Styling a Zend Framework 2 Navigation Menu to Work with Bootstrap

Written by James Mansson on September 1, 2014 Categories: Bootstrap, Zend Framework 2

The Zend\Navigation component in Zend Framework 2 is integrated with the Menu view helper to allow a navigation object to be easily converted into HTML. This is mostly compatible with Bootstrap in terms of the HTML generated, but we need to specify the class of the ul element in order for it to be rendered correctly. (more…)

1 Comment on Styling a Zend Framework 2 Navigation Menu to Work with Bootstrap

Working Around a Bug in the Zend Framework Post Code Validator

Written by James Mansson on July 10, 2014 Categories: Zend Framework 1

I recently discovered that the Zend Framework 1 Post Code validator has a bug when validating UK Post Codes with a space in them. The details of this can and a possible solution can┬ábe found here on Rob Allen’s blog (among other places). Essentially you need to strip all spaces from the post code before doing the validation.

No Comments on Working Around a Bug in the Zend Framework Post Code Validator

Changing the Search Order used by Zend_Db_Select

Written by James Mansson on April 12, 2014 Categories: Databases, Zend Framework 1

When using Zend Framework 1, a common way to build up search queries is using a Zend_Db_Select object. This is especially powerful when used in conjunction with Zend_Paginator, which can take an object of this type, and modify the query to display the appropriate page of results. (more…)

No Comments on Changing the Search Order used by Zend_Db_Select

Making a Zend_Form_Element_Multiselect Required

Written by James Mansson on March 17, 2014 Categories: Zend Framework 1

I recently encountered a problem with the Zend Framework, when attempting to make a form field of type Zend_Form_Element_Multiselect required. When the field failed validation, because no value had been selected, the application displayed the warning “Invalid argument supplied for foreach…”. Investigation of the Zend Framework code revealed that the issue was caused by a flaw in the _getErrorMessages function of Zend_Form_Element. (more…)

No Comments on Making a Zend_Form_Element_Multiselect Required

Checking for the Existance of an Element using jQuery

Written by James Mansson on February 22, 2014 Categories: jQuery

There is a simple way to determine whether an element exists on a web page using jQuery. This involves using the length property of the object returned by a jQuery selector. For instance, if you need to check whether there is an element with the ID of size before performing some operation, you can use the following jQuery:

if ($("#size").length > 0)
{
  /* Do whatever you need to do */
}

The selector will always return an object that encapsulates whatever matches the selector. This can be any number of elements, including zero. The length property is used to indicate the number of elements selected.

No Comments on Checking for the Existance of an Element using jQuery

Only Allowing One Login by a User at the Same Time

Written by James Mansson on January 4, 2014 Categories: Web Security

It may be desirable to restrict each user account on a web application to one login at the same time. This is a useful security measure when each user should only be logged in once from a single location.

One technique for doing this is based on storing the user’s session ID in a database table. The process used would be something like this:

  • Following a successful login, store the session ID in the database against the username. This means that the last successful login will be the valid login.
  • As part of the access control process, if the user is logged in, check whether the current session ID matches the session ID in the database; if it does not, log the current user out, but do not clear the session ID from the database, or destroy the session, as per the normal logout process.
  • As part of the normal logout process, clear the session ID for the username from the database, then destroy the session.

The precise implementation of the above will depend on the web framework you are using.

No Comments on Only Allowing One Login by a User at the Same Time

Regenerating the Session ID on Login using the Zend Framework

Written by James Mansson on December 31, 2013 Categories: Session Hijacking, Zend Framework 1

It is a good security practice to regenerate the session ID following a successful login, in order to guard against the session being hijacked. This could occur should the attacking gains access to the session ID stored in a cookie prior to login.

Zend Framework 1 offers a simple static function call which forces a regeneration of the session ID:

Zend_Session::regenerateId();

You should add a call to this function following a successful login by the user.

You can find more about this function in the appropriate part of the Zend Framework documentation.

No Comments on Regenerating the Session ID on Login using the Zend Framework

Creating a Zend Framework View Helper to Truncate Text

Written by James Mansson on December 11, 2013 Categories: Zend Framework 1

It is sometimes useful to be able to truncate a longer piece of text to fit into the available space, such as when displaying a series of search results. There are a number of ways to do this; one good one for PHP is described in this Stack Overflow answer. (more…)

No Comments on Creating a Zend Framework View Helper to Truncate Text

Creating a Zend Framework XSS Filter that uses HTML Purifier

Written by James Mansson on December 4, 2013 Categories: XSS, Zend Framework 1

When developing a website or web application, it is important to guard against cross-site scripting (XSS) attacks. While it is possible to develop your own filter mechanism, it is a more practical (and usually more effective) approach to make use of one of the filters libraries already out there. One such library – mentioned and recommended in the Zend Framework 1 documentation – is HTML Purifier. To quote from the front page of the website:

HTML Purifier is a standards-compliant HTML filter library written in PHP. HTML Purifier will not only remove all malicious code (better known as XSS) with a thoroughly audited, secure yet permissive whitelist, it will also make sure your documents are standards compliant, something only achievable with a comprehensive knowledge of W3C’s specifications. Tired of using BBCode due to the current landscape of deficient or insecure HTML filters? Have a WYSIWYG editor but never been able to use it? Looking for high-quality, standards-compliant, open-source components for that application you’re building? HTML Purifier is for you!

(more…)

No Comments on Creating a Zend Framework XSS Filter that uses HTML Purifier

Disabling Zend_Form Elements

Written by James Mansson on December 1, 2013 Categories: Zend Framework 1

Sometime we may wish to disable elements on a form. For instance, we may share the same form for adding and editing a record, and a particular field is read only when editing. When working with Zend_Form, we can use the setAttrib function of a form element to perform this task.

Some elements (e.g. text elements) are disabled by making them read only. Assuming the for element is represented by the variable $element, we can do this by:

$element->setAttrib('readonly', 'true');

For other elements (e.g. select elements), we set the disabled attribute to disabled by:

$element->setAttrib('disabled', 'disabled');
No Comments on Disabling Zend_Form Elements