diff --git a/UPDATE.md b/UPDATE.md
index 3a5917dc0b..d2181ef418 100644
--- a/UPDATE.md
+++ b/UPDATE.md
@@ -9,6 +9,20 @@ timeline closely anyway.
PR12 to beta1
-------------
+* The CSRF secret configuration has been moved to a mandatory global `secret`
+ setting (as the secret is now used for everything and not just CSRF):
+
+ Before:
+
+ framework:
+ csrf_protection:
+ secret: S3cr3t
+
+ After:
+
+ framework:
+ secret: S3cr3t
+
* The `File::getWebPath()` and `File::rename()` methods have been removed, as
well as the `framework.document_root` configuration setting.
diff --git a/src/Symfony/Bundle/AsseticBundle/Tests/Resources/config/config.yml b/src/Symfony/Bundle/AsseticBundle/Tests/Resources/config/config.yml
index bbc87b4daa..e0521cbf73 100644
--- a/src/Symfony/Bundle/AsseticBundle/Tests/Resources/config/config.yml
+++ b/src/Symfony/Bundle/AsseticBundle/Tests/Resources/config/config.yml
@@ -1,9 +1,9 @@
framework:
charset: UTF-8
error_handler: null
+ secret: xxxxxxxxxx
csrf_protection:
enabled: true
- secret: xxxxxxxxxx
router: { resource: "%kernel.root_dir%/config/routing.yml" }
validation: { enabled: true, annotations: true }
templating: { engines: ['twig', 'php'] }
diff --git a/src/Symfony/Bundle/FrameworkBundle/DependencyInjection/Configuration.php b/src/Symfony/Bundle/FrameworkBundle/DependencyInjection/Configuration.php
index d9e39a3909..647043c514 100644
--- a/src/Symfony/Bundle/FrameworkBundle/DependencyInjection/Configuration.php
+++ b/src/Symfony/Bundle/FrameworkBundle/DependencyInjection/Configuration.php
@@ -39,6 +39,7 @@ class Configuration implements ConfigurationInterface
->children()
->scalarNode('cache_warmer')->defaultValue(!$this->debug)->end()
->scalarNode('charset')->end()
+ ->scalarNode('secret')->isRequired()->end()
->scalarNode('error_handler')->end()
->scalarNode('exception_controller')->defaultValue('Symfony\\Bundle\\FrameworkBundle\\Controller\\ExceptionController::showAction')->end()
->scalarNode('ide')->defaultNull()->end()
@@ -69,7 +70,6 @@ class Configuration implements ConfigurationInterface
->children()
->booleanNode('enabled')->defaultTrue()->end()
->scalarNode('field_name')->defaultValue('_token')->end()
- ->scalarNode('secret')->defaultValue('secret')->end()
->end()
->end()
->end()
diff --git a/src/Symfony/Bundle/FrameworkBundle/DependencyInjection/FrameworkExtension.php b/src/Symfony/Bundle/FrameworkBundle/DependencyInjection/FrameworkExtension.php
index a95bf273aa..5c42d5d30d 100644
--- a/src/Symfony/Bundle/FrameworkBundle/DependencyInjection/FrameworkExtension.php
+++ b/src/Symfony/Bundle/FrameworkBundle/DependencyInjection/FrameworkExtension.php
@@ -65,6 +65,8 @@ class FrameworkExtension extends Extension
$container->setParameter('kernel.charset', $config['charset']);
}
+ $container->setParameter('kernel.secret', $config['secret']);
+
if (isset($config['error_handler'])) {
if (false === $config['error_handler']) {
$container->getDefinition('error_handler')->setMethodCalls(array());
@@ -157,8 +159,6 @@ class FrameworkExtension extends Extension
*/
private function registerCsrfProtectionConfiguration(array $config, ContainerBuilder $container)
{
- $container->getDefinition('form.csrf_provider')->replaceArgument(1, $config['secret']);
-
// FIXME: those are not used
$container->setParameter('form.csrf_protection.field_name', $config['field_name']);
$container->setParameter('form.csrf_protection.enabled', $config['enabled']);
diff --git a/src/Symfony/Bundle/FrameworkBundle/Resources/config/form.xml b/src/Symfony/Bundle/FrameworkBundle/Resources/config/form.xml
index 907d9bb0a8..7b2b4b7731 100644
--- a/src/Symfony/Bundle/FrameworkBundle/Resources/config/form.xml
+++ b/src/Symfony/Bundle/FrameworkBundle/Resources/config/form.xml
@@ -9,9 +9,7 @@
Symfony\Component\Form\FormFactory
Symfony\Component\Form\Extension\Validator\ValidatorTypeGuesser
Symfony\Component\Form\Extension\Csrf\CsrfProvider\SessionCsrfProvider
-
Symfony\Component\HttpFoundation\File\SessionBasedTemporaryStorage
- abcdef
@@ -56,13 +54,13 @@
-
+ %kernel.secret%
- %file.temporary_storage.secret%
+ %kernel.secret%
%kernel.cache_dir%/upload
diff --git a/src/Symfony/Bundle/FrameworkBundle/Resources/config/schema/symfony-1.0.xsd b/src/Symfony/Bundle/FrameworkBundle/Resources/config/schema/symfony-1.0.xsd
index 41714f8fcc..bdc3addf80 100644
--- a/src/Symfony/Bundle/FrameworkBundle/Resources/config/schema/symfony-1.0.xsd
+++ b/src/Symfony/Bundle/FrameworkBundle/Resources/config/schema/symfony-1.0.xsd
@@ -24,6 +24,7 @@
+
@@ -37,7 +38,6 @@
-
diff --git a/src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/Fixtures/php/full.php b/src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/Fixtures/php/full.php
index c91c531cae..b11be834f4 100644
--- a/src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/Fixtures/php/full.php
+++ b/src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/Fixtures/php/full.php
@@ -1,10 +1,10 @@
loadFromExtension('framework', array(
+ 'secret' => 's3cr3t',
'csrf_protection' => array(
'enabled' => true,
'field_name' => '_csrf',
- 'secret' => 's3cr3t',
),
'esi' => array(
'enabled' => true,
diff --git a/src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/Fixtures/php/validation_annotations.php b/src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/Fixtures/php/validation_annotations.php
index 765a00868f..4268fbe35c 100644
--- a/src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/Fixtures/php/validation_annotations.php
+++ b/src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/Fixtures/php/validation_annotations.php
@@ -1,6 +1,7 @@
loadFromExtension('framework', array(
+ 'secret' => 's3cr3t',
'validation' => array(
'enabled' => true,
'annotations' => array(
diff --git a/src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/Fixtures/xml/full.xml b/src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/Fixtures/xml/full.xml
index 2c418a662c..e4071758f9 100644
--- a/src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/Fixtures/xml/full.xml
+++ b/src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/Fixtures/xml/full.xml
@@ -6,8 +6,8 @@
xsi:schemaLocation="http://symfony.com/schema/dic/services http://symfony.com/schema/dic/services/services-1.0.xsd
http://symfony.com/schema/dic/symfony http://symfony.com/schema/dic/symfony/symfony-1.0.xsd">
-
-
+
+
diff --git a/src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/Fixtures/xml/validation_annotations.xml b/src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/Fixtures/xml/validation_annotations.xml
index 8980e16a3b..191daf6181 100644
--- a/src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/Fixtures/xml/validation_annotations.xml
+++ b/src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/Fixtures/xml/validation_annotations.xml
@@ -6,7 +6,7 @@
xsi:schemaLocation="http://symfony.com/schema/dic/services http://symfony.com/schema/dic/services/services-1.0.xsd
http://symfony.com/schema/dic/symfony http://symfony.com/schema/dic/symfony/symfony-1.0.xsd">
-
+
Application\Validator\Constraints\
diff --git a/src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/Fixtures/yml/full.yml b/src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/Fixtures/yml/full.yml
index 702f6abede..028cb7adf7 100644
--- a/src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/Fixtures/yml/full.yml
+++ b/src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/Fixtures/yml/full.yml
@@ -1,8 +1,8 @@
framework:
+ secret: s3cr3t
csrf_protection:
enabled: true
field_name: _csrf
- secret: s3cr3t
esi:
enabled: true
profiler:
diff --git a/src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/Fixtures/yml/validation_annotations.yml b/src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/Fixtures/yml/validation_annotations.yml
index dc4fc7bcc7..345808c689 100644
--- a/src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/Fixtures/yml/validation_annotations.yml
+++ b/src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/Fixtures/yml/validation_annotations.yml
@@ -1,4 +1,5 @@
framework:
+ secret: s3cr3t
validation:
enabled: true
annotations:
diff --git a/src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/FrameworkExtensionTest.php b/src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/FrameworkExtensionTest.php
index b1df76fbf3..e717852bf0 100644
--- a/src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/FrameworkExtensionTest.php
+++ b/src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/FrameworkExtensionTest.php
@@ -27,7 +27,7 @@ abstract class FrameworkExtensionTest extends TestCase
$this->assertTrue($container->getParameter('form.csrf_protection.enabled'));
$this->assertEquals('_csrf', $container->getParameter('form.csrf_protection.field_name'));
$arguments = $container->findDefinition('form.csrf_provider')->getArguments();
- $this->assertEquals('s3cr3t', $arguments[1]);
+ $this->assertEquals('s3cr3t', $container->getParameterBag()->resolveValue($arguments[1]));
}
public function testEsi()