Proposal for Zend_Db_NestedSet – Hierarchical data as a nested set

Graham Anderson writes a very interesting proposal; If you are interested in an implementation of storing and retrieving hierarchical data as a nested set, please take a few minutes to review my new proposal[1].

I dusted off some old code and poked and prodded a little until it behaved somewhat as expected, there’s a functioning prototype on GitHub[2] with some basic instructions in the README.

As you probably guessed the algorithm is modified pre-order traversal, and the current working functionality is as follows

  • Store single trees or multiple trees in same table
  • Add, move & delete individual tree nodes or tree branches
  • operate on result set nodes(getPath(),getSiblings(),getDescendants(), etc )
  • Result-set as multi-dimensional associative array (Zend_Navigation)
  • Result-set as recursive iterator

Cheers the noo,


Configuring Poedit for Zend Framework Projects

This entry is part 1 of 4 in the series Working with Zend_Translate and Poedit

There are a few steps you need to take to configure poedit to work with a Zend Framework project properly. I will take you through the configuration process step by step, and in the end you should have a working installation.

In this tutorial we are on Windows, but the process is the same on Mac & Linux based systems, and poedit even looks much the same on all platforms.

Install poedit and start it, if it’s the first time you run it you should now see a Preferences dialog.

Your name & email – Fill these in
You can leave all the options as their defaults, including the Line endings format [Unix]
Translation Memory:
Leave this as is for now.
Select PHP and click Edit.

PHP Language settings

Make sure your dialog matches the one above exactly!

Now click OK twice and you are done with the preferences.

The main poedit window will now come up,  click File -> New Catalog, you should now see a settings window.

Project Info:

Fill in your Project name and version and the rest of the fields making sure you select Charset and Source code charset to UTF8 and selecting the language and country of the translation you are going to create, in my case Language: Swedish and Country: SWEDEN.

Project Info

Now select the Paths tab, and add your projects base path. In my case C:\Zend\Apache2\htdocs\testbench then click the New item tool and add; application

Project Base and application path

Now select the Keywords tab and click the New item tool and add;

  • translate
  • _
  • setLabel
  • setValue
  • setMessage
  • setLegend
  • _refresh
  • append
  • prepend

(Note: If you have any other keywords that come to mind, feel free to comment and I’ll add them to this tutorial)

Now you click OK and the Save as dialog comes up move to your project application directory and select or create the languages directory the path should look something like C:\Zend\Apache2\htdocs\testbench\application\languages and save the file as sv_SE.po (replace this with the language/locale code that you have choosen.)

Now your source code will be scanned after the keywords you specified earlier and the Update Summary dialog will be showing all the strings it detected;

Update Summary

In this example the strings where caught from;

$this->headTitle()->prepend($this->translate('TestBench Application -'));
<?php echo $this->translate("Welcome %s, your last login was %s",$this->user['name'],$this->user['active']); ?>

in my layouts/scripts/layout.phtml file.

When you click OK on the Update Summary Dialog you will be taken to the main poedit window where you can translate the strings.

Main window

As you can see it’s very easy to work with simply enter your translations in the bottom text box.

Now after you are done you simply click File -> Save and two files will be written to your languages directory, in my case sv_SE.po and where the .mo file is the compiled version that Zend_Translate uses.

Now if you add new strings to your source code you simply load poedit and open your sv_SE.po file and select Catalog -> Update from sources and it will again show you the Update Summary dialog with all new string as well as changed strings and removed (Obsolete) strings.

There are a ton of good Zend_Translate references out there, google is your friend!

Hope this helps, enjoy!

Getting Started with Zend_Test

Matthew Turland has written a very nice article on Unit Testing using Zend_Test, Zend_Test_PHPUnit_DatabaseTestCase, Zend_Test_PHPUnit_ControllerTestCase where he uses a few interesting solutions. Definitely worth a read.

“I worked on a project recently where we used Zend Framework. As part of that project, I was tasked with writing unit tests. So, I went to the “tests” directory generated for me by the zf CLI utility to get started…”

via Getting Started with Zend_Test | Blue Parabola, LLC.

Deep Integration between Zend Framework and Doctrine 1.2

There’s been a lot of talk online about finding the best approach for bringing Zend Framework and Doctrine 1.x together. This video is my humble approach of combining some of the learning brought about over the last few weeks on Zendcasts, as well as suggestions from Doctrine developers.

The goal of this video is to show how you leverage the existing resource loading tools in Zend to have a model structure that reflects Zend’s best practices. This video builds on the last Doctrine video, but if you’re familiar with both frameworks, you should be able to follow along. Enjoy!

via Deep Integration between Zend and Doctrine 1.2 | free Zend Framework screencasts – Zendcasts.

Features « DataGrid for Zend Framework

Zend dataGrid now has it’s own domain and releases version 0.5 , Check out the Docs and the Demo.

Some of the features:

  • Create a datagrid using a Zend_Db_Select instance, Arrays, XML, CSV or JSON files
  • Takes a Zend_Db_Select instance to perform the query
  • User interface controls to perform operations to insert, update and delete table records with support for data validation and filtering
  • Template based presentation
  • Filter data by user selected fields Automatic pagination of results
  • Support for extra listing column fields List sorting by field
  • Configurable field titles
  • Support for SQL aggregation expressions (MAX, COUNT, MIN, AVG, etc…)
  • Internationalization support
  • Export results in multiple formats: XML, HTML table, PDF, MSExcel, MSWord, CSV, Open Office Spreadsheet and text document etc..
  • Cache support
  • Plug-ins to format content: date, bool, etc..
  • Ajax support
  • Form fields customization
  • Fields Decorators
  • Callback functions
  • ….

via: Features « DataGrid for Zend Framework.

Towards an Interoperable Scientific Cloud for Europe

To ensure world-class research, energy efficiencies and competitive edge in the global marketplace, Europe needs to evolve current Distributed Computing Infrastructures (DCIs) that encompass new, industrial-quality technologies such as virtualization, service orientation and convergence with the digital world. While grid infrastructures have captured the requirements of several specific communities, smaller and ad-hoc groups with significant applications have struggled to get their requirements satisfied with grid technology because of the inherent complexity and long deployment times (with outcomes not always meeting with success).

Moreover, industry adoption of grid has not taken off as widely as once expected. By contrast, a business case for cloud computing is increasingly gaining consensus in both the public and private sectors and as several standardisation development organisations focus efforts on interoperable solutions for clouds through strategic alliances in which Europe is playing a pro-active role. Furthermore, a recent Expert Group Report on the Future of Cloud Computing produced with the support of the European Commission DG INFSO recommends that the European open source movement should work strongly with industry to support commercial cloud based service provisioning.

A cloud-based e-Infrastructure for eScience, currently missing from Europe’s service portfolio, would ensure a leap forward in the European Research Area by integrating flexible and easy-to-use utility services, complementing current computing services like grids and supercomputers at the hands of researchers and scientists. Value-add needs to come from new business models in a shift away from costly and complex “run-by-scientists-for-scientists” approaches on the one hand and the use of pay on demand on the other. Sustainable growth needs to be addressed by a deeper understanding of policy and legal issues, ensuring cost-effective investment at EU level and interoperability while also fostering new public-private partnerships in the longer term. A new culture of cloud research, “scientific cloud”, and a spirit of entrepreneurship cannot be achieved without the involvement in R&D initiatives of pioneering enterprises with a commitment to industry quality standards and interoperability working alongside research organisations.

Recent developments led by experts in industry and research would help to gain efficiencies and make savings by optimising resource utilisation, reliability, energy efficiency and maintenance costs, all key objectives highlighted by EU policy bodies. This new approach focuses on the provisioning, operation and user-testing of an industrial quality, virtualised e-Infrastructure in the form of a cloud computing service platform, open for usage by the research and scientific community and tested by major categories of scientific and industrial communities across disciplines and sectors important to Europe. The aims of these new developments are to broaden inter-disciplinary scientific collaboration in Europe, ensure co-ordinated, strengthened and focused software deployments, improve the usability of DCI platforms targeting the largest possible base across a range of fields in science and engineering, and advance exploitation in the rapidly changing hardware environments through appropriate software developments.

This novel component in the e-Infrastructure ecosystem would help expand existing Distributed Computing Infrastructures (DCIs) serving eScience by ensuring easy access to virtually “infinite” resources and high mobility while hiding the complexity of set-up, maintenance and communication from users and reducing the length and costs of application porting through automation, as well as overcoming the need for in-depth knowledge of ICT technologies. Economies of scale will be achieved by optimising resources, reducing operational costs, especially energy costs, where savings are crucial for sustainability.

An ideal approach could be based on both open source and commercial solutions, combining the best of both worlds. Users would be enabled through access to a commercial multi-layer solution including compute and storage power, a development environment and immediate services, while advances in open source would also be ensured through community contributions to extend the capabilities of current DCIs and support efforts towards interoperability and portability.

Open source initiatives would be leveraged to pave the ground for interoperability. A good case in point is the Zend Framework project, which has invited the open source community and software vendors to participate in the formation of a Simple Cloud API. IBM, Microsoft, Rackspace, Nirvanix and GoGrid have already joined the project as contributors. In coming months, they will work together to define APIs for these cloud application services, enabling a generation of cloud native applications written in PHP . The Simple Cloud API is an open source project that makes it easier for developers to use cloud application services by abstracting insignificant API differences. One of the design goals of the project is to encourage innovation. To this end, the Simple Cloud API can be used for common operations while users can easily drop down to vendor libraries to access value-add features. One example of this is Microsoft Azure, which now also supports the full Java stack including open source tools such as the Apache web server, working towards interoperability.

But it doesn’t stop here. A cost and energy efficient on-demand environment has much potential to support incubators, industrial clusters and scientific parks, which are central to Europe’s economic strength, particularly in terms of high value-added categories like ICT, Biotechnology and Pharmaceuticals and R&D across diverse sectors. What’s more, such a solution would enable SME and small research labs by bringing the value-add needed to compete with the larger organisations that currently dominate the pharmaceutical landscape.

Significantly, such an approach meets with all four additional recommendations of the EC’s Expert Group Report for the future of cloud computing, that is, the need for large-scale research and experimentation test beds; developing joint programmes encouraging expert collaboration groups with industrial and public stakeholders; supporting the development of cloud interoperation standards and open source reference implementation and European leadership position in software through commercially relevant open source approaches. The time has come for Europe to tap into the expertise that will help make this happen, opening up strategic opportunities for a new scientific cloud that brings interoperability and innovation into sharp relief.


Source: Trust-IT Services Ltd.
via HPCwire: Towards an Interoperable Scientific Cloud for Europe.

Zend Framework – Reporting Potential Security Issues

If you have encountered a potential security vulnerability in Zend Framework, please report it to us at [email protected]. We will work with you to verify the vulnerability and patch it.

When reporting issues, please provide the following information:

  • Component(s) affected
  • A description indicating how to reproduce the issue
  • A summary of the security vulnerability and impact

We request that you contact us via the email address above and give the project contributors a chance to resolve the vulnerability and issue a new release prior to any public exposure; this helps protect Zend Framework users and provides them with a chance to upgrade and/or update in order to protect their applications.

For sensitive email communications, please use our PGP key.


Zend Framework takes security seriously. If we verify a reported security vulnerability, our policy is:

  • We will patch the current release branch, as well as the prior two minor release branches.
  • After patching the release branches, we will immediately issue new security fix releases for each patched release branch.
  • A security advisory will be released on the Zend Framework site detailing the vulnerability, as well as recommendations for end-users to protect themselves. Security advisories will be listed at, as well as via a feed (which is also present in the website head for easy feed discovery)

via Zend Framework.

Zend Framework Security Related Releases Now Available

And finally there has been some actual movement on securing up the Zend Framework in an proactive fashion (at least from now on:) )

As announced earlier by Matthew, Zend Framework 1.9.7, 1.8.5 and 1.7.9 have been released incorporating routine maintenance and a number of security fixes detailed in the announcement. It&apos;s recommended that framework users upgrade as soon as possible to the latest release of whichever of these minor branches they are using.

As the announcement also indicates, following December&apos;s excitement I spent much of the Christmas and New Year period conducting a security review of the framework. While an ongoing process, the initial review focused on specific areas most likely to deal directly or indirectly with user input and the output of user sourced data. The results of that initial review were reported over the holidays to the Zend team, who patiently put up with my long winded emails and managed not to strangle me…so far. I&apos;m keeping myself holed up in the mountains for now ;-).

The review also included an examination of all new components due to enter service with Zend Framework 1.10. This yielded a number of issues whose fixes will preempt their release into a stable version, and have been reported to the relevant lead developers. These will not be disclosed at this time, and will not form any new advisories for the simple fact that ZF 1.10 currently exists only as an alpha release where issues are to be expected anyway. Regardless, you all owe me extra cookies for those ;-).

On to the vulnerabilities, the majority are linked to encoding inconsistencies. One of the more far-reaching results of the fixes is that all developers should note the Zend Framework now enforces a default character encoding of UTF-8, including Zend_View which until now has defaulted to ISO-8859-1. This will require users needing that encoding to now set it manually. In addition, numerous classes have been given methods allowing developers pass in their preferred encoding. It&apos;s essential you do so to benefit from the full protection of all escaping mechanisms using htmlspecialchars() and htmlentities(). The remaining vulnerabilities are self-explanatory and, besides upgrading, require little additional work on your part.

It&apos;s also important to note that these fixes often go beyond fixing the immediate symptoms. So reporter&apos;s credit aside, thanks to Matthew, Ralph and Thomas Weidner who worked on the patches for these fixes as well as spending the time discussing and debating them all in turn. I&apos;m sure Matthew and Ralph had lots of fun (in between apoplectic fits) preparing for three releases but it&apos;s truly appreciated.

I remember from December (when not ranting ;-)), that one of the identifiable problems with the Zend Framework was its overall security strategy which has been reactive in nature. The reason for performing this security review, in addition to finding it exciting to spend hour after hour staring at source code (I&apos;m being sarcastic), is that my original rant was misdirected in one aspect. If the framework is reactive, it is because everyone who contributes source code also contributes to that particular attitude. Performing the review was one way of breaking the reactive trend, and so instead of having these security issues persist into the framework&apos;s future versions to be discovered by accident (or not), they have been deliberately searched for, found, poked, prodded, debated and then dutifully exterminated. Welcome to proactivity.

If there is a point, it is that as Zend Framework contributors it&apos;s still ultimately our job to enforce and promote a security awareness. We can&apos;t pass that responsibility to Zend (all of three employees) and wave our hands innocently. We now have two new jobs we better get used to. The first is applying the new Security Policy and notifying the security channel of any reported or self-discovered security issues. Don&apos;t sit around wondering if it&apos;s a problem, send it in and let the guys look at it. That goes for all security issues without exception (or should). Secondly, we need to build some semblance of a security conciousness because at present that is sorely lacking. I believe the Zend guys are on a similar track here so they may have more to say in the near future. I&apos;ll doubtlessly blog about these two topics more specifically over the next few days.

In the meantime, you have some new releases to work with ;-). I sunk a lot of time into this, but being an open source project it&apos;s only right you exploit that for all it&apos;s worth :-P.

via Maugrim The Reaper’s Blog.