security - What is the most secure way to handle invalid input in a Zend application? -


i have application user arrives @ page link containing id value (e.g.: /students/view/42). in code, use zend_filter_input, this:

$input = new zend_filter_input(array(), array(     'id' => new zend_validate_db_recordexists(array (         'table' => 'students',         'field' => 'id'      ) ), $this->_request->getparams()); if (!$input->isvalid()) {     // ??? }

i don't think there's earth-shattering going on point. however, unclear if value id invalid.

in book zend framework: beginner's guide, vikram vaswani has user throw exception (zend_controller_action_exception('page not found', 404)). best way go handling this, , if not, other options available?

you should redirect user page 404 error description (you should use errorcontroller exception messages rendering) or specific page message such student not exist.

just throw exception , render error page in errorcontroller.

you can this:

 $this->getresponse()->sethttpresponsecode(404);

or

throw new zend_controller_action_exception('this page not exist', 404);

the typical errorcontroller class following:

class errorcontroller extends zend_controller_action {     public function erroraction()     {         $errors = $this->_getparam('error_handler');          switch ($errors->type) {             case zend_controller_plugin_errorhandler::exception_no_route:             case zend_controller_plugin_errorhandler::exception_no_controller:             case zend_controller_plugin_errorhandler::exception_no_action:                 // 404 error -- controller or action not found                 $this->getresponse()                      ->setrawheader('http/1.1 404 not found');                  // ... output display...                 break;             default:                 // application error; display error page, don't                 // change status code                 break;         }     } }

Comments

Post a Comment

Popular posts from this blog

linux - xterm copying to CLIPBOARD using copy-selection causes automatic updating of CLIPBOARD upon mouse selection -

i've tried various ways coerce xterm (versions 285 , 292) copy selection clipboard clipboard whenever press ctrl-shift-c. promising way far has been, in ~/.xresources, put this: xterm*vt100.translations: #override \ ctrl shift <keypress> c: copy-selection(clipboard) \n\ ctrl shift <keypress> v: insert-selection(clipboard) ctrl-shift-v works perfectly, copying has nuance... if restart xterm, highlighting text puts things in primary clipboard; expected, proper, default behavior. if hit ctrl-shift-c, copies current selection clipboard clipboard. the bug, however, if highlight text after first time pressed ctrl-shift-c, you'll see highlighting copies both primary and clipboard. cannot figure out how stop xterm updating clipboard upon selection... , doesn't make sense me in first place. i said, @ specific point in time, copy selection clipboard... yet starts updating automatically upon selection after doing once... anyone have workaround...
Read more

qt - Errors in generated MOC files for QT5 from cmake -

i generated moc files qt5 using set (cmake_automoc on) set(cmake_include_current_dir on) then add moc files src using set(src src/main.cpp src/video_widget_surface.cpp src/video_widget.cpp src/video_player.cpp #moc files moc/moc_video_player.cpp moc/moc_video_widget.cpp moc/moc_video_widget_surface.cpp finally add executable using add_executable(somegui ${src}) but errors in moc files saying : /other/workspace/perception/somestuff/moc/moc_video_widget.cpp:54:6: error: 'videowidget' has not been declared /other/workspace/perception/somestuff/moc/moc_video_widget.cpp:62:19: error: 'videowidget' has not been declared /other/workspace/perception/somestuff/moc/moc_video_widget.cpp:68:20: error: 'videowidget' has not been declared /other/workspace/perception/somestuff/moc/moc_video_widget.cpp:68:46: error: non-member function 'const qmetaobject* metaobject()' cannot have cv-qualifier /other/qt5.0.1/5.0.1/gcc_64/include/qtcore/qo...
Read more