* 3.0:
[Process] Fix stopping a process on Windows
[PhpUnitBridge] Add weak-verbose mode and match against message instead of test name
Added a note about the new requirement iconv.
Improved error messages for Yaml Deprecations
Added a test case for the Logger class.
[Form] Fix choices defined as Traversable
CS: general fixes
Suggested Process dependency
* 2.8:
[Process] Fix stopping a process on Windows
[PhpUnitBridge] Add weak-verbose mode and match against message instead of test name
Added a note about the new requirement iconv.
Improved error messages for Yaml Deprecations
Added a test case for the Logger class.
[Form] Fix choices defined as Traversable
CS: general fixes
Suggested Process dependency
* 2.8:
add subject variable to expression context
[Process] Fix signaling/stopping logic on Windows
Forward compatibility with AbstractLayout* 2.8 tests
[Yaml] minor CS cleaning
[Console] do not encode backslashes in console default description
This PR was merged into the 2.8 branch.
Discussion
----------
[WIP] [Ldap] Marked the Ldap component as internal
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | yes
| Deprecations? | no
| Tests pass? | no
| Fixed tickets | no
| License | MIT
| Doc PR | not yet
As mentioned earlier, the LDAP component suffers from a few problems, addressed in PR #15994
However, as raised by @Tobion, the component does not yet have tests (they can be added at a later time, though), and is not considered stable yet.
Commits
-------
3f89b2c Marked the Ldap component as internal and removed Ldap constants polyfill
This PR was merged into the 3.0-dev branch.
Discussion
----------
[Form] Drop remaing CsrfProviderAdapter/Interface mentions
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
CsrfProviderAdapter+Interface have already been removed from master, we should not use them anymore. Let's see if tests agree.
Commits
-------
5bc34d2 [Form] Drop remaing CsrfProviderAdapter/Interface mentions
* 2.8:
[Security] Deprecate "AbstractVoter" in favor of "Voter"
[Security] Revert changes made between 2.7 and 2.8-beta
Conflicts:
UPGRADE-2.8.md
src/Symfony/Component/Security/Core/Authorization/Voter/AbstractVoter.php
src/Symfony/Component/Security/Core/Tests/Authorization/Voter/AbstractVoterTest.php
* 2.8:
removed usage of the deprecated StringUtils::equals() method
Fix: Resolve tempdir symlink, not working on OSX
fixed tests
migrate session after remember me authentication
prevent timing attacks in digest auth listener
mitigate CSRF timing attack vulnerability
fix potential timing attack issue
[WebProfilerBundle] Added a top left border radius to the minified to…
[Routing] Changing RouteCollectionBuilder::import() behavior to add to the builder
[HttpKernel] Don't reset on shutdown but in FrameworkBundle/Test/KernelTestCase
[Process] PhpExecutableFinder: add regression test
* 2.8:
Fix undefined array $server
Fix call to undefined function json_last_error_message
Fix bug in windows detection
[ProxyManager] Tmp fix composer reqs issue in ZF
Fix PropertyInfo extractor namespace in framework bundle
Add missing exclusions from phpunit.xml.dist
[Serializer] ObjectNormalizer: don't serialize static methods and props
[Form] Enhance some FormRegistry deprecation messages
[Validator] [sl] BIC (SWIFT-BIC) validation constraint
[WebProfilerBundle] correct typo in show stack trace link
bumped Symfony version to 2.8.0
updated VERSION for 2.8.0-BETA1
updated CHANGELOG for 2.8.0-BETA1
Fix the server variables in the router_*.php files
[Validator] Allow an empty path with a non empty fragment or a query
The following change adds support for Armenian pluralization.
[2.3][Process] fix Proccess run with pts enabled
Conflicts:
src/Symfony/Bridge/ProxyManager/composer.json
src/Symfony/Bundle/FrameworkBundle/DependencyInjection/Compiler/FormPass.php
src/Symfony/Component/Form/FormRegistry.php
* 2.7:
Fix undefined array $server
Fix bug in windows detection
[ProxyManager] Tmp fix composer reqs issue in ZF
Add missing exclusions from phpunit.xml.dist
[Serializer] ObjectNormalizer: don't serialize static methods and props
Fix the server variables in the router_*.php files
[Validator] Allow an empty path with a non empty fragment or a query
The following change adds support for Armenian pluralization.
[2.3][Process] fix Proccess run with pts enabled
Conflicts:
composer.json
src/Symfony/Bridge/ProxyManager/composer.json
src/Symfony/Component/Security/phpunit.xml.dist
* 2.3:
Fix undefined array $server
[ProxyManager] Tmp fix composer reqs issue in ZF
Add missing exclusions from phpunit.xml.dist
Fix the server variables in the router_*.php files
[Validator] Allow an empty path with a non empty fragment or a query
The following change adds support for Armenian pluralization.
[2.3][Process] fix Proccess run with pts enabled
Conflicts:
composer.json
src/Symfony/Bridge/ProxyManager/composer.json
src/Symfony/Bundle/DebugBundle/phpunit.xml.dist
src/Symfony/Component/Security/phpunit.xml.dist
* 2.8:
Fixed tabs when there are several groups of tabs in the same page
Fix mode
Fixed failing test for HHVM
Removed unused logic in MockStream
Update coding standard for MockStream
[Filesystem] added tempnam() stream wrapper aware version of PHP's native tempnam() and fixed dumpFile to allow dumping to streams
Renamed key to secret
* 2.8:
Fix tests when no Intl extension
[VarDumper] Fix casting for ReflectionParameter
[HttpKernel] Keep 3.0 compat by not using ContainerAware
[DI] Clean a phpdoc
[Security\Core] Deprecate passing $salt to BCryptPasswordEncoder::encodePassword()
Conflicts:
src/Symfony/Component/DependencyInjection/ContainerAware.php
src/Symfony/Component/HttpKernel/Bundle/Bundle.php
src/Symfony/Component/Intl/Tests/DateFormatter/AbstractIntlDateFormatterTest.php
src/Symfony/Component/VarDumper/Tests/Caster/ReflectionCasterTest.php
src/Symfony/Component/VarDumper/Tests/Test/VarDumperTestTraitTest.php
* 2.8:
asset test coverage
[HttpKernel] PostResponseEvent should extend the KernelEvent
[travis] session.gc_probability=0 to fix transient tests on hhvm
Write the log message on a single line againn
[DI] Deprecate ContainerAware in favor of ContainerAwareTrait
[VarDumper] Deprecate VarDumperTestCase in favor of the trait
Check whether $this->logger is not null on GuardAuthenticationListener
[Console] Add progress indicator helper
Conflicts:
.travis.yml
This PR was merged into the 2.8 branch.
Discussion
----------
[Security][Guard] Check whether $this->logger is not null on GuardAuthenticationListener
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #16415
| License | MIT
| Doc PR |
Commits
-------
ebc751d Write the log message on a single line againn
713b99f Check whether $this->logger is not null on GuardAuthenticationListener
* 2.8:
[Security] Clean deps
[Security][2.7] Clean deps
[HttpKernel] Fix time-sensitive test case
[travis] Fail early when an invalid composer.json is found
Conflicts:
src/Symfony/Component/Security/Core/composer.json
src/Symfony/Component/Security/composer.json
* 2.7:
[Security][2.7] Clean deps
[HttpKernel] Fix time-sensitive test case
[travis] Fail early when an invalid composer.json is found
Conflicts:
src/Symfony/Component/Security/Core/composer.json
src/Symfony/Component/Security/composer.json
* 2.8:
removed @covers annotations in tests
removed @covers annotations in tests
removed all @covers annotations
checkCredentials() force it to be an affirmative yes!
[PropertyAccess] Major performance improvement
This PR was merged into the 2.3 branch.
Discussion
----------
removed all @covers annotations
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
Some unit tests have a `@covers` PHPUnit annotations. Most of them were added a very long time ago, but since then, we did not use them anymore and the existing ones are not maintained (see #16413). So, I propose to remove them all.
Commits
-------
1e0af36 removed all @covers annotations
This PR was squashed before being merged into the 2.8 branch (closes#16395).
Discussion
----------
checkCredentials() force it to be an affirmative yes!
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no (because 2.8 isn't released)
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
This changes `GuardAuthenticatorInterface::checkCredentials()`: you now *must* return true in order for authentication to pass.
Before: You could do nothing (i.e. return null) and authentication would pass. You threw an AuthenticationException to cause a failure.
New: You *must* return `true` for authentication to pass. If you do nothing, we will throw a `BadCredentialsException` on your behalf. You can still throw your own exception.
This was a suggestion at symfony_live to make things more secure. I think it makes sense.
Commits
-------
14acadd checkCredentials() force it to be an affirmative yes!
* 2.8:
added the new Composer exclude-from-classmap option
added the new Composer exclude-from-classmap option
fix docblock description for the build() method
fix expected argument type docblock
Set back libxml settings after testings.
fixed Twig deprecation notices
* 2.7:
added the new Composer exclude-from-classmap option
added the new Composer exclude-from-classmap option
fix expected argument type docblock
Set back libxml settings after testings.
fixed Twig deprecation notices
* 2.3:
added the new Composer exclude-from-classmap option
fix expected argument type docblock
Set back libxml settings after testings.
fixed Twig deprecation notices
This PR was merged into the 2.3 branch.
Discussion
----------
added the new Composer exclude-from-classmap option
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
Commits
-------
65bef75 added the new Composer exclude-from-classmap option
This PR was merged into the 3.0-dev branch.
Discussion
----------
remove polyfills for unsupported php versions
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
Remove obsolete polyfills in master as introduced in #16317
Commits
-------
78512cc remove polyfills for unsupported php versions
* 2.7:
added missing quotes in YAML files
[HttpKernel] Add `@group time-sensitive` on some transient tests
[DoctrineBridge] Fix issue which prevent the profiler to explain a query
Use mb_detect_encoding with $strict = true
don't allow to install the split Security packages
bumped Symfony version to 2.3.35
updated VERSION for 2.3.34
update CONTRIBUTORS for 2.3.34
updated CHANGELOG for 2.3.34
* 2.3:
added missing quotes in YAML files
[HttpKernel] Add `@group time-sensitive` on some transient tests
[DoctrineBridge] Fix issue which prevent the profiler to explain a query
Use mb_detect_encoding with $strict = true
don't allow to install the split Security packages
bumped Symfony version to 2.3.35
updated VERSION for 2.3.34
update CONTRIBUTORS for 2.3.34
updated CHANGELOG for 2.3.34
This PR was merged into the 2.3 branch.
Discussion
----------
[Security] don't allow to install the split Security packages
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #16134
| License | MIT
| Doc PR |
Currently, you would be able to install the Security component fromm
Symfony 2.3 together with one of the split packages from a higher
Symfony vesion like this:
```json
{
"require": {
"symfony/symfony": "2.3.*",
"symfony/security-core": "~2.7"
}
}
```
However, you will end up with classes being present twice.
This must be reverted after merging up in the `2.7` branch.
Commits
-------
0d14064 don't allow to install the split Security packages
Currently, you would be able to install the Security component fromm
Symfony 2.3 together with one of the split packages from a higher
Symfony vesion like this:
```json
{
"require": {
"symfony/symfony": "2.3.*",
"symfony/security-core": "~2.7"
}
}
```
However, you will end up with classes being present twice.
This must be reverted after merging up in the `2.7` branch.
* 2.8:
Fix the FrameworkBundle dependencies
[DoctrineBridge] Fix required guess of boolean fields
[DI] don't use array_map to resolve services
Remove dead code in the PropertyPath constructor
[EventDispatcher] fix docblock
[Process] Inherit env vars by default in PhpProcess
Changed one console output style to avoid visual issues
[VarDumper] Fix return type and anonymous classes dumping
[FrameworkBundle] PropertyInfo support
[HttpFoundation] Fixes /0 subnet handling in IpUtils
[Form] Simplify DateTimeToStringTransformer Avoid unneeded catch and re-throw of the same exception.
[Minor] [Serializer] Removed second license header
[TwigBundle] added a Twig templates warmer when templating is disabled
[HttpKernel] Remove a duplicate test for the EsiFragmentRenderer
[Templating] deprecate low-level RouterHelper::generate method as it's cumbersome to use constants in templates
[Templating] introduce path and url methods in php templates to be in line with twig templates
[Routing] deprecate the old url generator reference type values
[Routing] use constant in a test that is new in 2.7
[FrameworkBundle] Add a new ClassCache cache warmer
[Validator] Add expressionLanguage to ExpressionValidator constructor
Conflicts:
src/Symfony/Bundle/FrameworkBundle/Resources/config/services.xml
src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/ConfigurationTest.php
src/Symfony/Bundle/FrameworkBundle/composer.json
src/Symfony/Component/BrowserKit/composer.json
src/Symfony/Component/ClassLoader/ClassCollectionLoader.php
src/Symfony/Component/EventDispatcher/EventDispatcher.php
* 2.8:
[Routing] use constants in tests
[Process] tweaked README
[TwigBundle] Fix Twig cache is not properly warmed
[Validator] Allow an empty path in a URL with only a fragment or a query
[Security] Use SessionAuthenticationStrategy on RememberMe login
[HttpFoundation] Fix some typo in the Request doc
fixed CS
Added separated handling of root paths
* 2.7:
[Routing] use constants in tests
[Process] tweaked README
[Validator] Allow an empty path in a URL with only a fragment or a query
[HttpFoundation] Fix some typo in the Request doc
fixed CS
Added separated handling of root paths
* 2.3:
[Routing] use constants in tests
[Validator] Allow an empty path in a URL with only a fragment or a query
[HttpFoundation] Fix some typo in the Request doc
fixed CS
Added separated handling of root paths
* 2.8:
Added UserLoaderInterface for loading users through Doctrine.
Fix the detection of the deprecated usage of the ValidationListener
Use entry_type instead of type
[Form] Fix missing notice for deprecated `type`
[DI] Autowiring: w/a https://bugs.php.net/62715
* 2.8:
[PhpUnit] Auto-register SymfonyTestsListener
[phpunit] Upgrade when a change is detected and when install subcommand is used
[Filesystem] Fix test on Windows
Fix merge
[HttpFoundation] Extend ClockMock to session storage tests
[Process] Don't use @requires on abstract class
[VarDumper] Fix wordwrap with Bootstrap
Fix the BC layer for the key->secret renaming for remember_me
Fix potential access to undefined index
Conflicts:
src/Symfony/Bundle/SecurityBundle/DependencyInjection/Security/Factory/RememberMeFactory.php
src/Symfony/Component/HttpFoundation/Tests/Session/Storage/Handler/LegacyPdoSessionHandlerTest.php
src/Symfony/Component/Locale/phpunit.xml.dist
This PR was merged into the 2.7 branch.
Discussion
----------
[2.7][tests] Use @requires annotation when possible
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
Commits
-------
b028aea [tests] Use @requires annotation when possible
* 2.8: (21 commits)
[Security][bugfix] "Remember me" cookie cleared on logout with custom "secure"/"httponly" config options [1]
[ci] Use current PHP_BINARY when running ./phpunit
Fixed typos
[UPGRADE-3.0] fix bullet indentation
Throw exception if tempnam returns false in ProcessPipes
[DomCrawler] Deprecated using /_root/ in XPath expressions
Pass missing request template variables
Simplify AbstractVoter
[Form] add missing deprecation triggers
Throw exception if tempnam returns false
Fix PropertyAccessor modifying array in object when array key does not exist
[DependencyInjection] Add autowiring capabilities
Fixing typo in variable name
Add a few additional tests for the Crawler
[Form] remove obsolete deprecation comments
Updated the style of the event commands
[Debug] Deprecate providing $fileLinkFormat as second argument
[Form] minor CS fix
Updated PHPDoc of the AbstractVoter class
[Security] InMemoryUserProvider now concerns whether user's password is changed when refreshing
...
* 2.7:
[Security][bugfix] "Remember me" cookie cleared on logout with custom "secure"/"httponly" config options [1]
[ci] Use current PHP_BINARY when running ./phpunit
Fixed typos
[UPGRADE-3.0] fix bullet indentation
Fix PropertyAccessor modifying array in object when array key does not exist
[Security] InMemoryUserProvider now concerns whether user's password is changed when refreshing
* 2.3:
[Security][bugfix] "Remember me" cookie cleared on logout with custom "secure"/"httponly" config options [1]
[ci] Use current PHP_BINARY when running ./phpunit
Fixed typos
[UPGRADE-3.0] fix bullet indentation
[Security] InMemoryUserProvider now concerns whether user's password is changed when refreshing
This PR was squashed before being merged into the 2.3 branch (closes#14842).
Discussion
----------
[Security][bugfix] "Remember me" cookie cleared on logout with custom "secure"/"httponly" config options [1]
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #14822
| License | MIT
| Doc PR | ~
* test now always pass "secure" and "httponly" options, as they are required
* could be considered BC, but [`RememberMeFactory` passes them](https://github.com/symfony/symfony/blob/2.3/src/Symfony/Bundle/SecurityBundle/DependencyInjection/Security/Factory/RememberMeFactory.php#L21), so they should've always been treated as required
* I can squash the commits before merging
* Alternative solution: #14843
Commits
-------
18b1c6a [Security][bugfix] "Remember me" cookie cleared on logout with custom "secure"/"httponly" config options [1]
This PR was merged into the 2.3 branch.
Discussion
----------
[Security] InMemoryUserProvider now concerns whether user's password is changed when refreshing
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
When a user has changed own password, I want to logout any sessions which is authenticated by its user except changer itself.
[DaoAuthenticationManager::checkAuthentication()](https://github.com/symfony/symfony/blob/2.3/src/Symfony/Component/Security/Core/Authentication/Provider/DaoAuthenticationProvider.php#L59) method seems to concern about it.
But, this situation actually never happens because both users that will be passed to this method are always identical in re-authentication.
It's because the token refreshes own user via [ContextListener](https://github.com/symfony/symfony/blob/2.3/src/Symfony/Component/Security/Http/Firewall/ContextListener.php#L90) before re-authentication.
Commits
-------
729902a [Security] InMemoryUserProvider now concerns whether user's password is changed when refreshing
This PR was merged into the 2.8 branch.
Discussion
----------
Simplify AbstractVoter
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no, just simplification
| BC breaks? | no, because 2.8 is not yet released
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
Commits
-------
93de659 Simplify AbstractVoter
* 2.8:
Updated the stlyes of the YAML commands
[Security] Configuring a user checker per firewall
[PropertyInfo] Test behavior when an extractor return null.
This PR was squashed before being merged into the 2.8 branch (closes#14721).
Discussion
----------
[Security] Configuring a user checker per firewall
_Changed my base branch to avoid issues, closed old PR_
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed ticket | #11090 and helps #14673
| License | MIT
| Doc PR | symfony/symfony-docs/pull/5530
This pull request adds support for a configurable user checker per firewall. An example could be:
```yml
services:
app.user_checker:
class: App\Security\UserChecker
arguments:
- "@request_stack"
security:
firewalls:
secured_area:
pattern: ^/
anonymous: ~
basic_auth: ~
user_checker: app.user_checker
```
The above example will use the `UserChecker` defined as `app.user_checker`. If the `user_checker` option is left empty, `security.user_checker` will be used. If the `user_checkers` option is not defined, it will fall back to the original behavior to not break backwards compatibility and will validate using the existing `UserChecker`: `security.user_checker`.
I left the default argument in the service definitions to be `security.user_checker` to include backwards compatibility for people who for some reason don't have the extension executed. You can obtain the checker for a specific firewall by appending the firewall name to it. For the firewall `secured_area`, this would be `security.user_checker.secured_area`.
Commits
-------
76bc662 [Security] Configuring a user checker per firewall
This PR was merged into the 3.0-dev branch.
Discussion
----------
[3.0][Security] Remove deprecated features (follow up of #15899)
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | yes
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #15899
| License | MIT
| Doc PR | -
- updated UPGRADE-3.0.md
- removed unused `supportsClass` methods
- changed visibility of `supportsAttribute` methods from public to private, removed `inheritdoc` annotation from them because there is no definition for this methods in parent interface
- removed tests for `supportsClass` and `supportsAttribute` method
- removed unused mock creation
Commits
-------
437398d [3.0][Security] Remove deprecated features (follow up of #15899)
This PR was merged into the 3.0-dev branch.
Discussion
----------
[HttpFoundation] removed the ParameterBag::get() deep argument
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
Commits
-------
317f7b4 [HttpFoundation] removed the ParameterBag::get() deep argument
* 2.8:
add dependency required by a replaced package
Add a way to group toolbar info pieces
Added general sf-toolbar-block-right class
Bind input before executing the COMMAND event
Since #16007, the Security HTTP component requires the PropertyAccess
component to access nested parameter bag values. Since the Security
component replaces the Security HTTP component, all dependencies of the
replaced packages must be mirrored here.
* 2.8:
Remove profiler storages
deprecate finding deep items in request parameters
[CssSelector] updated README
[CssSelector] remove ConverterInterface
[DependencyInjection] improved a comment for reading fluency
[HttpKernel] change a class in tests to avoid depending on SQLite
[FrameworkBundle] Fix tests
[Bridge\Twig] Fix form lowest version
[ci] Display fastest results first when running tests in parallel
[Yaml] Improve newline handling in folded scalar blocks
* The `LegacyAbstractVoterTest` class is not needed anymore, tests have
been moved to the `AbstractVoterTest` class tagging them with the
legacy group.
* Tests are applied on `stdClass` object instances. Thus, the legacy
voter fixture class must not support `AbstractVoterTest_Object`
instances, but support `stdClass` objects instead.
* 2.8:
[Finder] simplified code
Fix tests in 2.8
[Validator] Sync polish translation file
Adding a class to make it easier to set custom authentication error messages
Readd the correct tests
"Fiş" is a correct translation for "token", however "bilet" is also used, I fixed that inconsistency. Moreover, "kimlik bilgileri" is a better translation for "credentials" than "girdiler". "Girdiler" is the translation of "inputs", so I fixed sentences with "credentials". "Hesap engellenmiş" is better than "Hesap devre dışı bırakılmış" for "Account is disabled.". "Digest nonce has expired" can be translated better as "Derleme zaman aşımına uğradı." because "Derleme zaman aşımı gerçekleşti" has a confirmation sense like user requested it to expire and it has expired.
References:
token: http://tureng.com/search/token (3rd entry)
credentials: http://www2.zargan.com/tr/q/credentials-ceviri-nedir (1st entry)
disable: http://tureng.com/search/disable (15th entry)
This PR was merged into the 2.8 branch.
Discussion
----------
Easier Custom Authentication errors
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | not yet
This makes failing authentication with a custom message much easier:
```php
throw CustomAuthenticationException::createWithSafeMessage(
'That was a ridiculous username'
);
// or
$e = new CustomAuthenticationException();
$e->setSafeMessage('That was a ridiculous username');
throw $e;
```
Currently, to do this, you'd need to create a new sub-class of `AuthenticationException`, which is way more work than it needs to be. The original design was so that all messages exposed are safe, which is why I've named the methods like I have.
Thanks!
Commits
-------
d7c1463 Adding a class to make it easier to set custom authentication error messages
This PR was merged into the 2.7 branch.
Discussion
----------
[Security] Improve AbstractVoter tests
Applying the improved tests from https://github.com/symfony/symfony/pull/15932 into the oldest possible branch.
Merge conflicts from 2.7 into 2.8 caused by this PR do not need to be done carefully, I'll create a new PR for 2.8 updating the tests as soon as these changes are merged up.
| Q | A
| ------------- | ---
| Fixed tickets | -
| License | MIT
Commits
-------
5ff741d Readd the correct tests
* 2.8: (28 commits)
Detect Mintty for color support on Windows
Detect Mintty for color support on Windows
[WebProfilerBundle] Fix search button click listener
[Form][Type Date/Time] added choice_translation_domain option.
Massively simplifying the BC and deprecated-throwing code thanks to suggestions by stof in #15870
Making all "debug" messages use the debug router
Making GuardTokenInterface extend TokenInterface
Updating behavior to not continue after an authenticator has set the response
Add a group for tests of the finder against the FTP server
Fix trigger_error calls
Fix legacy security tests
tweaking message related to configuration edge case that we want to be helpful with
Minor tweaks - lowering the required security-http requirement and nulling out a test field
Fix license headers
Fix license headers
Fix license headers
Ensure the ClockMock is loaded before using it in the testsuite
Allow serializer 3.0 in the PropertyInfo component
Add the replace rules for the security-guard component
Forbid serializing a Crawler
...
* 2.7:
Detect Mintty for color support on Windows
Detect Mintty for color support on Windows
Add a group for tests of the finder against the FTP server
Fix license headers
Forbid serializing a Crawler
Fix phpdoc block of NativeSessionStorage class
Added exception when setAutoInitialize is called when locked
[FrameworkBundle] Advanced search templates of bundles
[Security] Allow user providers to be defined in many files
Use random_bytes function if it is available for random number generation
* 2.3:
Detect Mintty for color support on Windows
Add a group for tests of the finder against the FTP server
Fix license headers
Forbid serializing a Crawler
Fix phpdoc block of NativeSessionStorage class
Added exception when setAutoInitialize is called when locked
[FrameworkBundle] Advanced search templates of bundles
[Security] Allow user providers to be defined in many files
Use random_bytes function if it is available for random number generation
This PR was merged into the 2.8 branch.
Discussion
----------
Updating behavior to not continue after an authenticator has set the response
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | https://github.com/symfony/symfony/pull/14673/files#r40492765
| License | MIT
| Doc PR | n/a
This mirrors the behavior in core: *if* a listener sets a response (on success or failure),
then the other listeners are not called. But if a response is *not* set
(which is sometimes the case for success, like in BasicAuthenticationListener),
then the other listeners are called, and can even fail.
It's all a bit of an edge-case, as only one authenticator (like authentication listener) would normally be doing any work on a request, but I think matching the other listeners (since I'm not aware of anyone having issues with its behavior) is best.
Commits
-------
5fa2684 Making all "debug" messages use the debug router
f403444 Updating behavior to not continue after an authenticator has set the response
This PR was merged into the 2.8 branch.
Discussion
----------
Abstract voter tweaks
| Q | A
| ------------- | ---
| Bug fix? | yes (a little)
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
Based on suggestions from stof in #15870, this simplifies the BC and deprecation throwing code. This also adds a BadMethodCallException in case the user doesn't override `isGranted` *or* `voteOnAttribute`, because that's just plain wrong (as is calling `isGranted()` on the parent class directly, since that was formerly abstract).
Commits
-------
c03f5c2 Massively simplifying the BC and deprecated-throwing code thanks to suggestions by stof in #15870
This PR was merged into the 2.8 branch.
Discussion
----------
Making GuardTokenInterface extend TokenInterface
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #15884
| License | MIT
| Doc PR | n/a
See #15884
Commits
-------
7f04fbb Making GuardTokenInterface extend TokenInterface
This PR was merged into the 2.8 branch.
Discussion
----------
Guard minor tweaks
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
Various completely minor things, most from suggestions on #14673
Commits
-------
869d5a7 tweaking message related to configuration edge case that we want to be helpful with
da4758a Minor tweaks - lowering the required security-http requirement and nulling out a test field
This PR was merged into the 2.8 branch.
Discussion
----------
Add the replace rules for the security-guard component
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
The update of composer replacements was forgotten in #14673
Commits
-------
5ef8abc Add the replace rules for the security-guard component
This PR was merged into the 2.8 branch.
Discussion
----------
Fix legacy security tests
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
when merging legacy test classes together in #15893, use statements where not copied, making the tests fail.
Commits
-------
8b615bb Fix legacy security tests
This mirrors the behavior in core: *if* a listener sets a response (on success or failure),
then the other listeners are not called. But if a response is *not* set
(which is sometimes the case for success, like in BasicAuthenticationListener),
then the other listeners are called, and can even fail.
This PR was merged into the 2.8 branch.
Discussion
----------
Merged LegacySecurityContext tests
I've no idea why this test was introduced in the wrong namespace in 2.8, but I merged it in the correct test case now.
Commits
-------
2c4da3c Merged LegacySecurityContext tests
* 2.8: (23 commits)
[Validator] added BIC (SWIFT-BIC) validation constraint
[TwigBridge] Foundation form layout integration
[Security] Deprecated supportsAttribute and supportsClass methods
bumped Symfony version to 2.7.6
updated VERSION for 2.7.5
updated CHANGELOG for 2.7.5
bumped Symfony version to 2.3.34
updated VERSION for 2.3.33
update CONTRIBUTORS for 2.3.33
updated CHANGELOG for 2.3.33
[Console] Fix transient HHVM test
[OptionsResolver] Fix catched exception along the dependency tree mistakenly detects cyclic dependencies
fixed tests
[DI] Support deprecated definitions in decorators
[DI] Allow to change the deprecation message in Definition
[DI] Trigger a deprecated error on the container builder
[DI] Dump the deprecated status
[DI] Supports the deprecated tag in loaders
[DI] Add a deprecated status to definitions
Fixing test locations
...
This PR was squashed before being merged into the 2.8 branch (closes#15151).
Discussion
----------
[Security] Deprecated supportsAttribute and supportsClass methods
These methods aren't used at all in a Symfony application and don't make sense to use in the application. They are only used internally in the voters. This means the voter interface can be made much easier.
I'm not sure how we do these deprecations, should we remove the methods from the interface now already? Also, I don't think it's possible to trigger deprecation notices for the voter methods?
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | yes
| Tests pass? | yes
| Fixed tickets | one of #11742
| License | MIT
| Doc PR | -
Abstract Voter
---
There is one remaining question about the abstract voter. This currently has abstract `getSupportedAttributes()` and `getSupportedClass()` methods. One of the reasons to remove the methods for the interface was that these methods are not flexible. Does it make sense to deprecate these methods as well and replace them by an abstract `protected vote(array $attributes, $class)` method in the `AbstractVoter` (which is called from `AbstractVoter#vote()`) ?
Commits
-------
6588708 [Security] Deprecated supportsAttribute and supportsClass methods
* 2.7:
[Console] Fix transient HHVM test
[OptionsResolver] Fix catched exception along the dependency tree mistakenly detects cyclic dependencies
fixed tests
Fixing test locations
[VarDumper] Fix dump comparison on large arrays
[expression-language] Code Cleanup for GetAttrNode
* 2.8: (29 commits)
Updating AbstractVoter so that the method receives the TokenInterface
Adding the necessary files so that Guard can be its own installable component
Fix syntax in a test
Normalize the way we check versions
Avoid errors when generating the logout URL when there is no firewall key
Removing unnecessary override
fabbot
Adding a new exception and throwing it when the User changes
Fixing a bug where having an authentication failure would log you out.
Tweaks thanks to Wouter
Adding logging on this step and switching the order - not for any huge reason
Adding a base class to assist with form login authentication
Allowing for other authenticators to be checked
meaningless author and license changes
Adding missing factory registration
Thanks again fabbot!
A few more changes thanks to @iltar
Splitting the getting of the user and checking credentials into two steps
Tweaking docblock on interface thanks to @iltar
Adding periods at the end of exceptions, and changing one class name to LogicException thanks to @iltar
...
Conflicts:
UPGRADE-2.8.md
src/Symfony/Bridge/Twig/Tests/Node/DumpNodeTest.php
src/Symfony/Bundle/FrameworkBundle/Command/ServerCommand.php
src/Symfony/Component/Validator/Tests/Constraints/AbstractComparisonValidatorTestCase.php
src/Symfony/Component/Validator/Tests/Constraints/IdenticalToValidatorTest.php
src/Symfony/Component/Validator/Tests/Constraints/RangeValidatorTest.php
This PR was merged into the 2.8 branch.
Discussion
----------
New Guard Authentication System (e.g. putting the joy back into security)
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | at least partially: #14300, #11158, #11451, #10035, #10463, #8606, probably more
| License | MIT
| Doc PR | symfony/symfony-docs#5265
Hi guys!
Though it got much easier in 2.4 with `pre_auth`, authentication is a pain in Symfony. This introduces a new authentication provider called guard, with one goal in mind: put everything you need for *any* authentication system into one spot.
### How it works
With guard, you can perform custom authentication just by implementing the [GuardAuthenticatorInterface](https://github.com/weaverryan/symfony/blob/guard/src/Symfony/Component/Security/Guard/GuardAuthenticatorInterface.php) and registering it as a service. It has methods for every part of a custom authentication flow I can think of.
For a working example, see https://github.com/weaverryan/symfony-demo/tree/guard-auth. This uses 2 authenticators simultaneously, creating a system that handles [form login](https://github.com/weaverryan/symfony-demo/blob/guard-auth/src/AppBundle/Security/FormLoginAuthenticator.php) and [api token auth](https://github.com/weaverryan/symfony-demo/blob/guard-auth/src/AppBundle/Security/TokenAuthenticator.php) with a respectable amount of code. The [security.yml](https://github.com/weaverryan/symfony-demo/blob/guard-auth/app/config/security.yml) is also quite simple.
This also supports "manual login" without jumping through hoops: https://github.com/weaverryan/symfony-demo/blob/guard-auth/src/AppBundle/Controller/SecurityController.php#L45
I've also tested with "remember me" and "switch user" - no problems with either.
I hope you like it :).
### What's Needed
1) **Other Use-Cases?**: Please think about the code and try it. What use-cases are we *not* covering? I want Guard to be simple, but cover the 99.9% use-cases.
2) **Remember me** functionality cannot be triggered via manual login. That's true now, and it's not fixed, and it's tricky.
### Deprecations?
This is a new feature, so no deprecations. But, creating a login form with a guard authenticator is a whole heck of a lot easier to understand than `form_login` or even `simple_form`. In a perfect world, we'd either deprecate those or make them use "guard" internally so that we have just **one** way of performing authentication.
Thanks!
Commits
-------
a01ed35 Adding the necessary files so that Guard can be its own installable component
d763134 Removing unnecessary override
e353833 fabbot
dd485f4 Adding a new exception and throwing it when the User changes
302235e Fixing a bug where having an authentication failure would log you out.
396a162 Tweaks thanks to Wouter
c9d9430 Adding logging on this step and switching the order - not for any huge reason
31f9cae Adding a base class to assist with form login authentication
0501761 Allowing for other authenticators to be checked
293c8a1 meaningless author and license changes
81432f9 Adding missing factory registration
7a94994 Thanks again fabbot!
7de05be A few more changes thanks to @iltar
ffdbc66 Splitting the getting of the user and checking credentials into two steps
6edb9e1 Tweaking docblock on interface thanks to @iltar
d693721 Adding periods at the end of exceptions, and changing one class name to LogicException thanks to @iltar
eb158cb Updating interface method per suggestion - makes sense to me, Request is redundant
c73c32e Thanks fabbot!
6c180c7 Adding an edge case - this should not happen anyways
180e2c7 Properly handles "post auth" tokens that have become not authenticated
873ed28 Renaming the tokens to be clear they are "post" and "pre" auth - also adding an interface
a0bceb4 adding Guard tests
05af97c Initial commit (but after some polished work) of the new Guard authentication system
330aa7f Improving phpdoc on AuthenticationEntryPointInterface so people that implement this understand it
This is quite technical. As you can see in the provider, the method is called
sometimes when the User changes, and so the token becomes de-authenticated (e.g.
someone else changes the password between requests).
In practice, the user should be unauthenticated. Using the anonymous token did this,
but throwing an AccountStatusException seems like a better idea. It needs to be an
AccountStatusException because the ExceptionListener from the Firewall looks for exceptions
of this class and logs the user out when they are found (because this is their purpose).
This solution is a copy of what AbstractAuthenticationListener does. Scenario:
1) Login
2) Go back to the log in page
3) Put in a bad user/pass
You *should* still be logged in after a failed attempt. This commit gives that behavior.
This looks like a subjective change (one more method, but the method implementations are
simpler), but it wasn't. The problem was that the UserChecker checkPreAuth should happen
*after* we get the user, but *before* the credentials are checked, and that wasn't possible
before this change. Now it is.
Here is the flow:
A) You login using guard and are given a PostAuthGuardToken
B) Your user changes between requests - AbstractToken::setUser() and hasUserChanged() - which
results in the Token becoming "not authenticated"
C) Something calls out to the security system, which then passes the no-longer-authed
token back into the AuthenticationProviderManager
D) Because the PostauthGuardToken implements GuardTokenInterface, the provider responds
to it. But, seeing that this is a no-longer-authed PostAuthGuardToken, it returns
an AnonymousToken, which triggers logout
The reason is that the GuardAuthenticationProvider *must* respond to *all* tokens
created by the system - both "pre auth" and "post auth" tokens. The reason is that
if a "post auth" token becomes not authenticated (e.g. because the user changes between
requests), then it may be passed to the provider system. If no providers respond (which
was the case before this commit), then AuthenticationProviderManager throws an exception.
The next commit will properly handle these "post auth" + "no-longer-authenticated" tokens,
which should cause a log out.
* 2.8:
bumped minimal version in appveyor to 5.3.9
[VarDumper] Fix missing support for dumping PHP7 return type
Require security-acl 2.7 for BC
[travis] disable symfony_debug ext when deps!=no
Require actual version of ACL component until ACL/2.8 branch released
Do not normalize the kernel root directory path (see symfony/symfony#15474).
Don't trigger deprecation on interfaces
[Debug] Ignore silencing for deprecations
[ci] Run minimal versions on appveyor only
Deprecated Security ClassUtils in favor of Acl ClassUtils
Fix appveyor file
consistently use str_replace to unify directory separators (remaining)
* 2.7:
[VarDumper] Fix missing support for dumping PHP7 return type
[travis] disable symfony_debug ext when deps!=no
Do not normalize the kernel root directory path (see symfony/symfony#15474).
Don't trigger deprecation on interfaces
[Debug] Ignore silencing for deprecations
[ci] Run minimal versions on appveyor only
Fix appveyor file
consistently use str_replace to unify directory separators (remaining)
* 2.8: (21 commits)
Fix merge
Fix typo
Various fixes esp. on Windows
Fix the validation of form resources to register the default theme
Fix the retrieval of the value with property path when using a loader
[appveyor] minor enhancements
[Process] Disable failing tests on Windows
[Translation] Fix the string casting in the XliffFileLoader
Windows and Intl fixes
Add appveyor.yml for C.I. on Windows
[VarDumper] fixed HtmlDumper to target specific the head tag
[travis] merge php: nightly and deps=high test-matrix lines
consistently use str_replace to unify directory separators
Support omitting the <target> node in an .xlf file.
Fix the handling of values for multiple choice types
moved PHP nightly to PHP 7.0
fixed tests using deprecation features
[Form] made deprecation notice more precise
fixed CS
Fix BC break after split of ACL from core
...
Conflicts:
.travis.yml
composer.json
src/Symfony/Bundle/TwigBundle/DependencyInjection/Configuration.php
src/Symfony/Component/Intl/DateFormatter/IntlDateFormatter.php
src/Symfony/Component/Intl/Tests/DateFormatter/AbstractIntlDateFormatterTest.php
src/Symfony/Component/Locale/Tests/LocaleTest.php
* 2.7:
Various fixes esp. on Windows
Fix the validation of form resources to register the default theme
Fix the retrieval of the value with property path when using a loader
[appveyor] minor enhancements
[Process] Disable failing tests on Windows
[Translation] Fix the string casting in the XliffFileLoader
Windows and Intl fixes
Add appveyor.yml for C.I. on Windows
[VarDumper] fixed HtmlDumper to target specific the head tag
[travis] merge php: nightly and deps=high test-matrix lines
consistently use str_replace to unify directory separators
Support omitting the <target> node in an .xlf file.
Fix the handling of values for multiple choice types
moved PHP nightly to PHP 7.0
[Security] Add missing docblock in PreAuthenticatedToken
Conflicts:
.travis.yml
* 2.3:
Windows and Intl fixes
Add appveyor.yml for C.I. on Windows
[travis] merge php: nightly and deps=high test-matrix lines
[Security] Add missing docblock in PreAuthenticatedToken
Conflicts:
.travis.yml
src/Symfony/Component/Filesystem/Tests/FilesystemTest.php
src/Symfony/Component/HttpFoundation/JsonResponse.php
src/Symfony/Component/Intl/DateFormatter/IntlDateFormatter.php
* 2.8:
[Locale] Add missing @group legacy annotations
[Form] Add missing @group legacy annotations
[Form] Use FQCN form types
Fix security-acl deps
Fix typo
[Security] Removed security-acl from the core
fixed typos
Fix doctrine mapping validation type error
Remove skipping of tests based on ICU data version whenever possible
Fix the handling of null as locale in the stub intl classes
do not dump leading backslashes in class names
fix issue #15377
Skip ::class constant
[Config] type specific check for emptiness
[Form] Deprecated FormTypeInterface::getName() and passing of type instances
Conflicts:
UPGRADE-2.8.md
composer.json
src/Symfony/Bridge/Doctrine/composer.json
src/Symfony/Bridge/Twig/composer.json
src/Symfony/Bundle/SecurityBundle/composer.json
src/Symfony/Component/ClassLoader/ClassMapGenerator.php
src/Symfony/Component/DependencyInjection/Tests/ContainerTest.php
src/Symfony/Component/Form/Tests/AbstractExtensionTest.php
src/Symfony/Component/Form/Tests/AbstractLayoutTest.php
src/Symfony/Component/Form/Tests/SimpleFormTest.php
src/Symfony/Component/Locale/Tests/LocaleTest.php
src/Symfony/Component/Locale/Tests/Stub/StubLocaleTest.php
src/Symfony/Component/Security/Acl/README.md
src/Symfony/Component/Security/Acl/composer.json
This PR was squashed before being merged into the 2.8 branch (closes#15013).
Discussion
----------
[Security] Removed security-acl from the core
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | part of #14718
| License | MIT
| Doc PR | ~
The `Security\Acl` is removed from the core and is loaded from its own repository. All tests were passing and this is fully backwards compatible. I have removed all but the Test files in the first step and added the dependency to verify the Test were still working with the package dependency. The second step was to remove the remaining test files and tests are still running for both the Bundle and the Framework. Once the Read-Only repository is a full standalone repository, this PR can be merged.
- [x] Remove component from the core
- [ ] Remove read-only from https://github.com/symfony/security-acl
Once this PR is merged, I can start working on splitting the SecurityBundle and extracting the ACL part to the AclBundle.
/cc @fabpot
Commits
-------
b26a449 [Security] Removed security-acl from the core
* 2.8: (63 commits)
[Debug] Deprecate ExceptionHandler::createResponse
[Debug] cleanup ExceptionHandlerTest
Reordered the toolbar elements via service priorities
bumped Symfony version to 2.7.4
Increased the z-index of .sf-toolbar-info
Removed an unused media query
updated VERSION for 2.7.3
updated CHANGELOG for 2.7.3
Redesigned "abbr" elements
Restored the old behavior for toolbars with lots of elements
Tweaks and bug fixes
Added some upgrade notes about the new toolbar design
fixed typo in translation keys
Fix the return value on error for intl methods returning arrays
Removed an useless CSS class and added styles for <hr>
Added a new profiler_markup_version to improve BC of the new toolbar
Fix merge
Removed an unused import
Reverted the feature to display different toolbar versions
Minor JavaScript optimizations
...
Conflicts:
CHANGELOG-2.7.md
UPGRADE-2.8.md
src/Symfony/Bundle/FrameworkBundle/Resources/config/collectors.xml
src/Symfony/Component/Debug/composer.json
src/Symfony/Component/HttpKernel/HttpCache/HttpCache.php
* 2.7:
[php7] Fix for substr() always returning a string
[Security] Do not save the target path in the session for a stateless firewall
Fix calls to HttpCache#getSurrogate triggering E_USER_DEPRECATED errors.
[DependencyInjection] fixed FrozenParameterBag and improved Parameter…
* 2.3:
[php7] Fix for substr() always returning a string
[Security] Do not save the target path in the session for a stateless firewall
[DependencyInjection] fixed FrozenParameterBag and improved Parameter…
Conflicts:
src/Symfony/Component/Debug/Tests/ErrorHandlerTest.php
src/Symfony/Component/Security/Http/Firewall/ExceptionListener.php
* 2.8:
[Yaml] throw a ParseException on invalid data type
[TwigBridge] type-dependent path discovery
Resources as string have the same problem
Introduce failing test case when a SplFileInfo object is passed to the extract() method in the TwigExtractor.
#15331 add infos about deprecated classes to UPGRADE-3.0
[Asset] removed unused private property.
[Twig+FrameworkBundle] Fix forward compat with Form 2.8
[2.6] Static Code Analysis for Components
[Security/Http] Fix test relying on a private property
[Serializer] Fix bugs reported in b5990be491 (commitcomment-12301266)
[Form] Fix not-BC test assertion
[Security] Moved Simple{Form,Pre}AuthenticatorInterfaces to Security\Http
[Security] removed useless else condition in SwitchUserListener class.
[travis] Tests deps=low with PHP 5.6
Implement resettable containers
[Console] Fix console output with closed stdout
* 2.7:
[Yaml] throw a ParseException on invalid data type
[TwigBridge] type-dependent path discovery
Resources as string have the same problem
Introduce failing test case when a SplFileInfo object is passed to the extract() method in the TwigExtractor.
#15331 add infos about deprecated classes to UPGRADE-3.0
[Asset] removed unused private property.
[Security] removed useless else condition in SwitchUserListener class.
[travis] Tests deps=low with PHP 5.6
[Console] Fix console output with closed stdout
* 2.6:
[Yaml] throw a ParseException on invalid data type
#15331 add infos about deprecated classes to UPGRADE-3.0
[Security] removed useless else condition in SwitchUserListener class.
[travis] Tests deps=low with PHP 5.6
[Console] Fix console output with closed stdout
* 2.7:
[Twig+FrameworkBundle] Fix forward compat with Form 2.8
[2.6] Static Code Analysis for Components
[Security/Http] Fix test relying on a private property
[Serializer] Fix bugs reported in b5990be491 (commitcomment-12301266)
Conflicts:
src/Symfony/Bridge/Twig/Resources/views/Form/form_div_layout.html.twig
src/Symfony/Bundle/FrameworkBundle/Resources/views/Form/widget_attributes.html.php
src/Symfony/Component/Security/Http/Tests/Firewall/AnonymousAuthenticationListenerTest.php
* 2.8: (27 commits)
[2.8] Fix 3.0 incompatible deps
[HttpKernel] Fix lowest dep
[Security] fix check for empty usernames
[Form] updated exception message of ButtonBuilder::setRequestHandler()
[travis] Fix deps=high jobs
Fix typo 'assets.package' => 'assets.packages' in UPGRADE-2.7
[Serializer] Simplify AbstractNormalizer::prepareForDenormalization()
[HttpFoundation] [PSR-7] Allow to use resources as content body and to return resources from string content
[DependencyInjection] Forbid container cloning
[HttpFoundation] Fix Response::closeOutputBuffers() for HHVM 3.3
[WebProfilerBundle] Add link to show profile of latest request
[DependencyInjection] Remove unused code in XmlFileLoader
[HttpFoundation] Behaviour change in PHP7 for substr
[Console] Set QuestionHelper max attempts in tests
[Form] Fix a BC break in the entity
fix broken ChoiceQuestion
bumped Symfony version to 2.7.3
updated VERSION for 2.7.2
updated CHANGELOG for 2.7.2
bumped Symfony version to 2.6.11
...
Conflicts:
.travis.yml
CHANGELOG-2.3.md
CHANGELOG-2.6.md
CHANGELOG-2.7.md
UPGRADE-2.7.md
src/Symfony/Bridge/Twig/composer.json
src/Symfony/Bundle/FrameworkBundle/Tests/Console/Descriptor/AbstractDescriptorTest.php
src/Symfony/Bundle/FrameworkBundle/composer.json
src/Symfony/Bundle/SecurityBundle/composer.json
src/Symfony/Component/Form/composer.json
src/Symfony/Component/HttpKernel/composer.json
This PR was squashed before being merged into the 2.8 branch (closes#15131).
Discussion
----------
[Security] Moved Simple{Form,Pre}AuthenticatorInterfaces to Security\Http
Description
---
The `SimpleFormAuthenticatorInterface` and `SimplePreAuthenticatorInterface` rely on `Request`, which means it's a Http land class. This means they don't belong in core.
Having a form login that doesn't depend on the request is an option as well (e.g. a console application might use the question helper to implement a "form" login). However, then there is a need for a new abstraction of the request. I don't think it's worth it.
Furthermore, the only classes typehinting/relying on this interfaces can be found in `Security\Http`.
Implementation
---
The new interfaces extend the old ones for better backwards compability. Symfony doesn't trigger deprecation errors for interfaces, see 6f57b7b552
PR Info Table
---
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | yes
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
Commits
-------
ebb2064 [Security] Moved Simple{Form,Pre}AuthenticatorInterfaces to Security\Http
* 2.7:
[HttpKernel] Fix lowest dep
[Security] fix check for empty usernames
[Form] updated exception message of ButtonBuilder::setRequestHandler()
[travis] Fix deps=high jobs
Fix typo 'assets.package' => 'assets.packages' in UPGRADE-2.7
[Serializer] Simplify AbstractNormalizer::prepareForDenormalization()
[HttpFoundation] [PSR-7] Allow to use resources as content body and to return resources from string content
[DependencyInjection] Remove unused code in XmlFileLoader
[HttpFoundation] Behaviour change in PHP7 for substr
bumped Symfony version to 2.3.32
updated VERSION for 2.3.31
update CONTRIBUTORS for 2.3.31
updated CHANGELOG for 2.3.31
Conflicts:
src/Symfony/Bridge/Twig/composer.json
src/Symfony/Bundle/FrameworkBundle/composer.json
src/Symfony/Component/HttpKernel/composer.json
* 2.6:
[Security] fix check for empty usernames
[Form] updated exception message of ButtonBuilder::setRequestHandler()
[travis] Fix deps=high jobs
[HttpFoundation] [PSR-7] Allow to use resources as content body and to return resources from string content
[DependencyInjection] Remove unused code in XmlFileLoader
[HttpFoundation] Behaviour change in PHP7 for substr
bumped Symfony version to 2.3.32
updated VERSION for 2.3.31
update CONTRIBUTORS for 2.3.31
updated CHANGELOG for 2.3.31
Conflicts:
src/Symfony/Bridge/Twig/composer.json
src/Symfony/Bundle/FrameworkBundle/composer.json
* 2.3:
[Security] fix check for empty usernames
[Form] updated exception message of ButtonBuilder::setRequestHandler()
[travis] Fix deps=high jobs
[HttpFoundation] [PSR-7] Allow to use resources as content body and to return resources from string content
[DependencyInjection] Remove unused code in XmlFileLoader
[HttpFoundation] Behaviour change in PHP7 for substr
bumped Symfony version to 2.3.32
updated VERSION for 2.3.31
update CONTRIBUTORS for 2.3.31
updated CHANGELOG for 2.3.31
Conflicts:
src/Symfony/Bridge/Twig/composer.json
src/Symfony/Bundle/FrameworkBundle/composer.json
src/Symfony/Component/DependencyInjection/Loader/XmlFileLoader.php
src/Symfony/Component/HttpKernel/Kernel.php
* 2.8:
Added 'default' color
[HttpFoundation] Reload the session after regenerating its id
[HttpFoundation] Add a test case to confirm a bug in session migration
[Serializer] Fix ClassMetadata::sleep()
[2.6] Static Code Analysis for Components and Bundles
[Finder] Command::addAtIndex() fails with Command instance argument
[DependencyInjection] Freeze also FrozenParameterBag::remove
[Twig][Bridge] replaced `extends` with `use` in bootstrap_3_horizontal_layout.html.twig
fix CS
fixed CS
Add a way to reset the singleton
[Security] allow to use `method` in XML configs
[Serializer] Fix Groups tests.
Remove duplicate example
Remove var not used due to returning early (introduced in 8982c32)
[Serializer] Fix Groups PHPDoc
Enhance hhvm test skip message
fix for legacy asset() with EmptyVersionStrategy
[Form] Added upgrade notes for #15061
* 2.7:
Added 'default' color
[HttpFoundation] Reload the session after regenerating its id
[HttpFoundation] Add a test case to confirm a bug in session migration
[Serializer] Fix ClassMetadata::sleep()
[2.6] Static Code Analysis for Components and Bundles
[Finder] Command::addAtIndex() fails with Command instance argument
[DependencyInjection] Freeze also FrozenParameterBag::remove
[Twig][Bridge] replaced `extends` with `use` in bootstrap_3_horizontal_layout.html.twig
fix CS
fixed CS
Add a way to reset the singleton
[Security] allow to use `method` in XML configs
[Serializer] Fix Groups tests.
Remove duplicate example
Remove var not used due to returning early (introduced in 8982c32)
[Serializer] Fix Groups PHPDoc
Enhance hhvm test skip message
fix for legacy asset() with EmptyVersionStrategy
[Form] Added upgrade notes for #15061
* 2.6:
Added 'default' color
[HttpFoundation] Reload the session after regenerating its id
[HttpFoundation] Add a test case to confirm a bug in session migration
[2.6] Static Code Analysis for Components and Bundles
[Finder] Command::addAtIndex() fails with Command instance argument
[DependencyInjection] Freeze also FrozenParameterBag::remove
[Twig][Bridge] replaced `extends` with `use` in bootstrap_3_horizontal_layout.html.twig
fix CS
fixed CS
Add a way to reset the singleton
[Security] allow to use `method` in XML configs
Remove duplicate example
Remove var not used due to returning early (introduced in 8982c32)
Enhance hhvm test skip message
This PR was squashed before being merged into the 2.8 branch (closes#15141).
Discussion
----------
[DX] [Security] Renamed Token#getKey() to getSecret()
There are 2 very vague parameter names in the authentication process: `$providerKey` and `$key`. Some tokens/providers have the first one, some tokens/providers the second one and some both. An overview:
| Token | `providerKey` | `key`
| --- | --- | ---
| `AnonymousToken` | - | yes
| `PreAuth...Token` | yes | -
| `RememberMeToken` | yes | yes
| `UsernamePasswordToken` | yes | -
Both names are extremely general and their PHPdocs contains pure no-shit-sherlock-descriptions :squirrel: (like "The key."). This made me and @iltar think it's just an inconsistency and they have the same meaning.
...until we dived deeper into the code and came to the conclusion that `$key` has a Security task (while `$providerKey` doesn't really). If it takes people connected to Symfony internals 30+ minutes to find this out, it should be considered for an improvement imo.
So here is our suggestion: **Rename `$key` to `$secret`**. This explains much better what the value of the string has to be (for instance, it's important that the string is not easily guessable and cannot be found out, according to the Spring docs). It also explains the usage better (it's used as a replacement for credentials and to hash the RememberMeToken).
**Tl;dr**: `$key` and `$providerKey` are too general names, let's improve DX by renaming them. This PR tackles `$key` by renaming it to `$secret`.
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | yes
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
*My excuse for the completely unrelated branch name*
Commits
-------
24e0eb6 [DX] [Security] Renamed Token#getKey() to getSecret()
* 2.6:
[2.6] Towards 100% HHVM compat
[Security/Http] Fix test
[Stopwatch] Fix test
Minor fixes
Towards 100% HHVM compat
unify default AccessDeniedExeption message
trigger event with right user (add test)
[Security] Initialize SwitchUserEvent::targetUser on attemptExitUser
[Form] Fixed: Data mappers always receive forms indexed by their names
Conflicts:
src/Symfony/Bundle/FrameworkBundle/Controller/Controller.php
src/Symfony/Component/VarDumper/Tests/CliDumperTest.php
src/Symfony/Component/VarDumper/Tests/HtmlDumperTest.php
* 2.3:
Minor fixes
Towards 100% HHVM compat
trigger event with right user (add test)
[Security] Initialize SwitchUserEvent::targetUser on attemptExitUser
[Form] Fixed: Data mappers always receive forms indexed by their names
Conflicts:
src/Symfony/Component/Debug/Tests/ErrorHandlerTest.php
src/Symfony/Component/Filesystem/Filesystem.php
src/Symfony/Component/Process/Tests/AbstractProcessTest.php
The `SwitchUserEvent` is triggered in case an account is switched. This works okay while switching to the user, but on exit the `SwitchUserEvent` is triggered again with the original User. That User was not initialized by the provider yet.
load user by UserInterface instead of username
* 2.3:
Fix quoting style consistency.
[DependencyInjection] Fail when dumping a Definition with no class nor factory
Normalizing recursively - see #9096
No change - the normalizeParams is a copy-and-paste of the earlier logic
fixes issue with logging array of non-utf8 data
fix validation for Maestro UK card numbers
* 2.7:
[FrameworkBundle] Reuse PropertyAccessor service for ObjectNormalizer
[VarDumper] Fix dump output for better readability
[PhpUnitBridge] Enforce @-silencing of deprecation notices according to new policy
* 2.8: (42 commits)
[DoctrineBridge] Bypass the db when no valid identifier is provided in ORMQueryBuilderLoader
[Serializer] Fixed typo in comment
[Form] Fixed: Filter non-integers when selecting entities by int ID
[Form] [EventListener] fixed sending non array data on submit to ResizeListener
Fix merge
Fix merge
Add test for HHVM FatalErrors
[2.6][Debug] Fix fatal-errors handling on HHVM
[Debug] Fix log level of stacked errors
[Form] Deprecated "cascade_validation"
[Form] Add "prototype_data" option to collection type
[VarDumper] Fix uninitialized id in HtmlDumper
[Form] Added the 'range' FormType
Fixed fluent interface
[Console] Fix tests on Windows
[2.7] Fix unsilenced deprecation notices
[2.3][Debug] Fix fatal-errors handling on HHVM
[Debug] fix debug class loader case test on windows
Standardize the name of the exception variables
[Debug+VarDumper] Fix handling of PHP7 exception/error model
...
Conflicts:
CHANGELOG-2.7.md
UPGRADE-2.7.md
UPGRADE-2.8.md
src/Symfony/Bridge/Twig/AppVariable.php
src/Symfony/Component/Console/Helper/DialogHelper.php
src/Symfony/Component/Debug/ErrorHandler.php
src/Symfony/Component/Debug/Tests/ErrorHandlerTest.php
src/Symfony/Component/DependencyInjection/Compiler/ResolveParameterPlaceHoldersPass.php
src/Symfony/Component/Form/AbstractType.php
src/Symfony/Component/Form/AbstractTypeExtension.php
src/Symfony/Component/HttpKernel/Tests/DependencyInjection/ContainerAwareHttpKernelTest.php
src/Symfony/Component/HttpKernel/Tests/Logger.php
src/Symfony/Component/PropertyAccess/Exception/UnexpectedTypeException.php
src/Symfony/Component/Routing/Route.php
* 2.7: (36 commits)
[DoctrineBridge] Bypass the db when no valid identifier is provided in ORMQueryBuilderLoader
[Serializer] Fixed typo in comment
[Form] Fixed: Filter non-integers when selecting entities by int ID
Fix merge
Fix merge
Add test for HHVM FatalErrors
[2.6][Debug] Fix fatal-errors handling on HHVM
[Debug] Fix log level of stacked errors
[VarDumper] Fix uninitialized id in HtmlDumper
Fixed fluent interface
[Console] Fix tests on Windows
[2.7] Fix unsilenced deprecation notices
[2.3][Debug] Fix fatal-errors handling on HHVM
[Debug] fix debug class loader case test on windows
Standardize the name of the exception variables
[Debug+VarDumper] Fix handling of PHP7 exception/error model
Do not trigger deprecation error in ResolveParameterPlaceHoldersPass
[2.3] Static Code Analysis for Components
Added a small Upgrade note regarding security.context
added missing deprecation in CHANGELOG
...
Conflicts:
src/Symfony/Bundle/WebProfilerBundle/Resources/views/Collector/logger.html.twig
src/Symfony/Component/HttpKernel/Kernel.php
* 2.6:
Add test for HHVM FatalErrors
[2.6][Debug] Fix fatal-errors handling on HHVM
[2.3][Debug] Fix fatal-errors handling on HHVM
Standardize the name of the exception variables
[2.3] Static Code Analysis for Components
Remove duplicated paths
Conflicts:
src/Symfony/Component/Debug/ErrorHandler.php
src/Symfony/Component/Security/Http/Firewall/BasicAuthenticationListener.php
src/Symfony/Component/Security/Http/Firewall/ContextListener.php
src/Symfony/Component/Security/Http/Firewall/RememberMeListener.php
src/Symfony/Component/Security/Http/RememberMe/AbstractRememberMeServices.php
* 2.3:
[2.3][Debug] Fix fatal-errors handling on HHVM
Standardize the name of the exception variables
[2.3] Static Code Analysis for Components
Remove duplicated paths
Conflicts:
src/Symfony/Component/Debug/ErrorHandler.php
src/Symfony/Component/HttpFoundation/Session/Storage/MockArraySessionStorage.php
src/Symfony/Component/Security/Acl/Dbal/AclProvider.php
src/Symfony/Component/Security/Core/Authentication/Provider/UserAuthenticationProvider.php
* 2.6:
[Debug] Fix log level of stacked errors
[VarDumper] Fix uninitialized id in HtmlDumper
Fixed fluent interface
[Debug] fix debug class loader case test on windows
[Debug+VarDumper] Fix handling of PHP7 exception/error model
[2.6][Security][Translation] #14920 update translations
[VarDumper] Cherry-pick code style fixes from 2.7
Bug #14836 [HttpFoundation] Moves default JSON encoding assignment from constructor to property
Conflicts:
src/Symfony/Component/Debug/Tests/DebugClassLoaderTest.php
src/Symfony/Component/VarDumper/Caster/DOMCaster.php
src/Symfony/Component/VarDumper/Caster/ExceptionCaster.php
src/Symfony/Component/VarDumper/Caster/PdoCaster.php
src/Symfony/Component/VarDumper/Caster/SplCaster.php
This PR was merged into the 2.7 branch.
Discussion
----------
added missing deprecation in CHANGELOG
Commits
-------
ddddeb5 added missing deprecation in CHANGELOG
* 2.7:
Fix test name
fixed CS
Allow new lines in Messages translated with transchoice() (replacement for #14867)
[Form] Swap new ChoiceView constructor arguments to ease migrating from the deprecated one
[2.3] Fix tests on Windows
[Yaml] remove partial deprecation annotation
Silence invasive deprecation warnings, opt-in for warnings
Documenting how to keep option value BC - see #14377
Conflicts:
src/Symfony/Bridge/Doctrine/composer.json
src/Symfony/Bridge/Twig/composer.json
* 2.7:
[Console] SymfonyStyle : Fix blocks wordwrapping
[Console] SymfonyStyle : Fix blocks output is broken on windows cmd
[Validator] remove partial deprecation annotation
Updated UPGRADE-2.4.md
[Form] Support DateTimeImmutable in transform()
Show the FormType and FormTypeExtension in case of deprecated use of setDefaultOptions
[FrameworkBundle] Document form.csrf_provider service deprecation
[Form] add test to avoid regression of #14891
without this change allways the legacy code get called
[Form] Fix call to removed method (BC broken in 2.3)
Fix ask and askHidden methods
[HttpFoundation] Get response content as resource several times for PHP >= 5.6
Change error message to reflect SecurityContext deprecation.
fixed merge
Issue #14815
[Console] SymfonyStyle : fix & automate block gaps.
[Console] SymfonyStyle : Improve EOL consistency by relying on output instance
Improved duplicated code in FileLocator
* 2.7:
[Security] Update tests after a merge
[Console] Remove an unused argument and fix a small cs issue
[Translator] avoid serialize unserializable resources.
* 2.8: (100 commits)
[DependencyInjection] provide better error message when using deprecated configuration options
[console][TableCell] get cell width without decoration.
Improve the config validation in TwigBundle
[VarDumper] Changed tooltip to expand-all keybinding in OS X
[Bridge\PhpUnit] Fix composer installed phpunit detection
[VarDumper] Fix generic casters calling order
[2.7][SecurityBundle] Remove SecurityContext from Compile
[WebProfilerBundle][logger] added missing deprecation message.
Fix profiler CSS
[Security][Acl] enforce string identifiers
[FrameworkBundle] make `templating.helper.router` service available again for BC reasons
[BrowserKit] Fix bug when uri starts with http.
bumped Symfony version to 2.7.1
updated VERSION for 2.7.0
updated CHANGELOG for 2.7.0
bumped Symfony version to 2.6.10
updated VERSION for 2.6.9
updated CHANGELOG for 2.6.9
fixed tests
bumped Symfony version to 2.3.31
...
Conflicts:
CHANGELOG-2.3.md
CHANGELOG-2.6.md
CHANGELOG-2.7.md
UPGRADE-2.7.md
UPGRADE-3.0.md
src/Symfony/Bridge/Doctrine/Form/Type/DoctrineType.php
src/Symfony/Bridge/Twig/Extension/AssetExtension.php
src/Symfony/Bridge/Twig/Tests/Extension/AssetExtensionTest.php
src/Symfony/Bridge/Twig/composer.json
src/Symfony/Bundle/FrameworkBundle/Command/TranslationDebugCommand.php
src/Symfony/Bundle/FrameworkBundle/Resources/config/templating.xml
src/Symfony/Bundle/FrameworkBundle/Resources/config/templating_php.xml
src/Symfony/Bundle/FrameworkBundle/Templating/Helper/CodeHelper.php
src/Symfony/Bundle/FrameworkBundle/composer.json
src/Symfony/Bundle/SecurityBundle/composer.json
src/Symfony/Component/Debug/ExceptionHandler.php
src/Symfony/Component/DependencyInjection/Container.php
src/Symfony/Component/DependencyInjection/Definition.php
src/Symfony/Component/DependencyInjection/Loader/XmlFileLoader.php
src/Symfony/Component/DependencyInjection/Loader/YamlFileLoader.php
src/Symfony/Component/DependencyInjection/Tests/Fixtures/xml/legacy-services6.xml
src/Symfony/Component/DependencyInjection/Tests/Fixtures/xml/services6.xml
src/Symfony/Component/DependencyInjection/Tests/Fixtures/yaml/legacy-services6.yml
src/Symfony/Component/DependencyInjection/Tests/Fixtures/yaml/services6.yml
src/Symfony/Component/DependencyInjection/Tests/Loader/XmlFileLoaderTest.php
src/Symfony/Component/DependencyInjection/Tests/Loader/YamlFileLoaderTest.php
src/Symfony/Component/Form/CHANGELOG.md
src/Symfony/Component/HttpKernel/DependencyInjection/ContainerAwareHttpKernel.php
src/Symfony/Component/HttpKernel/Tests/DependencyInjection/ContainerAwareHttpKernelTest.php
src/Symfony/Component/Routing/Loader/XmlFileLoader.php
src/Symfony/Component/Routing/Loader/YamlFileLoader.php
* 2.7: (95 commits)
[DependencyInjection] provide better error message when using deprecated configuration options
[console][TableCell] get cell width without decoration.
Improve the config validation in TwigBundle
[VarDumper] Changed tooltip to expand-all keybinding in OS X
[Bridge\PhpUnit] Fix composer installed phpunit detection
[VarDumper] Fix generic casters calling order
[2.7][SecurityBundle] Remove SecurityContext from Compile
[WebProfilerBundle][logger] added missing deprecation message.
Fix profiler CSS
[Security][Acl] enforce string identifiers
[FrameworkBundle] make `templating.helper.router` service available again for BC reasons
[BrowserKit] Fix bug when uri starts with http.
bumped Symfony version to 2.7.1
updated VERSION for 2.7.0
updated CHANGELOG for 2.7.0
bumped Symfony version to 2.6.10
updated VERSION for 2.6.9
updated CHANGELOG for 2.6.9
fixed tests
bumped Symfony version to 2.3.31
...
Conflicts:
src/Symfony/Bundle/FrameworkBundle/Command/TranslationDebugCommand.php
src/Symfony/Bundle/WebProfilerBundle/Resources/views/Collector/logger.html.twig
src/Symfony/Component/HttpKernel/Kernel.php
src/Symfony/Component/Translation/Loader/JsonFileLoader.php
* 2.6:
Improve the config validation in TwigBundle
[WebProfilerBundle][logger] added missing deprecation message.
[Security][Acl] enforce string identifiers
[BrowserKit] Fix bug when uri starts with http.
bumped Symfony version to 2.3.31
updated VERSION for 2.3.30
updated CHANGELOG for 2.3.30
Php Inspections (EA Extended): - resolved possible PHP Fatal in \Symfony\Component\BrowserKit\Cookie::__toString -resolved implicit magic methods calls -resolved callable name case mismatches
* 2.3:
Improve the config validation in TwigBundle
[Security][Acl] enforce string identifiers
[BrowserKit] Fix bug when uri starts with http.
bumped Symfony version to 2.3.31
updated VERSION for 2.3.30
updated CHANGELOG for 2.3.30
Php Inspections (EA Extended): - resolved possible PHP Fatal in \Symfony\Component\BrowserKit\Cookie::__toString -resolved implicit magic methods calls -resolved callable name case mismatches
Conflicts:
src/Symfony/Component/Debug/Tests/ErrorHandlerTest.php
src/Symfony/Component/DependencyInjection/Tests/Dumper/PhpDumperTest.php
src/Symfony/Component/HttpKernel/Kernel.php
This PR was merged into the 2.3 branch.
Discussion
----------
[2.3] Static Code Analysis for Components
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
Static Code Analysis with Php Inspections (EA Extended), no functional changes:
- resolved possible PHP Fatal in \Symfony\Component\BrowserKit\Cookie::__toString
- resolved callable name case mismatches
Commits
-------
9eb2b14 Php Inspections (EA Extended): - resolved possible PHP Fatal in \Symfony\Component\BrowserKit\Cookie::__toString -resolved implicit magic methods calls -resolved callable name case mismatches
- resolved possible PHP Fatal in \Symfony\Component\BrowserKit\Cookie::__toString
-resolved implicit magic methods calls
-resolved callable name case mismatches
* 2.6: (30 commits)
[Translation] fixed JSON loader on PHP 7 when file is empty
Fix typo
Check instance of FormBuilderInterface instead of FormBuilder
[Security] TokenBasedRememberMeServices test to show why encoding username is required
[Security] AbstractRememberMeServices::encodeCookie() validates cookie parts
fixed typo
[console][formater] allow format toString object.
[HttpFoundation] Fix baseUrl when script filename is contained in pathInfo
Avoid redirection to XHR URIs
[HttpFoundation] IpUtils::checkIp4() should allow networks
[2.6] Fix HTML escaping of to-source links
Fix HTML escaping of to-source links
ExceptionHandler: More Encoding
Fix the rendering of deprecation log messages
[FrameworkBundle] Removed unnecessary parameter in TemplateController
[DomCrawler] Throw an exception if a form field path is incomplete.
Fixed the indentation in the compiled template for the DumpNode
[Console] Delete duplicate test in CommandTest
[TwigBundle] Refresh twig paths when resources change.
WebProfiler break words
...
Conflicts:
src/Symfony/Bridge/Twig/composer.json
src/Symfony/Bundle/WebProfilerBundle/Resources/views/Collector/logger.html.twig
src/Symfony/Component/Debug/ExceptionHandler.php
* 2.3:
Fix typo
Check instance of FormBuilderInterface instead of FormBuilder
[Security] TokenBasedRememberMeServices test to show why encoding username is required
[Security] AbstractRememberMeServices::encodeCookie() validates cookie parts
[console][formater] allow format toString object.
[HttpFoundation] Fix baseUrl when script filename is contained in pathInfo
Avoid redirection to XHR URIs
[HttpFoundation] IpUtils::checkIp4() should allow networks
Fix HTML escaping of to-source links
[FrameworkBundle] Removed unnecessary parameter in TemplateController
[DomCrawler] Throw an exception if a form field path is incomplete.
[Console] Delete duplicate test in CommandTest
[TwigBundle] Refresh twig paths when resources change.
WebProfiler break words
fixed typo
Update README.md
[HttpKernel] Handle an array vary header in the http cache store
[Security][Translation] fixes#14584
[Framework] added test for Router commands.
Handled bearer authorization header in REDIRECT_ form
Conflicts:
src/Symfony/Component/Debug/ExceptionHandler.php
This PR was squashed before being merged into the 2.3 branch (closes#14670).
Discussion
----------
[Security] TokenBasedRememberMeServices test to show why encoding username is required
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #14577
| License | MIT
| Doc PR | no
241538d shows that it's not actually tested, 257b796 reimplements it with test.
I can remove the POC commit if it's not needed.
Commits
-------
63a9736 [Security] TokenBasedRememberMeServices test to show why encoding username is required
This PR was squashed before being merged into the 2.3 branch (closes#14678).
Discussion
----------
[Security] AbstractRememberMeServices::encodeCookie() validates cookie parts
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #14577
| License | MIT
| Doc PR | no
`AbstractRememberMeServices::encodeCookie()` guards against `COOKIE_DELIMITER` in `$cookieParts`.
* it would make `AbstractRememberMeServices::cookieDecode()` broken
* all current extending classes do it anyway (see #14670 )
* added tests – it's not a public method, but it is expected to be used by user implementations – as such, it's good to know that it works properly
Commits
-------
464c39a [Security] AbstractRememberMeServices::encodeCookie() validates cookie parts
This PR was merged into the 2.3 branch.
Discussion
----------
[Security][Translation] fixes#14584
| Q | A
| ------------- | ---
| Fixed tickets | #14584
| License | MIT
Some french translations are wrong in the security component.
As #14587 has been closed here's my fix.
Commits
-------
34c780f [Security][Translation] fixes#14584
* 2.8:
fixed CS
fixed CS
fixed CS
Fix WebProfilerBundle compatiblity with HttpKernel < 2.7
[Validator] Deprecated PHP7-incompatible constraints and related validators
[DebugBundle] Allow alternative destination for dumps
[DebugBundle] Use output mechanism of dumpers instead of echoing
[DebugBundle] Always collect dumps
[FrameworkBundle] Applied new styles to the config:debug & config:dump-reference commands
Fix tests in HHVM
CS: Pre incrementation/decrementation should be used if possible
Conflicts:
UPGRADE-2.7.md
src/Symfony/Bundle/FrameworkBundle/Command/ConfigDebugCommand.php
src/Symfony/Bundle/FrameworkBundle/Tests/Templating/Helper/AssetsHelperTest.php
src/Symfony/Bundle/FrameworkBundle/composer.json
src/Symfony/Component/Console/Helper/DialogHelper.php
src/Symfony/Component/HttpFoundation/Tests/Session/Flash/FlashBagTest.php
src/Symfony/Component/Routing/Matcher/Dumper/ApacheMatcherDumper.php
src/Symfony/Component/Security/Core/Encoder/Pbkdf2PasswordEncoder.php
* 2.7:
fixed CS
fixed CS
fixed CS
Fix WebProfilerBundle compatiblity with HttpKernel < 2.7
[Validator] Deprecated PHP7-incompatible constraints and related validators
[DebugBundle] Allow alternative destination for dumps
[DebugBundle] Use output mechanism of dumpers instead of echoing
[DebugBundle] Always collect dumps
[FrameworkBundle] Applied new styles to the config:debug & config:dump-reference commands
Fix tests in HHVM
CS: Pre incrementation/decrementation should be used if possible
Conflicts:
src/Symfony/Bundle/FrameworkBundle/composer.json
This PR was merged into the 2.7 branch.
Discussion
----------
[Security] Removed unnecessary statement
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | ~
| License | MIT
| Doc PR | ~
Removed unnecessary statement from `PersistentTokenBasedRememberMeServices.php`.
`$series` comes from `$cookieParts` and `$this->tokenProvider->loadTokenBySeries($series);` is supposed to find the token with that value. Doing `$persistentToken->getSeries();` should give us exactly the same value, so it is an unnecessary statement.
Why?
* We don't need it? We won't miss it when it's gone.
* It confuses a code reader who starts guessing why would that be needed (at least I did and lost time because of that).
Unless…
It actually is needed, as we want `TokenProviderInterface` implementations to have a possibility to give a `PersistentTokenInterface` with a different series value than asked… I can make a PR to the testing class so that such requirement is checked upon.
I don't believe that this is BC, as this behaviour isn't documented anywhere and no existing (known to me) implementations return different series than the asked ones (and current tests pass successfully).
Commits
-------
c7a91f1 Removed unnecessary statement from PersistentTokenBasedRememberMeServices.php
* 2.7:
fixed CS
fixed CS
fixed CS
Fix WebProfilerBundle compatiblity with HttpKernel < 2.7
[Validator] Deprecated PHP7-incompatible constraints and related validators
[DebugBundle] Allow alternative destination for dumps
[DebugBundle] Use output mechanism of dumpers instead of echoing
[DebugBundle] Always collect dumps
[FrameworkBundle] Applied new styles to the config:debug & config:dump-reference commands
Fix tests in HHVM
CS: Pre incrementation/decrementation should be used if possible
Conflicts:
src/Symfony/Bundle/FrameworkBundle/composer.json
* 2.6:
[DebugBundle] Allow alternative destination for dumps
[DebugBundle] Use output mechanism of dumpers instead of echoing
[DebugBundle] Always collect dumps
Fix tests in HHVM
CS: Pre incrementation/decrementation should be used if possible
Conflicts:
src/Symfony/Component/Finder/Expression/Glob.php
* 2.3:
Fix tests in HHVM
CS: Pre incrementation/decrementation should be used if possible
Conflicts:
src/Symfony/Bundle/TwigBundle/Command/LintCommand.php
src/Symfony/Component/Console/Helper/TableHelper.php
src/Symfony/Component/EventDispatcher/Tests/EventDispatcherTest.php
src/Symfony/Component/HttpKernel/DataCollector/LoggerDataCollector.php
src/Symfony/Component/HttpKernel/HttpCache/EsiResponseCacheStrategy.php
src/Symfony/Component/Security/Acl/Dbal/AclProvider.php
src/Symfony/Component/Security/Http/RememberMe/TokenBasedRememberMeServices.php
This PR was merged into the 2.3 branch.
Discussion
----------
CS: Pre incrementation/decrementation should be used if possible
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
Fixes provided by new fixer: https://github.com/FriendsOfPHP/PHP-CS-Fixer/pull/1113
If this pr is merged I would change the level of the fixer to `symfony`.
Commits
-------
c5123d6 CS: Pre incrementation/decrementation should be used if possible
* 2.8: (77 commits)
[travis] Use container-based infrastructure
[HttpKernel] use ConfigCache::getPath() method when it exists
[PropertyAccess] Fix setting public property on a class having a magic getter
[Routing] Display file which contain deprecated option
ContainerInterface: unused exception dropped
bumped Symfony version to 2.6.8
updated VERSION for 2.6.7
updated CHANGELOG for 2.6.7
bumped Symfony version to 2.3.29
updated VERSION for 2.3.28
update CONTRIBUTORS for 2.3.28
updated CHANGELOG for 2.3.28
[Debug] Fixed ClassNotFoundFatalErrorHandlerTest
[SecurityBundle] use access decision constants in config
[SecurityBundle] use session auth constants in config
PhpDoc fix in AbstractRememberMeServices
[FrameworkBundle][DX] Add option to specify additional translation loading paths
[Filesystem] Simplified an if statement
fixed CS
[SecurityBundle] Use Enum Nodes Instead Of Scalar
...
Conflicts:
CHANGELOG-2.3.md
CHANGELOG-2.6.md
src/Symfony/Bridge/Swiftmailer/composer.json
src/Symfony/Bundle/DebugBundle/composer.json
src/Symfony/Bundle/FrameworkBundle/Console/Descriptor/TextDescriptor.php
src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/Fixtures/xml/full.xml
src/Symfony/Bundle/FrameworkBundle/Tests/Fixtures/Descriptor/event_dispatcher_1_event1.txt
src/Symfony/Bundle/FrameworkBundle/Tests/Fixtures/Descriptor/event_dispatcher_1_events.txt
src/Symfony/Component/Debug/DebugClassLoader.php
src/Symfony/Component/Debug/Tests/ErrorHandlerTest.php
src/Symfony/Component/Form/README.md
src/Symfony/Component/Intl/README.md
src/Symfony/Component/Locale/composer.json
src/Symfony/Component/Routing/Loader/XmlFileLoader.php
src/Symfony/Component/Routing/Loader/YamlFileLoader.php
src/Symfony/Component/Security/README.md
src/Symfony/Component/Serializer/Tests/Normalizer/GetSetMethodNormalizerTest.php
src/Symfony/Component/Serializer/Tests/Normalizer/ObjectNormalizerTest.php
src/Symfony/Component/Serializer/Tests/Normalizer/PropertyNormalizerTest.php
src/Symfony/Component/Translation/README.md
src/Symfony/Component/Validator/README.md
src/Symfony/Component/Yaml/Yaml.php
* 2.7: (70 commits)
[travis] Use container-based infrastructure
[HttpKernel] use ConfigCache::getPath() method when it exists
[PropertyAccess] Fix setting public property on a class having a magic getter
[Routing] Display file which contain deprecated option
ContainerInterface: unused exception dropped
bumped Symfony version to 2.6.8
updated VERSION for 2.6.7
updated CHANGELOG for 2.6.7
bumped Symfony version to 2.3.29
updated VERSION for 2.3.28
update CONTRIBUTORS for 2.3.28
updated CHANGELOG for 2.3.28
[Debug] Fixed ClassNotFoundFatalErrorHandlerTest
[SecurityBundle] use access decision constants in config
[SecurityBundle] use session auth constants in config
PhpDoc fix in AbstractRememberMeServices
[Filesystem] Simplified an if statement
[SecurityBundle] Use Enum Nodes Instead Of Scalar
[Debug 2.3] Fix test for PHP7
[HttpKernel] Check if "symfony/proxy-manager-bridge" package is installed
...
Conflicts:
src/Symfony/Bundle/DebugBundle/composer.json
src/Symfony/Bundle/FrameworkBundle/Command/ServerRunCommand.php
src/Symfony/Bundle/FrameworkBundle/Command/TranslationDebugCommand.php
src/Symfony/Component/Form/README.md
src/Symfony/Component/Intl/README.md
src/Symfony/Component/Security/README.md
src/Symfony/Component/Translation/Loader/CsvFileLoader.php
src/Symfony/Component/Translation/Loader/IniFileLoader.php
src/Symfony/Component/Translation/Loader/MoFileLoader.php
src/Symfony/Component/Translation/Loader/PhpFileLoader.php
src/Symfony/Component/Translation/Loader/PoFileLoader.php
src/Symfony/Component/Translation/Loader/YamlFileLoader.php
src/Symfony/Component/Translation/README.md
src/Symfony/Component/Translation/Translator.php
src/Symfony/Component/Validator/README.md
* 2.6: (21 commits)
bumped Symfony version to 2.6.8
updated VERSION for 2.6.7
updated CHANGELOG for 2.6.7
bumped Symfony version to 2.3.29
updated VERSION for 2.3.28
update CONTRIBUTORS for 2.3.28
updated CHANGELOG for 2.3.28
[Debug] Fixed ClassNotFoundFatalErrorHandlerTest
[SecurityBundle] use access decision constants in config
[SecurityBundle] use session auth constants in config
PhpDoc fix in AbstractRememberMeServices
[Filesystem] Simplified an if statement
[SecurityBundle] Use Enum Nodes Instead Of Scalar
[Debug 2.3] Fix test for PHP7
[HttpKernel] Check if "symfony/proxy-manager-bridge" package is installed
[Translation] simplify getMessages.
[Framework][Translation] added test for debug command.
Run tests on hhvm instead of hhvm-nightly
Use HTTPS in README and some other fixes
add more entropy to generated classnames
...
Conflicts:
.travis.yml
src/Symfony/Component/HttpKernel/Kernel.php
* 2.3:
bumped Symfony version to 2.3.29
updated VERSION for 2.3.28
update CONTRIBUTORS for 2.3.28
updated CHANGELOG for 2.3.28
PhpDoc fix in AbstractRememberMeServices
Conflicts:
src/Symfony/Component/HttpKernel/Kernel.php
* 2.6: (25 commits)
[2.6] link to https://symfony.com where possible
Do not override PHP constants, only use when available
link to https://symfony.com where possible
[FrameworkBundle] Added missing log in server:run command
[Finder] Only use GLOB_BRACE when available
[HttpFoundation] Allow curly braces in trusted host patterns
Fix merge
Fix typo in variable name
[profiler][security] check authenticated user by tokenClass instead of username.
[WebProfiler] fix html syntax for input types
[TwigBundle] Fix deprecated use of FlattenException
[DependencyInjection] Removed extra strtolower calls
Use https://symfony.com/search for searching
[Debug] PHP7 compatibility with BaseException
[Validator] Fixed Choice when an empty array is used in the "choices" option
Fixed tests
[StringUtil] Fixed singularification of 'selfies'
Fix Portuguese (Portugal) translation for Security
improved exception when missing required component
[DependencyInjection] resolve circular reference
...
Conflicts:
src/Symfony/Bundle/WebProfilerBundle/Resources/views/Collector/config.html.twig
src/Symfony/Component/Form/README.md
src/Symfony/Component/Intl/README.md
src/Symfony/Component/Security/README.md
src/Symfony/Component/Translation/README.md
src/Symfony/Component/Validator/README.md
* 2.3:
link to https://symfony.com where possible
[FrameworkBundle] Added missing log in server:run command
[HttpFoundation] Allow curly braces in trusted host patterns
[profiler][security] check authenticated user by tokenClass instead of username.
Use https://symfony.com/search for searching
Conflicts:
src/Symfony/Bundle/FrameworkBundle/Test/WebTestCase.php
src/Symfony/Component/Form/README.md
src/Symfony/Component/Intl/README.md
src/Symfony/Component/Routing/composer.json
src/Symfony/Component/Security/README.md
src/Symfony/Component/Translation/README.md
src/Symfony/Component/Validator/README.md
* 2.3:
[DependencyInjection] Removed extra strtolower calls
[Validator] Fixed Choice when an empty array is used in the "choices" option
Fixed tests
[StringUtil] Fixed singularification of 'selfies'
Fix Portuguese (Portugal) translation for Security
improved exception when missing required component
CS: unalign =
Show a better error when the port is in use
CS: unalign =>
[FrameworkBundle] Check for 'xlf' instead of 'xliff'
Add better phpdoc message for getListeners method of the EventDispatcher
Conflicts:
src/Symfony/Bundle/FrameworkBundle/Command/ServerRunCommand.php
src/Symfony/Bundle/TwigBundle/Command/LintCommand.php
src/Symfony/Component/DependencyInjection/ContainerBuilder.php
src/Symfony/Component/DependencyInjection/Tests/Fixtures/php/services11.php
src/Symfony/Component/Validator/Constraints/ChoiceValidator.php
* 2.8: (61 commits)
[Debug] Fix ClassNotFoundFatalErrorHandler candidates lookups
[2.6][Translator] Extend, refactor and simplify Translator tests.
[VarDumper] Allow preserving a subset of cut arrays
[Console] Bind the closure (code) to the Command if possible
[VarDumper] Added support for SplFileObject
[VarDumper] Added support for SplFileInfo
Update DebugClassLoader.php
inject asset packages in assets helper service
[travis] Do not exclude legacy tests on 2.7
[HttpFoundation] remove getExtension method
[2.6][Translation] fix legacy tests.
[Form] Removed remaining deprecation notices in the test suite
[Form] Moved deprecation notice triggers to file level
[Debug] Map PHP errors to LogLevel::CRITICAL
[FrameworkBundle][Server Command] add address port number option.
[Routing][DependencyInjection] Support .yaml extension in YAML loaders
[DX] improve file loader error for router/other resources in bundle
[FrameworkBundle] Initialize translator with the default locale.
[FrameworkBundle] Fix Routing\DelegatingLoader resiliency to fatal errors
[2.7][Translation] remove duplicate code for loading catalogue.
...
Conflicts:
composer.json
src/Symfony/Bridge/Swiftmailer/composer.json
src/Symfony/Component/Console/Helper/DialogHelper.php
src/Symfony/Component/Debug/ErrorHandler.php
src/Symfony/Component/Debug/Tests/FatalErrorHandler/ClassNotFoundFatalErrorHandlerTest.php
src/Symfony/Component/Form/Extension/HttpFoundation/EventListener/BindRequestListener.php
src/Symfony/Component/Locale/composer.json
* 2.7: (40 commits)
[Debug] Fix ClassNotFoundFatalErrorHandler candidates lookups
[2.6][Translator] Extend, refactor and simplify Translator tests.
Update DebugClassLoader.php
inject asset packages in assets helper service
[travis] Do not exclude legacy tests on 2.7
[HttpFoundation] remove getExtension method
[2.6][Translation] fix legacy tests.
[Form] Removed remaining deprecation notices in the test suite
[Form] Moved deprecation notice triggers to file level
[Debug] Map PHP errors to LogLevel::CRITICAL
[Routing][DependencyInjection] Support .yaml extension in YAML loaders
[DX] improve file loader error for router/other resources in bundle
[FrameworkBundle] Initialize translator with the default locale.
[FrameworkBundle] Fix Routing\DelegatingLoader resiliency to fatal errors
[2.7][Translation] remove duplicate code for loading catalogue.
[2.6][Translation] remove duplicate code for loading catalogue.
[HttpKernel] Cleanup ExceptionListener
CS fixes
[DependencyInjection] Show better error when the Yaml component is not installed
[2.3] SCA for Components - reference mismatches
...
* 2.8:
[Translation] avoid freshness check based on content *inside* the cache.
[Translator] Cache does not take fallback locales into consideration
[Translator] Cache does not take fallback locales into consideration
[VarDumper] Fix call site detection
[Form] Cleanup deprecation notices
[Console] Made output docopt compatible
[Process] Fix volatile test
Remove some useless @group annotations
Removed useless strtolower call
[Validator] Use strict comparisons in loaders
CS: Use "self" keyword instead of class name if possible
Conflicts:
.travis.yml
src/Symfony/Component/Console/Tests/Input/InputDefinitionTest.php
src/Symfony/Component/Form/FormTypeExtensionInterface.php
src/Symfony/Component/Form/FormTypeInterface.php
* 2.6:
[Translator] Cache does not take fallback locales into consideration
[VarDumper] Fix call site detection
[Process] Fix volatile test
Remove some useless @group annotations
Removed useless strtolower call
[Validator] Use strict comparisons in loaders
CS: Use "self" keyword instead of class name if possible
Conflicts:
.travis.yml
src/Symfony/Component/Translation/Translator.php
* 2.3:
Remove some useless @group annotations
Removed useless strtolower call
[Validator] Use strict comparisons in loaders
CS: Use "self" keyword instead of class name if possible
* 2.7:
[RFC][Console] Added console style guide helpers (v2)
[Validator] Add missing pt_BR translations
[Translation][Profiler] Added a Translation profiler.
Add parsing of hexadecimal strings for PHP 7
[VarDumper] Add filters to casters
Trim final stop from deprecation message
[Configuration] improve description for ignoreExtraKeys on ArrayNodeDefinition
[Validator] Added missing Hungarian translation
[Validator] Fixed grammar in Hungarian translation
CS: Unary operators should be placed adjacent to their operands
CS: Binary operators should be arounded by at least one space
remove useless tests that fail in php 7
[Translator] fix test for php 7 compatibility
[VarDumper] Add VarDumperTestCase and related trait
Update phpdoc of ProcessBuilder#setPrefix()
Conflicts:
src/Symfony/Bridge/ProxyManager/Tests/LazyProxy/Fixtures/php/lazy_service.php
src/Symfony/Component/Routing/Matcher/ApacheUrlMatcher.php
src/Symfony/Component/Routing/Matcher/Dumper/ApacheMatcherDumper.php
src/Symfony/Component/VarDumper/Cloner/AbstractCloner.php
* 2.6:
[Validator] Add missing pt_BR translations
Add parsing of hexadecimal strings for PHP 7
[Configuration] improve description for ignoreExtraKeys on ArrayNodeDefinition
[Validator] Added missing Hungarian translation
[Validator] Fixed grammar in Hungarian translation
CS: Unary operators should be placed adjacent to their operands
CS: Binary operators should be arounded by at least one space
remove useless tests that fail in php 7
[Translator] fix test for php 7 compatibility
Update phpdoc of ProcessBuilder#setPrefix()
Conflicts:
src/Symfony/Bridge/Propel1/Logger/PropelLogger.php
src/Symfony/Component/Validator/Resources/translations/validators.hu.xlf
* 2.3:
[Validator] Add missing pt_BR translations
Add parsing of hexadecimal strings for PHP 7
[Configuration] improve description for ignoreExtraKeys on ArrayNodeDefinition
[Validator] Added missing Hungarian translation
[Validator] Fixed grammar in Hungarian translation
CS: Unary operators should be placed adjacent to their operands
CS: Binary operators should be arounded by at least one space
remove useless tests that fail in php 7
[Translator] fix test for php 7 compatibility
Update phpdoc of ProcessBuilder#setPrefix()
Conflicts:
src/Symfony/Component/HttpFoundation/Session/Attribute/NamespacedAttributeBag.php
src/Symfony/Component/PropertyAccess/PropertyAccessor.php
src/Symfony/Component/Validator/Resources/translations/validators.pt_BR.xlf
src/Symfony/Component/Yaml/Parser.php
This PR was merged into the 2.3 branch.
Discussion
----------
CS: Unary operators should be placed adjacent to their operands
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | ?
| Fixed tickets | N/A
| License | MIT
| Doc PR | N/A
Update before upcoming changes on PHP CS Fixer 1.7
To keep fabbot.io happy ;)
Commits
-------
2367f4a CS: Unary operators should be placed adjacent to their operands
This PR was merged into the 2.3 branch.
Discussion
----------
CS: Binary operators should be arounded by at least one space
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | ?
| Fixed tickets | N/A
| License | MIT
| Doc PR | N/A
Update before upcoming changes on PHP CS Fixer 1.7
To keep fabbot.io happy ;)
Commits
-------
ec2cec6 CS: Binary operators should be arounded by at least one space
* 2.7: (29 commits)
[Validator] Added missing Hungarian translation
remove usage of deprecated class
Fix merge
Fix merge
CS: fixes
[Translation][Extractor] Allow extracting an array of files besides extracting a directory
[VarDumper] Fix dumping ThrowingCasterException
[Console][Table] Add support for colspan/rowspan + multiple header lines
Translator component has default domain for null implemented no need to have default translation domain logic in 3 different places
Displays friendly message if the event does not have any registered listeners
[VarDumper] Ctrl+click toggles-all and fix IE8 support
Implemented check on interface implementation
[Form] [TwigBridge] Bootstrap layout whitespace control
|Validator] Add PHPUnit hint in AbstractConstraintValidatorTest
[VarDumper] implement expand all on ALT+click
[WebProfilerBundle] Fixed collapsed profiler menu icons
[travis] Kill tests when a new commit has been pushed
fixed CS
Change behavior to mirror hash_equals() returning early if there is a length mismatch
CS fixing
...
Conflicts:
src/Symfony/Bridge/Twig/composer.json
src/Symfony/Bundle/FrameworkBundle/composer.json
src/Symfony/Bundle/SecurityBundle/Resources/config/security.xml
src/Symfony/Bundle/SecurityBundle/Resources/config/security_acl.xml
src/Symfony/Bundle/SecurityBundle/Resources/config/security_acl_dbal.xml
src/Symfony/Bundle/SecurityBundle/Resources/config/security_listeners.xml
src/Symfony/Bundle/SecurityBundle/Resources/config/security_rememberme.xml
src/Symfony/Bundle/TwigBundle/Extension/AssetsExtension.php
* 2.6:
CS: fixes
Translator component has default domain for null implemented no need to have default translation domain logic in 3 different places
[Form] [TwigBridge] Bootstrap layout whitespace control
[travis] Kill tests when a new commit has been pushed
fixed CS
Change behavior to mirror hash_equals() returning early if there is a length mismatch
CS fixing
Prevent modifying secrets as much as possible
Update StringUtils.php
Whitespace
Update StringUtils.php
StringUtils::equals() arguments in RememberMe Cookie based implementation are confused
CS: general fixes
[SecurityBundle] removed a duplicated service definition and simplified others.
Conflicts:
src/Symfony/Bundle/SecurityBundle/Resources/config/security_listeners.xml
* 2.3:
CS: fixes
Translator component has default domain for null implemented no need to have default translation domain logic in 3 different places
[travis] Kill tests when a new commit has been pushed
fixed CS
Change behavior to mirror hash_equals() returning early if there is a length mismatch
CS fixing
Prevent modifying secrets as much as possible
Update StringUtils.php
Whitespace
Update StringUtils.php
CS: general fixes
[SecurityBundle] removed a duplicated service definition and simplified others.
Conflicts:
src/Symfony/Bundle/FrameworkBundle/Resources/views/Form/choice_widget_collapsed.html.php
src/Symfony/Bundle/SecurityBundle/Resources/config/security_rememberme.xml
src/Symfony/Component/Console/Tests/Helper/LegacyTableHelperTest.php
src/Symfony/Component/DependencyInjection/Tests/Fixtures/php/services11.php
This PR was squashed before being merged into the 2.7 branch (closes#13482).
Discussion
----------
Implemented check on interface implementation
| Q | A
| ------------- | ---
| Bug fix? | Yes
| New feature? | No
| BC breaks? | No
| Deprecations? | No
| Tests pass? | Yes
| Fixed tickets | #13480
| License | MIT
| Doc PR |
Commits
-------
2a79ace Implemented check on interface implementation
* 2.7: (55 commits)
CS: fix some license headers
CS: Ensure there is no code on the same line as the PHP open tag and it is followed by a blankline
Improve triggering of the deprecation error
[SecurityBundle] Fix typos in LogoutUrlHelper
[VarDumper] add caster for MongoCursor objects
make it possible to dump inlined services to XML
[VarDumper] Fixed notice when Exchange is mocked
[Translation] keep old array structure of resourcesFiles to avoid BC.
removed deprecated notices that make the tests fail
use visited lookup with reference to gain performance
[VarDumper] with-er interface for Cloner\Data
Replace GET parameters when changed
tweaked phpdocs
[Process] Fix outdated Process->start() docblock
prevent inlining service configurators
Improve entropy of generated salt
Complete the removal of API versions in the validator component
[Validator] deprecated API version
Removed 2.5 bc layer
[SecurityBundle] UserPasswordEncoderCommand: fix help arguments order.
...
Conflicts:
CHANGELOG-2.3.md
CHANGELOG-2.6.md
src/Symfony/Bridge/Doctrine/Form/Type/DoctrineType.php
src/Symfony/Bundle/FrameworkBundle/DependencyInjection/Configuration.php
src/Symfony/Bundle/FrameworkBundle/Tests/Templating/Helper/FormHelperDivLayoutTest.php
src/Symfony/Bundle/FrameworkBundle/Tests/Templating/Helper/FormHelperTableLayoutTest.php
src/Symfony/Bundle/FrameworkBundle/composer.json
src/Symfony/Bundle/SecurityBundle/composer.json
src/Symfony/Component/Console/Helper/DialogHelper.php
src/Symfony/Component/Console/Tests/Helper/LegacyTableHelperTest.php
src/Symfony/Component/Form/ResolvedFormType.php
src/Symfony/Component/Routing/Matcher/Dumper/ApacheMatcherDumper.php
* 2.6:
CS: fix some license headers
CS: Ensure there is no code on the same line as the PHP open tag and it is followed by a blankline
use visited lookup with reference to gain performance
Replace GET parameters when changed
[FrameworkBundle][debug:config] added support for dynamic configurations.
[WebProfiler] Fix partial search on url in list
Conflicts:
src/Symfony/Bridge/Propel1/Form/EventListener/TranslationCollectionFormListener.php
src/Symfony/Bridge/Propel1/Form/EventListener/TranslationFormListener.php
* 2.3:
CS: fix some license headers
CS: Ensure there is no code on the same line as the PHP open tag and it is followed by a blankline
use visited lookup with reference to gain performance
Replace GET parameters when changed
Conflicts:
src/Symfony/Component/DependencyInjection/Dumper/PhpDumper.php
This PR was merged into the 2.3 branch.
Discussion
----------
CS: fix some license headers
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | ?
| Fixed tickets | N/A
| License | MIT
| Doc PR | N/A
Commits
-------
2b74841 CS: fix some license headers
* 2.6:
Fix small coding style
[2.3] Static Code Analysis for Components
[Form] fixed phpdoc
CS: Convert double quotes to single quotes
Fixed MongoODM entity loader. Improved loading behavior of entities and documents by reusing entity loader.
[Validator] added Japanese translation for unmatched charset (id: 80)
[WebProfilerBundle] fixed undefined buttons.
[WebProfilerBundle] Fix javascript toolbar on IE8
[DependencyInjection] Highest precedence for user parameters
bumped Symfony version to 2.6.6
[Translation][MoFileLoader] fixed load empty translation.
updated VERSION for 2.6.5
updated CHANGELOG for 2.6.5
bumped Symfony version to 2.3.27
updated VERSION for 2.3.26
update CONTRIBUTORS for 2.3.26
updated CHANGELOG for 2.3.26
[HttpKernel] UriSigner::buildUrl - default params for http_build_query
Conflicts:
src/Symfony/Bridge/Propel1/Tests/DataCollector/PropelDataCollectorTest.php
src/Symfony/Component/DependencyInjection/Dumper/PhpDumper.php
src/Symfony/Component/HttpKernel/Kernel.php
src/Symfony/Component/Security/Http/Firewall/AbstractPreAuthenticatedListener.php
src/Symfony/Component/Validator/Resources/translations/validators.ja.xlf
* 2.7:
Changed visibility of setUp() and tearDown to protected
Changed visibility of setUp() and tearDown to protected
[2.7] Fix travis file
[HttpFoundation] MongoDbSessionHandler::read() now checks for valid session age
[Debug] reintroduce charset param to ExceptionHandler
Changed visibility of setUp() and tearDown to protected
[WebProfilerBundle] Set debug+charset on the ExceptionHandler fallback
[Debug] deprecate ExceptionHandler::utf8Htmlize
Added default button class
used HTML5 meta charset tag and removed hardcoded ones
Revert "bug #13715 Enforce UTF-8 charset for core controllers (WouterJ)"
fixed XSS in the exception handler
Php Inspections (EA Extended) - static code analysis includes:
[2.3] Remove most refs uses
[FrameworkBundle] Read config/validation/*.(xml|yml) files
Test with local components instead of waiting for the subtree-splitter when possible
Conflicts:
src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/Compiler/LegacyTemplatingAssetHelperPassTest.php
src/Symfony/Bundle/TwigBundle/Tests/Extension/LegacyAssetsExtensionTest.php
src/Symfony/Bundle/TwigBundle/Tests/TokenParser/LegacyRenderTokenParserTest.php
src/Symfony/Component/ClassLoader/Tests/LegacyUniversalClassLoaderTest.php
src/Symfony/Component/Console/Helper/ProgressHelper.php
src/Symfony/Component/Console/Tests/Helper/LegacyDialogHelperTest.php
src/Symfony/Component/Console/Tests/Helper/LegacyProgressHelperTest.php
src/Symfony/Component/Debug/ExceptionHandler.php
src/Symfony/Component/HttpFoundation/Tests/Session/Storage/Handler/MongoDbSessionHandlerTest.php
src/Symfony/Component/Routing/Tests/Matcher/Dumper/LegacyApacheMatcherDumperTest.php
src/Symfony/Component/Templating/Tests/Helper/LegacyAssetsHelperTest.php
* 2.6:
[HttpFoundation] MongoDbSessionHandler::read() now checks for valid session age
Changed visibility of setUp() and tearDown to protected
[WebProfilerBundle] Set debug+charset on the ExceptionHandler fallback
Added default button class
used HTML5 meta charset tag and removed hardcoded ones
Revert "bug #13715 Enforce UTF-8 charset for core controllers (WouterJ)"
fixed XSS in the exception handler
Php Inspections (EA Extended) - static code analysis includes:
[2.3] Remove most refs uses
Test with local components instead of waiting for the subtree-splitter when possible
Conflicts:
.travis.yml
* 2.3:
Changed visibility of setUp() and tearDown to protected
fixed XSS in the exception handler
Php Inspections (EA Extended) - static code analysis includes:
[2.3] Remove most refs uses
Test with local components instead of waiting for the subtree-splitter when possible
Conflicts:
src/Symfony/Bundle/FrameworkBundle/Command/ContainerDebugCommand.php
src/Symfony/Component/Config/Util/XmlUtils.php
src/Symfony/Component/Console/Helper/ProgressHelper.php
src/Symfony/Component/Debug/ExceptionHandler.php
src/Symfony/Component/Debug/Tests/ErrorHandlerTest.php
src/Symfony/Component/Filesystem/Tests/FilesystemTest.php
src/Symfony/Component/OptionsResolver/Options.php
src/Symfony/Component/Security/Acl/Dbal/MutableAclProvider.php
src/Symfony/Component/Yaml/Inline.php
Reduce couple count calls in [Yaml]
Modernize type casting, fix several strict comparisons
Unsets merged
Elvis operator usage
Short syntax for applied operations
* 2.7: (26 commits)
removed Propel bridge from Symfony Core
[2.7] Added deprecation warning for get request service in controller
[Serializer] Normalizers can serialize collections and scalars
[FrameworkBundle] Fix title and placeholder rendering in php form templates.
[Process] added a deprecation notice
[TwigBridge] Removed duplicated code from TwigRenderer
[Translator][Logging] implement TranslatorBagInterface.
RequestDataCollector - small fix
renamed composer.phar to composer to be consistent with the Symfony docs
[FrameworkBundle] bumped min version of Routing to 2.3
removed composer --dev option everywhere
fixed a test
[Console] Fixed output bug, if escaped string in a formatted string.
“console help” ignores --raw option
Fix form icon position in web profiler
[Security] Remove ContextListener's onKernelResponse listener as it is used
Revert "minor #12652 [HttpFoundation] [Hackday] #9942 test: Request::getContent() for null value (skler)"
Revert "fixed assertion"
fixed assertion
[HttpFoundation] [Hackday] #9942 test: Request::getContent() for null value
...
Conflicts:
composer.json
src/Symfony/Bridge/Propel1/composer.json
src/Symfony/Bridge/Twig/composer.json
src/Symfony/Component/Console/Tests/Helper/LegacyTableHelperTest.php
* 2.6: (21 commits)
[FrameworkBundle] Fix title and placeholder rendering in php form templates.
[TwigBridge] Removed duplicated code from TwigRenderer
[Translator][Logging] implement TranslatorBagInterface.
RequestDataCollector - small fix
renamed composer.phar to composer to be consistent with the Symfony docs
[FrameworkBundle] bumped min version of Routing to 2.3
removed composer --dev option everywhere
fixed a test
[Console] Fixed output bug, if escaped string in a formatted string.
“console help” ignores --raw option
Fix form icon position in web profiler
[Security] Remove ContextListener's onKernelResponse listener as it is used
Revert "minor #12652 [HttpFoundation] [Hackday] #9942 test: Request::getContent() for null value (skler)"
Revert "fixed assertion"
fixed assertion
[HttpFoundation] [Hackday] #9942 test: Request::getContent() for null value
fixed URL
Add reference to documentation in FormEvents phpdocs
[YAML] Fix one-liners to work with multiple new lines
Keep "pre" meaning for var_dump quick-and-dirty debug
...
Conflicts:
src/Symfony/Bridge/Twig/composer.json
src/Symfony/Bundle/FrameworkBundle/composer.json
src/Symfony/Component/Security/Http/Firewall/ContextListener.php
src/Symfony/Component/Security/Http/Tests/Firewall/ContextListenerTest.php
* 2.3:
[FrameworkBundle] Fix title and placeholder rendering in php form templates.
RequestDataCollector - small fix
renamed composer.phar to composer to be consistent with the Symfony docs
[FrameworkBundle] bumped min version of Routing to 2.3
removed composer --dev option everywhere
fixed a test
[Console] Fixed output bug, if escaped string in a formatted string.
[Security] Remove ContextListener's onKernelResponse listener as it is used
Revert "minor #12652 [HttpFoundation] [Hackday] #9942 test: Request::getContent() for null value (skler)"
Revert "fixed assertion"
fixed assertion
[HttpFoundation] [Hackday] #9942 test: Request::getContent() for null value
fixed URL
Add reference to documentation in FormEvents phpdocs
[YAML] Fix one-liners to work with multiple new lines
Keep "pre" meaning for var_dump quick-and-dirty debug
[Console][Table] Fix cell padding with multi-byte
Conflicts:
src/Symfony/Bundle/FrameworkBundle/Resources/views/Form/widget_attributes.html.php
src/Symfony/Bundle/FrameworkBundle/composer.json
src/Symfony/Component/Console/Helper/TableHelper.php
* 2.7:
fixed deprecation notice
removed usage of the deprecated forms of asset() in the core framework
renamed asset_path() to asset() and added a BC layer
[Asset] added a NullContext class
[Asset] added the component
Added new Forwarded header support for Request::getClientIps
Optimize EntityType by only loading choices for values in the same way that EntityLoader customization does (if you provide a query_builder).
[Security] added string representation for core Users
Add Twig loader priority
Conflicts:
src/Symfony/Bundle/FrameworkBundle/composer.json
src/Symfony/Bundle/TwigBundle/Resources/config/twig.xml
This PR was squashed before being merged into the 2.3 branch (closes#13466).
Discussion
----------
[Security] Remove ContextListener's onKernelResponse listener as it is used
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
The context listeners are specific to a particular firewall, and as such, should not be applied if the current request doesn't match that context listener. To avoid this, the context listener can remove itself from the dispatcher as it is called.
This comes in to affect when two or more firewalls are setup and using the same kernel for multiple requests. Assuming there are two firewalls 'site' and 'admin'
- Request comes in matching 'site' firewall, 'site' ContextListener adds it's onKernelResponse method to the dispatcher
- Succesful auth for 'site'
- ContextListener writes token to session
- Request comes in matching 'admin' firewall, 'admin' ContextListener can't find anything in the session, so nulls the token in the security context
- 'site' ContextListener listens for response, can't find a token in the security context so removes the 'site' token from the session
Commits
-------
380d805 [Security] Remove ContextListener's onKernelResponse listener as it is used
* 2.7: (61 commits)
fixxed order of usage
[2.7] [Form] Replaced calls to array_search() by in_array() where is no need to get the index
removed the last deprecation notice
[Serializer] Silent deprecation notice
removed deprecation notice
[PropertyAccess] Show property path in all exception messages
added deprecation notice for HttpCache::createEsi()
added missing deprecation notice when using the form_enctype function
[Process] Make test AbstractProcessTest::testStartAfterATimeout useful again
removed non-sense example
Fixes small typo.
[Validator] Remove unnecessary include in tests
[HttpFoundation] minor: clarify Request::getUrlencodedPrefix() regex
fixed typo
[Serializer] Use Serializer's LogicException when applicable
[Serializer] Use autoloader for annotations in tests
[Validator] fix DOS-style line endings
Drop useless execution bit
bumped Symfony version to 2.6.5
[Serializer] update changelog
...
Conflicts:
CHANGELOG-2.3.md
CHANGELOG-2.5.md
CHANGELOG-2.6.md
src/Symfony/Bridge/Twig/Node/FormEnctypeNode.php
src/Symfony/Bundle/FrameworkBundle/HttpCache/HttpCache.php
src/Symfony/Component/HttpFoundation/Session/Storage/Handler/NativeSessionHandler.php
* 2.6: (46 commits)
fixxed order of usage
[2.7] [Form] Replaced calls to array_search() by in_array() where is no need to get the index
[Process] Make test AbstractProcessTest::testStartAfterATimeout useful again
removed non-sense example
Fixes small typo.
[Validator] Remove unnecessary include in tests
[HttpFoundation] minor: clarify Request::getUrlencodedPrefix() regex
fixed typo
[Validator] fix DOS-style line endings
Drop useless execution bit
bumped Symfony version to 2.6.5
[Serializer] update changelog
updated VERSION for 2.6.4
updated CHANGELOG for 2.6.4
bumped Symfony version to 2.5.11
[HttpKernel] Added use of provided by #12022 method to instantiate controller class in bundle's controller resolver
updated VERSION for 2.5.10
updated CHANGELOG for 2.5.10
[Validator] Add a Russian translation for invalid charset message
[2.3] [Validator] spanish translation for invalid charset message
...
Conflicts:
src/Symfony/Bridge/Doctrine/Validator/Constraints/UniqueEntityValidator.php
src/Symfony/Component/HttpKernel/Exception/FatalErrorException.php
src/Symfony/Component/HttpKernel/Exception/FlattenException.php
src/Symfony/Component/HttpKernel/Kernel.php
src/Symfony/Component/Routing/Tests/Generator/UrlGeneratorTest.php
src/Symfony/Component/Validator/Resources/translations/validators.de.xlf
src/Symfony/Component/Validator/Resources/translations/validators.en.xlf
src/Symfony/Component/Validator/Resources/translations/validators.es.xlf
src/Symfony/Component/Validator/Resources/translations/validators.fr.xlf
src/Symfony/Component/Validator/Resources/translations/validators.pl.xlf
src/Symfony/Component/Validator/Resources/translations/validators.ru.xlf
src/Symfony/Component/Validator/Resources/translations/validators.sl.xlf
* 2.7:
fixed tests
[OptionsResolver] replaced some exception messages
Added i18n support to ConfirmationQuestion
[HttpKernel] [WebProfilerBundle] added HTTP status to profiler search result
[Form] fixed form tests when using 2.7 deps
[2.3] [HttpFoundation] [MimeTypeGuesser]
[Routing] merge instead of replace class and method scheme/method annotations
[TwigBridge] Fix bootstrap rendering when user explicitly use form_label
Removed dead code and various cleaning
Removed dead code and various cleaning
Fixed HtmlDumper with long string
Removed dead code and various cleaning
[FrameworkBundle][xsd] added missing logging attribute.
[Console] Make it clear that the second argument is not about command options.
Added the '-' character for spaceless on tag start and end to be consistent for block, if, set and for nodes
[Yaml] fixed parse shortcut Key after unindented collection.
[Console] fixed#10531
Make the container considered non-fresh if the environment parameters are changed
Conflicts:
src/Symfony/Bridge/Twig/Resources/views/Form/form_div_layout.html.twig
src/Symfony/Component/HttpKernel/CHANGELOG.md
src/Symfony/Component/Process/Process.php
* 2.6:
[2.3] [HttpFoundation] [MimeTypeGuesser]
Removed dead code and various cleaning
Removed dead code and various cleaning
[FrameworkBundle][xsd] added missing logging attribute.
[Console] Make it clear that the second argument is not about command options.
Added the '-' character for spaceless on tag start and end to be consistent for block, if, set and for nodes
[Yaml] fixed parse shortcut Key after unindented collection.
[Console] fixed#10531
Make the container considered non-fresh if the environment parameters are changed
* 2.5:
[2.3] [HttpFoundation] [MimeTypeGuesser]
Removed dead code and various cleaning
[Console] Make it clear that the second argument is not about command options.
Added the '-' character for spaceless on tag start and end to be consistent for block, if, set and for nodes
[Yaml] fixed parse shortcut Key after unindented collection.
[Console] fixed#10531
Make the container considered non-fresh if the environment parameters are changed
Conflicts:
src/Symfony/Bridge/Twig/Resources/views/Form/form_div_layout.html.twig
* 2.3:
[2.3] [HttpFoundation] [MimeTypeGuesser]
Removed dead code and various cleaning
[Console] Make it clear that the second argument is not about command options.
Added the '-' character for spaceless on tag start and end to be consistent for block, if, set and for nodes
[Yaml] fixed parse shortcut Key after unindented collection.
[Console] fixed#10531
Make the container considered non-fresh if the environment parameters are changed
Conflicts:
src/Symfony/Bridge/Twig/Resources/views/Form/form_div_layout.html.twig
src/Symfony/Bridge/Twig/Resources/views/Form/form_table_layout.html.twig
src/Symfony/Component/Console/Tests/ApplicationTest.php
src/Symfony/Component/Security/Core/Authentication/Provider/PreAuthenticatedAuthenticationProvider.php
* 2.7:
[TwigBridge] fixed AppVariable compat with older Symfony versions
[Validator] re-added support for 2.4 API version in tests
fixed typos
fixed typo
fixed typo
fixed BC layer
[SecurityBundle] decouple the logout PHP helper and Twig extension
[Validator] added Japanese translation for unresolvable host (id: 79)
[Serializer] Fix PHPDoc
Conflicts:
src/Symfony/Bridge/Twig/AppVariable.php
* 2.7:
added type-hint
[Security] removed usage of the deprecated SecurityContextInterface
[Form] fixed deprecation triggers, removed usage of deprecated features
[EventDispatcher] fixed deprecation notices in the EventDispatcher Component
[HttpFoundation] maked a test as being for deprecated feature
added missing error_reporting
[Yaml] maked a test as being for deprecated feature
[Yaml] removed deprecation notices on internal constant
[Security] moved test files into the right place
[HttpKernel] fixed deprecation notices for ESI classes
[Form] moved a deprecation notice
[Form] fixed the CSRF extension to allow using only the new interfaces
[Form] tweaked a deprecation message
[Validator] Add a Russian translation for the checkDNS option in the URL validator
[Validator] Add a Slovenian translation for the checkDNS option in the URL validator
[Validator] Add a Polish translation for the checkDNS option in the URL validator.
fixed typo
added missing support for factories in console descriptions
[FrameworkBundle] fixed missing information in some descriptors
Conflicts:
src/Symfony/Bridge/Twig/composer.json
src/Symfony/Bundle/SecurityBundle/composer.json
src/Symfony/Component/Form/Extension/HttpFoundation/EventListener/BindRequestListener.php
src/Symfony/Component/Yaml/Tests/YamlTest.php
* 2.7: (24 commits)
bumped Symfony version to 2.6.4
updated VERSION for 2.6.3
updated CHANGELOG for 2.6.3
bumped Symfony version to 2.6.3
updated VERSION for 2.6.2
updated CHANGELOG for 2.6.2
bumped Symfony version to 2.5.10
updated VERSION for 2.5.9
updated CHANGELOG for 2.5.9
[FrameworkBundle] Use security.token_storage service in Controller::getUser()
bumped Symfony version to 2.3.25
updated VERSION for 2.3.24
update CONTRIBUTORS for 2.3.24
added missing E_USER_DEPRECATED argument to trigger_error() calls
Removed unneeded version requirements
updated CHANGELOG for 2.3.24
fixed tests
[Security] Don't destroy the session on buggy php releases.
Enhance deprecation summary at end of tests
[2.7] silence deprecations for getFactory*() BC layer
...
Conflicts:
CHANGELOG-2.3.md
CHANGELOG-2.5.md
CHANGELOG-2.6.md
src/Symfony/Component/Form/Tests/ResolvedFormTypeTest.php
* 2.6:
bumped Symfony version to 2.6.4
updated VERSION for 2.6.3
updated CHANGELOG for 2.6.3
bumped Symfony version to 2.6.3
updated VERSION for 2.6.2
updated CHANGELOG for 2.6.2
bumped Symfony version to 2.5.10
updated VERSION for 2.5.9
updated CHANGELOG for 2.5.9
[FrameworkBundle] Use security.token_storage service in Controller::getUser()
bumped Symfony version to 2.3.25
updated VERSION for 2.3.24
update CONTRIBUTORS for 2.3.24
Removed unneeded version requirements
updated CHANGELOG for 2.3.24
fixed tests
[Security] Don't destroy the session on buggy php releases.
[Process] Fix input reset in WindowsPipes
add back model_timezone and view_timezone options
Conflicts:
src/Symfony/Component/HttpKernel/Kernel.php