0

我试图通过过滤用户输入(将标签等用户数据列入黑名单)来确保我们在我们的网络应用程序中清理用户输入。基本上,Zend 建议开发人员在任何认为需要的地方专门执行此操作,因此如果页面 A 有表单,则应在检索表单数据后在其 pageAaction() 中完成过滤。我的应用程序中的所有表单数据都是这样检索的:

$this->_request->getParams(); 
$this->_request->getParam('specificParamName'); // to return specific param

好吧,在我的网络应用程序中,用户输入的所有内容都需要针对列入黑名单的字段进行清理。我显然希望将我的代码集中在一个地方,而不是与每个表单的黑名单进行比较。我的理解是,这应该/必须在 _request 对象的 getParams() 或 getParam() 方法中完成,因为我们总是从中检索表单数据。

如果是,我该怎么做?我不想触及核心 Zend 类并添加我自己的修改。

如果不是,那么集中我们的代码的最佳策略是什么?

免责声明:我们没有使用 Zend 表单,而是自定义编写我们自己的表单

4

3 回答 3

4

您可以扩展控制器类以实现自定义功能来清理输入 

    class UserController extends Custom_Controller_Abstract
    {

        $user = $this->getSafeParam('userid');
    }

在库/自定义/控制器/Abstract.php

    class Custom_Controller_Abstract extends Zend_Controller_Action
    {



        public function getSafeParam($paramName)
        {
            return sanitize($this->getRequest()->getParam($key));
        }

        protected function sanitize($value)
        {
            return $value;
        }
    }
于 2013-04-17T06:57:18.823 回答
0

Zend makes us perform our own sanitation of data because the requirements change so much from field to field.

You are apparently not using Zend_Form to build you form or you would use the standard filters and validators included with Zend_Form.

You do have access to the same validators and filters Zend_Form uses when not using Zend_form. These are available when you use Zend_Filter_Input.

Zend_Filter_Input is designed specifically to filter and validate information contained in an assiciated array like the ones supplied buy a $_GET or a $_POST array.

Basic usage is all in the controller/action:

$filters = array(
    //month is the array key, Digits is the name of the filter class
    'month'   => 'Digits',
    //account is the array key, Digits is the name of the filter class
    'account' => 'StringTrim'
);

$validators = array(
    //account is the array key, Digits is the name of the validator class
    'account' => 'Alpha',
    //* is a valid wildcard for validators and filters
    '*' => 'NotEmpty'
);

$data = $this->getRequest()->getPost();

//everything in the constructor
$input = new Zend_Filter_Input($filters, $validators, $data);

//or
$input = new Zend_Filter_Input($filters, $validators);
$input->setData($data);

There is a lot more that can be done with filters and validators, check out Zend_Filter_Input for more info.

于 2013-04-17T08:32:38.547 回答
0

使用getParamsorgetParam不会清理表单中的数据,您应该改用$form->getData($post)or $form->getValidData($post)

但是,我不久前也问过这个问题zend framework sanitizing data,并且那里有一些很好的答案 - 其中一个声明不要按照你的意愿去做(和我一样)。

于 2013-04-17T06:49:58.250 回答