Thomas Weidner has written up how to receive files with Zend_Form_Element_File. If you are having problems trying to get a file uploaded properly, then have a read and it should all become clear.
Ben Scholzen has written an article about using multiple Zend_Cache objects in your application.
When creating a huge application, you mostly have to keep caching out of your development environment, but want to fully control the caching backend in your production environment, without all the calls to the Zend_Cache factory in your models or controllers. I had to struggle with the problem in the past sometimes, and came to the conlusion, that a singleton-factory would solve this issue very well.
He then goes on to show code samples of how to create a factory of cache objects for use in your application.
Some how I missed this, but Colleen Dick has published a review of Zend Framework in Action!
This is the good bit:
But the main thing is that they build a real web app, complete with a lot of the typical messiness web apps entail. It’s one thing to talk about a class, function, or method in crystalline isolation, but when I see it in use in something I can relate to in the real world, that’s when it clicks for me. Plus, there is actually ZF functionality devoted to handling those messy “real world” details, such as deciding what stylesheets, includes, and javascripts to load for a particular page.
Head over and read the entire review as it also has some fair criticisms.
As always, don’t forget you can ask questions over at the forum.
Zend Framework 1.8 preview release is now available and you should check out where ZF is going. As this is a preview, it’s not ready for use in production though. Grab your copy over at the downloads page and test your app with it!
Matthew has the full rundown about it, but, the key new features in 1.8 are:
And lots of other improvements and bug fixes!
Matthew Weier O’Phinney has just posted the first of a series of articles on Zend_Form’s decorator system.
Zend_Form decorators all implement a common interface, Zend_Form_Decorator_Interface. That interface provides the ability to set decorator-specific options, register and retrieve the element, and render. A base decorator, Zend_Form_Decorator_Abstract, provides most of the functionality you will ever need, with the exception of the rendering logic.
I strongly recommend that everyone reads it!
Jim Plush has written a good article on why he chose Zend Framework for Enterprise usage.
He talks about the problems maintaining multiple sites in different technologies and lists the key reasons that he decided on Zend Framework including that there are books available.
He also covers development practices that he uses to help maintain the quality of the code.
Well worth a read.
Wil Sinclair posted this to the Zend Framework announcements mailing list:
The Zend Framework team was recently notified of an XSS attack vector in its Zend_Filter_StripTags class. Zend_Filter_StripTags offers the ability to strip HTML tags from text, but also to selectively choose which tags and specific attributes of those tags to keep. The XSS attack vector was due to a bug in matching HTML tag attributes to retain. If whitespace was introduced surrounding the attribute assignment operator or the value included newline characters, the attribute would always be included in the final output- even if it was not marked to retain. A security fix has been created and released with Zend Framework 1.7.7. Additionally, the fix has been back-ported to the 1.6, 1.5, and 1.0 release branches. The Zend Framework team strongly recommends upgrading to version 1.7.7. If you cannot upgrade at this time, we recommend exporting from the release branch matching the minor release you are currently using, or downloading the file listed below and pushing it into your Zend Framework installation. http://framework.zend.com/svn/framework/standard/branches/release-1.7/library/Zend/Filter/StripTags.php Thank you. ,Wil
It turns out that Manning, the publisher of Zend Framework in Action is on Twitter!
It also turns out that they’ve put up a sample of the book on Scribed! Check out the book, then order it, remembering to use the coupon code scribd25…
I’m a little behind on this one, but earlier this month, Tom Graham posted an article on preventing CRSF properly by sending back a 403 Forbidden if the Zend_Form_Element_Hash validation fails.
Well worth a read.
Whilst, Zend Framework in Action covers how to use the ActionStack front controller plugin, there are distinct disadvantages to using it. These are not covered in the book, however, Ryan Mauger has posted an article on why the ActionStack is evil.
Everyone should read it. Then if you decide to use the ActionStack, you are aware of the trade-offs.
