Hy interested ones,

this time the reason for my announcement is somewhat private.

As you may have noticed, I’ve changed the look and feel of my blog. It’s, in my opinion, now much more comfortable. I also added links on the left side to a RSS blog and email subscription. They are handled by feedburner, a free blog service.

Feel free to subscribe to my feed per RSS or Email.

Greetings
Thomas, I18N Team Leader, Zend Framework

Back to top