The MVC components in Zend Framework utilize a Front Controller, which means that all requests to a given site will go through a single entry point. As a result, all exceptions bubble up to the Front Controller eventually, allowing the developer to handle them in a single location.
However, exception messages and backtrace information often contain
sensitive system information, such as SQL statements, file
locations, and more. To help protect your site, by default
Zend_Controller_Front
catches all exceptions and
registers them with the response object; in turn, by default, the
response object does not display exception messages.
Several mechanisms are built in to the MVC components already to allow you to handle exceptions.
By default, the error handler plugin is registered and active. This plugin was designed to handle:
Errors due to missing controllers or actions
Errors occurring within action controllers
It operates as a postDispatch()
plugin, and
checks to see if a dispatcher, action controller, or
other exception has occurred. If so, it forwards to an error
handler controller.
This handler will cover most exceptional situations, and handle missing controllers and actions gracefully.
Zend_Controller_Front::throwExceptions()
By passing a boolean true value to this method, you can tell the front controller that instead of aggregating exceptions in the response object or using the error handler plugin, you'd rather handle them yourself. As an example:
<?php $front->throwExceptions(true); try { $front->dispatch(); } catch (Exception $e) { // handle exceptions yourself }
This method is probably the easiest way to add custom exception handling covering the full range of possible exceptions to your front controller application.
Zend_Controller_Response_Abstract::renderExceptions()
By passing a boolean true value to this method, you tell the response object that it should render an exception message and backtrace when rendering itself. In this scenario, any exception raised by your application will be displayed. This is only recommended for non-production environments.
Zend_Controller_Front::returnResponse()
and
Zend_Controller_Response_Abstract::isException()
.
By passing a boolean true to
Zend_Controller_Front::returnResponse()
,
Zend_Controller_Front::dispatch()
will not render the
response, but instead return it. Once you have the response,
you may then test to see if any exceptions were trapped using
its isException()
method, and retrieving the exceptions via
the getException()
method. As an example:
<?php $front->returnResponse(true); $response = $front->dispatch(); if ($response->isException()) { $exceptions = $response->getException(); // handle exceptions ... } else { $response->sendHeaders(); $response->outputBody(); }
The primary advantage this method offers over
Zend_Controller_Front::throwExceptions()
is to
allow you to conditionally render the response after
handling the exception. This will catch any exception in the
controller chain, unlike the error handler plugin.
The various MVC components -- request, router, dispatcher, action controller, and response objects -- may each throw exceptions on occasion. Some exceptions may be conditionally overridden, and others are used to indicate the developer may need to consider their application structure.
As some examples:
Zend_Controller_Dispatcher::dispatch()
will,
by default, throw an exception if an invalid controller is
requested. There are two recommended ways to deal with
this.
Set the useDefaultControllerAlways
parameter.
In your front controller, or your dispatcher, add the following directive:
<?php $front->setParam('useDefaultControllerAlways', true); // or $dispatcher->setParam('useDefaultControllerAlways', true);
When this flag is set, the dispatcher will use the default controller and action instead of throwing an exception. The disadvantage to this method is that any typos a user makes when accessing your site will still resolve and display your home page, which can wreak havoc with search engine optimization.
The exception thrown by dispatch()
is
a Zend_Controller_Dispatcher_Exception
containing the text 'Invalid controller specified'.
Use one of the methods outlined in the
previous section to catch the exception,
and then redirect to a generic error page or the
home page.
Zend_Controller_Action::__call()
will throw a
Zend_Controller_Action_Exception
if it cannot
dispatch a non-existent action to a method. Most likely,
you will want to use some default action in the controller
in cases like this. Ways to achieve this include:
Subclass Zend_Controller_Action
and
override the __call()
method. As an
example:
<?php class My_Controller_Action extends Zend_Controller_Action { public function __call($method, $args) { if ('Action' == substr($method, -6)) { $controller = $this->getRequest()->getControllerName(); $url = '/' . $controller . '/index'; return $this->_redirect($url); } throw new Exception('Invalid method'); } }
The example above intercepts any undefined action method called and redirects it to the default action in the controller.
Subclass Zend_Controller_Dispatcher
and override the getAction()
method to
verify the action exists. As an example:
<?php class My_Controller_Dispatcher extends Zend_Controller_Dispatcher { public function getAction($request) { $action = $request->getActionName(); if (empty($action)) { $action = $this->getDefaultAction(); $request->setActionName($action); $action = $this->formatActionName($action); } else { $controller = $this->getController(); $action = $this->formatActionName($action); if (!method_exists($controller, $action)) { $action = $this->getDefaultAction(); $request->setActionName($action); $action = $this->formatActionName($action); } } return $action; } }
The above code checks to see that the requested action exists in the controller class; if not, it resets the action to the default action.
This method is nice becauase you can transparently alter the action prior to final dispatch. However, it also means that typos in the URL may still dispatch correctly, which is not great for search engine optimization.
Use
Zend_Controller_Action::preDispatch()
or
Zend_Controller_Plugin_Abstract::preDispatch()
to identify invalid actions.
By subclassing Zend_Controller_Action
and modifying preDispatch()
, you can
modify all of your controllers to forward to
another action or redirect prior to actually
dispatching the action. The code for this will look
similar to the code for overriding
__call()
, above.
Alternatively, you can check this information in a global plugin. This has the advantage of being action controller independent; if your application consists of a variety of action controllers, and not all of them inherit from the same class, this method can add consistency in handling your various classes.
As an example:
<?php class My_Controller_PreDispatchPlugin extends Zend_Controller_Plugin_Abstract { public function preDispatch(Zend_Controller_Request_Abstract $request) { $dispatcher = Zend_Controller_Front::getInstance()->getDispatcher(); $controller = $dispatcher->getController($request); if (!$controller) { $controller = $dispatcher->getDefaultControllerName($request); } $action = $dispatcher->getAction($request); if (!method_exists($controller, $action)) { $defaultAction = $dispatcher->getDefaultAction(); $controllerName = $request->getControllerName(); $response = Zend_Controller_Front::getInstance()->getResponse(); $response->setRedirect('/' . $controllerName . '/' . $defaultAction); $response->sendHeaders(); exit; } } }
In this example, we check to see if the action requested is available in the controller. If not, we redirect to the default action in the controller, and exit script execution immediately.