Auto escape variables in Zend Framework


In Zend Framework you can use the $this->escape() view helper to escape variables to protect your website against XSS attacks.

Unfortunately, there is no possibility to enable this by default so that EVERY variable is escaped by default. It’s a bit odd because some other popular frameworks like Symfony provide this by default. And Symfony 1 was released earlier than Zend Framework, so you’d think it would be picked up, but no

Ofcourse if everything is escaped by default, there are situations were variables were escaped earlier in the application like a form element. But when you More >


Ubuntu 11.10 – Configure POEdit for Zend Framework


In this post I’ll desribe how to configure POEdit for Zend Framework in Ubuntu. However POEdit is cross platform compatible and has the same GUI on Windows and Mac, so for these platforms you can also follow several steps below.

If you don’t have POEdit installed yet, open a terminal and execute:

apt-get install poedit

Now start the application with “Alt + F2″ and type “poeditor” and double click the icon. If you start POEdit for the first time, you’ll see the preferences dialog.

Append ” -L php” to the end of the “Parser command:” text field.

More >

PiKe multi translate with Zend_Translate and application.ini


With Zend Framework it’s not possible to define multiple translate sources for one Zend_Translate instance that will be stored in the Zend_Registry. Also if you want to add a logger to Zend_Translate, it’s not possible to do this only in your application.ini. The closest you get is to define all translate settings, than create a bootstrap method and “extend” the settings and add a instance of Zend_Log with a writer there.

But we made it possible at the PiKe project to define all this purely in your application.ini.

You only need the file following file, or just add More >

Drupal 7 – Exclude node type in search results


Websites that use the search of Drupal 7 core have now ability to restrict the search and exclude some node types for example. I see some articles that Drupal 8 probably will have this kind of functionality.

However, it’s possible to rewrite the SQL query that selects the search results. Thanks to the Drupal database layer this can be done quite easily.

/**  * Excludes node type "foo" from search results  *  * @param object $query  */ function mymodule_query_alter(&$query) {   $is_search = FALSE;   foreach ($query->getTables() as

More >

Go to Top