From 8fd5569577ae13504d4098ddd498f78085e00407 Mon Sep 17 00:00:00 2001 From: Alexander Schwenn Date: Tue, 25 Jul 2017 00:00:19 +0200 Subject: [PATCH 01/18] [HttpFoundation] Generate safe fallback filename for wrongly encoded filename --- .../Component/HttpFoundation/BinaryFileResponse.php | 4 ++-- .../HttpFoundation/Tests/BinaryFileResponseTest.php | 11 +++++++++++ 2 files changed, 13 insertions(+), 2 deletions(-) diff --git a/src/Symfony/Component/HttpFoundation/BinaryFileResponse.php b/src/Symfony/Component/HttpFoundation/BinaryFileResponse.php index 0314621907..177b708e8f 100644 --- a/src/Symfony/Component/HttpFoundation/BinaryFileResponse.php +++ b/src/Symfony/Component/HttpFoundation/BinaryFileResponse.php @@ -150,7 +150,7 @@ class BinaryFileResponse extends Response * Sets the Content-Disposition header with the given filename. * * @param string $disposition ResponseHeaderBag::DISPOSITION_INLINE or ResponseHeaderBag::DISPOSITION_ATTACHMENT - * @param string $filename Optionally use this filename instead of the real name of the file + * @param string $filename Optionally use this UTF-8 encoded filename instead of the real name of the file * @param string $filenameFallback A fallback filename, containing only ASCII characters. Defaults to an automatically encoded filename * * @return $this @@ -162,7 +162,7 @@ class BinaryFileResponse extends Response } if ('' === $filenameFallback && (!preg_match('/^[\x20-\x7e]*$/', $filename) || false !== strpos($filename, '%'))) { - $encoding = mb_detect_encoding($filename, null, true); + $encoding = mb_detect_encoding($filename, null, true) ?: '8bit'; for ($i = 0, $filenameLength = mb_strlen($filename, $encoding); $i < $filenameLength; ++$i) { $char = mb_substr($filename, $i, 1, $encoding); diff --git a/src/Symfony/Component/HttpFoundation/Tests/BinaryFileResponseTest.php b/src/Symfony/Component/HttpFoundation/Tests/BinaryFileResponseTest.php index e4607201a2..e41a2372b9 100644 --- a/src/Symfony/Component/HttpFoundation/Tests/BinaryFileResponseTest.php +++ b/src/Symfony/Component/HttpFoundation/Tests/BinaryFileResponseTest.php @@ -68,6 +68,17 @@ class BinaryFileResponseTest extends ResponseTestCase $this->assertSame('attachment; filename="f__.html"; filename*=utf-8\'\'f%C3%B6%C3%B6.html', $response->headers->get('Content-Disposition')); } + public function testSetContentDispositionGeneratesSafeFallbackFilenameForWronglyEncodedFilename() + { + $response = new BinaryFileResponse(__FILE__); + + $iso88591EncodedFilename = utf8_decode('föö.html'); + $response->setContentDisposition(ResponseHeaderBag::DISPOSITION_ATTACHMENT, $iso88591EncodedFilename); + + // the parameter filename* is invalid in this case (rawurldecode('f%F6%F6') does not provide a UTF-8 string but an ISO-8859-1 encoded one) + $this->assertSame('attachment; filename="f__.html"; filename*=utf-8\'\'f%F6%F6.html', $response->headers->get('Content-Disposition')); + } + /** * @dataProvider provideRanges */ From a0cd96812e3055a2a9cfebfbde5ad460d12a1ac5 Mon Sep 17 00:00:00 2001 From: Fabien Potencier Date: Tue, 1 Aug 2017 09:06:55 +0200 Subject: [PATCH 02/18] updated CHANGELOG for 2.7.33 --- CHANGELOG-2.7.md | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/CHANGELOG-2.7.md b/CHANGELOG-2.7.md index 335dfd82e4..d08766327b 100644 --- a/CHANGELOG-2.7.md +++ b/CHANGELOG-2.7.md @@ -7,6 +7,17 @@ in 2.7 minor versions. To get the diff for a specific change, go to https://github.com/symfony/symfony/commit/XXX where XXX is the change hash To get the diff between two versions, go to https://github.com/symfony/symfony/compare/v2.7.0...v2.7.1 +* 2.7.33 (2017-08-01) + + * bug #22244 [Console] Fix passing options with defaultCommand (Jakub Sacha) + * bug #23684 [Debug] Missing escape in debug output (c960657) + * bug #23662 [VarDumper] Adapt to php 7.2 changes (nicolas-grekas) + * bug #23649 [Form][TwigBridge] Don't render _method in form_rest() for a child form (fmarchalemisys) + * bug #23619 [Validator] Fix IbanValidator for ukrainian IBANs (paroe) + * bug #23238 [Security] ensure the 'route' index is set before attempting to use it (gsdevme) + * bug #23580 Fix login redirect when referer contains a query string (fabpot) + * bug #23574 [VarDumper] Move locale sniffing to dump() time (nicolas-grekas) + * 2.7.32 (2017-07-17) * security #23507 [Security] validate empty passwords again (xabbuh) From 55123da8f52a01f12c2e6960edff5707ad04add2 Mon Sep 17 00:00:00 2001 From: Fabien Potencier Date: Tue, 1 Aug 2017 09:07:01 +0200 Subject: [PATCH 03/18] update CONTRIBUTORS for 2.7.33 --- CONTRIBUTORS.md | 39 ++++++++++++++++++++++++--------------- 1 file changed, 24 insertions(+), 15 deletions(-) diff --git a/CONTRIBUTORS.md b/CONTRIBUTORS.md index 47a6cf9986..1b059f5012 100644 --- a/CONTRIBUTORS.md +++ b/CONTRIBUTORS.md @@ -20,11 +20,11 @@ Symfony is the result of the work of many people who made the code better - Javier Eguiluz (javier.eguiluz) - Hugo Hamon (hhamon) - Maxime Steinhausser (ogizanagi) - - Abdellatif Ait boudad (aitboudad) - Robin Chalas (chalas_r) + - Abdellatif Ait boudad (aitboudad) + - Grégoire Pineau (lyrixx) - Romain Neutron (romain) - Pascal Borreli (pborreli) - - Grégoire Pineau (lyrixx) - Wouter De Jong (wouterj) - Joseph Bielawski (stloyd) - Karma Dordrak (drak) @@ -34,8 +34,8 @@ Symfony is the result of the work of many people who made the code better - Jean-François Simon (jfsimon) - Benjamin Eberlei (beberlei) - Igor Wiedler (igorw) - - Eriksen Costa (eriksencosta) - Roland Franssen (ro0) + - Eriksen Costa (eriksencosta) - Jules Pietri (heah) - Sarah Khalil (saro0h) - Guilhem Niot (energetick) @@ -66,6 +66,7 @@ Symfony is the result of the work of many people who made the code better - Eric Clemmons (ericclemmons) - Charles Sarrazin (csarrazi) - Christian Raue + - Konstantin Myakshin (koc) - Arnout Boks (aboks) - Deni - Henrik Westphal (snc) @@ -73,7 +74,7 @@ Symfony is the result of the work of many people who made the code better - Jáchym Toušek (enumag) - Titouan Galopin (tgalopin) - Douglas Greenshields (shieldo) - - Konstantin Myakshin (koc) + - Dany Maillard (maidmaid) - Lee McDermott - Brandon Turner - Luis Cordova (cordoval) @@ -89,23 +90,22 @@ Symfony is the result of the work of many people who made the code better - Fran Moreno (franmomu) - Antoine Hérault (herzult) - Paráda József (paradajozsef) + - Issei Murasawa (issei_m) - Arnaud Le Blanc (arnaud-lb) - Maxime STEINHAUSSER - Alexander M. Turek (derrabus) - Michal Piotrowski (eventhorizon) - - Dany Maillard (maidmaid) - - Issei Murasawa (issei_m) - Tim Nagel (merk) + - Yonel Ceruto González (yonelceruto) - Brice BERNARD (brikou) - Baptiste Clavié (talus) - Vladimir Reznichenko (kalessil) - marc.weistroff - - Yonel Ceruto González (yonelceruto) - lenar + - Tobias Nyholm (tobias) - Włodzimierz Gajda (gajdaw) - Alexander Schwenn (xelaris) - Jacob Dreesen (jdreesen) - - Tobias Nyholm (tobias) - Florian Voutzinos (florianv) - Colin Frei - Adrien Brault (adrienbrault) @@ -132,13 +132,13 @@ Symfony is the result of the work of many people who made the code better - Daniel Gomes (danielcsgomes) - Hidenori Goto (hidenorigoto) - Guilherme Blanco (guilhermeblanco) + - David Maicher (dmaicher) - Pablo Godel (pgodel) - Jérémie Augustin (jaugustin) - Andréia Bohner (andreia) - Rafael Dohms (rdohms) - Arnaud Kleinpeter (nanocom) - jwdeitch - - David Maicher (dmaicher) - Mikael Pajunen - Joel Wurtz (brouznouf) - Jérôme Vasseur (jvasseur) @@ -175,6 +175,7 @@ Symfony is the result of the work of many people who made the code better - Dennis Benkert (denderello) - Benjamin Dulau (dbenjamin) - Mathieu Lemoine (lemoinem) + - Christian Schmidt - Andreas Hucks (meandmymonkey) - Noel Guilbert (noel) - Stepan Anchugov (kix) @@ -200,7 +201,6 @@ Symfony is the result of the work of many people who made the code better - John Kary (johnkary) - Justin Hileman (bobthecow) - Blanchon Vincent (blanchonvincent) - - Christian Schmidt - Michele Orselli (orso) - Tom Van Looy (tvlooy) - Sven Paulus (subsven) @@ -236,6 +236,7 @@ Symfony is the result of the work of many people who made the code better - Katsuhiro OGAWA - Patrick McDougle (patrick-mcdougle) - Alif Rachmawadi + - Alessandro Chitolina - Kristen Gilden (kgilden) - Pierre-Yves LEBECQ (pylebecq) - Jordan Samouh (jordansamouh) @@ -261,6 +262,8 @@ Symfony is the result of the work of many people who made the code better - Pavel Batanov (scaytrase) - Nikita Konstantinov - Wodor Wodorski + - Rob Frawley 2nd (robfrawley) + - Gregor Harlan (gharlan) - Thomas Lallement (raziel057) - Giorgio Premi - Matthieu Napoli (mnapoli) @@ -276,7 +279,6 @@ Symfony is the result of the work of many people who made the code better - Marc Weistroff (futurecat) - Christian Schmidt - Hidde Wieringa (hiddewie) - - Alessandro Chitolina - Chad Sikorra (chadsikorra) - Chris Smith (cs278) - Florian Klein (docteurklein) @@ -313,7 +315,6 @@ Symfony is the result of the work of many people who made the code better - Thierry Thuon (lepiaf) - Ricard Clau (ricardclau) - Mark Challoner (markchalloner) - - Gregor Harlan (gharlan) - Gennady Telegin (gtelegin) - Ben Davies (bendavies) - Erin Millard @@ -322,7 +323,6 @@ Symfony is the result of the work of many people who made the code better - Magnus Nordlander (magnusnordlander) - alquerci - Francesco Levorato - - Rob Frawley 2nd (robfrawley) - Vitaliy Zakharov (zakharovvi) - Tobias Sjösten (tobiassjosten) - Gyula Sallai (salla) @@ -339,6 +339,7 @@ Symfony is the result of the work of many people who made the code better - Thomas Calvet (fancyweb) - Niels Keurentjes (curry684) - JhonnyL + - David Badura (davidbadura) - hossein zolfi (ocean) - Clément Gautier (clementgautier) - Eduardo Gulias (egulias) @@ -428,7 +429,6 @@ Symfony is the result of the work of many people who made the code better - Christian Wahler - Gintautas Miselis - Rob Bast - - David Badura (davidbadura) - Zander Baldwin - Adam Harvey - Maxime Veber (nek-) @@ -543,6 +543,7 @@ Symfony is the result of the work of many people who made the code better - Max Rath (drak3) - Stéphane Escandell (sescandell) - Konstantin S. M. Möllers (ksmmoellers) + - James Johnston - Sinan Eldem - Alexandre Dupuy (satchette) - Andre Rømcke (andrerom) @@ -591,6 +592,7 @@ Symfony is the result of the work of many people who made the code better - Ulumuddin Yunus (joenoez) - Luc Vieillescazes (iamluc) - Johann Saunier (prophet777) + - Valentin Udaltsov (vudaltsov) - Michael Devery (mickadoo) - Antoine Corcy - Artur Eshenbrener @@ -909,6 +911,7 @@ Symfony is the result of the work of many people who made the code better - Alex Demchenko (pilot) - Tadas Gliaubicas (tadcka) - Benoit Garret + - Jakub Sacha - DerManoMann - Olaf Klischat - orlovv @@ -1173,6 +1176,7 @@ Symfony is the result of the work of many people who made the code better - Malte Wunsch - wusuopu - povilas + - Gavin Staniforth - Alessandro Tagliapietra (alex88) - Biji (biji) - Gunnar Lium (gunnarlium) @@ -1234,6 +1238,7 @@ Symfony is the result of the work of many people who made the code better - flack - izzyp - František Bereň + - Mike Francis - Christoph Nissle (derstoffel) - Ionel Scutelnicu (ionelscutelnicu) - Nicolas Tallefourtané (nicolab) @@ -1244,6 +1249,7 @@ Symfony is the result of the work of many people who made the code better - jjanvier - Julius Beckmann - Romain Dorgueil + - Christopher Parotat - Grayson Koonce (breerly) - Fabien LUCAS (flucas2) - Indra Gunawan (indragunawan) @@ -1535,11 +1541,13 @@ Symfony is the result of the work of many people who made the code better - Ladislav Tánczos - Brian Freytag - Skorney + - fmarchalemisys - mieszko4 - Steve Preston - Neophy7e - bokonet - Arrilot + - Shaun Simmons - Markus Staab - Pierre-Louis LAUNAY - djama @@ -1568,6 +1576,7 @@ Symfony is the result of the work of many people who made the code better - Penny Leach - Richard Trebichavský - g123456789l + - Jonathan Vollebregt - oscartv - DanSync - Peter Zwosta @@ -1680,7 +1689,6 @@ Symfony is the result of the work of many people who made the code better - Moritz Kraft (userfriendly) - Víctor Mateo (victormateo) - Vincent (vincent1870) - - Valentin Udaltsov (vudaltsov) - Eugene Babushkin (warl) - Wouter Sioen (wouter_sioen) - Xavier Amado (xamado) @@ -1702,6 +1710,7 @@ Symfony is the result of the work of many people who made the code better - Sergey Fedotov - Michael - fh-github@fholzhauer.de + - AbdElKader Bouadjadja - Jan Emrich - Mark Topper - Xavier REN From b30d34baf60f97d03548de60d7f22198f4ad0a2c Mon Sep 17 00:00:00 2001 From: Fabien Potencier Date: Tue, 1 Aug 2017 09:07:03 +0200 Subject: [PATCH 04/18] updated VERSION for 2.7.33 --- src/Symfony/Component/HttpKernel/Kernel.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/Symfony/Component/HttpKernel/Kernel.php b/src/Symfony/Component/HttpKernel/Kernel.php index 6221e16375..60ced9c9d6 100644 --- a/src/Symfony/Component/HttpKernel/Kernel.php +++ b/src/Symfony/Component/HttpKernel/Kernel.php @@ -58,12 +58,12 @@ abstract class Kernel implements KernelInterface, TerminableInterface protected $startTime; protected $loadClassCache; - const VERSION = '2.7.33-DEV'; + const VERSION = '2.7.33'; const VERSION_ID = 20733; const MAJOR_VERSION = 2; const MINOR_VERSION = 7; const RELEASE_VERSION = 33; - const EXTRA_VERSION = 'DEV'; + const EXTRA_VERSION = ''; const END_OF_MAINTENANCE = '05/2018'; const END_OF_LIFE = '05/2019'; From 8acbd12a24af4714a4c83d57bf766286a69a240c Mon Sep 17 00:00:00 2001 From: Fabien Potencier Date: Tue, 1 Aug 2017 09:21:40 +0200 Subject: [PATCH 05/18] bumped Symfony version to 2.7.34 --- src/Symfony/Component/HttpKernel/Kernel.php | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/src/Symfony/Component/HttpKernel/Kernel.php b/src/Symfony/Component/HttpKernel/Kernel.php index 60ced9c9d6..401a3626d8 100644 --- a/src/Symfony/Component/HttpKernel/Kernel.php +++ b/src/Symfony/Component/HttpKernel/Kernel.php @@ -58,12 +58,12 @@ abstract class Kernel implements KernelInterface, TerminableInterface protected $startTime; protected $loadClassCache; - const VERSION = '2.7.33'; - const VERSION_ID = 20733; + const VERSION = '2.7.34-DEV'; + const VERSION_ID = 20734; const MAJOR_VERSION = 2; const MINOR_VERSION = 7; - const RELEASE_VERSION = 33; - const EXTRA_VERSION = ''; + const RELEASE_VERSION = 34; + const EXTRA_VERSION = 'DEV'; const END_OF_MAINTENANCE = '05/2018'; const END_OF_LIFE = '05/2019'; From acd0af6d29c7e15d3c8dc53a14c2ed4bdef3a9e0 Mon Sep 17 00:00:00 2001 From: Fabien Potencier Date: Tue, 1 Aug 2017 11:05:00 +0200 Subject: [PATCH 06/18] updated CHANGELOG for 2.8.26 --- CHANGELOG-2.8.md | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/CHANGELOG-2.8.md b/CHANGELOG-2.8.md index a73a824d4c..5fdc52f111 100644 --- a/CHANGELOG-2.8.md +++ b/CHANGELOG-2.8.md @@ -7,6 +7,19 @@ in 2.8 minor versions. To get the diff for a specific change, go to https://github.com/symfony/symfony/commit/XXX where XXX is the change hash To get the diff between two versions, go to https://github.com/symfony/symfony/compare/v2.8.0...v2.8.1 +* 2.8.26 (2017-08-01) + + * bug #22244 [Console] Fix passing options with defaultCommand (Jakub Sacha) + * bug #23684 [Debug] Missing escape in debug output (c960657) + * bug #23662 [VarDumper] Adapt to php 7.2 changes (nicolas-grekas) + * bug #23649 [Form][TwigBridge] Don't render _method in form_rest() for a child form (fmarchalemisys) + * bug #23023 [DoctrineBridge][PropertyInfo] Added support for Doctrine Embeddables (vudaltsov) + * bug #23619 [Validator] Fix IbanValidator for ukrainian IBANs (paroe) + * bug #23238 [Security] ensure the 'route' index is set before attempting to use it (gsdevme) + * bug #23330 [WebProfilerBundle] Fix full sized dump hovering in toolbar (ogizanagi) + * bug #23580 Fix login redirect when referer contains a query string (fabpot) + * bug #23574 [VarDumper] Move locale sniffing to dump() time (nicolas-grekas) + * 2.8.25 (2017-07-17) * security #23507 [Security] validate empty passwords again (xabbuh) From d2e8f38a78a3028f15f4f86686003f9de780b7f0 Mon Sep 17 00:00:00 2001 From: Fabien Potencier Date: Tue, 1 Aug 2017 11:05:02 +0200 Subject: [PATCH 07/18] updated VERSION for 2.8.26 --- src/Symfony/Component/HttpKernel/Kernel.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/Symfony/Component/HttpKernel/Kernel.php b/src/Symfony/Component/HttpKernel/Kernel.php index 69d5dbdcee..118d67aaec 100644 --- a/src/Symfony/Component/HttpKernel/Kernel.php +++ b/src/Symfony/Component/HttpKernel/Kernel.php @@ -59,12 +59,12 @@ abstract class Kernel implements KernelInterface, TerminableInterface protected $startTime; protected $loadClassCache; - const VERSION = '2.8.26-DEV'; + const VERSION = '2.8.26'; const VERSION_ID = 20826; const MAJOR_VERSION = 2; const MINOR_VERSION = 8; const RELEASE_VERSION = 26; - const EXTRA_VERSION = 'DEV'; + const EXTRA_VERSION = ''; const END_OF_MAINTENANCE = '11/2018'; const END_OF_LIFE = '11/2019'; From 6f05bebe1f6829a964396de552e69cbb56d571f0 Mon Sep 17 00:00:00 2001 From: Fabien Potencier Date: Tue, 1 Aug 2017 11:29:28 +0200 Subject: [PATCH 08/18] bumped Symfony version to 2.8.27 --- src/Symfony/Component/HttpKernel/Kernel.php | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/src/Symfony/Component/HttpKernel/Kernel.php b/src/Symfony/Component/HttpKernel/Kernel.php index 118d67aaec..ff1dc40d15 100644 --- a/src/Symfony/Component/HttpKernel/Kernel.php +++ b/src/Symfony/Component/HttpKernel/Kernel.php @@ -59,12 +59,12 @@ abstract class Kernel implements KernelInterface, TerminableInterface protected $startTime; protected $loadClassCache; - const VERSION = '2.8.26'; - const VERSION_ID = 20826; + const VERSION = '2.8.27-DEV'; + const VERSION_ID = 20827; const MAJOR_VERSION = 2; const MINOR_VERSION = 8; - const RELEASE_VERSION = 26; - const EXTRA_VERSION = ''; + const RELEASE_VERSION = 27; + const EXTRA_VERSION = 'DEV'; const END_OF_MAINTENANCE = '11/2018'; const END_OF_LIFE = '11/2019'; From ce86449f814f45e95e089ccf28a1a8c53e175905 Mon Sep 17 00:00:00 2001 From: Valentin Date: Tue, 1 Aug 2017 18:09:35 +0300 Subject: [PATCH 09/18] Docblock improvement --- .../Component/Security/Guard/GuardAuthenticatorInterface.php | 1 + 1 file changed, 1 insertion(+) diff --git a/src/Symfony/Component/Security/Guard/GuardAuthenticatorInterface.php b/src/Symfony/Component/Security/Guard/GuardAuthenticatorInterface.php index fef4a04fb9..307d70f9e9 100644 --- a/src/Symfony/Component/Security/Guard/GuardAuthenticatorInterface.php +++ b/src/Symfony/Component/Security/Guard/GuardAuthenticatorInterface.php @@ -153,6 +153,7 @@ interface GuardAuthenticatorInterface extends AuthenticationEntryPointInterface * done by having a _remember_me checkbox in your form, but * can be configured by the "always_remember_me" and "remember_me_parameter" * parameters under the "remember_me" firewall key + * D) The onAuthenticationSuccess method returns a Response object * * @return bool */ From 2d79ffa0caac35839fc1be50f0d71139cce44bda Mon Sep 17 00:00:00 2001 From: Nicolas Grekas Date: Mon, 31 Jul 2017 15:17:36 +0200 Subject: [PATCH 10/18] [Bridge\ProxyManager] Dont call __destruct() on non-instantiated services --- .../LazyLoadingValueHolderFactoryV1.php | 31 ++++++++++++++ .../LazyLoadingValueHolderFactoryV2.php | 32 +++++++++++++++ .../Instantiator/RuntimeInstantiator.php | 6 ++- .../LazyLoadingValueHolderGenerator.php | 41 +++++++++++++++++++ .../LazyProxy/PhpDumper/ProxyDumper.php | 1 - .../Tests/LazyProxy/ContainerBuilderTest.php | 6 +++ .../Tests/LazyProxy/Fixtures/includes/foo.php | 7 ++++ 7 files changed, 122 insertions(+), 2 deletions(-) create mode 100644 src/Symfony/Bridge/ProxyManager/LazyProxy/Instantiator/LazyLoadingValueHolderFactoryV1.php create mode 100644 src/Symfony/Bridge/ProxyManager/LazyProxy/Instantiator/LazyLoadingValueHolderFactoryV2.php create mode 100644 src/Symfony/Bridge/ProxyManager/LazyProxy/PhpDumper/LazyLoadingValueHolderGenerator.php diff --git a/src/Symfony/Bridge/ProxyManager/LazyProxy/Instantiator/LazyLoadingValueHolderFactoryV1.php b/src/Symfony/Bridge/ProxyManager/LazyProxy/Instantiator/LazyLoadingValueHolderFactoryV1.php new file mode 100644 index 0000000000..3298b84d46 --- /dev/null +++ b/src/Symfony/Bridge/ProxyManager/LazyProxy/Instantiator/LazyLoadingValueHolderFactoryV1.php @@ -0,0 +1,31 @@ + + * + * For the full copyright and license information, please view the LICENSE + * file that was distributed with this source code. + */ + +namespace Symfony\Bridge\ProxyManager\LazyProxy\Instantiator; + +use ProxyManager\Factory\LazyLoadingValueHolderFactory as BaseFactory; +use Symfony\Bridge\ProxyManager\LazyProxy\PhpDumper\LazyLoadingValueHolderGenerator; + +/** + * @internal + */ +class LazyLoadingValueHolderFactoryV1 extends BaseFactory +{ + private $generatorV1; + + /** + * {@inheritdoc} + */ + protected function getGenerator() + { + return $this->generatorV1 ?: $this->generatorV1 = new LazyLoadingValueHolderGenerator(); + } +} diff --git a/src/Symfony/Bridge/ProxyManager/LazyProxy/Instantiator/LazyLoadingValueHolderFactoryV2.php b/src/Symfony/Bridge/ProxyManager/LazyProxy/Instantiator/LazyLoadingValueHolderFactoryV2.php new file mode 100644 index 0000000000..f41fc20b5d --- /dev/null +++ b/src/Symfony/Bridge/ProxyManager/LazyProxy/Instantiator/LazyLoadingValueHolderFactoryV2.php @@ -0,0 +1,32 @@ + + * + * For the full copyright and license information, please view the LICENSE + * file that was distributed with this source code. + */ + +namespace Symfony\Bridge\ProxyManager\LazyProxy\Instantiator; + +use ProxyManager\ProxyGenerator\ProxyGeneratorInterface; +use ProxyManager\Factory\LazyLoadingValueHolderFactory as BaseFactory; +use Symfony\Bridge\ProxyManager\LazyProxy\PhpDumper\LazyLoadingValueHolderGenerator; + +/** + * @internal + */ +class LazyLoadingValueHolderFactoryV2 extends BaseFactory +{ + private $generator; + + /** + * {@inheritdoc} + */ + protected function getGenerator(): ProxyGeneratorInterface + { + return $this->generator ?: $this->generator = new LazyLoadingValueHolderGenerator(); + } +} diff --git a/src/Symfony/Bridge/ProxyManager/LazyProxy/Instantiator/RuntimeInstantiator.php b/src/Symfony/Bridge/ProxyManager/LazyProxy/Instantiator/RuntimeInstantiator.php index 0101026794..33fc49e101 100644 --- a/src/Symfony/Bridge/ProxyManager/LazyProxy/Instantiator/RuntimeInstantiator.php +++ b/src/Symfony/Bridge/ProxyManager/LazyProxy/Instantiator/RuntimeInstantiator.php @@ -36,7 +36,11 @@ class RuntimeInstantiator implements InstantiatorInterface $config = new Configuration(); $config->setGeneratorStrategy(new EvaluatingGeneratorStrategy()); - $this->factory = new LazyLoadingValueHolderFactory($config); + if (method_exists('ProxyManager\Version', 'getVersion')) { + $this->factory = new LazyLoadingValueHolderFactoryV2($config); + } else { + $this->factory = new LazyLoadingValueHolderFactoryV1($config); + } } /** diff --git a/src/Symfony/Bridge/ProxyManager/LazyProxy/PhpDumper/LazyLoadingValueHolderGenerator.php b/src/Symfony/Bridge/ProxyManager/LazyProxy/PhpDumper/LazyLoadingValueHolderGenerator.php new file mode 100644 index 0000000000..1d9432f622 --- /dev/null +++ b/src/Symfony/Bridge/ProxyManager/LazyProxy/PhpDumper/LazyLoadingValueHolderGenerator.php @@ -0,0 +1,41 @@ + + * + * For the full copyright and license information, please view the LICENSE + * file that was distributed with this source code. + */ + +namespace Symfony\Bridge\ProxyManager\LazyProxy\PhpDumper; + +use ProxyManager\ProxyGenerator\LazyLoadingValueHolderGenerator as BaseGenerator; +use Zend\Code\Generator\ClassGenerator; + +/** + * @internal + */ +class LazyLoadingValueHolderGenerator extends BaseGenerator +{ + /** + * {@inheritdoc} + */ + public function generate(\ReflectionClass $originalClass, ClassGenerator $classGenerator) + { + parent::generate($originalClass, $classGenerator); + + if ($classGenerator->hasMethod('__destruct')) { + $destructor = $classGenerator->getMethod('__destruct'); + $body = $destructor->getBody(); + $newBody = preg_replace('/^(\$this->initializer[a-zA-Z0-9]++) && .*;\n\nreturn (\$this->valueHolder)/', '$1 || $2', $body); + + if ($body === $newBody) { + throw new \UnexpectedValueException(sprintf('Unexpected lazy-proxy format generated for method %s::__destruct()', $originalClass->name)); + } + + $destructor->setBody($newBody); + } + } +} diff --git a/src/Symfony/Bridge/ProxyManager/LazyProxy/PhpDumper/ProxyDumper.php b/src/Symfony/Bridge/ProxyManager/LazyProxy/PhpDumper/ProxyDumper.php index eb72a7d5d8..4079135850 100644 --- a/src/Symfony/Bridge/ProxyManager/LazyProxy/PhpDumper/ProxyDumper.php +++ b/src/Symfony/Bridge/ProxyManager/LazyProxy/PhpDumper/ProxyDumper.php @@ -13,7 +13,6 @@ namespace Symfony\Bridge\ProxyManager\LazyProxy\PhpDumper; use ProxyManager\Generator\ClassGenerator; use ProxyManager\GeneratorStrategy\BaseGeneratorStrategy; -use ProxyManager\ProxyGenerator\LazyLoadingValueHolderGenerator; use Symfony\Component\DependencyInjection\Container; use Symfony\Component\DependencyInjection\ContainerInterface; use Symfony\Component\DependencyInjection\Definition; diff --git a/src/Symfony/Bridge/ProxyManager/Tests/LazyProxy/ContainerBuilderTest.php b/src/Symfony/Bridge/ProxyManager/Tests/LazyProxy/ContainerBuilderTest.php index b634a69488..858e9d76b6 100644 --- a/src/Symfony/Bridge/ProxyManager/Tests/LazyProxy/ContainerBuilderTest.php +++ b/src/Symfony/Bridge/ProxyManager/Tests/LazyProxy/ContainerBuilderTest.php @@ -39,6 +39,9 @@ class ContainerBuilderTest extends TestCase /* @var $foo1 \ProxyManager\Proxy\LazyLoadingInterface|\ProxyManager\Proxy\ValueHolderInterface */ $foo1 = $builder->get('foo1'); + $foo1->__destruct(); + $this->assertSame(0, $foo1::$destructorCount); + $this->assertSame($foo1, $builder->get('foo1'), 'The same proxy is retrieved on multiple subsequent calls'); $this->assertInstanceOf('\ProxyManagerBridgeFooClass', $foo1); $this->assertInstanceOf('\ProxyManager\Proxy\LazyLoadingInterface', $foo1); @@ -50,5 +53,8 @@ class ContainerBuilderTest extends TestCase $this->assertTrue($foo1->isProxyInitialized()); $this->assertInstanceOf('\ProxyManagerBridgeFooClass', $foo1->getWrappedValueHolderValue()); $this->assertNotInstanceOf('\ProxyManager\Proxy\LazyLoadingInterface', $foo1->getWrappedValueHolderValue()); + + $foo1->__destruct(); + $this->assertSame(1, $foo1::$destructorCount); } } diff --git a/src/Symfony/Bridge/ProxyManager/Tests/LazyProxy/Fixtures/includes/foo.php b/src/Symfony/Bridge/ProxyManager/Tests/LazyProxy/Fixtures/includes/foo.php index 16c898a370..8ffc5be9af 100644 --- a/src/Symfony/Bridge/ProxyManager/Tests/LazyProxy/Fixtures/includes/foo.php +++ b/src/Symfony/Bridge/ProxyManager/Tests/LazyProxy/Fixtures/includes/foo.php @@ -2,6 +2,8 @@ class ProxyManagerBridgeFooClass { + public static $destructorCount = 0; + public $foo; public $moo; @@ -38,4 +40,9 @@ class ProxyManagerBridgeFooClass { $this->bar = $value; } + + public function __destruct() + { + ++self::$destructorCount; + } } From e5ef9fb74a5d17a7b5df184c08ad28a3ec1d5e21 Mon Sep 17 00:00:00 2001 From: Javier Eguiluz Date: Thu, 3 Aug 2017 22:11:44 +0200 Subject: [PATCH 11/18] Avoid infinite loops when profiler data is malformed --- .../HttpKernel/Profiler/FileProfilerStorage.php | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) diff --git a/src/Symfony/Component/HttpKernel/Profiler/FileProfilerStorage.php b/src/Symfony/Component/HttpKernel/Profiler/FileProfilerStorage.php index 29da4abf32..0450589910 100644 --- a/src/Symfony/Component/HttpKernel/Profiler/FileProfilerStorage.php +++ b/src/Symfony/Component/HttpKernel/Profiler/FileProfilerStorage.php @@ -144,11 +144,19 @@ class FileProfilerStorage implements ProfilerStorageInterface } } + $profileToken = $profile->getToken(); + // when there are errors in sub-requests, the parent and/or children tokens + // may equal the profile token, resulting in infinite loops + $parentToken = $profile->getParentToken() !== $profileToken ? $profile->getParentToken() : null; + $childrenToken = array_filter(array_map(function ($p) use ($profileToken) { + return $profileToken !== $p->getToken() ? $p->getToken() : null; + }, $profile->getChildren())); + // Store profile $data = array( - 'token' => $profile->getToken(), - 'parent' => $profile->getParentToken(), - 'children' => array_map(function ($p) { return $p->getToken(); }, $profile->getChildren()), + 'token' => $profileToken, + 'parent' => $parentToken, + 'children' => $childrenToken, 'data' => $profile->getCollectors(), 'ip' => $profile->getIp(), 'method' => $profile->getMethod(), From f6c83cf51877151f7eb1ad491f1fb7458733dc27 Mon Sep 17 00:00:00 2001 From: Maxime Steinhausser Date: Sun, 6 Aug 2017 13:40:38 +0200 Subject: [PATCH 12/18] [Security] Fix security.interactive_login event const doc block --- src/Symfony/Component/Security/Http/SecurityEvents.php | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/src/Symfony/Component/Security/Http/SecurityEvents.php b/src/Symfony/Component/Security/Http/SecurityEvents.php index 46c8257f18..3bd80723d1 100644 --- a/src/Symfony/Component/Security/Http/SecurityEvents.php +++ b/src/Symfony/Component/Security/Http/SecurityEvents.php @@ -14,8 +14,11 @@ namespace Symfony\Component\Security\Http; final class SecurityEvents { /** - * The INTERACTIVE_LOGIN event occurs after a user is logged in - * interactively for authentication based on http, cookies or X509. + * The INTERACTIVE_LOGIN event occurs after a user has actively logged + * into your website. It is important to distinguish this action from + * non-interactive authentication methods, such as: + * - authentication based on your session. + * - authentication using a HTTP basic or HTTP digest header. * * The event listener method receives a * Symfony\Component\Security\Http\Event\InteractiveLoginEvent instance. From 30eed995b4482f614b89c34853b82744c88c756b Mon Sep 17 00:00:00 2001 From: Maxime Steinhausser Date: Sun, 6 Aug 2017 14:05:07 +0200 Subject: [PATCH 13/18] Github template: Remove EOM 3.2 from branch suggestion --- .github/PULL_REQUEST_TEMPLATE.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/PULL_REQUEST_TEMPLATE.md b/.github/PULL_REQUEST_TEMPLATE.md index cb9b8a69c1..1bad363eca 100644 --- a/.github/PULL_REQUEST_TEMPLATE.md +++ b/.github/PULL_REQUEST_TEMPLATE.md @@ -1,6 +1,6 @@ | Q | A | ------------- | --- -| Branch? | 3.4 or master / 2.7, 2.8, 3.2 or 3.3 +| Branch? | 3.4 or master / 2.7, 2.8 or 3.3 | Bug fix? | yes/no | New feature? | yes/no | BC breaks? | yes/no From 29538b621c934358e3cf64a4c181a4d4c4fef6c1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=A9r=C3=A9my=20Deruss=C3=A9?= Date: Tue, 1 Aug 2017 22:29:59 +0200 Subject: [PATCH 14/18] Ignore memcached missing key error on dession destroy --- .../Session/Storage/Handler/MemcacheSessionHandler.php | 4 +++- .../Session/Storage/Handler/MemcachedSessionHandler.php | 4 +++- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/src/Symfony/Component/HttpFoundation/Session/Storage/Handler/MemcacheSessionHandler.php b/src/Symfony/Component/HttpFoundation/Session/Storage/Handler/MemcacheSessionHandler.php index 962a3878d9..4e490a05d4 100644 --- a/src/Symfony/Component/HttpFoundation/Session/Storage/Handler/MemcacheSessionHandler.php +++ b/src/Symfony/Component/HttpFoundation/Session/Storage/Handler/MemcacheSessionHandler.php @@ -95,7 +95,9 @@ class MemcacheSessionHandler implements \SessionHandlerInterface */ public function destroy($sessionId) { - return $this->memcache->delete($this->prefix.$sessionId); + $this->memcache->delete($this->prefix.$sessionId); + + return true; } /** diff --git a/src/Symfony/Component/HttpFoundation/Session/Storage/Handler/MemcachedSessionHandler.php b/src/Symfony/Component/HttpFoundation/Session/Storage/Handler/MemcachedSessionHandler.php index 76b08e2db9..67a49ad6f5 100644 --- a/src/Symfony/Component/HttpFoundation/Session/Storage/Handler/MemcachedSessionHandler.php +++ b/src/Symfony/Component/HttpFoundation/Session/Storage/Handler/MemcachedSessionHandler.php @@ -101,7 +101,9 @@ class MemcachedSessionHandler implements \SessionHandlerInterface */ public function destroy($sessionId) { - return $this->memcached->delete($this->prefix.$sessionId); + $result = $this->memcached->delete($this->prefix.$sessionId); + + return $result || $this->memcached->getResultCode() == \Memcached::RES_NOTFOUND; } /** From dd8622915d1decc1fdf52aad8d45ff9ff513ec5c Mon Sep 17 00:00:00 2001 From: Nicolas Grekas Date: Tue, 8 Aug 2017 19:11:20 +0200 Subject: [PATCH 15/18] [DI] Fix some docblocks --- .../DependencyInjection/ContainerBuilder.php | 4 ++-- .../DependencyInjection/Definition.php | 22 ++++++++++++++++++- 2 files changed, 23 insertions(+), 3 deletions(-) diff --git a/src/Symfony/Component/DependencyInjection/ContainerBuilder.php b/src/Symfony/Component/DependencyInjection/ContainerBuilder.php index 5bafa94398..c1a2ee85c4 100644 --- a/src/Symfony/Component/DependencyInjection/ContainerBuilder.php +++ b/src/Symfony/Component/DependencyInjection/ContainerBuilder.php @@ -710,8 +710,8 @@ class ContainerBuilder extends Container implements TaggedContainerInterface * This methods allows for simple registration of service definition * with a fluid interface. * - * @param string $id The service identifier - * @param string $class The service class + * @param string $id The service identifier + * @param string $class|null The service class * * @return Definition A Definition instance */ diff --git a/src/Symfony/Component/DependencyInjection/Definition.php b/src/Symfony/Component/DependencyInjection/Definition.php index aa76c96805..cad6398f7f 100644 --- a/src/Symfony/Component/DependencyInjection/Definition.php +++ b/src/Symfony/Component/DependencyInjection/Definition.php @@ -257,6 +257,13 @@ class Definition return $this; } + /** + * Sets the properties to define when creating the service. + * + * @param array $properties + * + * @return $this + */ public function setProperties(array $properties) { $this->properties = $properties; @@ -264,11 +271,24 @@ class Definition return $this; } + /** + * Gets the properties to define when creating the service. + * + * @return array + */ public function getProperties() { return $this->properties; } + /** + * Sets a specific property. + * + * @param string $name + * @param mixed $value + * + * @return $this + */ public function setProperty($name, $value) { $this->properties[$name] = $value; @@ -291,7 +311,7 @@ class Definition } /** - * Sets a specific argument. + * Replaces a specific argument. * * @param int $index * @param mixed $argument From f876fd925374ad84c6284e9066f72b5544c33df7 Mon Sep 17 00:00:00 2001 From: Maxime Steinhausser Date: Wed, 9 Aug 2017 12:24:19 +0200 Subject: [PATCH 16/18] [DebugBundle] Reword an outdated comment about var dumper wiring --- src/Symfony/Bundle/DebugBundle/DebugBundle.php | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/src/Symfony/Bundle/DebugBundle/DebugBundle.php b/src/Symfony/Bundle/DebugBundle/DebugBundle.php index 335ec5abd2..b00c06af78 100644 --- a/src/Symfony/Bundle/DebugBundle/DebugBundle.php +++ b/src/Symfony/Bundle/DebugBundle/DebugBundle.php @@ -27,8 +27,10 @@ class DebugBundle extends Bundle $container = $this->container; // This code is here to lazy load the dump stack. This default - // configuration for CLI mode is overridden in HTTP mode on - // 'kernel.request' event + // configuration is overridden in CLI mode on 'console.command' event. + // The dump data collector is used by default, so dump output is sent to + // the WDT. In a CLI context, if dump is used too soon, the data collector + // will buffer it, and release it at the end of the script. VarDumper::setHandler(function ($var) use ($container) { $dumper = $container->get('data_collector.dump'); $cloner = $container->get('var_dumper.cloner'); From 2309fd91d882a2570e7caf4a4c5f6bbae898784a Mon Sep 17 00:00:00 2001 From: Sam Partington Date: Tue, 8 Aug 2017 11:23:31 +0100 Subject: [PATCH 17/18] [2.8] Modify 2.8 upgrade doc - key option is deprecated. --- UPGRADE-2.8.md | 89 ++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 89 insertions(+) diff --git a/UPGRADE-2.8.md b/UPGRADE-2.8.md index 1d299af3e6..cf3edac756 100644 --- a/UPGRADE-2.8.md +++ b/UPGRADE-2.8.md @@ -546,6 +546,95 @@ Security * The `VoterInterface::supportsClass` and `supportsAttribute` methods were deprecated and will be removed from the interface in 3.0. + + * The the `key` setting of `anonymous`, `remember_me` and `http_digest` + is deprecated, and will be removed in 3.0. Use `secret` instead. + + Before: + + ```yaml + security: + # ... + firewalls: + default: + # ... + anonymous: { key: "%secret%" } + remember_me: + key: "%secret%" + http_digest: + key: "%secret%" + ``` + + ```xml + + + + + + + + + + + + + ``` + + ```php + // ... + $container->loadFromExtension('security', array( + // ... + 'firewalls' => array( + // ... + 'anonymous' => array('key' => '%secret%'), + 'remember_me' => array('key' => '%secret%'), + 'http_digest' => array('key' => '%secret%'), + ), + )); + ``` + + After: + + ```yaml + security: + # ... + firewalls: + default: + # ... + anonymous: { secret: "%secret%" } + remember_me: + secret: "%secret%" + http_digest: + secret: "%secret%" + ``` + + ```xml + + + + + + + + + + + + + ``` + + ```php + // ... + $container->loadFromExtension('security', array( + // ... + 'firewalls' => array( + // ... + 'anonymous' => array('secret' => '%secret%'), + 'remember_me' => array('secret' => '%secret%'), + 'http_digest' => array('secret' => '%secret%'), + ), + )); + ``` * The `intention` option is deprecated for all the authentication listeners, and will be removed in 3.0. Use the `csrf_token_id` option instead. From 4879eb4f362fa077e237548dcc55db347a095820 Mon Sep 17 00:00:00 2001 From: Fabien Potencier Date: Thu, 10 Aug 2017 08:50:59 +0200 Subject: [PATCH 18/18] fixed CS --- UPGRADE-2.8.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/UPGRADE-2.8.md b/UPGRADE-2.8.md index cf3edac756..64a31dde75 100644 --- a/UPGRADE-2.8.md +++ b/UPGRADE-2.8.md @@ -546,11 +546,11 @@ Security * The `VoterInterface::supportsClass` and `supportsAttribute` methods were deprecated and will be removed from the interface in 3.0. - - * The the `key` setting of `anonymous`, `remember_me` and `http_digest` - is deprecated, and will be removed in 3.0. Use `secret` instead. - - Before: + + * The `key` setting of `anonymous`, `remember_me` and `http_digest` is + deprecated, and will be removed in 3.0. Use `secret` instead. + + Before: ```yaml security: