This PR was merged into the 2.0 branch.
Commits
-------
f2cbea3 [Security] remove escape charters from username provided by Digest DigestAuthenticationListener
80f6992 [Security] added test extra for digest authentication
d66b03c fixed CS
694697d [Security] Fixed digest authentication
c067586 [Security] Fixed digest authentication
Discussion
----------
Fix digest authentication
Bug fix: yes
Feature addition: no
Backwards compatibility break: no
Symfony2 tests pass: yes
Fixes the following tickets:
Todo: -
License of the code: MIT
Documentation PR: -
Replaces: #5485
This adds the missing fixes.
My only concerns is the ```\"``` removing.
```\"``` is only needed for the HTTP transport, but keeping them would require to also store the username with the escapes as well.
---------------------------------------------------------------------------
by fabpot at 2012-10-30T11:25:28Z
The digest authentication mechanism is not that widespread due to its limitation. And the transport is not HTTP, I think we are talking about very few cases.
---------------------------------------------------------------------------
by sstok at 2012-10-30T12:49:14Z
Apache seems to remove (ignore) escape characters.
```c
if (auth_line[0] == '=') {
auth_line++;
while (apr_isspace(auth_line[0])) {
auth_line++;
}
vv = 0;
if (auth_line[0] == '\"') { /* quoted string */
auth_line++;
while (auth_line[0] != '\"' && auth_line[0] != '\0') {
if (auth_line[0] == '\\' && auth_line[1] != '\0') {
auth_line++; /* escaped char */
}
value[vv++] = *auth_line++;
}
if (auth_line[0] != '\0') {
auth_line++;
}
}
else { /* token */
while (auth_line[0] != ',' && auth_line[0] != '\0'
&& !apr_isspace(auth_line[0])) {
value[vv++] = *auth_line++;
}
}
value[vv] = '\0';
}
```
But would this change be a BC break for people already using quotes but without a comma and thus they never hit this bug?
The change it self is minimum, just calling ```str_replace('\\\\', '\\', str_replace('\\"', '"', $value))``` when getting the username.
---------------------------------------------------------------------------
by fabpot at 2012-11-13T13:00:12Z
@sstok Doing the same as Apache seems the best option here (just document the BC break).
---------------------------------------------------------------------------
by sstok at 2012-11-15T16:05:00Z
Hopefully I did this correct, but the needed escapes seem correctly removed.
`\"` is changed to `"` `\\` is changed to `\`
`\'` it kept as it is, as this needs no correcting.
@Vincent-Simonin Can you verify please.
---------------------------------------------------------------------------
by Vincent-Simonin at 2012-11-19T09:28:18Z
Authentication didn't work with this configuration :
```
providers:
in_memory:
name: in_memory
users:
te"st: { password: test, roles: [ 'ROLE_USER' ] }
```
`te"st` was set in authentication form's user field.
(Must we also escape `"` in configuration file ?)
Tests were performed with nginx.
---------------------------------------------------------------------------
by sstok at 2012-11-19T09:33:34Z
Yes. YAML escapes using an duplicate quote, like SQL.
```yaml
providers:
in_memory:
name: in_memory
users:
"te""st": { password: test, roles: [ 'ROLE_USER' ] }
```
This PR was squashed before being merged into the 2.0 branch (closes#5496).
Commits
-------
9872d26 [HttpFoundation] Fix name sanitization after perfoming move
Discussion
----------
[HttpFoundation] Fix name sanitization after perfoming move
Bug fix: yes
Feature addition: no
Backwards compatibility break: no
Symfony2 tests pass: yes
Fixes the following tickets: #2577
License of the code: MIT
Further work on #2577, fixes name sanitization, after moving file name with new name with non latin characters in the beginning.
---------------------------------------------------------------------------
by stloyd at 2012-09-12T09:52:05Z
You must revert chmod changes.
---------------------------------------------------------------------------
by helios-ag at 2012-09-12T14:30:36Z
@stloyd fixed
---------------------------------------------------------------------------
by stof at 2012-10-13T21:12:43Z
@fabpot what is the status of this PR ?
This PR was merged into the 2.0 branch.
Commits
-------
a094f7e Add check to Store::unlock to ensure file exists
Discussion
----------
[2.0] [HttpKernel] Add check to Store::unlock to ensure file exists
Bug fix: yes
Feature addition: no
Backwards compatibility break: no
Symfony2 tests pass: yes
I was seeing this error in my logs when using an `AppCache`:
```
Error 2: /var/www/beta.example.com/shared/vendor/symfony/symfony/src/Symfony/Component/HttpKernel/HttpCache/Store.php line 92: unlink(/var/www/beta.example.com/releases/20120827020525/app/cache/beta/http_cache/md/c2/88/66a911b5266a57bdd55131a47895b8861dfd.lck): No such file or directory
```
It was only occurring when the `http_cache` file was being primed (i.e. first load).
I've added a simple check to ensure that the file is a valid file before trying to unlink. I also added a missing `@return` docblock. Note: I've chosen to return `false` if the file does not exist as this seems to be the behaviour of the `purge` method.
---------------------------------------------------------------------------
by jonathaningram at 2012-08-29T06:46:52Z
@henrikbjorn done and rebased. Thanks.
---------------------------------------------------------------------------
by jonathaningram at 2012-09-17T22:38:47Z
@henrikbjorn any news on this one? It's currently not possible to use the HTTP Cache without the first request failing.
---------------------------------------------------------------------------
by jonathaningram at 2012-09-25T01:28:38Z
ping @fabpot sorry to keep pushing this, but any chance you could take a look at this?
Commits
-------
f694615 [Process] fix ProcessTest::testProcessPipes hangs on Windows on branch 2.0
Discussion
----------
[Process] fix ProcessTest::testProcessPipes hangs on Windows on branch 2.0
Bug fix: yes
Feature addition: no
Backwards compatibility break: no
Symfony2 tests pass: yes
Fixes the following tickets: #5343
Todo: -
License of the code: MIT
Documentation PR:
Marked the test as skipped on Windows, exactly as it is done on master branch (kind of backport)
---------------------------------------------------------------------------
by pborreli at 2012-08-25T20:06:58Z
👍
Commits
-------
1a4a4ee [DependencyInjection] Fixed a frozen constructor of a container with no parameters
2a124bc [DependencyInjection] Added a test for a frozen constructor of a container with no parameters
Discussion
----------
[DependencyInjection] Fix PHP Dumper for a constructor of a frozen container with no parameters
Bug fix: yes
Feature addition: no
Backwards compatibility break: no
Symfony2 tests pass: yes
Fixes the following tickets:
Todo: -
License of the code: MIT
---------------------------------------------------------------------------
by travisbot at 2012-08-06T16:51:20Z
This pull request [passes](http://travis-ci.org/symfony/symfony/builds/2049206) (merged 1a4a4ee9 into 3d32a0bc).
Commits
-------
a609d55 [Locale] fixed StubIntlDateFormatter to behave like the ext/intl implementation
Discussion
----------
[2.0][WIP][Locale] StubIntlDateFormatter should use the TZ environment variable instead of the PHP's date.timezone setting
Bug fix: yes
Feature addition: no
Backwards compatibility break: yes
Symfony2 tests pass: yes
Fixes the following tickets: #3841
Todo: Check ext/intl changes for the next PHP 5.4 release
License of the code: MIT
![Build Status](https://secure.travis-ci.org/eriksencosta/symfony.png?branch=issue-3841)
There were changes that need to be investigated for the next PHP 5.4 release:
- [php-src @ eb346ef](eb346ef0f4)
- [php-src @ 888e77f](888e77ff73)
A strong evidence of bug in ext/intl was found while testing `StubIntlDateFormatter`. See the comment available at the docblock of `StubIntlDateFormatterTest`'s `testFormatWithDefaultTimezoneIntlShouldUseTheTzEnvironmentVariableWhenAvailable()` method and the following Gist for test scripts: https://gist.github.com/2946342
Maybe the upcoming PHP 5.4 release fix this bug since it will use the PHP's `date.timezone` when no time zone is provided. If confirmed the bug, it will need to be reported to the ext/intl maintainers.
---------------------------------------------------------------------------
by travisbot at 2012-06-18T05:02:05Z
This pull request [passes](http://travis-ci.org/symfony/symfony/builds/1644431) (merged a609d55c into cd0aa378).
---------------------------------------------------------------------------
by fabpot at 2012-06-28T14:09:08Z
@eriksencosta Now that PHP 5.4.4 is out, our tests for the Locale components are broken. Is this PR ready to be merged?
---------------------------------------------------------------------------
by eriksencosta at 2012-06-28T14:53:14Z
@fabpot the failed test case seems unrelated to this issue. I will debug it.
Failed test: `Locale\Tests\Stub\StubNumberFormatterTest::testParseTypeInt64IntlWith32BitIntegerInPhp32Bit`
Recent build job: http://travis-ci.org/#!/symfony/symfony/jobs/1729618
I just need to confirm mine todo note. If you want, merge it, I'll track this and make a new PR if needed (possibly only to remove the TODO note.)