Tainted mode for input parameters

Hello,

is this list dead?

Has there been a discussion concerning implementing a tainted mode for 
all parameters retrieved through getParameter? If not, I would welcome one.

Regards,

Johan

--

-- 
Johan Mjönes
Senior Developer
Online Gaming Platform
Phone: +46 8 789 12 00
Fax: +46 8 789 12 12
Cell: +46 7 052 838 55
E-mail: johan.mjones <at> ongame.com
Internet: www.ongame.com

This e-mail (including attachments) is strictly confidential and intended solely for designated
recipient(s). It contains privileged and confidential information. If you have received this e-mail in
error, you must not disseminate, copy, distribute or take any action in reliance on it. Please notify us
immediately and delete this e-mail and any attachments. Thank you.

validator configuration fails with php 5.1.1

Hi all!
I've posted this text at the
http://forum.mojavi.org/index.php?showtopic=1471
mojavi forum.

I guess that same problem occures with agavi validation config
files.

What are you going to do with this issue emerged?

Two suggestions

Hello everyone,

I have a two suggestions for features that would make Agavi easier to 
use and combine with other frameworks.

1) The SmartyView should include Smarty in a more "correct" way.

Currently, it is being loaded through:

	require_once(AG_SMARTY_DIR.'/libs/Smarty.class.php');

This requires the AG_SMARTY_DIR constant to be set which could be ok, 
but including "libs" in the path is certainly not OK. If you are using 
Smarty through a standard install, the correct way (according to the 
Smarty documentation) is to include only "Smarty.class.php". To make 
this code further compatible with other, I would suggest checking if 
Smarty has already been loaded (using class_exists()). We use smarty for 
formatting mail as well (logic that will be executed before the 
SmartyView is), and therefore Smarty is loaded twice (fatal error!) 
unless we apply our in-house patches.

2) The __autoload() in Agavi.php needs to be improved
Uhm, never mind. I see this feature is already in there. Nice work :D

Best Regards,

Johan

--

-- 
Johan Mjönes

PDO persistent connections

For some reason I wasn't allowed to attach a file to ticket #87, so here
is the patch intended for it.

--- PDODatabase.class.php.orig	2006-01-16 16:32:55.000000000 +1300
+++ PDODatabase.class.php	2006-01-16 16:32:50.000000000 +1300
@@ -68,7 +68,17 @@

 			$pdo_username = $this->getParameter('username');
 			$pdo_password = $this->getParameter('password');
-			$this->connection = new PDO($dsn, $pdo_username, $pdo_password);
+
+			// let's see if we need a persistent connection
+			$persistent = $this->getParameter('persistent', false);
+
+			if (defined('PDO::ATTR_PERSISTENT')) {
+				$pdo_options = array(PDO::ATTR_PERSISTENT => $persistent);
+			} else {
+				$pdo_options = array(PDO_ATTR_PERSISTENT => $persistent);
+			}
+
+			$this->connection = new PDO($dsn, $pdo_username, $pdo_password, $pdo_options);

 		} catch (PDOException $e)	{

_______________________________________________
agavi-dev mailing list
agavi-dev <at> agavi.org

Exception handling patches for Context, ConsoleController, FrontWebController and PageWebController

Hi,

I created patches to Context, ConsoleController, PageWebController and 
FrontWebController that allows you to catch AgaviExceptions and forward 
them to a user-defined module/action pair. This basically sprung from 
the fact that our users will get a heart attack if they click something 
and suddenly a big red box with bold red text and some arcane code in it 
appears on the screen :)

This is a very unobtrusive patch, if you haven't defined AG_ERROR_MODULE 
and AG_ERROR_ACTION (in settings.ini) to point to a module/action pair 
that handles the exception (ie. makes a pretty error message), the 
exception is printed like it always has been, ie stack trace is printed 
to the screen. Same thing happens if an exception is thrown in the 
exception handler module (or in the path from handleException()).

Cheers,
Markus

--

-- 
Markus Lervik, CTO      | "In God we Trust - all others
Necora Systems Ltd      |  must submit an X.509 certificate"
http://www.necora.fi    |    - Charles Forsythe
markus.lervik <at> necora.fi | (X.509 certificate available at
+358-40-832 6709        | http://www.necora.fi/markus/x509.crt)

Index: D:/Projects/agavi/controller/ConsoleController.class.php
===================================================================
--- D:/Projects/agavi/controller/ConsoleController.class.php	(revision 447)

Agavi 0.11 Roadmap

Hi folks,

now that 0.10 has been released and 0.10.1 fixed a minor bug, we're  
ready to move on and focus on 0.11.

In the following, I'd like to show you what Veikko and I have planned  
for the next release (which should be the last major version before  
1.0), as well as some things we decided on that are vital to the  
success of the framework.

We've modified an existing, very excellent piece of software called  
Mojavi to build something even more exciting, and Agavi needs and  
deserves way more attention. A large user base is essential to the  
success of our efforts, and guarantees that the framework may become  
really mature due to feedback and suggestions from people that use  
the framework in production environments and for their daily  
development work.

One thing that we really need is a beautiful, large and informative  
website. http://www.symfony-project.org/ is a good example for this.  
The project has been released only weeks ago, but they alredy have an  
amazingly large amount of users, and this is mainly because they did  
some excellent "marketing" work.
I'll look into this one later this week and see if I can find a  
decent designer who would be willing create a simple, yet appealing  
layout that makes users feel like they are looking at a high-quality  
project when visiting the website for the first time (no mean to  
disrespect the current website, but it somehow feels... provisional ;))

Another topic is project management. I'd like to thank Bob for  

ContextConfigHandler is missing from autoload.ini

Hi Folks,

Current Agavi package is missing recently added ContextConfigHandler 
from code templates' autoload.ini. My bad, sorry :)

Bob: can you please fix the sample app and code templates, and rebuild 
packages as soon as possible. People are already bitching about this in 
#agavi. Thanks.

-veikko

Context.ini parsing problems & ContextConfigHandler

Hi,

As pointed out in http://forum.agavi.org/viewtopic.php?id=79 Agavi 
0.10.0 has a bug in context.ini parsing. This is because the 
ReturnArrayConfigHandler was changed to behave like it's suppose to 
behave and context.ini parsing relied on the older version of 
ReturnArrayConfigHandler.

We talked about this with David but fixing it has been delayed because 
of the holidays (oh yes, New Year's eve at Puerto de la Cruz, Tenerife 
was nice :). We both think that ReturnArrayConfigHandler now works as 
it's supposed to work so introducing a separate ContextConfigHandler 
class seemed like a good idea. So I did one (actually I just took an 
older version of the ReturnArrayCH and renamed it, I'm lazy and busy). 
This is a quick and dirty fix for now, but something had to be done. I 
opened a new branch for this.

Do we like this? Is it adequate for now? When do we merge it to trunk 
and (re-)release 0.10.0? Did Santa bring lot's of presents? Did we 
deserve them?

-veikko

Updated Agavi Install Script

Hello All,

I have rewritten the Agavi install script that I wrote some time back.

I have taken many suggestions into consideration and although this 
script is not perfect I welcome comments both positive and negetive.

Features:
--------------------------------
1) Allows the user to install the Agavi trunk
eg: asi install

2) Allows the user to install a specified Agavi branch.
eg: asi install v-dogg

This has been tested on:
Kubuntu Linux
SuSE Linux
Windows XP

With:
Apache 2.0.54
PHP 5.0.5
--------------------------------

Install:
--------------------------------
pear install http://www.weshays.com/pear/asi-2.0.0-beta.tgz
--------------------------------

Patch for ConfigCache::getCacheName()

Hi!

I stumbled across this when upgrading from PHP 5.0.5 to PHP 5.1.1
on my desktop box with Apache 1.3.30-something.

getCacheName() breaks when using '/' as directory separator on Windows.
This is because getCacheName() only conciders strings that start with
"<alnum>:\" to be windown drive+paths, but using '/ as the separator
works perfectly fine with Apache (I prefer to use '/' instead of '\\').

I submitted a ticket, but screwed things up when pasting the patch for
it. Stupid Wiki! Or more close to the truth; stupid me.

Attached is the patch.

Cheers,
Markus

--

-- 
Markus Lervik, CTO      | "In God we Trust - all others
Necora Systems Ltd      |  must submit an X.509 certificate"
http://www.necora.fi    |    - Charles Forsythe
markus.lervik <at> necora.fi | (X.509 certificate available at
+358-40-832 6709        | http://www.necora.fi/markus/x509.crt)

Index: D:/Projects/agavi/config/ConfigCache.class.php
===================================================================
--- D:/Projects/agavi/config/ConfigCache.class.php	(revision 170)
+++ D:/Projects/agavi/config/ConfigCache.class.php	(working copy)

Ready for 0.10.0 RC1

Hi guys,

I just committed a last fix to XSLView to SVN, as well as a  
RELEASE_NOTES file. A CHANGELOG has been in SVN for some days now. So  
here's teh plan:

1) We roll an 0.10.0 RC1 ASAP. Bob, could you do that? I believe  
you're most familiar with this stuff, and it makes things easier as  
you have easy access to the server to upload the files, announce the  
release etc.

2) Can you guys please have a look at the CHANGELOG and RELEASE_NOTES  
files and tell me if something missing or how bad my english is. Or  
just change it if you like, of course ;) Bob, I would like to have  
the section about logging a bit larger in the release notes, maybe  
you can add another paragraph or two to explain the functionality.

3) There are still tests missing, some tests fail, and some won't  
work on Windows. Veikko and I will write tests for the features we  
added until 0.10.0-final. Bob, I believe some of the tests you  
recently added fail with PHP fatal errors and stuff, could you have a  
look at that. I'll also look into some of the Windows issues later,  
but they should be pretty minor (using /tmp/blah files and stuff like  
that). I do, though, think that we should ship an RC1 now regardless  
so we can get a final ready for christmas ;)

4) This release will be kick ass.

5) Hope to hear from you guys real soon!