Zend Framework 1.11.0 FINAL Released

The Zend Framework team is pleased to announce the immediate availability of the general access release of Zend Framework 1.11.0.

This release is the culmination of several months of effort by contributors and Zend Framework partners, and offers several key new features, including support for mobile devices and the first stable release of the SimpleCloud API.

You may download the release from the following location:

http://framework.zend.com/download/latest

The following is a summary of new features and capabilities introduced in version 1.11.0

mobile support

Zend Framework 1.11 marks the first release with explicit support for mobile devices, via the new component Zend_Http_UserAgent. This component was developed by Raphael Carles. Carles is CTO of Interakting, the digital agency of Business & Decision Group of France. Interakting employs 150 PHP professionals to build industrial PHP projects, and its clients include Canal +/Vivendi, BNP Paribas, Samsung France, Ministry of Education, Alapage (Orange), Orange Tunisia, and many others. As such, they have extensive experience in supporting mobile devices, and stepped forward to contribute to Zend Framework, which they leverage in their projects.

Zend_Http_UserAgent performs two responsibilities:

– User-Agent detection

– Device capabilities detection, based on User-Agent

The component includes a “features” adapter mechanism that allows developers to tie into different backends for the purpose of discovering device capabilities. Currently, Zend Framework ships with adapters for the WURFL (Wireless Universal Resource File) API, Tera-WURFL, and DeviceAtlas, with more planned for the future.

Luca Passani, author and lead of the WURFL project, has provided an exemption to Zend Framework to provide a non-GPL adapter accessing the WURFL PHP API.

Additional hooks into the component are provided via a Zend_Application resource plugin, and a Zend_View helper, allowing developers the ability to return output customized for the detected device (e.g., alternate layouts, alternate images, Flash versus HTML5 support, etc.).

Zend_Cloud: SimpleCloud API

During ZendCon 2009, Zend announced a prototype of the SimpleCloud API.

This API was to provide hooks into cloud-based document storage, queue services, and file storage.

Zend Framework 1.11.0 markes the first official, stable release of Zend_Cloud, Zend Framework’s PHP version of the SimpleCloud API. Current support includes:

– Document Services:

– Amazon SimpleDB

– Windows Azure’s Table Storage

– Queue Services:

– Amazon Simple Queue Service (SQS)

– Windows Azure’s Queue Service

– All adapters supported by Zend_Queue:

– Zend Platform JobQueue

– Memcacheq

– Relational Database

– ActiveMQ

– Storage Services:

– Amazon Simple Storage Service (S3)

– Windows Azure’s Blog Storage

– Nirvanix

– Local filesystem

When using any of the SimpleCloud APIs, your code will be portable across the various adapters provided, allowing you to pick and choose your services, as well as try different services until you find one that suits your application or business needs. Additionally, if you find you need to code adapter-specific features, you can drop down to the specific adapter in order to do so.

More adapters will be arriving in the coming months, giving you even more options!

We thank Wil Sinclair and Stas Malyshev for their assistance in the initial releases of Zend_Cloud.

Security

Several classes in Zend Framework were patched to eliminate the potential for leaking timing information from the direct comparison of sensitive data such as plaintext passwords or cryptographic signatures to user input. These leaks arise from the normal process of comparing any two strings in PHP. The nature of the leaks is that strings are often compared byte by byte, with a negative result being returned early as soon as any set of non-matching bytes is detected. The more bytes that are equal (starting from the first byte) between both sides of the comparison, the longer it takes for a final result to be returned. Based on the time it takes to return a negative or positive result, it is possible that an attacker could, over many samples of requests, craft a string that compares positively to another secret string value known only to a target server simply by guessing the string one byte at a time and measuring each guess’ execution time. This server secret could be a plaintext password or the correct cryptographic signature of a request the attacker wants to execute, such as is used in several open protocols including OpenID and OAuth. This could obviously enable an attacker to gain sufficient information to perform a secondary attack such as masquerading as an authenticated user.

This form of attack is known as a Remote Timing Attack. Timing Attacks have been problematic in the past but to date have been very difficult to perform remotely over the internet due to the interference of network jitter which limits their effectiveness in resolving very small timing differences. While the internet still poses a challenge to performing successful Timing Attacks against a remote server, the increasing use of frameworks on local networks and in cloud computing, where network jitter may be significantly reduced, raises the distinct possibility that remote Timing Attacks will become feasible against ever smaller timing information leaks, such as those leaked when comparing any two strings. As a precaution, the applied changes implement a fixed time comparison for several classes which would be attractive targets in any potential remote Timing Attack. A fixed time comparison function does not leak any timing information useful to an attacker thus proactively preventing any future vulnerability to these forms of attack.

We thank Pàdraic Brady for his efforts in identifying and patching these vulnerabilities.

Dojo Support

Zend Framework’s default Dojo Toolkit version has been bumped to version 1.5.0, which includes the new dojox.mobile component, a simple framework for client-side mobile applications.

SimpleDB Support

Zend Framework has provided support for Amazon’s Simple Storage Service (S3), Simple Queue Service (SQS), and Elastic Cloud Compute (EC2) platforms for several releases. Zend Framework 1.11.0 adds support for SimpleDB, Amazon’s non-relational document storage database offering.

Support is available for all SimpleDB operations via Zend_Service_Amazon_SimpleDb.

Zend Framework’s SimpleDB adapter was originally written by Wil Sinclair.

eBay Findings API Support

eBay has an extensive REST API, allowing developers to build applications interacting with their extensive data. Zend Framework

1.11.0 includes Zend_Service_Ebay_Findings, which provides complete support for the eBay Findings API. This API allows developers to query eBay for details on active auctions, using categories or keywords.

Zend_Service_Ebay was contributed by Renan de Lima, Ramon Henrique Ornelas, and Don Bosco Nguyen Van Hoi.

MariaDB Compatibility

Zend_Db’s mysql and Pdo_Mysql adapters are fully MariaDB compatible, and the documentation has been updated to reflect configuration options for this fork of MySQL.

New Configuration Formats

Zend_Config has been a quite popular component in Zend Framework, and has offerred adapters for PHP arrays, XML, and INI configuration files.

Zend Framework 1.11.0 now offers two additional configuration formats:

YAML and JSON.

Zend_Config_Yaml provides a very rudimentary YAML-parser that should work with most configuration formats. However, it also allows you to specify an alternate YAML parser if desired, allowing you to lever tools such as PECL’s ext/syck or Symfony’s YAML component, sfYaml.

Zend_Config_Json leverages the Zend_Json component, and by extension ext/json.

Both adapters have support for PHP constants, as well as provide the ability to write configuration files based on configuration objects.

Stas Malyshev created both adapters for Zend Framework; Zend_Config_Json also had assistance from Sudheer Satyanarayana.

URL Shortening

Zend_Service_ShortUrl was added for this release. The component provides a simple interface for use with most URL shortening services, defining simply the methods “shorten” and “unshorten”. Adapters for two services, http://jdem.cz and http://tinyurl.com, are provided with this release.

Zend_Service_ShortUrl was contributed by Martin Hujer.

Additional View Helpers

Several new view helpers are now exposed:

– Zend_View_Helper_UserAgent ties into the Zend_Http_UserAgent component, detailed above. It gives you access to the UserAgent instance, allowing you to query for the device and capabilities.

– Zend_View_Helper_TinySrc is an additional portion of Zend Framework’s mobile offering for version 1.11.0. The helper ties into the TinySrc API, allowing you to a) provide device-specific image sizes and formats for your site, and b) offload generation of those images to this third-party service. The helper creates img tags pointing to the service, and provides options for specifying adaptive sizing and formats.

– Zend_View_Helper_Gravatar ties into the Gravatar API, allowing you to provide avatar images for registered users that utilize the Gravatar service. This helper was contributed by Marcin Morawski.

Thank You!

We’d like to thank the countless contributors who have made Zend Framework 1.11.0 possible. Over 200 issues and feature requests were closed in preparation for this release, reflecting the efforts of dozens of contributors to the project.
Matthew Weier O’Phinney

Complete Doctrine 1.2x Integration with Zend Framework 1.10+

To achieve complete Doctrine 1 integration with Zend Framework some glue is required, Benjamin Eberlei has created a complete solution thats straight forward, easy to use and understand.

This project tries to offer a complete Integration of Doctrine 1 with Zend Framework. The following components belong to this Integration:

  • Zend_Application Resource
  • Zend Framework Modular Project Support
  • Zend_Tool Provider for Doctrine Model Generation, Migrations and Fixtures
  • Zend_Paginator Adapter for Doctrine Queries
  • Dynamic Zend_Form generation from Doctrine Models

This integration requires the latest Doctrine version 1.2.2 to work completely

Get it!

SVN Export or Externals

Github offers SVN Read support for a while now, you can either use svn export or svn:externals to include ZFDoctrine into your project or into your PHP Include Path.
svn checkout http://svn.github.com/beberlei/zf-doctrine.git

Git Clone

git clone git://github.com/beberlei/zf-doctrine.git
If you follow the tutorial and installation steps your will get this in ZFTool.

Zend Framework Command Line Console Tool v1.10.4
Actions supported by provider "Doctrine"
Doctrine
zf create-project doctrine dsn zend-project-style library-per-module single-library
zf build-project doctrine force load reload
zf create-database doctrine
zf drop-database doctrine force
zf create-tables doctrine
zf generate-sql doctrine
zf dql doctrine
zf load-data doctrine append
zf dump-data doctrine individual-files
zf generate-models-from-yaml doctrine
zf generate-yaml-from-models doctrine
zf generate-yaml-from-database doctrine
zf generate-migration doctrine class-name from-database from-models
zf excecute-migration doctrine to-version
zf show-migration doctrine
zf show doctrine

Read it ALL at beberlei’s zf-doctrine at master – GitHub.

Generate the WSDL file from a class using a Zend component

Matthew Weier O’Phinney answers a very common question;

“Is there a way to generate the WSDL file from a class using a Zend component?”

Yes — via Zend_Soap_Autodiscover:

http://framework.zend.com/manual/en/zend.soap.autodiscovery.html

A typical workflow is to do the following:


if ('GET' == $_SERVER['HTTP_METHOD']) {
$server = new Zend_Soap_Autodiscover();
} else {
$server = new Zend_Soap_Server();
}

$server->setClass('SomeClass');
echo $server->handle();

Basically, you handle GET requests as a request for the WSDL, and anything else as a SOAP request.

Better Zend Framework Documentation

Chris Morrell comes with a very nice intermediate solution to ZF documentation hassles, he writes;

If you’ve every tried to navigate the Zend Framework documentation’s longer pages you’ve probably looked everywhere for a table of contents. Sure, there’s a TOC for the major sections of the component, but if you’re looking for a specific part of a page (or an overview of what that page covers) you’re out of luck. For example, take a look at the Zend_Validate list of standard validation classes. Now try to find the documentation on the URI validator. Can’t find it? That’s ’cause it doesn’t exist. Too bad you had to scroll down through 39 page-lengths’ worth of documentation to find that out.

Wouldn’t it be nice if you’d had something like this:…

Read on “Better Zend Framework Documentation” by Chris Morrell.

PHP 5.3 namespaces for the rest of us

According to the official documentation, PHP namespaces have been designed to prevent name collisions between classes from different packages and to avoid the use of very long names in the code to refer to classes or functions—nobody really wants to have to deal with something called Zend_Db_Adapter_Mysqli or PHPUnit_Framework_Constraint_IsInstanceOf, after all. This means that namespaces help a developer write code that is both more concise and clearer—a direction which is always an improvement towards expressiveness.

Within the PHP implementation of namespaces, these names will be ideally refactored to Zend\Db\Adapter\Mysqli and PHPUnit\Framework\Constraint\IsInstanceOf, where \ is the namespace separator. In the codebase, however, there will typically be very few references to these classes with their fully qualified name, because it is possible to import entire namespaces in a script and then use the class names directly, making the code easier to follow and unambiguous to write.

In fact, the definition of a namespace class itself does not contain its fully qualified name. For example, this would be the source file of an hypothetical MyLibrary\TypeOfComponents\MyClass class:

<?PHP
namespace MyLibrary\TypeOfComponents;
class MyClass
{
// ...
}

The convention when writing namespace-enabled code is that of creating a folder structure that reflects the individual components of a namespace (for example, MyClass would be in the MyLibrary/TypeOfComponents directory. This helps standardizing the autoloading process.

Read the full story PHP 5.3 namespaces for the rest of us | php|architect.

Zend Framework Documentation Now Version Specific

This is VERY good news!!!

The Zend Framework has updated their documentation site with a very handy feature for those that may not be working with the latest version of the framework – the ability to select a version of the framework to view the documentation for.

As of the time of this post, they have versions 1.10 back through the original 1.0 of the documentation as well as having them in six different languages. The site’s search can also be limited to a certain version as well, making it super simple to find just what you’re looking for.

Check out their updated documentation site to see these new features in action.

via Community News.