ZF Blog

Zend Framework 2.0.4 Released!

The Zend Framework community is pleased to announce the immediate availability of Zend Framework 2.0.4! Packages and installation instructions are available at:

Changes

ZF2 has shipped with two "view strategies" aimed at simplifying common use cases around developing JSON and XML APIs: Zend\View\Strategy\JsonStrategy and Zend\View\Strategy\FeedStrategy. Each of these would select an appropriate renderer based on one of the following criteria:

  • If the view model present was of a specific type (e.g., JsonModel, FeedModel).
  • If the Accept header contained the appropriate media type.

This latter condition sparked some worry that, when enabled at the application level (vs. enabled based on selected module, controller, action, or other more specific criteria), any endpoint could be forced to return JSON or Atom (based on the strategies registered), regardless of whether or not it was appropriate. This could lead to a couple bad situations:

  • Data present in the view model not intended for actual display now being displayed.
  • Raising of exceptions due to insuitability of certain view variables for serialization in the selected format (e.g., invalid feed data, non-JSON-serializeable objects, etc.); this could lead to resource consumption and potentially other vulnerabilities.

Based on these concerns, we made the following changes:

  • The JsonStrategy and FeedStrategy now only ever select a renderer based on the current view model type: e.g. if you want to expose something as JSON, you must return a JsonModel.
  • Introduced a new controller plugin, acceptableViewModelSelector(). This helper can be used to select an appropriate view model if the Accept header meets criteria you specify.
As an example of the latter:

<?php
class SomeController extends AbstractActionController
{
    protected 
$acceptCriteria = array(
        
'Zend\View\Model\JsonModel' => array(
            
'application/json',
        ),
        
'Zend\View\Model\FeedModel' => array(
            
'application/rss+xml',
        ),
    );

    public function 
apiAction()
    {
        
$viewModel $this->acceptableViewModelSelector($this->acceptCriteria);
        
        
// Potentially vary execution based on model returned
        
if ($viewModel instanceof JsonModel) {
            
// ...
        
}
    }
}

The above would return a standard Zend\View\Model\ViewModel instance if the criteria is not met, and the specified view model types if the specific criteria is met. Rules are matched in order, with the first match "winning."

Changelog

In addition to the changes mentioned above, this release included more than 40 patches, ranging from minor docblock improvements to bugfixes. The full list is as follows:

Thank You!

Many thanks to all contributors to this release!

Reminder

Maintenance releases happen monthly on the third Wednesday. Additionally, we have the next minor release, 2.1.0, slated for sometime next month.

Return to entries

blog comments powered by Disqus