The MVC components in Zend Framework utilize a Front Controller, which means that all requests to a given site will go through a single entry point. As a result, all exceptions bubble up to the Front Controller eventually, allowing the developer to handle them in a single location.
However, exception messages and backtrace information often contain sensitive system information, such as SQL statements, file locations, and more. To help protect your site, by default Zend_Controller_Front catches all exceptions and registers them with the response object; in turn, by default, the response object does not display exception messages.
Several mechanisms are built in to the MVC components already to allow you to handle exceptions.
Zend_Controller_Front::throwExceptions()
By passing a boolean true value to this method, you can tell the front controller that instead of aggregating exceptions in the response object, you'd rather handle them yourself. As an example:
<?php $front->throwExceptions(true); try { $front->dispatch(); } catch (Exception $e) { // handle exceptions yourself }
This method is probably the easiest way to add custom exception handling to your front controller application.
Zend_Controller_Response_Abstract::renderExceptions()
By passing a boolean true value to this method, you tell the response object that it should render an exception message and backtrace when rendering itself. In this scenario, any exception raised by your application will be displayed. This is only recommended for non-production environments.
Zend_Controller_Front::returnResponse() and Zend_Controller_Response_Abstract::isException()
By passing a boolean true to Zend_Controller_Front::returnResponse(), Zend_Controller_Front::dispatch() will not render the response, but instead return it. Once you have the response, you may then test to see if any exceptions were trapped using its isException() method, and retrieving the exceptions via the getException() method. As an example:
<?php $front->returnResponse(true); $response = $front->dispatch(); if ($response->isException()) { $exceptions = $response->getException(); // handle exceptions ... } else { $response->sendHeaders(); $response->outputBody(); }
The primary advantage this method offers over Zend_Controller_Front::throwExceptions() is to allow you to conditionally render the response after handling the exception.
The various MVC components -- request, router, dispatcher, action controller, and response objects -- each may throw exceptions on occasion. Some exceptions may be conditionally overridden, and others are used to indicate the developer may need to consider their application structure.
As some examples:
Zend_Controller_Dispatcher::dispatch() will, by default, throw an exception if an invalid controller is requested. There are two recommended ways to deal with this.
Set the 'useDefaultControllerAlways' parameter.
In your front controller, or your dispatcher, add the following directive:
<?php $front->setParam('useDefaultControllerAlways', true); // or $dispatcher->setParam('useDefaultControllerAlways', true);
When this flag is set, the dispatcher will use the default controller and action instead of throwing an exception. The disadvantage to this method is that any typos a user makes when accessing your site will still resolve and display your home page, which can wreak havoc with search engine optimization.
The exception thrown by dispatch() is a Zend_Controller_Dispatcher_Exception containing the text 'Invalid controller specified'. Use one of the methods outlined in the previous section to catch the exception, and then redirect to a generic error page or the home page.
Zend_Controller_Action::__call() will throw an exception if it cannot dispatch a non-existent action to a method. Most likely, you will want to use some default action in the controller in cases like this. Ways to achieve this include:
Subclass Zend_Controller_Action and override the __call() method. As an example:
<?php class My_Controller_Action extends Zend_Controller_Action { public function __call($method, $args) { if ('Action' == substr($method, -6)) { $controller = $this->getRequest()->getControllerName(); $url = '/' . $controller . '/index'; return $this->_redirect($url); } throw new Exception('Invalid method'); } }
The example above intercepts any undefined action method called and redirects it to the default action in the controller.
Subclass Zend_Controller_Dispatcher and override the getAction() method to verify the action exists. As an example:
<?php class My_Controller_Dispatcher extends Zend_Controller_Dispatcher { public function getAction($request) { $action = $request->getActionName(); if (empty($action)) { $action = $this->getDefaultAction(); $request->setActionName($action); $action = $this->formatActionName($action); } else { $controller = $this->getController(); $action = $this->formatActionName($action); if (!method_exists($controller, $action)) { $action = $this->getDefaultAction(); $request->setActionName($action); $action = $this->formatActionName($action); } } return $action; } }
The above code checks to see that the requested action exists in the controller class; if not, it resets the action to the default action.
This method is nice as you can transparently alter the action prior to final dispatch. However, it also means that typos in the URL may still dispatch correctly, which is not great for search engine optimization.
Use Zend_Controller_Action::preDispatch() or Zend_Controller_Plugin_Abstract::preDispatch() to identify invalid actions.
By subclassing Zend_Controller_Action and modifying preDispatch(), you can modify all of your controllers to forward to another action or redirect prior to actually dispatching the action. The code for this will look similar to the code for overriding __call(), above.
Alternatively, you can check this information in a global plugin. This has the advantage of being action controller independent; if your application consists of a variety of action controllers, and not all of them inherit from the same class, this method can add consistency in handling your various classes.
As an example:
<?php class My_Controller_PreDispatchPlugin extends Zend_Controller_Plugin_Abstract { public function preDispatch(Zend_Controller_Request_Abstract $request) { $dispatcher = Zend_Controller_Front::getInstance()->getDispatcher(); $controller = $dispatcher->getController($request); if (!$controller) { $controller = $dispatcher->getDefaultControllerName($request); } $action = $dispatcher->getAction($request); if (!method_exists($controller, $action)) { $defaultAction = $dispatcher->getDefaultAction(); $controllerName = $request->getControllerName(); $response = Zend_Controller_Front::getInstance()->getResponse(); $response->setRedirect('/' . $controllerName . '/' . $defaultAction); $response->sendHeaders(); exit; } } }
In this example, we check to see if the action requested is available in the controller. If not, we redirect to the default action in the controller, and exit script execution immediately.