* digitalkaoz/httpkernel-debug:
[HttpKernel] added tests for debug stuff
[HttpKernel] reset handling if subject::handle throws an exception, otherwise it wouldnt be able to handle furthermore
* schmittjoh/security:
[Security] forward the entire access denied exception instead of only the message
[Security] changed defaults for MessageDigestEncoder
TICKET #9557: session isn't required when using http basic authentification mecanism for example
[Security] improved entropy to make collision attacks harder
[Security] added the 'key' attribute of RememberMeToken to serialized string to be stored in session
Fix the Acl schema generator script.
Added support for the full range of escaped values in double quoted
strings in chapter 5 of the YAML 1.1 and 1.2 specs. The escaping
and unescaping strategies were factored out into separate classes to
keep the logic isolated.
Added examples from the spec to the unit tests for all escaped values.
* kriswallsmith/dic/auto-ext-load:
[HttpKernel] added an subclass merge extension configuration compiler pass to ensure each bundle's "main" extension is loaded
[DependencyInjection] extensions should only load if called during configuration
* schmittjoh/security:
[Security] added method to retrieve the configured remember-me parameter
[Security] Copy token attributes when auth providers create a new token from another
* cristiangsp/Translation_FallbackLocale:
[Translation] Modified Translation unit test "testTransWithFallbackLocale"
[Translation] Fixed the addition of the fallbackLocale catalogue to the current locale catalogue.
[Translation] Added search to FallbackLocale Catalogue.
Now the test shows the behavior when is requested a translation to an undefined locale catalogue and, therefore, the fallbacklocale catalogue must be queried. The original test function only checks the step to reach the language catalog not to the fallbacklocale one (even the fallbacklocale isn't set). This test gives error in the current version of symfony/symfony.
PreAuthenticatedAuthenticationProvider and UserAuthenticationProvider tend to copy a token instead of modifying it during their authenticate() methods, which is probably a good idea if the token might be immutable. Ensure that the token's attributes get copied along with everything else.
According to ResponseHeaderBag::computeCacheControlValue(), a response with an ETag but no explicit Cache-Control header should have a sensible Cache-Control of "private, must-revalidate" set. According to Response::isCacheable(), a response that includes a private Cache-Controls is not considered cacheable. Therefore, in order for this test response to be cacheable and stored, it requires an explicit Cache-Control of public.
Without this patch, if you call __toString() on a Response,
the content-type auto-detection would never be trigerred
as __toString() changes the default content-type.
I had thought that this was unnecessary - when would you ever want to just let "extra" options fail silently?
But, the SecurityExtension takes advantage of this by creating two separate config trees. The first tree looks for just one particular value on the configuration array and ignores the rest. So, there *is* a use-case for allowing all extra fields to simply be ignored, though this should not be the norm.