Veikko Mäkinen

A Great Article Series on Agavi

Wed, 16 Sep 2009 09:58:52 +0300

Vikram Vaswani has written a great article series on Agavi. The five-part series starts off with the basic but in the end goes quite deep into building a multi presentational layer web application. Go read it on the IBM developerWorks! Now!

Propel Developers' Held a Meeting

Fri, 11 Sep 2009 09:10:06 +0300

Propel developers held an IRC meeting last night discussing the projects future. Amazingly many showed up and the discussion was active and fruitful.

Read the log at Propel Wiki.

Say It!

Wed, 04 Mar 2009 19:07:30 +0200

Disqus Comments

Integrating Disqus commenting system to my Tumblr blog was ridiculously easy. Just have to figure out why the comment form completely breaks my design :)

Be Careful with PHP's version_compare

Tue, 03 Mar 2009 13:33:48 +0200

Be Careful with PHP’s version_compare

var_dump(version_compare("5.2.8-0.dotdeb.1", "5.2.8", "<="));

Expected result: bool(true)

Actual result: bool(false)

The moral of the story: use < or >.

Installing a Project-local Propel

Sun, 01 Mar 2009 10:11:00 +0200

Installing a Project-local Propel

Installing Propel is often seen as a difficult task. Official installion instructions recommend installing via Pear and say more initial work is requireq to install it manually. I usually advice not to use global Pear installations but install everything per project because it gives you better control and you are able to use different versions of libraries for different project. This article shows you how easy it actually is to have a project-local installation of Propel 1.3.

Prerequisites

Phing 2.2.x (and, thus, Pear)

Phing is the only exception to my “no pear installations” rule. It can be installed per project but I see Phing as a development tool you can have globally on your development machine.

Suggested Directory Layout

/            project root
  dev/       development-time files (docs, database schemas, code templates etc.)
    db/      database development files (schema.xml, diagrams, docs etc.)
    libs/    development-time libraries
  libs/      runtime libraries (3rd party)

Getting Propel from the SVN

I recommend fetching Propel directly from the SVN repository simply because I see that as the easiest choice and you have full control of which version to pick. Also, should you ever want to upgrade to a newer revision (maybe there is a bugfix that isn’t officially released yet), you can just retrieve it from the repository. Personally I have 3rd party libraries set up as svn:external where possible but we don’t go into that in this article.

Propel is split into two components - generator and runtime libraries and we’ll keep those two appart. So, in your project root execute following SVN commands:

svn export http://svn.phpdb.org/propel/branches/1.3/generator dev/libs/propel

svn export http://svn.phpdb.org/propel/branches/1.3/runtime/classes/propel libs/propel

And that is it. YES, I mean it!

Propel is now ready to be used. You don’t need to set PATH or include_path, you don’t need to copy executables anywhere and you don’t have to modify a single file.

Building a Propel Project

Create your schema.xml, runtime-conf.xml and build.properties files in dev/db. To build your project go to your project root and run

dev/libs/propel/bin/propel-gen dev/db

… and whatch Propel do its magic. Propel creates output files into ´dev/db/build/´

Fine-tuning The Building Process

You can control where Propel puts the output with a few build.properties directives. Here’s an example that probably needs no explanation.

#relative to propel-gen script
propel.output.dir = ../../..
propel.php.dir = ${propel.output.dir}/app/lib/propel
propel.phpconf.dir = ${propel.output.dir}/dev/db/config
propel.sql.dir = ${propel.output.dir}/dev/db/sql

What About Runtime?

Yeah, you got me there - there’s still one thing you need to take care of before everything “just works”.

//propel runtime + path to your om classes
$path = '/my/project/libs' . PATH_SEPARATOR . '/my/project/app/lib/propel';
set_include_path(get_include_path() . PATH_SEPARATOR . $path);

Agavi 1.0.0 Beta 8 Includes a Critical Security Fix

Thu, 05 Feb 2009 09:28:00 +0200

Agavi 1.0.0 Beta 8 Includes a Critical Security Fix

A new Agavi 1.0.0 Beta 8 was released late yesterday (European time). As usual, the new version contains several improvements and bug fixes but also a fix to a critical cross-site scripting vulnerability described in http://trac.agavi.org/ticket/1019. The vulnerability actually affects, as far as we know, only Internet Explorer 6 and 7 which fail to encode URL according to standards.

Affected versions:

Agavi 0.11 up to and including 0.11.6-RC2
Agavi 1.0 up to and including 1.0.0-beta7

Solutions

Upgrade to 0.11.6 or 1.0.0 Beta 8
Patch your Agavi with a hot fix attached to the ticket
Use one of the workarounds described in the ticket.

Agavi Tip: Automatic Output of Validation Errors

Mon, 02 Feb 2009 21:13:48 +0200

Agavi Tip: Automatic Output of Validation Errors

I decided today to stop printing my validation error messages manually in the template. I knew that Form Population Filter (one of Agavi’s many excellent features also referred to as FPF) could be used to inject error messages into the HTML form next to erroneous fields but I want my error messages above the form. Once again David was there to help me and with a few iterations of trial and error he offered a working solution for me. And the solution was so simple and nice that I just had to blog it.

Filter Configuration

global_filters.xml




  
    write
  
  
  
    html
  

  
    
    before
    ${errorMessages}]]>
    ${errorMessage}
]]>

And that’s it. FPF injects all error messages above your form. Each error message in its own paragraph and all paragraphs wrapped inside a

Want More?

FPF can have different rules for different kinds of errors and with XPath you can inject them pretty much anywhere you want. See the Agavi’s sample application for more examples.

Running IE6, IE7 and IE8 Virtually

Mon, 26 Jan 2009 13:34:00 +0200

Running IE6, IE7 and IE8 Virtually

Now, this is not easy for me to admit but I just learned about an awesome Windows application by Microsoft.. from a mac user :)

Microsoft Virtual PC 2007 SP1 & Internet Explorer VPC Images

I cannot believe this has been under my radar all this time. Finally I can easily have different windows/IE setups. The software is free (yes, I found it hard to believe too but it’s true!) and Microsoft gives you ready-to-use virtual hard-drive images with operating system and IE ready.

It has been a long time since I last praised Microsoft for doing something right. And now I’m getting suspicious… what’s the catch here?!

Installation

Download Virtual PC 2007 setup.exe, execute it and enjoy the no-reboot-required installation (yet another amazing thing).
Download one or more hard-drive images, execute and select a directory where you want the image to be extracted.
Start Virtual PC 2007 and create a new virtual machine. Use the extracted hard-drive image.
Boot up the virtual machine and enjoy the IE experience

P.S. Like the original post describes you can use virtual images provided by MS with other operating systems / virtual machine hosts too.

Agavi 1.0.0 beta 7 released!

Sun, 11 Jan 2009 15:41:15 +0200

Agavi 1.0.0 Beta 7

Out of many changes there are two (or actually three) I want to emphasise because they may be backwards compatibility breaks for someone.

Default View Security Fixes

Two separate changes have been made to action’s default view handling to ensure strict security.

To make sure a developer doesn’t use unvalidated input data by mistake global unvalidated request data is locked during action and view execution. However, before 1.0.0 beta 7 it was possible to access the global request data in Action::getDefaultViewName(). This has now been fixed and anyone using the global request will be punished severely with an exception. Mind you, it has always been recommended that no application logic is put into getDefaultView(). It should just return the default view name for the action.

It was also recently discovered that the strict validation mode (default mode in Agavi 1.0) wasn’t working as it is supposed to when an action didn’t provide an execute method for the current request and the default view was used. In this case the request data was given to the view unfiltered which is against the strict validation mode principles.

PHP 5.2.8 Requirement (conditional)

Due to issues with magic quotes in PHP’s earlier versions and the fact that making Agavi bullet proof in all situations is beginning to be a maintenance nightmare it was decided to require PHP 5.2.8 if magic_quotes_gpc is ON. I’ll repeat: Agavi requires PHP 5.2.8 ONLY if magic_quotes_gpc is enabled on your server. If it’s not you can still use Agavi with PHP 5.2.0 or later (5.1.3 with Agavi 0.11).

Agavi Blog

1.0.0 Beta 7 Release Notes

Agavi Tip: Validation Gotchas

Wed, 07 Jan 2009 21:18:00 +0200

Agavi Validation Gotchas

Agavi’s input validation system is extremely versatile and even people with long history with Agavi - me for example - sometimes struggle to get their head around it. So I decided to put down a few gotchas. Here goes…

Validators Can Be Grouped

You can use AgaviAndValidator, AgaviOrValidator and AgaviXorValidator to group several validators.



  
    
      
        email
      
    
    
      
        phone
      
    
  
  
    Please provide email or phone

Validator Can Depend on Another Validator

Quite often you only want validate input B only if the user provided input A. Agavi makes this simple:



  
    Street
  



  
    Zip

Note: argument’s base attribute affects also provides/depends attributes (see example above) !!

Pimp My Error Messages

A validator can throw different error message based on what went wrong and error messages can be translated on the fly. Error message options vary between validators. See API docs for more.



  
    my_input
  
  
    Please fill this input
    Please keep it shorter than 40 characters
  
  
    40

Validating Array Inputs



    Id





    rows[Id]

Id

Validator Can Normalize And Export Combined Values

This example shows how to get AgaviDateValidator to validate a compound value. But that’s not all! It’ll even export a proper timestamp for you to use in your application code.



    
        day
        month
        year
    
    
        Validation error
    
    
        MyDatestamp

Remember to Validate ALL Input

Validation is not limited to GET/POST input parameters but HTTP headers and cookies can (and should) be validated too. Use the source attribute to tell the validator where to get the data from.


 REFERER

Validator is ran only if the parameter is non-empty.

By default the validator base class AgaviValidator checks that all the arguments are set before executing the actual validation. If the input value is empty or non-existent but required error is thrown. But if required attribute is set to False the validation just quietly continues to another validator. Normally this is not a problem but you might want to code a custom validator that exports a default value for empty parameters. In this case you need to override AgaviValidator’s checkAllArgumentsSet().

Did I forget something?

Join #agavi IRC channel and hassle me there or send email to veikko@veikko.fi.

Agavi Tip: Checking Validation Results

Tue, 06 Jan 2009 23:25:00 +0200

Agavi Tip: Checking Validation Results

Normally when an input validator fails you’ll just want to show the form again and let FormPopulationFilter do its magic (you do know you can it have re-populate the form and inject error messages into the form, don’t you?-). But occasionally you want to decide the next move based on what validator failed. With Agavi 1.0 getting validation incidents of a named validator is this simple:

public function handleError(AgaviRequestDataHolder $rd)
{
  $vm = $this->container->getValidationManager();
  if (count($vm->getReport()->getValidatorResult('my_special_validator')->getIncidents())) {
    return 'CriticalError';
  }
  else {
    return 'Error';
  }
  
}

Note: that AgaviValidationValidatorResult was missing from the core autoload.xml in 1.0 Beta 6. This has been fixed in the SVN If you aren’t using the bleeding edge version add the following line to your config/autoload.xml.

%core.agavi_dir%/validator/AgaviValidationValidatorResult.class.php

Agavi Debug Tools now supports Propel query logging (both...

Mon, 05 Jan 2009 22:41:09 +0200

Agavi Debug Tools now supports Propel query logging (both FirePHP and HTML output). Just configure Propel to use DebugPDO and AdtFilter to use AdtPropelDataSource. Nothing else required.

Agavi 1.0.0 Beta 6

Tue, 25 Nov 2008 21:55:00 +0200

Agavi 1.0.0 Beta 6 - Even More Secure

Default: Strict Validation ALWAYS

Agavi has a very special input validation system which, by default, will not let your application use any unvalidated input data. And this doesn’t mean only POST or GET parameters in HTTP world but also cookies and headers. Remember, those too are user input and must be considered insecure.

This strict validation mode has been the default setting for production environment for quite some time already but after Agavi was blamed for somebody’s poor input validation it was made default for development environments too. It had already been discussed earlier because different defaults for different environments was sometimes confusing and caused applications to break when moved to production.

Production-ready Exception Templates

Because people seem to be too lazy to configure exception templates for production use a new set of default templates was added to Agavi 1.0.0 Beta 6.

Download Agavi: http://www.agavi.org/download

Thanks to Harald “digitarald” Kirschner ADT’s...

Tue, 18 Nov 2008 09:51:00 +0200

Thanks to Harald “digitarald” Kirschner ADT’s FirePHP output is now 174% nicer. And a few bugs was fixed too. Check out ADT at http://adt.projectbin.org/.

Kübler-Ross Model

Mon, 17 Nov 2008 20:01:00 +0200

Five Steps to Agile Development

Denial
Anger
Bargaining
Depression
Acceptance

Elisabeth Kübler-Ross’ Five Stages of Grief describes how people handle grief and tragedy, especially when diagnosed with a terminal illness. Apparently these also apply to agile development and user experience practice :D

Originally blogged/linked by http://agileweb.org/.

Happy Birthday to Me

Mon, 17 Nov 2008 06:23:08 +0200

28 (0x1c) years today.

How to Enable Syntax Highlighting in Tumblr

Sun, 16 Nov 2008 13:34:00 +0200

How to Enable Syntax Highlighting in Tumblr

It’s alwasy nicer to read code snippets with a proper syntax highlighting but unfortunately Tumblr, although used by many code monkeys, doesn’t support this. It is however pretty simple to add syntax highlighting to Tumblr. All you need is a Javascript library (you have several to choose from) and a bit of Tumblr template editing. You of course also need a web host for these additional Javascript and CSS files.

Prerequisites

Web host for a few additional Javascript and CSS files. You cannot upload files to Tumblr.
Custom Tumblr template. You need to add a few lines of HTML code into your template.

SHJS - Syntax Highlighting in JavaScript

From all the alternatives Google found for me my choice was SHJS. It seemed simple enough.

1. Install SHJS

Just upload the SHJS files to your web host.

2. Edit Your Template

SHJS requires one main Javascript file plus one for each syntax you want to use. In the example only PHP syntax is loaded. You also need to load a CSS file. And the final thing to add is the onload call to body.

...

3. Start Showing off Your Mad Coding Skilz

SHJS automatically parses code wrapped inside

. Use special class identifiers to tell it what syntax highlighting to use. Refer to SHJS documentation for available syntaxes/class names.

  $foo = new MyClass('string', array(123, 456));

ADT Agavi Debug Tools

Sat, 15 Nov 2008 01:34:00 +0200

ADT Agavi Debug Tools:

I’ve released a first public version of a debug toolbar for Agavi. It supports traditional HTML output but you can also use it with FirePHP - extremely helpful when developing AJAX stuff with Agavi. Check it out at http://adt.projectbin.org/.

Hans explains what is wrong with PHP

Fri, 14 Nov 2008 18:56:00 +0200

Hans explains what is wrong with PHP:

(via wombert)

I just had to reblog this for two reasons - I wanted to learn how rebloging works with Tumblr AND BECAUSE HE IS SO RIGHT…

http://www.camilla.fi/

Fri, 14 Nov 2008 16:12:48 +0200

http://www.camilla.fi/:

Just finished upgrading my wife’s site. The site is of course built with Agavi :) English translation is almost ready but we decided to release the site without it for now.

Veikko Mäkinen

A Great Article Series on Agavi

Propel Developers' Held a Meeting

Say It!

Disqus Comments

Be Careful with PHP's version_compare

Be Careful with PHP’s version_compare

Installing a Project-local Propel

Installing a Project-local Propel

Prerequisites

Suggested Directory Layout

Getting Propel from the SVN

Building a Propel Project

Fine-tuning The Building Process

What About Runtime?

Agavi 1.0.0 Beta 8 Includes a Critical Security Fix

Agavi 1.0.0 Beta 8 Includes a Critical Security Fix

Affected versions:

Solutions

Agavi Tip: Automatic Output of Validation Errors

Agavi Tip: Automatic Output of Validation Errors

Filter Configuration

Want More?

Running IE6, IE7 and IE8 Virtually

Running IE6, IE7 and IE8 Virtually

Microsoft Virtual PC 2007 SP1 & Internet Explorer VPC Images

Installation

Agavi 1.0.0 beta 7 released!

Agavi 1.0.0 Beta 7

Default View Security Fixes

PHP 5.2.8 Requirement (conditional)

Agavi Tip: Validation Gotchas

Agavi Validation Gotchas

Validators Can Be Grouped

Validator Can Depend on Another Validator

Pimp My Error Messages

Validating Array Inputs

Id rows[Id]

Id

Validator Can Normalize And Export Combined Values

Remember to Validate ALL Input

Validator is ran only if the parameter is non-empty.

Did I forget something?

Agavi Tip: Checking Validation Results

Agavi Tip: Checking Validation Results

Agavi Debug Tools now supports Propel query logging (both...

Agavi 1.0.0 Beta 6

Agavi 1.0.0 Beta 6 - Even More Secure

Default: Strict Validation ALWAYS

Production-ready Exception Templates

Thanks to Harald “digitarald” Kirschner ADT’s...

Kübler-Ross Model

Five Steps to Agile Development

Happy Birthday to Me

How to Enable Syntax Highlighting in Tumblr

How to Enable Syntax Highlighting in Tumblr

Prerequisites

SHJS - Syntax Highlighting in JavaScript

1. Install SHJS

2. Edit Your Template

3. Start Showing off Your Mad Coding Skilz

ADT Agavi Debug Tools

Hans explains what is wrong with PHP

http://www.camilla.fi/