Merge branch '2.8' into 3.2

* 2.8: fixed CS [2.8] Modify 2.8 upgrade doc - key option is deprecated. [DebugBundle] Reword an outdated comment about var dumper wiring [DI] Fix some docblocks Ignore memcached missing key error on dession destroy Github template: Remove EOM 3.2 from branch suggestion [Security] Fix security.interactive_login event const doc block Avoid infinite loops when profiler data is malformed [Bridge\ProxyManager] Dont call __destruct() on non-instantiated services Docblock improvement bumped Symfony version to 2.8.27 updated VERSION for 2.8.26 updated CHANGELOG for 2.8.26 bumped Symfony version to 2.7.34 updated VERSION for 2.7.33 update CONTRIBUTORS for 2.7.33 updated CHANGELOG for 2.7.33 [HttpFoundation] Generate safe fallback filename for wrongly encoded filename
2017-08-10 09:06:25 +02:00 · 2017-08-10 09:06:25 +02:00 · 3306986a5d
parent 927f950019 18e5e70afe
commit 3306986a5d
19 changed files with 211 additions and 33 deletions
--- a/.github/PULL_REQUEST_TEMPLATE.md
+++ b/.github/PULL_REQUEST_TEMPLATE.md
@ -1,6 +1,6 @@
 | Q             | A
 | ------------- | ---
-| Branch?       | 3.4 or master / 2.7, 2.8, 3.2 or 3.3 <!-- see comment below -->
+| Branch?       | 3.4 or master / 2.7, 2.8 or 3.3 <!-- see comment below -->
 | Bug fix?      | yes/no
 | New feature?  | yes/no <!-- don't forget updating src/**/CHANGELOG.md files -->
 | BC breaks?    | yes/no
--- a/CONTRIBUTORS.md
+++ b/CONTRIBUTORS.md
@ -20,11 +20,11 @@ Symfony is the result of the work of many people who made the code better
 - Javier Eguiluz (javier.eguiluz)
 - Hugo Hamon (hhamon)
 - Maxime Steinhausser (ogizanagi)
- - Abdellatif Ait boudad (aitboudad)
 - Robin Chalas (chalas_r)
+ - Abdellatif Ait boudad (aitboudad)
+ - Grégoire Pineau (lyrixx)
 - Romain Neutron (romain)
 - Pascal Borreli (pborreli)
- - Grégoire Pineau (lyrixx)
 - Wouter De Jong (wouterj)
 - Joseph Bielawski (stloyd)
 - Karma Dordrak (drak)
@ -34,8 +34,8 @@ Symfony is the result of the work of many people who made the code better
 - Jean-François Simon (jfsimon)
 - Benjamin Eberlei (beberlei)
 - Igor Wiedler (igorw)
- - Eriksen Costa (eriksencosta)
 - Roland Franssen (ro0)
+ - Eriksen Costa (eriksencosta)
 - Jules Pietri (heah)
 - Sarah Khalil (saro0h)
 - Guilhem Niot (energetick)
@ -66,6 +66,7 @@ Symfony is the result of the work of many people who made the code better
 - Eric Clemmons (ericclemmons)
 - Charles Sarrazin (csarrazi)
 - Christian Raue
+ - Konstantin Myakshin (koc)
 - Arnout Boks (aboks)
 - Deni
 - Henrik Westphal (snc)
@ -73,7 +74,7 @@ Symfony is the result of the work of many people who made the code better
 - Jáchym Toušek (enumag)
 - Titouan Galopin (tgalopin)
 - Douglas Greenshields (shieldo)
- - Konstantin Myakshin (koc)
+ - Dany Maillard (maidmaid)
 - Lee McDermott
 - Brandon Turner
 - Luis Cordova (cordoval)
@ -89,23 +90,22 @@ Symfony is the result of the work of many people who made the code better
 - Fran Moreno (franmomu)
 - Antoine Hérault (herzult)
 - Paráda József (paradajozsef)
+ - Issei Murasawa (issei_m)
 - Arnaud Le Blanc (arnaud-lb)
 - Maxime STEINHAUSSER
 - Alexander M. Turek (derrabus)
 - Michal Piotrowski (eventhorizon)
- - Dany Maillard (maidmaid)
- - Issei Murasawa (issei_m)
 - Tim Nagel (merk)
+ - Yonel Ceruto González (yonelceruto)
 - Brice BERNARD (brikou)
 - Baptiste Clavié (talus)
 - Vladimir Reznichenko (kalessil)
 - marc.weistroff
- - Yonel Ceruto González (yonelceruto)
 - lenar
+ - Tobias Nyholm (tobias)
 - Włodzimierz Gajda (gajdaw)
 - Alexander Schwenn (xelaris)
 - Jacob Dreesen (jdreesen)
- - Tobias Nyholm (tobias)
 - Florian Voutzinos (florianv)
 - Colin Frei
 - Adrien Brault (adrienbrault)
@ -132,13 +132,13 @@ Symfony is the result of the work of many people who made the code better
 - Daniel Gomes (danielcsgomes)
 - Hidenori Goto (hidenorigoto)
 - Guilherme Blanco (guilhermeblanco)
+ - David Maicher (dmaicher)
 - Pablo Godel (pgodel)
 - Jérémie Augustin (jaugustin)
 - Andréia Bohner (andreia)
 - Rafael Dohms (rdohms)
 - Arnaud Kleinpeter (nanocom)
 - jwdeitch
- - David Maicher (dmaicher)
 - Mikael Pajunen
 - Joel Wurtz (brouznouf)
 - Jérôme Vasseur (jvasseur)
@ -176,6 +176,7 @@ Symfony is the result of the work of many people who made the code better
 - Benjamin Dulau (dbenjamin)
 - James Halsall (jaitsu)
 - Mathieu Lemoine (lemoinem)
+ - Christian Schmidt
 - Andreas Hucks (meandmymonkey)
 - Noel Guilbert (noel)
 - Stepan Anchugov (kix)
@ -201,7 +202,6 @@ Symfony is the result of the work of many people who made the code better
 - John Kary (johnkary)
 - Justin Hileman (bobthecow)
 - Blanchon Vincent (blanchonvincent)
- - Christian Schmidt
 - Michele Orselli (orso)
 - Tom Van Looy (tvlooy)
 - Sven Paulus (subsven)
@ -238,6 +238,7 @@ Symfony is the result of the work of many people who made the code better
 - Katsuhiro OGAWA
 - Patrick McDougle (patrick-mcdougle)
 - Alif Rachmawadi
+ - Alessandro Chitolina
 - Kristen Gilden (kgilden)
 - Pierre-Yves LEBECQ (pylebecq)
 - Jordan Samouh (jordansamouh)
@ -263,6 +264,8 @@ Symfony is the result of the work of many people who made the code better
 - Pavel Batanov (scaytrase)
 - Nikita Konstantinov
 - Wodor Wodorski
+ - Rob Frawley 2nd (robfrawley)
+ - Gregor Harlan (gharlan)
 - Thomas Lallement (raziel057)
 - Giorgio Premi
 - Matthieu Napoli (mnapoli)
@ -278,7 +281,6 @@ Symfony is the result of the work of many people who made the code better
 - Marc Weistroff (futurecat)
 - Christian Schmidt
 - Hidde Wieringa (hiddewie)
- - Alessandro Chitolina
 - Chad Sikorra (chadsikorra)
 - Chris Smith (cs278)
 - Florian Klein (docteurklein)
@ -315,7 +317,6 @@ Symfony is the result of the work of many people who made the code better
 - Thierry Thuon (lepiaf)
 - Ricard Clau (ricardclau)
 - Mark Challoner (markchalloner)
- - Gregor Harlan (gharlan)
 - Gennady Telegin (gtelegin)
 - Ben Davies (bendavies)
 - Erin Millard
@ -324,7 +325,6 @@ Symfony is the result of the work of many people who made the code better
 - Magnus Nordlander (magnusnordlander)
 - alquerci
 - Francesco Levorato
- - Rob Frawley 2nd (robfrawley)
 - Vitaliy Zakharov (zakharovvi)
 - Tobias Sjösten (tobiassjosten)
 - Gyula Sallai (salla)
@ -341,6 +341,7 @@ Symfony is the result of the work of many people who made the code better
 - Thomas Calvet (fancyweb)
 - Niels Keurentjes (curry684)
 - JhonnyL
+ - David Badura (davidbadura)
 - hossein zolfi (ocean)
 - Clément Gautier (clementgautier)
 - Eduardo Gulias (egulias)
@ -430,7 +431,6 @@ Symfony is the result of the work of many people who made the code better
 - Christian Wahler
 - Gintautas Miselis
 - Rob Bast
- - David Badura (davidbadura)
 - Zander Baldwin
 - Adam Harvey
 - Maxime Veber (nek-)
@ -545,6 +545,7 @@ Symfony is the result of the work of many people who made the code better
 - Max Rath (drak3)
 - Stéphane Escandell (sescandell)
 - Konstantin S. M. Möllers (ksmmoellers)
+ - James Johnston
 - Sinan Eldem
 - Alexandre Dupuy (satchette)
 - Andre Rømcke (andrerom)
@ -593,6 +594,7 @@ Symfony is the result of the work of many people who made the code better
 - Ulumuddin Yunus (joenoez)
 - Luc Vieillescazes (iamluc)
 - Johann Saunier (prophet777)
+ - Valentin Udaltsov (vudaltsov)
 - Michael Devery (mickadoo)
 - Antoine Corcy
 - Artur Eshenbrener
@ -911,6 +913,7 @@ Symfony is the result of the work of many people who made the code better
 - Alex Demchenko (pilot)
 - Tadas Gliaubicas (tadcka)
 - Benoit Garret
+ - Jakub Sacha
 - DerManoMann
 - Olaf Klischat
 - orlovv
@ -1175,6 +1178,7 @@ Symfony is the result of the work of many people who made the code better
 - Malte Wunsch
 - wusuopu
 - povilas
+ - Gavin Staniforth
 - Alessandro Tagliapietra (alex88)
 - Biji (biji)
 - Gunnar Lium (gunnarlium)
@ -1236,6 +1240,7 @@ Symfony is the result of the work of many people who made the code better
 - flack
 - izzyp
 - František Bereň
+ - Mike Francis
 - Christoph Nissle (derstoffel)
 - Ionel Scutelnicu (ionelscutelnicu)
 - Nicolas Tallefourtané (nicolab)
@ -1246,6 +1251,7 @@ Symfony is the result of the work of many people who made the code better
 - jjanvier
 - Julius Beckmann
 - Romain Dorgueil
+ - Christopher Parotat
 - Grayson Koonce (breerly)
 - Fabien LUCAS (flucas2)
 - Indra Gunawan (indragunawan)
@ -1537,11 +1543,13 @@ Symfony is the result of the work of many people who made the code better
 - Ladislav Tánczos
 - Brian Freytag
 - Skorney
+ - fmarchalemisys
 - mieszko4
 - Steve Preston
 - Neophy7e
 - bokonet
 - Arrilot
+ - Shaun Simmons
 - Markus Staab
 - Pierre-Louis LAUNAY
 - djama
@ -1570,6 +1578,7 @@ Symfony is the result of the work of many people who made the code better
 - Penny Leach
 - Richard Trebichavský
 - g123456789l
+ - Jonathan Vollebregt
 - oscartv
 - DanSync
 - Peter Zwosta
@ -1682,7 +1691,6 @@ Symfony is the result of the work of many people who made the code better
 - Moritz Kraft (userfriendly)
 - Víctor Mateo (victormateo)
 - Vincent (vincent1870)
- - Valentin Udaltsov (vudaltsov)
 - Eugene Babushkin (warl)
 - Wouter Sioen (wouter_sioen)
 - Xavier Amado (xamado)
@ -1704,6 +1712,7 @@ Symfony is the result of the work of many people who made the code better
 - Sergey Fedotov
 - Michael
 - fh-github@fholzhauer.de
+ - AbdElKader Bouadjadja
 - Jan Emrich
 - Mark Topper
 - Xavier REN
--- a/src/Symfony/Bridge/ProxyManager/LazyProxy/Instantiator/LazyLoadingValueHolderFactoryV1.php
+++ b/src/Symfony/Bridge/ProxyManager/LazyProxy/Instantiator/LazyLoadingValueHolderFactoryV1.php
@ -0,0 +1,31 @@
+<?php
+
+/*
+ * This file is part of the Symfony package.
+ *
+ * (c) Fabien Potencier <fabien@symfony.com>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace Symfony\Bridge\ProxyManager\LazyProxy\Instantiator;
+
+use ProxyManager\Factory\LazyLoadingValueHolderFactory as BaseFactory;
+use Symfony\Bridge\ProxyManager\LazyProxy\PhpDumper\LazyLoadingValueHolderGenerator;
+
+/**
+ * @internal
+ */
+class LazyLoadingValueHolderFactoryV1 extends BaseFactory
+{
+    private $generatorV1;
+
+    /**
+     * {@inheritdoc}
+     */
+    protected function getGenerator()
+    {
+        return $this->generatorV1 ?: $this->generatorV1 = new LazyLoadingValueHolderGenerator();
+    }
+}
--- a/src/Symfony/Bridge/ProxyManager/LazyProxy/Instantiator/LazyLoadingValueHolderFactoryV2.php
+++ b/src/Symfony/Bridge/ProxyManager/LazyProxy/Instantiator/LazyLoadingValueHolderFactoryV2.php
@ -0,0 +1,32 @@
+<?php
+
+/*
+ * This file is part of the Symfony package.
+ *
+ * (c) Fabien Potencier <fabien@symfony.com>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace Symfony\Bridge\ProxyManager\LazyProxy\Instantiator;
+
+use ProxyManager\ProxyGenerator\ProxyGeneratorInterface;
+use ProxyManager\Factory\LazyLoadingValueHolderFactory as BaseFactory;
+use Symfony\Bridge\ProxyManager\LazyProxy\PhpDumper\LazyLoadingValueHolderGenerator;
+
+/**
+ * @internal
+ */
+class LazyLoadingValueHolderFactoryV2 extends BaseFactory
+{
+    private $generator;
+
+    /**
+     * {@inheritdoc}
+     */
+    protected function getGenerator(): ProxyGeneratorInterface
+    {
+        return $this->generator ?: $this->generator = new LazyLoadingValueHolderGenerator();
+    }
+}
--- a/src/Symfony/Bridge/ProxyManager/LazyProxy/Instantiator/RuntimeInstantiator.php
+++ b/src/Symfony/Bridge/ProxyManager/LazyProxy/Instantiator/RuntimeInstantiator.php
@ -36,7 +36,11 @@ class RuntimeInstantiator implements InstantiatorInterface
        $config = new Configuration();
        $config->setGeneratorStrategy(new EvaluatingGeneratorStrategy());

-        $this->factory = new LazyLoadingValueHolderFactory($config);
+        if (method_exists('ProxyManager\Version', 'getVersion')) {
+            $this->factory = new LazyLoadingValueHolderFactoryV2($config);
+        } else {
+            $this->factory = new LazyLoadingValueHolderFactoryV1($config);
+        }
    }

    /**
--- a/src/Symfony/Bridge/ProxyManager/LazyProxy/PhpDumper/LazyLoadingValueHolderGenerator.php
+++ b/src/Symfony/Bridge/ProxyManager/LazyProxy/PhpDumper/LazyLoadingValueHolderGenerator.php
@ -0,0 +1,41 @@
+<?php
+
+/*
+ * This file is part of the Symfony package.
+ *
+ * (c) Fabien Potencier <fabien@symfony.com>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace Symfony\Bridge\ProxyManager\LazyProxy\PhpDumper;
+
+use ProxyManager\ProxyGenerator\LazyLoadingValueHolderGenerator as BaseGenerator;
+use Zend\Code\Generator\ClassGenerator;
+
+/**
+ * @internal
+ */
+class LazyLoadingValueHolderGenerator extends BaseGenerator
+{
+    /**
+     * {@inheritdoc}
+     */
+    public function generate(\ReflectionClass $originalClass, ClassGenerator $classGenerator)
+    {
+        parent::generate($originalClass, $classGenerator);
+
+        if ($classGenerator->hasMethod('__destruct')) {
+            $destructor = $classGenerator->getMethod('__destruct');
+            $body = $destructor->getBody();
+            $newBody = preg_replace('/^(\$this->initializer[a-zA-Z0-9]++) && .*;\n\nreturn (\$this->valueHolder)/', '$1 || $2', $body);
+
+            if ($body === $newBody) {
+                throw new \UnexpectedValueException(sprintf('Unexpected lazy-proxy format generated for method %s::__destruct()', $originalClass->name));
+            }
+
+            $destructor->setBody($newBody);
+        }
+    }
+}
--- a/src/Symfony/Bridge/ProxyManager/LazyProxy/PhpDumper/ProxyDumper.php
+++ b/src/Symfony/Bridge/ProxyManager/LazyProxy/PhpDumper/ProxyDumper.php
@ -13,7 +13,6 @@ namespace Symfony\Bridge\ProxyManager\LazyProxy\PhpDumper;

 use ProxyManager\Generator\ClassGenerator;
 use ProxyManager\GeneratorStrategy\BaseGeneratorStrategy;
-use ProxyManager\ProxyGenerator\LazyLoadingValueHolderGenerator;
 use Symfony\Component\DependencyInjection\Container;
 use Symfony\Component\DependencyInjection\Definition;
 use Symfony\Component\DependencyInjection\LazyProxy\PhpDumper\DumperInterface;
--- a/src/Symfony/Bridge/ProxyManager/Tests/LazyProxy/ContainerBuilderTest.php
+++ b/src/Symfony/Bridge/ProxyManager/Tests/LazyProxy/ContainerBuilderTest.php
@ -39,6 +39,9 @@ class ContainerBuilderTest extends TestCase
        /* @var $foo1 \ProxyManager\Proxy\LazyLoadingInterface|\ProxyManager\Proxy\ValueHolderInterface */
        $foo1 = $builder->get('foo1');

+        $foo1->__destruct();
+        $this->assertSame(0, $foo1::$destructorCount);
+
        $this->assertSame($foo1, $builder->get('foo1'), 'The same proxy is retrieved on multiple subsequent calls');
        $this->assertInstanceOf('\ProxyManagerBridgeFooClass', $foo1);
        $this->assertInstanceOf('\ProxyManager\Proxy\LazyLoadingInterface', $foo1);
@ -50,5 +53,8 @@ class ContainerBuilderTest extends TestCase
        $this->assertTrue($foo1->isProxyInitialized());
        $this->assertInstanceOf('\ProxyManagerBridgeFooClass', $foo1->getWrappedValueHolderValue());
        $this->assertNotInstanceOf('\ProxyManager\Proxy\LazyLoadingInterface', $foo1->getWrappedValueHolderValue());
+
+        $foo1->__destruct();
+        $this->assertSame(1, $foo1::$destructorCount);
    }
 }
--- a/src/Symfony/Bridge/ProxyManager/Tests/LazyProxy/Fixtures/includes/foo.php
+++ b/src/Symfony/Bridge/ProxyManager/Tests/LazyProxy/Fixtures/includes/foo.php
@ -2,6 +2,8 @@

 class ProxyManagerBridgeFooClass
 {
+    public static $destructorCount = 0;
+
    public $foo;
    public $moo;

@ -38,4 +40,9 @@ class ProxyManagerBridgeFooClass
    {
        $this->bar = $value;
    }
+
+    public function __destruct()
+    {
+        ++self::$destructorCount;
+    }
 }
--- a/src/Symfony/Bundle/DebugBundle/DebugBundle.php
+++ b/src/Symfony/Bundle/DebugBundle/DebugBundle.php
@ -27,8 +27,10 @@ class DebugBundle extends Bundle
            $container = $this->container;

            // This code is here to lazy load the dump stack. This default
-            // configuration for CLI mode is overridden in HTTP mode on
-            // 'kernel.request' event
+            // configuration is overridden in CLI mode on 'console.command' event.
+            // The dump data collector is used by default, so dump output is sent to
+            // the WDT. In a CLI context, if dump is used too soon, the data collector
+            // will buffer it, and release it at the end of the script.
            VarDumper::setHandler(function ($var) use ($container) {
                $dumper = $container->get('data_collector.dump');
                $cloner = $container->get('var_dumper.cloner');
--- a/src/Symfony/Component/DependencyInjection/ContainerBuilder.php
+++ b/src/Symfony/Component/DependencyInjection/ContainerBuilder.php
@ -705,8 +705,8 @@ class ContainerBuilder extends Container implements TaggedContainerInterface
     * This methods allows for simple registration of service definition
     * with a fluid interface.
     *
-     * @param string $id    The service identifier
-     * @param string $class The service class
+     * @param string $id         The service identifier
+     * @param string $class|null The service class
     *
     * @return Definition A Definition instance
     */
--- a/src/Symfony/Component/DependencyInjection/Definition.php
+++ b/src/Symfony/Component/DependencyInjection/Definition.php
@ -155,6 +155,13 @@ class Definition
        return $this;
    }

+    /**
+     * Sets the properties to define when creating the service.
+     *
+     * @param array $properties
+     *
+     * @return $this
+     */
    public function setProperties(array $properties)
    {
        $this->properties = $properties;
@ -162,11 +169,24 @@ class Definition
        return $this;
    }

+    /**
+     * Gets the properties to define when creating the service.
+     *
+     * @return array
+     */
    public function getProperties()
    {
        return $this->properties;
    }

+    /**
+     * Sets a specific property.
+     *
+     * @param string $name
+     * @param mixed  $value
+     *
+     * @return $this
+     */
    public function setProperty($name, $value)
    {
        $this->properties[$name] = $value;
@ -189,7 +209,7 @@ class Definition
    }

    /**
-     * Sets a specific argument.
+     * Replaces a specific argument.
     *
     * @param int   $index
     * @param mixed $argument
@ -672,7 +692,7 @@ class Definition
    }

    /**
-     * Sets autowired.
+     * Enables/disables autowiring.
     *
     * @param bool $autowired
     *
--- a/src/Symfony/Component/HttpFoundation/BinaryFileResponse.php
+++ b/src/Symfony/Component/HttpFoundation/BinaryFileResponse.php
@ -150,7 +150,7 @@ class BinaryFileResponse extends Response
     * Sets the Content-Disposition header with the given filename.
     *
     * @param string $disposition      ResponseHeaderBag::DISPOSITION_INLINE or ResponseHeaderBag::DISPOSITION_ATTACHMENT
-     * @param string $filename         Optionally use this filename instead of the real name of the file
+     * @param string $filename         Optionally use this UTF-8 encoded filename instead of the real name of the file
     * @param string $filenameFallback A fallback filename, containing only ASCII characters. Defaults to an automatically encoded filename
     *
     * @return $this
@ -162,7 +162,7 @@ class BinaryFileResponse extends Response
        }

        if ('' === $filenameFallback && (!preg_match('/^[\x20-\x7e]*$/', $filename) || false !== strpos($filename, '%'))) {
-            $encoding = mb_detect_encoding($filename, null, true);
+            $encoding = mb_detect_encoding($filename, null, true) ?: '8bit';

            for ($i = 0, $filenameLength = mb_strlen($filename, $encoding); $i < $filenameLength; ++$i) {
                $char = mb_substr($filename, $i, 1, $encoding);
--- a/src/Symfony/Component/HttpFoundation/Session/Storage/Handler/MemcacheSessionHandler.php
+++ b/src/Symfony/Component/HttpFoundation/Session/Storage/Handler/MemcacheSessionHandler.php
@ -95,7 +95,9 @@ class MemcacheSessionHandler implements \SessionHandlerInterface
     */
    public function destroy($sessionId)
    {
-        return $this->memcache->delete($this->prefix.$sessionId);
+        $this->memcache->delete($this->prefix.$sessionId);
+
+        return true;
    }

    /**
--- a/src/Symfony/Component/HttpFoundation/Session/Storage/Handler/MemcachedSessionHandler.php
+++ b/src/Symfony/Component/HttpFoundation/Session/Storage/Handler/MemcachedSessionHandler.php
@ -101,7 +101,9 @@ class MemcachedSessionHandler implements \SessionHandlerInterface
     */
    public function destroy($sessionId)
    {
-        return $this->memcached->delete($this->prefix.$sessionId);
+        $result = $this->memcached->delete($this->prefix.$sessionId);
+
+        return $result || $this->memcached->getResultCode() == \Memcached::RES_NOTFOUND;
    }

    /**
--- a/src/Symfony/Component/HttpFoundation/Tests/BinaryFileResponseTest.php
+++ b/src/Symfony/Component/HttpFoundation/Tests/BinaryFileResponseTest.php
@ -68,6 +68,17 @@ class BinaryFileResponseTest extends ResponseTestCase
        $this->assertSame('attachment; filename="f__.html"; filename*=utf-8\'\'f%C3%B6%C3%B6.html', $response->headers->get('Content-Disposition'));
    }

+    public function testSetContentDispositionGeneratesSafeFallbackFilenameForWronglyEncodedFilename()
+    {
+        $response = new BinaryFileResponse(__FILE__);
+
+        $iso88591EncodedFilename = utf8_decode('föö.html');
+        $response->setContentDisposition(ResponseHeaderBag::DISPOSITION_ATTACHMENT, $iso88591EncodedFilename);
+
+        // the parameter filename* is invalid in this case (rawurldecode('f%F6%F6') does not provide a UTF-8 string but an ISO-8859-1 encoded one)
+        $this->assertSame('attachment; filename="f__.html"; filename*=utf-8\'\'f%F6%F6.html', $response->headers->get('Content-Disposition'));
+    }
+
    /**
     * @dataProvider provideRanges
     */
--- a/src/Symfony/Component/HttpKernel/Profiler/FileProfilerStorage.php
+++ b/src/Symfony/Component/HttpKernel/Profiler/FileProfilerStorage.php
@ -142,11 +142,19 @@ class FileProfilerStorage implements ProfilerStorageInterface
            }
        }

+        $profileToken = $profile->getToken();
+        // when there are errors in sub-requests, the parent and/or children tokens
+        // may equal the profile token, resulting in infinite loops
+        $parentToken = $profile->getParentToken() !== $profileToken ? $profile->getParentToken() : null;
+        $childrenToken = array_filter(array_map(function ($p) use ($profileToken) {
+            return $profileToken !== $p->getToken() ? $p->getToken() : null;
+        }, $profile->getChildren()));
+
        // Store profile
        $data = array(
-            'token' => $profile->getToken(),
-            'parent' => $profile->getParentToken(),
-            'children' => array_map(function ($p) { return $p->getToken(); }, $profile->getChildren()),
+            'token' => $profileToken,
+            'parent' => $parentToken,
+            'children' => $childrenToken,
            'data' => $profile->getCollectors(),
            'ip' => $profile->getIp(),
            'method' => $profile->getMethod(),
--- a/src/Symfony/Component/Security/Guard/GuardAuthenticatorInterface.php
+++ b/src/Symfony/Component/Security/Guard/GuardAuthenticatorInterface.php
@ -153,6 +153,7 @@ interface GuardAuthenticatorInterface extends AuthenticationEntryPointInterface
     *      done by having a _remember_me checkbox in your form, but
     *      can be configured by the "always_remember_me" and "remember_me_parameter"
     *      parameters under the "remember_me" firewall key
+     *  D) The onAuthenticationSuccess method returns a Response object
     *
     * @return bool
     */
--- a/src/Symfony/Component/Security/Http/SecurityEvents.php
+++ b/src/Symfony/Component/Security/Http/SecurityEvents.php
@ -14,8 +14,11 @@ namespace Symfony\Component\Security\Http;
 final class SecurityEvents
 {
    /**
-     * The INTERACTIVE_LOGIN event occurs after a user is logged in
-     * interactively for authentication based on http, cookies or X509.
+     * The INTERACTIVE_LOGIN event occurs after a user has actively logged
+     * into your website. It is important to distinguish this action from
+     * non-interactive authentication methods, such as:
+     *   - authentication based on your session.
+     *   - authentication using a HTTP basic or HTTP digest header.
     *
     * @Event("Symfony\Component\Security\Http\Event\InteractiveLoginEvent")
     *