Zend_Filter_Input and arrays
Here’s a quick tidbit that I discovered a few months back, forgot to document and it bit me in the rear just now. If you’re using Zend_Filter_Input for input validation in your applications, and you’re expecting the incoming data to be a multi-dimensional array, be sure not filter any keys that contain an array, as ZF will transform the array from a data structure to the string “Array”. For instance, let’s say you’re expecting the following data:
$inputData = array( 'parentID' => 1, 'title' => 'My parent data', 'children' => array( 0 => 'Red', 1 => 'Green', 2 => 'Blue' ) )
So you set up a Zend_Input_Filter like so:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 | $filters = array(* => array('StringTrim', 'StripTags')); $validators = array( 'parentID' => array( 'NotEmpty', 'Int', 'messages' => array( 0 => 'Please specify a parent ID.' ) ), 'title' => array( 'Alnum', 'messages' => array( 0 => 'Please use only letters and numbers for your title.' ) ), 'children' => array( 'presence' => 'optional', 'allowEmpty' => true ) ); $inputFilter = new Zend_Filter_Input($filters, $validators, $inputData); |
Using the wildcard operator in the $filters declaration will destroy $inputData[’children’]. Rather, you have to individually specify each key to filter, skipping ‘children’.
1 2 3 4 | $filters = array( 'parentID' => array('StringTrim', 'StripTags'), 'title' => array('StringTrim', 'StripTags') ); |
Of course, this isn’t the most secure approach, since no filtering is performed at this point on the contents of the ‘children’ array. There’s a need for filtering and validation classes that can walk through arrays, and validate the values within, but I haven’t yet discovered such classes, so I’ve been using my own custom code in the instances where I need it. Let me know if you’ve developed or run across array compatible ZF filtering and validation classes.
PS - can anyone recommend a plugin or alternative blogging tool to wordpress that will allow me to format code samples properly? I’m sick of fighting Wordpress just to display line breaks and indenting in a <code> tag.
PPS - I’ve found a good code syntax highlighting plugin, and I’ve discovered the WP Visual Editor is the root of all my woes. I turned that off in my user profile, and surprise, surprise, my content stopped getting modified. As usual, good intentions paved the path to (relative) hell. Do less.
4 Comments Jump to comment form | comments rss | trackback uri
February 20, 2008 / 1:39 pm
It seems to support 2-dimensional, but not n-dimensional which I think is very disappointing. So you have to jump through a bunch of hoops if you pass n-dimensional arrays in your $_REQUEST data. Why recurse only 2 levels deep Zend?!
February 20, 2008 / 2:08 pm
I think a good solution to this issue would have the library implement a RECURSIVE metacommand, like the break chain and message metacommands. This could default to the full depth of the array, while specifying a number for the value would set the recursion depth. Something like
$validators = array(
‘month’ => array(
‘Digits’,
‘recursive’ => true
)
);
I think I’ll suggest that as a feature in the ZF JIRA tracker.
Say what?
XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <code> <em> <i> <strike> <strong>
About this entry
Categories
- App Design (8)
- Blogs (6)
- Business (4)
- Code Philosophy (2)
- Javascript (1)
- Open Source (5)
- PHP (15)
- Thoughts (2)
- Tools (10)
- Usability (3)
- Wordpress (2)
- Zend Framework (9)
February 14, 2008 / 7:30 pm
ZF seems to support 2-dimensional now. But too much in fact. It automatically recurses arrays. If you attach a Digits filter to an input parameter an array of digits will pass as well and there seems no way to distinguish the two using Zend_Filter_Input. Very annoying…