* 2.5:
Remove aligned '=>' and '='
Break infinite loop while resolving aliases
[Security][listener] change priority of switchuser
Improved the phpdoc for security token classes
bumped Symfony version to 2.5.7
updated VERSION for 2.5.6
updated CHANGELOG for 2.5.6
bumped Symfony version to 2.3.22
updated VERSION for 2.3.21
update CONTRIBUTORS for 2.3.21
updated CHANGELOG for 2.3.21
Conflicts:
src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/ConfigurationTest.php
src/Symfony/Bundle/SecurityBundle/DependencyInjection/Security/Factory/AbstractFactory.php
src/Symfony/Bundle/TwigBundle/Controller/ExceptionController.php
src/Symfony/Component/Debug/ErrorHandler.php
src/Symfony/Component/Debug/ExceptionHandler.php
src/Symfony/Component/Form/Extension/Core/Type/BaseType.php
src/Symfony/Component/Form/Extension/Core/Type/ChoiceType.php
src/Symfony/Component/Form/Extension/Core/Type/DateTimeType.php
src/Symfony/Component/Form/Extension/Core/Type/DateType.php
src/Symfony/Component/Form/Extension/Core/Type/TimeType.php
src/Symfony/Component/Form/Extension/Validator/Type/FormTypeValidatorExtension.php
src/Symfony/Component/HttpFoundation/Request.php
src/Symfony/Component/HttpFoundation/Session/Storage/Handler/MongoDbSessionHandler.php
src/Symfony/Component/HttpFoundation/Session/Storage/Handler/PdoSessionHandler.php
src/Symfony/Component/HttpKernel/Kernel.php
src/Symfony/Component/Security/Core/SecurityContextInterface.php
src/Symfony/Component/Security/Http/Authentication/DefaultAuthenticationFailureHandler.php
src/Symfony/Component/Security/Http/Authentication/DefaultAuthenticationSuccessHandler.php
src/Symfony/Component/Security/Http/Firewall/AnonymousAuthenticationListener.php
src/Symfony/Component/Serializer/Serializer.php
src/Symfony/Component/Validator/Constraints/File.php
This PR was merged into the 2.6-dev branch.
Discussion
----------
[Form] Choice children can be template customized like collection
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | yes
| BC breaks? | yes?
| Deprecations? | no
| Tests pass? | No ?
| Fixed tickets |
| License | MIT
| Doc PR | None
I wanted to customize the template of a children of a choice field. I learned it was not currently possible, though it is with the collection type. So this should let people be able to customize the template for all the choice children at once.
Ie:
```jinja
{% block _user_colors_entry_widget %}
```
Still have to fix the tests
Commits
-------
4e6b27f [Form] Choice children can be template customized like collection
This PR was merged into the master branch.
Discussion
----------
[Security] Added Security\Csrf sub-component with better token generation
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | TODO
**Update September 27, 2013**
This PR simplifies the CSRF mechanism to generate completely random tokens. A random token is generated once per ~~intention~~ token ID and then stored in the session. Tokens are valid until the session expires.
Since the CSRF token generator depends on `StringUtils` and `SecureRandom` from Security\Core, and since Security\Http currently depends on the Form component for token generation, I decided to add a new Security\Csrf sub-component that contains the improved CSRF token generator. Consequences:
* Security\Http now depends on Security\Csrf instead of Form
* Form now optionally depends on Security\Csrf
* The configuration for the "security.secure_random" service and the "security.csrf.*" services was moved to FrameworkBundle to guarantee BC
In the new Security\Csrf sub-component, I tried to improve the naming where I could do so without breaking BC:
* CSRF "providers" are now called "token generators"
* CSRF "intentions" are now called "token IDs", because that's really what they are
##### TODO
- [ ] The documentation needs to be checked for references to the configuration of the application secret. Remarks that the secret is used for CSRF protection need to be removed.
- [ ] Add aliases "csrf_token_generator" and "csrf_token_id" for "csrf_provider" and "intention" in the SecurityBundle configuration
- [x] Make sure `SecureRandom` never blocks for `CsrfTokenGenerator`
Commits
-------
7f02304 [Security] Added missing PHPDoc tag
2e04e32 Updated Composer dependencies to require the Security\Csrf component where necessary
bf85e83 [FrameworkBundle][SecurityBundle] Added service configuration for the new Security CSRF sub-component
2048cf6 [Form] Deprecated the CSRF implementation and added an optional dependency to the Security CSRF sub-component instead
85d4959 [Security] Changed Security HTTP sub-component to depend on CSRF sub-component instead of Form
1bf1640 [Security] Added CSRF sub-component
CSRF fields are now only added when the view is built. For this reason we already know if
the form is the root form and avoid to create unnecessary CSRF fields for nested fields.