Zend Form addFilter StripTags not stripping tags

Question

I need a little help clearing something up with Zend_Form and adding filters to an element. Now I was under the impression that when you add a filter to the form that, when the form is posted that filter was executed as part of dispatch in the controller.

However when testing my form to my horror the filter StripTags doesn't seem to be running and I am getting the data with the HTML tags in the data.

My Form element looks like this.

$address1 = new Zend_Form_Element_Textarea('address1');
    $address1->addFilter('StripTags')
        ->addFilter('StringTrim')            
        ->setAttrib('cols', 30)
        ->setAttrib('rows', 5)
        ->removeDecorator('DtDdWrapper')
        ->removeDecorator('label')
        ->removeDecorator('HtmlTag')

However if I put in the text area the some data with html tags in it and then check the form is valid using

$formData = $this->_request->getPost();
if($form->isValid($formData){
    ...

The data comes back with the tags in it. It only removed when I pass the data through the strip_tags() function.

I suppose my question is should the StipTags filter if so why isn't it? What am I missing here.

Answer 1

You didn't post code on how you're accessing the data after calling isValid. IIRC the filters will only take effect if you access the data via $form->getValue('someElement') or something along those lines.

Answer 2

Sorry, i know i'm late but in case any one faced the same problem,

I have faced this problem today and i found few ways to solve this problem:

first my code is:

• This is the form class

  class Application_Form_UserForm extends Zend_Form {

  public function init() {

  /* Form Elements & Other Definitions Here ... */
  $this->setMethod('POST');
  
  $fname = new Zend_Form_Element_Text('fname');
  $fname->setLabel('First Name: ');
  $fname->setAttribs(Array(
      'placeholder'=>'Example: Eslam',
      'class'=>'form-control'
  ));
  $fname->setRequired();
  $fname->addValidator('StringLength', false, Array(4,20));
  $fname->addFilter('StringTrim');
  $fname->addFilter('StripTags');
  $fname->removeDecorator('DtDdWrapper');
  $fname->removeDecorator('label');
  $fname->removeDecorator('HtmlTag');
  
  
  $lname = new Zend_Form_Element_Text('lname');
  $lname->setLabel('Last Name: ');
  $lname->setAttribs(Array(
      'placeholder'=>'Example: Khoga',
      'class'=>'form-control'
  ));
  $lname->setRequired();
  $lname->addValidator('StringLength', false, Array(4,20));
  $lname->addFilter('StringTrim');
  $lname->addFilter('StripTags');
  $lname->removeDecorator('DtDdWrapper');
  $lname->removeDecorator('label');
  $lname->removeDecorator('HtmlTag');
  
  $email = new Zend_Form_Element_Text('email');
  $email->setLabel('Email: ');
  $email->setAttribs(Array(
      'placeholder'=>'[email protected]',
      'class'=>'form-control'
  ));
  $email->setRequired();
  $email->addValidator('StringLength', false, Array(5,250));
  $email->addFilter('StringTrim');
  $email->addFilter('StripTags');
  $email->removeDecorator('DtDdWrapper');
  $email->removeDecorator('label');
  $email->removeDecorator('HtmlTag');
  
  $gender = new Zend_Form_Element_Select('gender');
  $gender->setRequired();
  $gender->addMultiOption('male','Male')->
  addMultiOption('female','Female')->
  addMultiOption('none','Prefer not to mention');
  $gender->setAttrib('class', 'form-control');
  
  
  $track_obj = new Application_Model_Track();
  $allTracks = $track_obj->listAll();
  $track = new Zend_Form_element_Select('track');
  foreach($allTracks as $key=>$value)
  {
      $track->addMultiOption($value['id'], $value['name']);
  }
  
  $submit= new Zend_Form_Element_Submit('submit');
  $submit->setAttribs(array('class'=>'btn btn-success'));
  
  $reset= new Zend_Form_Element_Submit('reset');
  $reset->setAttribs(array('class'=>'btn btn-danger'));
  
  $this->addElements(array(
      $fname,
      $lname,
      $email,
      $gender,
      $track,
      $submit,
      $reset
  ));
  

  }

  }

• This is controller class

class UserController extends Zend_Controller_Action{

public function init()
{
    /* Initialize action controller here */
}

public function indexAction()
{
    // action body
}

public function listAction()
{
    // action body
    $user_model = new Application_Model_User();
    $this->view->users = $user_model->listUsers();

    $track_form = new Application_Form_Track();
    $this->view->track_form = $track_form;
    $track_model = new Application_Model_Track();
    $request = $this->getRequest();
    if($request->isPost())
    {
        if($track_form->isValid($request->getPost())){
            $track_model-> addTrack($request->getParams());
            $this->redirect('/user/add');
        }
    }
}

public function detailsAction()
{
    // action body
    $user_model = new Application_Model_User();
    $us_id = $this->_request->getParam("uid");
    $user = $user_model->userDetails($us_id);
    $trackModel = new Application_Model_Track();
    $track = $trackModel->getTrackName($user[0]['track']);
    $user[0]['track'] = $track[0]['name'];
    $this->view->user = $user[0];
}

public function deleteAction()
{
    // action body
    $user_model = new Application_Model_User();
    $us_id = $this->_request->getParam("uid");
    $user_model->deleteUser($us_id);
    $this->redirect("/user/list");
}

public function addAction()
{
    // action body
    $form = new Application_Form_UserForm();
    $request = $this->getRequest();
    if($request->isPost()){
        if($form->isValid($request->getPost())){
            /*echo "<pre>";
            print_r($form);
            echo "</pre>";
            exit;*/
            $userData['fname'] = $form->getValue('fname');
            $userData['lname'] = $form->getValue('lname');
            $userData['email'] = $form->getValue('email');
            $userData['gender'] = $form->getValue('gender');
            $userData['track'] = $form->getValue('track');
            $user_model = new Application_Model_User();
            $user_model-> addNewUser($userData);
            $this->redirect('/user/list');
        }
    }
    $this->view->user_form = $form;
}

public function editAction()
{
    // action body
    $form = new Application_Form_UserForm();
    $user_model = new Application_Model_User ();
    $id = $this->_request->getParam('uid');
    $user_data = $user_model-> userDetails($id)[0];
    $form->populate($user_data);
    $this->view->userName = $user_data['fname']." ".$user_data['lname'];
    $this->view->user_form = $form;
    $request = $this->getRequest();
    if($request->isPost()){
        if($form->isValid($request->getPost())){
            $userData['fname'] = $form->getValue('fname');
            $userData['lname'] = $form->getValue('lname');
            $userData['email'] = $form->getValue('email');
            $userData['gender'] = $form->getValue('gender');
            $userData['track'] = $form->getValue('track');
            $user_model-> updateUser($id, $userData);
            $this->redirect('/user/list');
        }
    }
}


}

First Solution:

i used filter on Form elements in the form class, but i retrieved data from $form object in the controller, as i found that method

addFilter()

doesn't change in the $_POST array values, so i have retrieved the data from $form object and then passed it as array to Model.

Second Solution:

i have tried to apply the filter on the values in the controller, not in the form by creating object from filter class and apply needed filter

Third Solution:

is to use method

addValidator()

with regex which affects on $_POST values.