From 60a0c4bf91f912b6ac17351d158091adb0c0a7a6 Mon Sep 17 00:00:00 2001
From: Robin Chalas <robin.chalas@gmail.com>
Date: Mon, 16 Jan 2017 16:44:34 +0100
Subject: [PATCH 1/2] [Serializer] Add missing conflict for property-info<3.1

---
 src/Symfony/Component/Serializer/composer.json | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/Symfony/Component/Serializer/composer.json b/src/Symfony/Component/Serializer/composer.json
index 01fc76bab5..6c2137829e 100644
--- a/src/Symfony/Component/Serializer/composer.json
+++ b/src/Symfony/Component/Serializer/composer.json
@@ -30,7 +30,8 @@
         "phpdocumentor/reflection-docblock": "~3.0"
     },
     "conflict": {
-        "symfony/property-access": ">=3.0,<3.0.4|>=2.8,<2.8.4"
+        "symfony/property-access": ">=3.0,<3.0.4|>=2.8,<2.8.4",
+        "symfony/property-info": "<3.1"
     },
     "suggest": {
         "psr/cache-implementation": "For using the metadata cache.",

From bc1f084c4bd58798c11312cb55a98c9181960406 Mon Sep 17 00:00:00 2001
From: Christophe Coevoet <stof@notk.org>
Date: Tue, 24 Jan 2017 10:22:35 +0100
Subject: [PATCH 2/2] Fix double escaping of the decision attributes in the
 profiler

A ternary operator is considered safe by the Twig auto-escaping only when
both branches are safe. But this ternary was safe only in the ELSE branch,
causing it to be unsafe. This triggered a double-escaping of the value
(escaping the output of the dump). The fix is to use a {% if %} and 2 separate
output statements, allowing them to be auto-escaped separately.
---
 .../Resources/views/Collector/security.html.twig          | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/src/Symfony/Bundle/SecurityBundle/Resources/views/Collector/security.html.twig b/src/Symfony/Bundle/SecurityBundle/Resources/views/Collector/security.html.twig
index 3830e924a1..073d0d869d 100644
--- a/src/Symfony/Bundle/SecurityBundle/Resources/views/Collector/security.html.twig
+++ b/src/Symfony/Bundle/SecurityBundle/Resources/views/Collector/security.html.twig
@@ -257,7 +257,13 @@
                                 : '<span class="label status-error same-width">DENIED</span>'
                             }}
                         </td>
-                        <td>{{ decision.attributes|length == 1 ? decision.attributes|first : profiler_dump(decision.attributes) }}</td>
+                        <td>
+                            {% if decision.attributes|length == 1 %}
+                                {{ decision.attributes|first }}
+                            {% else %}
+                                {{ profiler_dump(decision.attributes) }}
+                            {% endif %}
+                        </td>
                         <td>{{ profiler_dump(decision.object) }}</td>
                     </tr>
                 {% endfor %}