All has been a bit quiet here of late, 2011 was a very busy year for me both with work and family life. With half an hour left of the first day of 2012 I thought I’d record a few resolutions for the oncoming year.

  • Photography – I have a great Canon 40D camera which apart from a fabulous trip to New York City has been unloved in the past year. I want to photograph more in 2012, starting with my attempt at the 365 project over on Flickr
  • Writing – I also love writing, when I give myself the time to do so. I intend to write more in 2012 and will try to get my writing published elsewhere than just my own blog.
  • Family – With Daniel almost 2 and Billy 4, our two boys are becoming very interesting little people. It goes without saying the next year will be full of lots of family time, but it doesn’t stop me making sure I remember it should be my focus.
  • Cycling – I rarely cycle to work these days, even though the 4 mile journey is less stressful via bike than car (and takes about the same time). Really need to do this more to offset the beer and pies 🙂

Let’s see how I do in a few months time!..

[Edit: 2012 was a pretty busy year for me, mostly focussed on family and work. Though I did manage a few interesting trips abroad in Europe and the US. Not enough writing though, must try harder!]

Clickjacking exploit on Facebook

I spotted a post today on Facebook which looked rather suspicious. The link was titled “EMBARRASSING: Father caught daughter on WEBCAM!!!” and was obviously designed to lure people in to clicking on the link. It went to the URL qok7.info which claimed to have a YouTube security verification notice (a CAPTCHA) you had to fill in before viewing the video.

In fact, it’s a clickjacking exploit that contains a hidden form which submits a public comment on your Facebook account with a link back to this site. I first came across clickjacking exploits on Chris Shiflett’s blog, it’s a cunning method of hiding a real form within an iframe behind something like an image that usually has something clickable on it. In this case it has a fake CAPTCHA form whose fake form elements are lined up to submit the real Facebook status update form hidden in the iframe.

This exploit may be related to the daughter on webcam issue reported by Sophos or this might just be an example of very successful keywords used by scammers.

I see it’s been reported on Facebook’s security pages, I don’t know if it’s something Facebook can technically fix but I would hope they can ban links from this website to avoid users inadvertently spreading this exploit.

So if you’re a Facebook user don’t go clicking on links about daughters on webcams. Or any suspicious links for that matter. Always check URLs and if it looks dodgy, get out of there!

Checking your Zend Framework route order

The order that you create your routes in Zend Framework is important, with the last route defined in your code being matched first. This allows you to set up custom routes and if these aren’t matched Zend Framework helpfully falls back to the default route which is set up first. If you have a lot of routes though, set up in different places, it can get difficult to verify the order of your routes.

Just use this snippet of code in your controller to return a list of route names set up in your ZF application in the order they are matched via the routing system (i.e. the route at number 1 is matched first, then route 2, etc).

// Output list of routes, in the order they are matched
echo '<ol>';
$routes = array_reverse($this->getFrontController()->getRouter()->getRoutes());
foreach ($routes as $name => $route) {
    echo "	<li>$name</li>\n";
echo '</ol>';

Find out more about the ZF Router at the ZF manual.

A contents index for Zend Framework manual pages

The good old Zend Framework manual pages do suffer from being somewhat lengthy. I’ve thought they could do with an index to make navigation easier on those oh-so-long pages. So I wrote a quick JavaScript bookmarklet to do just that.

Continue reading “A contents index for Zend Framework manual pages”

Understanding the stack index for Zend Framework Controller plugins

Zend Framework Controller plugins are a powerful way to inject logic into your controller system at various points, such as before and after an action dispatch. Plugins are run in the order they are added, though it is possible to change the order by defining a custom stack index. ZF internal plugins such as Zend_Controller_Plugin_ErrorHandler, which displays a nice Error 404 page, has a stack index of 100 to ensure it runs near the end of any plugin cycle. However, it’s not so obvious from the ZF manual how to set a custom stack index.
Continue reading “Understanding the stack index for Zend Framework Controller plugins”

Sub-modules in Zend Framework

Following on from my post on Admin sub-modules I’ve refactored the code into a more generic sub-modules system. And fixed some bugs!

Its main features are:

  • Organise modules into sub-folders where you need to support a complex collection of controllers, views, models, etc
  • Supports URLs in the format: /sub-module/module/controller/action
  • Supports ID route: /sub-module/module/controller/action/id
  • Registers controller folder to support above URLs
  • Autoloads module resources (using Zend_Application_Module_Autoloader) in the format: submodulenameModulename_Resource (i.e. AdminUser_Form_Registration)

This supports URL routes such as:

www.domain.com/admin/user/ ->

www.domain.com/cms/news ->

It’s a bootstrap resource that can be enabled in your application.ini file as so:

; 'admin' key is the name of sub-module group = path to sub-modules directory
resources.subModules.admin.directory = APPLICATION_PATH "/admin-modules"