Caution: The documentation you are viewing is
for an older version of Zend Framework.
You can find the documentation of the current version at:
https://docs.zendframework.com/
Controller Scripts - Zend_View
The controller is where you instantiate and configure Zend_View. You then assign variables to the view, and tell the view to render output using a particular script.
Your controller script should assign necessary variables to the view before it hands over control to the view script. Normally, you can do assignments one at a time by assigning to property names of the view instance:
However, this can be tedious when you have already collected the values to be assigned into an array or object.
The assign() method lets you assign from an array or object "in bulk". The following examples have the same effect as the above one-by-one property assignments.
Alternatively, you can use the assign method to assign one-by-one by passing a string variable name, and then the variable value.
Once you have assigned all needed variables, the controller should tell Zend_View to render a particular view script. Do so by calling the render() method. Note that the method will return the rendered view, not print it, so you need to print or echo it yourself at the appropriate time.
By default, Zend_View expects your view scripts to be relative to your calling script. For example, if your controller script is at "/path/to/app/controllers" and it calls $view->render('someView.php'), Zend_View will look for "/path/to/app/controllers/someView.php".
Obviously, your view scripts are probably located elsewhere. To tell Zend_View where it should look for view scripts, use the setScriptPath() method.
Now when you call $view->render('someView.php'), it will look for "/path/to/app/views/someView.php".
In fact, you can "stack" paths using the addScriptPath() method. As you add paths to the stack, Zend_View will look at the most-recently-added path for the requested view script. This allows you override default views with custom views so that you may create custom "themes" or "skins" for some views, while leaving others alone.
Note: Never use user input to set script paths
Zend_View uses script paths to lookup and render view scripts. As such, these directories should be known before-hand, and under your control. Never set view script paths based on user input, as you can potentially open yourself up to Local File Inclusion vulnerability if the specified path includes parent directory traversals. For example, the following input could trigger the issue:
While this example is contrived, it does clearly show the potential issue. If you must rely on user input to set your script path, properly filter the input and check to ensure it exists under paths controlled by your application.
// $_GET['foo'] == '../../../etc' $view->addScriptPath($_GET['foo']); $view->render('passwd');