DaveDevelopment::Dave Marshall

Sometime last year, I, along with quite a few others, was asked to review one of
Packt Publishing’s new books, Zend Framework 1.8 Web Application Development, written by Keith Pope. They sent me a copy, which was very good of them and although it’s taken me ages to finish and get round to writing this review, that’s not a true reflection of how good the book was, I’m just a very busy/lazy person! So lazy, that I did in fact say I’d have it done in two weeks, which turned into 4 months.

Packt asked if I’d be interested in reviewing the book, so watch this space, I’ll be back in a couple of weeks with a review.

My Post dated 15/10/2009

Introduction

Design, develop, and deploy feature-rich PHP web applications with this MVC framework

That is the books strap line, and it does exactly what it says on the tin. The bulk of the book actually takes you through the design, development, testing and deployment of a real world example application, called the Storefront. The book claims that it is written for PHP web developers that are either using or looking to start using the Zend Framework and that a basic knowledge of Object Oriented design would be helpful. While you might be able to manage without any OOD experience, I’d say you definitely need some to get the most out of this book, as the second chapter digs right under the hood of the Frameworks MVC architecture. My personal experience was that I got to learn all the things I haven’t had time to learn, I’ve been using the Framework for a couple of years now, always appreciating, but not always understanding what it was doing for me.

MVC Architecture

The first chapter gives you a brief overview of creating an MVC application in the Zend Framework, experienced users of the Framework will probably want to gloss over this part, whereas people looking to start using the framework should take their time and take things in. The next chapter is when I really started to enjoy the book. Each component of the MVC architecture is presented as it’s own topic, with each component getting a breakdown of Design Patterns/theory, default settings/configuration, usage and finally customisation.

The chapter is well put together and considering the amount of information portrayed, is not overwhelming.

Storefront Application

The rest of the book provides the information you need about the framework around a real world example application, called StoreFront, which is a basic e-commerce application. I should point out that I didn’t code the application as I went, if I’m reading I like to read, but where appropriate I have used the book as a reference when updating my existing Zend Framework applications.

The best thing about these chapters though, is some of the design theory you pick up on the way, that isn’t directly relevant to the Zend Framework, but can be applied to any framework out there. Best practices such as Fat Models, Composition, Fluent interfaces are all explained in detail, along with relevant and realistic examples. Further more, the applications MVC separation is excellent, taken in context (it might be a little overkill for the example application, but is there to show you the methods).

After taking you through the creation of the application, the book then takes you into optimisation and testing. The optimisation takes you though some general PHP optimisation techniques, but then ploughs into techniques like a transparent abstract cache that is applied to the models. Testing is carried out with the trusty PHPUnit, along with the frameworks extension of the library Zend_Test and the book goes on to integrate the test suites with apache ant (why not phing) and phpundercontrol.

Conclusion

In conclusion, I thought this book was an excellent read and I plan to follow it through again when I build my next ZF app (I have two good ideas in the pipeline). Find out more or and buy it!. Thanks to Packt for sending me a copy!

After stumbling across an offer for a free Zend Framework Poster some time ago, I quickly dropped Mayflower an email.

Some time passed, and now it’s here at work, placed next to our all important tea, coffee and biscuits station.

It’s A0, covers nearly all of the major components and is well worth having! Top props to guys over there for pushing the Zend Framework like this. Cheers!

I saw this post via SlashDot and can’t help but think it’s a little overkill?

Content Security Policy is intended to mitigate a large class of Web Application Vulnerabilities: Cross Site Scripting. Cross Site Request Forgery has also become a large scale problem in Web Application Security, though it is not a primary focus of Content Security Policy.

In an ideal world, this would be great, but getting all the browsers on board and implemented may take a while. I was thinking about this the other day and I don’t see why the browsers/w3c can’t standardise on some sort of tag or conditional comments that says don’t execute any script in here. This would be simple to use and surely simple to implement. Browsers already know what to do with <noscript>

For Example:

<dontexecutescript>
    <?php echo $this->escape($userProvidedContent);?>
</dontexecutescript>

Or:

<!--[dontexecutescript] -->
    <?php echo $this->escape($userProvidedContent);?>
<!--[dontexecutescript]-->

I’m no expert on XSS, but I’m pretty sure this would solve most of the issues encountered.

Update:

Okay, so one obvious problem might be that the $userProvidedContent contains a closing </dontexecutescript> tag, but that’s just semantics. Unique identifiers for each block, ignoring tags that don’t match up, these browser developers are clever, they could come up with something.

If anybody missed it, the last few days has seen plenty of buzz around a new proposal on how to solve the problem with URL shorteners. I kind of got lost in all the different methods and proposals people are discussing, suggesting or implementing, but I went ahead and added some simple logic to lnkd.in, to do a HTTP HEAD request to the given URL, looking for headers in a couple of the formats suggested. I figured that was going to get out of date pretty quickly, so I modified it to use the RevCanonical API, seems to work pretty well, returning a rev=canonical url wherever possible.

I also contributed a basic bit of code to Rob Allen’s Shorter Links plugin for wordpress, allowing users to specifying a base url, davedevelopment.co.uk isn’t all that good for short URLs. Just need to upgrade the plugin and decide on a short domain for my blog now.

Update: registerd daved.in, works a treat

I wanted my new job website to post a tweet to twitter every time we approved a posting.

Zend_Service_Twitter looks like it will be fairly comprehensive, but it’s not in the core yet and is probably a little overkill for my simple use case.

I then had a look at Zend_Rest_Client, which seemed to confuse me. I couldn’t actually get it to add the parameters I wanted to the call, I guess it’s better for interacting with Zend_Rest_Server or fully restful APIs.

To be fair, the manual actually states:

[Warning] Strictness of Zend_Rest_Client

Any REST service that is strict about the arguments it receives will likely fail using Zend_Rest_Client, because of the behavior described above. This is not a common practice and should not cause problems.

So here’s some simple code using Zend_Http_Client.

< ?php
require_once 'Zend/Http/Client.php';

$http = new Zend_Http_Client('http://twitter.com/statuses/update.xml', array(
    'maxredirects' => 0,
    'timeout'      => 10,
));

$http->setAuth(
    'twitter_username',
    'twitter_password',
     Zend_Http_Client::AUTH_BASIC
);

$http->setMethod(Zend_Http_Client::POST);
$http->setParameterPost('status', 'Your status message');
$http->request();

?>