This PR was merged into the master branch.
Commits
-------
b31ae34 [WebProfilerBundle] Remove the now unneeded BC var and fixed a typo
d07ce03 [TwigBundle] Moved the registration of the app global to the environment
Discussion
----------
[TwigBundle] Moved the registration of the app global to the environment
This makes the app global variable available also when accessing the Twig
environment directly instead of using the TwigEngine.
This PR was squashed before being merged into the master branch (closes#5725).
Commits
-------
d6be69a [i5669][Console] Adding a note about the list command in the help command
Discussion
----------
[i5669][Console] Adding a note about the list command in the help command
In order to fix the issue #5669.
---------------------------------------------------------------------------
by gnugat at 2012-10-11T09:45:45Z
This PR is ready for a first code review.
---------------------------------------------------------------------------
by stof at 2012-10-13T22:25:15Z
@fabpot 👍
This PR was merged into the master branch.
Commits
-------
63b480e [Console] fixed#5316
Discussion
----------
[Console] [Enhancement] fixes#5316
Bug fix: no
Feature addition: yes
Backwards compatibility break: no
Symfony2 tests pass: yes
Fixes the following tickets: #5316
---------------------------------------------------------------------------
by marfillaster at 2012-10-05T02:14:55Z
I simplified the change. And the reason why tests for text help do not need changes is because in CommandTest, the commands are executed first which also merges app definition before invoking asText or asXml . While in ApplicationTest, commands are never run therefore app definition is not being merged.
---------------------------------------------------------------------------
by stof at 2012-10-13T23:13:52Z
@fabpot This looks ready to me. Anything left ?
This PR was merged into the master branch.
Commits
-------
3d2a7db Fix a few namespaces to match file system.
Discussion
----------
Cleanup Some Tests - tearDown and namespaces
Tried to cleanup a few tests and fix a few test classes which weren't following PSR-0. Removed original `tearDown` changes.
---
Bug fix: no
Feature addition: no
Backwards compatibility break: no
Symfony2 tests pass: yes
Fixes the following tickets: ~
Todo: ~
License of the code: MIT
Documentation PR: ~
---------------------------------------------------------------------------
by pborreli at 2012-10-13T06:41:14Z
from [PHPUnit documentation](http://www.phpunit.de/manual/current/en/fixtures.html#fixtures.more-setup-than-teardown) :
>setUp() and tearDown() are nicely symmetrical in theory but not in practice. In practice, you only need to implement tearDown() if you have allocated external resources like files or sockets in setUp(). If your setUp() just creates plain PHP objects, you can generally ignore tearDown(). However, if you create many objects in your setUp(), you might want to unset() the variables pointing to those objects in your tearDown() so they can be garbage collected. The garbage collection of test case objects is not predictable.
---------------------------------------------------------------------------
by fabpot at 2012-10-13T10:05:49Z
All these tearDown methods are not needed and should be removed.
This PR was merged into the master branch.
Commits
-------
d427522 [Validator] fixed German translation, see #5675
Discussion
----------
[Validator] fixed German translation
see #5675
The controllers are not relying on the DIC anymore and only Twig
is used for rendering (instead of the Templating component).
The Exception controller has not been updated yet as it relies on many
external dependencies (and other bundles).
This has been done for several reasons:
* for consistency with the way we already manage the WDT icons;
* it makes the WebProfiler independant from the location of the assets (and from the asset() function)
* this is the very first step to make the WebProfiler useable outside the full-stack framework (more commits soon)
There is still one asset() call though, which will be removed later on.
This PR was merged into the master branch.
Commits
-------
74e2c5e Fix incorrect inheritdoc blocks
Discussion
----------
Fix incorrect inheritdoc blocks
Also add a docblock to stopwatch member variable.
This PR was merged into the master branch.
Commits
-------
e65ff0b [Form] Removed unused method ChoiceView::isSelected()
Discussion
----------
[Form] Removed unused method ChoiceView::isSelected()
Bug fix: no
Feature addition: no
Backwards compatibility break: no
Symfony2 tests pass: yes
Fixes the following tickets: #5722
Todo: -
License of the code: MIT
Documentation PR: -
This PR was merged into the master branch.
Commits
-------
f66f110 FIX [2.1][ClassLoader]UniversalClassLoader not working with AnnotationRegistry::registerLoader
Discussion
----------
[2.1][ClassLoader]UniversalClassLoader not working with AnnotationRe...
Bug fix: yes
Feature addition: no
Backwards compatibility break: no
Symfony2 tests pass: yes
Fixes the following tickets: ~
Todo: ~
License of the code: MIT
Documentation PR: ~
The Doctrine\Common\Annotations\AnnotationRegistry::loadAnnotationClass examines the returning value of the loader and the load is successful only if the loader returns with "TRUE" value.
This is how method Symfony\Component\ClassLoader\ClassLoader::loadClass works, but it is not true for Symfony\Component\ClassLoader\UniversalClassLoader::loadClass.
---------------------------------------------------------------------------
by sstok at 2012-10-08T09:25:39Z
As this is a bug fix it should be done on 2.0
---------------------------------------------------------------------------
by stof at 2012-10-08T12:49:42Z
It is not a bugfix. Nothing enforces an autoloader to return a boolean in PHP.
And Symfony works with the annotation registry since 1.5 year (when it was introduced): https://github.com/symfony/symfony-standard/blob/2.0/app/autoload.php#L34-38
Btw, if you are using 2.1, I would recommend you to use the new ClassLoader instead of the UniversalClassLoader to autoload PSR-0 libraries. It has a simpler API (and returns the boolean needed by Doctrine) while supporting the same classes than the UniversalClasssLoader (both of them are supporting PSR-0 and nothing else)
This PR was merged into the master branch.
Commits
-------
bf9d2be [Console] Fixes in ProgressHelper
Discussion
----------
[Console] Fixes in ProgressHelper
Bug fix: yes
Feature addition: no
Backwards compatibility break: ?
Symfony2 tests pass: yes
Changed from true to false the default "newline" parameter of the method "overwrite" (to stick with the default value of OutputInterface).
This PR was merged into the master branch.
Commits
-------
4534960 [Security] Added Pbkdf2PasswordEncoder
Discussion
----------
[2.2] [Security] Added Pbkdf2PasswordEncoder
Bug fix: no
Feature addition: yes
Backwards compatibility break: no
Symfony2 tests pass: yes
License of the code: MIT
This adds the PBKDF2 derived key mechanism (as defined in http://www.ietf.org/rfc/rfc2898.txt) for the Password encoder.
The original implementation comes from http://www.itnewb.com/tutorial/Encrypting-Passwords-with-PHP-for-Storage-Using-the-RSA-PBKDF2-Standard and does not contain any restrictive copyright. I have included the original author.
---------------------------------------------------------------------------
by mvrhov at 2012-06-26T10:33:59Z
This also warrants a waring that the function is extra slow. Calculation of hash with the default 5000 iterations on small ec2 instance takes approximately 800ms.
---------------------------------------------------------------------------
by sstok at 2012-06-26T11:17:25Z
@mvrhov What do you mean exactly? Should I reduce the default number of Iterations?
Edit: Oops, my own class in rollerworks/Crypt also uses 1000, not 5000.
I used the MessageDigestPasswordEncoder as my template and forgot to change that.
Fixed.
---------------------------------------------------------------------------
by mvrhov at 2012-06-26T12:04:28Z
@sstok: What I meant was that it would be nice to include that info into the PhpDoc block or inside a changelog.
Between the plain salted sha512, sha512 based Pbkdf2 and sha512 based bcrypt, bcrypt was slower than sha512, but way faster than Pbkdf2. I've measured all of them on small ec2 instance.
Oh, and BTW it was 1000 iterations in Pbkdf2 that took 800ms.
---------------------------------------------------------------------------
by sstok at 2012-06-26T12:39:46Z
```
* Pbkdf2PasswordEncoder uses the PBKDF2 (Password-Based Key Derivation Function 2).
*
* Providing a high level of Cryptographic security,
* PBKDF2 is recommended by the National Institute of Standards and Technology (NIST).
*
* But also warrants a warning, using PBKDF2 (with a high number of iterations) slows down the process.
* PBKDF2 should be used with caution and care.
```
Something like this, any suggestions are welcome ;)
PS: Should I also add this to the SecurityBundle?, but 'algorithm' always passes it to MessageDigestPasswordEncoder when it not plain. So I wonder what to do for that, using something as pbkdf2_[algorithm] like: pbkdf2_sha512
---------------------------------------------------------------------------
by jalliot at 2012-07-06T22:27:22Z
@sstok That would be a really valuable addition to Symfony :)
And I think indeed that you should modify SecurityBundle by adding a simple way to switch from the basic encoder to this one (and surely set it as the default!).
Another nice thing you could do is provide a bcrypt implementation. @elnur's [ElnurBlowfishPasswordEncoderBundle](https://github.com/elnur/ElnurBlowfishPasswordEncoderBundle) might give you some inspiration.
---------------------------------------------------------------------------
by sstok at 2012-07-08T12:25:29Z
@jalliot Thanks for the tip, changing the default is not a good idea as PBKDF2 pretty heavy when compared to Digit.
The only difference between PBKDF2 and Digit is that PBKDF2 uses HMAC and does some extra things, so they are both very secure. But the second is more secure then the other ;)
Implementing bcrypt should be no problem, I will open an new pull request for that one when ready.
Edit: I think I have an idea, setting algorithm to pbkdf2 with hash_algorithm as parameter.
---------------------------------------------------------------------------
by sstok at 2012-07-18T09:54:15Z
@schmittjoh As this is a simple change should it go for 2.1 or 2.2?
---------------------------------------------------------------------------
by jalliot at 2012-07-18T11:02:40Z
IIUC 2.1 is feature frozen so that will surely not be merged before 2.2.
---------------------------------------------------------------------------
by fabpot at 2012-07-23T14:26:30Z
This is indeed scheduled for 2.2.
---------------------------------------------------------------------------
by sstok at 2012-10-02T13:51:59Z
@fabpot ping
---------------------------------------------------------------------------
by fabpot at 2012-10-02T16:20:23Z
Before I merge this PR, can you:
* add an entry in the CHANGELOG of the component and the bundle
* squash your commits
* create a PR on the docs to mention the new encoder (its usage and the limitations as you mentioned them here)
Thanks.
---------------------------------------------------------------------------
by stof at 2012-10-02T16:27:03Z
The XSD also need to be updated
---------------------------------------------------------------------------
by fabpot at 2012-10-02T16:37:53Z
@stof: AFAIR, there is unfortunately no XSD for the Security bundle.... yet
---------------------------------------------------------------------------
by mvrhov at 2012-10-02T16:56:39Z
BTW: http://php.net/manual/en/function.hash-pbkdf2.php
---------------------------------------------------------------------------
by fabpot at 2012-10-02T17:17:57Z
@mvrhov Indeed, it's going to be included in PHP as of PHP 5.5. We need to use it if available.
---------------------------------------------------------------------------
by stof at 2012-10-02T17:28:17Z
@fabpot ah true. and I don't want to try creating an XSD in this bundle as the config tree can be expanded dynamically by any bundle :)
---------------------------------------------------------------------------
by sstok at 2012-10-03T09:29:53Z
@fabpot ping
---------------------------------------------------------------------------
by sstok at 2012-10-08T09:21:09Z
@fabpot ping
[Security] changed default iterations of Pbkdf2PasswordEncoder to 1000 instead of 5000
[Security] Improved description of PBKDF2 encoder
[SecurityBundle] added PBKDF2 PasswordEncoder
updated CHANGELOG.md
[Security] Use the build-in hash_pbkdf2() when available
[SecurityBundle] added information about hash_algorithm for configuration
[Security] always check algorithm and fixed CS
* 2.1:
fixed CS
added doc comments
added doc comments
[Validator] Updated swedish translation
Update src/Symfony/Component/Validator/Resources/translations/validators.de.xlf
[2.1] Exclude tests from zips via gitattributes
[HttpKernel][Translator] Fixed type-hints
Updated lithuanian validation translation
[DomCrawler] Allows using multiselect through Form::setValues().
[Translation] forced the catalogue to be regenerated when a resource is added (closes symfony/Translation#1)
Unit test for patched method OptionsResolver::validateOptionValues().
validateOptionValues throw a notice if an allowed value is set and the corresponding option isn't.
[Form] Hardened code of ViolationMapper against errors
[HttpFoundation] Fixed#5611 - Request::splitHttpAcceptHeader incorrect result order.
[Form] Fixed negative index access in PropertyPathBuilder
Update src/Symfony/Component/Validator/Resources/translations/validators.ro.xlf
Conflicts:
src/Symfony/Component/DomCrawler/Form.php
src/Symfony/Component/Process/Process.php
This PR was merged into the 2.1 branch.
Commits
-------
65cf3a0 added doc comments
Discussion
----------
added doc comments
---------------------------------------------------------------------------
by stof at 2012-10-06T11:27:23Z
closing in favor of #5686 which targets 2.0
---------------------------------------------------------------------------
by fabpot at 2012-10-06T12:38:17Z
This one cannot be closed as it contains more phpdocs than in the 2.0 branch.
* 2.0:
fixed CS
added doc comments
[HttpKernel][Translator] Fixed type-hints
[Translation] forced the catalogue to be regenerated when a resource is added (closes symfony/Translation#1)
[HttpFoundation] Fixed#5611 - Request::splitHttpAcceptHeader incorrect result order.
Conflicts:
src/Symfony/Component/Process/Process.php
tests/Symfony/Tests/Component/HttpFoundation/RequestTest.php
This PR was merged into the master branch.
Commits
-------
36bbaf3 added entry to changelog
0187a1a adds two convenience methods for optional configuration sections
Discussion
----------
adds two convenience methods for optional configuration sections
This adds two convenience methods which safes some typing for optional configuration.
I have updated the FrameworkConfiguration to use these methods; the behavior is equivalent.
---------------------------------------------------------------------------
by sstok at 2012-10-06T12:21:09Z
👍
---------------------------------------------------------------------------
by fabpot at 2012-10-06T12:32:10Z
Looks good. Can you update the documentation as well and add a note in the component CHANGELOG? Thanks.
---------------------------------------------------------------------------
by schmittjoh at 2012-10-06T14:22:35Z
done
This PR was merged into the master branch.
Commits
-------
4b86765 [FrameworkBundle] recursively resolve container parameter placeholders for arrays in router _defaults
Discussion
----------
[2.2] [FrameworkBundle] avoid trying to resolve container placeholders on arrays on router _defaults
Bug fix: yes
Feature addition: no
Backwards compatibility break: no
Symfony2 tests pass: yes
Fixes the following tickets: ~
Todo: ~
License of the code: MIT
Documentation PR: ~
Permits to pass arrays in route `_defaults`.
---------------------------------------------------------------------------
by stof at 2012-07-20T13:07:36Z
This seems weird. An array could contain parameters in it.
---------------------------------------------------------------------------
by docteurklein at 2012-07-20T13:17:00Z
@stof An object too then, no ? Why accepting objects but not arrays ? Would you propose to recursively resolve array values ?
---------------------------------------------------------------------------
by stof at 2012-07-20T13:31:06Z
@docteurklein Resolving array values recursively would be consistent with the way the DIC parameters are resolved. I don't really see how you would resolve objects (and btw, it is pretty much an edge case as you cannot really put an object in your routes if you define them in your YAML or XML config files or with annotations)
---------------------------------------------------------------------------
by docteurklein at 2012-07-20T13:36:43Z
@stof I agree. I can manage recursive array resolving if needed.
---------------------------------------------------------------------------
by fabpot at 2012-07-23T13:58:07Z
Can you squash your commits before I merge? Thanks.
---------------------------------------------------------------------------
by docteurklein at 2012-07-23T14:39:17Z
@fabpot done.
This PR was merged into the master branch.
Commits
-------
5c809d8 [TwigBundle] added support for Twig namespaced paths (Twig 1.10)
Discussion
----------
[TwigBundle] added support for Twig namespaced paths (Twig 1.10)
In a template, you can now use native Twig template names, instead of
the Symfony ones:
Before (still works):
{% extends "AcmeDemoBundle::layout.html.twig" %}
{% include "AcmeDemoBundle:Foo:bar.html.twig" %}
After:
{% extends "@AcmeDemo/layout.html.twig" %}
{% include "@AcmeDemo/Foo/bar.html.twig" %}
Using native template names is also faster.
The only drawback is that the new notation looks similar to the way we
locate resources in Symfony, which would be
`@AcmeDemoBundle/Resources/views/Foo/bar.html.twig`. We could have used
the same notation, but it is rather verbose (and by the way, using this
notation did not work anyway in templates).
TODO: update documentation
---------------------------------------------------------------------------
by fabpot at 2012-10-03T13:36:56Z
I forgot to mention why I'd like to include this change besides performance: this would allow to share templates between a project using the Symfony2 full-stack framework and any other project using Twig.
---------------------------------------------------------------------------
by henrikbjorn at 2012-10-03T13:50:48Z
👍 Will the old notation be deprecated at some point?
---------------------------------------------------------------------------
by stof at 2012-10-03T14:29:50Z
@fabpot does it still support overwriting templates ?
