Introduction to Zend Framework

 Learning Zend Framework


 Zend Framework Reference

  •  Zend_Gdata
  •  Zend_Http
  •  Zend_InfoCard
  •  Zend_Json
  •  Zend_Layout
  •  Zend_Ldap
  •  Zend_Loader
  •  Zend_Locale
  •  Zend_Log
  •  Zend_Mail
  •  Zend_Markup
  •  Zend_Measure
  •  Zend_Memory
  •  Zend_Mime
  •  Zend_Navigation
  •  Zend_Oauth
  •  Zend_OpenId
  •  Zend_Paginator
  •  Zend_Pdf
  •  Zend_ProgressBar
  •  Zend_Queue
  •  Zend_Reflection
  •  Zend_Registry
  •  Zend_Rest

  •  Zend_Search_Lucene
  •  Zend_Serializer
  •  Zend_Server
  •  Zend_Service
  •  Zend_Session
  •  Zend_Soap
  •  Zend_Tag
  •  Zend_Test
  •  Zend_Text
  •  Zend_TimeSync
  •  Zend_Tool
  •  Zend_Tool_Framework
  •  Zend_Tool_Project
  •  Zend_Translate
  •  Zend_Uri
  •  Zend_Validate
  •  Zend_Version
  •  Zend_View
  •  Zend_Wildfire
  •  Zend_XmlRpc
  • ZendX_Console_Process_Unix
  • ZendX_JQuery
  • Update 2011-11-16 - Revision 24438 - Version ZF 1.11.x

    Appendix B. Zend Framework Migration Notes

    Table of Contents

    B.1. Zend Framework 1.10
    B.1.1. Zend_Controller_Front
    B.1.2. Zend_Feed_Reader
    B.1.3. Zend_File_Transfer
    B.1.3.1. Security change
    B.1.3.2. Count validation
    B.1.4. Zend_Filter_HtmlEntities
    B.1.5. Zend_Filter_StripTags
    B.1.6. Zend_Translate
    B.1.6.1. Xliff adapter
    B.1.7. Zend_Validate
    B.1.7.1. Self written validators
    B.1.7.2. Simplification in date validator
    B.1.7.3. Fixes in Alpha, Alnum and Barcode validator
    B.2. Zend Framework 1.9
    B.2.1. Zend_File_Transfer
    B.2.1.1. MimeType validation
    B.2.2. Zend_Filter
    B.2.3. Zend_Http_Client
    B.2.3.1. Changes to internal uploaded file information storage
    B.2.3.2. Deprecation of Zend_Http_Client::_getParametersRecursive()
    B.2.4. Zend_Locale
    B.2.4.1. Deprecated methods
    B.2.5. Zend_View_Helper_Navigation
    B.2.6. Security fixes as with 1.9.7
    B.2.6.1. Zend_Dojo_View_Helper_Editor
    B.2.6.2. Zend_Filter_HtmlEntities
    B.2.6.3. Zend_Filter_StripTags
    B.3. Zend Framework 1.8
    B.3.1. Zend_Controller
    B.3.1.1. Standard Route Changes
    B.3.2. Zend_Locale
    B.3.2.1. Default caching
    B.4. Zend Framework 1.7
    B.4.1. Zend_Controller
    B.4.1.1. Dispatcher Interface Changes
    B.4.2. Zend_File_Transfer
    B.4.2.1. Changes when using filters and validators
    B. Filter: Rename
    B. Validator: Count
    B. Validator:Extension
    B. Validator: FilesSize
    B. Validator: Hash
    B. Validator: ImageSize
    B. Validator: Size
    B.4.3. Zend_Locale
    B.4.3.1. Changes when using isLocale()
    B.4.3.2. Changes when using getDefault()
    B.4.4. Zend_Translate
    B.4.4.1. Setting languages
    B.4.5. Zend_View
    B.4.5.1. Disabling LFI protection for the render() method
    B.5. Zend Framework 1.6
    B.5.1. Zend_Controller
    B.5.1.1. Dispatcher Interface Changes
    B.5.2. Zend_File_Transfer
    B.5.2.1. Changes when using validators
    B.6. Zend Framework 1.5
    B.6.1. Zend_Controller
    B.7. Zend Framework 1.0
    B.7.1. Zend_Controller
    B.7.2. Zend_Currency
    B.8. Zend Framework 0.9
    B.8.1. Zend_Controller
    B.9. Zend Framework 0.8
    B.9.1. Zend_Controller
    B.10. Zend Framework 0.6
    B.10.1. Zend_Controller

    B.1. Zend Framework 1.10

    When upgrading from a previous release to Zend Framework 1.10 or higher you should note the following migration notes.

    B.1.1. Zend_Controller_Front

    A wrong behaviour was fixed, when there was no module route and no route matched the given request. Previously, the router returned an unmodified request object, so the front controller just displayed the default controller and action. Since Zend Framework 1.10, the router will correctly as noted in the router interface, throw an exception if no route matches. The error plugin will then catch that exception and forward to the error controller. You can then test for that specific error with the constant Zend_Controller_Plugin_ErrorHandler::EXCEPTION_NO_ROUTE:

     * Before 1.10
    public function errorAction()
    $errors $this->_getParam('error_handler');

            switch (
    $errors->type) {
    // ...

     * With 1.10
    public function errorAction()
    $errors $this->_getParam('error_handler');

            switch (
    $errors->type) {
    // ...

    B.1.2. Zend_Feed_Reader

    With the introduction of Zend Framework 1.10, Zend_Feed_Reader's handling of retrieving Authors and Contributors was changed, introducing a break in backwards compatibility. This change was an effort to harmonise the treatment of such data across the RSS and Atom classes of the component and enable the return of Author and Contributor data in more accessible, usable and detailed form. It also rectifies an error in that it was assumed any author element referred to a name. In RSS this is incorrect as an author element is actually only required to provide an email address. In addition, the original implementation applied its RSS limits to Atom feeds significantly reducing the usefulness of the parser with that format.

    The change means that methods like getAuthors() and getContributors no longer return a simple array of strings parsed from the relevant RSS and Atom elements. Instead, the return value is an ArrayObject subclass called Zend_Feed_Reader_Collection_Author which simulates an iterable multidimensional array of Authors. Each member of this object will be a simple array with three potential keys (as the source data permits). These include: name, email and uri.

    The original behaviour of such methods would have returned a simple array of strings, each string attempting to present a single name, but in reality this was unreliable since there is no rule governing the format of RSS Author strings.

    The simplest method of simulating the original behaviour of these methods is to use the Zend_Feed_Reader_Collection_Author's getValues() which also returns a simple array of strings representing the "most relevant data", for authors presumed to be their name. Each value in the resulting array is derived from the "name" value attached to each Author (if present). In most cases this simple change is easy to apply as demonstrated below.

     * Before 1.10
    $feed Zend_Feed_Reader::import('');
    $authors $feed->getAuthors();

     * With 1.10
    $feed Zend_Feed_Reader::import('');
    $authors $feed->getAuthors()->getValues();

    B.1.3. Zend_File_Transfer

    B.1.3.1. Security change

    For security reasons Zend_File_Transfer does no longer store the original mimetype and filesize which is given from the requesting client into its internal storage. Instead the real values will be detected at initiation.

    Additionally the original values within $_FILES will be overridden within the real values at initiation. This makes also $_FILES secure.

    When you are in need of the original values you can either store them before initiating Zend_File_Transfer or use the disableInfos option at initiation. Note that this option is useless when its given after initiation.

    B.1.3.2. Count validation

    Before release 1.10 the MimeType validator used a wrong naming. For consistency the following constants have been changed:

    Table B.1. Changed Validation Messages

    Old New Value  
    TOO_MUCH TOO_MANY Too many files, maximum '%max%' are allowed but '%count%' are given  
    TOO_LESS TOO_FEW Too few files, minimum '%min%' are expected but '%count%' are given  

    When you are translating these messages within your code then use the new constants. As benefit you don't need to translate the original string anymore to get a correct spelling.

    B.1.4. Zend_Filter_HtmlEntities

    In order to default to a more secure character encoding, Zend_Filter_HtmlEntities now defaults to UTF-8 instead of ISO-8859-1.

    Additionally, because the actual mechanism is dealing with character encodings and not character sets, two new methods have been added, setEncoding() and getEncoding(). The previous methods setCharSet() and setCharSet() are now deprecated and proxy to the new methods. Finally, instead of using the protected members directly within the filter() method, these members are retrieved by their explicit accessors. If you were extending the filter in the past, please check your code and unit tests to ensure everything still continues to work.

    B.1.5. Zend_Filter_StripTags

    Zend_Filter_StripTags contains a flag, commentsAllowed, that, in previous versions, allowed you to optionally whitelist HTML comments in HTML text filtered by the class. However, this opens code enabling the flag to XSS attacks, particularly in Internet Explorer (which allows specifying conditional functionality via HTML comments). Starting in version 1.9.7 (and backported to versions 1.8.5 and 1.7.9), the commentsAllowed flag no longer has any meaning, and all HTML comments, including those containing other HTML tags or nested commments, will be stripped from the final output of the filter.

    B.1.6. Zend_Translate

    B.1.6.1. Xliff adapter

    In past the Xliff adapter used the source string as message Id. According to the Xliff standard the trans-unit Id should be used. This behaviour was corrected with Zend Framework 1.10. Now the trans-unit Id is used as message Id per default.

    But you can still get the incorrect and old behaviour by setting the useId option to FALSE.

    $trans = new Zend_Translate(
    'xliff''/path/to/source'$locale, array('useId' => false)

    B.1.7. Zend_Validate

    B.1.7.1. Self written validators

    When setting returning a error from within a self written validator you have to call the _error() method. Before Zend Framework 1.10 you were able to call this method without giving a parameter. It used then the first found message template.

    This behaviour is problematic when you have validators with more than one different message to be returned. Also when you extend an existing validator you can get unexpected results. This could lead to the problem that your user get not the message you expected.

    My_Validator extends Zend_Validate_Abstract
    $this->_error(); // unexpected results between different OS

    To prevent this problem the _error() method is no longer allowed to be called without giving a parameter.

    My_Validator extends Zend_Validate_Abstract
    $this->_error(self::MY_ERROR); // defined error, no unexpected results

    B.1.7.2. Simplification in date validator

    Before Zend Framework 1.10 2 identical messages were thrown within the date validator. These were NOT_YYYY_MM_DD and FALSEFORMAT. As of Zend Framework 1.10 only the FALSEFORMAT message will be returned when the given date does not match the set format.

    B.1.7.3. Fixes in Alpha, Alnum and Barcode validator

    Before Zend Framework 1.10 the messages within the 2 barcode adapters, the Alpha and the Alnum validator were identical. This introduced problems when using custom messages, translations or multiple instances of these validators.

    As with Zend Framework 1.10 the values of the constants were changed to be unique. When you used the constants as proposed in the manual there is no change for you. But when you used the content of the constants in your code then you will have to change them. The following table shows you the changed values:

    Table B.2. Available Validation Messages

    Validator Constant Value
    Alnum STRING_EMPTY alnumStringEmpty
    Alpha STRING_EMPTY alphaStringEmpty
    Barcode_Ean13 INVALID ean13Invalid
    Barcode_Ean13 INVALID_LENGTH ean13InvalidLength
    Barcode_UpcA INVALID upcaInvalid
    Barcode_UpcA INVALID_LENGTH upcaInvalidLength
    Digits STRING_EMPTY digitsStringEmpty

    digg delicious meneame google twitter technorati facebook