Getting Started with Zend_Test

Matthew Turland has written a very nice article on Unit Testing using Zend_Test, Zend_Test_PHPUnit_DatabaseTestCase, Zend_Test_PHPUnit_ControllerTestCase where he uses a few interesting solutions. Definitely worth a read.

“I worked on a project recently where we used Zend Framework. As part of that project, I was tasked with writing unit tests. So, I went to the “tests” directory generated for me by the zf CLI utility to get started…”

via Getting Started with Zend_Test | Blue Parabola, LLC.

Deep Integration between Zend Framework and Doctrine 1.2

There’s been a lot of talk online about finding the best approach for bringing Zend Framework and Doctrine 1.x together. This video is my humble approach of combining some of the learning brought about over the last few weeks on Zendcasts, as well as suggestions from Doctrine developers.

The goal of this video is to show how you leverage the existing resource loading tools in Zend to have a model structure that reflects Zend’s best practices. This video builds on the last Doctrine video, but if you’re familiar with both frameworks, you should be able to follow along. Enjoy!

via Deep Integration between Zend and Doctrine 1.2 | free Zend Framework screencasts – Zendcasts.

Features « DataGrid for Zend Framework

Zend dataGrid now has it’s own domain and releases version 0.5 , Check out the Docs and the Demo.

Some of the features:

  • Create a datagrid using a Zend_Db_Select instance, Arrays, XML, CSV or JSON files
  • Takes a Zend_Db_Select instance to perform the query
  • User interface controls to perform operations to insert, update and delete table records with support for data validation and filtering
  • Template based presentation
  • Filter data by user selected fields Automatic pagination of results
  • Support for extra listing column fields List sorting by field
  • Configurable field titles
  • Support for SQL aggregation expressions (MAX, COUNT, MIN, AVG, etc…)
  • Internationalization support
  • Export results in multiple formats: XML, HTML table, PDF, MSExcel, MSWord, CSV, Open Office Spreadsheet and text document etc..
  • Cache support
  • Plug-ins to format content: date, bool, etc..
  • Ajax support
  • Form fields customization
  • Fields Decorators
  • Callback functions
  • ….

via: Features « DataGrid for Zend Framework.

Towards an Interoperable Scientific Cloud for Europe

To ensure world-class research, energy efficiencies and competitive edge in the global marketplace, Europe needs to evolve current Distributed Computing Infrastructures (DCIs) that encompass new, industrial-quality technologies such as virtualization, service orientation and convergence with the digital world. While grid infrastructures have captured the requirements of several specific communities, smaller and ad-hoc groups with significant applications have struggled to get their requirements satisfied with grid technology because of the inherent complexity and long deployment times (with outcomes not always meeting with success).

Moreover, industry adoption of grid has not taken off as widely as once expected. By contrast, a business case for cloud computing is increasingly gaining consensus in both the public and private sectors and as several standardisation development organisations focus efforts on interoperable solutions for clouds through strategic alliances in which Europe is playing a pro-active role. Furthermore, a recent Expert Group Report on the Future of Cloud Computing produced with the support of the European Commission DG INFSO recommends that the European open source movement should work strongly with industry to support commercial cloud based service provisioning.

A cloud-based e-Infrastructure for eScience, currently missing from Europe’s service portfolio, would ensure a leap forward in the European Research Area by integrating flexible and easy-to-use utility services, complementing current computing services like grids and supercomputers at the hands of researchers and scientists. Value-add needs to come from new business models in a shift away from costly and complex “run-by-scientists-for-scientists” approaches on the one hand and the use of pay on demand on the other. Sustainable growth needs to be addressed by a deeper understanding of policy and legal issues, ensuring cost-effective investment at EU level and interoperability while also fostering new public-private partnerships in the longer term. A new culture of cloud research, “scientific cloud”, and a spirit of entrepreneurship cannot be achieved without the involvement in R&D initiatives of pioneering enterprises with a commitment to industry quality standards and interoperability working alongside research organisations.

Recent developments led by experts in industry and research would help to gain efficiencies and make savings by optimising resource utilisation, reliability, energy efficiency and maintenance costs, all key objectives highlighted by EU policy bodies. This new approach focuses on the provisioning, operation and user-testing of an industrial quality, virtualised e-Infrastructure in the form of a cloud computing service platform, open for usage by the research and scientific community and tested by major categories of scientific and industrial communities across disciplines and sectors important to Europe. The aims of these new developments are to broaden inter-disciplinary scientific collaboration in Europe, ensure co-ordinated, strengthened and focused software deployments, improve the usability of DCI platforms targeting the largest possible base across a range of fields in science and engineering, and advance exploitation in the rapidly changing hardware environments through appropriate software developments.

This novel component in the e-Infrastructure ecosystem would help expand existing Distributed Computing Infrastructures (DCIs) serving eScience by ensuring easy access to virtually “infinite” resources and high mobility while hiding the complexity of set-up, maintenance and communication from users and reducing the length and costs of application porting through automation, as well as overcoming the need for in-depth knowledge of ICT technologies. Economies of scale will be achieved by optimising resources, reducing operational costs, especially energy costs, where savings are crucial for sustainability.

An ideal approach could be based on both open source and commercial solutions, combining the best of both worlds. Users would be enabled through access to a commercial multi-layer solution including compute and storage power, a development environment and immediate services, while advances in open source would also be ensured through community contributions to extend the capabilities of current DCIs and support efforts towards interoperability and portability.

Open source initiatives would be leveraged to pave the ground for interoperability. A good case in point is the Zend Framework project, which has invited the open source community and software vendors to participate in the formation of a Simple Cloud API. IBM, Microsoft, Rackspace, Nirvanix and GoGrid have already joined the project as contributors. In coming months, they will work together to define APIs for these cloud application services, enabling a generation of cloud native applications written in PHP . The Simple Cloud API is an open source project that makes it easier for developers to use cloud application services by abstracting insignificant API differences. One of the design goals of the project is to encourage innovation. To this end, the Simple Cloud API can be used for common operations while users can easily drop down to vendor libraries to access value-add features. One example of this is Microsoft Azure, which now also supports the full Java stack including open source tools such as the Apache web server, working towards interoperability.

But it doesn’t stop here. A cost and energy efficient on-demand environment has much potential to support incubators, industrial clusters and scientific parks, which are central to Europe’s economic strength, particularly in terms of high value-added categories like ICT, Biotechnology and Pharmaceuticals and R&D across diverse sectors. What’s more, such a solution would enable SME and small research labs by bringing the value-add needed to compete with the larger organisations that currently dominate the pharmaceutical landscape.

Significantly, such an approach meets with all four additional recommendations of the EC’s Expert Group Report for the future of cloud computing, that is, the need for large-scale research and experimentation test beds; developing joint programmes encouraging expert collaboration groups with industrial and public stakeholders; supporting the development of cloud interoperation standards and open source reference implementation and European leadership position in software through commercially relevant open source approaches. The time has come for Europe to tap into the expertise that will help make this happen, opening up strategic opportunities for a new scientific cloud that brings interoperability and innovation into sharp relief.

—–

Source: Trust-IT Services Ltd.
via HPCwire: Towards an Interoperable Scientific Cloud for Europe.

Zend Framework – Reporting Potential Security Issues

If you have encountered a potential security vulnerability in Zend Framework, please report it to us at [email protected]. We will work with you to verify the vulnerability and patch it.

When reporting issues, please provide the following information:

  • Component(s) affected
  • A description indicating how to reproduce the issue
  • A summary of the security vulnerability and impact

We request that you contact us via the email address above and give the project contributors a chance to resolve the vulnerability and issue a new release prior to any public exposure; this helps protect Zend Framework users and provides them with a chance to upgrade and/or update in order to protect their applications.

For sensitive email communications, please use our PGP key.

Policy

Zend Framework takes security seriously. If we verify a reported security vulnerability, our policy is:

  • We will patch the current release branch, as well as the prior two minor release branches.
  • After patching the release branches, we will immediately issue new security fix releases for each patched release branch.
  • A security advisory will be released on the Zend Framework site detailing the vulnerability, as well as recommendations for end-users to protect themselves. Security advisories will be listed at http://framework.zend.com/security/advisories, as well as via a feed (which is also present in the website head for easy feed discovery)

via Zend Framework.

Zend Framework Security Related Releases Now Available

And finally there has been some actual movement on securing up the Zend Framework in an proactive fashion (at least from now on:) )

As announced earlier by Matthew, Zend Framework 1.9.7, 1.8.5 and 1.7.9 have been released incorporating routine maintenance and a number of security fixes detailed in the announcement. It's recommended that framework users upgrade as soon as possible to the latest release of whichever of these minor branches they are using.

As the announcement also indicates, following December's excitement I spent much of the Christmas and New Year period conducting a security review of the framework. While an ongoing process, the initial review focused on specific areas most likely to deal directly or indirectly with user input and the output of user sourced data. The results of that initial review were reported over the holidays to the Zend team, who patiently put up with my long winded emails and managed not to strangle me…so far. I'm keeping myself holed up in the mountains for now ;-).

The review also included an examination of all new components due to enter service with Zend Framework 1.10. This yielded a number of issues whose fixes will preempt their release into a stable version, and have been reported to the relevant lead developers. These will not be disclosed at this time, and will not form any new advisories for the simple fact that ZF 1.10 currently exists only as an alpha release where issues are to be expected anyway. Regardless, you all owe me extra cookies for those ;-).

On to the vulnerabilities, the majority are linked to encoding inconsistencies. One of the more far-reaching results of the fixes is that all developers should note the Zend Framework now enforces a default character encoding of UTF-8, including Zend_View which until now has defaulted to ISO-8859-1. This will require users needing that encoding to now set it manually. In addition, numerous classes have been given methods allowing developers pass in their preferred encoding. It's essential you do so to benefit from the full protection of all escaping mechanisms using htmlspecialchars() and htmlentities(). The remaining vulnerabilities are self-explanatory and, besides upgrading, require little additional work on your part.

It's also important to note that these fixes often go beyond fixing the immediate symptoms. So reporter's credit aside, thanks to Matthew, Ralph and Thomas Weidner who worked on the patches for these fixes as well as spending the time discussing and debating them all in turn. I'm sure Matthew and Ralph had lots of fun (in between apoplectic fits) preparing for three releases but it's truly appreciated.

I remember from December (when not ranting ;-)), that one of the identifiable problems with the Zend Framework was its overall security strategy which has been reactive in nature. The reason for performing this security review, in addition to finding it exciting to spend hour after hour staring at source code (I'm being sarcastic), is that my original rant was misdirected in one aspect. If the framework is reactive, it is because everyone who contributes source code also contributes to that particular attitude. Performing the review was one way of breaking the reactive trend, and so instead of having these security issues persist into the framework's future versions to be discovered by accident (or not), they have been deliberately searched for, found, poked, prodded, debated and then dutifully exterminated. Welcome to proactivity.

If there is a point, it is that as Zend Framework contributors it's still ultimately our job to enforce and promote a security awareness. We can't pass that responsibility to Zend (all of three employees) and wave our hands innocently. We now have two new jobs we better get used to. The first is applying the new Security Policy and notifying the security channel of any reported or self-discovered security issues. Don't sit around wondering if it's a problem, send it in and let the guys look at it. That goes for all security issues without exception (or should). Secondly, we need to build some semblance of a security conciousness because at present that is sorely lacking. I believe the Zend guys are on a similar track here so they may have more to say in the near future. I'll doubtlessly blog about these two topics more specifically over the next few days.

In the meantime, you have some new releases to work with ;-). I sunk a lot of time into this, but being an open source project it's only right you exploit that for all it's worth :-P.

via Maugrim The Reaper’s Blog.

Setting Up Doctrine for Zend Framework 1.9.x

After some fiddling and googling and Zendcast watching 🙂 I figured out how to get the models to generate the way I needed them to.
And figuring out why generate-sql and build-all-reload did not create sql schema nor create any tables in the mysql database.

Directory Structure

Standard ZF directory structure with a few addition (Can’t wait for ZFTool to do all this for us)

├───application
│   ├───configs
│   │   ├───data          < --
│   │   │   ├───fixtures <--
│   │   │   └───sql        <--
│   │   └───migrations  <--
│   ├───controllers
│   ├───models
│   ├───scripts            <-- doctrine.php & bat here
│   └───views
├───library
│   ├───Doctrine        <-- Please use the latest 1.2.x
│   ├───vendor         <-- Do not forget this one or things will be bad.
├───public

 

application.ini

Only applicable parts added.
[production]
phpSettings.date.timezone = "Europe/Stockholm"
autoloaderNamespaces[] = "Doctrine"
doctrine.dsn = "mysql://root@localhost/testbench"
doctrine.data_fixtures_path = APPLICATION_PATH "/configs/data/fixtures"
doctrine.sql_path = APPLICATION_PATH "/configs/data/sql"
doctrine.migrations_path = APPLICATION_PATH "/configs/migrations"
doctrine.yaml_schema_path = APPLICATION_PATH "/configs/schema.yml"
doctrine.models_path = APPLICATION_PATH "/models"

Bootstrap.php

Please note the inline comment about model loading attributes, this is what broke it for me, for some reason using conservative will prevent generation and creation of database tables and schemas, although model generation works fine, very puzzling!.

class Bootstrap extends Zend_Application_Bootstrap_Bootstrap {

protected function _initDoctrine() {
$this->getApplication()
->getAutoloader()
->pushAutoloader ( array ('Doctrine', 'autoload' ) );
//spl_autoload_register ( array ('Doctrine', 'modelsAutoload' ) );
$manager = Doctrine_Manager::getInstance ();
$manager->setAttribute ( Doctrine::ATTR_AUTO_ACCESSOR_OVERRIDE, true );
// The Model Loading acts a tad weird - Use Default for now.
//$manager->setAttribute ( Doctrine::ATTR_MODEL_LOADING, Doctrine::MODEL_LOADING_AGGRESIVE); // MODEL_LOADING_CONSERVATIVE
$manager->setAttribute ( Doctrine::ATTR_AUTOLOAD_TABLE_CLASSES, false );

$doctrineConfig = $this->getOption('doctrine');
$conn = Doctrine_Manager::connection($doctrineConfig['dsn'],'doctrine');
$conn->setAttribute(Doctrine::ATTR_USE_NATIVE_ENUM,true);

}
}

doctrine.bat

Since this dev machine is on Windows XP:
@echo off
echo Running Doctrine CLI.
"C:\Zend\ZendServer\bin\php.exe" -f C:\Zend\Apache2\htdocs\testbench\application\scripts\doctrine.php %1 %2 %3 %4 %5 %6 %7 %8 %9

doctrine

If you are linux/mac based: (Dont forget to chmod +x it)

#!/usr/bin/env php
< ?php chdir(dirname(__FILE__)); include('doctrine.php');

doctrine.php

Please note the inline comments in this one and customize it to your own liking.

< ?php /** * Doctrine CLI */ error_reporting(E_ALL); define('ROOT_PATH', realpath(dirname(__FILE__))); define('APPLICATION_PATH', realpath(dirname(__FILE__) . "/../")); define('APPLICATION_ENV', 'development'); //Ensure library/ is on include_path set_include_path(implode(PATH_SEPARATOR, array( '../library',get_include_path() ))); /** Zend_Application */ require_once 'Zend/Application.php'; // Create application, bootstrap, and run $application = new Zend_Application( APPLICATION_ENV, APPLICATION_PATH . '/configs/application.ini' ); // Read in the application.ini bootstrap for Doctrine $application->getBootstrap()->bootstrap('doctrine');

// Create the configuration array
$config = $application->getOption('doctrine');
// (Note you can have all of these in application.ini aswell)
$config['generate_models_options'] = array(
// Define the PHPDoc Block in the generated classes
'phpDocPackage' =>'TestBench',
'phpDocSubpackage' =>'Models',
'phpDocName' =>'Danny Froberg',
'phpDocEmail' =>'[email protected]',
'phpDocVersion' =>'1.0',
// Define whats what and named how, where.
'suffix' => '.php',
'pearStyle' => true,
'baseClassPrefix' => 'Base_',
// Unless you have created a custom class or want Default_Model_Base_Abstract
'baseClassName' => 'Doctrine_Record',
// Leave this empty as specifying 'Base' will create Base/Base
'baseClassesDirectory' => NULL,
// Should make it Zend Framework friendly AFAIK
'classPrefix' => 'Default_Model_',
'classPrefixFiles' => false,
'generateBaseClasses' => true,
'generateTableClasses' => false,
'packagesPath' => APPLICATION_PATH . '/models',
'packagesFolderName' => 'packages',

);

$cli = new Doctrine_Cli($config);
$cli->run($_SERVER['argv']);
?>

In the next article we'll take it for a test spin and generate a few models and such 😉

Enjoy.

Continuous Integration for PHP – phpUnderControl & CruiseControl

Did you know that you can automate unit tests (which is the PHP worlds equalient of compilation checks 🙂 ).

Set up your development team using local checkouts of the project and have them do local PHPUnit tests, check their changes in and then get Continuous Integration checks done on a central server using phpUnderControl that emails the team with success/fail reports, it’s a good way to work.

phpUnderControl is an addon application for the continuous integration tool CruiseControl, which integrates some of the best PHP development tools. This project aims to make your first steps with CruiseControl and PHP as easy as possible. Therefore phpUnderControl comes with a command line tool that performs all modifications to an existing CruiseControl installation.

Integrated tools

  • Testing and software metrics – PHPUnit is the most popular xUnit implementation for PHP that provides a framework for automated software tests. Except the pure test automation PHPUnit contains a rich set of features like Code Coverage, Project Mess Detection and Software Metrics. To visualize the generated XML reports phpUnderControl comes with a set of XSL stylesheets that prepare the output for CruiseControl.
  • Documentation – phpUnderControl uses the most common documentation tool for PHP projects, PhpDocumentor, to generate an up to date documentation of the software on every build cycle. Therefore the developers will always get the latest API documentation of their project. Additionally phpUnderControl extracts the documentation violations found by the PhpDocumentor and visualizes these as an additional quality report in the user interface and the project time line of documentation violations.
  • Coding Standards – With the package PHP_CodeSniffer the PEAR project gave PHP developers a very useful tool to detect coding standard violations in a project. Since version 1.0.0RC3 it has native support for the Checkstyle XML format that can be visualized by CruiseControl. PHP_CodeSniffer comes with a variety of pre defined coding standards like PEAR and ZEND but due to its modular structure you can easily implement a custom rule set or extend one of the pre defined sets. This development tool assures that the whole project code will remain clean and consistent.

Go and check it out today 🙂