From d703784d1f2d4c5acdfd3b1846affaf20bde05a7 Mon Sep 17 00:00:00 2001 From: Fabien Potencier Date: Wed, 28 Sep 2016 10:11:47 -0700 Subject: [PATCH] [FrameworkBundle] removed the Security Core and Security CSRF component dependencies on FrameworkBundle --- UPGRADE-3.2.md | 4 ++++ src/Symfony/Bundle/FrameworkBundle/CHANGELOG.md | 1 + .../DependencyInjection/FrameworkExtension.php | 4 ++++ src/Symfony/Bundle/FrameworkBundle/composer.json | 4 ++-- 4 files changed, 11 insertions(+), 2 deletions(-) diff --git a/UPGRADE-3.2.md b/UPGRADE-3.2.md index d3488ce0d3..60cad89c7a 100644 --- a/UPGRADE-3.2.md +++ b/UPGRADE-3.2.md @@ -4,6 +4,10 @@ UPGRADE FROM 3.1 to 3.2 FrameworkBundle --------------- + * The `symfony/security-core` and `symfony/security-csrf` dependencies have + been removed; require them via `composer require symfony/security-core + symfony/security-csrf` if you depend on them and don't already depend on + `symfony/symfony` * The `symfony/asset` dependency has been removed; require it via `composer require symfony/asset` if you depend on it and don't already depend on `symfony/symfony` diff --git a/src/Symfony/Bundle/FrameworkBundle/CHANGELOG.md b/src/Symfony/Bundle/FrameworkBundle/CHANGELOG.md index ec9447cf4a..f484d57652 100644 --- a/src/Symfony/Bundle/FrameworkBundle/CHANGELOG.md +++ b/src/Symfony/Bundle/FrameworkBundle/CHANGELOG.md @@ -4,6 +4,7 @@ CHANGELOG 3.2.0 ----- + * Removed `symfony/security-core` and `symfony/security-csrf` from the list of required dependencies in `composer.json` * Removed `symfony/asset` from the list of required dependencies in `composer.json` * The `Resources/public/images/*` files have been removed. * The `Resources/public/css/*.css` files have been removed (they are now inlined in TwigBundle). diff --git a/src/Symfony/Bundle/FrameworkBundle/DependencyInjection/FrameworkExtension.php b/src/Symfony/Bundle/FrameworkBundle/DependencyInjection/FrameworkExtension.php index 00714cbc96..670776e143 100644 --- a/src/Symfony/Bundle/FrameworkBundle/DependencyInjection/FrameworkExtension.php +++ b/src/Symfony/Bundle/FrameworkBundle/DependencyInjection/FrameworkExtension.php @@ -1006,6 +1006,10 @@ class FrameworkExtension extends Extension return; } + if (!class_exists('Symfony\Component\Security\Csrf\CsrfToken')) { + throw new LogicException('CSRF support cannot be enabled as the Security CSRF component is not installed.'); + } + if (!$this->sessionConfigEnabled) { throw new \LogicException('CSRF protection needs sessions to be enabled.'); } diff --git a/src/Symfony/Bundle/FrameworkBundle/composer.json b/src/Symfony/Bundle/FrameworkBundle/composer.json index c461e975b9..01480bcdc2 100644 --- a/src/Symfony/Bundle/FrameworkBundle/composer.json +++ b/src/Symfony/Bundle/FrameworkBundle/composer.json @@ -28,8 +28,6 @@ "symfony/filesystem": "~2.8|~3.0", "symfony/finder": "~2.8|~3.0", "symfony/routing": "~3.0", - "symfony/security-core": "~3.2", - "symfony/security-csrf": "~2.8|~3.0", "symfony/stopwatch": "~2.8|~3.0", "symfony/templating": "~2.8|~3.0", "symfony/translation": "~2.8|~3.0", @@ -47,6 +45,8 @@ "symfony/form": "~2.8|~3.0", "symfony/expression-language": "~2.8|~3.0", "symfony/process": "~2.8|~3.0", + "symfony/security-core": "~3.2", + "symfony/security-csrf": "~2.8|~3.0", "symfony/serializer": "~2.8|~3.0", "symfony/validator": "~3.2", "symfony/yaml": "~3.2",