* 2.3:
Improve documentation of X-Forwarded-For header handling
[DoctrineBridge] Loosened CollectionToArrayTransformer::transform() to accept arrays
Removed unused use statements.
Make usleep longer and simplify assertions
Added japanese translation resource for security component.
Replaced the @inheritdoc with an actual list of params since the original method has a different signature.
fix typo : StdClass should be stdClass with little "s"
Remove unnecessary continue from Request
[Yaml] Fixed the escaping of strings starting with a dash when dumping
Fix in ChainLoader.php
fixed wrong started states
* 2.2:
[DoctrineBridge] Loosened CollectionToArrayTransformer::transform() to accept arrays
Removed unused use statements.
Make usleep longer and simplify assertions
Added japanese translation resource for security component.
[Yaml] Fixed the escaping of strings starting with a dash when dumping
Fix in ChainLoader.php
fixed wrong started states
This PR was merged into the master branch.
Discussion
----------
[Console] make InputArgument::setDefault() chainable
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | yes
| BC breaks? | maybe
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
To allow chaining of methods, setDefault should return the InputArgument. I'm not quite sure if you would tread this as a BC break?
best regards
Philipp
Commits
-------
7b7a4c1 [Console] make InputArgument::setDefault() chainable
This PR was merged into the master branch.
Discussion
----------
[Form] Add missing use in form renderer
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #9296
| License | MIT
| Doc PR | -
Commits
-------
7686867 [Form] Add missing use in form renderer
This PR was merged into the master branch.
Discussion
----------
Removed dead code (unused use statements).
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | ~
| License | MIT
| Doc PR | ~
Commits
-------
eced94b Removed dead code (unused use statements).
* 2.3:
bumped Symfony version to 2.3.7
updated VERSION for 2.3.6
updated CHANGELOG for 2.3.6
bumped Symfony version to 2.2.10
updated VERSION for 2.2.9
update CONTRIBUTORS for 2.2.9
updated CHANGELOG for 2.2.9
[Security] limited the password length passed to encoders
[HttpKernel] Fixed a test (compiler pass class name has been changed).
assets:install command should mirror .dotfiles (.htaccess)
PoFileDumper - PO headers
removed whitespaces
Conflicts:
src/Symfony/Component/HttpKernel/Kernel.php
src/Symfony/Component/Security/Core/Encoder/BCryptPasswordEncoder.php
src/Symfony/Component/Security/Core/Encoder/BasePasswordEncoder.php
src/Symfony/Component/Security/Core/Encoder/MessageDigestPasswordEncoder.php
src/Symfony/Component/Security/Core/Encoder/Pbkdf2PasswordEncoder.php
src/Symfony/Component/Security/Core/Encoder/PlaintextPasswordEncoder.php
src/Symfony/Component/Security/Core/Tests/Encoder/MessageDigestPasswordEncoderTest.php
src/Symfony/Component/Security/Core/Tests/Encoder/Pbkdf2PasswordEncoderTest.php
src/Symfony/Component/Security/Core/Tests/Encoder/PlaintextPasswordEncoderTest.php
* 2.2:
bumped Symfony version to 2.2.10
updated VERSION for 2.2.9
update CONTRIBUTORS for 2.2.9
updated CHANGELOG for 2.2.9
[Security] limited the password length passed to encoders
assets:install command should mirror .dotfiles (.htaccess)
PoFileDumper - PO headers
removed whitespaces
Conflicts:
src/Symfony/Component/HttpKernel/Kernel.php
src/Symfony/Component/Security/Core/Encoder/BCryptPasswordEncoder.php
This PR was merged into the master branch.
Discussion
----------
[Debug] Fixed `ClassNotFoundFatalErrorHandler`
After running the test suite, this produced a Fatal Error. Having continue in a child method is not allowed.
| Q | A
| ------------- | ---
| Bug fix? | [yes]
| New feature? | [no]
| BC breaks? | [no]
| Deprecations? | [no]
| Tests pass? | [yes]
| Fixed tickets | None
| License | MIT
| Doc PR | None
Commits
-------
ecee5c2 [Debug] Fixed `ClassNotFoundFatalErrorHandler`
This PR was merged into the master branch.
Discussion
----------
[HttpKernel] Fixed a test (compiler pass class name has been changed)
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes, if #9259 also gets merged
| Fixed tickets | -
| License | MIT
| Doc PR | -
**I've sent it against wrong branch. It should be merged in 2.3. Sorry.**
Commits
-------
fae01c1 [HttpKernel] Fixed a test (compiler pass class name has been changed).
* 2.3:
[Process] Fix#9182 : random failure on pipes tests
Fixed propel guessed relations
[FramworkBundle][HttpKernel] Check event listener services are not abstract
fixed CS
Check for lock existence before unlinking
remove MinCount and MaxCount contraints. It has been replaced by Count constraints.
[FrameworkBundle] fixed path replacement on Windows
Conflicts:
src/Symfony/Bridge/Propel1/Tests/Form/PropelTypeGuesserTest.php
* 2.2:
[Process] Fix#9182 : random failure on pipes tests
Fixed propel guessed relations
[FramworkBundle][HttpKernel] Check event listener services are not abstract
fixed CS
Check for lock existence before unlinking
[FrameworkBundle] fixed path replacement on Windows
Conflicts:
src/Symfony/Component/Process/Process.php
This PR was merged into the master branch.
Discussion
----------
[Form] fix missing use statement for exception UnexpectedTypeException
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? |
| Fixed tickets |
| License | MIT
| Doc PR |
fix missing use statement for exception `Symfony\Component\Form\Exception\UnexpectedTypeException`
cc @bschussek
Commits
-------
ea91533 [form] fix missing use statement for exception UnexpectedTypeException
This PR was merged into the master branch.
Discussion
----------
[Security\Csrf] Split CsrfTokenGenerator into CsrfTokenManager and TokenGenerator
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #9210
| License | MIT
| Doc PR | -
This is a follow-up PR of #6554 that splits the CsrfTokenGenerator into two separate classes for generating and managing CSRF tokens. As a consequence, it is now possible to explicitly remove or refresh CSRF tokens if they should be used only once. See #9210 for more information.
Commits
-------
d4bb5f4 [Security\Csrf] Split CsrfTokenGenerator into CsrfTokenManager and TokenGenerator
My logs are filled with a bazillion errors stating "Warning: unlink(/var/www/mysite/app/cache/prod/http_cache/md/cf/47/c693da5dab3eccb65fa36a9b4b07ad0f7cc4.lck): No such file or directory in /var/www/mysite/vendor/symfony/symfony/src/Symfony/Component/HttpKernel/HttpCache/Store.php line 53"
* 2.3:
Fix: duplicate usage of Symfony\Component\HttpFoundation\Response
[Form] add support for Length and Range constraint in order to replace MaxLength, MinLength, Max and Min constraints in next release (2.3)
Revert "merged branch Tobion/flattenexception (PR #9111)"
[Form] check the required output timezone against the actual timezone of the input datetime object, rather than the expected timezone supplied
Conflicts:
src/Symfony/Component/HttpKernel/EventListener/ExceptionListener.php
This PR was squashed before being merged into the master branch (closes#8835).
Discussion
----------
[Console] Fixed verbose option when passing verbosity level as option value
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| License | MIT
Currently passing a verbosity level to verbose option on console doesn't work unless using the shotcuts _-v_, _-vv_, _-vvv_.
This also fix _accept_value_ in the xml generated by __console help --xml__ for people using the xml output ;)
Commits
-------
a28eb8b [Console] Fixed verbose option when passing verbosity level as option value
* 2.2:
[Form] add support for Length and Range constraint in order to replace MaxLength, MinLength, Max and Min constraints in next release (2.3)
[Form] check the required output timezone against the actual timezone of the input datetime object, rather than the expected timezone supplied
This PR was squashed before being merged into the master branch (closes#8927).
Discussion
----------
[Templating] fix logic regarding template references and many phpdocs
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
this clarifies the expected types and exceptions by much. and it fixes some logic flaws.
- missing info/methods in interfaces
- respecting Twig_LoaderInterface only accepting strings, not objects
related to fabpot/Twig#1183 but does not depend on it
Commits
-------
f6c12bd [Templating] fix logic regarding template references and many phpdocs
This PR was merged into the master branch.
Discussion
----------
[RC][Form] Let null values clear fields in PATCH requests
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | yes
| Deprecations? | no
| Tests pass? | yes
I've changed the way form checks wherever or not to submit childs by checking submitted data with array_key_exists and not with just isset.
This way in PATCH requests values are not processed when they are not in array and not also when the value is null. Currently there is no way to null a value with a PATCH request, even passing it null.
This can lead to some BC breaks depending on how users used form in their code.
Commits
-------
f5812c5 [Form] Let null values to unset fields in PATCH requests
This PR was squashed before being merged into the master branch (closes#8637).
Discussion
----------
[DomCrawler] Allowed internal validation of ChoiceFormField to be disabled
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #7672
| License | MIT
| Doc PR | Not yet
Hi,
Here is a quite basic attempt to be able to disable the internal validation of the ChoiceFormField. It's pretty basic.
Feel free to tell me what you think guys. Maybe I should check the `validationDisabled` property at the beginning of the `containsOption()` method ?
I'll make the documentation PR as soon as the implementation will be validated.
Regards.
Commits
-------
739bf71 [DomCrawler] Allowed internal validation of ChoiceFormField to be disabled
This PR was merged into the master branch.
Discussion
----------
[HttpFoundation] added a way to override the Request class
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #7461, #7453
| License | MIT
| Doc PR | symfony/symfony-docs#3021
This is an alternative implementation for #7461.
I've also reverted #7381 and #7390 as these changes are not needed anymore.
Todo:
- [ ] add some tests
Commits
-------
464439d [HttpFoundation] added a way to override the Request class
This PR was merged into the master branch.
Discussion
----------
[HttpFoundation] Add a way to avoid the session be written at each request
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | yes
| BC breaks? | no (maybe the DI config ?)
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | N/A
| License | MIT
| Doc PR | https://github.com/symfony/symfony-docs/pull/3017
Commits
-------
191418d [HttpFoundation] Add a way to avoid the session be written at each request
This PR was merged into the master branch.
Discussion
----------
Decoupled TraceableEventDispatcher from the Profiler
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
This PR removes the Profiler dependency on the TraceableEventDispatcher. That makes things more decoupled and cleaner. This PR also cleans up how profiles are stored; a Profile is now always stored only once.
I've created a `LateDataCollectorInterface` that is implemented for data collector that needs to get information from data that are available very late in the request process (when the request and the response are not even available anymore). The `lateCollect()` method is called just before the profile is stored.
We have 3 data collectors that implement that interface:
* Time: As the traceable event dipsatcher gets inject timing information via the stopwatch about all events (including the `terminate` one), we need to get events from the stopwatch as late as possible.
* Event: The traceable event dispatcher gathers all called listeners to determine non-called ones. To be able to accurately do that for all events (including the `terminate` one), we need to get the data as late as possible.
* Memory: We want to get the memory as late as possible to get the most accurate number as possible
I'm not very happy with the name and as always, better suggestions would be much appreciated.
This is an extract from #9168
Commits
-------
5cedea2 [HttpKernel] added LateDataCollectorInterface
9c4bc9a [HttpKernel] decoupled TraceableEventDispatcher and Profiler
This PR was merged into the master branch.
Discussion
----------
[Security] Added Security\Csrf sub-component with better token generation
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | TODO
**Update September 27, 2013**
This PR simplifies the CSRF mechanism to generate completely random tokens. A random token is generated once per ~~intention~~ token ID and then stored in the session. Tokens are valid until the session expires.
Since the CSRF token generator depends on `StringUtils` and `SecureRandom` from Security\Core, and since Security\Http currently depends on the Form component for token generation, I decided to add a new Security\Csrf sub-component that contains the improved CSRF token generator. Consequences:
* Security\Http now depends on Security\Csrf instead of Form
* Form now optionally depends on Security\Csrf
* The configuration for the "security.secure_random" service and the "security.csrf.*" services was moved to FrameworkBundle to guarantee BC
In the new Security\Csrf sub-component, I tried to improve the naming where I could do so without breaking BC:
* CSRF "providers" are now called "token generators"
* CSRF "intentions" are now called "token IDs", because that's really what they are
##### TODO
- [ ] The documentation needs to be checked for references to the configuration of the application secret. Remarks that the secret is used for CSRF protection need to be removed.
- [ ] Add aliases "csrf_token_generator" and "csrf_token_id" for "csrf_provider" and "intention" in the SecurityBundle configuration
- [x] Make sure `SecureRandom` never blocks for `CsrfTokenGenerator`
Commits
-------
7f02304 [Security] Added missing PHPDoc tag
2e04e32 Updated Composer dependencies to require the Security\Csrf component where necessary
bf85e83 [FrameworkBundle][SecurityBundle] Added service configuration for the new Security CSRF sub-component
2048cf6 [Form] Deprecated the CSRF implementation and added an optional dependency to the Security CSRF sub-component instead
85d4959 [Security] Changed Security HTTP sub-component to depend on CSRF sub-component instead of Form
1bf1640 [Security] Added CSRF sub-component
This PR was merged into the master branch.
Discussion
----------
[Form] Rewrite boolean attributes to match HTML spec
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
Same as #7856
> 'The presence of a boolean attribute on an element represents the true value, and the absence of the attribute represents the false value.' - http://www.w3.org/html/wg/drafts/html/master/infrastructure.html#boolean-attribute
This commit modifies widget_container_attributes and widget_attributes so that:
* `true` values render as the attribute name with the attribute name repeated as the value
* `false` values are not rendered
The comparison is strict using sames() in twig.
Previously `false` values would have been rendered as `some-attribute=""` which according to the spec would actually make them a boolean attribute and therefore equal to true.
Commits
-------
b85577b [Form] Improved test coverage of widget_attributes and widget_container_attributes blocks
8e4c2a7 [Form] Rewrite boolean attributes to match HTML spec
