This PR was merged into the master branch.
Commits
-------
aecc9b1 fixed tests when OpenSsl is not enabled in PHP, renamed a missnamed test, added missing license doc blocks
ca567b5 fixed CS
5cdf696 added a SecureRandomInterface
234f725 rename String to StringUtils
5849855 moved the secure random dep for remember me as a constructor argument
248703f renamed Prng to SecureRandom
c0c8972 simplified the Prng code
e5dc7af moved the secure random class from JMSSecurityExtraBundle to Symfony (closes#3595)
Discussion
----------
[2.2][Security] Add a PRNG (closes#3595)
As per #3595, I have moved the secure random class from JMSSecurityExtraBundle to Symfony.
It has more impact than I expected ;)
As you will see, the implementation has been refactored a bit. The most notable change is that Doctrine support has been moved to the bridge with the addition of a proper Doctrine seed provider (Doctrine is not a special case anymore).
The Doctrine configuration has been moved to the DoctrineBundle: doctrine/DoctrineBundle#91schmittjoh/JMSSecurityExtraBundle#65 removes the code that has been moved.
---------------------------------------------------------------------------
by Seldaek at 2012-07-05T13:26:01Z
I'm all for more security features, and both the String class & the Prng class for wrapping openssl make a lot of sense IMO, but I fail to see the use of the rest.
If we just want a seed to have a fallback in case openssl is missing, I'd rather have a secret in the config.yml than a million classes to store the same secret in the DB. Maybe I'm missing something though? /cc @schmittjoh
---------------------------------------------------------------------------
by schmittjoh at 2012-07-05T16:32:10Z
Having the configuration in different places (SecurityBundle & DoctrineBundle) feels a bit weird. I would prefer an approach similar to ACL, or the user provider/firewall section with factories. The latter being a bit more work to implement and the former potentially asking for complaints about too tight coupling to Doctrine.
Regarding testing, we probably need to move the disableOpenSsl method to the SecureRandom class in order to allow OpenSSL to be disabled for testing and we also need to change the byte generation algorithm to produce the same output for the same starting seed. I agree that it does not make sense to introduce an interface for SecureRandom as only the seed providers should be replaced.
As for the seed itself, it is constantly updated and does not stay the same as in the beginning. Thus, we need a provider that we can write to, and not only read from. I'm also not sure about using OpenSSL on Windows as I have read enough resources which claimed that the entropy on Windows is not always good (including OpenSSL docs). Always using the custom seed provider at least always ensured proper entropy even if OpenSSL's speed issues have been fixed in newer PHP versions.
---------------------------------------------------------------------------
by stof at 2012-07-05T16:44:24Z
@schmittjoh everything is in SecurityBundle now as it does not use a database anymore
---------------------------------------------------------------------------
by stof at 2012-07-05T16:44:59Z
and there is no seed provider anymore either
---------------------------------------------------------------------------
by schmittjoh at 2012-07-05T16:53:39Z
Not having a seed provider is not such a good idea, but having a file-based seed provider is.
---------------------------------------------------------------------------
by Seldaek at 2012-07-05T17:01:18Z
@schmittjoh why would you need to replace the seed provider? Don't you think that people serious about security to the point that they would want a stronger seed provider would enable openssl instead?
---------------------------------------------------------------------------
by stof at 2012-07-05T17:06:50Z
Well, what I meant is that there is no interchangeable provider anymore. The Prng class uses the file directly.
And btw, I think the Prng class should be mockable for tests, so it should either have an interface or not be final (I vote for adding an interface)
---------------------------------------------------------------------------
by jalliot at 2012-07-09T18:46:12Z
@fabpot @schmittjoh What about using more fallbacks for `openssl_random_pseudo_bytes` like in @Seldaek's post ["Unpredictable hashes for humans"](http://seld.be/notes/unpredictable-hashes-for-humans)?
Trying `mcrypt_create_iv` first might also be faster.
---------------------------------------------------------------------------
by Seldaek at 2012-07-10T08:52:46Z
@jalliot I think mcrypt should be after if you make it use /dev/urandom, not 100% sure but openssl is probably higher quality than urandom.
---------------------------------------------------------------------------
by schmittjoh at 2012-07-10T09:12:07Z
The fallback algorithm that I added should be enough (it passes the
statistical randomness tests).
On Tue, Jul 10, 2012 at 10:52 AM, Jordi Boggiano <
reply@reply.github.com
> wrote:
> @jalliot I think mcrypt should be after if you make it use /dev/urandom,
> not 100% sure but openssl is probably higher quality than urandom.
>
> ---
> Reply to this email directly or view it on GitHub:
> https://github.com/symfony/symfony/pull/4763#issuecomment-6870145
>
---------------------------------------------------------------------------
by stof at 2012-10-13T17:20:06Z
@fabpot please send a PR to the doc so that this can be merged 😃
---------------------------------------------------------------------------
by stof at 2012-10-13T17:22:08Z
hmm, actually, some comments have not been taken into account yet so it is not ready to be merged
---------------------------------------------------------------------------
by stof at 2012-10-27T07:14:43Z
you forgot the SecureRandom file
---------------------------------------------------------------------------
by fabpot at 2012-10-27T08:49:54Z
I think I've addressed all the comments. If everyone agree with the current implementation, I'm going to start updating the documentation.
---------------------------------------------------------------------------
by fabpot at 2012-10-27T10:51:15Z
I've fixed the remaining CS issues.
---------------------------------------------------------------------------
by fabpot at 2012-10-28T07:00:31Z
Documentation is here: symfony/symfony-docs#1858
This PR was squashed before being merged into the master branch (closes#5847).
Commits
-------
00d2823 Improve comments in ProfilerController
Discussion
----------
Improve comments in ProfilerController
---------------------------------------------------------------------------
by raziel057 at 2012-10-27T21:55:17Z
It's fixed.
This PR was squashed before being merged into the master branch (closes#5032).
Commits
-------
afba15f [2.2] Translatable field type for Propel i18n columns
Discussion
----------
[2.2] Translatable field type for Propel i18n columns
A field type which allows to automatically generate the correct fields for propels i18n behavior.
Usage example:
$builder->add('pageI18ns', 'translatable_collection', array(
'i18n_class' => '\foo\barBundle\Model\PageI18n',
'languages' => array('de', 'fr'),
'label' => 'Translations',
'columns' => array(
'title' => array(
'label' => 'Custom title',
),
'description' => array(
'type' => 'textarea'
)
)
));
With this configuration the field automatically generates the correct fields for the title and description column for the given languages.
---------------------------------------------------------------------------
by stof at 2012-07-24T14:37:27Z
tests are also missing
---------------------------------------------------------------------------
by kufi at 2012-07-27T08:50:05Z
Ok. Moved the Listeners into own classes. Changed the names of the types. Fixed the TranslationCollectionType which now is a Subclass of AbstractType and has the parent collection.
Edit:
The syntax changed slighty for the form:
$builder->add('pageI18ns', new \Symfony\Bridge\Propel1\Form\Type\TranslationCollectionType(), array(
'languages' => array('de', 'fr', 'en'),
'label' => 'Translations',
'options' => array(
'data_class' => 'foo\bar\Modell\PageI18n',
'columns' => array(
'title' => array(
'label' => 'Custom title',
),
'description' => array(
'type' => 'textarea'
)
)
)
));
---------------------------------------------------------------------------
by stof at 2012-07-27T08:55:07Z
tests are still missing, and you have some CS issue (which can probably all be fixed by running the [PHP-CS-Fixer](http://cs.sensiolabs.org/) on your classes)
---------------------------------------------------------------------------
by sindro88 at 2012-08-13T13:27:46Z
I followed step by step the implementation but the form type return an error "Could not load type propel1_translation".
---------------------------------------------------------------------------
by kufi at 2012-08-14T06:21:40Z
Could you try again. The problem was that the type propel1_translation_collection relied on a registered form type propel1_translation. I removed this one and replaced it with the actual form class.
---------------------------------------------------------------------------
by sindro88 at 2012-08-14T06:35:33Z
I replaced with the class and now it work, thank you so much!
---------------------------------------------------------------------------
by fabpot at 2012-09-18T16:53:21Z
ping @willdurand
---------------------------------------------------------------------------
by stof at 2012-10-13T17:56:16Z
@willdurand ping
---------------------------------------------------------------------------
by willdurand at 2012-10-23T12:03:22Z
There are a few comments by @stloyd to fix, but I'm 👍 on this PR.
---------------------------------------------------------------------------
by fabpot at 2012-10-23T13:18:59Z
@kufi Can you add a note in the CHANGELOG of the Propel bridge before I merge this PR? Thanks.
---------------------------------------------------------------------------
by kufi at 2012-10-23T13:32:31Z
@fabpot Sure. Does this belong to Version 2.1.0 or the upcoming 2.2.0?
---------------------------------------------------------------------------
by fabpot at 2012-10-23T13:59:04Z
2.2
This PR was merged into the master branch.
Commits
-------
e2aa79b Added CardScheme validator
Discussion
----------
[2.2] [Validator] Added CardScheme validator
Bug fix: no
Feature addition: yes
Backwards compatibility break: no
Symfony2 tests pass: yes
Fixes the following tickets:
Todo: Adding documentation
License of the code: MIT
CardScheme separated into its own PR from #4734 as requested by @fabpot
---------------------------------------------------------------------------
by fabpot at 2012-10-05T17:08:24Z
As far I understand the discussion on #4734, a few people seemed to be concerned about the usefulness of adding such a validator in Symfony core. Anyone wanting to give his point of view? Personally, I'm -0 on merging this.
---------------------------------------------------------------------------
by merk at 2012-10-05T22:27:05Z
There are circumstances where such logic is required, and it could be desired by the programmer to filter out valid cards for a payment gateway before sending a request.
However, this is already included in JMSPaymentBundle if people don't think it should be in core.
This PR was squashed before being merged into the master branch (closes#5455).
Commits
-------
7ea2f76 [process] expose the process status.
Discussion
----------
[process] expose the process status.
Pull request for issue #5453.
---------------------------------------------------------------------------
by pborreli at 2012-09-07T07:30:01Z
👍
---------------------------------------------------------------------------
by drak at 2012-09-21T18:53:14Z
This PR is missing the patch header in the description https://github.com/symfony/symfony-docs/blob/master/contributing/code/patches.rst#make-a-pull-request
---------------------------------------------------------------------------
by stof at 2012-10-13T21:25:04Z
@boombatower can you update the PR according to my comments and add some tests ?
This PR was squashed before being merged into the master branch (closes#5638).
Commits
-------
98b68c2 [2.2][Console] Add possibility to add new input options to console application
Discussion
----------
[2.2][Console] Add possibility to add new input options to console application
Bug fix: no
Feature addition: yes
Backwards compatibility break: no
Symfony2 tests pass: yes
Fixes the following tickets: -
Todo: -
License of the code: MIT
Documentation PR: -
At the moment it is not possible to overwrite the input arguments of a console application to not have the default ones. Adding is possible with:
$cli->getDefinition()->addOption(new InputOption('--custom', '-c', InputOption::VALUE_NONE, 'Use custom option.'));
Also added some simple tests for adding a custom HelperSet.
---------------------------------------------------------------------------
by dirkaholic at 2012-10-04T06:29:57Z
OK, is a bit inconsistent with what it's done with the helper set then, where you can use both ways. New PR for the tests is the referenced one.
---------------------------------------------------------------------------
by stof at 2012-10-04T18:57:42Z
@dirkaholic Can you rebase your branch (it conflicts with master) and squash your commit together ?
http://symfony.com/doc/current/contributing/code/patches.html#rework-your-patch may help you if you don't know how to do it
---------------------------------------------------------------------------
by dirkaholic at 2012-10-04T19:53:09Z
Done.
---------------------------------------------------------------------------
by stof at 2012-10-04T21:40:53Z
@dirkaholic the rebase worked fine but you have not squashed the commits together.
---------------------------------------------------------------------------
by dirkaholic at 2012-10-05T05:35:30Z
What do you mean ? Only the setDefinition function plus test is left here. The rest was already merged with https://github.com/symfony/symfony/issues/5668
---------------------------------------------------------------------------
by stof at 2012-10-05T10:48:53Z
@dirkaholic Squashing is about making the PR use only 1 commit instead of 2 (the second one changing only some whitespaces, which is not what its message says). But @fabpot told me that he improved his merging tool and so he can squash it when merging so it is OK.
This PR was squashed before being merged into the master branch (closes#5601).
Commits
-------
7914d95 [HttpFoundation] UploadedFile: Added ability to the original extension of the file uploaded
Discussion
----------
[HttpFoundation] UploadedFile: Added ability to the original extension of the file uploaded
Bug fix: no
Feature addition: yes
Backwards compatibility break: no
Symfony2 tests pass: yes
License of the code: MIT
Fixes the following tickets: #5599
Todo: -
`$file->getExtension()` on uploaded files always will return blank as the temp file names do not have an extension. This adds `$file->getClientOriginalExtension()` which returns the extension based off the original file name. It also includes a test to check this function.
---------------------------------------------------------------------------
by daum at 2012-09-25T21:54:00Z
@stof just pushed updated doc block and spacing fix.
---------------------------------------------------------------------------
by stof at 2012-10-13T21:47:17Z
@fabpot anything missing to merge it ?
This PR was squashed before being merged into the master branch (closes#5381).
Commits
-------
0f3126f Added lockExists to Store interface, fixed locking bugs, added tests.
Discussion
----------
Added lockExists to Store interface, fixed locking bugs, added tests.
While working on Drupal's HttpCache implementation, I discovered that the base HttpCache class does an is_file to check for a lock, which assumes a file-based cache is being used. This seems like a mistake since the rest of the Store interface is easily swappable. I added a lockExists method so that this is properly abstracted.
I also noticed there were no tests for the change I made, so I added some very basic locking tests. While adding those I found that the existing lock method is a bit broken. This line here:
```php
<?php
if (false !== $lock = @fopen($path = $this->getPath($this->getCacheKey($request).'.lck'), 'x')) {
```
will return false if the file couldn't be written for any reason, but the rest of the method assumes that if $lock == false, the lock exists already. So if the file couldnt be written due to the parent directory not existing, $path will be returned as if it exists, which is clearly not the desired behavior.
I changed this to return false if the file couldnt be written and doesn't exist, $path if it exists, and true if the lock was created. It still doesn't feel great to have bool|string return values, but that's the best I could come up with atm. I also added a check for the parent directory that creates it if it doesn't exist. The new tests fail without it.
I also broke out that code a bit as it was very difficult to read.
---------------------------------------------------------------------------
by henrikbjorn at 2012-08-30T09:11:16Z
Symfony have a editorconfig file which set the correct indentation settings. http://editorconfig.org/
---------------------------------------------------------------------------
by msonnabaum at 2012-08-30T13:00:20Z
Updated based on stof's feedback.
---------------------------------------------------------------------------
by msonnabaum at 2012-08-30T13:21:40Z
Fixed based on code style feedback.
---------------------------------------------------------------------------
by jonathaningram at 2012-09-05T12:29:47Z
@msonnabaum, this seems to be distantly related to my recent PR too: #5376.
---------------------------------------------------------------------------
by stof at 2012-10-13T20:35:55Z
@fabpot anything left to merge this ?
---------------------------------------------------------------------------
by catch56 at 2012-10-23T16:42:10Z
This looks great to me, Couldn't find anything to complain about.
* 2.1:
[ClassLoader] fixed unbracketed namespaces (closes#5747)
slight refactoring in UrlMatcher
[Form] Created test for DoctrineOrmTypeGuesser see #5790
[Form] Fixed DoctrineOrmTypeGuesser to guess the "required" option for to-one associations
This PR was merged into the master branch.
Commits
-------
adeadfb fixed comment striping on global namespace classes
Discussion
----------
[ClassCollectionLoader] fixed comment striping on global namespace classes
previously #4792, I've removed the multiple blank lines removal not to break heredocs.
---------------------------------------------------------------------------
by stof at 2012-10-13T18:04:56Z
@fabpot is there anything left to merge this ?
---------------------------------------------------------------------------
by bamarni at 2012-10-14T11:47:23Z
I've added a space when faking a namespace, so that it stils works without the tokenizer (if #5747 gets merged)
This PR was merged into the master branch.
Commits
-------
b89e413 [Process] Add output / error output incremental getters
Discussion
----------
[2.2][Process] Add output / error output incremental getters
Bug fix: #4999
Feature addition: yes
Backwards compatibility break: no
Symfony2 tests pass: yes
License of the code: MIT
Travis fails ; tests are ok on my local clone but upstream symfony master is currently broken
---------------------------------------------------------------------------
by stof at 2012-10-13T21:20:47Z
@romainneutron is there anything left before merging ? And please open a PR to the documentation to document the new feature
This PR was merged into the master branch.
Commits
-------
85d39aa session class tests
Discussion
----------
session class tests
Hi,
This patch adds some Session class tests.
Best regards,
Michal
---------------------------------------------------------------------------
by lsmith77 at 2012-10-19T17:04:29Z
can you close and reopen this PR to retriggered the travis build?
This PR was merged into the master branch.
Commits
-------
99aa37c tests for Request class
Discussion
----------
tests for Request class
Hi,
This patch adds some tests for Request class.
Best regards,
Michal
---------------------------------------------------------------------------
by lsmith77 at 2012-10-19T17:04:33Z
can you close and reopen this PR to retriggered the travis build?
This PR was merged into the 2.1 branch.
Commits
-------
5d2525b [Form] Created test for DoctrineOrmTypeGuesser see #5790b844d6b [Form] Fixed DoctrineOrmTypeGuesser to guess the "required" option for to-one associations
Discussion
----------
[Form] Doctrine orm type guesser tests
This PR adds tests to https://github.com/symfony/symfony/pull/5790
---------------------------------------------------------------------------
by Tobion at 2012-10-20T10:53:56Z
Using real test entities would be better IMO. Using mocks ties it pretty much to the implementation.
---------------------------------------------------------------------------
by sstok at 2012-10-21T10:38:53Z
@Tobion thats true, but Doctrine Class meta data takes quite some coding to set-up.
For instance you need the EntityManager to get even get the meta data set!
So you'd end having more code to set-up then your actually testing.
---------------------------------------------------------------------------
by Burgov at 2012-10-21T12:58:58Z
I wasn't sure whether do use a test entity manager, or do it the way I finally did it.
@sstok true, it's quite some work to set it up, but on the other hand there's the base OrmTestCase class which does it for you, so it'd actually mean I'd only have to create one entity for all the cases: https://github.com/symfony/symfony/blob/master/src/Symfony/Bridge/Doctrine/Tests/DoctrineOrmTestCase.php
@Tobion on the other hand I tend to use a test EM only when I actually need to test persisting and loading, while this test case here is so isolated that I didn't really feel it would be necessary.
I'd like to know which method is preferred though, I'll change it if necessary, and other tests can be added to test the rest of this specific class
This PR was squashed before being merged into the master branch (closes#5838).
Commits
-------
201f3e6 [Form] Fixed cannot unset string offsets in CsrfValidationListener
Discussion
----------
[Form] Fixed cannot unset string offsets in CsrfValidationListener
Bug fix: yes
Feature addition: no
Backwards compatibility break: no
Symfony2 tests pass: yes
Fixes the following tickets: -
Todo: -
License of the code: MIT
Documentation PR: -
A php fatal error is happening when someone rewrite the entire form data for an object with a single input.
```
Fatal error: Cannot unset string offsets in vendor/symfony/symfony/src/Symfony/Component/Form/Extension/Csrf/EventListener/CsrfValidationListener.php on line 72
```
Example:
```html
<form action="/app_dev.php/post/create" method="post" >
<div id="posttype">
<div>
<label for="posttype_name" class="required">Name</label>
<input type="text" id="posttype_name" name="posttype[name]" required="required" maxlength="255" />
</div>
<div>
<label for="posttype_text" class="required">Text</label>
<textarea id="posttype_text" name="posttype[text]" required="required"></textarea>
</div>
<input type="hidden" id="posttype__token" name="posttype[_token]" value="83a1617c694fbdea43c2527f1a55c7419ce82a42" /></div>
<p>
<button type="submit">Create</button>
</p>
</form>
```
If someone alters the html to add a simple input at the bottom of the form like this one:
```html
<input type="text" id="posttype" name="posttype" value="test123" />
```
The result will be a php fatal error.
---------------------------------------------------------------------------
by bschussek at 2012-10-26T09:49:05Z
Thank you for the pull request! Could you please reference the pull request in the test?
```php
// https://github.com/symfony/symfony/pull/5838
public function testStringFormData()
{
...
```
---------------------------------------------------------------------------
by jfcixmedia at 2012-10-26T10:21:29Z
@bschussek Added, thanks.
This PR was merged into the 2.1 branch.
Commits
-------
7447ef7 slight refactoring in UrlMatcher
Discussion
----------
slight refactoring in UrlMatcher
bc break: no
bug fix: no
feature addition: no
saving a variable
This PR was squashed before being merged into the master branch (closes#4115).
Commits
-------
878dd91 [2.2] [Form] Trim listener, unicode whitespace characters.
Discussion
----------
[2.2] [Form] Trim listener, unicode whitespace characters.
Bug fix: no
Feature addition: yes
Backwards compatibility break: no
Symfony2 tests pass: yes
Fixes the following tickets: -
Todo:
I have some questions. ZERO WIDTH SPACE (200B) doesn't belong to White_Space but it's invisible and treated as white space by the html4.1 spec - http://www.w3.org/TR/html4/struct/text.html#h-9.1
Same question for
* U+202F NARROW NO-BREAK SPACE
* U+FEFF ZERO WIDTH NO-BREAK SPACE
---------------------------------------------------------------------------
by Dattaya at 2012-04-26T09:49:25Z
It seems to me that the check `mb_check_encoding($data, 'UTF-8')` is unnecessary. For non utf8 characters `preg_replace` returns `null` if `u` flag is set.
From http://www.pcre.org/pcre.txt:
>When you set the PCRE_UTF8 flag, the byte strings passed as patterns
and subjects are (by default) checked for validity on entry to the rel-
evant functions.
...
>If an invalid UTF-8 string is passed to PCRE, an error return is given.
---------------------------------------------------------------------------
by Dattaya at 2012-07-27T06:52:58Z
Forgot to mention that `Cc` property includes more characters than needed (`0009-000D` and `0085`) but I think control characters shouldn't appear in a form field anyway.
---------------------------------------------------------------------------
by stof at 2012-10-13T16:47:47Z
@Dattaya ping
* 2.1:
bumped Symfony version to 2.0.19-DEV
updated VERSION for 2.0.18
update CONTRIBUTORS for 2.0.18
updated CHANGELOG for 2.0.18
updated vendors for 2.0.18
Remove § about prototype_name customization in 2.0
fix option name
Add to DateFormats 'D M d H:i:s Y T' (closes#5830)
* 2.0:
bumped Symfony version to 2.0.19-DEV
updated VERSION for 2.0.18
update CONTRIBUTORS for 2.0.18
updated CHANGELOG for 2.0.18
updated vendors for 2.0.18
Add to DateFormats 'D M d H:i:s Y T' (closes#5830)
Conflicts:
CONTRIBUTORS.md
src/Symfony/Component/HttpKernel/Kernel.php
tests/Symfony/Tests/Bridge/Monolog/Processor/WebProcessorTest.php
vendors.php
This PR was merged into the master branch.
Commits
-------
bd37f24 [Locale] Implement the lenient isser in the StubIntlFormatter
Discussion
----------
[Locale] Implement the lenient isser in the StubIntlFormatter
When hardcoding other settings in the stub (the calendar, the locale...), the corresponding getters are implemented using the hardcoded value. This does the same for ``isLenient`` to be consistent.
This PR was merged into the 2.1 branch.
Commits
-------
6fb4a1b Remove § about prototype_name customization in 2.0
8a347fd fix option name
Discussion
----------
Fix upgrade prototype name option
