Skip to end of metadata
Go to start of metadata

<p>The information on this page comes from ML discussions, IRC discussions, in-person discussions at conferences and elsewhere, and from the issue tracker (both feature requests and bug reports). The idea here is to eventually come up with a concrete list of deliverables for the ZF2 MVC. </p>

<p>Please comment with additions, areas you think need clarifications, etc.</p>

<h2>Controller layer:</h2>

<h3>Request</h3>

<ul>
<li>Should provide access to headers
<ul>
<li>Should provide ability to both create and access headers</li>
<li>Should provide negotiation for complex values, including those with separators (e.g., Accept, Cache-Control)
<ul>
<li>Cache negotiation would be potentially interesting (e.g., for usage with ESI and Varnish)</li>
</ul>
</li>
</ul>
</li>
<li>Should allow retrieving cookie values</li>
<li>Should provide mechanisms for accessing superglobals ($_SERVER, $_ENV, $_GET, $_POST, etc.)
<ul>
<li>Potentially allow attaching filter(chain)s to superglobal types</li>
<li>Potentially allow specifying defaults for required keys</li>
</ul>
</li>
<li>Should provide access to raw request body
<ul>
<li>Should provide auto-negotiation of JSON, XML in request body</li>
<li>Should transparently handle PUT</li>
</ul>
</li>
<li>Should provide access to URI
<ul>
<li>URI should be encapsulated as an object</li>
<li>URI would provide access to path, host, schema, port, etc.</li>
</ul>
</li>
<li>Interface and access should allow alternate implementations (e.g. Console vs. HTTP)
<ul>
<li>Potentially configurable ECGP style merging for HTTP env</li>
<li>Treat headers as metadata in non-HTTP versions</li>
</ul>
</li>
<li>Flip side: allow building an entire request (for use in clients)</li>
</ul>

<h3>Response</h3>

<ul>
<li>Should allow setting headers and header priority</li>
<li>Should allow setting cookie values</li>
<li>Should allow setting response body</li>
<li>Should allow retrieving headers, cookies, and response body (for use in clients)</li>
<li>Interface and access should allow alternate implementations (e.g. Console vs. HTTP)</li>
</ul>

<h3>Router</h3>
<ul>
<li>Add EventManager integration</li>
<li>Fast/conditional matching</li>
<li>Easier, more flexible resource matching for RESTful requests
<ul>
<li>including resource relationships (e.g., /book/2/chapter/3)</li>
</ul>
</li>
<li>Standardized console routing</li>
</ul>

<h3>Dispatching</h3>

<ul>
<li>Add EventManager integration</li>
<li>Support ZF1-style dispatching</li>
<li>Support Dispatchable interface
<ul>
<li>Potentially using direct mapping of controllers to classes</li>
<li>Potentially by pulling controllers/dispatchables from DI container</li>
</ul>
</li>
<li>Should support short-circuiting – basically, as soon as a response is available, return it
<ul>
<li>This could be from dispatching, or from return values from events (e.g., a cache handler that returns full response, an ACL handler that returns "unauthorized", etc.)</li>
</ul>
</li>
</ul>

<h3>Action controllers</h3>
<ul>
<li>Add EventManager integration to base controllers</li>
<li>Support ZF-1 style with helper broker, et. al.
<ul>
<li>potentially substituting plugins with EventManager</li>
</ul>
</li>
<li>Support alternate style with real return values
<ul>
<li>Ideally return seeds view</li>
</ul>
</li>
<li>Support RESTful styles natively</li>
</ul>

<h3>Server classes</h3>

<ul>
<li>Make dispatchable, so they may be attached to MVC directly</li>
<li>Must provide decorators for request/response objects</li>
<li>Refactor to use Zend\Reflection
<ul>
<li>Get rid of Zend\Server\Reflection, in favor of a PrototypeBuilder class</li>
</ul>
</li>
<li>Move serialization of formats into Zend\Serializer?</li>
</ul>

<h3>Bootstrapping/Application context</h3>

<ul>
<li>Configuration driven?
<ul>
<li>If so, introduce configuration caching</li>
</ul>
</li>
<li>DI-driven?</li>
<li>Class-driven? (e.g., ZF1 bootstrap classes)</li>
<li>How and where should events be wired?</li>
<li>How and where are action helpers wired and injected? or are they?</li>
</ul>

<h3>Modules</h3>

<ul>
<li>What are "modules" vs. a "component model"?</li>
<li>Can this be addressed simply using namespaces?</li>
</ul>

<h2>View Layer:</h2>

<ul>
<li>What does an engine look like?
<ul>
<li>What pieces are common across implementations? (PHP-based, Smarty, Mustache, Twig, DTL, etc).
<ul>
<li>encoding?</li>
<li>XHTML vs HTML?</li>
<li>etc.</li>
</ul>
</li>
<li>Should we have multiple implementations? If so, which?
<ul>
<li>Many requests for design-centric implementation
<ul>
<li>Templates in separate project or tree from application</li>
<li>Templates edited by non-developers</li>
</ul>
</li>
</ul>
</li>
</ul>
</li>
<li>How should the view layer integrate with the MVC layer?
<ul>
<li>Direct injection?</li>
<li>Via events?
<ul>
<li>e.g., event attached to Response::send() that introspects the "content" and metadata of the Response in order to prepare the rendered response</li>
</ul>
</li>
</ul>
</li>
<li>How should different contexts (XML, JSON, Atom, etc) be handled?
<ul>
<li>Where would official mobile integration live as well? (e.g., for selecting layout)</li>
</ul>
</li>
<li>How will helpers work?
<ul>
<li>__call() is slow
<ul>
<li>But the best way to provide migration from ZF1</li>
</ul>
</li>
<li>Strategy pattern may not be the best solution
<ul>
<li>But, again, best way to provide migration from ZF1</li>
</ul>
</li>
<li>Some helpers require injection of non-view-related objects</li>
<li>Some helpers need knowledge of view configuration (e.g. XHTML? encoding?)
<ul>
<li>Should those be part of a view engine? or simply configuration?</li>
</ul>
</li>
<li>Can helpers be used across engine implementations?</li>
</ul>
</li>
<li>What about caching?
<ul>
<li>Support for edge side includes?</li>
<li>built-in caching for...
<ul>
<li>content?</li>
<li>template tokens?</li>
<li>partials?</li>
</ul>
</li>
</ul>
</li>
</ul>

<h2>Model layer:</h2>

<ul>
<li>Common "model-like" infrastructure?
<ul>
<li>Collections (countable, iterable, ability to return items of specific class, etc.)</li>
<li>Serialization interfaces/classes (toArray, fromArray, toJson, fromJson, toXml, fromXml, etc.)</li>
<li>Interfaces, traits for "configurable", "eventful", etc.</li>
</ul>
</li>
<li>Forms
<ul>
<li>De-couple view layer from Form classes
<ul>
<li>Move to view helpers (which would take elements and create HTML representations from them)</li>
</ul>
</li>
<li>De-couple filtering and validation from elements
<ul>
<li>Move to brokers?</li>
<li>Move to form-level, to allow moving chains between domain models and forms (chains would be used to seed values and error messages)?</li>
</ul>
</li>
</ul>
</li>
</ul>

<h2>Tooling:</h2>

<ul>
<li>As changes in MVC strategies are implemented, tooling needs to support the changes.</li>
</ul>

<h2>Migration from ZF1</h2>

<ul>
<li>Must have some sort of "compatibility" layer</li>
</ul>

Labels:
None
Enter labels to add to this page:
Please wait 
Looking for a label? Just start typing.
  1. May 11, 2011

    <p>This is not a specific comment on the content, but about "But the best way to provide migration from ZF1". <em>Now</em> we have the chance to get lost of old habits and remove slow functions, so my advice is not to look to the ease of migration but rather the required final result.</p>

  2. May 11, 2011

    <p>It would be good to have the ability to have route based bootstrapping. This would allow for bootstrapping on certain route criteria. Modules themselves, if we go to a component module over an application module stance, would not need bootstrapping.</p>

    <p>An additional option would be to have a merged config, pulling the main config followed by config files for the modules, all of which gets cached until the hash of the collective modules change. <br />
    Since there is no interrogation, autoloading or reflection of bootstrap classes this should in theory improve speed.</p>

    1. May 12, 2011

      <p>Dependency Injection can largely answer this, actually. In the prototype I've been working on, the router simply determines what controller to use, and you then pull the controller out of the DI container – which gets you only the dependencies needed for that request.</p>

      <p>Of course, it requires that autoloading be setup correctly – but, again, new features such as the ClassMapAutoloader make that reasonably simple to accomplish.</p>

      <p>I'm personally of the opinion that a module should be simply a namespace for code used by the application.</p>

  3. May 11, 2011

    <p>+1 to "doing it right" over keeping backwards compatibility</p>

    1. May 12, 2011

      <p>Seconded</p>

    2. May 12, 2011

      <p>Indeed. </p>

  4. May 12, 2011

    <p>In some large Zend Framework projects i've found the default route-to-module+controller mapping of ZF1:</p>

    <blockquote>
    <p>admin/registration/data-viewer --> modules/admin/controllers/RegistrationController.php</p></blockquote>

    <p>a little too restrictive. I've toyed with hacking a HMVC-alike controller/router setup into ZF1, but never did get very far. It would be nice if ZF2's MVC could be configured so that we could set up routes like these:</p>

    <blockquote>
    <p>admin/registration --> modules/admin/controllers/RegistrationController.php<br />
    admin/registration/data-viewer --> modules/admin/controllers/Registration/DataViewerController.php<br />
    admin/registration/data-viewer/by-site/id/99 --> modules/admin/controllers/Registration/DataViewer/BySiteController.php</p></blockquote>

    <p>In my mind, this routing process doesn't need to be automatic like the current Zend_Controller is by default. All routes would be defined upfront by the application (ie: map route directly to name of controller class), as there is so much ambiguity possible in the URI->file mappings that complexity and low performance would become issues.</p>

    <blockquote>
    <p>admin/registration/data-viewer/by-site/id/99 could possbily dispatch to one of:<br />
    modules/admin/controllers/RegistrationController.php (call dataViewerAction)<br />
    modules/admin/controllers/Registration/DataViewerController.php (call bySiteAction)<br />
    modules/admin/controllers/Registration/DataViewer/BySiteController.php (call idAction)<br />
    ( + All of those again, but with indexAction instead of the action method noted)</p></blockquote>

    <p>Perhaps this could be implemented as a new router type coupled with storing controllers in a PSR-0-compatible way?</p>

    <p>Thoughts?</p>

    1. May 12, 2011

      <p>In the prototype I've been working on, I got rid of the concept of modules from routing, and instead did like you suggest: route maps to controller name. I then pull the controller from the DI container – which allows me to map controller names to actual classes. </p>

      <p>Additionally, I treated the "application" directory as simply a location for code, and a "module" is simply a namespace within that directory. As such, the hierarchy can be arbitrarily deep.</p>

      <p>Between these two concepts, I think many of your questions are answered.</p>

      1. May 13, 2011

        <p>Excellent! That's exactly what I was hoping for.</p>

  5. May 12, 2011

    <p>I'm looking forward to the EventManager integration, I looked at using Symfony's EventDispatcher lib with a ZF1 app I've been prototyping. While I got it to work, it feels kludgy.</p>

    <p>In terms of module re-usability, my questions are:</p>
    <ul>
    <li>Can modules provide js/css files for an application to load and potentially override?</li>
    <li>For the view layer, it'd be nice if an application could override the templates bundled within a module without changing the module's template/view code.</li>
    </ul>

    1. May 12, 2011

      <p>You can go ahead and use the ZF2 EventManager today, if you want, if you're running on PHP 5.3; any feedback you have to give is welcome.</p>

      <p>Regarding module re-usability, public assets are always a problem. While we can do things like symlink these into the public/ tree, that doesn't work on all operating systems. I'm hoping that perhaps we might integrate Assetic, as that approach looks quite thorough and promising.</p>

      <p>What you discuss with the view layer is similar to the way the current script path works currently – but it can be tricky to get right. A more thorough solution would be to adopt HMVC principles. I think HMVC may be an interesting approach – but I'm not entirely sure if we should target that for 2.0, or a later revision (2.1 or beyond) due to the complexity involved.</p>

      1. May 13, 2011

        <p>The way I've handled static assets from modules in ZF 1 is to have a standalone 'static.php' script in public/ with some extra rewrite rules that point to it. The script then knows based on the URL which module and path to map the request to (e.g. /blog/images/foo.png might go to /application/modules/blog/public/images/foo.png), and it can create symlinks (where appropriate) to speed up future requests. I'd not seen Assetic though, looks interesting.</p>

        1. May 15, 2011

          <p>I think this static.php like solution is unnecessary. For example to create thumbnail images I create a route object in Bootstrap.php of image module. The URL is: image/thumb/something_30x30.jpg. First time the module catches the request, creates the image file and moves it into public/image/thumb directory. Next time the webserver will serve the previously generated static file. You can also use this idea to use module based javascript and css files.</p>

      2. May 30, 2011

        <p>+1 to the Assetic implementation. I have been playing around with it locally for a week or so and it makes asset management super easy.</p>

  6. May 12, 2011

    <p>I propose the use of Symfony2's MVC. Any requirements not met OOTB can be added via ZendMvcBundle.</p>

    1. May 13, 2011

      <p>I have to say, that i actually really like Symfony2's approach to MVC. It is clean and without magic. <strong>But</strong> the implementation seems to favor low code quality. There are public properties all over the place.</p>

      <p>so -> +1 for similar approach and cleaner implementation</p>

  7. May 12, 2011

    <p>Hi two things,</p>

    <p>*) +1 to "doing it right" over keeping backwards compatibility</p>

    <p>*) I do not see any suggestions on how to tie everything together such as being done in<br />
    Zend_Controller_Front::dispatch(): creating request, response, dispatcher, router, firing plugin hooks, ...<br />
    I see the EventManager recurring a lot, so the hooks are being handled, but what about putting everything together? Will there still be a frontcontroller? If so what will be its role?</p>

    1. May 12, 2011

      <p>The front controller would still exist, but it would be much smaller – it would compose an EventManager and the router, and would handle dispatching directly. That leaves matching controller names to controller classes – which can be done by either composing a DI Container/Service Locator, or by composing something like a plugin broker. Overall, though, its role is greatly diminished; it no longer acts as a global registry.</p>

  8. May 12, 2011

    <p>My notes:</p>

    <ul>
    <li>Would be nice for modules to be first class, they are rather tagged on in ZF1</li>
    <li>Internally using DI sounds good, though we would need a good way of doing all the wiring
    <ul>
    <li>How would we provide default wiring?</li>
    <li>Could we have wiring "profiles" for configuring different setups quickly? For example CLI.</li>
    </ul>
    </li>
    <li>With general wiring (events, di and helpers), I think we should try and keep it as simple as possible. Its one of the hardest things for new users to grasp and introduces a lot of magic IMHO. So whatever happens we are going to need clear docs.
    <ul>
    <li>Do we have need an extra documentation requirement that would list all events etc involved with a component, where they are configured and where they come from?</li>
    </ul>
    </li>
    <li>+1 to "doing it right" over keeping backwards compatibility
    <ul>
    <li>One usecase to consider would be having a mix of ZF1 & ZF2 code, if this is supported it make it easier to refactor an application over time.</li>
    </ul>
    </li>
    <li>Models, wouldn't go too deep into this, would be great to provide some basics (Collections etc) but DC2 support would probably be better.</li>
    <li>+1 for decoupling the form components being able to grab the chains would be very helpful.</li>
    </ul>

    1. May 12, 2011

      <p>I've commented on modules above – but let me illustrate:</p>
      <ac:macro ac:name="code"><ac:plain-text-body><![CDATA[
      application/
      Blog/
      Controller/
      Entry.php
      Admin.php
      Model/
      Mapper.php
      Entry.php
      EntryService.php
      View/
      Entry.php
      Entries.php
      TagCloud.php
      ]]></ac:plain-text-body></ac:macro>
      <p>The idea is that application/ is just a directory containing namespaced code. The tree follows PSR-0 guidelines. You define a module as simply a directory/namespace containing related code that belongs in the application. The hierarchy can be arbitrarily deep, and follow whatever conventions you need.</p>

      <p>In the router, you're then aiming to identify a "controller" – matching a route should de facto indicate we know what the controller is. We then pull the controller object from the DI container, which allows us to match that controller name to a specific controller class – and we know how to locate the class due to the autoloader – which can be either a PSR-0-compliant path-based autoloader, or a ClassMap autoloader.</p>

      <p>Basically, it makes the story of modules dirt simple. It also much more directly provides a path for <em>reusable</em> modules.</p>

      <p>Regarding DI wiring, we have two goals: application performance, and developer performance. The former is largely solved currently. The latter is where wiring comes in. Ralph is working on some functionality for auto-generating wiring from reflection, and also some tools for implementing "first-run" compilation. You as a developer will still need to indicate things like aliases and explicit dependencies, but the work will be relatively simple.</p>

      <p>Part of that work is also to provide per-environment definitions and application containers. This should aid situations like testing and re-purposing for the CLI.</p>

      <p>Moving on to events – yes, we'll need to list all possible events in the documentation for each class, as well as the "aliases" each class might listen on. Most even wiring is actually very explicit: "I want to listen to these events on this class". The main problem is determining where we want that wiring to be made within the application definition. The bootstrap makes most sense, but we need to define exactly what <em>that</em> is.</p>

      1. May 14, 2011

        <p>I like the simplicity of this. Aesthetically, I prefer the old style of lower-case plural directory names, but I don't think they are worth the added loader complexity.</p>

        <p>Where would layout and view templates go? Should there be a way for modules to participate in Bootstrap?</p>

        1. May 16, 2011

          <p>RE: lower case plural directory names: one issue I've seen is that developers are not aware that the classes in there are under a module namespace, nor where to find that namespace. While we have documentation around this, having the same rules apply to this code as general library code adds consistency, which aids in learning the framework.</p>

          <p>RE: layout/view templates, asset management such as templates is something we need to discuss with relationship to the view layer.</p>

          <p>The prototype I've been working on uses Mustache as the view implementation. As such, I'm putting all templates under a single hierarchy. This resolves one issue many have raised with ZF1 – they have separate design and development teams, and need to keep these as separate "projects" in version control. However, it raises <em>new</em> questions when it comes to reusable module development – where do the templates for a given module live? </p>

          <p>So, let's begin discussing that. <ac:emoticon ac:name="smile" /></p>

          <p>Third, regarding modules participating in the bootstrap: I see 4 key areas we need to address:</p>

          <ol>
          <li>How do we inform the DI container about module classes, and how do we provide injection alternatives?</li>
          <li>How do we route to controllers in a module?</li>
          <li>How do we serve a module's public assets?</li>
          <li>How do we extend or use templates within a module?</li>
          </ol>

          <p>So, let's add these questions to the list. <ac:emoticon ac:name="smile" /></p>

      2. May 15, 2011

        <p>Would the controllers still support sub dirs?</p>

        <p>With configuration/wiring I think it would be good to support various levels. By this I mean for simple apps you probably can have one Mega configuration place, but for complex apps you may want to split into smaller files either per module or something similar. A way of configuring this would be very useful.</p>

        <p>As for the bundle idea, I can understand why people would want this but for me it would not help, so I would put it as a low priority. Having a way to make modules self contained would be good but I don't think perbuilt bundles for things like acl make that much sense as they would be a lot to maintain and make the framework over prescriptive IMHO. One of the things I love about zf is it lets you work in your own way, this flexibility is very important for enterprise development. </p>

        1. May 16, 2011

          <p>Controllers could appear <em>anywhere</em> in the application hierarchy; you simply need to:</p>

          <ol>
          <li>route a particular URL to a unique controller "name", and</li>
          <li>map a controller name to a specific class</li>
          </ol>

          <p>Likely we'll provide some tools for automating this (either through conventions or via API annotations); the point remains, however, that a controller can live anywhere.</p>

          <p>Regarding bundles/modules, the idea is not that the framework would maintain these, but instead provide an infrastructure for others to write and maintain them. As such, you, as a developer, can pick and choose what if any third party modules you want to incorporate, and also write your own re-usable modules for your own projects.</p>

  9. May 12, 2011

    <p>Some good stuff here. A few thoughts:</p>

    <p>Bootstrapping/Application configuration -</p>

    <p>Personally I prefer to do as much as possible of my application configuration in PHP (i.e. _init() methods in the bootstrap class), instead of through application.ini, I just think it's easier to see what's going on that way. Some of the things that show up in the application.ini are not especially intuitive (e.g. "resources.modules[] = "), and I think this can cause confusion for beginners. I'm not suggesting ZF2 should move everything into code, but I hope ZF2 doesn't go too far down the config file route.</p>

    <p>Perhaps one way to improve things would be to have the default application.ini created by Zend_Tool to be a little more like the default php.ini files, containing various (all?) options in there by default (even if they are commented out), with comments explaining what they do.</p>

    <p>On the topic of configuration, I'd also like to see some separation of <em>application</em> configuration and <em>environment</em> configuration. Imagine you have an application that runs in various locations and is worked on by a few different developers. Currently in ZF we have application-level things like the bootstrap class name, autoloader namespaces (things that will be the same in each instance of the application) in the same file as environment-level things such as database login details (which will likely be different for different developers). You'd often want the application-level stuff to be under source control whilst you keep the environment stuff out, this is a bit awkward to do currently. </p>

    <p>Models - I like the idea of some interfaces to provide some structure around current conventions, e.g. a 'configurable' interface which presumably would define setOptions().</p>

    <p>Other things - </p>

    <p>I'd like to see support for controller namespacing, which I think is what Adam is suggesting above. The obvious use case for this is admin routes, which I think a lot of people use modules for. So you'd have /news routing to application/controllers/NewsController.php, and /admin/news routing to application/controllers/admin/NewsController.php. This shouldn't replace modules <ac:emoticon ac:name="warning" />, it just provides a way to group controllers together without having to use modules (overkill) or custom routes.</p>

    <p>I hope there is some consideration towards reusable modules, which is something that pops up quite often. I wouldn't expect this to be in ZF 2.0, but it will affect some of the things being discussed here so I hope it's at least on the radar.</p>

    1. May 15, 2011

      <p>I agree, we should start moulding modules into self contained units and move other parts to a better suited location. </p>

      <p>It would be good to drop the automatic determination of anything past the base route (not including modules). <br />
      By this I mean primarily the only route should be /controller/action. Any other extra, like an admin route for example, would be defined by the user in the routes config.</p>

      1. May 16, 2011

        <p>I agree here. In the prototyping I've been doing, I've actually defined <em>all</em> of my routes explicitly, as this makes it really easy to determine exactly what class and method is being invoked. That said, I think having a conventions-based route such as "/:controller/:action" makes a lot of sense as well, as does a "RESTful" route. Beyond that, explicit should rule the day.</p>

        1. May 21, 2011

          <p>In regards to modules, how would these be "Bootstrapped" ?? I mean will the system scan the folders and files as in ZF1 or will there be some "cleaner" way?..<br />
          could a scan of everything on every load be done away with?</p>

    2. May 18, 2011

      <p>Somewhat linked to making things easier to learn, any chance we could move away from INI files? A simple native PHP configuration format could remove some of the pain from array handling (repetitive long worded prefixing is not that simple).</p>

  10. May 14, 2011

    <blockquote>
    <ul>
    <li>How should different contexts (XML, JSON, Atom, etc) be handled?
    <ul>
    <li>Where would official mobile integration live as well? (e.g., for selecting layout)</li>
    </ul>
    </li>
    </ul>
    </blockquote>

    <p>Personally, I'm a big fan of the context switch action helper. It minimizes controller action code duplication. Potentially we could add a 'mobile' context. I see no reasons why contexts could not apply to layouts as well.</p>

    1. May 15, 2011

      <p>I already made up something like that. It is important to couple a context switch action helper to a frontcontroller plugin, because for mobile views it's also required to switch a layout. More information <a href="http://juriansluiman.nl/en/article/111/mobile-detection-with-zend_http_useragent">here</a>.</p>

    2. May 16, 2011

      <p>ContextSwitch is nice, but it requires a lot of coupling:</p>

      <ul>
      <li>It has to be enabled across all controllers, and...</li>
      <li>has to know about the ViewRenderer instance and modify its state (to change the template suffix)</li>
      </ul>

      <p>Additionally, if code <em>cannot</em> work with a certain context, you then have the controller needing to know how to deal with that situation (i.e., re-enabling layouts, re-setting the template suffix, etc.). </p>

      <p>While I think in most cases, ContextSwitch works, I think this can be done in more transparent and easier to trace ways if we have it as part of rendering. A rendering engine would be told the current context (or derive it from the Request object), and then choose which renderer and/or template to use. And rendering can now potentially happen at the last possible moment – which means we know exactly what context we're in and whether or not to use a layout.</p>

  11. May 15, 2011

    <p>Some opinions on the controller layer...</p>

    <p>I'll put my considerations on the rest in a different comment to make it not too long.</p>
    <ul>
    <li>Please dont quote this comment as a whole</li>
    <li>Please feel free to discuss also on IRC (#zftalk.dev, freenode) or on the mailinglists. As long as conclusions of any such discussions find their way back to this page.</li>
    </ul>

    <p><strong>Response</strong></p>
    <blockquote><p>Should allow setting headers and header priority</p></blockquote>

    <p>I'd propose to not do that. This would mean you need to do extra loops and possibly resorting. I'd propose to add the ability to define a callback that actually performs the ordering. We could then supply a callback ourselves that just sorts on priority, but do not enable it by default. This does imply that headers should be given the opportunity to contain additional metadata that can be used for ordering (and modification of those headers if someone would want to).</p>

    <p><strong>Routing</strong> Should imho not be related to MVC, proposing to move this to its own proposal/discussion. Rest: should be way better defined, and again has no place in this proposal imho. (Matthew, do you still have the pastie I gave you a /long/ time ago on how I'd do rest routing?).</p>

    <p><strong>Dispatching</strong><br />
    </p><blockquote><p>Support ZF1-style dispatching</p></blockquote> < What is hereby understood, what parts are intended to be replicated. Does it make sense? Adding compatibility layers should not be an upfront requirement imho because it only limits the innovativity that's put in the new stuff. Compatibility layers can always be implemented in a later phase/stage.<br />
    <blockquote><p>Should support short-circuiting – basically, as soon as a response is available, return it</p></blockquote> Isn't that a characteristic of the Eventmanager?<p />

    <p><strong>Action controllers</strong><br />
    </p><blockquote><p>Support ZF-1 style with helper broker, et. al. potentially substituting plugins with EventManager</p></blockquote> again, imho BC should not be a goal or consideration when designing new versions. Compatibility can always be dealt with in a later stage.<p />

    <p><strong>Server classes</strong>:<br />
    I agree they should be dispatchable, but not sure they should have decorators. An alternative approach may be to have it just define its own output, and skip the view layer alltogether.</p>

    <blockquote><ul>
    <li>Refactor to use Zend\Reflection</li>
    <li>Get rid of Zend\Server\Reflection, in favor of a PrototypeBuilder class</li>
    </ul>
    </blockquote>
    <p>Which one is exactly meant here? I'd propose to use a prototypebuilder class indeed which may then rely on reflection. Have this class work on-the-fly in development environments.</p>

    <p><strong>Bootstrapping/Application context</strong><br />
    Should be a totally separate discussion, I'd propose mailinglist.</p>

    <p><strong>Modules</strong><br />
    Imho only relevant to bootstrapping (will also address this under views).</p>

    <p>(edit, added: )<br />
    <strong>Tying it all together</strong><br />
    In the comments I'm reading that the idea is to have a frontcontroller. What would be the position of such thing when we also have a DI tool. Wouldn't it be a good idea to store it all in one common DI framework and just rm Zend/Controller/Front.php?<br />
    Also, it happens to me a lot that an 'action' (or its missing presence) is represented only by a view and a few mappers. If one could also define actions by simply putting them in your routes config or as key of a property of the controller class we would not have to define empty methods for these, and because of the fact that they're missing skip a few things in the dispatching process and potentially improve performance there.</p>

    1. May 16, 2011

      <p>Responding to some selected items only here.</p>

      <blockquote><h5>Response</h5>

      <ul>
      <li>Should allow setting headers and header priority</li>
      </ul>

      <p>I'd propose to not do that. This would mean you need to do extra loops and<br />
      possibly resorting. I'd propose to add the ability to define a callback that<br />
      actually performs the ordering. We could then supply a callback ourselves that<br />
      just sorts on priority, but do not enable it by default. This does imply that<br />
      headers should be given the opportunity to contain additional metadata that can<br />
      be used for ordering (and modification of those headers if someone would want<br />
      to).</p></blockquote>

      <p>Agreed; this approach makes a lot of sense, and also goes along with the general<br />
      idea of request/response objects having both metadata and content.</p>

      <blockquote><h5>Routing</h5>
      <p>Should imho not be rlated to MVC</p></blockquote>

      <p>Why not? Routing is how we analyze the Request object and match it to a<br />
      dispatchable; I'd consider this fairly central to the MVC. I think the actual<br />
      <em>implementation</em> of routing should be a separate proposal and discussion, but<br />
      <em>where</em> and <em>when</em> routing happens in a request lifecycle is definitely a part<br />
      of this discussion.</p>

      <blockquote>
      <ul>
      <li>Should support short-circuiting – basically, as soon as a response is<br />
      available, return it</li>
      </ul>

      <p>Isn't that a characteristic of the Eventmanager?</p></blockquote>

      <p>Yes and no. It is in that you can short-circuit an event at any time. However,<br />
      whatever <em>triggered</em> the event then needs to determine if a short-circuit<br />
      happened, and act on it. When I say we should short-circuit as soon as a<br />
      response is detected, this is the role of the front controller – identifying if<br />
      an event has resulted in a response, and, if so, returning it.</p>

      <blockquote><h5>Server classes</h5>

      <p>I agree they should be dispatchable, but not sure they should have decorators. An alternative approach may be to have it just define its own output, and skip the view layer alltogether.</p></blockquote>

      <p>That's what they do right now. However, to be compatible with the MVC system,<br />
      they would need to return a response. The response itself doesn't really require<br />
      decoration, but decoration may be needed on the Request to ensure that the<br />
      server can get the information it needs out of it (e.g., pulling XML or JSON<br />
      from the raw request body and parsing it into parameters). </p>

      <blockquote>
      <ul>
      <li>Refactor to use Zend\Reflection</li>
      <li>Get rid of Zend\Server\Reflection, in favor of a PrototypeBuilder class</li>
      </ul>

      <p>Which one is exactly meant here? I'd propose to use a prototypebuilder class indeed which may then rely on reflection. Have this class work on-the-fly in development environments.</p></blockquote>

      <p>What I was getting at here is that there is a fair bit of code duplication<br />
      between Zend_Server_Reflection and Zend_Reflection. Zend_Server_Reflection's<br />
      main value-add is being able to provide method prototypes. My suggestion is<br />
      creating a Zend_Server_PrototypeBuilder class that consumes Zend_Reflection in<br />
      order to create the prototypes.</p>

      <blockquote>
      <h5>Bootstrapping/Application context</h5>
      <p>Should be a totally separate discussion, I'd propose mailinglist.</p></blockquote>

      <p>That was the problem with ZF1 – we talked about bootstrapping and application<br />
      context <em>after</em> we developed the MVC, and they were literally tacked on. This<br />
      should be an integral part of the MVC discussion – it helps inform a number of<br />
      decisions, ranging from configuration to caching to how developers setup the<br />
      application initially. I'd rather not go through the 0.6.0 - 0.9.0 cycles again.<br />
      <ac:emoticon ac:name="smile" /></p>

      <blockquote>
      <h5>Tying it all together</h5>
      <p>In the comments I'm reading that the idea is to have a frontcontroller. What<br />
      would be the position of such thing when we also have a DI tool. Wouldn't it be<br />
      a good idea to store it all in one common DI framework and just rm<br />
      Zend/Controller/Front.php?</p></blockquote>

      <p>Something somewhere along the line needs to:</p>

      <ol>
      <li>map the route to a controller name</li>
      <li>retrieve a controller based on the name matched</li>
      <li>dispatch that controller</li>
      <li>handle any errors that may occur in the above steps</li>
      </ol>

      <p>That's what the front controller is for. DI can be used to handle step 2, but is<br />
      hardly a solution for the rest of it, other than to provide objects as needed.</p>

  12. May 15, 2011

    <p>Some things on the view & model layer (and modules):</p>

    <blockquote><p>What pieces are common across implementations? (PHP-based, Smarty, Mustache, Twig, DTL, etc).</p></blockquote>

    <p>The common denominator here would be:</p>
    <ul>
    <li>Variables assigned to layout(/view)</li>
    <li>response (the body) from layout(/view)</li>
    </ul>

    <p>The implementation of each solution (assuming a webenvironment) should also return a content type and encoding. Wehther it retrieves those from the actual view/layout invoked or whether this is determined by the implementation should be left up by the implementation.</p>

    <blockquote><p>Should we have multiple implementations? If so, which?</p></blockquote>

    <p>Obviously we should ship a php implementation. If the community is able to supply other implementations as well I think we could just ship these. They however should imho not slow down development of the fw. If we choose to ship a smarty implementation by default I would propose to ignore Smarty <V3, designers can also learn new things.</p>

    <p>As discussed on IRC there should be a paragraph or chapter in the manual describing the considerations for choosing an implementation (like: if you work with programmers, there's no reason to separate html from php). I will do this - when the time is there.</p>

    <p><strong>MVC</strong></p>
    <blockquote><p>How should the view layer integrate with the MVC layer?</p>
    <ul>
    <li>Direct injection?</li>
    <li>Via events?</li>
    </ul>
    </blockquote>

    <p>Why not both? One could invoke them through events, locate them through DI. I'm not too much into the DI stuff, but that would also provide a solution for:</p>
    <blockquote><p>Templates in separate project or tree from application<br />
    Templates edited by non-developers</p></blockquote>

    <p>If you could tell the DI how to map the views, you could specify a totally different location for views than the rest of the app.</p>

    <p><strong>Servers & contexts</strong></p>
    <blockquote><p>How should different contexts (XML, JSON, Atom, etc) be handled?</p></blockquote>
    <p>Isn't that inherent to how the server classes are dealt with? As mentioned in my other comment, I would not rely on views for those. If we do, how do we keep into account versioning of api-servers?</p>

    <blockquote><p>Where would official mobile integration live as well? (e.g., for selecting layout)</p></blockquote>

    <p>The context detection should imho find place in the request object (if this costs performance make it optional). Then each view-implementation (php, smarty, twig) can choose for itself how to deal with these. I think the defining of callbacks here would be best since I suppose each user will have its own way of doing this. This again could also be tied in how the DI does its location of these dependencies.</p>

    <p><strong>helpers</strong></p>
    <blockquote><p>How will helpers work?</p></blockquote>

    <p>Again, imho BC should not be a consideration here. There's always a way to think of a compatibility layer since by the end of the day ZF1 will do the same as ZF2 (that is: primarily serving websites). One should also be able to supply mere callbacks (closures in specific) that act as, and can be invoked as such, viewhelper.</p>

    <p>Cant we build some buildtool here as well that simply detects all available viewhelpers, and create a class that has one property and method per helper, the property containing an instance of the respective viewhelper which is lazy loaded. And the method that lazyloads the viewhelper and proxies to it when called. This strategy would allow a __callback fallback for BC reasons as well as development environments.</p>

    <blockquote><p>Some helpers require injection of non-view-related objects</p></blockquote>

    <p>Disagree here. If a viewhelper needs objects, apparently they're related to the view and should be passed on to the view. If you pass on the view object to the helper they'll also be available to the helper. Alternatively we could choose to go the lazy way, and simply inject the DI tool (which we may do so anyways), and simply retrieve the required objects from there.</p>

    <blockquote><p>Some helpers need knowledge of view configuration (e.g. XHTML? encoding?) <br />
    Should those be part of a view engine? or simply configuration?</p></blockquote>

    <p>Configuration can be retrieved via the DI tool (see above), stuff like encodings can (should) be retrieved from the respective implementation (php, twig, smarty). Where the implementation get the requested values from is up to the implementation.</p>

    <blockquote><p>Can helpers be used across engine implementations?</p></blockquote>
    <p>Why not? I'd say that each engine implementation can have its viewhelpers, and possibly fall back to the default php ones.</p>

    <p><strong>Caching</strong><br />
    Not my area of expertise. I'd say it's up to each engine implementation what should be cachable.</p>

    <p><strong>Forms</strong><br />
    FORMS HAVE NO PLACE IN MODELS (there, said it. May blog on it). What may actually be useful is an interface that can be validated against so that the controller can simply call the model layer with form values to verify their validity. Perhaps a Zend\Validate\InputCollection may be appropriate here which can then be extended by entities that are part of the modellayer which both mappers as well as controllers can check against.</p>
    <blockquote><p>Move to view helpers (which would take elements and create HTML representations from them)</p></blockquote>
    <p>Should viewhelpers actually be the default? I have a lot of forms that are highly customized, and as a result I just write plain html (and sometimes invoke their renderes), like:</p>
    <ac:macro ac:name="code"><ac:plain-text-body><![CDATA[
    class myform extends form {
    public function render()

    Unknown macro: { returns "<form><input name="foo" id="foo" />".$this->elementBar."</form>"; }

    }
    ]]></ac:plain-text-body></ac:macro>

    <p>I'm not saying this is the most neat way, but I can imagine lots of people finding it handy when it comes to the somewhat 'more complex' forms. We should take mmvc in consideration here.</p>

    <p><strong>modules</strong><br />
    I'm not sure what I was planning on saying on modules. Except for that that really should be a separate discussion together with bootstrapping. They should however be self-contained containers (which may be reliant on other modules). Therefore I would also put all the public stuff (icons, js, css, you name it) inside the module dir. This could be done by e.g. using a rewriterule that maps everything for ^media/$1/$2 to APPLICATION_PATH.'modules/$1/public/$2 . That approach would be a cross OS and cross FS solution (opposed to symlinks, hardlinks, etc), and I think most webservers support such a solution.</p>

    <p>I'd also like to use this opportunity to propose (once again) to change the name of the module 'default' to 'core'. This fits way better in the theory of modules being selfcontained containers (still wonder if that's a pleonasm - or not).</p>

    <p><strong>layouts</strong><br />
    I assume we'll treat layouts no differently than views, and simply remove zend\layout and merge its functionality of that of zend\view?</p>

    <p><strong>Migration from ZF1</strong><br />
    Again (feel like I'm repeating myself here. Wait... I probably am), once we have something that works the way we want it, and essentially still does the same as ZF1 does (serving websites for the biggest part), a compatibility layer will always be possible. We should not be held back for BC-reasons only (we've been doing that ever since June 2007 now).</p>

    1. May 16, 2011

      <blockquote>
      <p>The common denominator here would be:</p>

      <ul>
      <li>Variables assigned to layout(/view)</li>
      <li>response (the body) from layout(/view)<br />
      *<br />
      The implementation of each solution (assuming a webenvironment) should also return a content type and encoding. Wehther it retrieves those from the actual view/layout invoked or whether this is determined by the implementation should be left up by the implementation.</li>
      </ul>
      </blockquote>

      <p>I disagree about your first point. The reason is that I think in many cases, a<br />
      view implementation doesn't need variables directly assigned to it, but rather<br />
      needs variables or an array/object passed <em>at render-time</em>. Even with layout<br />
      variables, these can be part of a Layout Model object (or array). </p>

      <p>I agree about encoding and doctype being something that can be left up to the<br />
      implementation; however, still, somewhere it needs to be defined, and I've yet<br />
      to find an implementation of a solid rendering agent that was not aware of at<br />
      least encoding. Additionally, most helper systems we might create will need to<br />
      know encoding and doctype in order to render HTML markup correctly – so these<br />
      values need to be managed in such a way that they may be injected.</p>

      <blockquote>
      <ul>
      <li>How should the view layer integrate with the MVC layer?
      <ul>
      <li>Direct injection?</li>
      <li>Via events?<br />
      Why not both?</li>
      </ul>
      </li>
      </ul>
      </blockquote>

      <p>You're absolutely right, and any given project could make effective use of<br />
      both. It doesn't need to be either/or.</p>

      <blockquote>
      <h5>MVC</h5>
      <ul>
      <li>How should different contexts (XML, JSON, Atom, etc) be handled?</li>
      </ul>

      <p>Isn't that inherent to how the server classes are dealt with?</p></blockquote>

      <p>It's not the same discussion at all. XML, JSON, and Atom can all be used outside<br />
      of the server contexts.</p>

      <blockquote>
      <p>how do we keep into account versioning of api-servers?</p></blockquote>

      <p>That one's easy: via discrete routes.</p>

      <blockquote>
      <p>The context detection should imho find place in the request object (if this<br />
      costs performance make it optional). Then each view-implementation (php, smarty,<br />
      twig) can choose for itself how to deal with these.</p></blockquote>

      <p>I hear a requirement for the Renderers on the Request object in this statement.<br />
      <ac:emoticon ac:name="smile" /></p>

      <blockquote>
      <h5>helpers</h5>
      <p>...<br />
      Cant we build some buildtool here as well that simply detects all available viewhelpers, and create a class that has one property and method per helper, the property containing an instance of the respective viewhelper which is lazy loaded. And the method that lazyloads the viewhelper and proxies to it when called. This strategy would allow a __callback fallback for BC reasons as well as development environments.</p></blockquote>

      <p>IMO, helpers should be <em>objects</em>, and allow developers to call <em>any</em> method. As<br />
      such, the above makes no sense – in most cases, I'd be retrieving a helper<br />
      <em>object</em> and calling methods on it:</p>

      <ac:macro ac:name="code"><ac:plain-text-body><![CDATA[
      $this->broker('head_script')->append($javascript);

      echo $this->broker('url')->simple('action', 'controller');
      ]]></ac:plain-text-body></ac:macro>

      <p>As such, the one property/method per helper makes little sense. (The evolution<br />
      of ZF1 has shown that in more cases than not, helpers become stateful.)</p>

      <blockquote>
      <ul>
      <li>Some helpers require injection of non-view-related objects</li>
      </ul>

      <p>Disagree here. If a viewhelper needs objects, apparently they're related to the view and should be passed on to the view. If you pass on the view object to the helper they'll also be available to the helper. Alternatively we could choose to go the lazy way, and simply inject the DI tool (which we may do so anyways), and simply retrieve the required objects from there.</p></blockquote>

      <p>I think you misunderstood my point. Consider the case of the URL view helper; it<br />
      needs access to the router and the request object. The View object likely does<br />
      <em>not</em> knowledge of these, but the <em>helper</em> does. We shouldn't use the view<br />
      object as a general registry.</p>

      <blockquote>
      <h5>Forms</h5>
      <p>...<br />
      Should viewhelpers actually be the default? I have a lot of forms that are highly customized, and as a result I just write plain html</p></blockquote>

      <p>This should always be possible. I'm simply arguing that we should have view<br />
      helpers that can generate standard input elements and/or labels based on the<br />
      form element provided. You'd <em>always</em> be able to simply grab metadata out of it<br />
      and/or hardcode your forms however you see fit, so long as the names used match<br />
      those you're validating.</p>

  13. May 15, 2011

    <p>I am definitely with Dolf Schimmel (Freeaqingme) on the case in point of BC. ZF2 should allow us to do the same work as before, but in a much better way. We should get ZF2 running in the best way, then add a compatibility layer later for those that want and/or need it, otherwise we will be left with a half way house that doesn't quite meet expectations.</p>

  14. May 15, 2011

    <p><strong>Caching</strong></p>

    <p>1. Caching over HTTP-Protocol (Browser, Proxy)</p>
    <ul class="alternate">
    <li>Request:
    <ul class="alternate">
    <li>is the response of this request cacheable <em>(GET, non secure, non authenticated, Cache-Control, ...)</em></li>
    <li>was the response already cached and is fresh <em>(If-Modified-Since, If-None-Match, ...)</em></li>
    </ul>
    </li>
    <li>Response:
    <ul class="alternate">
    <li>enable/disable caching <em>(Cache-Control, Expires, Last-Modified, ETag)</em></li>
    <li>send a cached response <em>(304 Not Modified)</em></li>
    </ul>
    </li>
    </ul>

    <p>2. Caching complete output <em>(ZF1: Zend_Cache_Frontend_Page)</em></p>
    <ul class="alternate">
    <li>generate a unique cache id by request and automatically send the response if it was cached before<br />
    else write response to cache on send</li>
    <li>This could also be used to automatic handle HTTP caches<br />
    and to create a simple (not real) gateway cache</li>
    </ul>

    <p>3. Caching complete output using a static file <em>(ZF1: Zend_Cache_Frontend_Capture + Zend_Cache_Backend_Static)</em></p>
    <ul class="alternate">
    <li>configure httpd to call a php script if requested file doesn't exist</li>
    <li>create the requested file<br />
    -> Need a way to clear old files</li>
    </ul>

    <p>4. Caching parts of output <em>(ZF1: Zend_Cache_Frontend_Output)</em></p>
    <ul class="alternate">
    <li>This could be used to cache results of view scripts (e.g. partials)</li>
    </ul>

    <p>5. Edge Side Includes (ESI)</p>
    <ul class="alternate">
    <li>caching only parts of the response by http client (in most cases a gateway)</li>
    <li>replace cacheable parts with a esi placeholder including an URL where to find this part as own response</li>
    <li>this could be implemented like a partial:</li>
    </ul>

    <ac:macro ac:name="code"><ac:plain-text-body><![CDATA[
    echo $this->esi('partials/cacheable.phtml', array('var1' => 'val1', ...));
    // <esi:include src="http://..." />
    ]]></ac:plain-text-body></ac:macro>
    <ul class="alternate">
    <li>the method should create a unique URL which can be requested to output the result of this partial and output it as esi tag</li>
    <li>It would be very great if we don#t need (but can) create an own action for this</li>
    <li>How to support variables other than strings ?</li>
    </ul>

    <p>@see:</p>
    <ul class="alternate">
    <li><a class="external-link" href="http://symfony.com/doc/2.0/book/http_cache.html">http://symfony.com/doc/2.0/book/http_cache.html</a></li>
    <li><a class="external-link" href="http://www.mnot.net/cache_docs/#WORK">http://www.mnot.net/cache_docs/#WORK</a></li>
    <li><a class="external-link" href="http://www.w3.org/Protocols/rfc2616/rfc2616-sec13.html">http://www.w3.org/Protocols/rfc2616/rfc2616-sec13.html</a></li>
    <li><a class="external-link" href="http://www.w3.org/TR/esi-lang">http://www.w3.org/TR/esi-lang</a></li>
    </ul>

    1. May 16, 2011

      <p>Regarding caching over the HTTP protocol, I agree that it's primarily a function of the response. The biggest question is if we can make this as easy as possible to implement, with support for all the available headers we could provide.</p>

      <p>Regarding ESI, yes, you're absolutely right – it can be as simple as a partial, and if the partial can have access to a URL-generation helper, this is trivial to accomplish. It should, however, hook into the HTTP caching as well.</p>

      1. Jun 04, 2011

        <p>Methods sf2 already ships with to handle caching headers is a good point to start here.</p>

        <p>Also for people not running an own gateway/proxy it could be very interesting have one on application side<br />
        similar to the page cache but by follow the HTTP specification. (sf2 reverse proxy)<br />
        I'm not sure this would be part of the MHV or the cache component - it needs both.</p>

        <p>I don't mean to copy all the abilities from sf2 but there are already good points solved with a simple API.</p>

  15. May 16, 2011

    <ac:macro ac:name="unmigrated-wiki-markup"><ac:plain-text-body><![CDATA[Ok, ZF2 MVC.

    Most of what Matthew has said re DI / Eventing is ok IF it performs as well as the old style system. I have some fairly serious concerns about the performance of a PHP system where every object is injectable. Dependence on reflection API is similarly concerning regarding performance.

    Next, here's my requirements wishlist for ZF2... some address MVC specifically some are more broad... but this seems like the right time.

    1. Phar. Phar should take a front and center stage in ZF2. We should be able to package ZF2 as a .phar, package entire apps as phar and package modules/add-on libraries individually as phars.

    2. A 'component' as I define it would be a lot larger than today's modules. It should allow you to tie into all parts of the MVC system, from bootstrap (route injection, db dependency additions) to views/controllers/models/forms/etc as well as providing application resources like static html/css/js/etc.

    3. Components should be able to override the app they are installed against. For example if I install Matthews_Awesome_Blog component... I should be able also install Kevins_Wicked_Theme component, which will override. I'd suggest a priority list (think z-index) where components marked with a higher priority override. I would suggest developers ship components with a standard priority, but that it should be configurable by the user through Zend_Tool.

    4. ZF2 itself should take a version-based approach to installation. We need to follow Microsoft in their concept of a versioned GAC. There seems to be a move to a pyrus deployment system, and while it supports versioning, I still see the default approach being one of updating a single central library or including ZF in the app itself. Our use case demands that each and every ZF update go through full beta testing, and this takes a variable amount of time per site... so the current workflow is to download and install the new ZF version to /usr/share/php/ZendFramework/ZendFramework-1.11.6 ... so it is available to all sites, and then the developers can bump the version dependency as the sites are sent through QA control again. Updating a live ZF library in-place must be deprecated. This technique is fully explained in my book in the Zend Framework chapters.

    5. Overhaul the caching mechanism integration. Caching should be controlled as part of the design, not bolted on. I suggest that routes take a caching parameter, and that Zend_Registry and Zend_Db also have a caching-first design. If your entire page is cacheable, you should be able to mark it as such. I would suggest that an ICacheable advisory interface for controllers, models, etc could be added, and that methods like somethingCachedAction($cache) {
    $cache->cacheFor = 3600;
    //action as normal
    }
    could be detected by their name... I think we really need to take an architectural approach to caching, and ensuring its a default-on feature for auto-generated boot-straps.

    6. Layout, partials, actionstack... need to re-think the ZF1 design... its totally inefficient, but the motivation is right. A good 80/20 use case would be a layout item that says how many items are in a shopping cart. Right now, we can either use an action-stack, or simply include the code directly in the layout – which is fugly, or override Zend_Controller_Action and add a custom site-wide init() method to include that code (also fugly)... another good use case would be showing the logged in username and role (presuming a db/model task to determine and not a simple session variable/zend_auth:getIdentity read directly in the layout).

    7. PRG... Post-Redirect-Get... should become the default for post forms in ZF2. This means integrating Zend_Form, controllers, the FlashMessenger, and routing into one elegant solution. Much to argue about over best way to do this, but one simple requirement that pressing 'back' in the browser never prompts for a 'do you want to resend this information' dialog should suffice here.

    8. Review the translation overhead. Mutli-lingual operation is awesome, but I wonder if a custom build system might be able to create an internationalization compatible version vs a non-compatible version. The latter being presumably more performant.

    9. Security-By-Design. Need components for privacy compliance and security. Need major improvements to the Zend_Version system and to the site-administrator notification systems. These shouldn't be bolt-on, but default components. When Zend releases a User-Security-Notification, every defaults-installed ZF2 app should start whining to the system administrator that an upgrade is needed. I'd suggest a probability based system that triggers on 1% or so of hits, and can track what notifications have already been sent... set the system to send an email at least every 24hr's until the site is patched. This is critical to maintaining the frameworks reputation for security by policing the installed base. Privacy-by-design means creating a data tainting system ... and similarly SQL issues can also be controlled through data tainting. A system that addresses where data came from and where it is safe to display/use would be hugely helpful towards privacy and security. We should get rid of the current escapeFilter approach in support of something more sophisticated.

    10. The ZF2 code should be simple, and easy to learn. If the early-adopter must learn concepts like FSM and DI to create a secure, performing application – then we've failed, and will end up like Java for web development.

    11. Improve filter suite to include a number of best-practices filters. For example filters for a phone number, email, addresses, credit cards, etc... we have some basic filters, but we should strive to provide a full every-day-usage set.

    12. Tighter integration of Auth/ACL... tie it closer to the routing system, and to the controller layer.

    13. Concerns regarding ORM integration. Is doctrine still going forward as the Zend_Db replacement? Are we going to better map to PDO (specifically, reworking the _quoteIdentifier mess, using proper prepared queries, array binding, etc)

    14. I'd like to see an RIA-specific use-case outlined for use with mobile frameworks (phonegap, jqtouch, etc)... and for RIA app development for ajax-heavy apps like those that use dojo, extjs, etc. Can we short-circuit most of the MVC in these cases... maybe a Zend_Controller_LightweightAction or similar which wont initialize the view systems.

    15. Better integration for API's.... Zend_Service is cool, but each component is really different, and there's no way to handle the security-policy. Eg does each properly check SSL certificates, verify peers, etc. Can we maybe start from common objects... Zend_Service_Rest... Zend_Service_XMLRPC... Zend_Service_SOAP... Zend_Service_Post... as base classes for the specific implementations?

    16. Better HTML sanitization component. Maybe look at bringing in a third-party lib that does this well?

    17. CLI scripting use cases. Standardize environment variables for framework path discovery. CLI bootstrap, CLI arg processing, gettext, etc..

    18. Web-Cron subsystem, engage a script on probability, and interval checking. Important for some deployment scenarios.

    19. Fix Zend_Session design issues. Make setExpirationSeconds work properly.... see point 18... integrate clean-up tasks. See ZF-4753 which is still outstanding.

    20. Address contribution/process overhead. See http://radar.oreilly.com/2011/05/process-kills-developer-passion.html

    ...

    There's more, but that'll get the ball rolling.

    – Kevin

    ]]></ac:plain-text-body></ac:macro>

    1. May 16, 2011

      <p>Addressing one thing at a time...</p>

      <blockquote>
      <p>Most of what Matthew has said re DI / Eventing is ok IF it performs as well as the old style system. I have some fairly serious concerns about the performance of a PHP system where every object is injectable. Dependence on reflection API is similarly concerning regarding performance.</p></blockquote>

      <p>I think you'll find it performs <em>better</em> than ZF1 – in large part because <em>only</em> the objects required for a given request execution path are ever instantiated. </p>

      <p>Regarding your query about a system "where every object is injectable", I really don't get what your concern is. Objects are already injectable – the controller is injected with the request and response objects as well as the front controller parameters, and often injected with further objects by the various action heleprs in play (case in point: the view object is injected by the ViewRenderer). Injection has <em>nothing</em> to do with performance, but <em>everything</em> to do with how objects interact and the specific responsibilities of each object.</p>

      <p>Is your concern that objects will always need to be pulled from the DI container, and what the performance impact of that is? If so, just remember this: you only get out of the container what you've defined <em>in</em> the container, and if you ever don't want to use it, simply use "new <Object>".</p>

      <p>Finally, regarding "dependence on reflection API," the idea is that reflection will only ever be a development-time issue. It would be cached on a first-run basis during development, and tools will be created to generate code based on reflection for production purposes. These approaches can eliminate the Reflection overhead completely in production. </p>

      1. May 16, 2011

        <p>I'm referring to the extra calls to find a responsible object... for example we have Zend_Controller_Front::getInstance()... as i understand the new DI system it will be... DIContainer::getInstance('frontController') or something similar... which will then have to use a lookup in user-space to find which class is instantiated and tied to frontController. Not a big distinction, but * 100+ components in the system, it could end up adding a significant overhead...</p>

        <p>Same goes for reflection... yes, its a development time concern, but it's also a runtime concern as the same extra lookup steps will be required... I'm guessing Zend Server cache backends and/or memcached are going to quickly become really important...</p>

        <p>To be clear, I'm not against this approach, it just needs to be thoroughly benchmarked vs ZF1 performance and evaluated on a cost (runtime speed) vs benefit (testing + <10% use case) basis.</p>

        1. May 16, 2011

          <p>You're not understanding DI well. With DI, you define explicit dependencies and relationships. If I request the controller referred to as "entry-controller", I get that controller, and any dependencies it requires (and any those require, and so on down the chain). As a specific example, in the sandbox I developed, a given request to the entry controller retrieved the "EntryService", which composed a DataMapper, which composed a DataAccess object. (In my case, the DataAccess object was a MongoCollection, which meant I also needed a MongoDB and a Mongo object.) But that was it – I was only grabbing those. Those were <em>dependencies</em>. I created other objects over the course of the request: the mapper would create collection or entry objects, and a given request would create a "view model" object based on the request and execution. But the DI container only mapped the controller and the direct, required dependencies in order to run – and these were in the range of a handful to a couple dozen at most, all of which were <em>used</em> over the course of the request.</p>

          <p>Also, I'm not grabbing the front controller from the DI container; I'm composing the DI container <em>into</em> my front controller, and the FC then pulls out a controller from the DI container. This ensures I only get the components necessary <em>for that request</em>. So, be assured, we're thinking of how to optimize execution paths – we don't want a situation like we have today with Zend_Application where <em>any</em> possible resource that might be requested across the application lifetime is configured for <em>each and every</em> request. We're aiming to only grab those we need for <em>this</em> request.</p>

          <p>Now, as for Reflection, again, you're missing the point. By the time we get to production, it's no longer a runtime concern; we've compiled the Reflection information either into cached configuration or into actual classes. There are no longer lookup steps – you grab an object from the container, and it grabs what it needs; there's no lookup, as the code has been generated for that specific path. (In the DI prototypes, Reflection is used in one of two places: to instantiate a class with > 3 arguments, or to generate configuration for DI definitions. The former becomes a moot issue when you generate a ServiceLocator from the DI instance, as it then is capable of generating the entire instantiation argument string.)</p>

          <p>I need to cleanup my benchmarking script for public consumption, but what I measured was running significantly (as in > 10%, and more on a factor of magnitudes) faster than equivalent code in modern versions of ZF1 that use Zend_Application. </p>

          1. May 16, 2011

            <p>I'm pretty sure I am understanding it fine, but we're talking two different things... you're concerned about loading unnecessary resources (a totally separate problem)</p>

            <p>I'm talking about the overhead of the DI responsibility registry itself. There will presumably be thousands of calls to it over the course of a complex page request.</p>

            <p>Each lookup to the container to find the responsible object is a lookup – and its called over and over again by different components...</p>

            <p>Same for the reflection stuff, yes they'll be cached configs/classes or whatever... we'll still need to load those configs and there's still a hash-table search / mapping operation for each call. Overhead exists – the question is it significant.</p>

            <p>The alternative is of course not to not-address the extra-loading of classes, but rather should it just be Zend_Controller_Front::getInstance() instead of DIContainer::getInstance('frontController') ... the latter requiring many extra userland PHP calls that the former doesn't. (find the object in hash table, return registered instance, etc). This is the overhead I refer to.</p>

            1. May 17, 2011

              <p>Please, before you make these assumptions, look at the work done in <a class="external-link" href="https://github.com/ralphschindler/zf2/tree/feature%2Fdi">https://github.com/ralphschindler/zf2/tree/feature%2Fdi</a> – most of what you think might be happening <em>won't</em>. When you generate a service locator class from the DI instance, there is no hash table, and few if any lookups happening. </p>

              <p>Also, the suggested use case is that there is a <em>single</em> explicit call to grab an object from it, which grabs the controller and all its required dependencies. While I can certainly see a case for dozens of dependencies, the liklihood of thousands at once is slim – and a definite code smell calling for refactoring for that particular application.</p>

              <p>That said, I'll get some benchmarking references up in the next week or so to provide more concrete information for you.</p>

              1. May 17, 2011

                <p>I've looked at the source... ServiceLocator::services and ServiceLocator::map are the two hash tables that will receive thousands of lookups. If every object access goes through DI with a context change, yes, this will get called repeatedly and yes you will have to do a lookup. I see no way around that.</p>

                <p>How do you suppose ServiceLocator::get will not be repeatedly called?</p>

                1. May 19, 2011

                  <p>Look at the prototype in git://mwop.net/zf2sandbox.git on the "feature/mobile-layout" branch. In there, I generate the AppContext class from the DI definitions. When I call, say "get('Blog\Controller\Entry')" on that class, it calls explicit getters <em>in that class</em> to get the various dependencies. It's not doing <em>repeated</em> lookups – it looks things up once per dependency. Yes, there are function calls to do so; these take fractions of milliseconds apiece, and in their aggregate will not lead to undue performance overhead.</p>

                  <p>I think your argument is that we'll be consulting the container many times over the request lifetime. But the prototype I'm working with is explicitly <em>not</em> doing this. It's instead using the following algorithm:</p>

                  <ul>
                  <li>Instantiate the AppContext</li>
                  <li>Instantiate the front controller and pass the AppContext to it</li>
                  <li>Instantiate the router and route</li>
                  <li>Pull the matched controller name from the AppContext</li>
                  <li>Dispatch the controller</li>
                  <li>Return a response</li>
                  </ul>

                  <p>The container is queried <strong>once</strong> for the controller, which then pulls in the dependencies needed for <em>that</em> controller <strong>only</strong>. This is a small, finite set of objects. I still instantiate a number of objects by hand – my service layer will create entities and collections, my controller will identify a view model object and instantiate it, etc. The point is that I pull only the required dependencies for this request from the container; all other objects are created on an ad-hoc basis and do not require the usage of the container.</p>

                  <p>I totally understand your concern. I had the same concerns originally – and as such, I developed the core of the container to be fast, but furthermore, created tools to generate explicit service locators so as to keep object overhead and lookups low in production. Additionally, if you look at the algorithm above, I looked for patterns that would limit the number of times the locator would need to be consulted.</p>

                  1. May 19, 2011

                    <p>I still think you can have those parameter-passing improvements without generic DI.</p>

                    <p>But, if you think you have factored out the overhead, I'll believe, and as I originally said 'sounds good if it can perform'... my worry enters in the controller/view/model/db layers as much as it does in the routing/dispatching/etc process.</p>

                    <p>If you are proposing non-registry patterns for calls like getFrontController, then it could be ok, however, if such a call needs to repeatedly hit the registry then there will likely be issues. If every class has to store class-level references to all the objects it works with by the means of a protected member variable, then I posit there might be a large amount of references when compared to a singleton approach.</p>

                    <p>I'm not against this model... it just has to perform, and I'm very concerned it wont.</p>

    2. May 16, 2011

      <blockquote>
      <p>10. The ZF2 code should be simple, and easy to learn. If the early-adopter must learn concepts like FSM and DI to create a secure, performing application – then we've failed, and will end up like Java for web development.</p></blockquote>

      <p>A few things: first, the more recent prototypes we've been playing with are not using finite state machines, so this is a non-issue. As for DI, we're currently working on developer tools to make DI incredibly simple to implement within your applications – tools that will scan your codebase and create definitions for you, and make your job simply indicating which specific implementations to use.</p>

      <p>But your real point is about the learnability of the system. This is indeed a goal, but there will always be <em>something</em> the new developer will need to learn in order to use the framework. It will <em>never</em> be as easy as simply typing some code into Notepad and pushing it up on the web server; that's PHP's job. The job of a framework is to provide standards, conventions, and tools around development – and just like a hammer, you have to learn how to use those tools effectively.</p>

      <p>Case in point: in this same comment, you mention developing with PRG by default, tracking versions by component, tighter auth/acl integrations, RIA, etc. Any of these <strong>may</strong> come into play in a given application, but <strong>might not</strong>. Should we leave them out as making the framework harder to learn? or do we provide good documentation so that the developer understands what they're for and when to use them?</p>

      <p>What I'm getting at is that we can't single out any given concept as "too complex for the new developer." We need to look at what bare minimum knowledge is necessary to get up and running, and how to communicate this effectively. Additionally, we need to make sure we have good documentation to incrementally add to that knowledge so that new developers can expand on what they know in order to build better applications past the quick start.</p>

      1. May 16, 2011

        <p>Yea, I totally agree... if we do PRG, and the rest, we need to make sure the design is elegant so that its dead simple to learn... I think the DI could be the same, but the learning curve is steep. Java got web development really wrong, but they did it for all the right reasons. I'm also concerned about railsification or something similar to the nightmare that is DOJO build layers.... yes, you can make it work, but its massively complicated for a newbie to figure out. Learning lots of Zend_Tool commands or how to configure an xml config isn't the right direction either...</p>

        <p>So for a requirement... </p>

        <p>– Code level ease-of-learning should be maximized. </p>

        <p>Ideas for this might include having off-the-shelf action controllers for common actions (much like Zend_Tool offers for errorcontroller) but maybe as a base class in the framework – but that goes back to the component model too.</p>

        1. May 17, 2011

          <p>I agree that code level ease of learning is important. Aside from some default impl's, keeping the API as flat as possible would also be good, i.e. not having to code through more than 1-2 class levels to use some functionality. This may necessitate having helper functions defined on controllers by default instead of using depth like $this->getSomeBroker()<span style="text-decoration: line-through;">>getSomeHelper('cache)</span>>cache('something') vs $this->cache('something'). Flatten it out for common use scenarios. DI, caching, and a few others spring to mind... There's a bit of a conflict in terms of explicitness vs magic which may work against some other dearly held OOP principles like ensuring the API reflects the class role. If controllers need to integrate DI, then the methods should be on the controller class - not buried three levels deep in the class deps.</p>

    3. May 16, 2011

      <blockquote>
      <p>4. ZF2 itself should take a version-based approach to installation. We need to follow Microsoft in their concept of a versioned GAC. There seems to be a move to a pyrus deployment system, and while it supports versioning, I still see the default approach being one of updating a single central library or including ZF in the app itself. Our use case demands that each and every ZF update go through full beta testing, and this takes a variable amount of time per site... so the current workflow is to download and install the new ZF version to /usr/share/php/ZendFramework/ZendFramework-1.11.6 ... so it is available to all sites, and then the developers can bump the version dependency as the sites are sent through QA control again. Updating a live ZF library in-place must be deprecated. This technique is fully explained in my book in the Zend Framework chapters.</p></blockquote>

      <p>First, even though we're discussing using Pyrus, the idea is that the ZF2 library will be versioned as a whole. If you install Zend\EventManager for v2.1.2, it will ensure that any dependencies are also of v2.1.2. We have no desire to maintain separate versioning information per-component.</p>

      <p>Second, can you provide some links regarding Microsoft's "versioned GAC," please?</p>

      <p>Third, would you be willing to send me the text from the relevant chapter of your book so I can better understand your last few sentences?</p>

      1. May 16, 2011

        <p>Yep, on board with the version the framework as a whole thing. But multiple versions of the framework should run side-by-side and be available to multiple sites on the same box <em>In a shared library fashion</em></p>

        <p>The mono guys have a good write up on GAC. <a class="external-link" href="http://www.mono-project.com/Assemblies_and_the_GAC">http://www.mono-project.com/Assemblies_and_the_GAC</a></p>

        <p>Essentially the GAC solves the DLL hell problem, in that, you can install as many versions of the DLL as you want, and the apps will reference the version they want specifically or will tag against the latest version. </p>

        <p>I have ZFW versions on my machine running back ages...</p>

        <p>ls -1 in /usr/share/php/ZendFramework gives</p>

        <p>ZendFramework-0.1.5<br />
        ZendFramework-0.2.0<br />
        ZendFramework-0.6.0<br />
        ZendFramework-0.7.0<br />
        ZendFramework-0.8.0<br />
        ZendFramework-1.0.0<br />
        ZendFramework-1.0.1<br />
        ZendFramework-1.0.2<br />
        ZendFramework-1.10.3<br />
        ZendFramework-1.10.4<br />
        ZendFramework-1.10.7<br />
        ZendFramework-1.11.0<br />
        ZendFramework-1.11.2<br />
        ZendFramework-1.11.3<br />
        ZendFramework-1.11.4<br />
        ZendFramework-1.11.5<br />
        ZendFramework-1.5.0RC1<br />
        ZendFramework-1.5.1<br />
        ZendFramework-1.5.2<br />
        ZendFramework-1.5-PR<br />
        ZendFramework-1.6.0<br />
        ZendFramework-1.6.0RC2<br />
        ZendFramework-1.6.0RC3<br />
        ZendFramework-1.6.1<br />
        ZendFramework-1.7.0<br />
        ZendFramework-1.7.0PR<br />
        ZendFramework-1.7.2<br />
        ZendFramework-1.7.6<br />
        ZendFramework-1.8.0<br />
        ZendFramework-1.8.0b1<br />
        ZendFramework-1.8.0PR<br />
        ZendFramework-1.8.4PL1<br />
        ZendFramework-1.9.1<br />
        ZendFramework-1.9.2</p>

        <p>as an example.</p>

        1. May 17, 2011

          <p>This is already possible with the current distribution mechanism, and we've had functionality in Zend_Loader_Autoloader to accommodate this exact use case since 1.9 or 1.10. </p>

          <p>My understanding is Pyrus also has this capability, but I'll follow up with the Pyrus developers as well to verify.</p>

          1. May 17, 2011

            <p>Pyrus doesn't have this ability. Like PEAR it installs everything to the same filesystem path (i.e. you can only ever have one version of a package) - and overwrites on all subsequent upgrades. It's one of the reasons I never use PEAR for live apps. Ideally, we should be able to install any version, and load any version installed, via some autoloader logic. It would remove a heck of a lot of maintenance scripting and build phases (using multiple PEAR repos locally doesn't solve any of the maintenance/scripting pain either). Also bear in mind that via-Pyrus/PEAR also raises the scenario that the ZF version in use is not a global version - there could well be a mix of different component versions. So no, Pyrus doesn't support the multi version scenario. I'm not familiar with the GAC, the best example I can think of that's easy to follow would be RubyGems. It's a bit different though - PHP might be somewhat better since we use autoloading.</p>

            <p>Might be worth raising with the Pyrus devs...</p>

            1. May 17, 2011

              <p>Pretty strong vote against Pyrus then.... proper QA practices demand that upgrades not be performed in-place.</p>

              1. May 17, 2011

                <p>I'd be more worried about stability, I think it's premature to settle on Pyrus anyway while in its current alpha state. But, when stable, supporting local installation of multiple versions of any one package would solve a lot of problems. We shouldn't have to feel pushed into relying on git, scripting or external management tools - Pyrus does have some very good points. The fact it offers properly signed packages is itself great for those who would be thrown off a rooftop by their employers for pulling down code from insecure sources.</p>

          2. May 18, 2011

            <p>I'd like to note once again that we're not discussing packaging here. We already have a thread on zf-contributors regarding the location of resources, and we will discuss the distribution in yet another thread. Not on this page.</p>

    4. May 16, 2011

      <blockquote>
      <p>9. Security-By-Design. Need components for privacy compliance and security. Need major improvements to the Zend_Version system and to the site-administrator notification systems. These shouldn't be bolt-on, but default components. When Zend releases a User-Security-Notification, every defaults-installed ZF2 app should start whining to the system administrator that an upgrade is needed. I'd suggest a probability based system that triggers on 1% or so of hits, and can track what notifications have already been sent... set the system to send an email at least every 24hr's until the site is patched. This is critical to maintaining the frameworks reputation for security by policing the installed base. Privacy-by-design means creating a data tainting system ... and similarly SQL issues can also be controlled through data tainting. A system that addresses where data came from and where it is safe to display/use would be hugely helpful towards privacy and security. We should get rid of the current escapeFilter approach in support of something more sophisticated.</p></blockquote>

      <p>I would argue that taint mode should be a language level solution, not framework-level. Either that or something for static code analysis.</p>

      <p>Other than that, I agree with everything else here... but can you propose some ideas for replacing the escapeFilter approach?</p>

      1. May 16, 2011

        <ac:macro ac:name="unmigrated-wiki-markup"><ac:plain-text-body><![CDATA[There's no language level solution for data tainting that I know of in PHP.

        The escapeFilter could be deprecated by a tainting model that says,

        class Zend_String {

        function getOrigin()

        Unknown macro: { //return database, form, controller etc }

        }

        and each time a string is used say in a view binding to $this->whatever instead of escapeFilter being used, it would throw an exception saying something like 'tried to bind database result directly to view. Try $field->getResultAsViewString()' or similar.

        I'm not sure of the best API, but the concept of tainting data so that its origins are known, and that components wont just blindly work with tainted data is probably a good thing. Performance concerns crop up again though.]]></ac:plain-text-body></ac:macro>

        1. May 17, 2011

          <p>Off-topic: I find it funny that you worry about hash lookups in the DI container, but then advocate a proliferation of objects like this for security purposes. <ac:emoticon ac:name="smile" /></p>

          <p>(Not disagreeing with the approach, but had to comment.) <ac:emoticon ac:name="smile" /></p>

          1. May 17, 2011

            <p>Yes, I note the performance concerns... however there's not a huge distinction between instantiating a new already-loaded class and creating a new variable. With the DI thing, the concern is the repeated number of calls. But yes, performance is a critical item here.</p>

    5. May 16, 2011

      <blockquote>
      <p>13. Concerns regarding ORM integration. Is doctrine still going forward as the Zend_Db replacement? Are we going to better map to PDO (specifically, reworking the _quoteIdentifier mess, using proper prepared queries, array binding, etc)</p></blockquote>

      <p>No, Doctrine will not <em>replace</em> Zend_Db. In fact, Ralph has been working on a refactor of Zend_Db for some time now (proposals are here in the ZF2 wiki) that offers a much better roadmap for adapters, including addressing the concerns about prepared statement usage (or lack thereof in many cases). Please see his proposal, as well as the repository where he's developing the code, if you have questions or feedback about its direction.</p>

      <p>Regarding Doctrine, we do want to provide some integration at the application configuration level to make it simple to add it to an application; however, it is by no means a replacement for Zend_Db.</p>

    6. May 16, 2011

      <blockquote>
      <p>19. Fix Zend_Session design issues. Make setExpirationSeconds work properly.... see point 18... integrate clean-up tasks. See ZF-4753 which is still outstanding.</p></blockquote>

      <p>Can you please review Zend\Session in the current ZF2 master branch and see if it addresses these issues? I completely rewrote it last year due to an inability to test it during the transition to namespaces.</p>

    7. May 16, 2011

      <blockquote>
      <p>20. Address contribution/process overhead. See <a class="external-link" href="http://radar.oreilly.com/2011/05/process-kills-developer-passion.html">http://radar.oreilly.com/2011/05/process-kills-developer-passion.html</a></p></blockquote>

      <p>The problem is that with a project this size, without a process we have:</p>

      <ul>
      <li>inconsistent APIs</li>
      <li>developers trampling on each other's feet as they implement different approaches to the same problem</li>
      </ul>

      <p>We <em>must</em> have some process to manage contributions. Can it be better? Absolutely. It starts with providing concrete suggestions on making it better.</p>

      <p>We have the CR Team now, which helps, but we can still make it better. A better workflow for submitting proposals and moving them through to acceptance into the master branch, particularly something that sends nagging emails when a proposal sits too long in a single stage, would be a huge improvement. We also need guidelines for review (which may include using CodeSniffer, phpmd, and other tools configured for our needs), and more. Want to start an RFC?</p>

      1. May 17, 2011

        <p>If you want to work out something, Kevin, let me know. I'll be trying to document some approach to keep proposals moving and could use the help (the CR Team is aware we need to boil things down more efficiently).</p>

        1. May 17, 2011

          <p>I liked the old way... solve a problem, post a patch to the mailing list... it gets vetted/changed by a buncha eyes then someone with commit rights adds it in... if you're regularly submitting patches, you get commit rights.</p>

          <p>If someone wants to write tests and docs for a patch, great. But the status-quo of rejecting untested/undocumented code isn't a solution either.</p>

          1. May 17, 2011

            <p>I think the old way sort of died once we started shedding lead maintainers. Simple personal example is Zend_Feed - all my stuff, and dozens of patches, are all committed, vetted and in use for two sizeable components with very few o/s issues on the tracker. If I dropped off the planet - what would happen? Most likely, patches would linger, maintenance would slow down/stall, etc. It could be resurrected, somewhat, which is why I'm looking into how CR Team should operate and how proposals could be streamlined. Our main block is tooling and maintaining personal contact with proposers, contributors and maintainers. We'll get there - and ZF2 should pose no problems (it doesn't have a few thousand o/s issues, of course!).</p>

          2. May 17, 2011

            <p><strong>...the status-quo of rejecting untested/undocumented code isn't a solution either.</strong></p>

            <p>The project is large and people are busy – very few people want to spend extra cycles on reviewing something that is untested even when they are getting paid to do it – why would anyone do it for free?</p>

            <p>Sure, sometimes a very vague explanation of an issue or a patch without tests will be taken and a contributor will run with it. It takes time but we are all willing to do this sometimes; however, it is quite obvious that this approach doesn't scale and nobody can approach development this way on a regular basis.</p>

            <p>I mean, I've contributed patches "WITH TESTS" that didn't get looked at for a while. No harm done, people are busy.</p>

            <p>Now, can this be improved...sure; however, the project needs good suggestions on HOW to do this. I mean, if someone could wave a magic want to fix it, I'm sure they would, but it just isn't that simple. </p>

            1. May 17, 2011

              <p>I've given suggestions. Get rid of the process overhead. Get rid of the testing requirements. Get rid of the documentation requirements. Kill the ZFPROP process. </p>

              <p>In essence kill the process. These tools suck. Lets go back to the way it was run pre-1.0. Someone resurrect Cal Evans's weekly summaries, lets move it all back to the mailing list, and do something radical like having Zend team members communicate through the mailing list so everyone knows what the heck is going on – you know... like we used to – and like most opensource projects do.</p>

              <p>That will get people interested. Asking em to hit refresh repeatedly on this page wont.</p>

              1. May 18, 2011

                <p>Completely agree with keeping discussions on the mailing list. Linking to a wiki page for reference is fine, but discussions should not be held there.</p>

              2. May 18, 2011

                <p>Killing the process isn't a solution. What is the process exactly></p>

                <p>1. Come up with a good idea.<br />
                2. Discuss it.<br />
                3. Write a proposal.<br />
                4. Discuss it (and invite community review).<br />
                5. Request a formal review (CR Team).<br />
                6. Discuss it.<br />
                7. Wait for a final decision (Zend).<br />
                8. Discuss it.<br />
                9. Implement it (if you survived this long without doing so).<br />
                10. Discuss it.</p>

                <p>A vast proportion of what is being called the "process" is discussing and there is no rule saying you can't do this on the mailing list. There's no rule saying you can't discuss anything else either on a mailing list. I am, in fact, strongly in favour of using the mailing list in place of a lot of what happens on IRC (which I don't view as an acceptable channel for openly discussing items of interest with the commnunity - it's just a step up from a private conversation in many cases).</p>

                <p>Speaking of which - this topic belongs on a mailing list!</p>

                1. May 18, 2011

                  <p>This process sucks.</p>

                  <p>My process.</p>

                  <p>1. Work<br />
                  2. Improve something in ZFW as part of Work.<br />
                  3. "Hey this would be cool for ZFW, want it?"<br />
                  4. "Yes|NO|Yes+we're going to change the API a bit."<br />
                  5. Commit.</p>

                  <p>I don't have the time or the patience for 10 levels of planning and discussion. The process you describe works for large-scale waterfall type projects, not adding patches. Its appropriate for the MVC/2.0 when everything is going to BC break discussion, but is utterly broken for the day-to-day improvements to an existing component development.</p>

                  <p>Steps 10 through 20 on the current process are write tests, docs, <ac:link><ri:page ri:content-title="play politics" /></ac:link> and then around step 19 you get to write some code.</p>

          3. May 19, 2011

            <p>I'm sorry, but I can't take this seriously. </p>

            <blockquote><p>If someone wants to write tests and docs for a patch, great. But the status-quo of rejecting untested/undocumented code isn't a solution either.</p></blockquote>

            <p>Without documentation, developers using the framework do not know how to use it. We already get gripes about the documentation – imagine how those will be amplified – and adoption will decrease due to the inability of developers to discover and learn functionality.</p>

            <p>Without tests, we cannot maintain the framework long-term. The "old way" led to BC breaks - new code broke existing features or bugfixes. Testing is an absolute requirement if we want to maintain stability long-term.</p>

            <p>I know how fun the "old way" was, but we left that way when we went stable with 1.0.0. It's simply an untenable approach for long-term maintainability or education of end-users.</p>

            1. May 19, 2011

              <p>If you'll recall I had pretty serious objections about the way we marched from 0.x to 1.0 too.</p>

              <p>BC breaks happen under the current process too, but if you'll review my packaging proposals, BC breaks will be less important as developers will adopt the new versions as a course of application development rather than as the system libraries are upgraded.</p>

              <p>In this context, new features can be added all the time, and used as they are documented. If issues come up, tests can be written. </p>

              <p>There is more than one way to ensure reliability and code quality, doc and test driven development is not the only path.... and it has many seriously obstacles.</p>

    8. May 17, 2011

      <blockquote>
      <p>16. Better HTML sanitization component. Maybe look at bringing in a third-party lib that does this well?</p></blockquote>
      <p>My particular area of interest - I hope to bring forward a solution in a few months (once work eases off for the Summer). It's a particularly nasty minefield though. As you probably know from my blogging, the only working solution is HTMLPurifier so I've prototyped a library that works at the same level but improves performance significantly (the only complaint against HTMLPurifier is its speed). I can't emphasise enough how bad the alternatives are in PHP. The vast majority are simply riddled with easily discoverable vulnerabilities, a symptom of their age, lack of testing, lack of developer knowledge, and basically, lack of any decent security awareness. When I do bring forward a solution, I would expect it not to be hurried along - it's worth taking the time to have it vetted by the security community. It will take days of work for me to work through the possible hacks to ensure its sufficiently bulletproof for distribution. I think the prototype is itself elegant enough (look up Wibble on my blog) and isn't overly complex - it relies heavily on the DOM and I just about have the right balance of fixes to make DOM's quirks negligible. Before it's added, I'll remind Matthew that the likelihood of it yielding a security vulnerability down the line is 100%. Nothing weird there - all security libs eventually hit that wall where the unexpected strikes home. It will probably air outside the ZF separately simply to maximise exposure to peer review.</p>

  16. May 17, 2011

    <p><em>Let the flaming begin! (just kidding of course)</em></p>

    <p>I don't like DI and wrote a long comment and then decided not to post it. In summary, this pattern to me is a registry pattern with magic under the hood.</p>

    <p>So for me it boils down to:</p>

    <ul>
    <li>How tightly coupled is DI with the rest of the framework? (Aka, do I need to use it?)</li>
    <li>How easy is it gonna be to replace this, or to setup and inject objects <em>myself</em>?</li>
    <li>How do you plan to educate developers so they know what is actually going on. "You shouldn't have used it like this!" ain't gonna cut it.</li>
    </ul>

    1. May 17, 2011

      <p>I've noticed a disconnect between the idea of DI and the idea of DI. Confused? DI (Dependency Injection) is, simply, necessary for all languages supporting OOP. You do it every day, in every class, for every library or app. So no - it's not optional. More for others, Till, I'm sure you get that <ac:emoticon ac:name="cheeky" />. The tricky part is a DI Container - a configuration vehicle. Is it tightly coupled? By definition, it can't be. Anything you could do with a DI Container you could do manually. Of course, you'll need to write all the code yourself which part of the point - a DI Container shifts the focus away from hard coded deps to configurable deps - easier for testing, easier to manipulate and less code scattered across the app (it's more centralised in a config file). In this way - it also means less maintainance and potentially fewer bugs.</p>

      <p>Replacing it will be possible - since it's outside the class hierarchy being configured, it's decoupled. Of course, controllers and views probably will contain direct references to its interface since these will have controlling code to use the container, presumably defined by an interface you could implement.</p>

      <p>Educating users should be kept to the absolute basics. I'd even argue that if the API feels too complex, it probably is. My own explanation would keep it simple. Objects use other objects. DI is what gets those other objects inside the using object. You can do it manually or you can do it via some configurable process, i.e. a DI Container. If the "theory" requires any other complex teaching, well, you're writing it wrong <ac:emoticon ac:name="wink" />.</p>

      1. May 17, 2011

        <p><strong>Anything you could do with a DI Container you could do manually.</strong></p>

        <p>Can someone please setup an auto-responder so this goes out automatically to everyone on a periodic basis? Kidding of course <ac:emoticon ac:name="smile" /></p>

      2. May 20, 2011

        <p>Yeah, I have confused that indeed. The words, not what it is.</p>

        <p>I guess confused that multiple times over the course of the data. That's what 140 character flame wars on Twitter do to you (or me)!</p>

        <p>I meant to say that I'm not in favour of a DI <strong>containter</strong>. That's all. Or at least making it mandatory for components to use or within the MVC pattern.</p>

        <p>I guess I agree on the shift you mentioned (hard-coded deps vs DI container), but this sounds like abstraction hell.</p>

        <p>Will ZF2 power web application development, cars and nuclear power plants also? Probably not, it'll be used for web applications.</p>

        <p>Anyway, I've added my opinion.</p>

    2. May 19, 2011

      <blockquote><p>* How tightly coupled is DI with the rest of the framework? (Aka, do I need to use it?)</p></blockquote>

      <p>DI is a layer <em>on top of</em> the application, used to wire up dependencies. In the prototypes, I use a DependencyInjector instance to build an explicit ServiceLocator class – which is something I could write by hand if desired. </p>

      <p>The main use case is to grab a controller <em>and its dependencies</em> within the front controller. Because we will be using simple, clear interfaces, you should be able to write an alternate front controller easily and quickly should you want to manually wire dependencies at the top level – and nothing will prevent you from simply doing as you've always done in ZF1.</p>

      <p>You can also easily replace what implementations you want to use within your configuration – which is not unlike how we do things in ZF1 with Zend_Application.</p>

      <blockquote><p>* How do you plan to educate developers so they know what is actually going on.</p></blockquote>

      <p>The same way we have with Zend_Application. You show them first simply using the features, and then go into the details of how it works <em>once they're already using it</em>. Look at the symfony2 DIC documentation for a great example showing how easy it is to actually describe the concepts. It's not rocket science, and the concepts are actually fundamentally easy to understand. We just need to make sure we get good feedback on early documentation to ensure it speaks to a variety of audience levels.</p>

      1. May 20, 2011

        <p>Yeah, I looked at Symfony a lot and I've decided to stick with Zend Framework. <ac:emoticon ac:name="wink" /></p>

        <p>Anyway, I'm curious to see how things turn out without it.</p>

        <p>Just let me say this: <strong>I really don't mean to discredit your or anyone else' work</strong>, but I just don't agree on the success of <code>Zend_Application</code>.</p>

        <p>It's part of the reason why people are confused and why a standard setup is considered slow by many people.</p>

        <p>I guess this is one of those 90/10 things where it works for most people, but once you're (stuck) with it, taking it out is an insane task.</p>

        <p>Also debugging (and also profiling) an application is overly complex task, once you have to step through all the magic <code>Zend_Application</code> does to abstract and hide <em>boilerplate</em> from the general developer.</p>

  17. May 18, 2011

    <p>I'm beginning to wonder if some form of templating system should be in place by default. One aspect that I don't quite like in ZF1 is that I/we ended up initializing default View properties in the bootstrap, e.g default scripts, css and meta info. Which is unnecessary for say ajax requests. But then the question is where would be the best place to do this such that (ZF1's) view templates can add or amend these properties (e.g meta tags). Which to me suggests that if the layout.phtml was governed by a templating engine then the defaults could be cleanly/easily specified there?</p>

  18. May 18, 2011

    <p>Having hacked Zend_Controller for two days, I found something else we should have: The ability to change dispatcher /after/ having determined the active route. </p>

    <p>Opinions?</p>

    1. May 18, 2011

      <p>Can you be more specific... what's the 80% use case for this?</p>

      1. May 18, 2011

        <p>I'm fairly sure neither 80% nor 20% would use this ability. I'm not saying ZF should supply multiple dispatchers, nor am I saying it should have some built in way of changing it, it should simply have the ability to implement this functionality. Currently in the Zend_Controller_Front::dispatch(), the dispatcher is retrieved first, then the route is determined. It's pretty much impossible to change that in current states. All I'm saying is that there should be an ability to set the dispatcher to use /after/ the route has been determined.</p>

        <p>In this specific case we use a separate dispatcher for REST routes, but have to determine first whether it's a rest route that's active - or not. I suppose the rest part will be better handled in ZF2, but I suppose someone else will then think of a different use case in which this still may prove useful.</p>

        <p>==<br />
        If we get the rest solution generic enough I may blog about it, and see if we can get it FOSS.</p>

    2. May 19, 2011

      <p>The question is whether or not we'll have a separate dispatcher. Since a "controller" is anything dispatchable, we could simply have different base action controllers that implement different types of logic. The zf2sandbox prototype shows this with both RESTful and regular action-based controllers.</p>

      1. May 20, 2011

        <p>Of course, the above is assuming there will be a separate dispatcher. If there wont be, we dont need to be able to switch it <ac:emoticon ac:name="wink" /> (I think there's gotta be some logic reasoning behind it).</p>

        <p>On a different note, it goes without saying (I think) that a method like zend_controller_front::dispatch() should not be a 150 lines long in a zf2...</p>

        1. May 20, 2011

          <p>Take a look at this, then: <a class="external-link" href="http://git.mwop.net/?a=viewblob&p=zf2sandbox&h=ead2f05f042dfe646f439b68b92debde3dcd9648&hb=5a5ca1b518e36f5fa40366d3814321082222bb49&f=library/mwop/Controller/Front.php">http://git.mwop.net/?a=viewblob&amp;p=zf2sandbox&amp;h=ead2f05f042dfe646f439b68b92debde3dcd9648&amp;hb=5a5ca1b518e36f5fa40366d3814321082222bb49&amp;f=library/mwop/Controller/Front.php</a></p>

          <p>Interestingly, there's code in there that can be stripped at this point (the "controller map" bit is redundant when we're pulling controllers from the DI container). </p>

          <p>Also, browse that tree and look for the restful controller implementation, as well as the "page" controller – they better show off the ideas of moving the mapping of actions into the controllers themselves.</p>

  19. May 28, 2011

    <p>A variable configuration system for the routing will be nice where we can put specific config variables for the routes, and router will use these variables to create/map the routes.</p>

    <p>For example, I have a module named "store" and I created some routes for the module, but then I have to use "storefront" as module name instead of "store", so I need to change all the routes I have defined with "store/?<cite>" into "storefront/</cite>" manually. So what if we have the option to add variables in the route and a system where we can assign values to these variables. and I will define routes like "<module_variable_name>/???" and in the config I will just provide the value for <module_variable_name> which can be "Store" or "Storefront" or "Shop" etc.</p>

  20. Jun 13, 2011

    <p><strong>Zend_Application</strong><br />
    I have to say I enjoy Zend_Application and really want to see it in ZF2. My complaints about Zend_Application are it is SLOW! I believe in our current application it can take up to 200ms just for the bootstrapping process. Part of this is due to the standard implementation runs all of the elements in the bootstrap.</p>

    <p>A way to pull this out and gain the flexibility and speed is to move some of it to a dispatching hook. An example can be utilizing the class to specify what elements need to be bootstrapped:</p>

    <ac:macro ac:name="code"><ac:plain-text-body><![CDATA[// snip from the bootstrap harness (aka index.php)
    $app = new \Zend\Application(APP_ENV, APP_PATH);
    $app->run();

    // snip from a controller public property
    $bootstrap = array(
    'myAction' => array('database', '...');
    );

    // snip from a front controller plugin
    foreach ($controller->bootstrap['myAction'] as $boot) {
    $app->bootstrap($boot);
    }]]></ac:plain-text-body></ac:macro>

    <p>Another thing that I think is missing is global access to the bootstrap in a controlled way which allows to retrieve the elements quickly and easily.</p>