On the advice of @schmittjoh, this commit adds a LogoutException class for use by LogoutListener if the CSRF token is invalid.
The handling in the Security component's ExceptionListener is modeled after AccessDeniedException, which gets wrapped in an AccessDeniedHttpException in the absence of handler service or error page (I didn't think it was appropriate to re-use those for LogoutException).
Using "securitybundletest" as the default environment for the functional test's kernel causes a PHP fatal error redeclaring the class "appSecuritybundletestDebugProjectContainer" when multiple tests (with unique names) are executed. In lieu of forcing tests to specify their own environment explicitly, we can simply append the test name into the environment.
Note: this bug may be related to PHPUnit executing multiple tests within the same process.
As each firewall is configured, its logout listener (if any) will be registered with the LogoutUrlHelper service. In a template, this helper may be used to generate relative or absolute URL's to a particular firewall's logout path. A CSRF token will be appended to the URL as necessary.
The Twig extension composes the helper service to avoid code duplication (see: #2999).
This adds several new options to the logout listener, modeled after the form_login listener:
* csrf_parameter
* intention
* csrf_provider
The "csrf_parameter" and "intention" have default values if omitted. By default, "csrf_provider" is empty and CSRF validation is disabled in LogoutListener (preserving BC). If a service ID is given for "csrf_provider", CSRF validation will be enabled. Invalid tokens will result in an InvalidCsrfTokenException being thrown before any logout handlers are invoked.
Commits
-------
cea2c7e removed unneeded local variable
924f378 updated changelog
72d5805 changed route name
41cc0d6 [FrameworkBundle] added support for HInclude
Discussion
----------
[FrameworkBundle] added support for HInclude
Bug fix: no
Feature addition: yes
Backwards compatibility break: no
Symfony2 tests pass: yes
Fixes the following tickets: -
Todo: discuss
Example: https://github.com/kbond/symfony-standard/tree/hinclude
**Reopened this as I broke #2903**
References:
- http://groups.google.com/group/symfony-devs/browse_thread/thread/b74e587d6f2f87b0
- http://groups.google.com/group/symfony-devs/browse_thread/thread/8776a9833d4a5f79
- #2903
- #2865
[![Build Status](https://secure.travis-ci.org/kbond/symfony.png?branch=hinclude)](http://travis-ci.org/kbond/symfony)
---------------------------------------------------------------------------
by kbond at 2012-02-11T20:27:22Z
unless there is anything else I think this is ready, want me to squash again?
---------------------------------------------------------------------------
by fabpot at 2012-02-11T21:07:33Z
@kbond: Can you add some information about the changes in the CHANGELOG?
---------------------------------------------------------------------------
by Tobion at 2012-02-11T21:33:32Z
Do I see it correctly that we cannot set a default template on a per hinclude tag basis? But only global?
That's not really usefull when javascript is disabled because it should resemble the content to be included as an alternative.
---------------------------------------------------------------------------
by stof at 2012-02-11T21:42:15Z
@Tobion currently it is not possible. But changing the content on a tag basis may require changing the way the render tag look like (as there is no content in the tag currently) so this needs further discussion and @fabpot said he wants to merge a first implementation without it. See the discussion above.
Commits
-------
9d6eb82 [Routing] Fix a bug in the TraceableUrlMatcher
9fc8d28 [FrameworkBundle] Fix a bug in the RedirectableUrlMatcher
4fcf9ef [Routing] Small optimization in the UrlMatcher
abc2141 [Routing] Added a missing property declaration
d86e1eb [Routing] Remove a weird dependency
Discussion
----------
[Routing] Remove a dependency on a derived class, fixes, optim
Subset of #3296 which should be acceptable.
Travis is happy.
The side effect of removing the dependency is that the `UrlMatcher` does not throw an exception any more when the scheme does not match the required scheme. I think it is better because:
* it removes a dependency on a derived class,
* it was an undocumented "feature",
* other thrown excs are component specific while this one was raw SPL.
---------------------------------------------------------------------------
by vicb at 2012-02-09T14:43:02Z
let me know what should go in 2.0 as well.
Commits
-------
b3fd2fa [Propel] Added Propel to Stopwatch
Discussion
----------
[Propel] Added Propel to Stopwatch
I've added the Stopwatch feature, everything is ready on the PropelBundle.
The trick is to log `prepare` queries in Propel, that way we got first the prepared statement, and then the executed query. That's why there is a `$isPrepare` boolean.
I kept BC if people don't update the PropelBundle too.
William
---------------------------------------------------------------------------
by stof at 2012-02-14T12:16:51Z
@willdurand toggling a flag for each call seems a bit hackish to me. Is there no better way to do it ?
---------------------------------------------------------------------------
by willdurand at 2012-02-14T12:21:38Z
Unfortunately no... But it's quite safe as we cannot change logged methods.
There is neighter start/stop methods, nor typed messages.
Le 14 févr. 2012 à 13:16, Christophe Coevoet<reply@reply.github.com> a écrit :
> @willdurand toggling a flag for each call seems a bit hackish to me. Is there no better way to do it ?
>
> ---
> Reply to this email directly or view it on GitHub:
> https://github.com/symfony/symfony/pull/3352#issuecomment-3959592
---------------------------------------------------------------------------
by stof at 2012-02-14T12:26:04Z
@willdurand then let's use this for propel 1. But please improve the logging interface for Propel 2 :)
---------------------------------------------------------------------------
by willdurand at 2012-02-14T12:34:28Z
Sure! I've added that on my todolist…
2012/2/14 Christophe Coevoet <
reply@reply.github.com
>
> @willdurand then let's use this for propel 1. But please improve the
> logging interface for Propel 2 :)
>
> ---
> Reply to this email directly or view it on GitHub:
> https://github.com/symfony/symfony/pull/3352#issuecomment-3959729
>
Commits
-------
e5edf5a [Console] Fixed CS
8abf506 [Console] Added abbreviation into search for bad command / namespace
c6203bc [Console] Added namespace suggest on bad namespace name
117359a [Console] fixed CS according to PR comment
dd0d97e [Console] Added suggest on bad command name
Discussion
----------
[Console] Added suggest on bad command name
Bug fix: no
Feature addition: yes
Backwards compatibility break: no
Symfony2 tests pass: yes
Fixes the following tickets: -
Todo: namespace ?
Added something like in `git` : if user type a wrong command and if a close alternative exists, Command compenent will display a list of similar command(s).
Note : It does not work with namespace. If this PR will be merged, I could work on namespace.
see : https://github.com/fabpot/Twig/blob/master/lib/Twig/Environment.php#L1003
---------------------------------------------------------------------------
by fabpot at 2012-02-11T18:54:49Z
I think we need it to also work on namespace before merging. Is it possible?
---------------------------------------------------------------------------
by henrikbjorn at 2012-02-11T19:01:06Z
could maybe use similar_text ?
---------------------------------------------------------------------------
by lyrixx at 2012-02-11T19:01:55Z
Yes.
I will work on it asap
---------------------------------------------------------------------------
by lyrixx at 2012-02-11T20:06:43Z
I added code for namespace
@henrikbjorn I did the same logic as in twig.
---------------------------------------------------------------------------
by lyrixx at 2012-02-11T20:27:48Z
Note : Travis tests failed : http://travis-ci.org/#!/lyrixx/symfony/builds/663216
```before_script: Execution of 'php vendors.php' took longer than 600 seconds and was terminated.
Consider rewriting your stuff in AssemblyScript, we've heard it handles Web Scale™```
But tests are OK on my laptop
---------------------------------------------------------------------------
by stof at 2012-02-11T20:41:15Z
Well, it may be due to github issues during the setup of the vendors. There is some issues regularly because of the DDoS attack.
---------------------------------------------------------------------------
by lyrixx at 2012-02-11T20:58:07Z
Yes, i guessed it :-) that's why i notice it work on my laptop
---------------------------------------------------------------------------
by fabpot at 2012-02-11T23:11:08Z
This code won't work if you use abbreviations instead of the full namespace or command name.
---------------------------------------------------------------------------
by lyrixx at 2012-02-12T23:30:04Z
I added code to manage abbreviations. But I'm not sure what you are expecting. Can you try it and give me some feedback ?
P.S. : Travis failed again, but tests pass on my laptop.
Commits
-------
8935dec Added support for SVG mime type
Discussion
----------
Added support for SVG mime type
Hi, MimeTypeExtensionGuesser doesn't have a default type for SVG files, I've added this in.
Craig
Commits
-------
cfddbba Grammar and formatting in upgrade doc
Discussion
----------
Grammar and formatting in upgrade doc
Added logical component headings to changes. Grouped changes by bullets, with indented text and code blocks. Applied consistent formatting to method names and code references. Re-flowed paragraph text to abide an 80-character column.
Commits
-------
a395873 [FrameworkBundle][Session] Add auto_start pass to the storage options
Discussion
----------
[FrameworkBundle][Session] Add auto_start pass to the storage options
Bug fix: yes
Feature addition: no
Backwards compatibility break: no
Symfony2 tests pass: yes
Fixes the following tickets: -
Todo: -
I think that is bugfix.
In currently value of auto_start in config has no effect, at least when using the session in WebTestCase context.
---------------------------------------------------------------------------
by stof at 2012-02-13T14:59:17Z
The ``auto_start`` setting is not an option passed to the session storage. It is about configuring the SessionListener. So this seems wrong
---------------------------------------------------------------------------
by drak at 2012-02-13T15:02:26Z
That said, the storage does need to know if it should respect autostart - that might be quite independent of anything else. The moment something is output a session will start if `ini_set('auto_start', 1)`.
---------------------------------------------------------------------------
by drak at 2012-02-13T15:05:52Z
I guess in the context of FrameworkBundle you probably want the storage driver auto_start off (php's autostart that is) so that sessions are only explicitly started by the session listener.
---------------------------------------------------------------------------
by dr-fozzy at 2012-02-13T15:22:02Z
Just tested out master branch. With session.auto_start = 0 in php.ini and auto_start: false at framework -> session section of config.yml
Session is <b>started</b>(cookie's are set) anyway...
(PHP 5.3.9, simple blank page)
This bug indirectly affect Varnish caching-proxy, as it's default behaviour to not cache anything if "Cookie" or "Set-Cookie" header is set.
---------------------------------------------------------------------------
by yethee at 2012-02-13T17:55:14Z
@drak, `ini_set('session.auto_start', 1)` will not work because it will be overriden [here](137b0026b7/src/Symfony/Component/HttpFoundation/Session/Storage/AbstractSessionStorage.php (L222)), if the `auto_start` option is not passed in the `$options`. Or have I missed something?
I have trouble with session in functional tests (based on WebTestCase). I put some data, authentication token, into session before send request but lost them when session is [starting](7e4f4dcdf9/src/Symfony/Bundle/FrameworkBundle/EventListener/SessionListener.php (L58))
---------------------------------------------------------------------------
by stof at 2012-02-13T18:04:19Z
@drak seems like your refactored storage now need to be aware of the auto_start setting :)
---------------------------------------------------------------------------
by drak at 2012-02-14T06:40:26Z
> @drak, ini_set('session.auto_start', 1) will not work because it will be overriden here, if the auto_start option is not passed in the $options. Or have I missed something?
This code simply sets a default value of off if there was no explicit setting. I believe this is correct: if not set, then set to off, otherwise, leave as defined. The issue in question is if FrameworkBundle passes the cofiguration on - it should and should have been since 2.0.
@stof The storage drivers do indeed need to be aware of the autostart settings and afaik they are already - whether FrameworkBundle passes this on to the storage driver is a different matter though.
@yethee - are you sure you are using the latest master from symfony/symfony (and not the split trees)? I ask because your second link points to something that's either in the 2.0 branch or well before the new code was merged.
---------------------------------------------------------------------------
by yethee at 2012-02-14T06:56:40Z
Yep, I use latest version of master branch. [Here](https://github.com/symfony/symfony/blob/master/src/Symfony/Bundle/FrameworkBundle/EventListener/SessionListener.php) current version of SessionListener, there is no difference of code to the previous link, now. I specifically has specified the link to the commit, and not a branch.
---------------------------------------------------------------------------
by drak at 2012-02-14T06:58:48Z
Does your PR solve the problem for you? I'm going to write some tests for this also.
---------------------------------------------------------------------------
by yethee at 2012-02-14T07:09:49Z
> This code simply sets a default value of off if there was no explicit setting. I believe this is correct: if not set, then set to off, otherwise, leave as defined. The issue in question is if FrameworkBundle passes the cofiguration on - it should and should have been since 2.0.
How can I pass `auto_start` option in the `setOptions` method? Now this option is not pass, and is always set the default value.
Difference between current implementation and 2.0 that in the previous version of sessions is automatically started when put any data into session. https://github.com/symfony/symfony/blob/2.0/src/Symfony/Component/HttpFoundation/Session.php#L120
---------------------------------------------------------------------------
by yethee at 2012-02-14T07:17:18Z
@drak, yes, it makes the behavior of the session as in 2.0 branch
https://github.com/symfony/symfony/blob/master/src/Symfony/Component/HttpFoundation/Session/Storage/AbstractSessionStorage.php#L186
---------------------------------------------------------------------------
by drak at 2012-02-14T14:41:29Z
That means it was as I suspected, that the auto_start value in the config was not communicated to the session storage driver in `FrameworkBundle`, which your patch now fixes. @fabpot I guess this is ok for merge now.
Commits
-------
97cbf90 [Propel] Added tests for the PropelDataCollector
d9ce982 [Propel] Added tests for CollectionToArrayTransformer
4878af4 [Propel] Fixed CS
dd5d72a Added Propel to the vendors.php script
Discussion
----------
Propel tests
This PR adds more unit tests on the Propel Bridge. More to come later :)
Commits
-------
beb4fc0 [WIP][Locale] StubIntlDateFormatter::parse was throwing exception instead of returning Boolean false like intl implementation
b61dff7 fixed CS
Discussion
----------
[WIP][Locale] StubIntlDateFormatter::parse was throwing exception instead of returning Boolean false like intl implementation
Bug fix: yes
Feature addition: no
Backwards compatibility break: no
Symfony2 tests pass: ![travis.ci](https://secure.travis-ci.org/eriksencosta/symfony.png?branch=ticket_2781)
Fixes the following tickets: #2781
Todo: A test fail in 32 bit environment, executed tests only with PHP 5.3.2 and ext-intl ICU 4.2 based
Failed test:
1) Symfony\Tests\Component\Locale\Stub\StubIntlDateFormatterTest::testFormatWithDefaultTimezoneIntl
Failed asserting that two strings are equal.
--- Expected
+++ Actual
@@ @@
-'1969-12-31 21:00:00'
+'1969-12-31 16:00:00'
Added logical component headings to changes. Grouped changes by bullets, with indented text and code blocks. Applied consistent formatting to method names and code references. Re-flowed paragraph text to abide an 80-character column.
Commits
-------
09b348d [HttpFoundation] Forward compatibility tweak to allows direct use of \SessionHandlerInterface
Discussion
----------
[HttpFoundation] Forward compatibility tweak
Bug fix: no
Feature addition: yes
Backwards compatibility break: no
Symfony2 tests pass: yes
Fixes the following tickets: -
Todo: -