I'm working on a eZ publish 5 project. This CMS is based on symfony 2.
I have built a form without class as described in tge page : http://symfony.com/doc/current/book/forms.html#using-a-form-without-a-class
On the eZ publish 5 documentation (https://confluence.ez.no/display/EZP/Legacy+configuration+injection) I read that I need to set the CSRF intention parameter to 'legacy'. I can't figure how to do this. I tried to use the add method on my formBuilder :
$this->createFormBuilder()->add('_token', 'csrf', array('intention'=>'legacy');
But I get an error 'could not load type csrf'.
Can someone help me on this ?
Thanks.
Okay, I have given this a try.
My first answer is actually a question: If you don't intend to execute any legacy kernel code as a follow-up to your form, you don't need to care about the intention, I believe.
Intentions between the Symfony and legacy kernels only need to match if the Legacy Kernel is booted (in which case it will check if there is a token, and if it is valid).
If you need to use the Legacy Kernel, you can set the intention to legacy by passing custom form options:
$formOptions = array( 'intention' => 'legacy' );
$form = $this->createFormBuilder( null, $formOptions )
->add( 'text', 'text' )
->getForm();
Setting the default intention is explained in http://symfony.com/doc/current/book/forms.html#csrf-protection, but I wouldn't really advise this, unless you intend to only rely on the legacy kernel.
Related
I'm developing a new extension using ExtBase in TYPO3 (4.7) for a client.
I have however the strangest problem. In the back-end, my possible, new record types are - as usual - listed in the Insert new record Backend List. Usually each of these record-types are preceded by the module name (actually they are grouped right after the module name).. However, in my case, 1 or 2 of the record-types of any other extension appear within my extension's list as well.. I've been trying to figure out pretty much all that I can, I even copied the extension over to an entirely different TYPO3 installation, but the same problem persists..
If of any extension some records appear just below my extension's title, and I delete that particular extension, just some other record-types appear of another extension.
What's going on here??
Short & late answer:
i guess you have defined the title of your models in two different ways or with a non-existent languagefile in your ext_tables.php. Something like this:
Model1:
$TCA['tx_aaext_domain_model_one'] = array(
'ctrl' => array(
'title' => 'LLL:EXT:bn_news/Resources/Private/Language/locallang_db.xml:tx_bnnews_domain_model_categories',
Model2:
$TCA['tx_aaext_domain_model_two'] = array(
'ctrl' => array(
'title' => 'Static Title',
and/or your extension-name has an underscore like aa_extension, then this error can happen.
Make sure that both title-definitions are dynamic and begin with "LLL:EXT:" and point to an existing translation. Everything should be fine now.
Long answer will be to long :)
I created a my own validation class under /library/My/Validate/
In my form I have $this->addElementPrefixPath('My_Validate', 'My/Validate', 'validate');
I am using my validator like so:
$this->addElement('text', 'aField', array(
'validators' => array(
array('TestValidator', false, array('messages' => 'test failed')
),
));
This all works. However, I am interested in improving this in two ways.
I would like to make it so that all forms have access to my validator. Calling addElementPrefixPath() in every form doesn't seem to be a clean way of doing this.
I would like to pass in My_Validate_TestValidator instead of TestValidator so other developers know what they are working with right away.
To answer your first question, the only real easy way to do this would be to create your own instance of the form - My_Form_Abstract - which has an init() method that sets the prefix path - and then of course calls the parent init().
I'm not aware of a way to make your second method work flawlessly. You need to store a prefix in order to build the validator loader correctly. However, as an alternative, you might try creating new instances of the class using the full name, and then adding it to the element:
$element = $this->getElement('aField');
$myValidateTestValidator = new My_Validate_TestValidator();
$element->addValidator($myValidateTestValidator);
I'm writing my first community page with Lithium and mongoDB. I really like the schema-less way of mongo, but there is one problem making it impossible working without a schema:
For instance we have a simple form like this:
<?=$this->form->create();?>
<?=$this->form->field('name',array('label' => 'Topic title'));?>
<?=$this->form->field('text',array('label' => 'Content'));?>
<?=$this->form->submit('create');?>
which will be even simpler saved by this:
if($this->request->is('post')) {
$board_post = BoardPosts::create($this->request->data);
$board_post->save();
}
Now it's possible for everyone to add some form inputs by DOM manipulation with Firebug, Developer Tools etc. Of course that it might be some sensless fields in the database, but maybe someone adds a field, that is really used.
The only way to prevent this, is creating a schema in model. But for me this makes the whole idea of a schema-less database useless, doesn't it? And how to make schemas for different situations/actions, when some fields must not occur?
The Model::save() method accepts a 'whitelist' param in its options. See http://li3.me/docs/lithium/data/Model::save()
$whitelist = array(
'title',
'text'
);
$post = BoardPosts::create();
$post->save($this->request->data, compact('whitelist'));
You can also define protected $_schema in your Model and set protected $_meta = array('locked' => true); which will automatically set the whitelist to the fields defined in your schema. However, it is a good idea to define the whitelist in your controller to avoid attacks like you describe.
This problem is called a mass-assignment vulnerability and exists in many frameworks if developers are not careful.
I'm trying to integrate Doctrine 2 into Zend Framework (I'm new to ZF). I've look everywhere on the net but couldn't find my answer...
I've followed this recent tutorial: http://hectorpinol.com/zend-framework-1-11-and-doctrine-2-2-x-integration/ and I've managed to generate a table using the CLI.
The last step of the tuto is to add a new line in this table, simply using the Index controller. But my website doesn't work anymore (a brutal error 500, no message) because I changed the bootstrap.
if I remove the last lines I added to the _initDoctrine() method, it works again (but without Doctrine of course). Here they are:
// set the proxy dir and set some options
$config->setProxyDir(APPLICATION_PATH . '/models/Proxies');
$config->setAutoGenerateProxyClasses(true);
$config->setProxyNamespace('App\Proxies');
// now create the entity manager and use the connection
// settings we defined in our application.ini
$connectionSettings = $this->getOption('doctrine');
$conn = array(
'driver' => $connectionSettings['conn']['driv'],
'user' => $connectionSettings['conn']['user'],
'password' => $connectionSettings['conn']['pass'],
'dbname' => $connectionSettings['conn']['dbname'],
'host' => $connectionSettings['conn']['host']
);
$entityManager = \Doctrine\ORM\EntityManager::create($conn, $config);
// push the entity manager into our registry for later use
$registry = Zend_Registry::getInstance();
$registry->entitymanager = $entityManager;
return $entityManager;
Do you have any idea to unlock the situation? It's frustrating because I know I'm so close to make it work...
UPDATE1: I forgot to mention, in case it helps: I'm using WAMP on Windows. Thanks
UPDATE2: Added the parameters of the create() function.
UPDATE3: Actually it might not be an error 500. Chrome says this but Firefox just displays nothing. No answer from the server.
1) Change the environment to development to see the error message.
2) Use Bisna library instead, will save a lot of time (I don't see a point in integrating Doctrine manually well only educational purposes but you might want to save it for later).
I'm trying to implement a REST API to my website.
My problem is that the default Zend routing gets in the way. I've first tried using Zend_Rest_Route but I haven't been able to understand how I was supposed to use it correctly for "deep" routes, aka website/api/resource1/filter/resource2/id.
Using the default Zend routing, I'd need to create a gigantic Resource1Controller to take care of all the possible actions, and I don't think it's the "good" way to do this.
I've tried using Resauce ( http://github.com/mikekelly/Resauce/), creating an api module and adding routes, but I'm not able to get it working correctly :
The patterns I added were :
$this->addResauceRoutes(array(
'api/resource' => 'resource',
'api/resource/:id' => 'custom',
'api/resource/filter' => 'resource-filter',
'api/resource/filter/:id' => 'custom',
));
Which then leads to this :
public function addResauceRoutes($routes) {
$router = Zend_Controller_Front::getInstance()->getRouter();
foreach ($routes as $pattern => $controller) {
$router->addRoute($controller,
new Zend_Controller_Router_Route($pattern, array(
'module' => 'api',
'controller' => $controller
)
)
);
}
Zend_Controller_Front::getInstance()->setRouter($router);
website/api/resource gets me the
Resource1Controller, ok
website/api/resource/filter gets me to the
resource1filterController, ok
website/api/resource/filter/:id gets me to
a custom controller, ok
I'd like for website/api/resource/:id to get me to the same custom controller... But it redirects me to the Resource1Controller.
What solution is there for me to correctly create my API ? Is there a good way to do this with Zend_Rest_Route ?
Edit : Mike,
I felt that it was not appropriate for me to use different controllers since I need the pathes "website/api/resource/:id" and "website/api/resource/filter/:id" to give me almost the exact same result (the only difference is that because the filter is there, I may get a message telling "content filtered" here).
I thought it was a waste creating another almost identical controller when I could've used the same controller and just checked if a parameter "filter" was present.
However, I don't want to use the basic Zend routing since for the path "website/api/resource/filter/resource2" I'd like to have a totally different comportment, so I'd like to use another controller, especially since I'm trying to use Zend_Rest_Action and need my controllers to use the basic actions getAction(), putAction(), postAction() and deleteAction().
Please could you explain why it is you need two URI patterns pointing to the same controller. A better solution might be to use a separate controller for each of the two patterns and move any shared logic into your model.
Forcing a unique controller for each routing pattern was an intentional design decision, so I'd be interested to hear more detail about your use case where you feel this isn't appropriate.
I thought it was a waste creating
another almost identical controller
when I could've used the same
controller and just checked if a
parameter "filter" was present.
Personally, I think it is cleaner to move the shared logic into the model and to keep your controllers skinny. To me it's not wasteful, it's just more organised - it will make your code easier to manage over time.
If you really need to use the same controller you could always use a query parameter instead, that would work fine:
api/resource/foo?filter=true
That URI would be taken care of by the first route ('api/resource/:id' => 'custom') for free.
But please consider using two controllers, I think that is a better approach.
Okay, the reason I didn't get the good controllers was because Resauce uses the controller name as the name of the route, which has to be unique - so second url pointing to "custom" controller couldn't work. Now I'm able to get the files I want :)
So instead of what was previously noted, I use directly the $router->addRoute(); and define new names each times, even if pointing to the same controller.
Example :
$router->addRoute('resource', new Zend_Controller_Router_Route('/api/resources/:id', array('module' => 'api', 'controller' => 'resource')));
$router->addRoute('resourceFiltered', new Zend_Controller_Router_Route('/api/resources/filter1/:id', array('module' => 'api', 'controller' => 'resource', 'filter' => 'filter1'));