I have implemented Zend_Lucene in my first Zend Framework Project, but since I have implemented Routes the Search Results does not seem to work anymore.
In my Search Result view, I have changed the URL to the Postdetails to use the Route:
<a href="<?php echo $this->url(array('post' => $value['post_id'], 'postname' => $value['post_title']), 'postdetails', true); ?>">
Unfortunately it does not seem to work, instead it shows me
<a href="/%3C%21DOCTYPE+html+PUBLIC+.......
I normally also use
$this->escape($value['post_title'])
but again, it shows something with DOCTYPE. I don't understand enough about ZF to know what goes wrong. Can someone give me a hint? Thank you very much in advance!
Have you tried using your named route without setting the reset option to true? I think you might be contradicting your self. You are telling the url helper to use a named route at the same time telling it to use the default routes. if you haven't already try:
<a href="<?php echo $this->url(array('post' => $value['post_id'], 'postname' => $value['post_title']), 'postdetails'); ?>">
you also may need to set default values for post and postname in your route(if you haven't already)
Related
I have a login system that works for most people (on Chrome, Android devices, IE8, Firefox, etc), but it seems not to work for people with Z10s or iPhone 5s. I don't have access to these devices so it's difficult to test, so I wanted to ask whether I was setting up everything properly.
It's an AngularJS app, using hello.js for OAuth, and bootstrap-social and font-awesome for the sign in buttons.
To insert hello into Angular, in app.js I include:
var app = angular
.module('myapp', [
'ui.bootstrap',
'ui.router',
'hello',
])
...
.run([..., 'hello', ..., function(..., hello, ...) {
...
hello.init(...);
...
}]);
...
var helloApp = angular.module('hello', []);
helloApp.factory('hello', function() {
return window.hello; // Assumes hello has been loaded
});
Then, in my loginCtrl, I inject it with
angular.module('myapp').controller('loginCtrl', [..., 'hello', ...,
function(..., hello, $location, ...) {
...
$scope.doLogin = function(network) {
console.log('Calling hello ' + network);
hello.login(network);
};
...
}]);
And in my view, I have
<button id="facebookLogin" class="btn btn-social btn-facebook" ng-click="doLogin('facebook')">
<span class="fa fa-facebook pull-left"></span> <span>Sign in with Facebook</span>
</button>
<button id="googleLogin" class="btn btn-social btn-google-plus" ng-click="doLogin('google')">
<span class="fa fa-google-plus pull-left"></span> <span>Sign in with Google</span>
</button>
Yesterday I was using onclick="hello.login('facebook')", and I suspected that was breaking on certain devices because I shouldn't be using onclick and hello wasn't in scope, so that's why I changed it to ngClick and calling a function in scope. The specific effect of onclick on the users who had errors was to redirect the user to the default/catch-all route without accessing the server at all (I listen for hello events and call the server, so this suggests it wasn't calling hello at all.)
But still, I ask the people who are having issues to re-try (after refreshing obviously), and now they say the button simply does nothing.
Other buttons on the site work. In fact, to get to this page, they use a <button> that uses ui-router to get to this page.
I'm going to continue to search, but I just wanted to ask if I seemed to be hooking hello.js into AngularJS properly, and not making any other beginner mistakes.
I believe the problem is that iPhones and Z10s were blocking hello.js's popup OAuth authentication, but I couldn't just switch it to use page.
When I tried, Facebook returns me to my redirect_url with the fragment
#access_token=....&expires_in=4264&state={%22client_id%22%3A%22164986300332415%22%2C%22network%22%3A%22facebook%22%2C%22display%22%3A%22page%22%2C%22callback%22%3A%22_hellojs_3ojn1yy8%22%2C%22state%22%3A%22%22%2C%22oauth_proxy%22%3A%22https%3A%2F%2Fauth-server.herokuapp.com%2Fproxy%22%2C%22scope%22%3A%22basic%22%2C%22oauth%22%3A{%22version%22%3A2%2C%22auth%22%3A%22https%3A%2F%2Fwww.facebook.com%2Fdialog%2Foauth%2F%22}}
it's ugly, but the point is it starts with a hash tag. So, while hello.js can normally read this, it couldn't in this case because Angular would mangle the address immediately. I'm not sure if this is because I specify to use hash-bangs instead of hash's, but it was.
And I couldn't send this to a PHP script or anything because the fragment after the hashtag would never make it to the PHP script.
So, my solution was to point the redirect_url at an independent page that has hello.js on it, but no Angular. It saves stuff to window.sessionStorage and redirects the user back to the login page, where hello.js passes the user through.
I'm not very confident in this ugly approach yet, so I put a browser sniffer to only do it for iPhones (and use popup for everyone else), I may remove this check in the future (because it's sketchy)
#matt it uses localstorage, not sessionstorage.
Use popup for all, and define a redirect_uri page with just hello.js In it. I dont know why you might think thats sounds wrong. All the demos do it this way. It also gives you a chance to display a nifty loading screen.
Sorry about the ugly fragment. It communcates a lot of state parameters which is used for the oauth proxy... most endpoints like facebook dont need it, so I might refactor that to make it a little less daunting.
I am not 100% sure if this is as big an issue has I seem to think it is right now but I think I may of found an issue or at else an hole within the Inspect Element viewer within Chrome.
I was using (I have now changed my settings) hidden ID's to set a number of defaults, one was users levels, another was to make the user active by default.
However when I view these ID's within the inspect Element view and then changed the values, submitting the form would submit the NEW value to the server and not the value I had given it.
For Example:
I had something like the following within my code,
<input type="hidden" name="data[user][level][id]" value="1" id="MyID">
I then changed it within the Inspect view to,
<input type="hidden" name="data[user][level][id]" value="2" id="MyID">
Then I submitted the form and was surprised that the NEW value was submitted, I was always under the inpresion that hidden ID's where not changeable and the browser should only submit the default values held within.
I have now changed this to letting the database default to a basic user and then I can change the users setting has I want to. But in some cases this may not be an option, so I was hoping for an answer or some feedback about how to make this more safe.
Am I just a bit slow, are there better methods (different ones) to passing 'hidden' data from forms to the server?
I was thinking about maybe using JQuery to add the needed hidden fields to the forms once the user had selected / submitted the form, but i am not sure if this is 100% safe or even if its a good idea.
Any ideas / feedback are very welcome.....
Many Thanks,
Glenn.
I had the same problem passing the database data into a modal,the solution i know is to use jquery ajax to get the informations from the database requesting a file,adding them into variables and compare the variables
$.ajax({
url: "test.html",
context: document.body
}).done(function() {
$(this).addClass("done");
});
I used this code sample to do it.
Of course there are a few modifications to be done depending on your script
I found a better way of doing this, at lest in CakePHP. The CakePHP framework has inbuilt security calls. These in-built functions when added give you all sorts of stuff but the main reason I used them was to stop this sort of form tampering.
I am not 100% sure how it does this, but it adds a token to all forms and it checks to see if the form being submitted is right? Again not sure how the token works.
But here is the code I used ::
public function beforeFilter() {
$this->Auth->allow('index', 'SystemAccess');
$this->Security->blackHoleCallback = 'blackhole';
}
public function blackhole($type) {
$this->Auth->logout();
$this->Session->setFlash('Sorry a security issue has been detected, please try again or contact us for support.', 'default', array(), 'bad');
$this->redirect($this->Auth->redirect('/'));
}
Now I will add that the call the Auth logout I added to this for extra added security, as the user maybe have logged in on a system and it just not be them that is trying to do things that they should not.
Hope that helps others out!
But this is only a fix for when CakePHP is in use. I would take it that other frameworks would have their options but if your only using basic HTML? or a CMS like Drupal again there might be in built security.
Many Thanks
Glenn.
The only safe and best solution that I found for this issue is to check on the server side whether the user_id sent with the form is the same user_id logged in with or not.
Although using jquery is good idea, but, did not work with my case as am using data: $(this).serialize(),
However here's my code on the server side (Note, am using Laravel 5.4, but am sure it won't matter with your case)
if ($request->user_id != Auth::user()->id)
return json_encode("F**K YOU ! Don't Play Smart -_- !");
else
raw_material_category::create($request->all());
Hope this helped ;)
I'm trying to develop a site using Zend Framework, but i have a problem:
I have the default controller which shows me a page with a link. That link uses another controller and redirects me to a start page from that controller (i have implemented startAction() in my custom controller, and the start.phtml page in the modules/default/view/scripts/disc directory).The start view contains a table which is populated from a database, and three link: Add, Edit and Delete. For the Add link i use in start.phtml the following code:
<p>Add</p>
And for the other two link something like that except the action name. First time when i use one of the links, everything works fine, but when it returns me to the start page all the links don't work anymore. They just keep me in the start page. In my addAction() i do the things i need, and at the end i use the following code to return to start page :
$this->_helper->redirector ( 'start' );
and when the start page is loaded again the 'Add' link points to the start page and not anymore to the Add page. The same thing happens with the other two links.
Can anyone help me, please ?
you are attempting to use the short hand version of the action helper Redirector()
$this->_helper->redirector ( 'start' );
To avoid confusion with the utility method version (and because I don't know what the exact defaults are) I always use the proper form.
//the redirector helper has to many options to comfortably short hand.
//gotoSimple(), gotoUrl() and gotoRoute() are all easy to use.
$this->_helper->getHelper('Redirector')->gotoSimple('action' => 'start', 'controller' => 'index')
to use the utility method _redirect(), try something like this (it acepts a url):
$this->_redirect('/index/start');
I think that start must be its own route. As a result, you need to specify the default route when using the url view helper:
In start.phtml, try this:
<p><a href="<?php echo $this->url(
array ('controller' => 'disc','action' => 'add'), 'default');
?>">Add</a></p>
I have this link:
<a href="<?php echo $this->url(array('controller'=>'index','action'=>'form'),NULL,TRUE);?>">
Form
</a>
With this I get something like:
http://foo.com/form
I need to pass a param to the URL with this link.
So that I can have something like this instead:
http://foo.com/form?bar=1231
How can we accomplish this ?
Thanks in advance.
In ZF, URL parameters are passed as /param-name/param-value. So if http://foo.com/form/bar/1231 would satisfy you, you could do like this:
<?php echo $this->url(array('controller'=>'index','action'=>'form', 'bar'=>'1231'),NULL,TRUE);?>
The URL view helper is used to create links using the Routes setup with your application. If you aren't following the routes setup, then there isn't much point in using the view helper, and instead you could just append the created url you got from the view helper with the ?bar=1231.
<a href="<?php echo $this->url(array('controller'=>'index','action'=>'form'),NULL,TRUE)."?bar=1231";?>">
Form
</a>
i'm using form filtering to filter data in the frontend.
The problem is that the URL is ugly
http://............./players/game/?st_player_cv_filters[location_id]=1&st_player_cv_filters[plateforme_id]=3&st_player_cv_filters[level_id]=3&st_player_cv_filters[_csrf_token]=023c5c9fb5fc7e7b6ed60d6839c36f67
(form rendered with :
<?php echo $form->renderFormTag(url_for("game_player", $game), array('method' => 'get')); ?>
<table><tr><th><label for="location_id"><?php echo __('Country'); ?></label></th><td><?php echo $form['location_id']; ?></td></tr>
How to render this url in a better way please ?
Thanks
Using the framework/API itself is a good idea if it supports your needs. By the sound of your question, you can likely use the Symfony routing API to faciliate a solution...
For example, this book chapter covers it:
How to configure the routing rules to
change the appearance of URLs
Futhermore it speaks about long querystrings that you mentioned:
For instance, a traditional URL
contains the file path to a script and
some parameters necessary to complete
the request, as in this example:
http://www.example.com/web/controller/article.php?id=123456&format_code=6532
and speaks about the associated problems:
The unintelligibility of URLs makes
them disturbing wherever they appear,
and they dilute the impact of the
surrounding content
The chapter provides HOW IT WORKS: examples of how to change your URLs using configuration and programming.
You should be able to maintain bookmarkability through easier to read/less complex/more secure URLs.
sometimes when I run into this problem I run a redirect from the receiving page for the form to itself using symfony's redirect method.
$this->redirect('.../formAction?'.http_build_query($get_vars));
OR
use the url_for() method and such as:
<form action="<?php echo url_for('.../formAction?'.http_build_query($get_vars)); ?>">
...
</form>
If you have the option, you could use POST rather than GET. That would clean up the url significantly.