* 2.0:
replaced magic strings by proper constants
refactored tests for Request
fixed the logic in Request::isSecure() (if the information comes from a source that we trust, don't check other ones)
added a way to configure the X-Forwarded-XXX header names and a way to disable trusting them
fixed algorithm used to determine the trusted client IP
removed the non-standard Client-IP HTTP header
Conflicts:
src/Symfony/Component/HttpFoundation/Request.php
src/Symfony/Component/HttpFoundation/Tests/RequestTest.php
* 2.1: (29 commits)
[DependencyInjection] fixed composer.json
[Validator] Fix typos in validators.ru.xlf
Edited some minor grammar and style errors in russian validation file
Updated Bulgarian translation
[Form] improve error message with a "hasser" hint for PropertyAccessDeniedException
[Form] Updated checks for the ICU version from 4.5+ to 4.7+ due to test failures with ICU 4.6
[Form] simplified a test from previous merge
Update src/Symfony/Component/Form/Extension/Core/Type/FileType.php
fixed CS
Xliff with other node than source or target are ignored
small fix of #5984 when the container param is not set
Filesystem Component mirror symlinked directory fix
[Process][Tests] fixed chainedCommandsOutput tests
fixed CS
Use better default ports in urlRedirectAction
Add tests for urlRedirectAction
info about session namespace
fix upgrade info about locale
Update src/Symfony/Component/DomCrawler/Tests/FormTest.php
Update src/Symfony/Component/DomCrawler/Form.php
...
* 2.0:
[DependencyInjection] fixed composer.json
[Form] Updated checks for the ICU version from 4.5+ to 4.7+ due to test failures with ICU 4.6
fixed CS
small fix of #5984 when the container param is not set
fixed CS
Use better default ports in urlRedirectAction
Add tests for urlRedirectAction
Update src/Symfony/Component/DomCrawler/Tests/FormTest.php
Update src/Symfony/Component/DomCrawler/Form.php
[Security] remove escape charters from username provided by Digest DigestAuthenticationListener
[Security] added test extra for digest authentication
fixed CS
[Security] Fixed digest authentication
[Security] Fixed digest authentication
[SecurityBundle] Convert Http method to uppercase in the config
Use Norm Data instead of Data
Conflicts:
src/Symfony/Bridge/Doctrine/Form/EventListener/MergeCollectionListener.php
src/Symfony/Bundle/FrameworkBundle/Controller/RedirectController.php
src/Symfony/Component/DependencyInjection/composer.json
This PR was merged into the master branch.
Commits
-------
c8e65a2 [FrameworkBundle][Routing] Resolve placeholders in hostnamePattern rules
Discussion
----------
[FrameworkBundle][Routing] Resolve placeholders in hostnamePattern rules
Bug fix: yes
Feature addition: no
Backwards compatibility break: no
Symfony2 tests pass: yes
Fixes the following tickets: #6135
License of the code: MIT
Currently the placeholders in the `hostname_pattern` rule are not resolved, so that's why this PR is it for.
---------------------------------------------------------------------------
by nomack84 at 2012-11-28T14:18:02Z
@fabpot Could you please merge this? I really need this fix to be solve.
Thanks!
This PR was merged into the master branch.
Commits
-------
0a380cf [HttpFoundation] disabled Request _method feature by default (should now be explicitely enabled via a call to enableHttpMethodOverride())
Discussion
----------
[HttpFoundation] disabled Request _method feature by default
It should now be explicitely enabled via a call to enableHttpMethodOverride())
This PR was merged into the master branch.
Commits
-------
431d593 [TwigBundle] Renames twig.loader to twig.loader.filesystem.
Discussion
----------
[TwigBundle] Renames twig.loader to twig.loader.filesystem.
In the previous form of twig's service definitions, it was impossible to
use a chain loader correctly because the TwigBundle was registering paths
on the twig.loader service. This patch fixes that by creating a
twig.loader.filesystem definition and an alias twig.loader that points
to twig.loader.filesystem by default.
---------------------------------------------------------------------------
by marcw at 2012-11-27T21:05:53Z
Failed build seems unrelated to this PR.
This PR was squashed before being merged into the master branch (closes#6133).
Commits
-------
828c95d [Routing] removed restriction of route names
Discussion
----------
[Routing] removed restriction of route names
bc break: no
The restriction is not relevant anymore. It was probably added when the PhpMatcherDumper compiled the route name to php methods, e.g. `DumpedMatcher::get...()`. But this is not the case anymore since 2.1. So the restriction is useless as my added tests show and it does not make any sense from an API point of view.
---------------------------------------------------------------------------
by stof at 2012-11-27T19:40:52Z
you should add an entry in the changelog
---------------------------------------------------------------------------
by Tobion at 2012-11-27T20:19:19Z
Done.
In the previous form of twig's service definitions, it was impossible to
use a chain loader correctly because the TwigBundle was registering paths
on the twig.loader service. This patch fixes that by creating a
twig.loader.filesystem definition and an alias twig.loader that points
to twig.loader.filesystem by default.
This PR was merged into the master branch.
Commits
-------
1db6f05 Update UPGRADE-2.2.md
Discussion
----------
Removed duplicate words in the "validator changes" description in file UPGRADE-2.2.md
This PR was submitted for the master branch but it was merged into the 2.1 branch instead (closes#6106).
Commits
-------
e628c26 [Validator] Edited some minor grammar and style errors in russian validation file
Discussion
----------
[Validator] Edited some minor grammar and style errors in russian validation file
Bug fix: yes
Feature addition: no
Backwards compatibility break: no
Symfony2 tests pass: yes
Fixes the following tickets: -
Todo: -
License of the code: MIT
Documentation PR:
This PR was merged into the 2.1 branch.
Commits
-------
06ee53b [Form] improve error message with a "hasser" hint for PropertyAccessDeniedException
Discussion
----------
[Form] improve error msg w/ a "hasser" hint for PropertyAccessDeniedException
"Hasser" support was added under the 2.1 branch of the Form component
Bug fix: no
Feature addition: no
Backwards compatibility break: no
Symfony2 tests pass: no, but fails exactly the same as without this fix
Fixes the following tickets: -
Todo: -
License of the code: MIT
Documentation PR: symfony/symfony-docs#1958
This PR was merged into the master branch.
Commits
-------
24c6530 [Validator] Added instructions on integrating the latest Validator changes to the UPGRADE file
Discussion
----------
[Validator] Added instructions on integrating the latest Validator changes
This is a documentation change only. See the file diff for more information.
This PR was merged into the 2.1 branch.
Commits
-------
7cba683 Updated Bulgarian translation
Discussion
----------
[Validator][Form] Updated Bulgarian translation
Added Bulgarian translation for form component.
Updated Bulgarian translation for validator messages.
Bug fix: no
Feature addition: no
Backwards compatibility break: no
Symfony2 tests pass: [](https://travis-ci.org/RoumenMe/symfony)
Fixes the following tickets: -
Todo: -
License of the code: MIT
Documentation PR: -
This PR was merged into the 2.0 branch.
Commits
-------
ac77c5b [Form] Updated checks for the ICU version from 4.5+ to 4.7+ due to test failures with ICU 4.6
Discussion
----------
[Form] Updated checks for the ICU version from 4.5+ to 4.7+
Bug fix: no
Feature addition: no
Backwards compatibility break: no
Symfony2 tests pass: yes
Fixes the following tickets: -
Todo: -
License of the code: MIT
Documentation PR: -
Bug fix: no
Feature addition: no
Backwards compatibility break: no
Symfony2 tests pass: no, but fails exactly the same as without this fix
Fixes the following tickets: -
Todo: -
License of the code: MIT
Documentation PR: symfony/symfony-docs#1958
This PR was merged into the master branch.
Commits
-------
1858b96 [Form] Adapted FormValidator to latest changes in the Validator
1f752e8 [DoctrineBridge] Adapted UniqueValidator to latest changes in the Validator
efe42cb [Validator] Refactored the GraphWalker into an implementation of the Visitor design pattern.
Discussion
----------
[Validator] Refactored the Validator for use in Drupal
Bug fix: no
Feature addition: no
Backwards compatibility break: yes
Symfony2 tests pass: yes
Fixes the following tickets: -
Todo: -
License of the code: MIT
Documentation PR: TODO
Drupal wants to use the Symfony Validator component in their next version. I was talking to @fago recently about the changes that we'd need to make and implemented these changes in this PR. I don't want to rush this, but the deadline is tight, since Drupal feature freeze is on December 1st and @fago needs at least a couple of days to integrate the Validator into Drupal.
This PR introduces two significant changes:
* Interfaces were created for all classes that constitute the Validator's API. This is were the PR breaks BC, because `ConstraintValidatorInterface::initialize()` is now type hinted against `ExecutionContextInterface` instead of `ExecutionContext`.
* The graph walker was refactored into an implementation of the Visitor pattern. This way, the validator was decoupled from the structure of the metadata (class → properties and getter methods) and makes it possible to implement a different metadata structure, as is required by the Drupal Entity API.
As a consequence of the API change, custom validation code is now much easier to write, because `ValidatorInterface` and `ExecutionContextInterface` share the following set of methods:
```php
interface ValidatorInterface
{
public function validate($value, $groups = null, $traverse = false, $deep = false);
public function validateValue($value, $constraints, $groups = null);
public function getMetadataFor($value);
}
interface ExecutionContextInterface
{
public function validate($value, $subPath = '', $groups = null, $traverse = false, $deep = false);
public function validateValue($value, $constraints, $subPath = '', $groups = null);
public function getMetadataFor($value);
}
```
No more juggling with property paths, no more fiddling with the graph walker. Just call on the execution context what you'd call on the validator and you're done.
There are two controversial things to discuss and decide (cc @fabpot):
* I moved the `@api` tags of all implementations to the respective interfaces. Is this ok?
* I would like to deprecate `ValidatorInterface::getMetadataFactory()` (tagged as `@api`) in favor of the added `ValidatorInterface::getMetadataFor()`, which offers the exact same functionality, but with a different API and better encapsulation, which makes it easier to maintain for us. We can tag `getMetadataFor()` as `@api`, as I don't expect it to change. Can we do this or should we leave the old method in?
I would like to decide the major issues of this PR until **Sunday November 25th** in order to give @fago enough room for his implementation.
Let me hear your thoughts.
This PR was merged into the master branch.
Commits
-------
d1b5093 Try to make sure cookies get deleted from the TokenProvider when no longer in use
Discussion
----------
Delete cookies from the TokenProvider that is no longer in use
Bug fix: yes
Feature addition: no
Backwards compatibility break: no
Symfony2 tests pass: yes
Todo: -
License of the code: MIT
When the user logs in, or login fails for some reason, the old "remember me" cookie should be deleted from the TokenProvider if you are using the PersistentTokenBasedRememberMeServices.
As the code is now, the token is only deleted on logout.
---------------------------------------------------------------------------
by TerjeBr at 2012-11-20T13:45:54Z
So, anything else that needs to be done before this is merged?
---------------------------------------------------------------------------
by TerjeBr at 2012-11-21T10:30:53Z
Ok, I have corrected the typo in the comment and squashed the commit.
---------------------------------------------------------------------------
by schmittjoh at 2012-11-21T10:36:29Z
btw, ``canceled`` (more American) and ``cancelled`` (more British) are both
correct English forms.
On Wed, Nov 21, 2012 at 11:30 AM, Terje Bråten <notifications@github.com>wrote:
> Ok, I have corrected the typo in the comment and squashed the commit.
>
> —
> Reply to this email directly or view it on GitHub<https://github.com/symfony/symfony/pull/6055#issuecomment-10592112>.
>
>
---------------------------------------------------------------------------
by schmittjoh at 2012-11-21T10:40:24Z
As a side-note have you verified that this does not break the cookie theft protection?
---------------------------------------------------------------------------
by TerjeBr at 2012-11-21T10:51:10Z
Yes, cookie theft protection is still there and is functioning well.
---------------------------------------------------------------------------
by TerjeBr at 2012-11-21T11:14:04Z
I am using this together with the DoctrineTokenProvider in issue #6057 in my own project and done some extensive testing on it.
---------------------------------------------------------------------------
by TerjeBr at 2012-11-23T10:30:34Z
Is this ready to be merged now?
This PR was squashed before being merged into the master branch (closes#6080).
Commits
-------
e477a2e Handle case of static controller method and controllers using magic __call() method
Discussion
----------
Handle case of static controller method and controllers using magic __call() method
Improve collecting controller details for edge cases where:
- controller is array, but contains class name and static method
- method doesn't exist, but is handled by magic __call() method
---------------------------------------------------------------------------
by fabpot at 2012-11-21T08:12:08Z
Can you add some unit tests?
---------------------------------------------------------------------------
by sli-systems at 2012-11-21T22:19:17Z
@pierredup
I disagree with the your comment about is_callable() only working with objects. The PHP docs state that the first argument is a callable, so it can be a string, array, closure, and perhaps more.
The test I added also shows that the code works as is :)
I've thought about your suggestion of adding reflection to look up the location of __call(). However, I think this doesn't really add a lot and only complicates matters. Also, as you can see in the new test, there is also __callStatic() to consider.
The fact that file/line are n/a is correct, because the most typical case will be that __call() and __callStatic() will delegate to some other method that might not even be in the same class/file (a subclass I would expect), IMHO.
@fabpot
Good catch about the '/'. I hope the test is complete enough. Looks more like an exercise on PHP callables than anything else, tho ;)
---------------------------------------------------------------------------
by pierredup at 2012-11-22T04:56:18Z
True that ````is_callable```` takes any callable argument, except in the one specific case where you have a ````__call()```` method, and pass an array with the first paramater as a string.
Take the following example:
class Controller {
public function __call($method, $arguments) {}
}
$controller = array('Controller', 'action');
var_dump(is_callable($controller));
Here ````is_callable($controller)```` will actually return ````false````, where if you have ````$controller = array(new Controller, 'action');```` it would return true.
Of course if you have a ````__callStatic```` method, then it would always return true.
Your tests doesn't seem to cover this use case
---------------------------------------------------------------------------
by sli-systems at 2012-11-22T20:27:05Z
Hmm, maybe. I have to admin that I do not know about this case. OTOH, if is_callable returns false is it really callable then? I would think this more of a PHP bug then?
I think I might have come across this case during coding, but then dismissed it because in that case FilterControllerEvent failed already before the data collector code is reached.
In FilterControllerEvent there is a check on is_callable and a LogicException is thrown if $controller is not callable.
So, is FilterControllerEvent wrong too then?
---------------------------------------------------------------------------
by pierredup at 2012-11-22T20:41:14Z
One would think that if is_callable returns false, then the controller isn't callable, but in the case I mentioned above, the controller is in fact callable. I also thought it was a bug with php, but the php-internals don't seem to think so.
The problem is, if you specify the class as a string, php looks for a static method, even if you have a __call method, it won't be registered.
I will have a look at the FilterControllerEvent to see if this use case applies there as well.
---------------------------------------------------------------------------
by sli-systems at 2012-11-22T20:50:32Z
Rather strange - if that is the case then using is_callable seems pretty pointless and the only way would be to try to execute the controller to find out if it is, in fact, callable...
---------------------------------------------------------------------------
by pierredup at 2012-11-22T20:51:07Z
Okay so it actually seems that the case above isn't callable after all. If the controller is specified as a string, then a static method need to exist. Hence why it works with __callStatic. Only when an instance of the class is specified, will it handle the __call method.
---------------------------------------------------------------------------
by sli-systems at 2012-11-22T20:57:55Z
So the tests are sufficient then?
---------------------------------------------------------------------------
by pierredup at 2012-11-22T20:59:22Z
Yes it is.
This happens when you just assume something without actually testing it :)
Sorry for the hassle
With this refactoring comes a decoupling of the validator from the structure of
the underlying metadata. This way it is possible for Drupal to use the validator
for validating their Entity API by using their own metadata layer, which is not
modeled as classes and properties/getter methods.
This PR was submitted for the master branch but it was merged into the 2.1 branch instead (closes#5028).
Commits
-------
5bfe757 Update src/Symfony/Component/Form/Extension/Core/Type/FileType.php
Discussion
----------
Update src/Symfony/Component/Form/Extension/Core/Type/FileType.php
fixed https://github.com/dustin10/VichUploaderBundle/issues/27
---------------------------------------------------------------------------
by bschussek at 2012-07-24T12:44:11Z
Thank you for the PR! Could you please add a test case?
---------------------------------------------------------------------------
by stfalcon at 2012-07-25T13:53:24Z
> Could you please add a test case?
And what to check? I added one static option :)
---------------------------------------------------------------------------
by bschussek at 2012-07-25T14:22:40Z
Whatever was the reason for adding the option ;) The test should fail when the option is not added and succeed when the option is there.
Probably it is sufficient to create a new field of type "file" in the test which comes prefilled with a `File` object.
```
$file = $this->getMock('Symfony\Component\HttpFoundation\File\File');
$this->factory->create('file', $file)
```
---------------------------------------------------------------------------
by stfalcon at 2012-11-15T12:32:01Z
sorry, it's bug in VichUploaderBundle
---------------------------------------------------------------------------
by stfalcon at 2012-11-21T17:00:59Z
or not :)
---------------------------------------------------------------------------
by stfalcon at 2012-11-22T19:47:34Z
@bschussek done! it was really a bug with FileType
---------------------------------------------------------------------------
by stfalcon at 2012-11-22T22:15:18Z
@stof who can merge it? I want close this bug https://github.com/dustin10/VichUploaderBundle/issues/27 :)
---------------------------------------------------------------------------
by stof at 2012-11-23T02:15:46Z
@stfalcon the rule is that only @fabpot merges PRs on symfony.
---------------------------------------------------------------------------
by stfalcon at 2012-11-23T10:12:05Z
@fabpot do you have a minute :)? it's simple PR but many people wait for it
This PR was merged into the 2.1 branch.
Commits
-------
82334d2 Force loader to be null or a EntityLoaderInterface
Discussion
----------
Force loader to be null or a EntityLoaderInterface
This PR was merged into the 2.0 branch.
Commits
-------
2d9a6fc Use Norm Data instead of Data
Discussion
----------
[Form] Use Norm Data instead of App Data
This listener is triggered when normalized data are binded.
We have to use $event->getForm()->getNormData() instead of $event->getForm()->getData().
I have made a new FormType having 'entity' as parent and having a NormTransformer. I encountered a problem in MergeCollectionListener when the request is binded.
My commit fix it.
This PR was merged into the 2.1 branch.
Commits
-------
84635bd [Form] allowed no type guesser to be registered
Discussion
----------
[Form] made the factory builder pass null when no type guesser registered
reopened#5422 against 2.1 as it's a bug fix
---------------------------------------------------------------------------
by stof at 2012-10-13T21:23:34Z
@fabpot anything left for this PR ?
---------------------------------------------------------------------------
by fabpot at 2012-10-14T09:41:29Z
@bamarni Can you add some unit tests and also update the FormExtensionInterface interface phpdoc as `getTypeGuesser` can now return `null`? Thanks. ping @bschussek
---------------------------------------------------------------------------
by bamarni at 2012-10-14T17:10:27Z
I've added a few tests covering this.
@fabpot : the phpdoc is already correct, it currently can return null, this only occurs with this convenient class.
---------------------------------------------------------------------------
by bschussek at 2012-10-16T07:43:41Z
This PR breaks FormFactory::createBuilderForProperty(), which expects a guesser to be present. Can you check the component for other uses of the guesser and add a null-check there?
---------------------------------------------------------------------------
by bamarni at 2012-10-16T10:57:54Z
I cannot find other places than the factory (searching for 'getTypeGuesser').
---------------------------------------------------------------------------
by bschussek at 2012-11-08T16:58:37Z
You should also adapt `FormRegistry::getTypeGuesser()` not to build a `FormTypeGuesserChain` if the array of guessers is empty. In that case it will return now `null` (adapt the doc block). We also need a different was of checking if the type guessers have already been parsed in FormRegistry. Otherwise the first if condition in `FormRegistry::getTypeGuesser()` will never become false. You could for example initialize the property `$guesser` to `false` and only set it to `null` after the first run of `getTypeGuesser()`.
---------------------------------------------------------------------------
by bamarni at 2012-11-08T18:40:00Z
good catch I had missed it! I've applied your suggestion in the latest commit. Do you see anything else before I squash?
---------------------------------------------------------------------------
by bschussek at 2012-11-08T18:45:15Z
A test for `FormRegistry::getTypeGuesser()` would of course be awesome.
---------------------------------------------------------------------------
by bamarni at 2012-11-08T18:52:13Z
Then it was already awesome! (see https://github.com/symfony/symfony/blob/master/src/Symfony/Component/Form/Tests/FormRegistryTest.php#L252)
I've also added one for the null case if it's what you meant.
This PR was merged into the master branch.
Commits
-------
e2a50ef [OptionsResolver] fix normalizer without corresponding option
5a53821 [OptionsResolver] fix removing normalizers
Discussion
----------
OptionsResolver: normalizer fix
setNormalizer() -> replace() -> all() would generate an error.
---------------------------------------------------------------------------
by bschussek at 2012-07-29T16:09:20Z
Thank you for the fix! Could you please add a test case?
---------------------------------------------------------------------------
by Tobion at 2012-07-30T15:42:26Z
There is another problem: setNormalizer() (without setting an option) -> all()
I suggest to simply ignore normalizers that have no corresponding option. Do you agree?
---------------------------------------------------------------------------
by Tobion at 2012-07-30T16:19:24Z
On the other hand, one could argue that a normalizer without option should also work like this:
```
$this->options->setNormalizer('foo', function (Options $options) {
return '';
});
$this->assertEquals(array('foo' => ''), $this->options->all());
```
But when having a normalizer that wants a previous value as param, it does not work (because there is none).
---------------------------------------------------------------------------
by stof at 2012-07-30T16:30:34Z
@Tobion according to github, this need to be rebased
---------------------------------------------------------------------------
by bschussek at 2012-07-30T19:16:48Z
I guess setNormalizer() should check whether the option is set and fail otherwise. The second possibility, as you say, is to ignore them in all(). I'd prefer whatever is more efficient.
---------------------------------------------------------------------------
by bschussek at 2012-07-30T19:17:27Z
But setting a normalizer without setting an option, and having that option appear in the final options, does not make sense if you ask me.
---------------------------------------------------------------------------
by Tobion at 2012-07-30T21:23:46Z
Well it could make sense. If you want to override/normalize an option to a given value however it has been overloaded by others or just not overloaded at all. This is what normalizers do. I think its more consistent than the other solutions.
Raising exception in setNormalizer would make the Class dependent on the order you call the methods, e.g. `setNormalizer(); set()` would not work. But the other way round would be ok.
Ignoring some normalizers in `all` would be strange because they are there but not applied under some circumstances.
---------------------------------------------------------------------------
by Tobion at 2012-07-30T21:42:40Z
Added the fix. If you disagree tell me.
---------------------------------------------------------------------------
by bschussek at 2012-08-04T09:30:18Z
> Raising exception in setNormalizer would make the Class dependent on the order you call the methods, e.g. `setNormalizer(); set()` would not work. But the other way round would be ok.
I think this would be a better solution. I dislike if the normalizer magically adds an option that does not exist. This could hide implementation error, e.g. when a refactoring removes an option, but the normalizer is forgotten. Can you throw an exception in this case?
Should we find use cases that rely on this to work, we can soften the behavior and remove the exception.
---------------------------------------------------------------------------
by Tobion at 2012-08-04T15:02:51Z
Well, that would also make it impossible to set a normalizer for on optional option in OptionsResolver.
So `setOptional` + `setNormalizers` would throw an exception which sounds counter-intuitive. Are you sure about that?
---------------------------------------------------------------------------
by Tobion at 2012-08-17T11:47:58Z
ping @bschussek
---------------------------------------------------------------------------
by Tobion at 2012-10-07T22:31:44Z
@bschussek ping
---------------------------------------------------------------------------
by stof at 2012-10-13T18:04:30Z
@bschussek ping
---------------------------------------------------------------------------
by Tobion at 2012-11-08T09:55:15Z
@bschussek please let's get this finished.
Fabien Potencier
Tobias Schultze
Mario A. Alvarez Garcia
marc.weistroff
ragtek
Eugene Leonovich
Andrey Esaulov
Roumen Damianoff
Philipp Rieber
Bernhard Schussek
DerManoMann
Stepan Tanasiychuk
