* 2.8: (21 commits)
[Security][bugfix] "Remember me" cookie cleared on logout with custom "secure"/"httponly" config options [1]
[ci] Use current PHP_BINARY when running ./phpunit
Fixed typos
[UPGRADE-3.0] fix bullet indentation
Throw exception if tempnam returns false in ProcessPipes
[DomCrawler] Deprecated using /_root/ in XPath expressions
Pass missing request template variables
Simplify AbstractVoter
[Form] add missing deprecation triggers
Throw exception if tempnam returns false
Fix PropertyAccessor modifying array in object when array key does not exist
[DependencyInjection] Add autowiring capabilities
Fixing typo in variable name
Add a few additional tests for the Crawler
[Form] remove obsolete deprecation comments
Updated the style of the event commands
[Debug] Deprecate providing $fileLinkFormat as second argument
[Form] minor CS fix
Updated PHPDoc of the AbstractVoter class
[Security] InMemoryUserProvider now concerns whether user's password is changed when refreshing
...
* 2.7:
[Security][bugfix] "Remember me" cookie cleared on logout with custom "secure"/"httponly" config options [1]
[ci] Use current PHP_BINARY when running ./phpunit
Fixed typos
[UPGRADE-3.0] fix bullet indentation
Fix PropertyAccessor modifying array in object when array key does not exist
[Security] InMemoryUserProvider now concerns whether user's password is changed when refreshing
* 2.3:
[Security][bugfix] "Remember me" cookie cleared on logout with custom "secure"/"httponly" config options [1]
[ci] Use current PHP_BINARY when running ./phpunit
Fixed typos
[UPGRADE-3.0] fix bullet indentation
[Security] InMemoryUserProvider now concerns whether user's password is changed when refreshing
This PR was squashed before being merged into the 2.3 branch (closes#14842).
Discussion
----------
[Security][bugfix] "Remember me" cookie cleared on logout with custom "secure"/"httponly" config options [1]
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #14822
| License | MIT
| Doc PR | ~
* test now always pass "secure" and "httponly" options, as they are required
* could be considered BC, but [`RememberMeFactory` passes them](https://github.com/symfony/symfony/blob/2.3/src/Symfony/Bundle/SecurityBundle/DependencyInjection/Security/Factory/RememberMeFactory.php#L21), so they should've always been treated as required
* I can squash the commits before merging
* Alternative solution: #14843
Commits
-------
18b1c6a [Security][bugfix] "Remember me" cookie cleared on logout with custom "secure"/"httponly" config options [1]
This PR was merged into the 2.3 branch.
Discussion
----------
[Security] InMemoryUserProvider now concerns whether user's password is changed when refreshing
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
When a user has changed own password, I want to logout any sessions which is authenticated by its user except changer itself.
[DaoAuthenticationManager::checkAuthentication()](https://github.com/symfony/symfony/blob/2.3/src/Symfony/Component/Security/Core/Authentication/Provider/DaoAuthenticationProvider.php#L59) method seems to concern about it.
But, this situation actually never happens because both users that will be passed to this method are always identical in re-authentication.
It's because the token refreshes own user via [ContextListener](https://github.com/symfony/symfony/blob/2.3/src/Symfony/Component/Security/Http/Firewall/ContextListener.php#L90) before re-authentication.
Commits
-------
729902a [Security] InMemoryUserProvider now concerns whether user's password is changed when refreshing
This PR was merged into the 2.8 branch.
Discussion
----------
Simplify AbstractVoter
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no, just simplification
| BC breaks? | no, because 2.8 is not yet released
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
Commits
-------
93de659 Simplify AbstractVoter
* 2.8:
Updated the stlyes of the YAML commands
[Security] Configuring a user checker per firewall
[PropertyInfo] Test behavior when an extractor return null.
This PR was squashed before being merged into the 2.8 branch (closes#14721).
Discussion
----------
[Security] Configuring a user checker per firewall
_Changed my base branch to avoid issues, closed old PR_
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed ticket | #11090 and helps #14673
| License | MIT
| Doc PR | symfony/symfony-docs/pull/5530
This pull request adds support for a configurable user checker per firewall. An example could be:
```yml
services:
app.user_checker:
class: App\Security\UserChecker
arguments:
- "@request_stack"
security:
firewalls:
secured_area:
pattern: ^/
anonymous: ~
basic_auth: ~
user_checker: app.user_checker
```
The above example will use the `UserChecker` defined as `app.user_checker`. If the `user_checker` option is left empty, `security.user_checker` will be used. If the `user_checkers` option is not defined, it will fall back to the original behavior to not break backwards compatibility and will validate using the existing `UserChecker`: `security.user_checker`.
I left the default argument in the service definitions to be `security.user_checker` to include backwards compatibility for people who for some reason don't have the extension executed. You can obtain the checker for a specific firewall by appending the firewall name to it. For the firewall `secured_area`, this would be `security.user_checker.secured_area`.
Commits
-------
76bc662 [Security] Configuring a user checker per firewall
This PR was merged into the 3.0-dev branch.
Discussion
----------
[3.0][Security] Remove deprecated features (follow up of #15899)
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | yes
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #15899
| License | MIT
| Doc PR | -
- updated UPGRADE-3.0.md
- removed unused `supportsClass` methods
- changed visibility of `supportsAttribute` methods from public to private, removed `inheritdoc` annotation from them because there is no definition for this methods in parent interface
- removed tests for `supportsClass` and `supportsAttribute` method
- removed unused mock creation
Commits
-------
437398d [3.0][Security] Remove deprecated features (follow up of #15899)
This PR was merged into the 3.0-dev branch.
Discussion
----------
[HttpFoundation] removed the ParameterBag::get() deep argument
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
Commits
-------
317f7b4 [HttpFoundation] removed the ParameterBag::get() deep argument
* 2.8:
add dependency required by a replaced package
Add a way to group toolbar info pieces
Added general sf-toolbar-block-right class
Bind input before executing the COMMAND event
Since #16007, the Security HTTP component requires the PropertyAccess
component to access nested parameter bag values. Since the Security
component replaces the Security HTTP component, all dependencies of the
replaced packages must be mirrored here.
* 2.8:
Remove profiler storages
deprecate finding deep items in request parameters
[CssSelector] updated README
[CssSelector] remove ConverterInterface
[DependencyInjection] improved a comment for reading fluency
[HttpKernel] change a class in tests to avoid depending on SQLite
[FrameworkBundle] Fix tests
[Bridge\Twig] Fix form lowest version
[ci] Display fastest results first when running tests in parallel
[Yaml] Improve newline handling in folded scalar blocks
* The `LegacyAbstractVoterTest` class is not needed anymore, tests have
been moved to the `AbstractVoterTest` class tagging them with the
legacy group.
* Tests are applied on `stdClass` object instances. Thus, the legacy
voter fixture class must not support `AbstractVoterTest_Object`
instances, but support `stdClass` objects instead.
* 2.8:
[Finder] simplified code
Fix tests in 2.8
[Validator] Sync polish translation file
Adding a class to make it easier to set custom authentication error messages
Readd the correct tests
"Fiş" is a correct translation for "token", however "bilet" is also used, I fixed that inconsistency. Moreover, "kimlik bilgileri" is a better translation for "credentials" than "girdiler". "Girdiler" is the translation of "inputs", so I fixed sentences with "credentials". "Hesap engellenmiş" is better than "Hesap devre dışı bırakılmış" for "Account is disabled.". "Digest nonce has expired" can be translated better as "Derleme zaman aşımına uğradı." because "Derleme zaman aşımı gerçekleşti" has a confirmation sense like user requested it to expire and it has expired.
References:
token: http://tureng.com/search/token (3rd entry)
credentials: http://www2.zargan.com/tr/q/credentials-ceviri-nedir (1st entry)
disable: http://tureng.com/search/disable (15th entry)
This PR was merged into the 2.8 branch.
Discussion
----------
Easier Custom Authentication errors
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | not yet
This makes failing authentication with a custom message much easier:
```php
throw CustomAuthenticationException::createWithSafeMessage(
'That was a ridiculous username'
);
// or
$e = new CustomAuthenticationException();
$e->setSafeMessage('That was a ridiculous username');
throw $e;
```
Currently, to do this, you'd need to create a new sub-class of `AuthenticationException`, which is way more work than it needs to be. The original design was so that all messages exposed are safe, which is why I've named the methods like I have.
Thanks!
Commits
-------
d7c1463 Adding a class to make it easier to set custom authentication error messages
This PR was merged into the 2.7 branch.
Discussion
----------
[Security] Improve AbstractVoter tests
Applying the improved tests from https://github.com/symfony/symfony/pull/15932 into the oldest possible branch.
Merge conflicts from 2.7 into 2.8 caused by this PR do not need to be done carefully, I'll create a new PR for 2.8 updating the tests as soon as these changes are merged up.
| Q | A
| ------------- | ---
| Fixed tickets | -
| License | MIT
Commits
-------
5ff741d Readd the correct tests
* 2.8: (28 commits)
Detect Mintty for color support on Windows
Detect Mintty for color support on Windows
[WebProfilerBundle] Fix search button click listener
[Form][Type Date/Time] added choice_translation_domain option.
Massively simplifying the BC and deprecated-throwing code thanks to suggestions by stof in #15870
Making all "debug" messages use the debug router
Making GuardTokenInterface extend TokenInterface
Updating behavior to not continue after an authenticator has set the response
Add a group for tests of the finder against the FTP server
Fix trigger_error calls
Fix legacy security tests
tweaking message related to configuration edge case that we want to be helpful with
Minor tweaks - lowering the required security-http requirement and nulling out a test field
Fix license headers
Fix license headers
Fix license headers
Ensure the ClockMock is loaded before using it in the testsuite
Allow serializer 3.0 in the PropertyInfo component
Add the replace rules for the security-guard component
Forbid serializing a Crawler
...
* 2.7:
Detect Mintty for color support on Windows
Detect Mintty for color support on Windows
Add a group for tests of the finder against the FTP server
Fix license headers
Forbid serializing a Crawler
Fix phpdoc block of NativeSessionStorage class
Added exception when setAutoInitialize is called when locked
[FrameworkBundle] Advanced search templates of bundles
[Security] Allow user providers to be defined in many files
Use random_bytes function if it is available for random number generation
* 2.3:
Detect Mintty for color support on Windows
Add a group for tests of the finder against the FTP server
Fix license headers
Forbid serializing a Crawler
Fix phpdoc block of NativeSessionStorage class
Added exception when setAutoInitialize is called when locked
[FrameworkBundle] Advanced search templates of bundles
[Security] Allow user providers to be defined in many files
Use random_bytes function if it is available for random number generation
This PR was merged into the 2.8 branch.
Discussion
----------
Updating behavior to not continue after an authenticator has set the response
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | https://github.com/symfony/symfony/pull/14673/files#r40492765
| License | MIT
| Doc PR | n/a
This mirrors the behavior in core: *if* a listener sets a response (on success or failure),
then the other listeners are not called. But if a response is *not* set
(which is sometimes the case for success, like in BasicAuthenticationListener),
then the other listeners are called, and can even fail.
It's all a bit of an edge-case, as only one authenticator (like authentication listener) would normally be doing any work on a request, but I think matching the other listeners (since I'm not aware of anyone having issues with its behavior) is best.
Commits
-------
5fa2684 Making all "debug" messages use the debug router
f403444 Updating behavior to not continue after an authenticator has set the response
This PR was merged into the 2.8 branch.
Discussion
----------
Abstract voter tweaks
| Q | A
| ------------- | ---
| Bug fix? | yes (a little)
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
Based on suggestions from stof in #15870, this simplifies the BC and deprecation throwing code. This also adds a BadMethodCallException in case the user doesn't override `isGranted` *or* `voteOnAttribute`, because that's just plain wrong (as is calling `isGranted()` on the parent class directly, since that was formerly abstract).
Commits
-------
c03f5c2 Massively simplifying the BC and deprecated-throwing code thanks to suggestions by stof in #15870
This PR was merged into the 2.8 branch.
Discussion
----------
Making GuardTokenInterface extend TokenInterface
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #15884
| License | MIT
| Doc PR | n/a
See #15884
Commits
-------
7f04fbb Making GuardTokenInterface extend TokenInterface
This PR was merged into the 2.8 branch.
Discussion
----------
Guard minor tweaks
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
Various completely minor things, most from suggestions on #14673
Commits
-------
869d5a7 tweaking message related to configuration edge case that we want to be helpful with
da4758a Minor tweaks - lowering the required security-http requirement and nulling out a test field
This PR was merged into the 2.8 branch.
Discussion
----------
Add the replace rules for the security-guard component
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
The update of composer replacements was forgotten in #14673
Commits
-------
5ef8abc Add the replace rules for the security-guard component
This PR was merged into the 2.8 branch.
Discussion
----------
Fix legacy security tests
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
when merging legacy test classes together in #15893, use statements where not copied, making the tests fail.
Commits
-------
8b615bb Fix legacy security tests
This mirrors the behavior in core: *if* a listener sets a response (on success or failure),
then the other listeners are not called. But if a response is *not* set
(which is sometimes the case for success, like in BasicAuthenticationListener),
then the other listeners are called, and can even fail.
This PR was merged into the 2.8 branch.
Discussion
----------
Merged LegacySecurityContext tests
I've no idea why this test was introduced in the wrong namespace in 2.8, but I merged it in the correct test case now.
Commits
-------
2c4da3c Merged LegacySecurityContext tests
* 2.8: (23 commits)
[Validator] added BIC (SWIFT-BIC) validation constraint
[TwigBridge] Foundation form layout integration
[Security] Deprecated supportsAttribute and supportsClass methods
bumped Symfony version to 2.7.6
updated VERSION for 2.7.5
updated CHANGELOG for 2.7.5
bumped Symfony version to 2.3.34
updated VERSION for 2.3.33
update CONTRIBUTORS for 2.3.33
updated CHANGELOG for 2.3.33
[Console] Fix transient HHVM test
[OptionsResolver] Fix catched exception along the dependency tree mistakenly detects cyclic dependencies
fixed tests
[DI] Support deprecated definitions in decorators
[DI] Allow to change the deprecation message in Definition
[DI] Trigger a deprecated error on the container builder
[DI] Dump the deprecated status
[DI] Supports the deprecated tag in loaders
[DI] Add a deprecated status to definitions
Fixing test locations
...
This PR was squashed before being merged into the 2.8 branch (closes#15151).
Discussion
----------
[Security] Deprecated supportsAttribute and supportsClass methods
These methods aren't used at all in a Symfony application and don't make sense to use in the application. They are only used internally in the voters. This means the voter interface can be made much easier.
I'm not sure how we do these deprecations, should we remove the methods from the interface now already? Also, I don't think it's possible to trigger deprecation notices for the voter methods?
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | yes
| Tests pass? | yes
| Fixed tickets | one of #11742
| License | MIT
| Doc PR | -
Abstract Voter
---
There is one remaining question about the abstract voter. This currently has abstract `getSupportedAttributes()` and `getSupportedClass()` methods. One of the reasons to remove the methods for the interface was that these methods are not flexible. Does it make sense to deprecate these methods as well and replace them by an abstract `protected vote(array $attributes, $class)` method in the `AbstractVoter` (which is called from `AbstractVoter#vote()`) ?
Commits
-------
6588708 [Security] Deprecated supportsAttribute and supportsClass methods
* 2.7:
[Console] Fix transient HHVM test
[OptionsResolver] Fix catched exception along the dependency tree mistakenly detects cyclic dependencies
fixed tests
Fixing test locations
[VarDumper] Fix dump comparison on large arrays
[expression-language] Code Cleanup for GetAttrNode
* 2.8: (29 commits)
Updating AbstractVoter so that the method receives the TokenInterface
Adding the necessary files so that Guard can be its own installable component
Fix syntax in a test
Normalize the way we check versions
Avoid errors when generating the logout URL when there is no firewall key
Removing unnecessary override
fabbot
Adding a new exception and throwing it when the User changes
Fixing a bug where having an authentication failure would log you out.
Tweaks thanks to Wouter
Adding logging on this step and switching the order - not for any huge reason
Adding a base class to assist with form login authentication
Allowing for other authenticators to be checked
meaningless author and license changes
Adding missing factory registration
Thanks again fabbot!
A few more changes thanks to @iltar
Splitting the getting of the user and checking credentials into two steps
Tweaking docblock on interface thanks to @iltar
Adding periods at the end of exceptions, and changing one class name to LogicException thanks to @iltar
...
Conflicts:
UPGRADE-2.8.md
src/Symfony/Bridge/Twig/Tests/Node/DumpNodeTest.php
src/Symfony/Bundle/FrameworkBundle/Command/ServerCommand.php
src/Symfony/Component/Validator/Tests/Constraints/AbstractComparisonValidatorTestCase.php
src/Symfony/Component/Validator/Tests/Constraints/IdenticalToValidatorTest.php
src/Symfony/Component/Validator/Tests/Constraints/RangeValidatorTest.php
This PR was merged into the 2.8 branch.
Discussion
----------
New Guard Authentication System (e.g. putting the joy back into security)
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | at least partially: #14300, #11158, #11451, #10035, #10463, #8606, probably more
| License | MIT
| Doc PR | symfony/symfony-docs#5265
Hi guys!
Though it got much easier in 2.4 with `pre_auth`, authentication is a pain in Symfony. This introduces a new authentication provider called guard, with one goal in mind: put everything you need for *any* authentication system into one spot.
### How it works
With guard, you can perform custom authentication just by implementing the [GuardAuthenticatorInterface](https://github.com/weaverryan/symfony/blob/guard/src/Symfony/Component/Security/Guard/GuardAuthenticatorInterface.php) and registering it as a service. It has methods for every part of a custom authentication flow I can think of.
For a working example, see https://github.com/weaverryan/symfony-demo/tree/guard-auth. This uses 2 authenticators simultaneously, creating a system that handles [form login](https://github.com/weaverryan/symfony-demo/blob/guard-auth/src/AppBundle/Security/FormLoginAuthenticator.php) and [api token auth](https://github.com/weaverryan/symfony-demo/blob/guard-auth/src/AppBundle/Security/TokenAuthenticator.php) with a respectable amount of code. The [security.yml](https://github.com/weaverryan/symfony-demo/blob/guard-auth/app/config/security.yml) is also quite simple.
This also supports "manual login" without jumping through hoops: https://github.com/weaverryan/symfony-demo/blob/guard-auth/src/AppBundle/Controller/SecurityController.php#L45
I've also tested with "remember me" and "switch user" - no problems with either.
I hope you like it :).
### What's Needed
1) **Other Use-Cases?**: Please think about the code and try it. What use-cases are we *not* covering? I want Guard to be simple, but cover the 99.9% use-cases.
2) **Remember me** functionality cannot be triggered via manual login. That's true now, and it's not fixed, and it's tricky.
### Deprecations?
This is a new feature, so no deprecations. But, creating a login form with a guard authenticator is a whole heck of a lot easier to understand than `form_login` or even `simple_form`. In a perfect world, we'd either deprecate those or make them use "guard" internally so that we have just **one** way of performing authentication.
Thanks!
Commits
-------
a01ed35 Adding the necessary files so that Guard can be its own installable component
d763134 Removing unnecessary override
e353833 fabbot
dd485f4 Adding a new exception and throwing it when the User changes
302235e Fixing a bug where having an authentication failure would log you out.
396a162 Tweaks thanks to Wouter
c9d9430 Adding logging on this step and switching the order - not for any huge reason
31f9cae Adding a base class to assist with form login authentication
0501761 Allowing for other authenticators to be checked
293c8a1 meaningless author and license changes
81432f9 Adding missing factory registration
7a94994 Thanks again fabbot!
7de05be A few more changes thanks to @iltar
ffdbc66 Splitting the getting of the user and checking credentials into two steps
6edb9e1 Tweaking docblock on interface thanks to @iltar
d693721 Adding periods at the end of exceptions, and changing one class name to LogicException thanks to @iltar
eb158cb Updating interface method per suggestion - makes sense to me, Request is redundant
c73c32e Thanks fabbot!
6c180c7 Adding an edge case - this should not happen anyways
180e2c7 Properly handles "post auth" tokens that have become not authenticated
873ed28 Renaming the tokens to be clear they are "post" and "pre" auth - also adding an interface
a0bceb4 adding Guard tests
05af97c Initial commit (but after some polished work) of the new Guard authentication system
330aa7f Improving phpdoc on AuthenticationEntryPointInterface so people that implement this understand it
This is quite technical. As you can see in the provider, the method is called
sometimes when the User changes, and so the token becomes de-authenticated (e.g.
someone else changes the password between requests).
In practice, the user should be unauthenticated. Using the anonymous token did this,
but throwing an AccountStatusException seems like a better idea. It needs to be an
AccountStatusException because the ExceptionListener from the Firewall looks for exceptions
of this class and logs the user out when they are found (because this is their purpose).
This solution is a copy of what AbstractAuthenticationListener does. Scenario:
1) Login
2) Go back to the log in page
3) Put in a bad user/pass
You *should* still be logged in after a failed attempt. This commit gives that behavior.
This looks like a subjective change (one more method, but the method implementations are
simpler), but it wasn't. The problem was that the UserChecker checkPreAuth should happen
*after* we get the user, but *before* the credentials are checked, and that wasn't possible
before this change. Now it is.
Here is the flow:
A) You login using guard and are given a PostAuthGuardToken
B) Your user changes between requests - AbstractToken::setUser() and hasUserChanged() - which
results in the Token becoming "not authenticated"
C) Something calls out to the security system, which then passes the no-longer-authed
token back into the AuthenticationProviderManager
D) Because the PostauthGuardToken implements GuardTokenInterface, the provider responds
to it. But, seeing that this is a no-longer-authed PostAuthGuardToken, it returns
an AnonymousToken, which triggers logout
The reason is that the GuardAuthenticationProvider *must* respond to *all* tokens
created by the system - both "pre auth" and "post auth" tokens. The reason is that
if a "post auth" token becomes not authenticated (e.g. because the user changes between
requests), then it may be passed to the provider system. If no providers respond (which
was the case before this commit), then AuthenticationProviderManager throws an exception.
The next commit will properly handle these "post auth" + "no-longer-authenticated" tokens,
which should cause a log out.
* 2.8:
bumped minimal version in appveyor to 5.3.9
[VarDumper] Fix missing support for dumping PHP7 return type
Require security-acl 2.7 for BC
[travis] disable symfony_debug ext when deps!=no
Require actual version of ACL component until ACL/2.8 branch released
Do not normalize the kernel root directory path (see symfony/symfony#15474).
Don't trigger deprecation on interfaces
[Debug] Ignore silencing for deprecations
[ci] Run minimal versions on appveyor only
Deprecated Security ClassUtils in favor of Acl ClassUtils
Fix appveyor file
consistently use str_replace to unify directory separators (remaining)
* 2.7:
[VarDumper] Fix missing support for dumping PHP7 return type
[travis] disable symfony_debug ext when deps!=no
Do not normalize the kernel root directory path (see symfony/symfony#15474).
Don't trigger deprecation on interfaces
[Debug] Ignore silencing for deprecations
[ci] Run minimal versions on appveyor only
Fix appveyor file
consistently use str_replace to unify directory separators (remaining)
* 2.8: (21 commits)
Fix merge
Fix typo
Various fixes esp. on Windows
Fix the validation of form resources to register the default theme
Fix the retrieval of the value with property path when using a loader
[appveyor] minor enhancements
[Process] Disable failing tests on Windows
[Translation] Fix the string casting in the XliffFileLoader
Windows and Intl fixes
Add appveyor.yml for C.I. on Windows
[VarDumper] fixed HtmlDumper to target specific the head tag
[travis] merge php: nightly and deps=high test-matrix lines
consistently use str_replace to unify directory separators
Support omitting the <target> node in an .xlf file.
Fix the handling of values for multiple choice types
moved PHP nightly to PHP 7.0
fixed tests using deprecation features
[Form] made deprecation notice more precise
fixed CS
Fix BC break after split of ACL from core
...
Conflicts:
.travis.yml
composer.json
src/Symfony/Bundle/TwigBundle/DependencyInjection/Configuration.php
src/Symfony/Component/Intl/DateFormatter/IntlDateFormatter.php
src/Symfony/Component/Intl/Tests/DateFormatter/AbstractIntlDateFormatterTest.php
src/Symfony/Component/Locale/Tests/LocaleTest.php
* 2.7:
Various fixes esp. on Windows
Fix the validation of form resources to register the default theme
Fix the retrieval of the value with property path when using a loader
[appveyor] minor enhancements
[Process] Disable failing tests on Windows
[Translation] Fix the string casting in the XliffFileLoader
Windows and Intl fixes
Add appveyor.yml for C.I. on Windows
[VarDumper] fixed HtmlDumper to target specific the head tag
[travis] merge php: nightly and deps=high test-matrix lines
consistently use str_replace to unify directory separators
Support omitting the <target> node in an .xlf file.
Fix the handling of values for multiple choice types
moved PHP nightly to PHP 7.0
[Security] Add missing docblock in PreAuthenticatedToken
Conflicts:
.travis.yml
* 2.3:
Windows and Intl fixes
Add appveyor.yml for C.I. on Windows
[travis] merge php: nightly and deps=high test-matrix lines
[Security] Add missing docblock in PreAuthenticatedToken
Conflicts:
.travis.yml
src/Symfony/Component/Filesystem/Tests/FilesystemTest.php
src/Symfony/Component/HttpFoundation/JsonResponse.php
src/Symfony/Component/Intl/DateFormatter/IntlDateFormatter.php
* 2.8:
[Locale] Add missing @group legacy annotations
[Form] Add missing @group legacy annotations
[Form] Use FQCN form types
Fix security-acl deps
Fix typo
[Security] Removed security-acl from the core
fixed typos
Fix doctrine mapping validation type error
Remove skipping of tests based on ICU data version whenever possible
Fix the handling of null as locale in the stub intl classes
do not dump leading backslashes in class names
fix issue #15377
Skip ::class constant
[Config] type specific check for emptiness
[Form] Deprecated FormTypeInterface::getName() and passing of type instances
Conflicts:
UPGRADE-2.8.md
composer.json
src/Symfony/Bridge/Doctrine/composer.json
src/Symfony/Bridge/Twig/composer.json
src/Symfony/Bundle/SecurityBundle/composer.json
src/Symfony/Component/ClassLoader/ClassMapGenerator.php
src/Symfony/Component/DependencyInjection/Tests/ContainerTest.php
src/Symfony/Component/Form/Tests/AbstractExtensionTest.php
src/Symfony/Component/Form/Tests/AbstractLayoutTest.php
src/Symfony/Component/Form/Tests/SimpleFormTest.php
src/Symfony/Component/Locale/Tests/LocaleTest.php
src/Symfony/Component/Locale/Tests/Stub/StubLocaleTest.php
src/Symfony/Component/Security/Acl/README.md
src/Symfony/Component/Security/Acl/composer.json
This PR was squashed before being merged into the 2.8 branch (closes#15013).
Discussion
----------
[Security] Removed security-acl from the core
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | part of #14718
| License | MIT
| Doc PR | ~
The `Security\Acl` is removed from the core and is loaded from its own repository. All tests were passing and this is fully backwards compatible. I have removed all but the Test files in the first step and added the dependency to verify the Test were still working with the package dependency. The second step was to remove the remaining test files and tests are still running for both the Bundle and the Framework. Once the Read-Only repository is a full standalone repository, this PR can be merged.
- [x] Remove component from the core
- [ ] Remove read-only from https://github.com/symfony/security-acl
Once this PR is merged, I can start working on splitting the SecurityBundle and extracting the ACL part to the AclBundle.
/cc @fabpot
Commits
-------
b26a449 [Security] Removed security-acl from the core
* 2.8: (63 commits)
[Debug] Deprecate ExceptionHandler::createResponse
[Debug] cleanup ExceptionHandlerTest
Reordered the toolbar elements via service priorities
bumped Symfony version to 2.7.4
Increased the z-index of .sf-toolbar-info
Removed an unused media query
updated VERSION for 2.7.3
updated CHANGELOG for 2.7.3
Redesigned "abbr" elements
Restored the old behavior for toolbars with lots of elements
Tweaks and bug fixes
Added some upgrade notes about the new toolbar design
fixed typo in translation keys
Fix the return value on error for intl methods returning arrays
Removed an useless CSS class and added styles for <hr>
Added a new profiler_markup_version to improve BC of the new toolbar
Fix merge
Removed an unused import
Reverted the feature to display different toolbar versions
Minor JavaScript optimizations
...
Conflicts:
CHANGELOG-2.7.md
UPGRADE-2.8.md
src/Symfony/Bundle/FrameworkBundle/Resources/config/collectors.xml
src/Symfony/Component/Debug/composer.json
src/Symfony/Component/HttpKernel/HttpCache/HttpCache.php
* 2.7:
[php7] Fix for substr() always returning a string
[Security] Do not save the target path in the session for a stateless firewall
Fix calls to HttpCache#getSurrogate triggering E_USER_DEPRECATED errors.
[DependencyInjection] fixed FrozenParameterBag and improved Parameter…
* 2.3:
[php7] Fix for substr() always returning a string
[Security] Do not save the target path in the session for a stateless firewall
[DependencyInjection] fixed FrozenParameterBag and improved Parameter…
Conflicts:
src/Symfony/Component/Debug/Tests/ErrorHandlerTest.php
src/Symfony/Component/Security/Http/Firewall/ExceptionListener.php
* 2.8:
[Yaml] throw a ParseException on invalid data type
[TwigBridge] type-dependent path discovery
Resources as string have the same problem
Introduce failing test case when a SplFileInfo object is passed to the extract() method in the TwigExtractor.
#15331 add infos about deprecated classes to UPGRADE-3.0
[Asset] removed unused private property.
[Twig+FrameworkBundle] Fix forward compat with Form 2.8
[2.6] Static Code Analysis for Components
[Security/Http] Fix test relying on a private property
[Serializer] Fix bugs reported in b5990be491 (commitcomment-12301266)
[Form] Fix not-BC test assertion
[Security] Moved Simple{Form,Pre}AuthenticatorInterfaces to Security\Http
[Security] removed useless else condition in SwitchUserListener class.
[travis] Tests deps=low with PHP 5.6
Implement resettable containers
[Console] Fix console output with closed stdout
* 2.7:
[Yaml] throw a ParseException on invalid data type
[TwigBridge] type-dependent path discovery
Resources as string have the same problem
Introduce failing test case when a SplFileInfo object is passed to the extract() method in the TwigExtractor.
#15331 add infos about deprecated classes to UPGRADE-3.0
[Asset] removed unused private property.
[Security] removed useless else condition in SwitchUserListener class.
[travis] Tests deps=low with PHP 5.6
[Console] Fix console output with closed stdout
* 2.6:
[Yaml] throw a ParseException on invalid data type
#15331 add infos about deprecated classes to UPGRADE-3.0
[Security] removed useless else condition in SwitchUserListener class.
[travis] Tests deps=low with PHP 5.6
[Console] Fix console output with closed stdout
* 2.7:
[Twig+FrameworkBundle] Fix forward compat with Form 2.8
[2.6] Static Code Analysis for Components
[Security/Http] Fix test relying on a private property
[Serializer] Fix bugs reported in b5990be491 (commitcomment-12301266)
Conflicts:
src/Symfony/Bridge/Twig/Resources/views/Form/form_div_layout.html.twig
src/Symfony/Bundle/FrameworkBundle/Resources/views/Form/widget_attributes.html.php
src/Symfony/Component/Security/Http/Tests/Firewall/AnonymousAuthenticationListenerTest.php
* 2.8: (27 commits)
[2.8] Fix 3.0 incompatible deps
[HttpKernel] Fix lowest dep
[Security] fix check for empty usernames
[Form] updated exception message of ButtonBuilder::setRequestHandler()
[travis] Fix deps=high jobs
Fix typo 'assets.package' => 'assets.packages' in UPGRADE-2.7
[Serializer] Simplify AbstractNormalizer::prepareForDenormalization()
[HttpFoundation] [PSR-7] Allow to use resources as content body and to return resources from string content
[DependencyInjection] Forbid container cloning
[HttpFoundation] Fix Response::closeOutputBuffers() for HHVM 3.3
[WebProfilerBundle] Add link to show profile of latest request
[DependencyInjection] Remove unused code in XmlFileLoader
[HttpFoundation] Behaviour change in PHP7 for substr
[Console] Set QuestionHelper max attempts in tests
[Form] Fix a BC break in the entity
fix broken ChoiceQuestion
bumped Symfony version to 2.7.3
updated VERSION for 2.7.2
updated CHANGELOG for 2.7.2
bumped Symfony version to 2.6.11
...
Conflicts:
.travis.yml
CHANGELOG-2.3.md
CHANGELOG-2.6.md
CHANGELOG-2.7.md
UPGRADE-2.7.md
src/Symfony/Bridge/Twig/composer.json
src/Symfony/Bundle/FrameworkBundle/Tests/Console/Descriptor/AbstractDescriptorTest.php
src/Symfony/Bundle/FrameworkBundle/composer.json
src/Symfony/Bundle/SecurityBundle/composer.json
src/Symfony/Component/Form/composer.json
src/Symfony/Component/HttpKernel/composer.json
This PR was squashed before being merged into the 2.8 branch (closes#15131).
Discussion
----------
[Security] Moved Simple{Form,Pre}AuthenticatorInterfaces to Security\Http
Description
---
The `SimpleFormAuthenticatorInterface` and `SimplePreAuthenticatorInterface` rely on `Request`, which means it's a Http land class. This means they don't belong in core.
Having a form login that doesn't depend on the request is an option as well (e.g. a console application might use the question helper to implement a "form" login). However, then there is a need for a new abstraction of the request. I don't think it's worth it.
Furthermore, the only classes typehinting/relying on this interfaces can be found in `Security\Http`.
Implementation
---
The new interfaces extend the old ones for better backwards compability. Symfony doesn't trigger deprecation errors for interfaces, see 6f57b7b552
PR Info Table
---
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | yes
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
Commits
-------
ebb2064 [Security] Moved Simple{Form,Pre}AuthenticatorInterfaces to Security\Http
* 2.7:
[HttpKernel] Fix lowest dep
[Security] fix check for empty usernames
[Form] updated exception message of ButtonBuilder::setRequestHandler()
[travis] Fix deps=high jobs
Fix typo 'assets.package' => 'assets.packages' in UPGRADE-2.7
[Serializer] Simplify AbstractNormalizer::prepareForDenormalization()
[HttpFoundation] [PSR-7] Allow to use resources as content body and to return resources from string content
[DependencyInjection] Remove unused code in XmlFileLoader
[HttpFoundation] Behaviour change in PHP7 for substr
bumped Symfony version to 2.3.32
updated VERSION for 2.3.31
update CONTRIBUTORS for 2.3.31
updated CHANGELOG for 2.3.31
Conflicts:
src/Symfony/Bridge/Twig/composer.json
src/Symfony/Bundle/FrameworkBundle/composer.json
src/Symfony/Component/HttpKernel/composer.json
* 2.6:
[Security] fix check for empty usernames
[Form] updated exception message of ButtonBuilder::setRequestHandler()
[travis] Fix deps=high jobs
[HttpFoundation] [PSR-7] Allow to use resources as content body and to return resources from string content
[DependencyInjection] Remove unused code in XmlFileLoader
[HttpFoundation] Behaviour change in PHP7 for substr
bumped Symfony version to 2.3.32
updated VERSION for 2.3.31
update CONTRIBUTORS for 2.3.31
updated CHANGELOG for 2.3.31
Conflicts:
src/Symfony/Bridge/Twig/composer.json
src/Symfony/Bundle/FrameworkBundle/composer.json
* 2.3:
[Security] fix check for empty usernames
[Form] updated exception message of ButtonBuilder::setRequestHandler()
[travis] Fix deps=high jobs
[HttpFoundation] [PSR-7] Allow to use resources as content body and to return resources from string content
[DependencyInjection] Remove unused code in XmlFileLoader
[HttpFoundation] Behaviour change in PHP7 for substr
bumped Symfony version to 2.3.32
updated VERSION for 2.3.31
update CONTRIBUTORS for 2.3.31
updated CHANGELOG for 2.3.31
Conflicts:
src/Symfony/Bridge/Twig/composer.json
src/Symfony/Bundle/FrameworkBundle/composer.json
src/Symfony/Component/DependencyInjection/Loader/XmlFileLoader.php
src/Symfony/Component/HttpKernel/Kernel.php
* 2.8:
Added 'default' color
[HttpFoundation] Reload the session after regenerating its id
[HttpFoundation] Add a test case to confirm a bug in session migration
[Serializer] Fix ClassMetadata::sleep()
[2.6] Static Code Analysis for Components and Bundles
[Finder] Command::addAtIndex() fails with Command instance argument
[DependencyInjection] Freeze also FrozenParameterBag::remove
[Twig][Bridge] replaced `extends` with `use` in bootstrap_3_horizontal_layout.html.twig
fix CS
fixed CS
Add a way to reset the singleton
[Security] allow to use `method` in XML configs
[Serializer] Fix Groups tests.
Remove duplicate example
Remove var not used due to returning early (introduced in 8982c32)
[Serializer] Fix Groups PHPDoc
Enhance hhvm test skip message
fix for legacy asset() with EmptyVersionStrategy
[Form] Added upgrade notes for #15061
* 2.7:
Added 'default' color
[HttpFoundation] Reload the session after regenerating its id
[HttpFoundation] Add a test case to confirm a bug in session migration
[Serializer] Fix ClassMetadata::sleep()
[2.6] Static Code Analysis for Components and Bundles
[Finder] Command::addAtIndex() fails with Command instance argument
[DependencyInjection] Freeze also FrozenParameterBag::remove
[Twig][Bridge] replaced `extends` with `use` in bootstrap_3_horizontal_layout.html.twig
fix CS
fixed CS
Add a way to reset the singleton
[Security] allow to use `method` in XML configs
[Serializer] Fix Groups tests.
Remove duplicate example
Remove var not used due to returning early (introduced in 8982c32)
[Serializer] Fix Groups PHPDoc
Enhance hhvm test skip message
fix for legacy asset() with EmptyVersionStrategy
[Form] Added upgrade notes for #15061
* 2.6:
Added 'default' color
[HttpFoundation] Reload the session after regenerating its id
[HttpFoundation] Add a test case to confirm a bug in session migration
[2.6] Static Code Analysis for Components and Bundles
[Finder] Command::addAtIndex() fails with Command instance argument
[DependencyInjection] Freeze also FrozenParameterBag::remove
[Twig][Bridge] replaced `extends` with `use` in bootstrap_3_horizontal_layout.html.twig
fix CS
fixed CS
Add a way to reset the singleton
[Security] allow to use `method` in XML configs
Remove duplicate example
Remove var not used due to returning early (introduced in 8982c32)
Enhance hhvm test skip message
This PR was squashed before being merged into the 2.8 branch (closes#15141).
Discussion
----------
[DX] [Security] Renamed Token#getKey() to getSecret()
There are 2 very vague parameter names in the authentication process: `$providerKey` and `$key`. Some tokens/providers have the first one, some tokens/providers the second one and some both. An overview:
| Token | `providerKey` | `key`
| --- | --- | ---
| `AnonymousToken` | - | yes
| `PreAuth...Token` | yes | -
| `RememberMeToken` | yes | yes
| `UsernamePasswordToken` | yes | -
Both names are extremely general and their PHPdocs contains pure no-shit-sherlock-descriptions :squirrel: (like "The key."). This made me and @iltar think it's just an inconsistency and they have the same meaning.
...until we dived deeper into the code and came to the conclusion that `$key` has a Security task (while `$providerKey` doesn't really). If it takes people connected to Symfony internals 30+ minutes to find this out, it should be considered for an improvement imo.
So here is our suggestion: **Rename `$key` to `$secret`**. This explains much better what the value of the string has to be (for instance, it's important that the string is not easily guessable and cannot be found out, according to the Spring docs). It also explains the usage better (it's used as a replacement for credentials and to hash the RememberMeToken).
**Tl;dr**: `$key` and `$providerKey` are too general names, let's improve DX by renaming them. This PR tackles `$key` by renaming it to `$secret`.
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | yes
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
*My excuse for the completely unrelated branch name*
Commits
-------
24e0eb6 [DX] [Security] Renamed Token#getKey() to getSecret()
* 2.6:
[2.6] Towards 100% HHVM compat
[Security/Http] Fix test
[Stopwatch] Fix test
Minor fixes
Towards 100% HHVM compat
unify default AccessDeniedExeption message
trigger event with right user (add test)
[Security] Initialize SwitchUserEvent::targetUser on attemptExitUser
[Form] Fixed: Data mappers always receive forms indexed by their names
Conflicts:
src/Symfony/Bundle/FrameworkBundle/Controller/Controller.php
src/Symfony/Component/VarDumper/Tests/CliDumperTest.php
src/Symfony/Component/VarDumper/Tests/HtmlDumperTest.php
* 2.3:
Minor fixes
Towards 100% HHVM compat
trigger event with right user (add test)
[Security] Initialize SwitchUserEvent::targetUser on attemptExitUser
[Form] Fixed: Data mappers always receive forms indexed by their names
Conflicts:
src/Symfony/Component/Debug/Tests/ErrorHandlerTest.php
src/Symfony/Component/Filesystem/Filesystem.php
src/Symfony/Component/Process/Tests/AbstractProcessTest.php
The `SwitchUserEvent` is triggered in case an account is switched. This works okay while switching to the user, but on exit the `SwitchUserEvent` is triggered again with the original User. That User was not initialized by the provider yet.
load user by UserInterface instead of username
* 2.3:
Fix quoting style consistency.
[DependencyInjection] Fail when dumping a Definition with no class nor factory
Normalizing recursively - see #9096
No change - the normalizeParams is a copy-and-paste of the earlier logic
fixes issue with logging array of non-utf8 data
fix validation for Maestro UK card numbers
* 2.7:
[FrameworkBundle] Reuse PropertyAccessor service for ObjectNormalizer
[VarDumper] Fix dump output for better readability
[PhpUnitBridge] Enforce @-silencing of deprecation notices according to new policy
* 2.8: (42 commits)
[DoctrineBridge] Bypass the db when no valid identifier is provided in ORMQueryBuilderLoader
[Serializer] Fixed typo in comment
[Form] Fixed: Filter non-integers when selecting entities by int ID
[Form] [EventListener] fixed sending non array data on submit to ResizeListener
Fix merge
Fix merge
Add test for HHVM FatalErrors
[2.6][Debug] Fix fatal-errors handling on HHVM
[Debug] Fix log level of stacked errors
[Form] Deprecated "cascade_validation"
[Form] Add "prototype_data" option to collection type
[VarDumper] Fix uninitialized id in HtmlDumper
[Form] Added the 'range' FormType
Fixed fluent interface
[Console] Fix tests on Windows
[2.7] Fix unsilenced deprecation notices
[2.3][Debug] Fix fatal-errors handling on HHVM
[Debug] fix debug class loader case test on windows
Standardize the name of the exception variables
[Debug+VarDumper] Fix handling of PHP7 exception/error model
...
Conflicts:
CHANGELOG-2.7.md
UPGRADE-2.7.md
UPGRADE-2.8.md
src/Symfony/Bridge/Twig/AppVariable.php
src/Symfony/Component/Console/Helper/DialogHelper.php
src/Symfony/Component/Debug/ErrorHandler.php
src/Symfony/Component/Debug/Tests/ErrorHandlerTest.php
src/Symfony/Component/DependencyInjection/Compiler/ResolveParameterPlaceHoldersPass.php
src/Symfony/Component/Form/AbstractType.php
src/Symfony/Component/Form/AbstractTypeExtension.php
src/Symfony/Component/HttpKernel/Tests/DependencyInjection/ContainerAwareHttpKernelTest.php
src/Symfony/Component/HttpKernel/Tests/Logger.php
src/Symfony/Component/PropertyAccess/Exception/UnexpectedTypeException.php
src/Symfony/Component/Routing/Route.php
* 2.7: (36 commits)
[DoctrineBridge] Bypass the db when no valid identifier is provided in ORMQueryBuilderLoader
[Serializer] Fixed typo in comment
[Form] Fixed: Filter non-integers when selecting entities by int ID
Fix merge
Fix merge
Add test for HHVM FatalErrors
[2.6][Debug] Fix fatal-errors handling on HHVM
[Debug] Fix log level of stacked errors
[VarDumper] Fix uninitialized id in HtmlDumper
Fixed fluent interface
[Console] Fix tests on Windows
[2.7] Fix unsilenced deprecation notices
[2.3][Debug] Fix fatal-errors handling on HHVM
[Debug] fix debug class loader case test on windows
Standardize the name of the exception variables
[Debug+VarDumper] Fix handling of PHP7 exception/error model
Do not trigger deprecation error in ResolveParameterPlaceHoldersPass
[2.3] Static Code Analysis for Components
Added a small Upgrade note regarding security.context
added missing deprecation in CHANGELOG
...
Conflicts:
src/Symfony/Bundle/WebProfilerBundle/Resources/views/Collector/logger.html.twig
src/Symfony/Component/HttpKernel/Kernel.php
* 2.6:
Add test for HHVM FatalErrors
[2.6][Debug] Fix fatal-errors handling on HHVM
[2.3][Debug] Fix fatal-errors handling on HHVM
Standardize the name of the exception variables
[2.3] Static Code Analysis for Components
Remove duplicated paths
Conflicts:
src/Symfony/Component/Debug/ErrorHandler.php
src/Symfony/Component/Security/Http/Firewall/BasicAuthenticationListener.php
src/Symfony/Component/Security/Http/Firewall/ContextListener.php
src/Symfony/Component/Security/Http/Firewall/RememberMeListener.php
src/Symfony/Component/Security/Http/RememberMe/AbstractRememberMeServices.php
* 2.3:
[2.3][Debug] Fix fatal-errors handling on HHVM
Standardize the name of the exception variables
[2.3] Static Code Analysis for Components
Remove duplicated paths
Conflicts:
src/Symfony/Component/Debug/ErrorHandler.php
src/Symfony/Component/HttpFoundation/Session/Storage/MockArraySessionStorage.php
src/Symfony/Component/Security/Acl/Dbal/AclProvider.php
src/Symfony/Component/Security/Core/Authentication/Provider/UserAuthenticationProvider.php
* 2.6:
[Debug] Fix log level of stacked errors
[VarDumper] Fix uninitialized id in HtmlDumper
Fixed fluent interface
[Debug] fix debug class loader case test on windows
[Debug+VarDumper] Fix handling of PHP7 exception/error model
[2.6][Security][Translation] #14920 update translations
[VarDumper] Cherry-pick code style fixes from 2.7
Bug #14836 [HttpFoundation] Moves default JSON encoding assignment from constructor to property
Conflicts:
src/Symfony/Component/Debug/Tests/DebugClassLoaderTest.php
src/Symfony/Component/VarDumper/Caster/DOMCaster.php
src/Symfony/Component/VarDumper/Caster/ExceptionCaster.php
src/Symfony/Component/VarDumper/Caster/PdoCaster.php
src/Symfony/Component/VarDumper/Caster/SplCaster.php
This PR was merged into the 2.7 branch.
Discussion
----------
added missing deprecation in CHANGELOG
Commits
-------
ddddeb5 added missing deprecation in CHANGELOG
* 2.7:
Fix test name
fixed CS
Allow new lines in Messages translated with transchoice() (replacement for #14867)
[Form] Swap new ChoiceView constructor arguments to ease migrating from the deprecated one
[2.3] Fix tests on Windows
[Yaml] remove partial deprecation annotation
Silence invasive deprecation warnings, opt-in for warnings
Documenting how to keep option value BC - see #14377
Conflicts:
src/Symfony/Bridge/Doctrine/composer.json
src/Symfony/Bridge/Twig/composer.json
* 2.7:
[Console] SymfonyStyle : Fix blocks wordwrapping
[Console] SymfonyStyle : Fix blocks output is broken on windows cmd
[Validator] remove partial deprecation annotation
Updated UPGRADE-2.4.md
[Form] Support DateTimeImmutable in transform()
Show the FormType and FormTypeExtension in case of deprecated use of setDefaultOptions
[FrameworkBundle] Document form.csrf_provider service deprecation
[Form] add test to avoid regression of #14891
without this change allways the legacy code get called
[Form] Fix call to removed method (BC broken in 2.3)
Fix ask and askHidden methods
[HttpFoundation] Get response content as resource several times for PHP >= 5.6
Change error message to reflect SecurityContext deprecation.
fixed merge
Issue #14815
[Console] SymfonyStyle : fix & automate block gaps.
[Console] SymfonyStyle : Improve EOL consistency by relying on output instance
Improved duplicated code in FileLocator
* 2.7:
[Security] Update tests after a merge
[Console] Remove an unused argument and fix a small cs issue
[Translator] avoid serialize unserializable resources.
* 2.8: (100 commits)
[DependencyInjection] provide better error message when using deprecated configuration options
[console][TableCell] get cell width without decoration.
Improve the config validation in TwigBundle
[VarDumper] Changed tooltip to expand-all keybinding in OS X
[Bridge\PhpUnit] Fix composer installed phpunit detection
[VarDumper] Fix generic casters calling order
[2.7][SecurityBundle] Remove SecurityContext from Compile
[WebProfilerBundle][logger] added missing deprecation message.
Fix profiler CSS
[Security][Acl] enforce string identifiers
[FrameworkBundle] make `templating.helper.router` service available again for BC reasons
[BrowserKit] Fix bug when uri starts with http.
bumped Symfony version to 2.7.1
updated VERSION for 2.7.0
updated CHANGELOG for 2.7.0
bumped Symfony version to 2.6.10
updated VERSION for 2.6.9
updated CHANGELOG for 2.6.9
fixed tests
bumped Symfony version to 2.3.31
...
Conflicts:
CHANGELOG-2.3.md
CHANGELOG-2.6.md
CHANGELOG-2.7.md
UPGRADE-2.7.md
UPGRADE-3.0.md
src/Symfony/Bridge/Doctrine/Form/Type/DoctrineType.php
src/Symfony/Bridge/Twig/Extension/AssetExtension.php
src/Symfony/Bridge/Twig/Tests/Extension/AssetExtensionTest.php
src/Symfony/Bridge/Twig/composer.json
src/Symfony/Bundle/FrameworkBundle/Command/TranslationDebugCommand.php
src/Symfony/Bundle/FrameworkBundle/Resources/config/templating.xml
src/Symfony/Bundle/FrameworkBundle/Resources/config/templating_php.xml
src/Symfony/Bundle/FrameworkBundle/Templating/Helper/CodeHelper.php
src/Symfony/Bundle/FrameworkBundle/composer.json
src/Symfony/Bundle/SecurityBundle/composer.json
src/Symfony/Component/Debug/ExceptionHandler.php
src/Symfony/Component/DependencyInjection/Container.php
src/Symfony/Component/DependencyInjection/Definition.php
src/Symfony/Component/DependencyInjection/Loader/XmlFileLoader.php
src/Symfony/Component/DependencyInjection/Loader/YamlFileLoader.php
src/Symfony/Component/DependencyInjection/Tests/Fixtures/xml/legacy-services6.xml
src/Symfony/Component/DependencyInjection/Tests/Fixtures/xml/services6.xml
src/Symfony/Component/DependencyInjection/Tests/Fixtures/yaml/legacy-services6.yml
src/Symfony/Component/DependencyInjection/Tests/Fixtures/yaml/services6.yml
src/Symfony/Component/DependencyInjection/Tests/Loader/XmlFileLoaderTest.php
src/Symfony/Component/DependencyInjection/Tests/Loader/YamlFileLoaderTest.php
src/Symfony/Component/Form/CHANGELOG.md
src/Symfony/Component/HttpKernel/DependencyInjection/ContainerAwareHttpKernel.php
src/Symfony/Component/HttpKernel/Tests/DependencyInjection/ContainerAwareHttpKernelTest.php
src/Symfony/Component/Routing/Loader/XmlFileLoader.php
src/Symfony/Component/Routing/Loader/YamlFileLoader.php
* 2.7: (95 commits)
[DependencyInjection] provide better error message when using deprecated configuration options
[console][TableCell] get cell width without decoration.
Improve the config validation in TwigBundle
[VarDumper] Changed tooltip to expand-all keybinding in OS X
[Bridge\PhpUnit] Fix composer installed phpunit detection
[VarDumper] Fix generic casters calling order
[2.7][SecurityBundle] Remove SecurityContext from Compile
[WebProfilerBundle][logger] added missing deprecation message.
Fix profiler CSS
[Security][Acl] enforce string identifiers
[FrameworkBundle] make `templating.helper.router` service available again for BC reasons
[BrowserKit] Fix bug when uri starts with http.
bumped Symfony version to 2.7.1
updated VERSION for 2.7.0
updated CHANGELOG for 2.7.0
bumped Symfony version to 2.6.10
updated VERSION for 2.6.9
updated CHANGELOG for 2.6.9
fixed tests
bumped Symfony version to 2.3.31
...
Conflicts:
src/Symfony/Bundle/FrameworkBundle/Command/TranslationDebugCommand.php
src/Symfony/Bundle/WebProfilerBundle/Resources/views/Collector/logger.html.twig
src/Symfony/Component/HttpKernel/Kernel.php
src/Symfony/Component/Translation/Loader/JsonFileLoader.php
* 2.6:
Improve the config validation in TwigBundle
[WebProfilerBundle][logger] added missing deprecation message.
[Security][Acl] enforce string identifiers
[BrowserKit] Fix bug when uri starts with http.
bumped Symfony version to 2.3.31
updated VERSION for 2.3.30
updated CHANGELOG for 2.3.30
Php Inspections (EA Extended): - resolved possible PHP Fatal in \Symfony\Component\BrowserKit\Cookie::__toString -resolved implicit magic methods calls -resolved callable name case mismatches
* 2.3:
Improve the config validation in TwigBundle
[Security][Acl] enforce string identifiers
[BrowserKit] Fix bug when uri starts with http.
bumped Symfony version to 2.3.31
updated VERSION for 2.3.30
updated CHANGELOG for 2.3.30
Php Inspections (EA Extended): - resolved possible PHP Fatal in \Symfony\Component\BrowserKit\Cookie::__toString -resolved implicit magic methods calls -resolved callable name case mismatches
Conflicts:
src/Symfony/Component/Debug/Tests/ErrorHandlerTest.php
src/Symfony/Component/DependencyInjection/Tests/Dumper/PhpDumperTest.php
src/Symfony/Component/HttpKernel/Kernel.php
This PR was merged into the 2.3 branch.
Discussion
----------
[2.3] Static Code Analysis for Components
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
Static Code Analysis with Php Inspections (EA Extended), no functional changes:
- resolved possible PHP Fatal in \Symfony\Component\BrowserKit\Cookie::__toString
- resolved callable name case mismatches
Commits
-------
9eb2b14 Php Inspections (EA Extended): - resolved possible PHP Fatal in \Symfony\Component\BrowserKit\Cookie::__toString -resolved implicit magic methods calls -resolved callable name case mismatches
- resolved possible PHP Fatal in \Symfony\Component\BrowserKit\Cookie::__toString
-resolved implicit magic methods calls
-resolved callable name case mismatches
* 2.6: (30 commits)
[Translation] fixed JSON loader on PHP 7 when file is empty
Fix typo
Check instance of FormBuilderInterface instead of FormBuilder
[Security] TokenBasedRememberMeServices test to show why encoding username is required
[Security] AbstractRememberMeServices::encodeCookie() validates cookie parts
fixed typo
[console][formater] allow format toString object.
[HttpFoundation] Fix baseUrl when script filename is contained in pathInfo
Avoid redirection to XHR URIs
[HttpFoundation] IpUtils::checkIp4() should allow networks
[2.6] Fix HTML escaping of to-source links
Fix HTML escaping of to-source links
ExceptionHandler: More Encoding
Fix the rendering of deprecation log messages
[FrameworkBundle] Removed unnecessary parameter in TemplateController
[DomCrawler] Throw an exception if a form field path is incomplete.
Fixed the indentation in the compiled template for the DumpNode
[Console] Delete duplicate test in CommandTest
[TwigBundle] Refresh twig paths when resources change.
WebProfiler break words
...
Conflicts:
src/Symfony/Bridge/Twig/composer.json
src/Symfony/Bundle/WebProfilerBundle/Resources/views/Collector/logger.html.twig
src/Symfony/Component/Debug/ExceptionHandler.php
* 2.3:
Fix typo
Check instance of FormBuilderInterface instead of FormBuilder
[Security] TokenBasedRememberMeServices test to show why encoding username is required
[Security] AbstractRememberMeServices::encodeCookie() validates cookie parts
[console][formater] allow format toString object.
[HttpFoundation] Fix baseUrl when script filename is contained in pathInfo
Avoid redirection to XHR URIs
[HttpFoundation] IpUtils::checkIp4() should allow networks
Fix HTML escaping of to-source links
[FrameworkBundle] Removed unnecessary parameter in TemplateController
[DomCrawler] Throw an exception if a form field path is incomplete.
[Console] Delete duplicate test in CommandTest
[TwigBundle] Refresh twig paths when resources change.
WebProfiler break words
fixed typo
Update README.md
[HttpKernel] Handle an array vary header in the http cache store
[Security][Translation] fixes#14584
[Framework] added test for Router commands.
Handled bearer authorization header in REDIRECT_ form
Conflicts:
src/Symfony/Component/Debug/ExceptionHandler.php
This PR was squashed before being merged into the 2.3 branch (closes#14670).
Discussion
----------
[Security] TokenBasedRememberMeServices test to show why encoding username is required
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #14577
| License | MIT
| Doc PR | no
241538d shows that it's not actually tested, 257b796 reimplements it with test.
I can remove the POC commit if it's not needed.
Commits
-------
63a9736 [Security] TokenBasedRememberMeServices test to show why encoding username is required
This PR was squashed before being merged into the 2.3 branch (closes#14678).
Discussion
----------
[Security] AbstractRememberMeServices::encodeCookie() validates cookie parts
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #14577
| License | MIT
| Doc PR | no
`AbstractRememberMeServices::encodeCookie()` guards against `COOKIE_DELIMITER` in `$cookieParts`.
* it would make `AbstractRememberMeServices::cookieDecode()` broken
* all current extending classes do it anyway (see #14670 )
* added tests – it's not a public method, but it is expected to be used by user implementations – as such, it's good to know that it works properly
Commits
-------
464c39a [Security] AbstractRememberMeServices::encodeCookie() validates cookie parts
This PR was merged into the 2.3 branch.
Discussion
----------
[Security][Translation] fixes#14584
| Q | A
| ------------- | ---
| Fixed tickets | #14584
| License | MIT
Some french translations are wrong in the security component.
As #14587 has been closed here's my fix.
Commits
-------
34c780f [Security][Translation] fixes#14584
* 2.8:
fixed CS
fixed CS
fixed CS
Fix WebProfilerBundle compatiblity with HttpKernel < 2.7
[Validator] Deprecated PHP7-incompatible constraints and related validators
[DebugBundle] Allow alternative destination for dumps
[DebugBundle] Use output mechanism of dumpers instead of echoing
[DebugBundle] Always collect dumps
[FrameworkBundle] Applied new styles to the config:debug & config:dump-reference commands
Fix tests in HHVM
CS: Pre incrementation/decrementation should be used if possible
Conflicts:
UPGRADE-2.7.md
src/Symfony/Bundle/FrameworkBundle/Command/ConfigDebugCommand.php
src/Symfony/Bundle/FrameworkBundle/Tests/Templating/Helper/AssetsHelperTest.php
src/Symfony/Bundle/FrameworkBundle/composer.json
src/Symfony/Component/Console/Helper/DialogHelper.php
src/Symfony/Component/HttpFoundation/Tests/Session/Flash/FlashBagTest.php
src/Symfony/Component/Routing/Matcher/Dumper/ApacheMatcherDumper.php
src/Symfony/Component/Security/Core/Encoder/Pbkdf2PasswordEncoder.php
* 2.7:
fixed CS
fixed CS
fixed CS
Fix WebProfilerBundle compatiblity with HttpKernel < 2.7
[Validator] Deprecated PHP7-incompatible constraints and related validators
[DebugBundle] Allow alternative destination for dumps
[DebugBundle] Use output mechanism of dumpers instead of echoing
[DebugBundle] Always collect dumps
[FrameworkBundle] Applied new styles to the config:debug & config:dump-reference commands
Fix tests in HHVM
CS: Pre incrementation/decrementation should be used if possible
Conflicts:
src/Symfony/Bundle/FrameworkBundle/composer.json
This PR was merged into the 2.7 branch.
Discussion
----------
[Security] Removed unnecessary statement
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | ~
| License | MIT
| Doc PR | ~
Removed unnecessary statement from `PersistentTokenBasedRememberMeServices.php`.
`$series` comes from `$cookieParts` and `$this->tokenProvider->loadTokenBySeries($series);` is supposed to find the token with that value. Doing `$persistentToken->getSeries();` should give us exactly the same value, so it is an unnecessary statement.
Why?
* We don't need it? We won't miss it when it's gone.
* It confuses a code reader who starts guessing why would that be needed (at least I did and lost time because of that).
Unless…
It actually is needed, as we want `TokenProviderInterface` implementations to have a possibility to give a `PersistentTokenInterface` with a different series value than asked… I can make a PR to the testing class so that such requirement is checked upon.
I don't believe that this is BC, as this behaviour isn't documented anywhere and no existing (known to me) implementations return different series than the asked ones (and current tests pass successfully).
Commits
-------
c7a91f1 Removed unnecessary statement from PersistentTokenBasedRememberMeServices.php
* 2.7:
fixed CS
fixed CS
fixed CS
Fix WebProfilerBundle compatiblity with HttpKernel < 2.7
[Validator] Deprecated PHP7-incompatible constraints and related validators
[DebugBundle] Allow alternative destination for dumps
[DebugBundle] Use output mechanism of dumpers instead of echoing
[DebugBundle] Always collect dumps
[FrameworkBundle] Applied new styles to the config:debug & config:dump-reference commands
Fix tests in HHVM
CS: Pre incrementation/decrementation should be used if possible
Conflicts:
src/Symfony/Bundle/FrameworkBundle/composer.json
* 2.6:
[DebugBundle] Allow alternative destination for dumps
[DebugBundle] Use output mechanism of dumpers instead of echoing
[DebugBundle] Always collect dumps
Fix tests in HHVM
CS: Pre incrementation/decrementation should be used if possible
Conflicts:
src/Symfony/Component/Finder/Expression/Glob.php
* 2.3:
Fix tests in HHVM
CS: Pre incrementation/decrementation should be used if possible
Conflicts:
src/Symfony/Bundle/TwigBundle/Command/LintCommand.php
src/Symfony/Component/Console/Helper/TableHelper.php
src/Symfony/Component/EventDispatcher/Tests/EventDispatcherTest.php
src/Symfony/Component/HttpKernel/DataCollector/LoggerDataCollector.php
src/Symfony/Component/HttpKernel/HttpCache/EsiResponseCacheStrategy.php
src/Symfony/Component/Security/Acl/Dbal/AclProvider.php
src/Symfony/Component/Security/Http/RememberMe/TokenBasedRememberMeServices.php
This PR was merged into the 2.3 branch.
Discussion
----------
CS: Pre incrementation/decrementation should be used if possible
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
Fixes provided by new fixer: https://github.com/FriendsOfPHP/PHP-CS-Fixer/pull/1113
If this pr is merged I would change the level of the fixer to `symfony`.
Commits
-------
c5123d6 CS: Pre incrementation/decrementation should be used if possible
* 2.8: (77 commits)
[travis] Use container-based infrastructure
[HttpKernel] use ConfigCache::getPath() method when it exists
[PropertyAccess] Fix setting public property on a class having a magic getter
[Routing] Display file which contain deprecated option
ContainerInterface: unused exception dropped
bumped Symfony version to 2.6.8
updated VERSION for 2.6.7
updated CHANGELOG for 2.6.7
bumped Symfony version to 2.3.29
updated VERSION for 2.3.28
update CONTRIBUTORS for 2.3.28
updated CHANGELOG for 2.3.28
[Debug] Fixed ClassNotFoundFatalErrorHandlerTest
[SecurityBundle] use access decision constants in config
[SecurityBundle] use session auth constants in config
PhpDoc fix in AbstractRememberMeServices
[FrameworkBundle][DX] Add option to specify additional translation loading paths
[Filesystem] Simplified an if statement
fixed CS
[SecurityBundle] Use Enum Nodes Instead Of Scalar
...
Conflicts:
CHANGELOG-2.3.md
CHANGELOG-2.6.md
src/Symfony/Bridge/Swiftmailer/composer.json
src/Symfony/Bundle/DebugBundle/composer.json
src/Symfony/Bundle/FrameworkBundle/Console/Descriptor/TextDescriptor.php
src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/Fixtures/xml/full.xml
src/Symfony/Bundle/FrameworkBundle/Tests/Fixtures/Descriptor/event_dispatcher_1_event1.txt
src/Symfony/Bundle/FrameworkBundle/Tests/Fixtures/Descriptor/event_dispatcher_1_events.txt
src/Symfony/Component/Debug/DebugClassLoader.php
src/Symfony/Component/Debug/Tests/ErrorHandlerTest.php
src/Symfony/Component/Form/README.md
src/Symfony/Component/Intl/README.md
src/Symfony/Component/Locale/composer.json
src/Symfony/Component/Routing/Loader/XmlFileLoader.php
src/Symfony/Component/Routing/Loader/YamlFileLoader.php
src/Symfony/Component/Security/README.md
src/Symfony/Component/Serializer/Tests/Normalizer/GetSetMethodNormalizerTest.php
src/Symfony/Component/Serializer/Tests/Normalizer/ObjectNormalizerTest.php
src/Symfony/Component/Serializer/Tests/Normalizer/PropertyNormalizerTest.php
src/Symfony/Component/Translation/README.md
src/Symfony/Component/Validator/README.md
src/Symfony/Component/Yaml/Yaml.php
* 2.7: (70 commits)
[travis] Use container-based infrastructure
[HttpKernel] use ConfigCache::getPath() method when it exists
[PropertyAccess] Fix setting public property on a class having a magic getter
[Routing] Display file which contain deprecated option
ContainerInterface: unused exception dropped
bumped Symfony version to 2.6.8
updated VERSION for 2.6.7
updated CHANGELOG for 2.6.7
bumped Symfony version to 2.3.29
updated VERSION for 2.3.28
update CONTRIBUTORS for 2.3.28
updated CHANGELOG for 2.3.28
[Debug] Fixed ClassNotFoundFatalErrorHandlerTest
[SecurityBundle] use access decision constants in config
[SecurityBundle] use session auth constants in config
PhpDoc fix in AbstractRememberMeServices
[Filesystem] Simplified an if statement
[SecurityBundle] Use Enum Nodes Instead Of Scalar
[Debug 2.3] Fix test for PHP7
[HttpKernel] Check if "symfony/proxy-manager-bridge" package is installed
...
Conflicts:
src/Symfony/Bundle/DebugBundle/composer.json
src/Symfony/Bundle/FrameworkBundle/Command/ServerRunCommand.php
src/Symfony/Bundle/FrameworkBundle/Command/TranslationDebugCommand.php
src/Symfony/Component/Form/README.md
src/Symfony/Component/Intl/README.md
src/Symfony/Component/Security/README.md
src/Symfony/Component/Translation/Loader/CsvFileLoader.php
src/Symfony/Component/Translation/Loader/IniFileLoader.php
src/Symfony/Component/Translation/Loader/MoFileLoader.php
src/Symfony/Component/Translation/Loader/PhpFileLoader.php
src/Symfony/Component/Translation/Loader/PoFileLoader.php
src/Symfony/Component/Translation/Loader/YamlFileLoader.php
src/Symfony/Component/Translation/README.md
src/Symfony/Component/Translation/Translator.php
src/Symfony/Component/Validator/README.md
* 2.6: (21 commits)
bumped Symfony version to 2.6.8
updated VERSION for 2.6.7
updated CHANGELOG for 2.6.7
bumped Symfony version to 2.3.29
updated VERSION for 2.3.28
update CONTRIBUTORS for 2.3.28
updated CHANGELOG for 2.3.28
[Debug] Fixed ClassNotFoundFatalErrorHandlerTest
[SecurityBundle] use access decision constants in config
[SecurityBundle] use session auth constants in config
PhpDoc fix in AbstractRememberMeServices
[Filesystem] Simplified an if statement
[SecurityBundle] Use Enum Nodes Instead Of Scalar
[Debug 2.3] Fix test for PHP7
[HttpKernel] Check if "symfony/proxy-manager-bridge" package is installed
[Translation] simplify getMessages.
[Framework][Translation] added test for debug command.
Run tests on hhvm instead of hhvm-nightly
Use HTTPS in README and some other fixes
add more entropy to generated classnames
...
Conflicts:
.travis.yml
src/Symfony/Component/HttpKernel/Kernel.php
* 2.3:
bumped Symfony version to 2.3.29
updated VERSION for 2.3.28
update CONTRIBUTORS for 2.3.28
updated CHANGELOG for 2.3.28
PhpDoc fix in AbstractRememberMeServices
Conflicts:
src/Symfony/Component/HttpKernel/Kernel.php
* 2.6: (25 commits)
[2.6] link to https://symfony.com where possible
Do not override PHP constants, only use when available
link to https://symfony.com where possible
[FrameworkBundle] Added missing log in server:run command
[Finder] Only use GLOB_BRACE when available
[HttpFoundation] Allow curly braces in trusted host patterns
Fix merge
Fix typo in variable name
[profiler][security] check authenticated user by tokenClass instead of username.
[WebProfiler] fix html syntax for input types
[TwigBundle] Fix deprecated use of FlattenException
[DependencyInjection] Removed extra strtolower calls
Use https://symfony.com/search for searching
[Debug] PHP7 compatibility with BaseException
[Validator] Fixed Choice when an empty array is used in the "choices" option
Fixed tests
[StringUtil] Fixed singularification of 'selfies'
Fix Portuguese (Portugal) translation for Security
improved exception when missing required component
[DependencyInjection] resolve circular reference
...
Conflicts:
src/Symfony/Bundle/WebProfilerBundle/Resources/views/Collector/config.html.twig
src/Symfony/Component/Form/README.md
src/Symfony/Component/Intl/README.md
src/Symfony/Component/Security/README.md
src/Symfony/Component/Translation/README.md
src/Symfony/Component/Validator/README.md
* 2.3:
link to https://symfony.com where possible
[FrameworkBundle] Added missing log in server:run command
[HttpFoundation] Allow curly braces in trusted host patterns
[profiler][security] check authenticated user by tokenClass instead of username.
Use https://symfony.com/search for searching
Conflicts:
src/Symfony/Bundle/FrameworkBundle/Test/WebTestCase.php
src/Symfony/Component/Form/README.md
src/Symfony/Component/Intl/README.md
src/Symfony/Component/Routing/composer.json
src/Symfony/Component/Security/README.md
src/Symfony/Component/Translation/README.md
src/Symfony/Component/Validator/README.md
* 2.3:
[DependencyInjection] Removed extra strtolower calls
[Validator] Fixed Choice when an empty array is used in the "choices" option
Fixed tests
[StringUtil] Fixed singularification of 'selfies'
Fix Portuguese (Portugal) translation for Security
improved exception when missing required component
CS: unalign =
Show a better error when the port is in use
CS: unalign =>
[FrameworkBundle] Check for 'xlf' instead of 'xliff'
Add better phpdoc message for getListeners method of the EventDispatcher
Conflicts:
src/Symfony/Bundle/FrameworkBundle/Command/ServerRunCommand.php
src/Symfony/Bundle/TwigBundle/Command/LintCommand.php
src/Symfony/Component/DependencyInjection/ContainerBuilder.php
src/Symfony/Component/DependencyInjection/Tests/Fixtures/php/services11.php
src/Symfony/Component/Validator/Constraints/ChoiceValidator.php
* 2.8: (61 commits)
[Debug] Fix ClassNotFoundFatalErrorHandler candidates lookups
[2.6][Translator] Extend, refactor and simplify Translator tests.
[VarDumper] Allow preserving a subset of cut arrays
[Console] Bind the closure (code) to the Command if possible
[VarDumper] Added support for SplFileObject
[VarDumper] Added support for SplFileInfo
Update DebugClassLoader.php
inject asset packages in assets helper service
[travis] Do not exclude legacy tests on 2.7
[HttpFoundation] remove getExtension method
[2.6][Translation] fix legacy tests.
[Form] Removed remaining deprecation notices in the test suite
[Form] Moved deprecation notice triggers to file level
[Debug] Map PHP errors to LogLevel::CRITICAL
[FrameworkBundle][Server Command] add address port number option.
[Routing][DependencyInjection] Support .yaml extension in YAML loaders
[DX] improve file loader error for router/other resources in bundle
[FrameworkBundle] Initialize translator with the default locale.
[FrameworkBundle] Fix Routing\DelegatingLoader resiliency to fatal errors
[2.7][Translation] remove duplicate code for loading catalogue.
...
Conflicts:
composer.json
src/Symfony/Bridge/Swiftmailer/composer.json
src/Symfony/Component/Console/Helper/DialogHelper.php
src/Symfony/Component/Debug/ErrorHandler.php
src/Symfony/Component/Debug/Tests/FatalErrorHandler/ClassNotFoundFatalErrorHandlerTest.php
src/Symfony/Component/Form/Extension/HttpFoundation/EventListener/BindRequestListener.php
src/Symfony/Component/Locale/composer.json
* 2.7: (40 commits)
[Debug] Fix ClassNotFoundFatalErrorHandler candidates lookups
[2.6][Translator] Extend, refactor and simplify Translator tests.
Update DebugClassLoader.php
inject asset packages in assets helper service
[travis] Do not exclude legacy tests on 2.7
[HttpFoundation] remove getExtension method
[2.6][Translation] fix legacy tests.
[Form] Removed remaining deprecation notices in the test suite
[Form] Moved deprecation notice triggers to file level
[Debug] Map PHP errors to LogLevel::CRITICAL
[Routing][DependencyInjection] Support .yaml extension in YAML loaders
[DX] improve file loader error for router/other resources in bundle
[FrameworkBundle] Initialize translator with the default locale.
[FrameworkBundle] Fix Routing\DelegatingLoader resiliency to fatal errors
[2.7][Translation] remove duplicate code for loading catalogue.
[2.6][Translation] remove duplicate code for loading catalogue.
[HttpKernel] Cleanup ExceptionListener
CS fixes
[DependencyInjection] Show better error when the Yaml component is not installed
[2.3] SCA for Components - reference mismatches
...
* 2.8:
[Translation] avoid freshness check based on content *inside* the cache.
[Translator] Cache does not take fallback locales into consideration
[Translator] Cache does not take fallback locales into consideration
[VarDumper] Fix call site detection
[Form] Cleanup deprecation notices
[Console] Made output docopt compatible
[Process] Fix volatile test
Remove some useless @group annotations
Removed useless strtolower call
[Validator] Use strict comparisons in loaders
CS: Use "self" keyword instead of class name if possible
Conflicts:
.travis.yml
src/Symfony/Component/Console/Tests/Input/InputDefinitionTest.php
src/Symfony/Component/Form/FormTypeExtensionInterface.php
src/Symfony/Component/Form/FormTypeInterface.php
* 2.6:
[Translator] Cache does not take fallback locales into consideration
[VarDumper] Fix call site detection
[Process] Fix volatile test
Remove some useless @group annotations
Removed useless strtolower call
[Validator] Use strict comparisons in loaders
CS: Use "self" keyword instead of class name if possible
Conflicts:
.travis.yml
src/Symfony/Component/Translation/Translator.php
* 2.3:
Remove some useless @group annotations
Removed useless strtolower call
[Validator] Use strict comparisons in loaders
CS: Use "self" keyword instead of class name if possible
* 2.7:
[RFC][Console] Added console style guide helpers (v2)
[Validator] Add missing pt_BR translations
[Translation][Profiler] Added a Translation profiler.
Add parsing of hexadecimal strings for PHP 7
[VarDumper] Add filters to casters
Trim final stop from deprecation message
[Configuration] improve description for ignoreExtraKeys on ArrayNodeDefinition
[Validator] Added missing Hungarian translation
[Validator] Fixed grammar in Hungarian translation
CS: Unary operators should be placed adjacent to their operands
CS: Binary operators should be arounded by at least one space
remove useless tests that fail in php 7
[Translator] fix test for php 7 compatibility
[VarDumper] Add VarDumperTestCase and related trait
Update phpdoc of ProcessBuilder#setPrefix()
Conflicts:
src/Symfony/Bridge/ProxyManager/Tests/LazyProxy/Fixtures/php/lazy_service.php
src/Symfony/Component/Routing/Matcher/ApacheUrlMatcher.php
src/Symfony/Component/Routing/Matcher/Dumper/ApacheMatcherDumper.php
src/Symfony/Component/VarDumper/Cloner/AbstractCloner.php
* 2.6:
[Validator] Add missing pt_BR translations
Add parsing of hexadecimal strings for PHP 7
[Configuration] improve description for ignoreExtraKeys on ArrayNodeDefinition
[Validator] Added missing Hungarian translation
[Validator] Fixed grammar in Hungarian translation
CS: Unary operators should be placed adjacent to their operands
CS: Binary operators should be arounded by at least one space
remove useless tests that fail in php 7
[Translator] fix test for php 7 compatibility
Update phpdoc of ProcessBuilder#setPrefix()
Conflicts:
src/Symfony/Bridge/Propel1/Logger/PropelLogger.php
src/Symfony/Component/Validator/Resources/translations/validators.hu.xlf
* 2.3:
[Validator] Add missing pt_BR translations
Add parsing of hexadecimal strings for PHP 7
[Configuration] improve description for ignoreExtraKeys on ArrayNodeDefinition
[Validator] Added missing Hungarian translation
[Validator] Fixed grammar in Hungarian translation
CS: Unary operators should be placed adjacent to their operands
CS: Binary operators should be arounded by at least one space
remove useless tests that fail in php 7
[Translator] fix test for php 7 compatibility
Update phpdoc of ProcessBuilder#setPrefix()
Conflicts:
src/Symfony/Component/HttpFoundation/Session/Attribute/NamespacedAttributeBag.php
src/Symfony/Component/PropertyAccess/PropertyAccessor.php
src/Symfony/Component/Validator/Resources/translations/validators.pt_BR.xlf
src/Symfony/Component/Yaml/Parser.php
This PR was merged into the 2.3 branch.
Discussion
----------
CS: Unary operators should be placed adjacent to their operands
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | ?
| Fixed tickets | N/A
| License | MIT
| Doc PR | N/A
Update before upcoming changes on PHP CS Fixer 1.7
To keep fabbot.io happy ;)
Commits
-------
2367f4a CS: Unary operators should be placed adjacent to their operands
This PR was merged into the 2.3 branch.
Discussion
----------
CS: Binary operators should be arounded by at least one space
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | ?
| Fixed tickets | N/A
| License | MIT
| Doc PR | N/A
Update before upcoming changes on PHP CS Fixer 1.7
To keep fabbot.io happy ;)
Commits
-------
ec2cec6 CS: Binary operators should be arounded by at least one space
* 2.7: (29 commits)
[Validator] Added missing Hungarian translation
remove usage of deprecated class
Fix merge
Fix merge
CS: fixes
[Translation][Extractor] Allow extracting an array of files besides extracting a directory
[VarDumper] Fix dumping ThrowingCasterException
[Console][Table] Add support for colspan/rowspan + multiple header lines
Translator component has default domain for null implemented no need to have default translation domain logic in 3 different places
Displays friendly message if the event does not have any registered listeners
[VarDumper] Ctrl+click toggles-all and fix IE8 support
Implemented check on interface implementation
[Form] [TwigBridge] Bootstrap layout whitespace control
|Validator] Add PHPUnit hint in AbstractConstraintValidatorTest
[VarDumper] implement expand all on ALT+click
[WebProfilerBundle] Fixed collapsed profiler menu icons
[travis] Kill tests when a new commit has been pushed
fixed CS
Change behavior to mirror hash_equals() returning early if there is a length mismatch
CS fixing
...
Conflicts:
src/Symfony/Bridge/Twig/composer.json
src/Symfony/Bundle/FrameworkBundle/composer.json
src/Symfony/Bundle/SecurityBundle/Resources/config/security.xml
src/Symfony/Bundle/SecurityBundle/Resources/config/security_acl.xml
src/Symfony/Bundle/SecurityBundle/Resources/config/security_acl_dbal.xml
src/Symfony/Bundle/SecurityBundle/Resources/config/security_listeners.xml
src/Symfony/Bundle/SecurityBundle/Resources/config/security_rememberme.xml
src/Symfony/Bundle/TwigBundle/Extension/AssetsExtension.php
* 2.6:
CS: fixes
Translator component has default domain for null implemented no need to have default translation domain logic in 3 different places
[Form] [TwigBridge] Bootstrap layout whitespace control
[travis] Kill tests when a new commit has been pushed
fixed CS
Change behavior to mirror hash_equals() returning early if there is a length mismatch
CS fixing
Prevent modifying secrets as much as possible
Update StringUtils.php
Whitespace
Update StringUtils.php
StringUtils::equals() arguments in RememberMe Cookie based implementation are confused
CS: general fixes
[SecurityBundle] removed a duplicated service definition and simplified others.
Conflicts:
src/Symfony/Bundle/SecurityBundle/Resources/config/security_listeners.xml
* 2.3:
CS: fixes
Translator component has default domain for null implemented no need to have default translation domain logic in 3 different places
[travis] Kill tests when a new commit has been pushed
fixed CS
Change behavior to mirror hash_equals() returning early if there is a length mismatch
CS fixing
Prevent modifying secrets as much as possible
Update StringUtils.php
Whitespace
Update StringUtils.php
CS: general fixes
[SecurityBundle] removed a duplicated service definition and simplified others.
Conflicts:
src/Symfony/Bundle/FrameworkBundle/Resources/views/Form/choice_widget_collapsed.html.php
src/Symfony/Bundle/SecurityBundle/Resources/config/security_rememberme.xml
src/Symfony/Component/Console/Tests/Helper/LegacyTableHelperTest.php
src/Symfony/Component/DependencyInjection/Tests/Fixtures/php/services11.php
This PR was squashed before being merged into the 2.7 branch (closes#13482).
Discussion
----------
Implemented check on interface implementation
| Q | A
| ------------- | ---
| Bug fix? | Yes
| New feature? | No
| BC breaks? | No
| Deprecations? | No
| Tests pass? | Yes
| Fixed tickets | #13480
| License | MIT
| Doc PR |
Commits
-------
2a79ace Implemented check on interface implementation
* 2.7: (55 commits)
CS: fix some license headers
CS: Ensure there is no code on the same line as the PHP open tag and it is followed by a blankline
Improve triggering of the deprecation error
[SecurityBundle] Fix typos in LogoutUrlHelper
[VarDumper] add caster for MongoCursor objects
make it possible to dump inlined services to XML
[VarDumper] Fixed notice when Exchange is mocked
[Translation] keep old array structure of resourcesFiles to avoid BC.
removed deprecated notices that make the tests fail
use visited lookup with reference to gain performance
[VarDumper] with-er interface for Cloner\Data
Replace GET parameters when changed
tweaked phpdocs
[Process] Fix outdated Process->start() docblock
prevent inlining service configurators
Improve entropy of generated salt
Complete the removal of API versions in the validator component
[Validator] deprecated API version
Removed 2.5 bc layer
[SecurityBundle] UserPasswordEncoderCommand: fix help arguments order.
...
Conflicts:
CHANGELOG-2.3.md
CHANGELOG-2.6.md
src/Symfony/Bridge/Doctrine/Form/Type/DoctrineType.php
src/Symfony/Bundle/FrameworkBundle/DependencyInjection/Configuration.php
src/Symfony/Bundle/FrameworkBundle/Tests/Templating/Helper/FormHelperDivLayoutTest.php
src/Symfony/Bundle/FrameworkBundle/Tests/Templating/Helper/FormHelperTableLayoutTest.php
src/Symfony/Bundle/FrameworkBundle/composer.json
src/Symfony/Bundle/SecurityBundle/composer.json
src/Symfony/Component/Console/Helper/DialogHelper.php
src/Symfony/Component/Console/Tests/Helper/LegacyTableHelperTest.php
src/Symfony/Component/Form/ResolvedFormType.php
src/Symfony/Component/Routing/Matcher/Dumper/ApacheMatcherDumper.php
* 2.6:
CS: fix some license headers
CS: Ensure there is no code on the same line as the PHP open tag and it is followed by a blankline
use visited lookup with reference to gain performance
Replace GET parameters when changed
[FrameworkBundle][debug:config] added support for dynamic configurations.
[WebProfiler] Fix partial search on url in list
Conflicts:
src/Symfony/Bridge/Propel1/Form/EventListener/TranslationCollectionFormListener.php
src/Symfony/Bridge/Propel1/Form/EventListener/TranslationFormListener.php
* 2.3:
CS: fix some license headers
CS: Ensure there is no code on the same line as the PHP open tag and it is followed by a blankline
use visited lookup with reference to gain performance
Replace GET parameters when changed
Conflicts:
src/Symfony/Component/DependencyInjection/Dumper/PhpDumper.php
This PR was merged into the 2.3 branch.
Discussion
----------
CS: fix some license headers
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | ?
| Fixed tickets | N/A
| License | MIT
| Doc PR | N/A
Commits
-------
2b74841 CS: fix some license headers
* 2.6:
Fix small coding style
[2.3] Static Code Analysis for Components
[Form] fixed phpdoc
CS: Convert double quotes to single quotes
Fixed MongoODM entity loader. Improved loading behavior of entities and documents by reusing entity loader.
[Validator] added Japanese translation for unmatched charset (id: 80)
[WebProfilerBundle] fixed undefined buttons.
[WebProfilerBundle] Fix javascript toolbar on IE8
[DependencyInjection] Highest precedence for user parameters
bumped Symfony version to 2.6.6
[Translation][MoFileLoader] fixed load empty translation.
updated VERSION for 2.6.5
updated CHANGELOG for 2.6.5
bumped Symfony version to 2.3.27
updated VERSION for 2.3.26
update CONTRIBUTORS for 2.3.26
updated CHANGELOG for 2.3.26
[HttpKernel] UriSigner::buildUrl - default params for http_build_query
Conflicts:
src/Symfony/Bridge/Propel1/Tests/DataCollector/PropelDataCollectorTest.php
src/Symfony/Component/DependencyInjection/Dumper/PhpDumper.php
src/Symfony/Component/HttpKernel/Kernel.php
src/Symfony/Component/Security/Http/Firewall/AbstractPreAuthenticatedListener.php
src/Symfony/Component/Validator/Resources/translations/validators.ja.xlf
* 2.7:
Changed visibility of setUp() and tearDown to protected
Changed visibility of setUp() and tearDown to protected
[2.7] Fix travis file
[HttpFoundation] MongoDbSessionHandler::read() now checks for valid session age
[Debug] reintroduce charset param to ExceptionHandler
Changed visibility of setUp() and tearDown to protected
[WebProfilerBundle] Set debug+charset on the ExceptionHandler fallback
[Debug] deprecate ExceptionHandler::utf8Htmlize
Added default button class
used HTML5 meta charset tag and removed hardcoded ones
Revert "bug #13715 Enforce UTF-8 charset for core controllers (WouterJ)"
fixed XSS in the exception handler
Php Inspections (EA Extended) - static code analysis includes:
[2.3] Remove most refs uses
[FrameworkBundle] Read config/validation/*.(xml|yml) files
Test with local components instead of waiting for the subtree-splitter when possible
Conflicts:
src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/Compiler/LegacyTemplatingAssetHelperPassTest.php
src/Symfony/Bundle/TwigBundle/Tests/Extension/LegacyAssetsExtensionTest.php
src/Symfony/Bundle/TwigBundle/Tests/TokenParser/LegacyRenderTokenParserTest.php
src/Symfony/Component/ClassLoader/Tests/LegacyUniversalClassLoaderTest.php
src/Symfony/Component/Console/Helper/ProgressHelper.php
src/Symfony/Component/Console/Tests/Helper/LegacyDialogHelperTest.php
src/Symfony/Component/Console/Tests/Helper/LegacyProgressHelperTest.php
src/Symfony/Component/Debug/ExceptionHandler.php
src/Symfony/Component/HttpFoundation/Tests/Session/Storage/Handler/MongoDbSessionHandlerTest.php
src/Symfony/Component/Routing/Tests/Matcher/Dumper/LegacyApacheMatcherDumperTest.php
src/Symfony/Component/Templating/Tests/Helper/LegacyAssetsHelperTest.php
* 2.6:
[HttpFoundation] MongoDbSessionHandler::read() now checks for valid session age
Changed visibility of setUp() and tearDown to protected
[WebProfilerBundle] Set debug+charset on the ExceptionHandler fallback
Added default button class
used HTML5 meta charset tag and removed hardcoded ones
Revert "bug #13715 Enforce UTF-8 charset for core controllers (WouterJ)"
fixed XSS in the exception handler
Php Inspections (EA Extended) - static code analysis includes:
[2.3] Remove most refs uses
Test with local components instead of waiting for the subtree-splitter when possible
Conflicts:
.travis.yml
* 2.3:
Changed visibility of setUp() and tearDown to protected
fixed XSS in the exception handler
Php Inspections (EA Extended) - static code analysis includes:
[2.3] Remove most refs uses
Test with local components instead of waiting for the subtree-splitter when possible
Conflicts:
src/Symfony/Bundle/FrameworkBundle/Command/ContainerDebugCommand.php
src/Symfony/Component/Config/Util/XmlUtils.php
src/Symfony/Component/Console/Helper/ProgressHelper.php
src/Symfony/Component/Debug/ExceptionHandler.php
src/Symfony/Component/Debug/Tests/ErrorHandlerTest.php
src/Symfony/Component/Filesystem/Tests/FilesystemTest.php
src/Symfony/Component/OptionsResolver/Options.php
src/Symfony/Component/Security/Acl/Dbal/MutableAclProvider.php
src/Symfony/Component/Yaml/Inline.php
Reduce couple count calls in [Yaml]
Modernize type casting, fix several strict comparisons
Unsets merged
Elvis operator usage
Short syntax for applied operations
* 2.7: (26 commits)
removed Propel bridge from Symfony Core
[2.7] Added deprecation warning for get request service in controller
[Serializer] Normalizers can serialize collections and scalars
[FrameworkBundle] Fix title and placeholder rendering in php form templates.
[Process] added a deprecation notice
[TwigBridge] Removed duplicated code from TwigRenderer
[Translator][Logging] implement TranslatorBagInterface.
RequestDataCollector - small fix
renamed composer.phar to composer to be consistent with the Symfony docs
[FrameworkBundle] bumped min version of Routing to 2.3
removed composer --dev option everywhere
fixed a test
[Console] Fixed output bug, if escaped string in a formatted string.
“console help” ignores --raw option
Fix form icon position in web profiler
[Security] Remove ContextListener's onKernelResponse listener as it is used
Revert "minor #12652 [HttpFoundation] [Hackday] #9942 test: Request::getContent() for null value (skler)"
Revert "fixed assertion"
fixed assertion
[HttpFoundation] [Hackday] #9942 test: Request::getContent() for null value
...
Conflicts:
composer.json
src/Symfony/Bridge/Propel1/composer.json
src/Symfony/Bridge/Twig/composer.json
src/Symfony/Component/Console/Tests/Helper/LegacyTableHelperTest.php
* 2.6: (21 commits)
[FrameworkBundle] Fix title and placeholder rendering in php form templates.
[TwigBridge] Removed duplicated code from TwigRenderer
[Translator][Logging] implement TranslatorBagInterface.
RequestDataCollector - small fix
renamed composer.phar to composer to be consistent with the Symfony docs
[FrameworkBundle] bumped min version of Routing to 2.3
removed composer --dev option everywhere
fixed a test
[Console] Fixed output bug, if escaped string in a formatted string.
“console help” ignores --raw option
Fix form icon position in web profiler
[Security] Remove ContextListener's onKernelResponse listener as it is used
Revert "minor #12652 [HttpFoundation] [Hackday] #9942 test: Request::getContent() for null value (skler)"
Revert "fixed assertion"
fixed assertion
[HttpFoundation] [Hackday] #9942 test: Request::getContent() for null value
fixed URL
Add reference to documentation in FormEvents phpdocs
[YAML] Fix one-liners to work with multiple new lines
Keep "pre" meaning for var_dump quick-and-dirty debug
...
Conflicts:
src/Symfony/Bridge/Twig/composer.json
src/Symfony/Bundle/FrameworkBundle/composer.json
src/Symfony/Component/Security/Http/Firewall/ContextListener.php
src/Symfony/Component/Security/Http/Tests/Firewall/ContextListenerTest.php
* 2.3:
[FrameworkBundle] Fix title and placeholder rendering in php form templates.
RequestDataCollector - small fix
renamed composer.phar to composer to be consistent with the Symfony docs
[FrameworkBundle] bumped min version of Routing to 2.3
removed composer --dev option everywhere
fixed a test
[Console] Fixed output bug, if escaped string in a formatted string.
[Security] Remove ContextListener's onKernelResponse listener as it is used
Revert "minor #12652 [HttpFoundation] [Hackday] #9942 test: Request::getContent() for null value (skler)"
Revert "fixed assertion"
fixed assertion
[HttpFoundation] [Hackday] #9942 test: Request::getContent() for null value
fixed URL
Add reference to documentation in FormEvents phpdocs
[YAML] Fix one-liners to work with multiple new lines
Keep "pre" meaning for var_dump quick-and-dirty debug
[Console][Table] Fix cell padding with multi-byte
Conflicts:
src/Symfony/Bundle/FrameworkBundle/Resources/views/Form/widget_attributes.html.php
src/Symfony/Bundle/FrameworkBundle/composer.json
src/Symfony/Component/Console/Helper/TableHelper.php
* 2.7:
fixed deprecation notice
removed usage of the deprecated forms of asset() in the core framework
renamed asset_path() to asset() and added a BC layer
[Asset] added a NullContext class
[Asset] added the component
Added new Forwarded header support for Request::getClientIps
Optimize EntityType by only loading choices for values in the same way that EntityLoader customization does (if you provide a query_builder).
[Security] added string representation for core Users
Add Twig loader priority
Conflicts:
src/Symfony/Bundle/FrameworkBundle/composer.json
src/Symfony/Bundle/TwigBundle/Resources/config/twig.xml
This PR was squashed before being merged into the 2.3 branch (closes#13466).
Discussion
----------
[Security] Remove ContextListener's onKernelResponse listener as it is used
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
The context listeners are specific to a particular firewall, and as such, should not be applied if the current request doesn't match that context listener. To avoid this, the context listener can remove itself from the dispatcher as it is called.
This comes in to affect when two or more firewalls are setup and using the same kernel for multiple requests. Assuming there are two firewalls 'site' and 'admin'
- Request comes in matching 'site' firewall, 'site' ContextListener adds it's onKernelResponse method to the dispatcher
- Succesful auth for 'site'
- ContextListener writes token to session
- Request comes in matching 'admin' firewall, 'admin' ContextListener can't find anything in the session, so nulls the token in the security context
- 'site' ContextListener listens for response, can't find a token in the security context so removes the 'site' token from the session
Commits
-------
380d805 [Security] Remove ContextListener's onKernelResponse listener as it is used
* 2.7: (61 commits)
fixxed order of usage
[2.7] [Form] Replaced calls to array_search() by in_array() where is no need to get the index
removed the last deprecation notice
[Serializer] Silent deprecation notice
removed deprecation notice
[PropertyAccess] Show property path in all exception messages
added deprecation notice for HttpCache::createEsi()
added missing deprecation notice when using the form_enctype function
[Process] Make test AbstractProcessTest::testStartAfterATimeout useful again
removed non-sense example
Fixes small typo.
[Validator] Remove unnecessary include in tests
[HttpFoundation] minor: clarify Request::getUrlencodedPrefix() regex
fixed typo
[Serializer] Use Serializer's LogicException when applicable
[Serializer] Use autoloader for annotations in tests
[Validator] fix DOS-style line endings
Drop useless execution bit
bumped Symfony version to 2.6.5
[Serializer] update changelog
...
Conflicts:
CHANGELOG-2.3.md
CHANGELOG-2.5.md
CHANGELOG-2.6.md
src/Symfony/Bridge/Twig/Node/FormEnctypeNode.php
src/Symfony/Bundle/FrameworkBundle/HttpCache/HttpCache.php
src/Symfony/Component/HttpFoundation/Session/Storage/Handler/NativeSessionHandler.php
* 2.6: (46 commits)
fixxed order of usage
[2.7] [Form] Replaced calls to array_search() by in_array() where is no need to get the index
[Process] Make test AbstractProcessTest::testStartAfterATimeout useful again
removed non-sense example
Fixes small typo.
[Validator] Remove unnecessary include in tests
[HttpFoundation] minor: clarify Request::getUrlencodedPrefix() regex
fixed typo
[Validator] fix DOS-style line endings
Drop useless execution bit
bumped Symfony version to 2.6.5
[Serializer] update changelog
updated VERSION for 2.6.4
updated CHANGELOG for 2.6.4
bumped Symfony version to 2.5.11
[HttpKernel] Added use of provided by #12022 method to instantiate controller class in bundle's controller resolver
updated VERSION for 2.5.10
updated CHANGELOG for 2.5.10
[Validator] Add a Russian translation for invalid charset message
[2.3] [Validator] spanish translation for invalid charset message
...
Conflicts:
src/Symfony/Bridge/Doctrine/Validator/Constraints/UniqueEntityValidator.php
src/Symfony/Component/HttpKernel/Exception/FatalErrorException.php
src/Symfony/Component/HttpKernel/Exception/FlattenException.php
src/Symfony/Component/HttpKernel/Kernel.php
src/Symfony/Component/Routing/Tests/Generator/UrlGeneratorTest.php
src/Symfony/Component/Validator/Resources/translations/validators.de.xlf
src/Symfony/Component/Validator/Resources/translations/validators.en.xlf
src/Symfony/Component/Validator/Resources/translations/validators.es.xlf
src/Symfony/Component/Validator/Resources/translations/validators.fr.xlf
src/Symfony/Component/Validator/Resources/translations/validators.pl.xlf
src/Symfony/Component/Validator/Resources/translations/validators.ru.xlf
src/Symfony/Component/Validator/Resources/translations/validators.sl.xlf
* 2.7:
fixed tests
[OptionsResolver] replaced some exception messages
Added i18n support to ConfirmationQuestion
[HttpKernel] [WebProfilerBundle] added HTTP status to profiler search result
[Form] fixed form tests when using 2.7 deps
[2.3] [HttpFoundation] [MimeTypeGuesser]
[Routing] merge instead of replace class and method scheme/method annotations
[TwigBridge] Fix bootstrap rendering when user explicitly use form_label
Removed dead code and various cleaning
Removed dead code and various cleaning
Fixed HtmlDumper with long string
Removed dead code and various cleaning
[FrameworkBundle][xsd] added missing logging attribute.
[Console] Make it clear that the second argument is not about command options.
Added the '-' character for spaceless on tag start and end to be consistent for block, if, set and for nodes
[Yaml] fixed parse shortcut Key after unindented collection.
[Console] fixed#10531
Make the container considered non-fresh if the environment parameters are changed
Conflicts:
src/Symfony/Bridge/Twig/Resources/views/Form/form_div_layout.html.twig
src/Symfony/Component/HttpKernel/CHANGELOG.md
src/Symfony/Component/Process/Process.php
* 2.6:
[2.3] [HttpFoundation] [MimeTypeGuesser]
Removed dead code and various cleaning
Removed dead code and various cleaning
[FrameworkBundle][xsd] added missing logging attribute.
[Console] Make it clear that the second argument is not about command options.
Added the '-' character for spaceless on tag start and end to be consistent for block, if, set and for nodes
[Yaml] fixed parse shortcut Key after unindented collection.
[Console] fixed#10531
Make the container considered non-fresh if the environment parameters are changed
* 2.5:
[2.3] [HttpFoundation] [MimeTypeGuesser]
Removed dead code and various cleaning
[Console] Make it clear that the second argument is not about command options.
Added the '-' character for spaceless on tag start and end to be consistent for block, if, set and for nodes
[Yaml] fixed parse shortcut Key after unindented collection.
[Console] fixed#10531
Make the container considered non-fresh if the environment parameters are changed
Conflicts:
src/Symfony/Bridge/Twig/Resources/views/Form/form_div_layout.html.twig
* 2.3:
[2.3] [HttpFoundation] [MimeTypeGuesser]
Removed dead code and various cleaning
[Console] Make it clear that the second argument is not about command options.
Added the '-' character for spaceless on tag start and end to be consistent for block, if, set and for nodes
[Yaml] fixed parse shortcut Key after unindented collection.
[Console] fixed#10531
Make the container considered non-fresh if the environment parameters are changed
Conflicts:
src/Symfony/Bridge/Twig/Resources/views/Form/form_div_layout.html.twig
src/Symfony/Bridge/Twig/Resources/views/Form/form_table_layout.html.twig
src/Symfony/Component/Console/Tests/ApplicationTest.php
src/Symfony/Component/Security/Core/Authentication/Provider/PreAuthenticatedAuthenticationProvider.php
* 2.7:
[TwigBridge] fixed AppVariable compat with older Symfony versions
[Validator] re-added support for 2.4 API version in tests
fixed typos
fixed typo
fixed typo
fixed BC layer
[SecurityBundle] decouple the logout PHP helper and Twig extension
[Validator] added Japanese translation for unresolvable host (id: 79)
[Serializer] Fix PHPDoc
Conflicts:
src/Symfony/Bridge/Twig/AppVariable.php
* 2.7:
added type-hint
[Security] removed usage of the deprecated SecurityContextInterface
[Form] fixed deprecation triggers, removed usage of deprecated features
[EventDispatcher] fixed deprecation notices in the EventDispatcher Component
[HttpFoundation] maked a test as being for deprecated feature
added missing error_reporting
[Yaml] maked a test as being for deprecated feature
[Yaml] removed deprecation notices on internal constant
[Security] moved test files into the right place
[HttpKernel] fixed deprecation notices for ESI classes
[Form] moved a deprecation notice
[Form] fixed the CSRF extension to allow using only the new interfaces
[Form] tweaked a deprecation message
[Validator] Add a Russian translation for the checkDNS option in the URL validator
[Validator] Add a Slovenian translation for the checkDNS option in the URL validator
[Validator] Add a Polish translation for the checkDNS option in the URL validator.
fixed typo
added missing support for factories in console descriptions
[FrameworkBundle] fixed missing information in some descriptors
Conflicts:
src/Symfony/Bridge/Twig/composer.json
src/Symfony/Bundle/SecurityBundle/composer.json
src/Symfony/Component/Form/Extension/HttpFoundation/EventListener/BindRequestListener.php
src/Symfony/Component/Yaml/Tests/YamlTest.php
* 2.7: (24 commits)
bumped Symfony version to 2.6.4
updated VERSION for 2.6.3
updated CHANGELOG for 2.6.3
bumped Symfony version to 2.6.3
updated VERSION for 2.6.2
updated CHANGELOG for 2.6.2
bumped Symfony version to 2.5.10
updated VERSION for 2.5.9
updated CHANGELOG for 2.5.9
[FrameworkBundle] Use security.token_storage service in Controller::getUser()
bumped Symfony version to 2.3.25
updated VERSION for 2.3.24
update CONTRIBUTORS for 2.3.24
added missing E_USER_DEPRECATED argument to trigger_error() calls
Removed unneeded version requirements
updated CHANGELOG for 2.3.24
fixed tests
[Security] Don't destroy the session on buggy php releases.
Enhance deprecation summary at end of tests
[2.7] silence deprecations for getFactory*() BC layer
...
Conflicts:
CHANGELOG-2.3.md
CHANGELOG-2.5.md
CHANGELOG-2.6.md
src/Symfony/Component/Form/Tests/ResolvedFormTypeTest.php
* 2.6:
bumped Symfony version to 2.6.4
updated VERSION for 2.6.3
updated CHANGELOG for 2.6.3
bumped Symfony version to 2.6.3
updated VERSION for 2.6.2
updated CHANGELOG for 2.6.2
bumped Symfony version to 2.5.10
updated VERSION for 2.5.9
updated CHANGELOG for 2.5.9
[FrameworkBundle] Use security.token_storage service in Controller::getUser()
bumped Symfony version to 2.3.25
updated VERSION for 2.3.24
update CONTRIBUTORS for 2.3.24
Removed unneeded version requirements
updated CHANGELOG for 2.3.24
fixed tests
[Security] Don't destroy the session on buggy php releases.
[Process] Fix input reset in WindowsPipes
add back model_timezone and view_timezone options
Conflicts:
src/Symfony/Component/HttpKernel/Kernel.php
* 2.5:
bumped Symfony version to 2.5.10
updated VERSION for 2.5.9
updated CHANGELOG for 2.5.9
bumped Symfony version to 2.3.25
updated VERSION for 2.3.24
update CONTRIBUTORS for 2.3.24
Removed unneeded version requirements
updated CHANGELOG for 2.3.24
fixed tests
[Security] Don't destroy the session on buggy php releases.
Conflicts:
src/Symfony/Component/HttpKernel/Kernel.php
* 2.3:
bumped Symfony version to 2.3.25
updated VERSION for 2.3.24
update CONTRIBUTORS for 2.3.24
updated CHANGELOG for 2.3.24
fixed tests
[Security] Don't destroy the session on buggy php releases.
Conflicts:
src/Symfony/Component/Console/Tests/Fixtures/application_2.json
src/Symfony/Component/HttpKernel/Kernel.php
* 2.7: (23 commits)
[FrameworkBundle] Removed the use of TableHelper
Spanish translation for the ```checkDNS``` option introduced in #12956.
use Table instead of the deprecated TableHelper
[2.3] fix failing test
Fixes more deprecation notices as per @stof review.
Fixed some deprecations according to @stof feedbacks.
Normalizes deprecation notice messages.
[Validator] fixes UuidValidator deprecated class namespace.
[Form] adds more deprecation notices.
[Validator] adds more deprecation notices.
[Form] Adds a way to trigger deprecation notice on demand for VirtualFormAwareIterator class.
Fixes more deprecation notices.
Normalized @deprecated annotations.
Removed deprecation notices from test files.
Fixes deprecation notices.
Reverted trigger_error() function calls on deprecated interfaces to prevent breaking third party projects implementing them.
Adds deprecation notices for structures to be removed in 3.0.
fixed typo
Escape annotations in comments, refs #13089.
[2.3] missing cleanup for legacy test
...
Conflicts:
.travis.yml
src/Symfony/Bridge/Monolog/Logger.php
src/Symfony/Bridge/Swiftmailer/DataCollector/MessageDataCollector.php
src/Symfony/Bridge/Twig/Node/FormEnctypeNode.php
src/Symfony/Bundle/FrameworkBundle/Command/RouterApacheDumperCommand.php
src/Symfony/Bundle/FrameworkBundle/Console/Descriptor/Descriptor.php
src/Symfony/Bundle/FrameworkBundle/Console/Descriptor/TextDescriptor.php
src/Symfony/Bundle/FrameworkBundle/Controller/Controller.php
src/Symfony/Bundle/FrameworkBundle/HttpCache/HttpCache.php
src/Symfony/Bundle/FrameworkBundle/Templating/Helper/FormHelper.php
src/Symfony/Bundle/FrameworkBundle/Tests/Fixtures/Descriptor/builder_1_public.txt
src/Symfony/Bundle/FrameworkBundle/Tests/Fixtures/Descriptor/builder_1_services.txt
src/Symfony/Bundle/FrameworkBundle/Tests/Fixtures/Descriptor/builder_1_tag1.txt
src/Symfony/Bundle/FrameworkBundle/Tests/Fixtures/Descriptor/parameters_1.txt
src/Symfony/Bundle/FrameworkBundle/Tests/Fixtures/Descriptor/route_collection_1.txt
src/Symfony/Bundle/FrameworkBundle/composer.json
src/Symfony/Component/Config/Definition/ReferenceDumper.php
src/Symfony/Component/Console/Helper/DialogHelper.php
src/Symfony/Component/Console/Helper/ProgressHelper.php
src/Symfony/Component/Console/Helper/TableHelper.php
src/Symfony/Component/Form/Deprecated/FormEvents.php
src/Symfony/Component/Form/Extension/HttpFoundation/EventListener/BindRequestListener.php
src/Symfony/Component/Form/FormEvents.php
src/Symfony/Component/HttpKernel/Debug/ErrorHandler.php
src/Symfony/Component/HttpKernel/Debug/ExceptionHandler.php
src/Symfony/Component/HttpKernel/Kernel.php
src/Symfony/Component/HttpKernel/KernelInterface.php
src/Symfony/Component/OptionsResolver/Tests/LegacyOptionsTest.php
src/Symfony/Component/Process/Process.php
src/Symfony/Component/Routing/Matcher/ApacheUrlMatcher.php
src/Symfony/Component/Routing/Matcher/Dumper/ApacheMatcherDumper.php
src/Symfony/Component/Yaml/Yaml.php
* 2.6:
use Table instead of the deprecated TableHelper
[2.3] fix failing test
fixed typo
Escape annotations in comments, refs #13089.
[2.3] missing cleanup for legacy test
add missing param names to @param annotation
Improve the composer root version setting on Travis
use Table instead of the deprecated TableHelper
Conflicts:
src/Symfony/Bundle/FrameworkBundle/composer.json
* 2.5:
[2.3] fix failing test
fixed typo
Escape annotations in comments, refs #13089.
[2.3] missing cleanup for legacy test
add missing param names to @param annotation
Improve the composer root version setting on Travis
use Table instead of the deprecated TableHelper
Conflicts:
src/Symfony/Bundle/FrameworkBundle/Console/Descriptor/TextDescriptor.php
* 2.3:
[2.3] fix failing test
fixed typo
Escape annotations in comments, refs #13089.
[2.3] missing cleanup for legacy test
add missing param names to @param annotation
Improve the composer root version setting on Travis
This PR was merged into the 2.7 branch.
Discussion
----------
[2.7] adds deprecation notices.
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | yes
| Tests pass? | yes
| Fixed tickets | #12608, #12672, #12675#12684, #12686
| License | MIT
| Doc PR | ~
Commits
-------
f9fbb4f Fixes more deprecation notices as per @stof review.
fd47c07 Fixed some deprecations according to @stof feedbacks.
2a3e7d2 Normalizes deprecation notice messages.
738b9be [Validator] fixes UuidValidator deprecated class namespace.
e608ba6 [Form] adds more deprecation notices.
cd9617a [Validator] adds more deprecation notices.
a7f841e [Form] Adds a way to trigger deprecation notice on demand for VirtualFormAwareIterator class.
97efd2c Fixes more deprecation notices.
fd9c7bb Normalized @deprecated annotations.
39cfd47 Removed deprecation notices from test files.
2a9749d Fixes deprecation notices.
6f57b7b Reverted trigger_error() function calls on deprecated interfaces to prevent breaking third party projects implementing them.
86b9f6b Adds deprecation notices for structures to be removed in 3.0.
* 2.7:
[2.6] fix deprecation silencing...
[Form] fix Context\ExecutionContextInterface mock
add german translation for checkDNS option
[Validator] marks TraversalStrategy::STOP_RECURSION constant internal as it has been introduced for the BC layer and will be removed in 3.0.
* 2.6:
[2.6] fix deprecation silencing...
[Form] fix Context\ExecutionContextInterface mock
[Validator] marks TraversalStrategy::STOP_RECURSION constant internal as it has been introduced for the BC layer and will be removed in 3.0.
* 2.5:
[Form] fix Context\ExecutionContextInterface mock
[Validator] marks TraversalStrategy::STOP_RECURSION constant internal as it has been introduced for the BC layer and will be removed in 3.0.
* 2.7:
[TwigBundle] always load the exception listener if the templating.engines is not present
[TwigBundle] removed the Container dependency on ActionsExtension
[Filesystem] keep exec perms when copying
fixed typo
Fixed minor typo - override
[Filesystem] enforce umask while testing
[TwigBridge] moved fixtures into their own directory
[2.3] Fix lowest deps
[TwigBundle] added missing @deprecated tags
Use $this->iniSet() in tests
Conflicts:
src/Symfony/Bundle/TwigBundle/composer.json
* 2.6:
fixed typo
Fixed minor typo - override
[Filesystem] enforce umask while testing
[TwigBridge] moved fixtures into their own directory
Use $this->iniSet() in tests
* 2.5:
[2.3] Remove useless tests skips
[ClassLoader] removes deprecated classes from documentation.
[ClassLoader] added missing deprecation notice.
[HttpFoundation] Fix an issue caused by php's Bug #66606.
[Yaml] Update README.md
Don't add Accept-Range header on unsafe HTTP requests
simplify hasScheme method
adapted merge to 2.5
adapted previous commit for 2.3
[Security] Don't send remember cookie for sub request
[Security] fixed wrong phpdoc
[HttpKernel] Fix UriSigner::check when _hash is not at the end of the uri
[2.3] Cleanup deprecations
Conflicts:
src/Symfony/Bundle/FrameworkBundle/composer.json
src/Symfony/Bundle/WebProfilerBundle/Resources/views/Collector/logger.html.twig
src/Symfony/Component/HttpKernel/composer.json
* 2.3:
adapted previous commit for 2.3
[Security] Don't send remember cookie for sub request
[HttpKernel] Fix UriSigner::check when _hash is not at the end of the uri
Conflicts:
src/Symfony/Component/Security/Http/Tests/RememberMe/ResponseListenerTest.php
* 2.7:
Use PHPUnit ini_set wrapper in tests
[Process] Added a test skip check for Windows
[Process] Removed unused variable assignment
Fixes various phpdoc and coding standards.
Fixes Issue #13184 - incremental output getters now return empty strings
Updated copyright to 2015
Updated copyright to 2015
Updated copyright to 2015
[VarDumper] increase debug.max_items to 2500
[Debug] Update exception messages.
use value of DIRECTORY_SEPARATOR to detect Windows
force ExpressionLanguage version >= 2.6
[Debug] fixes ClassNotFoundFatalErrorHandler to correctly handle class not found errors with Symfony ClassLoader component autoloaders.
Clarify a comment.
use PHP_WINDOWS_VERSION_BUILD to detect Windows
Check if a field type_class is defined before using it.
Currently if you want to use inline bootstrap form rendering, this is usually enough:
Add deprecation warning to LegacyPdoSessionHandler
Conflicts:
src/Symfony/Bridge/Monolog/Logger.php
src/Symfony/Bridge/Swiftmailer/LICENSE
src/Symfony/Component/Debug/composer.json
src/Symfony/Component/HttpFoundation/Tests/Session/Storage/NativeSessionStorageTest.php
* 2.6:
Use PHPUnit ini_set wrapper in tests
[Process] Added a test skip check for Windows
[Process] Removed unused variable assignment
Fixes various phpdoc and coding standards.
Fixes Issue #13184 - incremental output getters now return empty strings
Updated copyright to 2015
Updated copyright to 2015
Updated copyright to 2015
[VarDumper] increase debug.max_items to 2500
[Debug] Update exception messages.
use value of DIRECTORY_SEPARATOR to detect Windows
force ExpressionLanguage version >= 2.6
[Debug] fixes ClassNotFoundFatalErrorHandler to correctly handle class not found errors with Symfony ClassLoader component autoloaders.
Clarify a comment.
use PHP_WINDOWS_VERSION_BUILD to detect Windows
Check if a field type_class is defined before using it.
Currently if you want to use inline bootstrap form rendering, this is usually enough:
Conflicts:
src/Symfony/Component/Debug/composer.json
* 2.5:
Use PHPUnit ini_set wrapper in tests
[Process] Added a test skip check for Windows
[Process] Removed unused variable assignment
Fixes various phpdoc and coding standards.
Fixes Issue #13184 - incremental output getters now return empty strings
Updated copyright to 2015
Updated copyright to 2015
Clarify a comment.
Conflicts:
src/Symfony/Component/HttpKernel/Fragment/EsiFragmentRenderer.php
* 2.3:
Use PHPUnit ini_set wrapper in tests
[Process] Added a test skip check for Windows
[Process] Removed unused variable assignment
Fixes various phpdoc and coding standards.
Fixes Issue #13184 - incremental output getters now return empty strings
Updated copyright to 2015
Conflicts:
src/Symfony/Bridge/Doctrine/Form/ChoiceList/EntityChoiceList.php
src/Symfony/Bridge/Propel1/Form/ChoiceList/ModelChoiceList.php
src/Symfony/Bundle/TwigBundle/Command/LintCommand.php
src/Symfony/Component/Debug/ExceptionHandler.php
src/Symfony/Component/Process/Tests/AbstractProcessTest.php
* 2.7:
[Debug] track and report deprecated classes and interfaces
[Form] Remove a redundant test.
use value of DIRECTORY_SEPARATOR to detect Windows
Conflicts:
src/Symfony/Bundle/SecurityBundle/Tests/Functional/SecurityRoutingIntegrationTest.php
src/Symfony/Component/Security/Core/Util/SecureRandom.php
* 2.3:
[Form] Remove a redundant test.
use value of DIRECTORY_SEPARATOR to detect Windows
Conflicts:
src/Symfony/Component/Console/Application.php
src/Symfony/Component/Filesystem/Tests/FilesystemTest.php
src/Symfony/Component/Form/Tests/Extension/Csrf/Type/FormTypeCsrfExtensionTest.php
src/Symfony/Component/Process/Process.php
This PR was merged into the 2.3 branch.
Discussion
----------
[2.3] for consistency, use value of DIRECTORY_SEPARATOR to detect Windows
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
This commit unifies the detection of Windows builds across the Symfony
codebase.
Commits
-------
20a427d use value of DIRECTORY_SEPARATOR to detect Windows
* 2.7: (26 commits)
Updated generateSql tool
Fix grammar
Fix the implementation of deprecated Locale classes
Fix phpdoc and coding standards
Replace usages of the deprecated TypeTestCase by the new one
Remove usages of deprecated constants
Update functional tests to use the PSR NullLogger
Updated the SQL data generated from the generateSql tool
Updated generateSql tool
fix regression in form tests after pr #13027 | Q | A | ------------- | --- | Bug fix? | yes | New feature? | no | BC breaks? | no | Deprecations? | no | Tests pass? | yes | Fixed tickets | - | License | MIT | Doc PR | -
[FrameworkBundle] added a test router for the buil-in web server
Make fabbot happy
Clean up testing
No global state for isolated tests and other fixes
No global state for isolated tests and other fixes
fix#10054 - form data collector with dynamic fields
[TwigBundle] Moved the setting of the default escaping strategy from the Twig engine to the Twig environment
[Debug] fix checkip6
[HttpFoundation] fixed error when an IP in the X-Forwarded-For HTTP header contains a port
[2.7] Allow 3.0 requirements
...
* 2.6: (21 commits)
Updated generateSql tool
Fix grammar
Fix the implementation of deprecated Locale classes
Fix phpdoc and coding standards
Replace usages of the deprecated TypeTestCase by the new one
Remove usages of deprecated constants
Update functional tests to use the PSR NullLogger
fix regression in form tests after pr #13027 | Q | A | ------------- | --- | Bug fix? | yes | New feature? | no | BC breaks? | no | Deprecations? | no | Tests pass? | yes | Fixed tickets | - | License | MIT | Doc PR | -
Make fabbot happy
Clean up testing
No global state for isolated tests and other fixes
No global state for isolated tests and other fixes
fix#10054 - form data collector with dynamic fields
[TwigBundle] Moved the setting of the default escaping strategy from the Twig engine to the Twig environment
[Debug] fix checkip6
[HttpFoundation] fixed error when an IP in the X-Forwarded-For HTTP header contains a port
Update the note about origins of the CssSelector component.
Use the correct cssselect library name in docblocks.
Fix wrong DateTransformer timezone param for non-UTC configuration. #12808
[Form] Add further timezone tests for date type
...
Conflicts:
src/Symfony/Component/Locale/Locale.php
src/Symfony/Component/Locale/composer.json
* 2.5:
Updated generateSql tool
Fix the implementation of deprecated Locale classes
Fix phpdoc and coding standards
Replace usages of the deprecated TypeTestCase by the new one
Remove usages of deprecated constants
Update functional tests to use the PSR NullLogger
fix regression in form tests after pr #13027 | Q | A | ------------- | --- | Bug fix? | yes | New feature? | no | BC breaks? | no | Deprecations? | no | Tests pass? | yes | Fixed tickets | - | License | MIT | Doc PR | -
Make fabbot happy
Clean up testing
No global state for isolated tests and other fixes
No global state for isolated tests and other fixes
fix#10054 - form data collector with dynamic fields
[TwigBundle] Moved the setting of the default escaping strategy from the Twig engine to the Twig environment
[Debug] fix checkip6
[HttpFoundation] fixed error when an IP in the X-Forwarded-For HTTP header contains a port
Update the note about origins of the CssSelector component.
Use the correct cssselect library name in docblocks.
[DomCrawler] fixed bug #12143
Conflicts:
src/Symfony/Bundle/FrameworkBundle/Templating/GlobalVariables.php
src/Symfony/Component/Serializer/Normalizer/DenormalizableInterface.php
* 2.3:
Updated generateSql tool
Fix the implementation of deprecated Locale classes
Fix phpdoc and coding standards
Replace usages of the deprecated TypeTestCase by the new one
Remove usages of deprecated constants
Update functional tests to use the PSR NullLogger
Make fabbot happy
Clean up testing
[DomCrawler] fixed bug #12143
Conflicts:
src/Symfony/Bridge/Doctrine/Tests/Validator/Constraints/UniqueEntityValidatorTest.php
src/Symfony/Bundle/FrameworkBundle/Tests/Templating/TimedPhpEngineTest.php
src/Symfony/Bundle/TwigBundle/Tests/Loader/FilesystemLoaderTest.php
src/Symfony/Component/Console/Application.php
src/Symfony/Component/DomCrawler/Crawler.php
src/Symfony/Component/Form/Tests/Extension/Core/Type/CollectionTypeTest.php
src/Symfony/Component/Form/Tests/Extension/Csrf/Type/FormTypeCsrfExtensionTest.php
src/Symfony/Component/HttpKernel/Tests/Bundle/BundleTest.php
src/Symfony/Component/Serializer/Encoder/EncoderInterface.php
src/Symfony/Component/Serializer/Encoder/XmlEncoder.php
src/Symfony/Component/Validator/Tests/Mapping/ClassMetadataFactoryTest.php
This PR was merged into the 2.7 branch.
Discussion
----------
[2.7] Allow 3.0 requirements
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | lets see
| Fixed tickets | -
| License | MIT
| Doc PR | -
2.7 is going to provide almost the same interfaces as 3.0 but also a BC layer for previous releases.
This means that 2.7 is going to be mostly compatible with 3.0.
Lets continuously test this assumption and see when and were we break compat with 2.7 (and try to avoid it as much as possible to smoothen the transition to 3.0).
Commits
-------
b369bb6 [2.7] Allow 3.0 requirements
This removes the unused use statements which were not catched by
PHP-CS-Fixer because of string occurences. It also fixes some invalid
phpdoc (scalar is not recognized as a valid type for instance).
* 2.7:
[Security/Http] fix mock logger in test
[Serializer] Fix XmlFileLoader test
[2.6] silence deprecation notices in new components
[2.5] silence deprecation notices in new components
[VarDumper] Minor fix for the uniformity
[TwigBundle] added missing absolute URL in Twig exceptions
* 2.7:
[2.3] CS And DocBlock Fixes
[Serializer] Serialization groups support
[2.3] CS Fixes
Fixed the issue 11116
[Security] Fixed tests
[Debug] use ternary operator to simplify the getClassLoader() method in DebugClassLoader class.
[FrameworkBundle] Fixed Translation loader and update translation command.
[Console] remove « use » statement for PHP built-in exception classes.
[SecurityBundle] replaced deprecated SecurityContextInterface dependency by new TokenStorageInterface instance in SecurityDataCollector. Also added unit tests suite for SecurityDataCollector class.
[SecurityBundle] use TokenStorageInterface instead of deprecated SecurityContextInterface in SecurityDataCollector and added unit tests suite.
[SecurityBundle] adds unit tests suite for SecurityDataCollector class.
[Serializer] Add xml_format_output context option. Close#12517.
[WebProfilerBundle] Fixed IE8 support
* 2.7: (32 commits)
[Config] adds missing « use » statement for InvalidTypeException type hint in documentation.
[Config] fixes broken unit test on ArrayNode class.
fixed CS
[Security] Delete old session on auth strategy migrate
skip if param "translator.logging" doesn't exist.
[SecurityBundle] fixes SecurityDataCollector::getInheritedRoles() documentation.
update required minimum TwigBridge version
Very minor grammar fix in error message
Added the function providers as container resources
[Tests] Silenced all deprecations in tests for 2.3
BinaryFileResponse - add missing newline
fixed CS
add a limit and a test to FlattenExceptionTest.
[DebugBundle] enable the DumpDataCollectorPass
[FrameworkBundle] Use debug namespace.
[FrameworkBundle] update debug commands references
skip compiler pass if interface doesn't exist
Unify the way to provide expression functions for the DI container
CS: There should be no empty lines following phpdocs
[Security] Added the triggering of the security.interactive_login event after set of token
...
Conflicts:
src/Symfony/Component/HttpKernel/Kernel.php
* 2.6: (23 commits)
[Config] adds missing « use » statement for InvalidTypeException type hint in documentation.
[Config] fixes broken unit test on ArrayNode class.
fixed CS
[Security] Delete old session on auth strategy migrate
skip if param "translator.logging" doesn't exist.
update required minimum TwigBridge version
Very minor grammar fix in error message
Added the function providers as container resources
[Tests] Silenced all deprecations in tests for 2.3
BinaryFileResponse - add missing newline
fixed CS
add a limit and a test to FlattenExceptionTest.
[DebugBundle] enable the DumpDataCollectorPass
[FrameworkBundle] Use debug namespace.
[FrameworkBundle] update debug commands references
skip compiler pass if interface doesn't exist
Unify the way to provide expression functions for the DI container
CS: There should be no empty lines following phpdocs
fix link format handling with disabled templating
[FrameworkBundle] fix cache:clear command
...
Conflicts:
src/Symfony/Bridge/Doctrine/phpunit.xml.dist
src/Symfony/Bridge/Monolog/phpunit.xml.dist
src/Symfony/Bridge/Propel1/phpunit.xml.dist
src/Symfony/Bridge/ProxyManager/phpunit.xml.dist
src/Symfony/Bridge/Twig/phpunit.xml.dist
src/Symfony/Bundle/FrameworkBundle/phpunit.xml.dist
src/Symfony/Bundle/SecurityBundle/phpunit.xml.dist
src/Symfony/Bundle/TwigBundle/phpunit.xml.dist
src/Symfony/Bundle/WebProfilerBundle/phpunit.xml.dist
src/Symfony/Component/BrowserKit/phpunit.xml.dist
src/Symfony/Component/ClassLoader/phpunit.xml.dist
src/Symfony/Component/Config/phpunit.xml.dist
src/Symfony/Component/Console/phpunit.xml.dist
src/Symfony/Component/CssSelector/phpunit.xml.dist
src/Symfony/Component/Debug/phpunit.xml.dist
src/Symfony/Component/DependencyInjection/phpunit.xml.dist
src/Symfony/Component/DomCrawler/phpunit.xml.dist
src/Symfony/Component/EventDispatcher/phpunit.xml.dist
src/Symfony/Component/Filesystem/phpunit.xml.dist
src/Symfony/Component/Finder/phpunit.xml.dist
src/Symfony/Component/Form/phpunit.xml.dist
src/Symfony/Component/HttpFoundation/phpunit.xml.dist
src/Symfony/Component/HttpKernel/phpunit.xml.dist
src/Symfony/Component/Intl/phpunit.xml.dist
src/Symfony/Component/Locale/phpunit.xml.dist
src/Symfony/Component/OptionsResolver/phpunit.xml.dist
src/Symfony/Component/Process/phpunit.xml.dist
src/Symfony/Component/PropertyAccess/phpunit.xml.dist
src/Symfony/Component/Routing/phpunit.xml.dist
src/Symfony/Component/Security/phpunit.xml.dist
src/Symfony/Component/Serializer/phpunit.xml.dist
src/Symfony/Component/Stopwatch/phpunit.xml.dist
src/Symfony/Component/Templating/phpunit.xml.dist
src/Symfony/Component/Translation/phpunit.xml.dist
src/Symfony/Component/Validator/phpunit.xml.dist
src/Symfony/Component/Yaml/phpunit.xml.dist
* 2.5:
[Config] adds missing « use » statement for InvalidTypeException type hint in documentation.
[Config] fixes broken unit test on ArrayNode class.
fixed CS
[Security] Delete old session on auth strategy migrate
update required minimum TwigBridge version
Very minor grammar fix in error message
[Tests] Silenced all deprecations in tests for 2.3
BinaryFileResponse - add missing newline
fixed CS
add a limit and a test to FlattenExceptionTest.
CS: There should be no empty lines following phpdocs
[FrameworkBundle] fix cache:clear command
[2.3] Docblocks should not be followed by a blank line
Fix return phpdoc
[PropertyAccess] Added test to verify #5775 is fixed
* 2.3:
[Config] adds missing « use » statement for InvalidTypeException type hint in documentation.
[Config] fixes broken unit test on ArrayNode class.
fixed CS
[Security] Delete old session on auth strategy migrate
update required minimum TwigBridge version
Very minor grammar fix in error message
[Tests] Silenced all deprecations in tests for 2.3
BinaryFileResponse - add missing newline
fixed CS
add a limit and a test to FlattenExceptionTest.
CS: There should be no empty lines following phpdocs
[FrameworkBundle] fix cache:clear command
[2.3] Docblocks should not be followed by a blank line
Fix return phpdoc
[PropertyAccess] Added test to verify #5775 is fixed
Conflicts:
src/Symfony/Bundle/TwigBundle/composer.json
src/Symfony/Component/PropertyAccess/Tests/PropertyAccessorTest.php
src/Symfony/Component/Security/Core/Tests/Validator/Constraints/UserPasswordValidatorTest.php
This PR was merged into the 2.3 branch.
Discussion
----------
[Security] Delete old session on auth strategy migrate
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #13026
| License | MIT
| Doc PR |
As identified by @austinh in #13026 there are two sessions after authentication, since the previous session is migrated to a new one by ``session_regenerate_id``. This PR ensures the old session is been deleted immediately on migration.
I can't see any drawbacks, but if the change would break BC, another approach would be to add a new strategy like ``switch`` to enable instant deletion of the old session.
Commits
-------
5dd11e6 [Security] Delete old session on auth strategy migrate
* 2.7:
[2.6] Test lowest versions of dependencies
Test lowest versions of dependencies
Fix placeholder date format
Test components using their lowest possible deps
* 2.6:
[2.6] Test lowest versions of dependencies
Test lowest versions of dependencies
Fix placeholder date format
Test components using their lowest possible deps
* symfony/2.5:
Test lowest versions of dependencies
Test components using their lowest possible deps
Conflicts:
src/Symfony/Bridge/Twig/composer.json
src/Symfony/Bundle/FrameworkBundle/composer.json
src/Symfony/Bundle/SecurityBundle/composer.json
src/Symfony/Component/EventDispatcher/composer.json
src/Symfony/Component/HttpKernel/composer.json
src/Symfony/Component/Security/composer.json
* 2.7: (26 commits)
[Form] fixed a maxlength overring on a guessing
[Debug] Show only unique class candidates
[FrameworkBundle] make GetSetMethodNormalizer available by default
[SecurityBundle] Firewall providers building - code cleaning
[Filesystem] symlink use RealPath instead LinkTarget
[DependencyInjection] Remove duplicate declaration in PhpDumper
terminals are not interactive on Travis
Revert "[DependencyInjection] backport perf optim"
[WebProfiler] Tweaked ajax requests toolbar css reset
[WebProfilerBundle] replaced pattern to path attribute in routes definitions.
fix phpdoc's alignment
Fixed deprecation version
Fix missing addExpressionLanguageProvider (used by service container to add expression providers)
Fixed the AuthenticationProviderInterface alignment
Fixed the proxy-manager version constraint
Fix missing space in label_attr
fix DumpDataCollectorTest after CS changes
avoid risky tests
Fixed typo in SecurityContext PHPDoc
[FrameworkBundle][Template name] avoid error message for the shortcut notation.
...
* 2.6: (24 commits)
[Form] fixed a maxlength overring on a guessing
[Debug] Show only unique class candidates
[SecurityBundle] Firewall providers building - code cleaning
[Filesystem] symlink use RealPath instead LinkTarget
[DependencyInjection] Remove duplicate declaration in PhpDumper
terminals are not interactive on Travis
Revert "[DependencyInjection] backport perf optim"
[WebProfiler] Tweaked ajax requests toolbar css reset
[WebProfilerBundle] replaced pattern to path attribute in routes definitions.
fix phpdoc's alignment
Fix missing addExpressionLanguageProvider (used by service container to add expression providers)
Fixed the AuthenticationProviderInterface alignment
Fixed the proxy-manager version constraint
Fix missing space in label_attr
fix DumpDataCollectorTest after CS changes
avoid risky tests
Fixed typo in SecurityContext PHPDoc
[FrameworkBundle][Template name] avoid error message for the shortcut notation.
[DependencyInjection] perf optim: call dirname() at most 5x
[DependencyInjection] backport perf optim
...
* 2.5:
[Form] fixed a maxlength overring on a guessing
[Debug] Show only unique class candidates
[SecurityBundle] Firewall providers building - code cleaning
[Filesystem] symlink use RealPath instead LinkTarget
[DependencyInjection] Remove duplicate declaration in PhpDumper
terminals are not interactive on Travis
Revert "[DependencyInjection] backport perf optim"
[WebProfilerBundle] replaced pattern to path attribute in routes definitions.
fix phpdoc's alignment
Fixed the AuthenticationProviderInterface alignment
Fixed the proxy-manager version constraint
[FrameworkBundle][Template name] avoid error message for the shortcut notation.
[DependencyInjection] perf optim: call dirname() at most 5x
[DependencyInjection] backport perf optim
Fixed#12845 adding a listener to an event that is currently being dispatched will not result into a fatal error in TraceableEventDispatcher [EventDispatcher]
[2.5] Remove possible call_user_func()
[2.3] Remove possible call_user_func()
Conflicts:
src/Symfony/Component/DependencyInjection/Dumper/PhpDumper.php
src/Symfony/Component/DependencyInjection/Tests/Fixtures/php/services1-1.php
src/Symfony/Component/DependencyInjection/Tests/Fixtures/php/services1.php
src/Symfony/Component/DependencyInjection/Tests/Fixtures/php/services11.php
src/Symfony/Component/DependencyInjection/Tests/Fixtures/php/services12.php
src/Symfony/Component/DependencyInjection/Tests/Fixtures/php/services8.php
src/Symfony/Component/DependencyInjection/Tests/Fixtures/php/services9.php
* 2.7: (27 commits)
Added information when an error occured during validation of an answer of a question
Adding note about known BC issues
Adding note about the PdoSessionHandler BC break
[Console] fixes some typos and phpdoc.
[HttpKernel] Add deprecation log for Kernel::isClassInActiveBundle()
fix phpdoc's alignment
[2.6] CS Fixes And Removed An Unused Import
Minor phpcs fixes
[ClassLoader] Fix undefined index in ClassCollectionLoader
CS fixes
Revert "minor #12821 Remove deprecated class (MasterB)"
[2.3] More cs fixes
Removed unused imports
CS fixes
bumped Symfony version to 2.6.2
updated VERSION for 2.6.1
updated CHANGELOG for 2.6.1
bumped Symfony version to 2.5.9
updated VERSION for 2.5.8
update CONTRIBUTORS for 2.5.8
...
* 2.6: (25 commits)
Added information when an error occured during validation of an answer of a question
Adding note about known BC issues
Adding note about the PdoSessionHandler BC break
[Console] fixes some typos and phpdoc.
fix phpdoc's alignment
[2.6] CS Fixes And Removed An Unused Import
Minor phpcs fixes
[ClassLoader] Fix undefined index in ClassCollectionLoader
CS fixes
Revert "minor #12821 Remove deprecated class (MasterB)"
[2.3] More cs fixes
Removed unused imports
CS fixes
bumped Symfony version to 2.6.2
updated VERSION for 2.6.1
updated CHANGELOG for 2.6.1
bumped Symfony version to 2.5.9
updated VERSION for 2.5.8
update CONTRIBUTORS for 2.5.8
updated CHANGELOG for 2.5.8
...
Conflicts:
src/Symfony/Component/HttpKernel/Kernel.php
* 2.5:
Added information when an error occured during validation of an answer of a question
[Console] fixes some typos and phpdoc.
fix phpdoc's alignment
Minor phpcs fixes
[ClassLoader] Fix undefined index in ClassCollectionLoader
* 2.5:
CS fixes
[2.3] More cs fixes
Removed unused imports
CS fixes
bumped Symfony version to 2.5.9
updated VERSION for 2.5.8
update CONTRIBUTORS for 2.5.8
updated CHANGELOG for 2.5.8
bumped Symfony version to 2.3.24
updated VERSION for 2.3.23
update CONTRIBUTORS for 2.3.23
updated CHANGELOG for 2.3.23
Conflicts:
src/Symfony/Component/Console/Helper/ProgressBar.php
src/Symfony/Component/Debug/ErrorHandler.php
src/Symfony/Component/HttpKernel/Kernel.php
src/Symfony/Component/Security/Http/HttpUtils.php
src/Symfony/Component/Validator/Mapping/Factory/LazyLoadingMetadataFactory.php
* 2.3:
[2.3] More cs fixes
Removed unused imports
CS fixes
bumped Symfony version to 2.3.24
updated VERSION for 2.3.23
update CONTRIBUTORS for 2.3.23
updated CHANGELOG for 2.3.23
Conflicts:
src/Symfony/Bundle/FrameworkBundle/EventListener/SessionListener.php
src/Symfony/Bundle/SecurityBundle/DependencyInjection/MainConfiguration.php
src/Symfony/Component/HttpKernel/Kernel.php
src/Symfony/Component/HttpKernel/Tests/Bundle/BundleTest.php
src/Symfony/Component/Routing/Matcher/Dumper/PhpMatcherDumper.php
* 2.7: (65 commits)
Configure firewall's kernel exception listener with configured entry point or a default entry point
PSR-2 fixes
[DependencyInjection] make paths relative to __DIR__ in the generated container
[FrameworkBundle][Router Cmd] use debug namespace.
[FrameworkBundle] Update deprecated service call
Fix PHP Fatal error: Cannot call constructor in symfony/console/Symfony/Component/Console/Helper/DialogHelper.php on line 37
Removed a dev annotation from a version constraint
Fixed the syntax of a composer.json file
Fixed the symfony/config version constraint
Tweaked the password-compat version constraint
Docblock fixes
Append to PR #12737 referring Ticket #12704
Issue #12658 Add a deprecation note about Translator's setFallbackLocale...
Issue #12606 Adding warning logs about the deprecation of [...]/Tests/FormIntegration...
Hackday deprecated 12621
Added deprecation log for validate and validateValue on ExecutionContext...
[Console] [Hackday] [2.7] Add a deprecation note about ProgressHelper
[Hackday][2.7] Add a deprecation note about MetadataInterface's accept() method
[Validator] Added a deprecation note about setPropertyAccessor #12698
[Locale] Adding a deprecation note about the Locale component
...
* 2.6:
Configure firewall's kernel exception listener with configured entry point or a default entry point
PSR-2 fixes
[DependencyInjection] make paths relative to __DIR__ in the generated container
[FrameworkBundle][Router Cmd] use debug namespace.
[FrameworkBundle] Update deprecated service call
Removed a dev annotation from a version constraint
Fixed the syntax of a composer.json file
Fixed the symfony/config version constraint
Tweaked the password-compat version constraint
Docblock fixes
[Filesystem] fix lock file permissions
Remove dialog usage
define constant only if it wasn't defined before
Fix incorrect spanish translation
Fixed typos
Fixed a docblock
bumped Symfony version to 2.6.1
updated VERSION for 2.6.0
updated CHANGELOG for 2.6.0
removed unneeded check
Conflicts:
src/Symfony/Component/HttpKernel/Kernel.php
* 2.5:
Configure firewall's kernel exception listener with configured entry point or a default entry point
PSR-2 fixes
[DependencyInjection] make paths relative to __DIR__ in the generated container
Fixed the syntax of a composer.json file
Fixed the symfony/config version constraint
Tweaked the password-compat version constraint
Docblock fixes
Remove dialog usage
define constant only if it wasn't defined before
Fix incorrect spanish translation
Fixed typos
Conflicts:
src/Symfony/Bundle/TwigBundle/Controller/ExceptionController.php
src/Symfony/Component/DependencyInjection/Dumper/PhpDumper.php
src/Symfony/Component/OptionsResolver/Options.php
src/Symfony/Component/OptionsResolver/OptionsResolverInterface.php
src/Symfony/Component/Process/ProcessPipes.php
src/Symfony/Component/Security/Http/Tests/Firewall/RememberMeListenerTest.php
src/Symfony/Component/Serializer/Normalizer/DenormalizableInterface.php
src/Symfony/Component/Validator/ConstraintViolation.php
src/Symfony/Component/Yaml/Inline.php
src/Symfony/Component/Yaml/Parser.php
* 2.3:
Configure firewall's kernel exception listener with configured entry point or a default entry point
PSR-2 fixes
[DependencyInjection] make paths relative to __DIR__ in the generated container
Fixed the syntax of a composer.json file
Fixed the symfony/config version constraint
Tweaked the password-compat version constraint
Docblock fixes
define constant only if it wasn't defined before
Fix incorrect spanish translation
Fixed typos
Conflicts:
composer.json
src/Symfony/Bridge/Twig/TwigEngine.php
src/Symfony/Bundle/FrameworkBundle/Controller/Controller.php
src/Symfony/Bundle/FrameworkBundle/Templating/Loader/FilesystemLoader.php
src/Symfony/Bundle/FrameworkBundle/composer.json
src/Symfony/Component/Console/Descriptor/MarkdownDescriptor.php
src/Symfony/Component/Console/Helper/TableHelper.php
src/Symfony/Component/Console/Tests/Helper/HelperSetTest.php
src/Symfony/Component/Debug/ErrorHandler.php
src/Symfony/Component/DependencyInjection/Dumper/PhpDumper.php
src/Symfony/Component/Finder/Tests/Iterator/RecursiveDirectoryIteratorTest.php
src/Symfony/Component/Form/Tests/Extension/Core/DataMapper/PropertyPathMapperTest.php
src/Symfony/Component/HttpFoundation/Response.php
src/Symfony/Component/HttpFoundation/StreamedResponse.php
src/Symfony/Component/HttpKernel/Controller/ControllerResolver.php
src/Symfony/Component/HttpKernel/Controller/ControllerResolverInterface.php
src/Symfony/Component/HttpKernel/Debug/TraceableEventDispatcher.php
src/Symfony/Component/HttpKernel/Fragment/RoutableFragmentRenderer.php
src/Symfony/Component/HttpKernel/Tests/DataCollector/RequestDataCollectorTest.php
src/Symfony/Component/Intl/NumberFormatter/NumberFormatter.php
src/Symfony/Component/Process/Process.php
src/Symfony/Component/Process/Tests/AbstractProcessTest.php
src/Symfony/Component/PropertyAccess/PropertyAccessorBuilder.php
src/Symfony/Component/Routing/Tests/Fixtures/validpattern.php
src/Symfony/Component/Security/Http/RememberMe/TokenBasedRememberMeServices.php
src/Symfony/Component/Security/composer.json
src/Symfony/Component/Serializer/Encoder/XmlEncoder.php
src/Symfony/Component/Serializer/Normalizer/GetSetMethodNormalizer.php
src/Symfony/Component/Stopwatch/StopwatchEvent.php
src/Symfony/Component/Stopwatch/StopwatchPeriod.php
src/Symfony/Component/Templating/PhpEngine.php
src/Symfony/Component/Templating/TemplateReference.php
src/Symfony/Component/Templating/TemplateReferenceInterface.php
src/Symfony/Component/Translation/TranslatorInterface.php
src/Symfony/Component/Validator/ConstraintViolation.php
src/Symfony/Component/Validator/ExecutionContextInterface.php
src/Symfony/Component/Validator/Mapping/ClassMetadata.php
src/Symfony/Component/Validator/MetadataFactoryInterface.php
This PR was merged into the 2.3 branch.
Discussion
----------
Docblock Fixes
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | N/A
| License | MIT
| Doc PR | N/A
##### This pull request fixes the docblock alignment as requested in #12760.
It was also necessary for me to ensure the `@return` annotations were correctly separated in order to accurately align the `@param` annotations.
Commits
-------
443307e Docblock fixes
* 2.7: (36 commits)
[Debug] fix error message on double exception
[Validator] make DateTime objects represented as strings in the violation message.
[RFC] [DebugBundle] [HttpKernel] Avoid using container as dependency for DumpListener
Upgrade information for the Translation component regarding the new LoggingTranslator class.
[WebProfilerBundle] Remove usage of app.request in search bar template
Fix initialized() with aliased services
fix data type in docblock
Rename Symfony2 to Symfony
bumped Symfony version to 2.6.0
updated VERSION for 2.6.0-BETA2
updated CHANGELOG for 2.6.0-BETA2
[Debug] fix ENT_SUBSTITUTE usage
compare version using PHP_VERSION_ID
backport #12489
remove an unneeded check
Remove block submit_widget
reformat code as suggested by @fabpot
Fix typo
Make `\Request::get` more performant.
properly set request attributes in controller test
...
* 2.6: (36 commits)
[Debug] fix error message on double exception
[Validator] make DateTime objects represented as strings in the violation message.
[RFC] [DebugBundle] [HttpKernel] Avoid using container as dependency for DumpListener
Upgrade information for the Translation component regarding the new LoggingTranslator class.
[WebProfilerBundle] Remove usage of app.request in search bar template
Fix initialized() with aliased services
fix data type in docblock
Rename Symfony2 to Symfony
bumped Symfony version to 2.6.0
updated VERSION for 2.6.0-BETA2
updated CHANGELOG for 2.6.0-BETA2
[Debug] fix ENT_SUBSTITUTE usage
compare version using PHP_VERSION_ID
backport #12489
remove an unneeded check
Remove block submit_widget
reformat code as suggested by @fabpot
Fix typo
Make `\Request::get` more performant.
properly set request attributes in controller test
...
* 2.5:
[Debug] fix error message on double exception
Fix initialized() with aliased services
Rename Symfony2 to Symfony
compare version using PHP_VERSION_ID
backport #12489
remove an unneeded check
* 2.7:
Extract an AbstractEventDispatcherTest from EventDispatcherTest and also use it in ContainerAwareEventDispatcherTest
[SecurityBundle] Authentication entry point is only registered with firewall exception listener, not with authentication listeners
be smarter when guessing the document root
Azerbaijani locale
Fixed grammar error in docblock
[HttpKernel] fix parse error in DumpDataCollector
[TwigBundle/DebugBundle] move dump extension & cleanups
Adjust upgrade file rendering
[Bridge/Propel1] Changed deps to accepts all upcoming propel1 versions
compare version using PHP_VERSION_ID
[Form] Add doc for FormEvents
*_timezone changes also affect the BirthdayType
don't override internal PHP constants
Drop support for model_timezone and view_timezone options in TimeType and DateType.
[DomCrawler] Added support for link tags in the Link class
[Session] Fix parameter names in WriteCheckSessionHandler
Add consistency with request type checking
[FrameworkBundle] Fix server run in case the router script does not exist
* 2.6:
Extract an AbstractEventDispatcherTest from EventDispatcherTest and also use it in ContainerAwareEventDispatcherTest
[SecurityBundle] Authentication entry point is only registered with firewall exception listener, not with authentication listeners
be smarter when guessing the document root
Azerbaijani locale
Fixed grammar error in docblock
[HttpKernel] fix parse error in DumpDataCollector
[TwigBundle/DebugBundle] move dump extension & cleanups
Adjust upgrade file rendering
[Bridge/Propel1] Changed deps to accepts all upcoming propel1 versions
compare version using PHP_VERSION_ID
[Form] Add doc for FormEvents
*_timezone changes also affect the BirthdayType
don't override internal PHP constants
Drop support for model_timezone and view_timezone options in TimeType and DateType.
[DomCrawler] Added support for link tags in the Link class
[Session] Fix parameter names in WriteCheckSessionHandler
Add consistency with request type checking
[FrameworkBundle] Fix server run in case the router script does not exist
* 2.5:
[SecurityBundle] Authentication entry point is only registered with firewall exception listener, not with authentication listeners
be smarter when guessing the document root
Azerbaijani locale
Fixed grammar error in docblock
Adjust upgrade file rendering
[Bridge/Propel1] Changed deps to accepts all upcoming propel1 versions
compare version using PHP_VERSION_ID
[Form] Add doc for FormEvents
don't override internal PHP constants
[Session] Fix parameter names in WriteCheckSessionHandler
Add consistency with request type checking
[FrameworkBundle] Fix server run in case the router script does not exist
Conflicts:
composer.json
src/Symfony/Component/Debug/ErrorHandler.php
src/Symfony/Component/Debug/ExceptionHandler.php
* 2.3:
[SecurityBundle] Authentication entry point is only registered with firewall exception listener, not with authentication listeners
be smarter when guessing the document root
Azerbaijani locale
Fixed grammar error in docblock
Adjust upgrade file rendering
[Bridge/Propel1] Changed deps to accepts all upcoming propel1 versions
compare version using PHP_VERSION_ID
[Form] Add doc for FormEvents
don't override internal PHP constants
Conflicts:
UPGRADE-3.0.md
src/Symfony/Bundle/FrameworkBundle/Command/ServerRunCommand.php
src/Symfony/Component/Debug/ErrorHandler.php
src/Symfony/Component/HttpFoundation/Response.php
To let opcode caches optimize cached code, the `PHP_VERSION_ID`
constant is used to detect the current PHP version instead of calling
`version_compare()` with `PHP_VERSION`.
* 2.7:
Update filesystem readme.md to include exists method
Add machine readable events
Fixed minor typo
[FrameworkBundle] Fix server start in case the PHP binary is not found
Update UPGRADE-2.6.md
[HttpKernel][2.6] Adding support for invokable controllers in the RequestDataCollector
fixed typo
[Translations] Added missing Hebrew language trans-unit sources
[DependencyInjection] inlined factory not referenced
Fixed case for empty folder
Fixed whitespace control for password form widget
[Routing] correctly initialize condition as string
* 2.6:
Update filesystem readme.md to include exists method
Add machine readable events
Fixed minor typo
[FrameworkBundle] Fix server start in case the PHP binary is not found
Update UPGRADE-2.6.md
[HttpKernel][2.6] Adding support for invokable controllers in the RequestDataCollector
fixed typo
[Translations] Added missing Hebrew language trans-unit sources
[DependencyInjection] inlined factory not referenced
Fixed case for empty folder
Fixed whitespace control for password form widget
[Routing] correctly initialize condition as string
* 2.5:
Update filesystem readme.md to include exists method
Add machine readable events
[HttpKernel][2.6] Adding support for invokable controllers in the RequestDataCollector
fixed typo
[Translations] Added missing Hebrew language trans-unit sources
[DependencyInjection] inlined factory not referenced
Fixed case for empty folder
Fixed whitespace control for password form widget
[Routing] correctly initialize condition as string
* 2.5:
added missing files
[TwigBundle] added a test
Indicate which file was being parsed if an exception is thrown while running translation:debug
[ClassLoader] Cast $useIncludePath property to boolean
[HttpFoundation] Minor spelling fix in PHPDocs
improve error message for multiple documents
Remove aligned '=>' and '='
[Session] remove invalid workaround in session regenerate
[Kernel] ensure session is saved before sending response
[Routing] serialize the compiled route to speed things up
[Form] Fixed usage of "name" variable in form_start block
[Validator] Fixed Regex::getHtmlPattern() to work with complex and negated patterns
[DependencyInjection] use inheritdoc for loaders
[Config] fix filelocator with empty name
[Form] fix form handling with unconventional request methods like OPTIONS
CSRF warning docs on Request::enableHttpMethodParameterOverride()
Conflicts:
src/Symfony/Component/Console/Helper/ProgressBar.php
* 2.5:
Remove aligned '=>' and '='
Break infinite loop while resolving aliases
[Security][listener] change priority of switchuser
Improved the phpdoc for security token classes
bumped Symfony version to 2.5.7
updated VERSION for 2.5.6
updated CHANGELOG for 2.5.6
bumped Symfony version to 2.3.22
updated VERSION for 2.3.21
update CONTRIBUTORS for 2.3.21
updated CHANGELOG for 2.3.21
Conflicts:
src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/ConfigurationTest.php
src/Symfony/Bundle/SecurityBundle/DependencyInjection/Security/Factory/AbstractFactory.php
src/Symfony/Bundle/TwigBundle/Controller/ExceptionController.php
src/Symfony/Component/Debug/ErrorHandler.php
src/Symfony/Component/Debug/ExceptionHandler.php
src/Symfony/Component/Form/Extension/Core/Type/BaseType.php
src/Symfony/Component/Form/Extension/Core/Type/ChoiceType.php
src/Symfony/Component/Form/Extension/Core/Type/DateTimeType.php
src/Symfony/Component/Form/Extension/Core/Type/DateType.php
src/Symfony/Component/Form/Extension/Core/Type/TimeType.php
src/Symfony/Component/Form/Extension/Validator/Type/FormTypeValidatorExtension.php
src/Symfony/Component/HttpFoundation/Request.php
src/Symfony/Component/HttpFoundation/Session/Storage/Handler/MongoDbSessionHandler.php
src/Symfony/Component/HttpFoundation/Session/Storage/Handler/PdoSessionHandler.php
src/Symfony/Component/HttpKernel/Kernel.php
src/Symfony/Component/Security/Core/SecurityContextInterface.php
src/Symfony/Component/Security/Http/Authentication/DefaultAuthenticationFailureHandler.php
src/Symfony/Component/Security/Http/Authentication/DefaultAuthenticationSuccessHandler.php
src/Symfony/Component/Security/Http/Firewall/AnonymousAuthenticationListener.php
src/Symfony/Component/Serializer/Serializer.php
src/Symfony/Component/Validator/Constraints/File.php
This PR was squashed before being merged into the 2.3 branch (closes#12293).
Discussion
----------
Remove aligned '=>' and '='
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | [https://github.com/symfony/symfony/issues/12284]
| License | MIT
Could you said to me if i should make an other PR for 2.5 branch.
Commits
-------
51312d3 Remove aligned '=>' and '='
* 2.5:
enforce memcached version to be 2.1.0
[PropertyAccess] Simplified code
[FrameworkBundle] improve server:run feedback
[Form] no need to add the url listener when it does not do anything
[Form] Fix#11694 - Enforce options value type check in some form types
Lithuanian security translations
[SecurityBundle] Add trust_resolver variable into expression | Q | A | ------------- | --- | Bug fix? | [yes] | New feature? | [no] | BC breaks? | [no] | Deprecations? | [no] | Tests pass? | [yes] | Fixed tickets | [#12224] | License | MIT | Doc PR | [-]
[Router] Cleanup
Fixed UPGRADE-3.0.md markup
[FrameworkBundle] Fixed ide links
Add missing argument
[TwigBundle] do not pass a template reference to twig
[TwigBundle] show correct fallback exception template in debug mode
[TwigBundle] remove unused email placeholder from error page
use meta charset in layouts without legacy http-equiv
Conflicts:
src/Symfony/Bundle/TwigBundle/Controller/ExceptionController.php
* 2.3:
enforce memcached version to be 2.1.0
[FrameworkBundle] improve server:run feedback
[Form] no need to add the url listener when it does not do anything
[Form] Fix#11694 - Enforce options value type check in some form types
Lithuanian security translations
[Router] Cleanup
[FrameworkBundle] Fixed ide links
Add missing argument
[TwigBundle] do not pass a template reference to twig
[TwigBundle] show correct fallback exception template in debug mode
[TwigBundle] remove unused email placeholder from error page
use meta charset in layouts without legacy http-equiv
Conflicts:
src/Symfony/Bundle/TwigBundle/Loader/FilesystemLoader.php
src/Symfony/Bundle/TwigBundle/Resources/views/layout.html.twig
* 2.5:
[Doc] Use Markdown syntax highlighting
[Finder] tweaked docs
[Finder] Add info about possibilities offered by SplFileInfo
fixed CS
[Security][Http][Authentication] Make a test pass on HHVM
fix components tests
[Intl] FIxed failing test
[Intl] Generated the data for ICU version 54-rc
[EventDispatcher] fix doc bloc on EventDispatcherInterface
[Validator] Update validators.zh_CN.xlf, fix translation error
bumped Symfony version to 2.5.6
updated VERSION for 2.5.5
updated CHANGELOG for 2.5.5
bumped Symfony version to 2.3.21
updated VERSION for 2.3.20
update CONTRIBUTORS for 2.3.20
updated CHANGELOG for 2.3.20
[Intl] Integrated ICU data into Intl component
Conflicts:
src/Symfony/Component/Debug/README.md
src/Symfony/Component/DependencyInjection/README.md
src/Symfony/Component/HttpKernel/Kernel.php
src/Symfony/Component/OptionsResolver/README.md
* 2.5:
fixed deps
[Debug] fixed class lookup when using PSR-0 with a target dir
fixed standalone tests
fixed standalone tests
[Validator] fixed component standalone tests
fixed standalone component tests depending on Validator and Form
fixed some composer.json to make standalone component tests pass
[SecurityBundle] fixed tests when used in standalone
* 2.4:
[Debug] fixed class lookup when using PSR-0 with a target dir
fixed standalone tests
fixed standalone tests
[Validator] fixed component standalone tests
fixed standalone component tests depending on Validator and Form
fixed some composer.json to make standalone component tests pass
[SecurityBundle] fixed tests when used in standalone
Conflicts:
src/Symfony/Component/HttpKernel/Tests/Bundle/BundleTest.php
src/Symfony/Component/Validator/composer.json
This PR was merged into the 2.6-dev branch.
Discussion
----------
Expression language extensibility
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #10512
| License | MIT
| Doc PR | not yet
The way we can add functions to an ExpressionLanguage instance is by using inheritance. #10512 tries to make the expression language in the routing flexible but using inheritance won't work when several bundles want to add functions.
So, this PR takes another approach to solve the problem globally.
Todo:
* [x] add some more tests
* [ ] add some docs
Commits
-------
7c24188 [FrameworkBundle] added a compiler pass for expression language providers
4195a91 [Routing] added support for custom expression language functions
1a39046 [Security] added support for custom expression language functions
79bcd52b [DependencyInjection] added support for custom expression language functions
184742c [ExpressionLanguage] added ExpressionFunction and ExpressionFunctionProviderInterface
* 2.5:
[Validator] Added ConstraintValidator::buildViolation() helper for BC with 2.4 API
[Validator] Fixed LegacyValidator when only a constraint is validated
Conflicts:
src/Symfony/Component/Form/Extension/Validator/Constraints/FormValidator.php
src/Symfony/Component/Validator/Constraints/AbstractComparisonValidator.php
src/Symfony/Component/Validator/Constraints/RangeValidator.php
This PR was merged into the 2.6-dev branch.
Discussion
----------
[Security] make it possible to override the default success/failure handler
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #5432, #9272, #10417, #11926
| License | MIT
| Doc PR | symfony/symfony-docs#4258
Overriding the default success/failure handler of the security firewalls is possible via the `success_handler` and `failure_handler` setting but this approach is not flexible as it does not allow you to get the options/provider key.
To sum up the problem:
* Overriding the default success/failure handler is possible via a service;
* When not overridden, the default success/failure handler gets options and the provider key;
* Those options and the provider key are injected by the factory as they are dynamic (they depend on the firewall and the provider key), so getting those options/provider key is not possible for a custom service that is only configured via the container configuration;
* Extending the default handler does not help as the injection mechanism is only triggered when no custom provider is set;
* Wrapping the default handler is not possible as the service id is dynamic.
... and of course we need to keep BC and make it work for people extending the default handler but also for people just using the interface.
Instead of the current PR, I propose this slightly different approach. It's not perfect, but given the above constraint, I think this is an acceptable trade-of.
So, several use cases:
* Using the default handler (no change);
* Using a custom handler that implements `AuthenticationSuccessHandlerInterface` directly and does not need any options (no change);
* Using a custom handler that needs the options/provider key (that's the new use case this PR supports).
This PR introduces 2 new classes that wrap custom handlers. If those classes define the `setOptions()` and/or `setProviderKey()` methods, they are automatically called with the correct arguments. Yours handler does not need to extend the default handler `DefaultAuthentication*Handler`, but doing so helps as the setters are already defined there.
Commits
-------
810eeaf [Security] made it possible to override the default success/failure handler (take 2)
36116fc [Security] made it possible to override the default success/failure handler
* 2.5:
[Command] Set the process title as late as possible
[Form] Removed constructor argument from FormTypeHttpFoundationExtension for forward compatibility with 2.5
[Validator] Simplified testing of violations
remove obsolete test file
[FrameworkBundle] output failed matched path for clarification
bug #10242 Missing checkPreAuth from RememberMeAuthenticationProvider
[Validator] Fixed StaticMethodLoaderTest to actually test something
[Form] Fixed ValidatorTypeGuesser to guess properties without constraints not to be required
Use request format from request in twig ExceptionController
fixed bug
added the possibility to return null from SimplePreAuthenticationListener
[Form] Moved POST_MAX_SIZE validation from FormValidator to request handler
[Form] Add a form error if post_max_size has been reached.
Response::isNotModified returns true when If-Modified-Since is later than Last-Modified
[WebProfilerBundle] turbolinks compatibility
Conflicts:
src/Symfony/Component/Form/Tests/Extension/Validator/Constraints/FormValidatorTest.php
* 2.4:
[Form] Removed constructor argument from FormTypeHttpFoundationExtension for forward compatibility with 2.5
[Validator] Simplified testing of violations
remove obsolete test file
[FrameworkBundle] output failed matched path for clarification
bug #10242 Missing checkPreAuth from RememberMeAuthenticationProvider
[Validator] Fixed StaticMethodLoaderTest to actually test something
[Form] Fixed ValidatorTypeGuesser to guess properties without constraints not to be required
Use request format from request in twig ExceptionController
fixed bug
added the possibility to return null from SimplePreAuthenticationListener
[Form] Moved POST_MAX_SIZE validation from FormValidator to request handler
[Form] Add a form error if post_max_size has been reached.
Response::isNotModified returns true when If-Modified-Since is later than Last-Modified
[WebProfilerBundle] turbolinks compatibility
Conflicts:
src/Symfony/Component/Form/Extension/Core/Type/FormType.php
src/Symfony/Component/Form/Extension/Validator/Constraints/FormValidator.php
src/Symfony/Component/Form/Extension/Validator/Util/ServerParams.php
src/Symfony/Component/Security/Core/Tests/Authentication/Provider/RememberMeAuthenticationProviderTest.php
src/Symfony/Component/Validator/Tests/Constraints/AbstractConstraintValidatorTest.php
* 2.3:
remove obsolete test file
[FrameworkBundle] output failed matched path for clarification
bug #10242 Missing checkPreAuth from RememberMeAuthenticationProvider
[Validator] Fixed StaticMethodLoaderTest to actually test something
[Form] Fixed ValidatorTypeGuesser to guess properties without constraints not to be required
Use request format from request in twig ExceptionController
[Form] Moved POST_MAX_SIZE validation from FormValidator to request handler
[Form] Add a form error if post_max_size has been reached.
Response::isNotModified returns true when If-Modified-Since is later than Last-Modified
[WebProfilerBundle] turbolinks compatibility
Conflicts:
src/Symfony/Component/Form/CHANGELOG.md
src/Symfony/Component/HttpFoundation/Tests/ResponseTest.php
src/Symfony/Component/Security/Core/Tests/Authentication/Provider/RememberMeAuthenticationProviderTest.php
This PR was squashed before being merged into the 2.6-dev branch (closes#10698).
Discussion
----------
[Security] Added a REMOTE_USER based listener to security firewalls
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | /
| License | MIT
| Doc PR | symfony/symfony-docs#3912
TODO
- [x] submit changes to the documentation
I've seen myself implementing a few times a REMOTE_USER based authentication listener, as a large part of security modules for Apache (Kerberos, CAS, and more) are providing the username via an environment variable.
So I thought this could benefit the whole community if directly included in the framework. It is very similar to the X509AuthenticationListener, and basing the RemoteUserAuthenticationListener on the AbstractPreAuthenticatedListener is relevant and very convenient.
Using the X509AuthenticationListener could be possible, but it is confusing to use it directly when your authentication is not certificate based.
Please let me know if I need to update anything.
Regards
Commits
-------
a2872f2 [Security] Added a REMOTE_USER based listener to security firewalls
* 2.5: (43 commits)
[Form] Fix PHPDoc for builder setData methods The underlying data variable is typed as mixed whereas the methods paramers where typed as array.
fixed CS
[Intl] Improved bundle reader implementations
[Console] guarded against invalid aliases
switch before_script to before_install and script to install
fixed typo
[HttpFoundation] Request - URI - comment improvements
[Validator] The ratio of the ImageValidator is rounded to two decimals now
[Security] Added more tests
remove `service` parameter type from XSD
[Intl] Added exception handler to command line scripts
[Intl] Fixed a few bugs in TextBundleWriter
[Intl] Updated icu.ini up to ICU 53
[Intl] Removed non-working $fallback argument from ArrayAccessibleResourceBundle
Use separated function to resolve command and related arguments
[SwiftmailerBridge] Bump allowed versions of swiftmailer
[FrameworkBundle] Remove invalid markup
[Intl] Added "internal" tag to all classes under Symfony\Component\Intl\ResourceBundle
Remove routes for removed WebProfiler actions
[Security] Fix usage of unexistent method in DoctrineAclCache.
...
Conflicts:
src/Symfony/Bundle/FrameworkBundle/Command/ServerRunCommand.php
src/Symfony/Component/HttpKernel/HttpCache/Esi.php
src/Symfony/Component/HttpKernel/Kernel.php
src/Symfony/Component/Translation/Tests/Dumper/XliffFileDumperTest.php
src/Symfony/Component/Yaml/Parser.php
src/Symfony/Component/Yaml/Tests/InlineTest.php
* 2.4: (39 commits)
[Form] Fix PHPDoc for builder setData methods The underlying data variable is typed as mixed whereas the methods paramers where typed as array.
fixed CS
[Intl] Improved bundle reader implementations
[Console] guarded against invalid aliases
switch before_script to before_install and script to install
fixed typo
[HttpFoundation] Request - URI - comment improvements
[Validator] The ratio of the ImageValidator is rounded to two decimals now
[Security] Added more tests
remove `service` parameter type from XSD
[Intl] Added exception handler to command line scripts
[Intl] Fixed a few bugs in TextBundleWriter
[Intl] Updated icu.ini up to ICU 53
[Intl] Removed non-working $fallback argument from ArrayAccessibleResourceBundle
Use separated function to resolve command and related arguments
[SwiftmailerBridge] Bump allowed versions of swiftmailer
[FrameworkBundle] Remove invalid markup
[Intl] Added "internal" tag to all classes under Symfony\Component\Intl\ResourceBundle
Remove routes for removed WebProfiler actions
[Security] Fix usage of unexistent method in DoctrineAclCache.
...
Conflicts:
.travis.yml
src/Symfony/Bundle/FrameworkBundle/Command/ServerRunCommand.php
src/Symfony/Component/HttpKernel/Kernel.php
src/Symfony/Component/Process/PhpExecutableFinder.php
* 2.3: (35 commits)
[Form] Fix PHPDoc for builder setData methods The underlying data variable is typed as mixed whereas the methods paramers where typed as array.
fixed CS
[Intl] Improved bundle reader implementations
[Console] guarded against invalid aliases
switch before_script to before_install and script to install
fixed typo
[HttpFoundation] Request - URI - comment improvements
[Security] Added more tests
remove `service` parameter type from XSD
[Intl] Added exception handler to command line scripts
[Intl] Fixed a few bugs in TextBundleWriter
[Intl] Updated icu.ini up to ICU 53
[Intl] Removed non-working $fallback argument from ArrayAccessibleResourceBundle
Use separated function to resolve command and related arguments
[SwiftmailerBridge] Bump allowed versions of swiftmailer
[FrameworkBundle] Remove invalid markup
[Intl] Added "internal" tag to all classes under Symfony\Component\Intl\ResourceBundle
Remove routes for removed WebProfiler actions
[Security] Fix usage of unexistent method in DoctrineAclCache.
backport more error information from 2.6 to 2.3
...
Conflicts:
.travis.yml
src/Symfony/Component/DependencyInjection/Loader/YamlFileLoader.php
src/Symfony/Component/DependencyInjection/Tests/Loader/XmlFileLoaderTest.php
src/Symfony/Component/HttpKernel/Kernel.php
src/Symfony/Component/Process/PhpExecutableFinder.php
This PR was merged into the 2.3 branch.
Discussion
----------
[Security] Use hash_equals for constant-time string comparison (again)
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
Use the `hash_equals` function (introduced in PHP 5.6) for timing attack safe string comparison when available.
Add in the DocBlock that length will leak (https://github.com/symfony/symfony/pull/11797#issuecomment-53990712).
Commits
-------
3071557 [Security] Add more tests for StringUtils::equals
03bd74b [Security] Use hash_equals for constant-time string comparison