Commits
-------
908a7a3 [HttpFoundation] Fix bug in clearCookie/removeCookie not clearing cookies set with a default '/' path, unless it was explicitly specified
Discussion
----------
[HttpFoundation] Fix bug in clearCookie/removeCookie not clearing cookies
[HttpFoundation] Fix bug in clearCookie/removeCookie not clearing cookies set with a default '/' path, unless it was explicitly specified
---------------------------------------------------------------------------
by Seldaek at 2011/08/02 10:31:44 -0700
The reason is that Cookie::__construct defaults to '/' btw, so if you don't specify it, and then call clearCookie without specifying again, the paths don't match.
---------------------------------------------------------------------------
by Koc at 2011/08/07 00:06:13 -0700
I think that correctrly use base path. Is it possible?
For example we have 2 apps
* site.com/app1/index.php
* site.com/app2/index.php
and app2 will remove cookies of app1
---------------------------------------------------------------------------
by Seldaek at 2011/08/07 02:58:10 -0700
IMO if people want that they should specify the path manually, by default cookies are always set for the entire host and I think it should stay like that.
---------------------------------------------------------------------------
by Koc at 2011/08/07 04:26:47 -0700
It is hard to specify path manually everywhere when set/remove cookies.
---------------------------------------------------------------------------
by Seldaek at 2011/09/27 07:01:43 -0700
@fabpot: ping? You said this was ok, but it was never merged.
Commits
-------
022a9a7 [Security] Make saving target_path extendible
Discussion
----------
[Security] Make saving target_path extendible
The problem lies in how Security component handles ``target_path`` - the latest request URI is always stored. This can lead to problems in following scenarios:
a) The response type of the request is not HTML (think JSON, XML ..)
b) The URI matches a route that does not listen to HTTP GET
I opened a [PR](https://github.com/symfony/symfony/pull/604) months ago, to partly solve scenario A, which did not make it. Now I am proposing a different solution - user can extend ``ExceptionListener`` and override the logic behind setting the ``target_path`` to match his precise needs.
In my simplified scenario, I would be using:
```
protected function setTargetPath(Request $request)
{
if ($request->isXmlHttpRequest() || 'GET' !== $request->getMethod()) {
return;
}
$request->getSession()->set('_security.target_path', $request->getUri());
}
```
@Seldaek, @schmittjoh, @lsmith77, thoughts?
---------------------------------------------------------------------------
by Seldaek at 2011/09/21 02:37:02 -0700
Seems like a better solution for flexibility's sake. Would be quite awesome if you could add a cookbook entry to symfony/symfony-docs about this, otherwise I'm afraid we'll have to explain it over and over again :)
---------------------------------------------------------------------------
by helmer at 2011/09/21 03:38:57 -0700
[Cookbook](b22c5e666e) entry done. Perhaps though I rushed ahead ..
---------------------------------------------------------------------------
by Seldaek at 2011/09/21 03:52:01 -0700
Thanks. You can already do a pull request against symfony-docs, just reference this pull request in it so it's not merged before this is merged.
Commits
-------
95dc7e1 Fixed fourth argument of Filesystem->mirror()
Discussion
----------
Fixed fourth argument of Filesystem->mirror()
See #2027 and #2033 for discussion.
@fabpot said that we don't want to use symlink at all on Windows so if this is confirmed, we should also change ``Filesystem->symlink()`` implementation.
---------------------------------------------------------------------------
by alexandresalome at 2011/09/16 08:29:40 -0700
Tested on Windows, OK for me
* EvanK-patch-1:
Per the [documentation][1], the `NotBlank` constraint should be using the `empty` language construct, otherwise it will not trigger on, for example, a boolean false from an unchecked checkbox field.
Doctrine caches annotations. For methods, it uses PHP reflection and the getDeclaringClass() to create
a unique cache key. Unfortunately, if you have 2 classes that extend another one, the cache will be shared.
It's not a problem except that before this patch, the default route name was also cached (as the cache is serialized
after we changed the object). So, all other classes inherited this default route name. The fix is quite easy:
just don't change the read annotation object.
Commits
-------
020fa51 [RedirectResponse] Added missing `doctype` and `title` tag
Discussion
----------
[RedirectResponse] Added missing `doctype` and `title` tag
* domcrawler-disabled-fields:
[DomCrawler] fixed disabled fields in forms (they are available in the DOM, but their values are not submitted -- whereas before, they were simply removed from the DOM)
$node->hasAttribute('disabled') sf2 should not create disagreement between implementation and practice for a crawler. If sahi real browser can find an element that is disabled, then sf2 should too. https://github.com/Behat/Mink/pull/58#issuecomment-1712459
Commits
-------
8a980bd $node->hasAttribute('disabled') sf2 should not create disagreement between implementation and practice for a crawler. If sahi real browser can find an element that is disabled, then sf2 should too. https://github.com/Behat/Mink/pull/58#issuecomment-1712459
Discussion
----------
$node->hasAttribute('disabled') sf2 should not create disagreement betwee
$node->hasAttribute('disabled') sf2 should not create disagreement between implementation and practice for a crawler. If sahi real browser can find an element that is disabled, then sf2 should too.
https://github.com/Behat/Mink/pull/58#issuecomment-1712459
---------------------------------------------------------------------------
by cordoval at 2011/08/09 20:34:56 -0700
@fabpot please let me know if this is going to be in sometime soon or not, just wondering why it is deviating ...
---------------------------------------------------------------------------
by fabpot at 2011/08/23 01:11:42 -0700
I have just checked in a browser and the Symfony2 implementation is actually the right one.
Try this in a browser:
<form action='#' method="post">
<input name="foo" disabled="disabled" value="foo" />
<input name="bar" value="bar" />
<input type="submit" />
</form>
<?php
print_r($_POST);
// output: Array ( [bar] => bar ) when the form is submitted
And here is the discussion about it in the HTML4 spec: http://www.w3.org/TR/html4/interact/forms.html#h-17.12:
"In this example, the INPUT element is disabled. Therefore, it cannot receive user input nor will its value be submitted with the form."
And the same is tru for HTML5: http://www.w3.org/TR/html5/association-of-controls-and-forms.html#constructing-form-data-set
---------------------------------------------------------------------------
by cordoval at 2011/08/23 01:29:53 -0700
@fabpot I guess you got my scenario wrong. I am not trying to submit any form. I am just happen to have a disabled box that is checked and I want to read with the DOM Crawler that is checked. Not to submit or anything but for the purposes of testing.
Please consider also that this request comes from asserting values using behat mink, mink is fully dependent on sf2 driver for when it is used except it is told to use a different driver like a real browser like sahi. When testing in chrome and firefox, the verification with the DOM is made that the disabled box is checked properly. Symfony2 DOM Crawler however misses that spot for that use.
Even in the case where Symfony2 DOM Crawler component would have been thought not for this purpose of testing, or further for this particular scenario it would be good to make it more reusable for this kind of scenario.
Just saying....
---------------------------------------------------------------------------
by fabpot at 2011/08/23 02:00:34 -0700
Indeed, I didn't get your issue right. So, basically, all fields should be in the form, but the disabled field values should not be submitted (that makes sense).
I've prepared a fix in this patch: e8852586073bc23d4a41f4cd9cbe0d17a2f0c76d which is in the symfony/domcrawler-disabled-fields branch for now as I don't know if we can make this change in 2.0 or if we need to put it in 2.1.
---------------------------------------------------------------------------
by cordoval at 2011/08/23 02:15:01 -0700
oh no I was hoping to enter the authors, you already did the fix :'(
Commits
-------
e9d2a67 CS
3a64b08 Search in others user providers when a user is not found in the first user provider and throws the right exception.
Discussion
----------
Chain user provider doesn't search in all user providers
I commit these changes because Chain user provider doesn't search in all user providers.
Example with the Acme/DemoBundle:
// security.yml
...
providers:
chain_provider:
providers: [in_memory, in_memory_extend]
in_memory_extend:
users:
admin2: { password: adminpass2, roles: [ 'ROLE_ADMIN' ] }
in_memory:
users:
user: { password: userpass, roles: [ 'ROLE_USER' ] }
...
firewalls:
...
secured_area:
pattern: ^/demo/secured/
provider: chain_provider OR in_memory_extend
...
We can see these logs :
security.INFO: User "admin2" has been authenticated successfully [] []
security.DEBUG: Write SecurityContext in the session [] []
security.DEBUG: Read SecurityContext from the session [] []
security.DEBUG: Reloading user from user provider. [] []
security.WARNING: Username "admin2" could not be found. [] []
The new code search in others user providers when a user is not found in the first user provider and throws the right exception.
---------------------------------------------------------------------------
by lsmith77 at 2011/08/14 12:20:04 -0700
I wonder if it should be a provider option to continue on a failed user lookup. I can see cases where you really dont want to iterate over all providers and others where you do.
---------------------------------------------------------------------------
by Abhoryo at 2011/08/14 17:27:16 -0700
If someone need a provider like you describe, he can create one.
Here we talk about a chain user provider.
Doc : [using-multiple-user-providers](http://symfony.com/doc/current/book/security.html#using-multiple-user-providers)
We can read in the doc: "The chain_provider will, in turn, try to load the user from both the in_memory and user_db providers."
But its not the case right now.
Commits
-------
c29fa9d [Form] Fix for treatment zero as empty data. Closes#1986
Discussion
----------
[Form] Fix for treatment zero as empty data. Closes#1986
For more info please read #1986.
Commits
-------
8d48cea [EventDispatcher] Change the license of EventDispatcher from LGPL to MIT
Discussion
----------
[EventDispatcher] Change the license of EventDispatcher from LGPL to MIT
It was previously agreed to re-license the Doctrine2 based
EventDispatcher refactoring to use the MIT license. However, the files
still retain the LGPL license notice.
This commit changes the license to MIT.
---------------------------------------------------------------------------
by fabpot at 2011/08/21 05:55:00 -0700
That's right but I would prefer that the PR comes from someone of the Doctrine core team like @beberlei or @jwage.
---------------------------------------------------------------------------
by fabpot at 2011/08/21 05:55:28 -0700
or at least, they can perhaps acknowledge this PR.
---------------------------------------------------------------------------
by beberlei at 2011/08/22 00:11:20 -0700
Acknowledged
It was previously agreed to re-license the Doctrine2 based
EventDispatcher refactoring to use the MIT license. However, the files
still retain the LGPL license notice.
This commit changes the license to MIT.
Commits
-------
d880db2 [Form] Test covered fix for invalid date (13 month/31.02.2011 etc.) send to transformer. Closes#1755df74f49 Patched src/Symfony/Component/Form/Extension/Core/DataTransformer/DateTimeToArrayTransformer.php to throw an exception when an invalid date is passed for transformation (e.g. 31st February)
Discussion
----------
[Form] Fix for "DateTimeToArrayTransformer" with invalid dates
Hey,
this is test covered fix from @mdavis1982 (closes#1755)
---------------------------------------------------------------------------
by stloyd at 2011/08/16 01:31:32 -0700
@fabpot Can we have this fix merged ?
Commits
-------
34a1b53 [HttpFoundation] Do not save session in Session::__destroy() when saved already
Discussion
----------
[HttpFoundation] Saving session data in __destroy() has a side effect on functional tests
Having functional test with several non-insulated requests, TestSessionListener invokes session saving at the end of every request. But instance of Session remains in memory until it's collected by garbage collector which saves the same data again in __destroy() method. The problem is that session object can get collected after other requests changed session data (e. g. user logged in) resulting in former data overwriting the latter.
Commits
-------
275da0d [Validator] changed 'self' to 'static' for child class to override pattern constant
Discussion
----------
[Validator] change 'self::' to 'static::' for PATTERN constant overridable in child classes
In TimeValidator and UrlValidator, PATTERN constant is not used with late static bind(static::) while DateValidator supports it.
Commits
-------
80d1718 [Fix] Email() constraints now guess as 'email' field type
Discussion
----------
[Fix] Email() constraints now guess as 'email' field type
I don't know what this was set to "text"
Commits
-------
e88ecbb [Form] Fixed a typo in AbstractType phpdoc
Discussion
----------
[Form] Fixed a typo in AbstractType phpdoc
This PR is a new version of PR #1862.
Original comment :
Hi,
Nothing really awesome, but I fixed a typo in some phpdoc of the AbstractType class.
Commits
-------
09c41d3 [Security] Fixed incorrect merge of two modifications (53f5c23c and 85199677) to AclVoter
Discussion
----------
[Security] Fixed incorrect merge of two modifications to AclVoter
It seems two modifications to `AclVoter` (53f5c23c and 85199677) have been merged incorrectly, leading to a method call on an object that is known to be `null` and a fatal error when running the tests
Commits
-------
4f9d229 The trace argument value could be string ("*DEEP NESTED ARRAY*")
6e7439e expanded namespaces within phpdoc (special for PhpStorm)
f0a6ee5 merge from master
8519967 Calling supportsClass from vote to find out if we can vote
Discussion
----------
The trace argument of an exception can be string (*DEEP NESTED ARRAY*) but with an array type specified
It leads to the exception of a foreach loop:
Invalid argument supplied for foreach() /.../vendor/symfony/src/Symfony/Bundle/FrameworkBundle/Templating/Helper/CodeHelper.php:103
Commits
-------
ae55a98 Added $format in serialize() method, to keep consistence and give a hint to the normalizer.
Discussion
----------
Added $format in serialize() method, to keep consistence and give a hint
Added $format in serialize() method, to keep consistence and give a hint to the normalizer.
---------------------------------------------------------------------------
by Seldaek at 2011/08/12 02:06:19 -0700
👍
Commits
-------
81fb8e1 [DomCrawler] fix finding charset in addContent
Discussion
----------
[DomCrawler] fix finding charset in addContent
According to http://www.ietf.org/rfc/rfc2045.txt content type can include other field after charset. So they should be cut.
Commits
-------
c0571fc [ClassLoader] Improve exception messages of the debug class loader
Discussion
----------
[ClassLoader] Improve exception messages of the debug class loader
---------------------------------------------------------------------------
by Seldaek at 2011/07/31 14:01:40 -0700
Ok, I updated this to just clarify the message, because when I got the issue after some serious copy-paste coding, I thought it was quite confusing - it seems to imply you mistyped the class name when using the class, and therefore it was not found, while the typo is in the class's file itself.
Commits
-------
5219f81 Using the $status parameter instead of fixed value when creating a RedirectResponse.
Discussion
----------
Using the $status parameter instead of fixed value
I checked the usages and the optional `$status` parameter is never used, so maybe another option would be to remove the parameter completely...
---------------------------------------------------------------------------
by jaugustin at 2011/07/25 03:11:00 -0700
maybe you could test that $status is a valid redirect code
---------------------------------------------------------------------------
by stloyd at 2011/07/25 04:40:21 -0700
@jaugustin This check is already included in `RedirectResponse` class.
Commits
-------
266e60e Don't tell a lie to every WebServers
Discussion
----------
Please don't tell a lie to every WebServers
Fake Useragent name should be only in test case .
Commits
-------
03c7cfe UrlGenerator no longer appends '?' if query string is empty
Discussion
----------
UrlGenerator no longer appends '?' if query string is empty
If you generate a URL using null parameters (`array('foo' => null, 'bar' => null')`), `http_build_query` returns an empty string, resulting in a trailing `?` at the end of the generated URL.
This fixes that so that, if there are `$extra` params & `http_build_query` is empty, the URL is no longer appended.
---------------------------------------------------------------------------
by fabpot at 2011/07/22 10:15:26 -0700
Can you add unit tests?
---------------------------------------------------------------------------
by ericclemmons at 2011/07/22 10:52:21 -0700
Yes sir, will do.
-Eric Clemmons
Sent from my iPad Nano
On Jul 22, 2011, at 12:15 PM, fabpot<reply@reply.github.com> wrote:
> Can you add unit tests?
>
> --
> Reply to this email directly or view it on GitHub:
> https://github.com/symfony/symfony/pull/1773#issuecomment-1633515
---------------------------------------------------------------------------
by ericclemmons at 2011/07/22 11:55:30 -0700
**Added passing test.**
Currently `master` fails test:
```
1) Symfony\Tests\Component\Routing\Generator\UrlGeneratorTest::testUrlWithNullExtraParameters
Failed asserting that two strings are equal.
--- Expected
+++ Actual
@@ @@
-http://localhost/app.php/testing
+http://localhost/app.php/testing?
//tests/Symfony/Tests/Component/Routing/Generator/UrlGeneratorTest.php:114
```
If not, as classes can be loaded during the boot, there is no way to be sure that
a class will not be already loaded by a third party bundle.
If the Kernel is already booted, we don't included the compiled classes.
Revert "[Form] CollectionType now checks for data_class parameter instead of only class."
This reverts commit 2e024f87a3.
Conflicts:
tests/Symfony/Tests/Component/Form/Extension/Core/Type/CollectionTypeTest.php
Revert "[Form] Added ObjectFactoryListener. Fixes #1746."
This reverts commit 0327beb0b9.
Conflicts:
tests/Symfony/Tests/Component/Form/Extension/Core/Type/CollectionTypeTest.php
Commits
-------
eae6a77 fixed wrong case
d0a175bfixes#1659f300ede fixes several bugs
a4f05ac added some tests
Discussion
----------
Http util fixes
Fixes several bugs in the http utils.
Please don't add anymore features without sufficient tests. Especially for the Security\Http namespace, regressions are very likely otherwise.
---------------------------------------------------------------------------
by fabpot at 2011/07/19 22:37:26 -0700
Tests do not pass for me:
There were 2 errors:
1) Symfony\Bundle\SecurityBundle\Tests\Functional\LocalizedRoutesAsPathTest::testLoginLogoutProcedure with data set #0 ('en')
InvalidArgumentException: The current node list is empty.
.../src/Symfony/Component/DomCrawler/Crawler.php:604
.../src/Symfony/Bundle/SecurityBundle/Tests/Functional/LocalizedRoutesAsPathTest.php:16
2) Symfony\Bundle\SecurityBundle\Tests\Functional\LocalizedRoutesAsPathTest::testLoginLogoutProcedure with data set #1 ('de')
InvalidArgumentException: The current node list is empty.
.../src/Symfony/Component/DomCrawler/Crawler.php:604
.../src/Symfony/Bundle/SecurityBundle/Tests/Functional/LocalizedRoutesAsPathTest.php:16
--
There were 4 failures:
1) Symfony\Bundle\SecurityBundle\Tests\Functional\LocalizedRoutesAsPathTest::testAccessRestrictedResource with data set #0 ('en')
Failed asserting that two strings are equal.
--- Expected
+++ Actual
@@ @@
-http://localhost/en/login
+http://localhost/login
.../src/Symfony/Bundle/Securitybundle/Tests/Functional/WebTestCase.php:22
.../src/Symfony/Bundle/SecurityBundle/Tests/Functional/LocalizedRoutesAsPathTest.php:38
2) Symfony\Bundle\SecurityBundle\Tests\Functional\LocalizedRoutesAsPathTest::testAccessRestrictedResource with data set #1 ('de')
Failed asserting that two strings are equal.
--- Expected
+++ Actual
@@ @@
-http://localhost/de/login
+http://localhost/login
.../src/Symfony/Bundle/Securitybundle/Tests/Functional/WebTestCase.php:22
.../src/Symfony/Bundle/SecurityBundle/Tests/Functional/LocalizedRoutesAsPathTest.php:38
3) Symfony\Bundle\SecurityBundle\Tests\Functional\LocalizedRoutesAsPathTest::testAccessRestrictedResourceWithForward with data set #0 ('en')
HTTP/1.0 302 Found
Cache-Control: no-cache
Content-Length: 299
Content-Type: text/html; charset=UTF-8
Date: Wed, 20 Jul 2011 05:36:27 GMT
Location: http://localhost/login
Set-Cookie: PHPSESSID=11c9c6a7e7620e13bddef223a5ba46d9; path=/; domain=
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta http-equiv="refresh" content="1;url=http://localhost/login" />
</head>
<body>
Redirecting to <a href="http://localhost/login">http://localhost/login</a>.
</body>
</html>
Failed asserting that <integer:0> matches expected <integer:1>.
.../src/Symfony/Bundle/SecurityBundle/Tests/Functional/LocalizedRoutesAsPathTest.php:50
4) Symfony\Bundle\SecurityBundle\Tests\Functional\LocalizedRoutesAsPathTest::testAccessRestrictedResourceWithForward with data set #1 ('de')
HTTP/1.0 302 Found
Cache-Control: no-cache
Content-Length: 299
Content-Type: text/html; charset=UTF-8
Date: Wed, 20 Jul 2011 05:36:28 GMT
Location: http://localhost/login
Set-Cookie: PHPSESSID=2bbe63786a088471ade3717917f4ba4f; path=/; domain=
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta http-equiv="refresh" content="1;url=http://localhost/login" />
</head>
<body>
Redirecting to <a href="http://localhost/login">http://localhost/login</a>.
</body>
</html>
Failed asserting that <integer:0> matches expected <integer:1>.
.../src/Symfony/Bundle/SecurityBundle/Tests/Functional/LocalizedRoutesAsPathTest.php:50
---------------------------------------------------------------------------
by schmittjoh at 2011/07/19 23:47:29 -0700
I fixed a wrong case, but I couldn't reproduce the other errors (tested on Ubuntu).
My guess is that the temporary directory on your machine couldn't be deleted for some reason, and the test runs with the configuration of some of the previous tests.
---------------------------------------------------------------------------
by fabpot at 2011/07/20 00:28:41 -0700
That does not make any difference for me. For instance, in `LocalizedRoutesAsPathTest::testLoginLogoutProcedure()`, the first request to `'/'.$locale.'/login'` returns the following Response:
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta http-equiv="refresh" content="1;url=http://localhost/login" />
</head>
<body>
Redirecting to <a href="http://localhost/login">http://localhost/login</a>.
</body>
</html>
---------------------------------------------------------------------------
by schmittjoh at 2011/07/20 00:31:34 -0700
That's weird, did you make sure that the temporary directory does not exist?
``rm -Rf /tmp/StandardFormLogin/``
On Wed, Jul 20, 2011 at 9:28 AM, fabpot <
reply@reply.github.com>wrote:
> That does not make any difference for me. For instance, in
> `LocalizedRoutesAsPathTest::testLoginLogoutProcedure()`, the first request
> to `'/'.$locale.'/login'` returns the following Response:
>
> <html>
> <head>
> <meta http-equiv="Content-Type" content="text/html;
> charset=utf-8" />
> <meta http-equiv="refresh" content="1;url=
> http://localhost/login" />
> </head>
> <body>
> Redirecting to <a href="http://localhost/login">
> http://localhost/login</a>.
> </body>
> </html>
>
> --
> Reply to this email directly or view it on GitHub:
> https://github.com/symfony/symfony/pull/1739#issuecomment-1613504
>
---------------------------------------------------------------------------
by fabpot at 2011/07/20 00:33:40 -0700
Yes, I've just checked and the directory does not exist.
---------------------------------------------------------------------------
by schmittjoh at 2011/07/20 00:39:55 -0700
Sorry, I can't reproduce it on Ubuntu and unless someone wants to sponsor me a Mac, there is not much I can do.
Commits
-------
2e024f8 [Form] CollectionType now checks for data_class parameter instead of only class.
0327beb [Form] Added ObjectFactoryListener. Fixes#1746.
Discussion
----------
[Form] Added ObjectFactoryListener. Fixes#1746.
---------------------------------------------------------------------------
by marcw at 2011/07/21 09:32:17 -0700
This patch also fixes a validation issue because it was impossible for the validator to validate an array.
---------------------------------------------------------------------------
by stof at 2011/07/21 09:47:46 -0700
yeah, using the data_class of the prototype would be great
Commits
-------
95011ce [HttpFoundation] Fixed creation of requests without a path.
Discussion
----------
[HttpFoundation] Fixed creation of requests without a path.
Providing urls with no path led to php warning that the index 'path' is
not set. This patch initializes 'path' if no path is set.
Commits
-------
b9bdab8 DoctrineAclCache unserialize sets the acl to the wrong field
Discussion
----------
DoctrineAclCache unserialize sets the acl to the wrong field
Upon unserialize of the acl, the acl is currently set to the id field which should be a string. Currently it passes the acl object into the id field which causes the following error upon unserialize.
Warning: Illegal offset type in isset or empty in Symfony/Component/Security/Acl/Dbal/AclProvider.php line 404
This is because at line 404, $ace->getId() returns an Acl object not an id and the acl field in $ace is null.
if (isset($this->loadedAces[$ace->getId()])) {
---------------------------------------------------------------------------
by fabpot at 2011/07/16 09:31:42 -0700
@schmittjoh?
---------------------------------------------------------------------------
by schmittjoh at 2011/07/16 23:19:06 -0700
Yes, this fix is good.
Commits
-------
d37ff15 removed unused code
2d3051f tabs -> spaces
2c224ce improves the exception message, and removes unnecessary constraint to only allow strings inside strings
d0b056c fixes a bug where getParameterBag() always returns null
Discussion
----------
Fixes a bug in PHPDumper, and in parameter resolving
Commits
-------
eb85cc5 fixes a bug where the cookie was wrongly considered expired
Discussion
----------
fixes a bug where the cookie was wrongly considered expired
On a related note, what do you think about adding some more functional tests here? Not only phpunit, but I would also suggest to add behat tests since there are a lot of things which are not picked up by the in process request emulation, but only by a real client.
@fabpot, @everzet, what do you think?
Commits
-------
5e80c68 fixes a naming inconsistency
8cfca15 added change to upgrade file
4123ec4 updated some missing references
Discussion
----------
Fix inconsistent naming
---------------------------------------------------------------------------
by jalliot at 2011/07/15 08:15:01 -0700
I think you forgot one commit (the one effectively changing Session and that you reverted in the main repo)
---------------------------------------------------------------------------
by schmittjoh at 2011/07/15 09:07:17 -0700
You're right, fixed now.
Upon unserialize of the acl, the acl is currently set to the id field which should be a string. Currently it passes the acl object into the id field which causes the following error.
Warning: Illegal offset type in isset or empty in Symfony/Component/Security/Acl/Dbal/AclProvider.php line 404
Commits
-------
71cfb56 Thrown a \RuntimeException in RequestMatcher::checkIp6() if PHP is compiled with the option "disable-ipv6"
Discussion
----------
[HttpFoundation] Problem with RequestMatcher if PHP is compiled with the option "disable-ipv6"
Thrown a \RuntimeException in RequestMatcher::checkIp6() if PHP is compiled with the option "disable-ipv6".
Commits
-------
05cc24c [Yaml] Wrap numeric strings in quotes when dumping
Discussion
----------
[Yaml] Wrap numeric strings in quotes when dumping
This addresses an obscure case where a hash string (actually a commit-ish, "686e444") was dumped to YAML as an unquoted string value. It was later parsed from YAML as an exponential numeric and changed to ".Inf".
This commit should not change the existing behavior when dumping non-string numerics. It also doesn't appear to disturb any of the other test cases. I realize it's a huge edge case, so I'm open to discussion.
The alternative to this fix was an ugly `preg_replace()` to apply quoting around the commit-ish after dumping. I would look forward to removing that :)
This addresses an obscure case where a hash string (actually a commit-ish, "686e444") was dumped to YAML as an unquoted string value. It was later parsed from YAML as an exponential numeric and changed to ".Inf".
Commits
-------
29e4063 [Security] changed order of checks to check for more specific things first
Discussion
----------
[Security] changed order of checks
Commits
-------
64e9263 Updated UPDATE.md
7cf891a Renamed variable returned and used self in place of static for constants
f91f4dd Added the possibility to set cookies with the same name for different domains and paths for Symfony\Component\HttpFoundation\ResponseHeaderBag
f08eeb4 Moved managing cookies of HeaderBag in ResponseHeaderBag
Discussion
----------
[HttpFoundation] Cookies management in ResponseHeaderBag
Fixed cookies management in `Symfony\Component\HttpFoundation\HeaderBag` and `Symfony\Component\HttpFoundation\ResponseHeaderBag`
Commits
-------
26ff05bfixes#1538
Discussion
----------
fixes#1538
Constructor of Symfony\Component\Security\Acl\Domain\RoleSecurityIdentity
--------------------------------------------------------------------------------------------------------
currently it check if the argument is instance of Symfony\Component\Security\Core\Role\Role by
``if ($role instanceof Role)``
Maybe it should be changed to
``if ($role instanceof RoleInterface)``
Because if we use another Role class which implements RoleInterface
it dosen't work when we check access, it will throw a *NoAceFoundException* when vote
Commits
-------
2a24603 [Routing] Allow multiple `@Route` annotations with a default name on a single method (fixes#1647)
Discussion
----------
[Routing] Allow multiple `@Route` annotations with a default name
[Routing] Allow multiple `@Route` annotations with a default name on a single method (fixes#1647)
Before this change, the default name would be the same for multiple `@Route` with a default name on the same method. Then only the last declared route is active.
The defaults names are (for consecutive `@Route`s):
* former_default,
* former_default_1,
* former_name,
* former_default_2,
* ...
The FrameworkExtraBundle needs to be updated in sync with this PR: https://github.com/sensio/SensioFrameworkExtraBundle/pull/50
Commits
-------
11369eb Fixed phpdoc
dbe1854 Added a AccessDeniedHttpException to wrap the AccessDeniedException.
Discussion
----------
Added a AccessDeniedHttpException to wrap the AccessDeniedException.
This is a proposal to fix#1631
It wraps the AccessDeniedException in an AccessDeniedHttpException when the firewall is not able to handle it itself. This allows getting a 403 response using the standard exception listener in this case.
Note that the app should not throw the AccessDeniedHttpException itself but keep using the AccessDeniedException to let the Security component check if the user is already fully authenticated or if it should give a chance to authenticate.
---------------------------------------------------------------------------
by fabpot at 2011/07/11 07:10:12 -0700
For reference, I've tried something more radical some time ago here: https://github.com/symfony/symfony/pull/369.
---------------------------------------------------------------------------
by stof at 2011/07/11 07:22:07 -0700
my implementation is what @schmittjoh suggested in the comments on your PR.
Commits
-------
22a49f1 Better docstring for FormError constructor
Discussion
----------
Better docstring for FormError constructor
Better docs for placeholder format of FormError.
Commits
-------
24e0d71 [FrameworkBundle] Fix a translatable string from the Form default validator
30d348d [Form] Make the default invalid message translatable
Discussion
----------
[Form] Translation
The first commit adds the ability to customize the default message when the form is invalid:
* Make it an option in the form builder,
* Allow placeholders in the message,
* The default value `This value is not valid` exists in the translation files.
The second commit updates a source string in the XLIFF files to make it translatable. All translations should be updated accordingly. The source string is from the [default validator](https://github.com/symfony/symfony/blob/master/src/Symfony/Component/Form/Extension/Core/Validator/DefaultValidator.php#L27).
This PR should fix The issue #997.
---------------------------------------------------------------------------
by fabpot at 2011/07/11 01:53:05 -0700
The first commit is not about making the message translatable, but to make it customizable (as the message is used for very different purposes depending on the Type).
---------------------------------------------------------------------------
by fabpot at 2011/07/11 01:55:11 -0700
The "This value is not valid" string should be added to the translation files too.
---------------------------------------------------------------------------
by vicb at 2011/07/11 02:02:51 -0700
@fabpot it was not translatable as the name was hardcoded in the message (instead of using a placeholder). So yes it becomes translatable now (and "customize"able as explained in the PR message).
I have also removed the form name from the default message as I don't think it brings any added value.
`This value is not valid` already exists in the translation files (see id=24).
Commits
-------
f7d0f65 RFC2616 changes
b9a218a [HttpFoundation] set Content-Length header to the length of content
Discussion
----------
[HttpFoundation] set Content-Length header to the length of content
I can't think of why this could be bad but if somebody knows please chime in.
The good thing is that with this change keepalive will work out of the box.
---------------------------------------------------------------------------
by Seldaek at 2011/07/06 05:34:51 -0700
That sounds like a great change. I think it might explain/fix the issues I've encountered with AppCache on my production box. Never had time to look into it, but IIRC I noticed the missing Content-Length, and it seemed to load forever.
---------------------------------------------------------------------------
by fabpot at 2011/07/06 06:46:50 -0700
The `Content-Length` is automatically added by servers like Apache. Moreover, sometimes, you should not add it: http://www.w3.org/Protocols/rfc2616/rfc2616-sec4.html#sec4.4
---------------------------------------------------------------------------
by lenar at 2011/07/06 07:54:45 -0700
It is not added automatically by default. Yes, in case of Apache it is actually added if deflate module is enabled and if that module decides to compress the content (decision based on content-type).
About RFC2616: I will read it and add changes to this PR if applicable.
---------------------------------------------------------------------------
by fabpot at 2011/07/06 08:38:14 -0700
e943fde2ef
---------------------------------------------------------------------------
by Seldaek at 2011/07/06 08:45:22 -0700
@lenar all you have to do is skip setting the Content-Length for `1xx`, `204`, and `304` responses I believe.
---------------------------------------------------------------------------
by Seldaek at 2011/07/06 08:46:54 -0700
But this should maybe be done in sendHeaders() à la `fixContentType`, because you can't be sure about the statusCode before that.
---------------------------------------------------------------------------
by lenar at 2011/07/06 13:55:33 -0700
I propose this based on what I read and understood from RFC2616.
---------------------------------------------------------------------------
by mheleniak at 2011/07/10 03:57:26 -0700
+1
Commits
-------
e6a2d76 delay resolving values of extensions config until all files are loaded
Discussion
----------
[DependencyInjection] Delay resolving values of extensions' config until all files are loaded
This addresses #1598.
This delays resolving of extensions' configuration until all files are loaded. Without this, overriding parameters do not work for extensions.
Commits
-------
df57e0f [Validator] Added strict option to ChoiceConstraint.
Discussion
----------
[Validator] Added strict option to ChoiceConstraint.
By default, ChoiceValidator was ensuring strict type when checking if value is present in choices. This behavior is a problem when you want to validate against integer values. As all data you will receive from a request will be typed as a string, you won't be able to validate these numeric values.
This patch solves this.
In order for being nice to developers, I've set "strict" to false by default.