* 2.4:
[HttpKernel] added an analyze of environment parameters for built-in server.
change command to which available under most unix systems
add way to test command under windows
fix shell command injection
[Form] allowed CallbackTransformer to use callable
[Process] Added process synchronization to the incremental output tests
* 2.3:
[HttpKernel] added an analyze of environment parameters for built-in server.
change command to which available under most unix systems
add way to test command under windows
fix shell command injection
[Form] allowed CallbackTransformer to use callable
[Process] Added process synchronization to the incremental output tests
* 2.5: (33 commits)
[Validator] Added Swedish translations
[Validator] Fixed ExpressionValidator when the validation root is not an object
[Validator] Fixed: Made it possible (again) to pass a class name to Validator::validatePropertyValue()
Fix incorrect romanian plural translations
fix axes handling in Crawler::filterXPath()
fix some docblocks
Fixed self-reference in 'service_container' service breaks garbage collection (and clone).
[Process] Fix tests when pcntl is not available.
[DependencyInjection] Roll back changes made to generated files.
[Console] Roll back changes made to fixture files.
Issue #11489 Added some CA and ES translations
[Validator] Added more detailed inline documentation
[Validator] Removed information from the violation output if the value is an array, object or resource
partially reverted previous commit
fixed CS
Add point about ConsoleLogger to Console 2.5 changelog
[Validator] Fixed failing tests
[Validator] CS fixes
[FrameworkBundle] Made ConstraintValidatorFactory aware of the legacy validators
[Validator] Added extensive test coverage for the constraint validators for the different APIs
...
Conflicts:
src/Symfony/Component/Validator/Resources/translations/validators.ca.xlf
* 2.5:
Update validators.eu.xlf
fixed CS
remove unused imports
[Validator] Added markObjectAsInitialized() and isObjectInitialized() to ExecutionContextInterface
[Validator] Fixed doc block
[Routing] simplify the XML schema file
Unify null comparisons
[EventDispatcher] don't count empty listeners
[Process] Fix unit tests in sigchild environment
[Process] fix signal handling in wait()
[BrowserKit] refactor code and fix unquoted regex
Fixed server HTTP_HOST port uri conversion
[HttpFoundation] moved test file to the right directory
[Validator] Made sure that context changes don't leak out of (Contextual)ValidatorInterface
[MonologBridge] fixed Console handler priorities
Bring code into standard
[Process] Add test to verify fix for issue #11421
[Process] Fixes issue #11421
[DependencyInjection] Pass a Scope instance instead of a scope name.
* 2.4:
Update validators.eu.xlf
fixed CS
remove unused imports
[Routing] simplify the XML schema file
Unify null comparisons
[EventDispatcher] don't count empty listeners
[Process] Fix unit tests in sigchild environment
[Process] fix signal handling in wait()
[BrowserKit] refactor code and fix unquoted regex
Fixed server HTTP_HOST port uri conversion
[MonologBridge] fixed Console handler priorities
Bring code into standard
[Process] Add test to verify fix for issue #11421
[Process] Fixes issue #11421
[DependencyInjection] Pass a Scope instance instead of a scope name.
Conflicts:
src/Symfony/Bundle/FrameworkBundle/Test/WebTestCase.php
src/Symfony/Component/DependencyInjection/Tests/Dumper/GraphvizDumperTest.php
src/Symfony/Component/PropertyAccess/Tests/PropertyAccessorCollectionTest.php
* 2.3:
Update validators.eu.xlf
fixed CS
remove unused imports
Unify null comparisons
[EventDispatcher] don't count empty listeners
[Process] Fix unit tests in sigchild environment
[Process] fix signal handling in wait()
[BrowserKit] refactor code and fix unquoted regex
Fixed server HTTP_HOST port uri conversion
Bring code into standard
[Process] Add test to verify fix for issue #11421
[Process] Fixes issue #11421
[DependencyInjection] Pass a Scope instance instead of a scope name.
Conflicts:
src/Symfony/Component/EventDispatcher/Tests/EventDispatcherTest.php
* 2.4:
Update MimeTypeExtensionGuesser.php
[Validator] Add missing polish translations
[Validator] Added missing strings from Image validator
[Templating] PhpEngine should propagate charset to its helpers
Fix ticket #10663 - Added setCharset method call to PHP templating engine.
Changed the typehint of the EsiFragmentRenderer to the interface
[Form] Improved test coverage of UrlType
[BrowserKit] Fix#10641 : BrowserKit is broken when using ip as host
* 2.3:
Update MimeTypeExtensionGuesser.php
[Templating] PhpEngine should propagate charset to its helpers
Fix ticket #10663 - Added setCharset method call to PHP templating engine.
Changed the typehint of the EsiFragmentRenderer to the interface
[Form] Improved test coverage of UrlType
[BrowserKit] Fix#10641 : BrowserKit is broken when using ip as host
Conflicts:
src/Symfony/Component/HttpKernel/Fragment/EsiFragmentRenderer.php
src/Symfony/Component/Templating/PhpEngine.php
* 2.4: (52 commits)
Fix#8205 : Deprecate file mode update when calling dumpFile
Fix#10437: Catch exceptions when reloading a no-cache request
Fix libxml_use_internal_errors and libxml_disable_entity_loader usage
removed ini check to make uploadedfile work on gae
Update OptionsResolver.php
fixed comment in forms.xml file
Clean KernelInterface docblocks
Cast the group name as a string
Fixed doc of InitAclCommand
[Form] Fix "Array was modified outside object" in ResizeFormListener.
Fix IBAN validator
[Process] Remove unreachable code + avoid skipping tests in sigchild environment
Fixed bug that incorrectly causes the "required" attribute to be omitted from select even though it contains the "multiple" attribute
Added travis_retry to .travis.yml
[Process] fix some typos and refactor some code
[Process] Fix unit tests in sigchild disabled environment
[Process] Trow exceptions in case a Process method is supposed to be called after termination
fixed typo
[Process] fixed fatal errors in getOutput and getErrorOutput when process was not started
[Process] Fix escaping on Windows
...
Conflicts:
src/Symfony/Bundle/FrameworkBundle/Command/ServerRunCommand.php
src/Symfony/Component/Form/Extension/Core/EventListener/ResizeFormListener.php
src/Symfony/Component/Process/Process.php
src/Symfony/Component/Process/ProcessPipes.php
src/Symfony/Component/Process/Tests/AbstractProcessTest.php
* 2.3: (34 commits)
Fix#8205 : Deprecate file mode update when calling dumpFile
Fix#10437: Catch exceptions when reloading a no-cache request
Fix libxml_use_internal_errors and libxml_disable_entity_loader usage
removed ini check to make uploadedfile work on gae
Update OptionsResolver.php
fixed comment in forms.xml file
Clean KernelInterface docblocks
Cast the group name as a string
Fixed doc of InitAclCommand
[Form] Fix "Array was modified outside object" in ResizeFormListener.
Fix IBAN validator
[Process] Remove unreachable code + avoid skipping tests in sigchild environment
Fixed bug that incorrectly causes the "required" attribute to be omitted from select even though it contains the "multiple" attribute
Added travis_retry to .travis.yml
[Process] fix some typos and refactor some code
[Process] Fix unit tests in sigchild disabled environment
[Process] Trow exceptions in case a Process method is supposed to be called after termination
fixed typo
[Process] fixed fatal errors in getOutput and getErrorOutput when process was not started
[Process] Fix escaping on Windows
...
Conflicts:
src/Symfony/Component/DomCrawler/Crawler.php
src/Symfony/Component/Filesystem/Filesystem.php
src/Symfony/Component/Process/Process.php
This PR was merged into the 2.5-dev branch.
Discussion
----------
[Form] Changed Form::getErrors() to return an iterator and added two optional parameters $deep and $flatten
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | yes
| BC breaks? | yes
| Deprecations? | yes
| Tests pass? | yes
| Fixed tickets | #7205
| License | MIT
| Doc PR | -
See the changes in the UPGRADE files for more information.
Commits
-------
6b3fbb5 [Form] Changed the default value of $flatten in Form::getErrors() to true
a9268c4 [Form] Changed Form::getErrors() to return an iterator and added two optional parameters $deep and $flatten
This PR was squashed before being merged into the 2.5-dev branch (closes#9862).
Discussion
----------
[FrameworkBundle] Added configuration for additionnal request formats
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | https://github.com/symfony/symfony/issues/8934
| License | MIT
| Doc PR | https://github.com/symfony/symfony-docs/pull/3402
Reopening of https://github.com/symfony/symfony/pull/8944
# TODO
- [x] Fix wrong xml configuration definition (Thanks @WouterJ)
- [x] Change configuration key `additional_formats` to a more meaningful one
- [x] Write documentation (new entry or replace http://symfony.com/doc/current/cookbook/request/mime_type.html ?)
Commits
-------
f90ba11 [FrameworkBundle] Added configuration for additionnal request formats
* 2.4:
fixed CS
allow the TextAreaFormField to be used with valid/invalid HTML
Create security.id.xlf
[DependencyInjection] Remove unneeded file
[Twig] removed obsolete conditions on Twig versions
added lines to exceptions for the trans and transchoice tags
[FrameworkBundle] Merged multiple line input into one line to fix the tests.
[Form] Make FormInterface::add docblock more explicit
[Security] Add zh_CN translations
Routing condition bugfix
[Validator][Translation]update zh_CN translations
[Validator] Minor fix in XmlLoader
* 2.4:
udpated LICENSE year
update year on licenses
rundown and typo fix
[Process] Fix#9861 : Revert TTY mode
[Form] Update minimal requirement in composer.json
Fix Empty translations with Qt files
[Console] Fixed command name guessing if an alternative is an alias.
Update UPGRADE-2.3.md to account for #9388
[WebProfilerBundle] Fixed profiler toolbar icons for XHTML.
[BrowserKit] Throw exception on invalid cookie expiration timestamp
[Propel1Bridge][ModelChoiceList] add exception message for invalid classes
* 2.4:
[Security] fixed pre/post authentication checks
fixed missing use statements
Updated lithuanian validator translation: changed vartotojas to naudotojas as it is more proper term.
Fixed CSS
[Intl] Added round support for ROUND_CEILING, ROUND_FLOOR, ROUND_DOWN, ROUND_UP
[HttpFoundation] Throw proper exception when invalid data is passed to JsonResponse class
addressed == -> === suggestion
Fixed#9020 - Added support for collections in service#parameters
fixes PSR-0 issues in tests
adjusted behavior to always copy override on url files
Skips test that need full lib-intl.
* 2.3:
[Security] fixed pre/post authentication checks
Updated lithuanian validator translation: changed vartotojas to naudotojas as it is more proper term.
Fixed CSS
[HttpFoundation] Throw proper exception when invalid data is passed to JsonResponse class
addressed == -> === suggestion
Fixed#9020 - Added support for collections in service#parameters
fixes PSR-0 issues in tests
adjusted behavior to always copy override on url files
Skips test that need full lib-intl.
Conflicts:
src/Symfony/Component/Security/Acl/Tests/Permission/MaskBuilderTest.php
src/Symfony/Component/Security/Core/Tests/Authentication/Token/RememerMeTokenTest.php
src/Symfony/Component/Security/Core/Tests/User/AccountCheckerTest.php
src/Symfony/Component/Security/Core/Tests/User/InMemoryProviderTest.php
src/Symfony/Component/Security/Http/Tests/Authentication/DefaultAuthenticationFailureHandlerTest.php
src/Symfony/Component/Security/Http/Tests/Authentication/DefaultAuthenticationSuccessHandlerTest.php
src/Symfony/Component/Security/Tests/Core/Authentication/Token/RememberMeTokenTest.php
src/Symfony/Component/Security/Tests/Core/Authentication/Token/RememerMeTokenTest.php
src/Symfony/Component/Security/Tests/Core/User/AccountCheckerTest.php
src/Symfony/Component/Security/Tests/Core/User/InMemoryProviderTest.php
src/Symfony/Component/Security/Tests/Core/User/InMemoryUserProviderTest.php
src/Symfony/Component/Security/Tests/Core/User/UserCheckerTest.php
This PR was merged into the 2.5-dev branch.
Discussion
----------
[WIP] [FrameworkBundle] removed some more dependencies on the request service
| Q | A
| ------------- | ---
| Bug fix? | kinda (see linked tickets)
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #8915, #9185
| License | MIT
| Doc PR | n/a
/cc @kriswallsmith
Commits
-------
4f3d502 [FrameworkBundle] removed some more dependencies on the request service
* 2.3:
Fixed typo
[validator] throw an exception if isn't an instance of ConstraintValidatorInterface.
Reset the box model to content-box in the web debug toolbar
[FrameworkBundle] Allowed "0" as a checkbox value in the php template.
raising delta on stopwatch as travis really breaks with less than 35
Switched to correct gender of "Token"
fixed typos in several translations
[HttpKernel] use static late binding when dumping out container
* 2.3: (24 commits)
Add german translation for several validators (Greater/Equal/Less)
No Entity Manager defined exception
fixed CS
[Acl] Fix for issue #9433
[Validator] fix docblock typos
[DependencyInjection] removed the unused Reference and Parameter classes use statements from the compiled container class
Removed useless check if self::$trustProxies is set
Fix mistake in translation's service definition.
if handler_id is identical to null fix
CS fix
Fixed ModelChoiceList tests in Propel1 bridge.
[AclProvider] Fix incorrect behaviour when partial results returned from cache
Check if the pipe array is empty before calling stream_select()
[Intl] fixed datetime test as described in #9455
bumped Symfony version to 2.3.8
updated VERSION for 2.3.7
updated CHANGELOG for 2.3.7
re-factor Propel1 ModelChoiceList
[Form] Added method Form::getClickedButton() to remove memory leak in FormValidator
[Locale] fixed the failing test described in #9455
...
Conflicts:
src/Symfony/Bridge/Propel1/Form/ChoiceList/ModelChoiceList.php
src/Symfony/Bridge/Propel1/Tests/Fixtures/ItemQuery.php
src/Symfony/Bridge/Propel1/Tests/Form/ChoiceList/ModelChoiceListTest.php
src/Symfony/Bridge/Propel1/Tests/Propel1TestCase.php
src/Symfony/Component/Form/Tests/CompoundFormTest.php
src/Symfony/Component/HttpKernel/Kernel.php
src/Symfony/Component/Process/Process.php
* 2.2:
No Entity Manager defined exception
fixed CS
[Acl] Fix for issue #9433
[Validator] fix docblock typos
[DependencyInjection] removed the unused Reference and Parameter classes use statements from the compiled container class
Fix mistake in translation's service definition.
if handler_id is identical to null fix
CS fix
Fixed ModelChoiceList tests in Propel1 bridge.
[AclProvider] Fix incorrect behaviour when partial results returned from cache
Check if the pipe array is empty before calling stream_select()
re-factor Propel1 ModelChoiceList
[Locale] fixed the failing test described in #9455
[Process] fix phpdoc and timeout of 0
bug #9445 [BrowserKit] fixed protocol-relative url redirection
Conflicts:
src/Symfony/Component/BrowserKit/Tests/ClientTest.php
src/Symfony/Component/Locale/Tests/Stub/StubIntlDateFormatterTest.php
This PR was merged into the master branch.
Discussion
----------
[FrameworkBundle] made sure that the debug event dispatcher is used everywhere
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #6686, #7673
| License | MIT
| Doc PR | n/a
The removal of the Profiler dependency on the TraceableEventDispatcher (#9170) allows to remerge the patch from #9068 that fixes#6686.
This PR also cleans up how profiles are stored. A Profile is now always stored only once.
The fix will only be available on 2.4+ as the changes are too deep to be backported to 2.2 and 2.3.
Commits
-------
1e1835e [FrameworkBundle] made sure that the debug event dispatcher is used everywhere
This PR was merged into the master branch.
Discussion
----------
[HttpFoundation] Add a way to avoid the session be written at each request
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | yes
| BC breaks? | no (maybe the DI config ?)
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | N/A
| License | MIT
| Doc PR | https://github.com/symfony/symfony-docs/pull/3017
Commits
-------
191418d [HttpFoundation] Add a way to avoid the session be written at each request
This PR was merged into the master branch.
Discussion
----------
Decoupled TraceableEventDispatcher from the Profiler
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
This PR removes the Profiler dependency on the TraceableEventDispatcher. That makes things more decoupled and cleaner. This PR also cleans up how profiles are stored; a Profile is now always stored only once.
I've created a `LateDataCollectorInterface` that is implemented for data collector that needs to get information from data that are available very late in the request process (when the request and the response are not even available anymore). The `lateCollect()` method is called just before the profile is stored.
We have 3 data collectors that implement that interface:
* Time: As the traceable event dipsatcher gets inject timing information via the stopwatch about all events (including the `terminate` one), we need to get events from the stopwatch as late as possible.
* Event: The traceable event dispatcher gathers all called listeners to determine non-called ones. To be able to accurately do that for all events (including the `terminate` one), we need to get the data as late as possible.
* Memory: We want to get the memory as late as possible to get the most accurate number as possible
I'm not very happy with the name and as always, better suggestions would be much appreciated.
This is an extract from #9168
Commits
-------
5cedea2 [HttpKernel] added LateDataCollectorInterface
9c4bc9a [HttpKernel] decoupled TraceableEventDispatcher and Profiler
This PR was merged into the master branch.
Discussion
----------
[Security] Added Security\Csrf sub-component with better token generation
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | TODO
**Update September 27, 2013**
This PR simplifies the CSRF mechanism to generate completely random tokens. A random token is generated once per ~~intention~~ token ID and then stored in the session. Tokens are valid until the session expires.
Since the CSRF token generator depends on `StringUtils` and `SecureRandom` from Security\Core, and since Security\Http currently depends on the Form component for token generation, I decided to add a new Security\Csrf sub-component that contains the improved CSRF token generator. Consequences:
* Security\Http now depends on Security\Csrf instead of Form
* Form now optionally depends on Security\Csrf
* The configuration for the "security.secure_random" service and the "security.csrf.*" services was moved to FrameworkBundle to guarantee BC
In the new Security\Csrf sub-component, I tried to improve the naming where I could do so without breaking BC:
* CSRF "providers" are now called "token generators"
* CSRF "intentions" are now called "token IDs", because that's really what they are
##### TODO
- [ ] The documentation needs to be checked for references to the configuration of the application secret. Remarks that the secret is used for CSRF protection need to be removed.
- [ ] Add aliases "csrf_token_generator" and "csrf_token_id" for "csrf_provider" and "intention" in the SecurityBundle configuration
- [x] Make sure `SecureRandom` never blocks for `CsrfTokenGenerator`
Commits
-------
7f02304 [Security] Added missing PHPDoc tag
2e04e32 Updated Composer dependencies to require the Security\Csrf component where necessary
bf85e83 [FrameworkBundle][SecurityBundle] Added service configuration for the new Security CSRF sub-component
2048cf6 [Form] Deprecated the CSRF implementation and added an optional dependency to the Security CSRF sub-component instead
85d4959 [Security] Changed Security HTTP sub-component to depend on CSRF sub-component instead of Form
1bf1640 [Security] Added CSRF sub-component
This PR was merged into the master branch.
Discussion
----------
[Form] Rewrite boolean attributes to match HTML spec
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
Same as #7856
> 'The presence of a boolean attribute on an element represents the true value, and the absence of the attribute represents the false value.' - http://www.w3.org/html/wg/drafts/html/master/infrastructure.html#boolean-attribute
This commit modifies widget_container_attributes and widget_attributes so that:
* `true` values render as the attribute name with the attribute name repeated as the value
* `false` values are not rendered
The comparison is strict using sames() in twig.
Previously `false` values would have been rendered as `some-attribute=""` which according to the spec would actually make them a boolean attribute and therefore equal to true.
Commits
-------
b85577b [Form] Improved test coverage of widget_attributes and widget_container_attributes blocks
8e4c2a7 [Form] Rewrite boolean attributes to match HTML spec
This PR was merged into the master branch.
Discussion
----------
[Translation] Added support for JSON format (both loader and dumper).
Based on `IniFileLoader\Dumper`.
Q | A
--- | ---
Bug fix? |no
New feature? | yes
BC breaks?| no
Deprecations? |no
Tests pass? | yes
Fixed tickets | -
License | MIT
Doc | this component don't have docs
Commits
-------
fcef021 [Translation] Added support for JSON format (both loader and dumper).
This PR was merged into the master branch.
Discussion
----------
New Component: Expression Language
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #8850, #7352
| License | MIT
| Doc PR | not yet
TODO:
- [ ] write documentation
- [x] add tests for the new component
- [x] implement expression support for access rules in the security component
- [x] find a better character/convention for expressions in the YAML format
- [x] check the performance of the evaluation mode
- [x] better error messages in the evaluation mode
- [x] add support in the Routing
- [x] add support in the Validator
The ExpressionLanguage component provides an engine that can compile and
evaluate expressions.
An expression is a one-liner that returns a value (mostly, but not limited to, Booleans).
It is a strip-down version of Twig (only the expression part of it is
implemented.) Like Twig, the expression is lexed, parsed, and
compiled/evaluated. So, it is immune to external injections by design.
If we compare it to Twig, here are the main big differences:
* only support for Twig expressions
* no ambiguity for calls (foo.bar is only valid for properties, foo['bar'] is only valid for array calls, and foo.bar() is required for method calls)
* no support for naming conventions in method calls (if the method is named getFoo(), you must use getFoo() and not foo())
* no notion of a line for errors, but a cursor (we are mostly talking about one-liners here)
* removed everything specific to the templating engine (like output escaping or filters)
* no support for named arguments in method calls
* only one extension point with functions (no possibility to define new operators, ...)
* and probably even more I don't remember right now
* there is no need for a runtime environment, the compiled PHP string is self-sufficient
An open question is whether we keep the difference betweens arrays and hashes.
The other big difference with Twig is that it can work in two modes (possible
because of the restrictions described above):
* compilation: the expression is compiled to PHP and is self-sufficient
* evaluation: the expression is evaluated without being compiled to PHP (the node tree produced by the parser can be serialized and evaluated afterwards -- so it can be saved on disk or in a database to speed up things when needed)
Let's see a simple example:
```php
$language = new ExpressionLanguage();
echo $language->evaluate('1 + 1');
// will echo 2
echo $language->compile('1 + 2');
// will echo "(1 + 2)"
```
The language supports:
* all basic math operators (with precedence rules):
* unary: not, !, -, +
* binary: or, ||, and, &&, b-or, b-xor, b-and, ==, ===, !=, !==, <, >, >=, <=, not in, in, .., +, -, ~, *, /, %, **
* all literals supported by Twig: strings, numbers, arrays (`[1, 2]`), hashes
(`{a: "b"}`), Booleans, and null.
* simple variables (`foo`), array accesses (`foo[1]`), property accesses
(`foo.bar`), and method calls (`foo.bar(1, 2)`).
* the ternary operator: `true ? true : false` (and all the shortcuts
implemented in Twig).
* function calls (`constant('FOO')` -- `constant` is the only built-in
functions).
* and of course, any combination of the above.
The compilation is better for performances as the end result is just a plain PHP string without any runtime. For the evaluation, we need to tokenize, parse, and evaluate the nodes on the fly. This can be optimized by using a `ParsedExpression` or a `SerializedParsedExpression` instead:
```php
$nodes = $language->parse($expr, $names);
$expression = new SerializedParsedExpression($expr, serialize($nodes));
// You can now store the expression in a DB for later reuse
// a SerializedParsedExpression can be evaluated like any other expressions,
// but under the hood, the lexer and the parser won't be used at all, so it''s much faster.
$language->evaluate($expression);
```
That's all folks!
I can see many use cases for this new component, and we have two use cases in
Symfony that we can implement right away.
## Using Expressions in the Service Container
The first one is expression support in the service container (it would replace
#8850) -- anywhere you can pass an argument in the service container, you can
use an expression:
```php
$c->register('foo', 'Foo')->addArgument(new Expression('bar.getvalue()'));
```
You have access to the service container via `this`:
container.get("bar").getvalue(container.getParameter("value"))
The implementation comes with two functions that simplifies expressions
(`service()` to get a service, and `parameter` to get a parameter value). The
previous example can be simplified to:
service("bar").getvalue(parameter("value"))
Here is how to use it in XML:
```xml
<parameters>
<parameter key="value">foobar</parameter>
</parameters>
<services>
<service id="foo" class="Foo">
<argument type="expression">service('bar').getvalue(parameter('value'))</argument>
</service>
<service id="bar" class="Bar" />
</services>
```
and in YAML (I chose the syntax randomly ;)):
```yaml
parameters:
value: foobar
services:
bar:
class: Bar
foo:
class: Foo
arguments: [@=service("bar").getvalue(parameter("value"))]
```
When using the container builder, Symfony uses the evaluator, but with the PHP
dumper, the compiler is used, and there is no overhead as the expression
engine is not needed at runtime. The expression above would be compiled to:
```php
$this->get("bar")->getvalue($this->getParameter("value"))
```
## Using Expression for Security Access Control Rules
The second use case in Symfony is for access rules.
As we all know, the way to configure the security access control rules is confusing, which might lead to insecure applications (see http://symfony.com/blog/security-access-control-documentation-issue for more information).
Here is how the new `allow_if` works:
```yaml
access_control:
- { path: ^/_internal/secure, allow_if: "'127.0.0.1' == request.getClientIp() or has_role('ROLE_ADMIN')" }
```
This one restricts the URLs starting with `/_internal/secure` to people browsing from the localhost. Here, `request` is the current Request instance. In the expression, there is access to the following variables:
* `request`
* `token`
* `user`
And to the following functions:
* `is_anonymous`
* `is_authenticated`
* `is_fully_authenticated`
* `is_rememberme`
* `has_role`
You can also use expressions in Twig, which works well with the `is_granted` function:
```jinja
{% if is_granted(expression('has_role("FOO")')) %}
...
{% endif %}
```
## Using Expressions in the Routing
Out of the box, Symfony can only match an incoming request based on some pre-determined variables (like the path info, the method, the scheme, ...). But some people want to be able to match on more complex logic, based on other information of the Request object. That's why we introduced `RequestMatcherInterface` recently (but we no default implementation in Symfony itself).
The first change I've made (not related to expression support) is implement this interface for the default `UrlMatcher`. It was simple enough.
Then, I've added a new `condition` configuration for Route objects, which allow you to add any valid expression. An expression has access to the `request` and to the routing `context`.
Here is how one would configure it in a YAML file:
```yaml
hello:
path: /hello/{name}
condition: "context.getMethod() in ['GET', 'HEAD'] and request.headers.get('User-Agent') =~ '/firefox/i'"
```
Why do I keep the context as all the data are also available in the request? Because you can also use the condition without using the RequestMatcherInterface, in which case, you don't have access to the request. So, the previous example is equivalent to:
```yaml
hello:
path: /hello/{name}
condition: "request.getMethod() in ['GET', 'HEAD'] and request.headers.get('User-Agent') =~ '/firefox/i'"
```
When using the PHP dumper, there is no overhead as the condition is compiled. Here is how it looks like:
```php
// hello
if (0 === strpos($pathinfo, '/hello') && preg_match('#^/hello/(?P<name>[^/]++)$#s', $pathinfo, $matches) && (in_array($context->getMethod(), array(0 => "GET", 1 => "HEAD")) && preg_match("/firefox/i", $request->headers->get("User-Agent")))) {
return $this->mergeDefaults(array_replace($matches, array('_route' => 'hello')), array ());
}
```
Be warned that conditions are not taken into account when generating a URL.
## Using Expressions in the Validator
There is a new Expression constraint that you can put on a class. The expression is then evaluated for validation:
```php
use Symfony\Component\Validator\Constraints as Assert;
/**
* @Assert\Condition(condition="this.getFoo() == 'fo'", message="Not good!")
*/
class Obj
{
public function getFoo()
{
return 'foo';
}
}
```
In the expression, you get access to the current object via the `this` variable.
## Dynamic annotations
The expression language component is also very useful in annotations. the SensoLabs FrameworkExtraBundle leverages this possibility to implement HTTP validation caching in the `@Cache` annotation and to add a new `@Security` annotation (see sensiolabs/SensioFrameworkExtraBundle#238.)
Commits
-------
d4ebbfd [Validator] Renamed Condition to Expression and added possibility to set it onto properties
a3b3a78 [Validator] added a constraint that runs an expression
1bcfb40 added optimized versions of expressions
984bd38 mades things more consistent for the end user
d477f15 [Routing] added support for expression conditions in routes
86ac8d7 [ExpressionLanguage] improved performance
e369d14 added a Twig extension to create Expression instances
38b7fde added support for expression in control access rules
2777ac7 [HttpFoundation] added ExpressionRequestMatcher
c25abd9 [DependencyInjection] added support for expressions in the service container
3a41781 [ExpressionLanguage] added support for regexes
9d98fa2 [ExpressionLanguage] added the component
* 2.3:
fixed phpdoc
Fix some annotates
[FrameworkBundle] made sure that the debug event dispatcher is used everywhere
[HttpKernel] remove unneeded strtoupper
updated the composer install command to reflect changes in Composer
Conflicts:
src/Symfony/Component/Serializer/Encoder/XmlEncoder.php
* 2.2:
Fix some annotates
[FrameworkBundle] made sure that the debug event dispatcher is used everywhere
[HttpKernel] remove unneeded strtoupper
updated the composer install command to reflect changes in Composer
Conflicts:
src/Symfony/Component/Console/Application.php
src/Symfony/Component/Console/Command/Command.php
src/Symfony/Component/Console/Input/InputDefinition.php
src/Symfony/Component/CssSelector/Node/CombinedSelectorNode.php
src/Symfony/Component/Form/Form.php
src/Symfony/Component/HttpKernel/Debug/ErrorHandler.php
src/Symfony/Component/HttpKernel/DependencyInjection/RegisterListenersPass.php
src/Symfony/Component/HttpKernel/Tests/DependencyInjection/RegisterListenersPassTest.php
src/Symfony/Component/Locale/Locale.php
src/Symfony/Component/Locale/README.md
src/Symfony/Component/Locale/Stub/DateFormat/FullTransformer.php
This PR was merged into the 2.2 branch.
Discussion
----------
[FrameworkBundle] made sure that the debug event dispatcher is used everywhere
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #6686, #7673
| License | MIT
| Doc PR | n/a
Commits
-------
f65a526 [FrameworkBundle] made sure that the debug event dispatcher is used everywhere
* 2.3:
fixes RequestDataCollector bug, visible when used on Drupal8
[Console] fixed exception rendering when nested styles
[Console] added some more information about OutputFormatter::replaceStyle()
[Console] fixed the formatter for single-char tags
[Console] Escape exception message during the rendering of an exception
[DomCrawler] fixed HTML5 form attribute handling
Making tests pass on mac os x without this change tests would fail under mac os x at least in 10.8.2
[BrowserKit] Fixed the handling of parameters when redirecting
[Process] Properly close pipes after a Process::stop call
fixed bytes conversion when used on 32-bits systems
Typo fix
HttpFoundation RequestTest - Fixed indentation and removed comments
HttpFoundation Request test for #8619
LICENSE files moved to meta folders
added missing method in the UPGRADE file for 2.2 (closes#8941)
[Form] Fixed: "required" attribute is not added to <select> tag if no empty value
[Translation] Removed an unneeded return annotation.
[DomCrawler] Added missing docblocks and removed unneeded return annotation.
Conflicts:
src/Symfony/Component/Process/Tests/AbstractProcessTest.php
* 2.2:
fixes RequestDataCollector bug, visible when used on Drupal8
[Console] fixed exception rendering when nested styles
[Console] added some more information about OutputFormatter::replaceStyle()
[Console] fixed the formatter for single-char tags
[Console] Escape exception message during the rendering of an exception
[BrowserKit] Fixed the handling of parameters when redirecting
Typo fix
HttpFoundation RequestTest - Fixed indentation and removed comments
HttpFoundation Request test for #8619
LICENSE files moved to meta folders
added missing method in the UPGRADE file for 2.2 (closes#8941)
[Translation] Removed an unneeded return annotation.
[DomCrawler] Added missing docblocks and removed unneeded return annotation.
Conflicts:
src/Symfony/Component/BrowserKit/Client.php
src/Symfony/Component/DomCrawler/Crawler.php
set logger in extension , so its only done in debug mode
add psr/log to suggest of templating
add test for setLogger and refactor tests to not depend that much an
deprecated functionality
* 2.3:
moved some fixed dep versions from 2.2.* to ~2.2 (refs #8613)
[HttpKernel] added a missing dep for dev
[Form] fixed wrong call to setTimeZone() (closes#8644)
Fix issue with \DateTimeZone::UTC / 'UTC' for PHP 5.4
[Form] Fixed patched forms to be valid even if children are not submitted
Revert "[Form] Fix of "PATCH'ed forms are never valid""
[Form] Fixed: If a form is not present in a request, it is not automatically submitted
Fixes link indices
[Form] Removed the "disabled" attribute from the placeholder option in select fields due to problems with the BlackBerry 10 browser
Revert "[Form] Remove "value" attribute on empty_value option"
[routing] added ability for apache matcher to handle array values
removed dead code and fixed CS
[Validator] fixed StaticMethodLoader trying to invoke methods of abstract classes (closes#8589)
* 2.2:
[HttpKernel] added a missing dep for dev
[Form] fixed wrong call to setTimeZone() (closes#8644)
Fix issue with \DateTimeZone::UTC / 'UTC' for PHP 5.4
[Form] Removed the "disabled" attribute from the placeholder option in select fields due to problems with the BlackBerry 10 browser
[routing] added ability for apache matcher to handle array values
removed dead code and fixed CS
[Validator] fixed StaticMethodLoader trying to invoke methods of abstract classes (closes#8589)
Conflicts:
src/Symfony/Bundle/TwigBundle/TokenParser/RenderTokenParser.php
src/Symfony/Component/Form/FormConfigBuilder.php
src/Symfony/Component/HttpKernel/composer.json
src/Symfony/Component/Validator/Tests/GraphWalkerTest.php
Before:
enabled: true # the profiler is enabled and data are collected
enabled: false # the profiler is enabled but data are not collected (data can be collected on demand)
No way to disable the profiler
After:
enabled: true # the profiler is enabled and data are collected
collect: true
enabled: true # the profiler is enabled but data are not collected (data can be collected on demand)
collect: false
enabled: false # the profiler is disabled
This PR was merged into the master branch.
Discussion
----------
[Form] Remove "value" attribute on empty_value option
Today we faced a very strange issue with the newest Blackberry 10 browser, it was not submitting our forms. Finally we found that in a ```select``` element, if you have a disabled option, it can't have a value or the HTML5 validator will crash and won't submit the form. Of course, setting the ```novalidate``` option for the whole form also solved the issue.
Although I know this must be an issue with the WebKit version the BB10 has, it can easily be solved in symfony with this change. In fact, it does make sense since we already have a disabled option with no value if the ```preferred_choices``` are not empty and a ```separator``` is set
Commits
-------
9e849eb [Form] Remove "value" attribute on empty_value option
This PR was merged into the master branch.
Discussion
----------
[2.3][Session] Give greater control over how and when session starts
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | na
| License | MIT
| Doc PR | symfony/symfony-docs#2475
Refs #6036
Gives control over how start on demand works: allowing to turn it on or off and to allow bag access when session is off.
Commits
-------
f431cb0 Fix tests
1f521d8 Coding standards
2583c26 [HttpFoundation][FrameworkBundle] Keep save auto_start behaviour as in 2.2 and make component values consistent with FrameworkBundle's configuration options.
ceaf69b [FrameworkBundle] Use more sophisticated validation and configuration.
af0a140 [FrameworkBundle] Add configuration to allow control over session start on demand.
8fc2397 [HttpFoundation] Give control over how session start on demand.
This PR was squashed before being merged into the master branch (closes#7571).
Discussion
----------
[2.3] Handle PHP sessions started outside of Symfony
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR | symfony/symfony-docs#2474
This PR brings a way to allow Symfony2 to manage a session started outside of Symfony in such a way that quite explicit. It also introduces more robust detection of previously started sessions under PHP 5.3 and supports real session status detection under PHP 5.4
Commits
-------
df99902 [2.3] Handle PHP sessions started outside of Symfony
Today we faced a very strange issue with the newest Blackberry 10 browser, it was not submitting our forms. Finally we found that in a ```select``` element, if you have a disabled option, it can't have a value or the HTML5 validator will crash and not submit the form. Of course, setting the ```novalidate``` option for the whole form also solved the issue.
Although I know this must be an issue with the WebKit version the BB10 has it can easily be solved in symfony with this change. In fact, it does make sense since we already have a disabled option with no value if the ```preferred_choices``` are not empty and a ```separator``` is set
This PR was merged into the master branch.
Discussion
----------
[2.3] [FrameworkBundle] [Templating] added Stopwatch support to the PHP engine
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| License | MIT
I did not include tests nor documentation because there weren't any for TimedTwigEngine (I took it as an example). If I'm mistaken and they are needed, I'll gladly write them.
Commits
-------
3c3d34d [FrameworkBundle] [Templating] added Stopwatch support to the PHP engine
This PR was merged into the master branch.
Discussion
----------
[2.3] [WIP] Synchronized services...
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #5300, #6756
| License | MIT
| Doc PR | symfony/symfony-docs#2343
Todo:
- [x] update documentation
- [x] find a better name than contagious (synchronized)?
refs #6932, refs #5012
This PR is a proof of concept that tries to find a solution for some problems we have with scopes and services depending on scoped services (mostly the request service in Symfony).
Basically, whenever you want to inject the Request into a service, you have two possibilities:
* put your own service into the request scope (a new service will be created whenever a sub-request is run, and the service is not available outside the request scope);
* set the request service reference as non-strict (your service is always available but the request you have depends on when the service is created the first time).
This PR addresses this issue by allowing to use the second option but you service still always has the right Request service (see below for a longer explanation on how it works).
There is another issue that this PR fixes: edge cases and weird behaviors. There are several bug reports about some weird behaviors, and most of the time, this is related to the sub-requests. That's because the Request is injected into several Symfony objects without being updated correctly when leaving the request scope. Let me explain that: when a listener for instance needs the Request object, it can listen to the `kernel.request` event and store the request somewhere. So, whenever you enter a sub-request, the listener will get the new one. But when the sub-request ends, the listener has no way to know that it needs to reset the request to the master one. In practice, that's not really an issue, but let me show you an example of this issue in practice:
* You have a controller that is called with the English locale;
* The controller (probably via a template) renders a sub-request that uses the French locale;
* After the rendering, and from the controller, you try to generate a URL. Which locale the router will use? Yes, the French locale, which is wrong.
To fix these issues, this PR introduces a new notion in the DIC: synchronized services. When a service is marked as synchronized, all method calls involving this service will be called each time this service is set. When in a scope, methods are also called to restore the previous version of the service when the scope leaves.
If you have a look at the router or the locale listener, you will see that there is now a `setRequest` method that will called whenever the request service changes (because the `Container::set()` method is called or because the service is changed by a scope change).
Commits
-------
17269e1 [DependencyInjection] fixed management of scoped services with an invalid behavior set to null
bb83b3e [HttpKernel] added a safeguard for when a fragment is rendered outside the context of a master request
5d7b835 [FrameworkBundle] added some functional tests
ff9d688 fixed Request management for FragmentHandler
1b98ad3 fixed Request management for LocaleListener
a7b2b7e fixed Request management for RequestListener
0892135 [HttpKernel] ensured that the Request is null when outside of the Request scope
2ffcfb9 [FrameworkBundle] made the Request service synchronized
ec1e7ca [DependencyInjection] added a way to automatically update scoped services
This change allows any service to depend on the Request (via a method
call) and always have the right Request instance without the need for
the service to be in the request scope (you still need to set the
Request reference as non-strict).
* 2.2: (70 commits)
change wrapped exception message to be more usefull
updated VERSION for 2.0.23
update CONTRIBUTORS for 2.0.23
updated CHANGELOG for 2.0.23
[Form] fixed failing test
[DomCrawler] added support for query string with slash
Fixed invalid file path for hiddeninput.exe on Windows.
fix xsd definition for strict-requirements
[WebProfilerBundle] Fixed the toolbar styles to apply them in IE8
[ClassLoader] fixed heredocs handling
fixed handling of heredocs
Add a public modifier to an interface method
removing xdebug extension
[HttpRequest] fixes Request::getLanguages() bug
[HttpCache] added a test (cached content should be kept after purging)
[DoctrineBridge] Fixed non-utf-8 recognition
[Security] fixed HttpUtils class tests
replaced new occurences of 'Request::create()' with '::create()'
changed sub-requests creation to '::create()'
fixed merge issue
...
Conflicts:
src/Symfony/Bundle/FrameworkBundle/Command/TranslationUpdateCommand.php
src/Symfony/Bundle/WebProfilerBundle/Resources/views/Profiler/toolbar.html.twig
src/Symfony/Component/DomCrawler/Link.php
src/Symfony/Component/Translation/Translator.php
This PR was squashed before being merged into the master branch (closes#7202).
Commits
-------
817453c [2.2] add http_method_override option to ease setup
Discussion
----------
[2.2] add http_method_override option to ease setup
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| License | MIT
* 2.1:
Defined stable version point of Doctrine.
[HttpFoundation] Remove Cache-Control when using https download via IE<9 (fixes#6750)
Update composer.json
[Form] Fixed TimeType not to render a "size" attribute in select tags
[Form] Added test for "label" option to accept the value "0"
Expanded fault-tolerance for unusual cookie dates
Fix docblock type
[Form] Fixed "label" option to accept the value "0"
merged branch jfcixmedia/2.1 (PR #5838)
[DomCrawler] lowered parsed protocol string (fixes#6986)
Conflicts:
composer.json
src/Symfony/Bridge/Twig/Resources/views/Form/form_div_layout.html.twig
src/Symfony/Bundle/FrameworkBundle/Resources/views/Form/time_widget.html.php
src/Symfony/Bundle/FrameworkBundle/composer.json
src/Symfony/Component/Form/Tests/Extension/Csrf/EventListener/CsrfValidationListenerTest.php
src/Symfony/Component/Routing/composer.json
src/Symfony/Component/Security/composer.json
src/Symfony/Component/Validator/composer.json
HttpContentRenderer has been renamed to FragmentHandler.
The RendererStrategy subnamespace has been renamed to Fragment.
The strategy classes now have Fragment in their names.
ProxyRouterListener has been renamed to FragmentListener
The router_proxy configuration entry has been renamed to fragments.
This PR was squashed before being merged into the master branch (closes#6734).
Commits
-------
4d51ec0 Fix for hardcode (#6384) in choice widget
Discussion
----------
Fix for hardcode (#6384) in choice widget
empty_value should not be disabled if field is not required!
#6384
---------------------------------------------------------------------------
by sstok at 2013-01-15T15:51:08Z
You need to revert the file mode changes (100644 → 100755)
---------------------------------------------------------------------------
by MaksSlesarenko at 2013-01-18T16:44:42Z
fixed tests
---------------------------------------------------------------------------
by MaksSlesarenko at 2013-01-21T15:36:59Z
ping @fabpot
---------------------------------------------------------------------------
by fabpot at 2013-01-21T15:58:26Z
ping @bschussek
---------------------------------------------------------------------------
by MaksSlesarenko at 2013-01-23T11:15:37Z
ping @fabpot @bschussek
---------------------------------------------------------------------------
by Tobion at 2013-01-23T12:08:19Z
I think it's good to squash and merge.
---------------------------------------------------------------------------
by fabpot at 2013-01-23T12:16:37Z
Can you rebase and squash before I merge? Thanks.
---------------------------------------------------------------------------
by MaksSlesarenko at 2013-01-23T19:51:36Z
@fabpot done
This PR was merged into the master branch.
Commits
-------
76fefe3 updated CHANGELOG and UPGRADE files
f7da1f0 added some unit tests (and fixed some bugs)
f17f586 moved the container aware HTTP kernel to the HttpKernel component
2eea768 moved the deprecation logic calls outside the new HttpContentRenderer class
bd102c5 made the content renderer work even when ESI is disabled or when no templating engine is available (the latter being mostly useful when testing)
a8ea4e4 [FrameworkBundle] deprecated HttpKernel::forward() (it is only used once now and not part of any interface anyway)
1240690 [HttpKernel] made the strategy a regular parameter in HttpContentRenderer::render()
adc067e [FrameworkBundle] made some services private
1f1392d [HttpKernel] simplified and enhanced code managing the hinclude strategy
403bb06 [HttpKernel] added missing phpdoc and tweaked existing ones
892f00f [HttpKernel] added a URL signer mechanism for hincludes
a0c49c3 [TwigBridge] added a render_* function to ease usage of custom rendering strategies
9aaceb1 moved the logic from HttpKernel in FrameworkBundle to the HttpKernel component
Discussion
----------
[WIP] Kernel refactor
Currently, the handling of sub-requests (including ESI and hinclude) is mostly done in FrameworkBundle. It makes these important features harder to implement for people using only HttpKernel (like Drupal and Silex for instance).
This PR moves the code to HttpKernel instead. The code has also been refactored to allow easier integration of other rendering strategies (refs #6108).
The internal route has been re-introduced but it can only be used for trusted IPs (so for the internal rendering which is managed by Symfony itself, or by a trusted reverse proxy like Varnish for ESI handling). For the hinclude strategy, when using a controller, the URL is automatically signed (see #6463).
The usage of a listener instead of a controller to handle internal sub-requests speeds up things quite a lot as it saves one sub-request handling. In Symfony 2.0 and 2.1, the handling of a sub-request actually creates two sub-requests.
Rendering a sub-request from a controller can be done with the following code:
```jinja
{# default strategy #}
{{ render(path("partial")) }}
{{ render(controller("SomeBundle:Controller:partial")) }}
{# ESI strategy #}
{{ render(path("partial"), { strategy: 'esi' }) }}
{{ render(controller("SomeBundle:Controller:partial"), { strategy: 'esi' }) }}
{# hinclude strategy #}
{{ render(path("default1"), { strategy: 'hinclude' }) }}
```
The second commit allows to simplify the calls a little bit thanks to some nice syntactic sugar:
```jinja
{# default strategy #}
{{ render(path("partial")) }}
{{ render(controller("SomeBundle:Controller:partial")) }}
{# ESI strategy #}
{{ render_esi(path("partial")) }}
{{ render_esi(controller("SomeBundle:Controller:partial")) }}
{# hinclude strategy #}
{{ render_hinclude(path("default1")) }}
```
---------------------------------------------------------------------------
by fabpot at 2013-01-03T17:58:49Z
I've just pushed a new version of the code that actually works in my browser (but I've not yet written any unit tests). I've updated the PR description accordingly.
All comments welcome!
---------------------------------------------------------------------------
by Koc at 2013-01-03T20:11:43Z
what about `render(controller="SomeBundle:Controller:partial", strategy="esi")`?
---------------------------------------------------------------------------
by stof at 2013-01-04T09:01:01Z
shouldn't we have interfaces for the UriSigner and the HttpContentRenderer ?
---------------------------------------------------------------------------
by lsmith77 at 2013-01-04T19:28:09Z
btw .. as mentioned in #6213 i think it would make sense to refactor the HttpCache to use a cache layer to allow more flexibility in where to cache the data (including clustering) and better invalidation. as such if you are refactoring HttpKernel .. it might also make sense to explore splitting off HttpCache.
---------------------------------------------------------------------------
by fabpot at 2013-01-04T19:30:07Z
@lsmith77 This is a totally different topic. This PR is just about moving things from FrameworkBundle to HttpKernel to make them more reusable outside of the full-stack framework.
---------------------------------------------------------------------------
by fabpot at 2013-01-05T09:39:52Z
I think this PR is almost ready now. I still need to update the docs and add some unit tests. Any other comments on the whole approach? The class names? The `controller` function thingy? The URI signer mechanism? The proxy protection for the internal controller? The proxy to handle internal routes?
---------------------------------------------------------------------------
by sstok at 2013-01-05T10:08:25Z
Looks good to me 👍
---------------------------------------------------------------------------
by sdboyer at 2013-01-07T18:17:08Z
@Crell asked me to weigh in, since i'm one of the Drupal folks who's likely to work most with this.
i think i've grokked about 60% of the big picture here, and i'm generally happy with what i see. the assumption that the HInclude strategy makes about working with templates probably isn't one that we'll be able to use (and so, would need to write our own), but that's not a big deal since the whole goal here is to make strategies pluggable.
so, yeah. +1.
---------------------------------------------------------------------------
by winzou at 2013-01-09T20:21:44Z
Just for my information: will this PR be merged for 2.2 version? Thanks.
---------------------------------------------------------------------------
by stof at 2013-01-09T20:41:04Z
@winzou according to the blog post announcing the beta 1 release, yes. It is explicitly listed as being one of the reason to make it a beta instead of the first RC.
---------------------------------------------------------------------------
by winzou at 2013-01-09T20:49:36Z
OK thanks, I've totally skipped this blog post.
---------------------------------------------------------------------------
by fabpot at 2013-01-10T15:26:15Z
I've just added a bunch of unit tests and fix some bugs I found while writing the tests.
This PR was merged into the master branch.
Commits
-------
586a16e [Validator] Changed DefaultTranslator::getLocale() to always return 'en'
58bfd60 [Validator] Improved the inline documentation of DefaultTranslator
cd662cc [Validator] Added ExceptionInterface, BadMethodCallException and InvalidArgumentException
e00e5ec [Validator] Fixed failing test
cc0df0a [Validator] Changed validator to support pluralized messages by default
56d61eb [Form][Validator] Added BC breaks in unstable code to the CHANGELOG
1e34e91 [Form] Added upgrade instructions to the UPGRADE file
b94a256 [DoctrineBridge] Adapted DoctrineBridge to translator integration in the validator
c96a051 [FrameworkBundle] Adapted FrameworkBundle to translator integration in the validator
92a3b27 [TwigBridge] Adapted TwigBridge to translator integration in the validator
e7eb5b0 [Form] Adapted Form component to translator integration in the validator
46f751c [Validator] Extracted message interpolation logic of ConstraintViolation and used the Translation component for that
Discussion
----------
[Validator] Integrated the Translator in the Validator component
Bug fix: no
Feature addition: no
Backwards compatibility break: yes
Symfony2 tests pass: yes
Fixes the following tickets: #5844, #6117
Todo: -
License of the code: MIT
Documentation PR: -
This PR allows to replace the default message substitution strategy in the validator (`strtr()`) by passing an implementation of `Symfony\Component\Translation\TranslatorInterface`. The motivation for this are both #5844 and the need to replace the translation strategy in Drupal's integration of the Validator.
In the stand-alone usage of the validator, both the translator and the default translation domain can now be passed to `ValidatorBuilderInterface`:
```php
$validator = Validation::createValidatorBuilder()
->setTranslator(new MyTranslator())
->setTranslationDomain('validators')
->getValidator();
```
References:
* #5844
* #6117
* #6129
* [Add a validation framework to Drupal 8](http://drupal.org/node/1845546)
* [Add the symfony validator component to core despite Symfony potentially releasing BC-breaking updates after 2.3.](http://drupal.org/node/1849564)
---------------------------------------------------------------------------
by Tobion at 2012-11-28T08:53:25Z
no BC break? Looking at ValidatorBuilderInterface there is definitely one.
---------------------------------------------------------------------------
by bschussek at 2012-11-28T08:55:01Z
ValidatorBuilderInterface is not part of the stable API. You are not supposed to implement this interface.
---------------------------------------------------------------------------
by Tobion at 2012-11-28T09:01:07Z
We're not only documenting bc breaks for stable API, otherwise we could remove 90% of the upgrade file since few methods are tagged with API.
An interface that nobody should implement?
---------------------------------------------------------------------------
by bschussek at 2012-11-28T09:30:02Z
The question is what to consider a BC break. Something will always break for someone. Should we consequently mark everything as BC break? I don't think so.
For example, since 2.1, you are supposed to use `Validation::createValidator*()` for creating a validator. Because of that, I won't consider changing the constructor signature of `Validator` a BC break anymore from 2.1 on.
The same for the unstable interfaces. These are currently meant to be used only, that is, type hint against them and call their methods. But we don't guarantee that we won't add methods to them.
---------------------------------------------------------------------------
by Tobion at 2012-11-28T09:38:19Z
I agree that almost any change could be considered a BC break. So we probably need to better define what a BC break is and what not. Otherwise Symfony will stop evolving after 2.3 because from then on Fabien wanted to prevent BC breaks which is almost impossible in a strict definition of bc break.
---------------------------------------------------------------------------
by fabpot at 2012-11-28T11:37:22Z
BC breaks should always be documented, and we guarantee BC only for things tagged with @api. I'm going to update the docs to make things clearer.
---------------------------------------------------------------------------
by bschussek at 2012-11-28T13:09:57Z
@fabpot I documented these changes now in the CHANGELOG: af99ebb1206ac92889b7193ba1ecc12bf2617e85
Are we sure we want to document *all* BC breaks from now on, even in non-@api code? This could rather scare people looking at our changelogs (lots of BC BREAKS there).
---------------------------------------------------------------------------
by fago at 2012-11-28T17:29:58Z
Unfortunately, it turns out the symfony translator interface does not mach the Drupal translation system as well as we initally thought, see http://drupal.org/node/1852106. Given that, this would integrating the validator component into Drupal even harder, because it introduces the dependency on the (unwanted) translation component. :(
---------------------------------------------------------------------------
by stof at 2012-11-28T18:19:36Z
If this does not help Drupal anyway, maybe #5844 is a better way to manage translations for people using the validator outside forms ?
and the Drupal guys would simply follow a similar approach, but based on their own translator instead of the symfony one.
---------------------------------------------------------------------------
by fago at 2012-11-28T18:50:12Z
Yeah. The only problem I see with the approach of #5844 is that *after* validation only the translated messages are available. We'd need to have access to the untranslated messages also.
---------------------------------------------------------------------------
by fago at 2012-11-29T09:49:47Z
As our translation system handles translating pluralized messages differently, the current ExecutionContextInterface::addViolation() method poses a problem also. We need to pass on - both the single and plural - message, as the message gets chosen during translation, see http://api.drupal.org/api/drupal/core!includes!common.inc/function/format_plural/8
So maybe, we could allow adding an already created ConstraintViolation object also? Then, we could implement a "PluralConstraintViolation" class that takes both message templates.
---------------------------------------------------------------------------
by bschussek at 2012-12-03T15:52:36Z
I updated this PR to support pluralized messages by default in the validator. This should solve the problem of the Drupal guys, because their implementation of `TranslatorInterface::transChoice($id, $number, ...)` can now simply split the $id by pipes (`|`) and pass the parts to their own `format_plural($count, $singular, $plural, ...)` function.
For us, it breaks BC because translation catalog sources had to be adapted.
---------------------------------------------------------------------------
by fabpot at 2012-12-03T16:25:52Z
Most of the XLF files are broken (the end is missing now).
IIUC, we now have a hard dependency on the Translation component, which is something we wanted to avoid.
---------------------------------------------------------------------------
by fabpot at 2012-12-03T16:27:56Z
Oops, clicked on the "comment" button too fast.
So, the dependency is hard (you need to install the dep) but light as we only rely on the translation interface from the component (when using the default translator). It looks acceptable to me, especially because we now use Composer to manage dependencies.
---------------------------------------------------------------------------
by bschussek at 2012-12-03T16:54:10Z
@fabpot Thanks for the hint. Going to fix this.
---------------------------------------------------------------------------
by bschussek at 2012-12-04T11:34:43Z
@fabpot Fixed.
---------------------------------------------------------------------------
by bschussek at 2012-12-07T12:40:24Z
Is there anything missing for this PR to be merged?
* 2.1:
[Console] Fix style escaping parsing
[Console] Make style formatter matching less greedy to avoid having to escape when not needed
[Bundle] [FrameworkBundle] fixed indentation in esi.xml services file.
[Component] [Security] fixed PSR-2 coding violation in ClassUtilsTest class.
[Form] Fixed EntityChoiceList when loading objects with negative integer IDs
[TwigBundle] There is no CSS visibility of display, should be visible instead
[Form] corrected source node for a Danish translation
[DependencyInjection] fixed a bug where the strict flag on references were lost (closes#6607)
[HttpFoundation] Check if required shell functions for `FileBinaryMimeTypeGuesser` are not disabled
[CssSelector] added css selector with empty string
[HttpFoundation] Docblock for Request::isXmlHttpRequest() now points to Wikipedia
[DependencyInjection] refactored code to avoid logic duplication
[Form] Deleted references in FormBuilder::getFormConfig() to improve performance
[HttpFoundation] Update docblock for non-working method
Conflicts:
src/Symfony/Bundle/TwigBundle/Resources/views/Exception/trace.html.twig
src/Symfony/Bundle/TwigBundle/Resources/views/Exception/traces.html.twig
* 2.0:
[Bundle] [FrameworkBundle] fixed indentation in esi.xml services file.
[TwigBundle] There is no CSS visibility of display, should be visible instead
[DependencyInjection] fixed a bug where the strict flag on references were lost (closes#6607)
[HttpFoundation] Check if required shell functions for `FileBinaryMimeTypeGuesser` are not disabled
[CssSelector] added css selector with empty string
[HttpFoundation] Docblock for Request::isXmlHttpRequest() now points to Wikipedia
[DependencyInjection] refactored code to avoid logic duplication
Conflicts:
src/Symfony/Bundle/FrameworkBundle/Resources/config/esi.xml
src/Symfony/Component/DependencyInjection/Dumper/PhpDumper.php
src/Symfony/Component/HttpFoundation/File/MimeType/FileBinaryMimeTypeGuesser.php
This PR was merged into the master branch.
Commits
-------
5e359d3 made the kernel optional in all data collectors
Discussion
----------
made the kernel optional in all data collectors
* 2.1:
fixed typo
[FrameworkBundle] fixed ESI calls
[FrameworkBundle] fixed ESI calls
bumped Symfony version to 2.1.6-DEV
updated VERSION for 2.1.5
updated CHANGELOG for 2.1.5
bumped Symfony version to 2.0.21-DEV
[FrameworkBundle] fixed trusted_proxies configuration for some edge cases
[FrameworkBundle] fixed XSD for the trusted-proxies setting
updated VERSION for 2.0.20
update CONTRIBUTORS for 2.0.20
updated CHANGELOG for 2.0.20
Conflicts:
src/Symfony/Bundle/FrameworkBundle/HttpKernel.php
src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/ConfigurationTest.php
src/Symfony/Component/HttpKernel/Kernel.php
* 2.0:
bumped Symfony version to 2.0.21-DEV
[FrameworkBundle] fixed trusted_proxies configuration for some edge cases
[FrameworkBundle] fixed XSD for the trusted-proxies setting
updated VERSION for 2.0.20
update CONTRIBUTORS for 2.0.20
updated CHANGELOG for 2.0.20
Conflicts:
CONTRIBUTORS.md
src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/ConfigurationTest.php
src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/Fixtures/xml/full.xml
src/Symfony/Component/HttpKernel/Kernel.php
This has been done for several reasons:
* for consistency with the way we already manage the WDT and the
profiler icons;
* it makes the Exception independent from the location of the assets
(and from the asset() function)
* this is the second step to make the WebProfiler useable outside the
full-stack framework
see dbcd171dd3
The goal is to make things more decoupled and more reusable across
different bundles.
There will be a PR for the distribution bundle too to simplify the code
based on this PR.
The ContainerAwareTraceableEventDispatcher class was tied to both the
Symfony container and the HttpKernel profiler. It made it non reusable
in another context.
The new TraceableEventDispatcher only keeps the HttpKernel profiler
integration and is able to wrap any other event dispatcher. It makes it
reusable in frameworks using the Symfony HttpKernel component like
Silex.
The only drawback is that we don't have access to the listener
priorities in the collected data anymore (but the listeners are still
ordered correctly). The change is still worth it I think.
Commits
-------
22e9036 updated CHANGELOG
bafe890 [FrameworkBundle] changed Client::enableProfiler() behavior to fail silently when the profiler is not available (it makes it easier to write functional tests)
f41872b [FrameworkBundle] added a way to enable the profiler for the very next request in functional tests (closes#4307)
67b91e5 [HttpKernel] added a way to enable a disable Profiler
Discussion
----------
[2.2] added a way to enable the profiler for the very next request in a functional test
Bug fix: yes/no
Feature addition: yes
Backwards compatibility break: no
Symfony2 tests pass: yes
Fixes the following tickets: #4307
Todo: -
License of the code: MIT
Documentation PR: should be done before merging
After merging this PR, we need to disable the profiler in the test environment in Symfony SE.
Commits
-------
cd7835d [Form] Cached the form type hierarchy in order to improve performance
2ca753b [Form] Fixed choice list hashing in DoctrineType
2bf4d6c [Form] Fixed FormFactory not to set "data" option if not explicitely given
7149d26 [Form] Removed invalid PHPDoc text
Discussion
----------
[Form] WIP Improved performance of form building
Bug fix: no
Feature addition: no
Backwards compatibility break: no
Symfony2 tests pass: yes
Fixes the following tickets: -
Todo: **Update the Silex extension**
This PR is work in progress and up for discussion. It increases the performance of FormFactory::createForm() on a specific, heavy-weight form from **0.848** to **0.580** seconds.
Before, the FormFactory had to traverse the hierarchy and calculate the default options of each FormType everytime a form was created of that type.
Now, FormTypes are wrapped within instances of a new class `ResolvedFormType`, which caches the parent type, the type's extensions and its default options.
The updated responsibilities: `FormFactory` is a registry and proxy for `ResolvedFormType` objects, `FormType` specifies how a form can be built on a specific layer of the type hierarchy (e.g. "form", or "date", etc.) and `ResolvedFormType` *does the actual building* across all layers of the hierarchy (by delegating to the parent type, which delegates to its parent type etc.).
---------------------------------------------------------------------------
by schmittjoh at 2012-07-12T18:25:40Z
Maybe ResolvedFormType
---------------------------------------------------------------------------
by jmather at 2012-07-13T02:56:38Z
I really like ResolvedFormType. That's the naming method I took for my tag parser that handes the same conceptual issue.
---------------------------------------------------------------------------
by axelarge at 2012-07-13T05:25:00Z
ResolvedFormType sounds very clear.
This change is great and I desperately hope to see more of this kind
---------------------------------------------------------------------------
by Baachi at 2012-07-13T06:41:26Z
Yes `ResolvedFormType` sounds good :) 👍
---------------------------------------------------------------------------
by fabpot at 2012-07-13T07:11:33Z
I like `ResolvedFormType` as well.
---------------------------------------------------------------------------
by henrikbjorn at 2012-07-13T07:46:48Z
👍 `ResolvedFormType` :shipit:
---------------------------------------------------------------------------
by stof at 2012-07-13T18:01:51Z
This looks good to me
The charset was configurable in a configuration file but it never worked:
framework:
charset: ISO-8859-1
Now, like for the cache and log dirs, you can configure the charset by
overriding the getCharset() method in the app kernel:
public function getCharset()
{
return 'ISO-8859-1';
}
Commits
-------
7464dcd added phpdoc
c413e7b [Routing] remove RequestContextAwareInterface from RequestMatcherInterface
921be34 [Routing] fix phpdoc
Discussion
----------
[Routing] RequestMatcherInterface doesn't need context
Matchers that implement RequestMatcherInterface should match a Request, thus they don't need the request context.
---------------------------------------------------------------------------
by travisbot at 2012-06-14T21:39:48Z
This pull request [fails](http://travis-ci.org/symfony/symfony/builds/1624496) (merged f5ff1fe0 into 7c91ee57).
---------------------------------------------------------------------------
by schmittjoh at 2012-06-15T13:32:59Z
I think it makes sense to remove the RequestContext from the RequestMatcher.
---------------------------------------------------------------------------
by travisbot at 2012-06-15T15:54:28Z
This pull request [passes](http://travis-ci.org/symfony/symfony/builds/1628931) (merged 7464dcd2 into f881d282).
---------------------------------------------------------------------------
by Tobion at 2012-06-26T12:32:06Z
Anything missing?
Commits
-------
c1e4166 moved create of default form label to view layer
Discussion
----------
move create of default form label to view layer
A small optimization if you provide custom labels in the view layer (i.e. `{{ form_label(form.name, 'Your name') }}`
```
Bug fix: no
Feature addition: no
Backwards compatibility break: yes
Symfony2 tests pass: yes
Fixes the following tickets: ~
Todo: ~
License of the code: MIT
Documentation PR: ~
```
---------------------------------------------------------------------------
by travisbot at 2012-06-24T14:45:17Z
This pull request [fails](http://travis-ci.org/symfony/symfony/builds/1694310) (merged 37f0b774 into 0d4b02e4).
---------------------------------------------------------------------------
by travisbot at 2012-06-24T15:03:44Z
This pull request [passes](http://travis-ci.org/symfony/symfony/builds/1694418) (merged c1e4166e into 0d4b02e4).
$_SERVER['REQUEST_URI'] will contain the query params so is_file will fail.
Change it to use $_SERVER['SCRIPT_NAME'] instead which only contains the
relative filename of the the script.
Commits
-------
64101ab separate numeric value from suffix in File constraint's error message `$uploadIniSizeErrorMessage`
ff122d3 fixed tests
868d649 separate numeric values from suffixes in File constraint's error message `$maxSizeMessage`
Discussion
----------
[Validator] separate numeric values from suffixes in File validation error messages
This change allows me to locale-aware format the numbers in a form theme, i.e., to use a comma instead of a dot. If there's a better way without re-implementing the entire validator, let me know.
Such changes also allow for using a different separator than the usual space in translations.
---------------------------------------------------------------------------
by travisbot at 2012-05-08T19:14:16Z
This pull request [fails](http://travis-ci.org/symfony/symfony/builds/1278845) (merged f7c50098 into e54f4e46).
---------------------------------------------------------------------------
by travisbot at 2012-05-08T19:23:31Z
This pull request [passes](http://travis-ci.org/symfony/symfony/builds/1278940) (merged ce1cdafc into e54f4e46).
---------------------------------------------------------------------------
by r1pp3rj4ck at 2012-05-10T11:05:18Z
I don't know if there is a better way to do this, but I like the idea anyway.
---------------------------------------------------------------------------
by craue at 2012-05-11T14:18:52Z
Separated numeric values and suffixes for `$maxSizeMessage` and `$uploadIniSizeErrorMessage` now. Can't find any other relevant places (in other validators). Might be merged if accepted.
---------------------------------------------------------------------------
by travisbot at 2012-05-11T14:19:10Z
This pull request [passes](http://travis-ci.org/symfony/symfony/builds/1305246) (merged 438da7dd into e54f4e46).
---------------------------------------------------------------------------
by travisbot at 2012-05-11T21:22:25Z
This pull request [passes](http://travis-ci.org/symfony/symfony/builds/1309277) (merged 64101aba into dd0da03c).
---------------------------------------------------------------------------
by sstok at 2012-05-13T13:29:07Z
Using the NumberFormatter class would be an option, but that would also add a dependency when using Validation as stand-alone so using the {{ suffix }} is a good idea.
---------------------------------------------------------------------------
by craue at 2012-05-13T14:15:54Z
Using a NumberFormatter (if available) directly in the validator might indeed be a good option. In either case, having the numeric value separated from its suffix looks cleaner.
---------------------------------------------------------------------------
by craue at 2012-05-19T13:36:00Z
@fabpot: Would you merge this?
[Validator] Rename constraint Size to Range
[Validator] Rename constraint CollectionSize to Size
[Validator] Merge the SizeLength into the Size constraint
[Validator] Update messages in Size constraint for consistancy
[Validator] Add english and french translation for Size messages
[Validator] Tweak expected types for exceptions in SizeValidator
[Validator] Fix CS in SizeValidator
[Validator] Update the ValidatorTypeGuesser
[Validator] Tweak SizeValidator
[Validator] Update CHANGELOG
[Validator] Complete previous CHANGELOG updates
[Form] Update validator type guesser
[Validator] Pluralize collection size english messages
[Validator] Pluralize Size french messages
