Commits
-------
eb2eba1 [Form] don't allow users to force exceptions by submitting unexpected data
Discussion
----------
[Form] don't allow users to force exceptions by submitting unexpected data
fix#5334
This makes it more fault-tolerant by simply ignoring wrong stuff from hackers.
@bschussek: I didn't find any other UnexpectedTypeExceptions that could be invoked by simply submitting unexpected data. But I'm not 100% sure that there aren't any indirectly invokeable, e.g. in some listeners.
---------------------------------------------------------------------------
by stof at 2012-08-24T22:34:52Z
a test is missing for this.
---------------------------------------------------------------------------
by Tobion at 2012-08-24T23:02:26Z
@stof true, I will add one
---------------------------------------------------------------------------
by Tobion at 2012-08-25T13:51:23Z
Added test.
---------------------------------------------------------------------------
by bschussek at 2012-08-29T11:07:37Z
👍
Could you please squash the commits?
---------------------------------------------------------------------------
by Tobion at 2012-08-29T13:43:52Z
Done.
Commits
-------
7e8ab54 [Form] raise OutOfBoundsException instead of InvalidArgumentException for inexistent form childs to be in line with PropertyPath
Discussion
----------
[Form] raise OutOfBoundsException instead of InvalidArgumentException in Form::get
BC break: yes
Raise OutOfBoundsException instead of InvalidArgumentException in Form::get for inexistent form childs to be in line with PropertyPath, which also uses OutOfBoundsException for invalid indexes. OutOfBoundsException fits much better as it extends RuntimeException instead of LogicException and this error can typically not be detected at compile time.
---------------------------------------------------------------------------
by bschussek at 2012-08-29T11:01:01Z
👍
---------------------------------------------------------------------------
by stloyd at 2012-08-29T11:07:51Z
Shouldn't this change be noted in upgrade file ?
---------------------------------------------------------------------------
by stof at 2012-08-29T11:23:04Z
it should (and in the changelog of the component)
Commits
-------
e7e39e0 [Form] refactor Guess
dcbeeb1 [Form] replaced UnexpectedValueException by InvalidArgumentException in Guess
Discussion
----------
[Form] replaced UnexpectedValueException by InvalidArgumentException in Guess
BC break: yes
this is a better fit because the error is a logic exception (that can be detected at compile time, i.e. when writing the code) instead of a runtime exception
---------------------------------------------------------------------------
by bschussek at 2012-08-29T10:51:54Z
👍
Commits
-------
0186731 [Form] removed hasParent from FormInterface and deprecated its use
Discussion
----------
[Form] removed hasParent from FormInterface and deprecated its use
There are already 2 alternatives with getParent() and isRoot(), so a third one with similar semantics is confusing and unneeded.
---------------------------------------------------------------------------
by bschussek at 2012-08-29T11:11:11Z
👍
Commits
-------
492c990 [Form] optimized PropertyPathMapper to invoke the expensive property path less often
47a8bbd [Form] optimized the binding of child forms and calculation of extra data
8d45539 [Form] refactor Form::bind to save 7 assignments
Discussion
----------
[Form] refactor Form::bind to save 7 assignments and a complete loop
---------------------------------------------------------------------------
by stof at 2012-08-24T23:45:18Z
the new code is not equivalent. See travis for the proof.
---------------------------------------------------------------------------
by Tobion at 2012-08-25T01:50:41Z
@stof fixed, I had to reduce the refactoring a little
---------------------------------------------------------------------------
by bschussek at 2012-08-29T11:05:52Z
👍
Commits
-------
d5eb4f7 [Form] fix phpdoc of Form::hasErrors
5cb8264 [Form] deprecated Form::hasErrors that isn't part of the Interface
Discussion
----------
[Form] deprecated Form::hasErrors that isn't part of the Interface
This method is not part of FormInterface, so I deprecated it as it cannot be used reliably. This is consistent with other hassers that were deprecated like `hasChildren` where one should use `count` instead.
---------------------------------------------------------------------------
by stof at 2012-08-26T19:11:19Z
You should deprecate it, not remove it
---------------------------------------------------------------------------
by Tobion at 2012-08-26T19:17:35Z
oh right. I thought it was added in 2.1 and thus can be removed but it's also in 2.0.
Done.
---------------------------------------------------------------------------
by bschussek at 2012-08-29T11:00:32Z
👍
Commits
-------
0f575a2 added note about 404 error pages
Discussion
----------
added note about 404 error pages and security features
This has been reported a few times now, and it seems we did not have it in the UPGRADE file yet.
Commits
-------
3f8127c fixed '0' problem
7bec460 fixed phpdoc
4c5bfab [FrameworkBundle] non-permanent redirect should be status code 404 according to spec
Discussion
----------
[FrameworkBundle] non-permanent redirect to unknown location with 404
according to spec: http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html see 410 Gone
bc break: tiny when omitting 2 parameter (I can avoid this with `func_num_args` but i think its not necessary and makes the code strange and inconsistent)
Commits
-------
f52e6df minor correction
Discussion
----------
[Form][Validators] Portuguese translation correction
Minor portuguese translation correction and changed the source of id 30 to match the english version.
Commits
-------
8bac442 [Validator] Fix Spanish and Catalan translation messages for the CSRF token validator
Discussion
----------
[Validator] Fix Spanish and Catalan translation messages for the CSRF to...
...ken validator
* 2.0:
updated VERSION for 2.0.17
updated CHANGELOG for 2.0.17
updated vendors for 2.0.17
fixed XML decoding attack vector through external entities
prevents injection of malicious doc types
disabled network access when loading XML documents
refined previous commit
prevents injection of malicious doc types
standardized the way we handle XML errors
Redirects are now absolute
Conflicts:
CHANGELOG-2.0.md
src/Symfony/Component/DependencyInjection/Loader/XmlFileLoader.php
src/Symfony/Component/DomCrawler/Crawler.php
src/Symfony/Component/HttpKernel/Kernel.php
tests/Symfony/Tests/Component/DependencyInjection/Loader/XmlFileLoaderTest.php
tests/Symfony/Tests/Component/Routing/Loader/XmlFileLoaderTest.php
tests/Symfony/Tests/Component/Serializer/Encoder/XmlEncoderTest.php
tests/Symfony/Tests/Component/Translation/Loader/XliffFileLoaderTest.php
tests/Symfony/Tests/Component/Validator/Mapping/Loader/XmlFileLoaderTest.php
vendors.php
Commits
-------
f1970fa dump test
Discussion
----------
Symfony\Component\ClassLoader\ClassMapGenerator dump test
Hi,
100 percent test coverage for ClassMapGenerator :)
Best regards,
Michal
---------------------------------------------------------------------------
by eventhorizonpl at 2012-08-24T07:47:24Z
Fixed, thanks for the review!
Commits
-------
83dc966 [Form] Fixed some PHPDoc
596bbb1 [Form] fixed FormConfigBuilder to use PropertyPathInterface
a523823 [Form] fixed and added phpDoc
Discussion
----------
[Form] fixed and added phpDoc
[ci skip]
---------------------------------------------------------------------------
by sstok at 2012-08-26T08:11:01Z
Some descriptions don''t seem to be properly aligned, use the CS-fixer.
---------------------------------------------------------------------------
by Tobion at 2012-08-26T17:02:25Z
@sstok This is more about manual fixes concerning forgotten exceptions or wrong data type. The cs fixer gives many false positives and can be applied later.
Commits
-------
7b63428 [Process] Add workaround for PHP's internal sigchild failing to return proper exit codes
Discussion
----------
[Process] Add workaround for PHP's internal sigchild failing to return proper exit codes
PHP compiled with --enable-sigchild basically fails to return exit codes, and randomly returns -1 instead most of the time (see https://bugs.php.net/bug.php?id=29123).
This works around it by having the exit code going through another pipe. It's enabled by default for linux because the new pipe trick won't work on windows I think, but that's unlikely to be an issue because most people don't compile their own php there.
I could have it enabled only when sigchild is enabled using the code below, but obviously that adds some overhead, so I'm not sure what's worst.
```php
ob_start();
phpinfo(INFO_GENERAL);
$sigchild = false !== strpos(ob_get_clean(), '--enable-sigchild');
```
That said, this renders composer unusable (because we do check exit codes) for people having sigchild enabled, and it's not so easy to workaround outside of the Process class itself, so I hope this is an acceptable fix.
---------------------------------------------------------------------------
by schmittjoh at 2012-08-26T13:41:18Z
How about prepending commands with ``exec`` to avoid spawning child processes altogether?
see #5030
---------------------------------------------------------------------------
by Seldaek at 2012-08-26T13:51:40Z
@schmittjoh I'm not sure how that's related to this issue? The problem here is that $exitcode is -1 when it should be 0, I don't see how the additional level of exec would help but maybe I'm missing your point.
---------------------------------------------------------------------------
by schmittjoh at 2012-08-26T13:59:15Z
I haven't looked in detail at this, but exec removes the child wrapper that PHP adds normally.
---------------------------------------------------------------------------
by fabpot at 2012-08-26T16:10:24Z
What about doing the fix in 2.0?
---------------------------------------------------------------------------
by stof at 2012-08-26T16:13:04Z
Can it be applied to 2.0 without too much work ? The Process component has been refactored for 2.1
---------------------------------------------------------------------------
by Seldaek at 2012-08-26T16:16:06Z
Just tried to rebase and it's not so trivial.. I can try to rebuild the
patch from scratch for 2.0 if it's important.
---------------------------------------------------------------------------
by fabpot at 2012-08-26T16:24:38Z
ok, let's only do the fix for master for now.
---------------------------------------------------------------------------
by Seldaek at 2012-08-26T20:49:39Z
@fabpot ok so the question remains whether there should be a ctor check for the configure flag to enable this or if we just always do it and hope it doesn't cause issues.
Fabien Potencier
Tobias Schultze
Daniel Gomes
Daniel Perez Pinazo
Albert Casademont
Johannes M. Schmitt
Thorsten Hallwas
Pascal Borreli
Michal Piotrowski