Issue Type: Improvement Created: 2008-10-13T13:00:31.000+0000 Last Updated: 2008-11-13T14:10:24.000+0000 Status: Resolved Fix version(s): - 1.7.0 (17/Nov/08)
Reporter: Thomas Weidner (thomas) Assignee: Thomas Weidner (thomas) Tags: - Zend_File_Transfer
Related issues: Attachments:
Some notes from an dev-discussion:
Issues Security issues with view scripts : Currently, the path to the uploaded filename is rendered by the view : helper. Mismatch between expectations : getValue() returned the file path... but if there were errors in : uploading, this information was invalid. Problems with filters : File upload adapters' getFilters() method would return null in some : situtations. However, the Zend_Form_Element API specifies an array : should be returned. This led to PHP errors when calling getValue(). Proposed solutions Fix formFile view helper : The file path is irrelevant, and should never be displayed. Fix getValue() : Several things need to happen here. : : First, if $_FILES is empty or does not contain the given file input : name, simply return null or an empty string : : If not, it should check to see if there were validation errors; if : so, return an empty string/null. : : Finally, If no validation errors occurred, call receive() on the : file adapter, and return the filtered file name on success, or an : empty string/null on failure (or throw an exception). : : This has several advantages: $form->getValues() will now return all : values for the form; and no filename is ever returned for blank or : invalid forms. Fix getFilters() : If a null value is detected, return an empty array.
Actually all except the getValue() improvements are already added.
Posted by Thomas Weidner (thomas) on 2008-10-27T13:42:20.000+0000
Implemented with r12152
Posted by Wil Sinclair (wil) on 2008-11-13T14:10:24.000+0000
Changing issues in preparation for the 1.7.0 release.
Have you found an issue?
See the Overview section for more details.