This PR was merged into the 3.4 branch.
Discussion
----------
[Security] Saltless Encoder Interface
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
A new interface for encoders that do not require a user-generated salt (generate their own built-in) as suggested by @stof ([comment](https://github.com/symfony/symfony/pull/21604/files#r101225470)), this will become useful as more password encoders are added in the future (such as symfony/symfony#21604).
Commits
-------
7c4aa0bccb Saltless Encoder Interface
* 2.8:
[CS][2.7] yoda_style, no_unneeded_curly_braces, no_unneeded_final_method, semicolon_after_instruction
[Filesystem] mirror - fix copying content with same name as source/target.
.php_cs.dist - simplify config
[WebProfilerBundle] fixed TemplateManager when using Twig 2 without compat interfaces
This PR was merged into the 3.3-dev branch.
Discussion
----------
[FrameworkBundle] Make use of stderr for non reliable output
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
Built-in commands should make use of the proper outputs.
As a feature on master, considering that people may actually rely on stdout and the fact commands have been changed a lot since 2.7, I think it's not worth doing this change on lower branches.
Please see also #20586 which adds a `SymfonyStyle::getErrorStyle()` shortcut for easily switching to stderr.
Commits
-------
7b262d8c29 [FrameworkBundle] Use getErrorStyle() when relevant
9a3a5686c8 Use stderr for some other commands
1ee48bfd60 [FrameworkBundle] Make use of stderr for non reliable output
* 2.7:
[travis] timeout the sigchild tests at 60s
CS: Single line comments should use double slashes (//) and not hash (#).
Do not use HttpKernel Extension when not needed for 2.7
Do not use HttpKernel Extension when not needed
bumped Symfony version to 2.7.9
updated VERSION for 2.7.8
updated CHANGELOG for 2.7.8
bumped Symfony version to 2.3.37
updated VERSION for 2.3.36
update CONTRIBUTORS for 2.3.36
updated CHANGELOG for 2.3.36
Revert "Revert "bug #17052 [2.7] Fixed flatten exception recursion with errors (GrahamCampbell)""
Revert "bug #17052 [2.7] Fixed flatten exception recursion with errors (GrahamCampbell)"
use nowdoc instead of heredoc
Conflicts:
src/Symfony/Component/DependencyInjection/Dumper/PhpDumper.php
src/Symfony/Component/HttpKernel/Kernel.php
src/Symfony/Component/Security/Acl/Dbal/AclProvider.php
src/Symfony/Component/Security/Acl/Dbal/MutableAclProvider.php
* 2.3:
[travis] timeout the sigchild tests at 60s
CS: Single line comments should use double slashes (//) and not hash (#).
Do not use HttpKernel Extension when not needed
bumped Symfony version to 2.3.37
updated VERSION for 2.3.36
update CONTRIBUTORS for 2.3.36
updated CHANGELOG for 2.3.36
use nowdoc instead of heredoc
Conflicts:
src/Symfony/Bundle/FrameworkBundle/Command/ConfigDumpReferenceCommand.php
src/Symfony/Bundle/FrameworkBundle/Command/RouterApacheDumperCommand.php
src/Symfony/Bundle/FrameworkBundle/Command/RouterMatchCommand.php
src/Symfony/Bundle/FrameworkBundle/Translation/Translator.php
src/Symfony/Bundle/TwigBundle/Command/LintCommand.php
src/Symfony/Component/Config/Tests/Definition/Dumper/YamlReferenceDumperTest.php
src/Symfony/Component/Debug/ExceptionHandler.php
src/Symfony/Component/HttpKernel/Kernel.php
src/Symfony/Component/Routing/Generator/Dumper/PhpGeneratorDumper.php
* 2.7:
Fixed the wrong source name and the ja translation
[Debug] fix readme: DebugClassLoader moved to debug itself
[SecurityBundle] disable the init:acl command if ACL is not used
[DI] remove useless condition around unset
[Form] Disabled view data validation if "data_class" is set to null
[HttpFoundation] Workaround HHVM rewriting HTTP response line
* 2.3:
Fixed the wrong source name and the ja translation
[SecurityBundle] disable the init:acl command if ACL is not used
[DI] remove useless condition around unset
Using a hash as a salt provides unnecessarily low entropy, especially when using Symfony's recommended password encoder (bcrypt) which truncates salt at 22 chars, giving only 16^22 bits entropy. Using base64 instead provides _up to_ 256^30 bits (256^16 to bcrypt).
This change doesn't break compatibility with the built-in PasswordEncoderInterface implementations (message-digest, pbkdf2, bcrypt, plaintext), but it _might_ not work with some custom encoders if they've been assuming hexit salts. On balance I think it's fine since the commit this patches was only merged a few hours ago :D
* 2.5:
[WIP] Made help information of commands more consistent
Made help information consistent
Conflicts:
src/Symfony/Bundle/FrameworkBundle/Command/TranslationUpdateCommand.php
src/Symfony/Component/Console/Tests/Fixtures/application_1.txt
src/Symfony/Component/Console/Tests/Fixtures/application_2.txt
src/Symfony/Component/Console/Tests/Fixtures/application_astext1.txt
src/Symfony/Component/Console/Tests/Fixtures/application_astext2.txt
src/Symfony/Component/Console/Tests/Fixtures/application_gethelp.txt
src/Symfony/Component/Console/Tests/Fixtures/application_run1.txt
* 2.5:
Use PHPUnit ini_set wrapper in tests
[Process] Added a test skip check for Windows
[Process] Removed unused variable assignment
Fixes various phpdoc and coding standards.
Fixes Issue #13184 - incremental output getters now return empty strings
Updated copyright to 2015
Updated copyright to 2015
Clarify a comment.
Conflicts:
src/Symfony/Component/HttpKernel/Fragment/EsiFragmentRenderer.php
This PR was merged into the 2.6-dev branch.
Discussion
----------
[SecurityBundle] added acl:set command
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | no
| License | MIT
| Doc PR | n/a
This new command allows to set ACL directly from the command line. This useful to quickly set up an environment and for debugging / maintenance purpose.
This PR also includes a functional test system for the ACL component. As an example, it is used to test the `acl:set` command.
The provided entity class is not mandatory (tests will still be green without it) but can be useful to test other ACL related things. I can remove it if necessary.
The instantiation of the `MaskBuilder` object is done in a separate method to be easily overridable to use a custom one (e.g. the SonataAdmin one).
Commits
-------
a702124 [SecurityBundle] added acl:set command