This PR was merged into the 2.0 branch.
Commits
-------
f2cbea3 [Security] remove escape charters from username provided by Digest DigestAuthenticationListener
80f6992 [Security] added test extra for digest authentication
d66b03c fixed CS
694697d [Security] Fixed digest authentication
c067586 [Security] Fixed digest authentication
Discussion
----------
Fix digest authentication
Bug fix: yes
Feature addition: no
Backwards compatibility break: no
Symfony2 tests pass: yes
Fixes the following tickets:
Todo: -
License of the code: MIT
Documentation PR: -
Replaces: #5485
This adds the missing fixes.
My only concerns is the ```\"``` removing.
```\"``` is only needed for the HTTP transport, but keeping them would require to also store the username with the escapes as well.
---------------------------------------------------------------------------
by fabpot at 2012-10-30T11:25:28Z
The digest authentication mechanism is not that widespread due to its limitation. And the transport is not HTTP, I think we are talking about very few cases.
---------------------------------------------------------------------------
by sstok at 2012-10-30T12:49:14Z
Apache seems to remove (ignore) escape characters.
```c
if (auth_line[0] == '=') {
auth_line++;
while (apr_isspace(auth_line[0])) {
auth_line++;
}
vv = 0;
if (auth_line[0] == '\"') { /* quoted string */
auth_line++;
while (auth_line[0] != '\"' && auth_line[0] != '\0') {
if (auth_line[0] == '\\' && auth_line[1] != '\0') {
auth_line++; /* escaped char */
}
value[vv++] = *auth_line++;
}
if (auth_line[0] != '\0') {
auth_line++;
}
}
else { /* token */
while (auth_line[0] != ',' && auth_line[0] != '\0'
&& !apr_isspace(auth_line[0])) {
value[vv++] = *auth_line++;
}
}
value[vv] = '\0';
}
```
But would this change be a BC break for people already using quotes but without a comma and thus they never hit this bug?
The change it self is minimum, just calling ```str_replace('\\\\', '\\', str_replace('\\"', '"', $value))``` when getting the username.
---------------------------------------------------------------------------
by fabpot at 2012-11-13T13:00:12Z
@sstok Doing the same as Apache seems the best option here (just document the BC break).
---------------------------------------------------------------------------
by sstok at 2012-11-15T16:05:00Z
Hopefully I did this correct, but the needed escapes seem correctly removed.
`\"` is changed to `"` `\\` is changed to `\`
`\'` it kept as it is, as this needs no correcting.
@Vincent-Simonin Can you verify please.
---------------------------------------------------------------------------
by Vincent-Simonin at 2012-11-19T09:28:18Z
Authentication didn't work with this configuration :
```
providers:
in_memory:
name: in_memory
users:
te"st: { password: test, roles: [ 'ROLE_USER' ] }
```
`te"st` was set in authentication form's user field.
(Must we also escape `"` in configuration file ?)
Tests were performed with nginx.
---------------------------------------------------------------------------
by sstok at 2012-11-19T09:33:34Z
Yes. YAML escapes using an duplicate quote, like SQL.
```yaml
providers:
in_memory:
name: in_memory
users:
"te""st": { password: test, roles: [ 'ROLE_USER' ] }
```
This PR was squashed before being merged into the master branch (closes#5888).
Commits
-------
2379d86 CS Fixes - Replaced "array of type" by "Type[]" in PHPDoc block
Discussion
----------
CS Fixes - Replaced "array of type" by "Type[]" in PHPDoc block
Bug fix: no
Feature addition: no
Backwards compatibility break: no
Symfony2 tests pass: no (but tests doesn't pass on master too). See Travis.
License of the code: MIT
Documentation PR: Not Applicable
Status: Finished
To improve support of the eclipse PDT pluggin (for autocompletion), I propose to change the array notation in PHPDoc blocks to match the phpDocumentor notation for "array of type".
Modifications are made for the following components:
- BrowserKit
- ClassLoader
- Config
- Console
- CssSelector
- DependencyInjection
- DomCrawler
- EventDispatcher (no changes)
- Filesystem (no changes)
- Finder
- Form
- HttpFoundation
- HttpKernel
- Locale
- OptionResolver (no changes)
- Process (no changes)
- Routing (no changes)
- Serializer (no changes)
- Templating
- Translation
- Validator
- Yaml (no changes)
- Security
- Stopwatch (no changes)
See Proposal https://github.com/symfony/symfony/pull/5852
---------------------------------------------------------------------------
by pborreli at 2012-11-01T15:19:27Z
will you make a PR for each component ? why not only one PR with one commit for each component instead ?
---------------------------------------------------------------------------
by raziel057 at 2012-11-01T15:32:39Z
Ok, I'm going try to do it.
---------------------------------------------------------------------------
by raziel057 at 2012-11-01T16:12:56Z
I would like to rename my branch from COMPONENT_Form to changes-phpdoc (as all modifications would be commited in only one branch), so I tried to execute the following command but I have an error.
git remote rename COMPONENT_Form changes-phpdoc
error: Could not rename config section 'remote.COMPONENT_Form' to 'remote.changes-phpdoc'
Do you know how to do it?
---------------------------------------------------------------------------
by pborreli at 2012-11-01T16:14:26Z
don't rename it, you will have to close and make another PR which is useless here, just edit the title.
---------------------------------------------------------------------------
by stof at 2012-11-01T16:16:17Z
and ``git remote rename`` is about renaming a remote repo, not a branch
---------------------------------------------------------------------------
by raziel057 at 2012-11-03T11:36:02Z
Is it normal that all my commit are duplicated? I would like just update my master and merge with my branch.
---------------------------------------------------------------------------
by fabpot at 2012-11-06T10:22:55Z
@raziel057 Can you rebase on master? That should fix your problem.
---------------------------------------------------------------------------
by fabpot at 2012-11-09T13:28:53Z
@raziel057 Can you finish this PR?
---------------------------------------------------------------------------
by Tobion at 2012-11-09T13:34:45Z
I'll do it for the routing component this evening because I know it by heart. ^^
---------------------------------------------------------------------------
by raziel057 at 2012-11-09T15:06:26Z
@Tobion ok Thanks!
@fabpot Yes, I will try to finish it this week end.
---------------------------------------------------------------------------
by raziel057 at 2012-11-11T13:04:07Z
@Tobion Did you already change PHPDoc in the Routing component?
---------------------------------------------------------------------------
by Tobion at 2012-11-11T15:21:18Z
@raziel057 Yes I'm working on it.
---------------------------------------------------------------------------
by Tobion at 2012-11-12T15:16:31Z
@raziel057 Done. See #5994
This PR was merged into the 2.0 branch.
Commits
-------
32dc31e [SecurityBundle] Convert Http method to uppercase in the config
Discussion
----------
[SecurityBundle] Convert Http method to uppercase in the config
This is not striclty required as method names would be converted to uppercase by the matcher after #5988.
However I think it is better to always use uppercase for http method names.
The config UT has also been improved as part of this PR.
This is good to propagate to 2.1 & 2.2 also.
This PR was submitted for the master branch but it was merged into the 2.0 branch instead (closes#6015).
Commits
-------
f61c019 Update src/Symfony/Component/DomCrawler/Tests/FormTest.php
9b3aaf2 Update src/Symfony/Component/DomCrawler/Form.php
Discussion
----------
FIX: Malformed field path ""
In case we have the name attribute empty.
---------------------------------------------------------------------------
by fabpot at 2012-11-15T06:12:35Z
Can you add a unit test for that case?
---------------------------------------------------------------------------
by bierdok at 2012-11-15T09:21:01Z
Voila.
This PR was merged into the master branch.
Commits
-------
824a0f3 [Routing] compatibility with older PCRE (pre 8)
Discussion
----------
[Routing] compatibility with older PCRE (pre 8)
#6062 for master
This PR was merged into the 2.1 branch.
Commits
-------
1daefa5 [Routing] made it compatible with older PCRE version (pre 8)
Discussion
----------
[Routing] compatibility with older PCRE version (pre 8)
fixes#4093
Ok I changed my mind about this issue.
1. I figured more people are affected than I thought and CentOS is stubborn.
2. Symfony still uses the old regex style `?P<param>` in several other components. So also doing so in the routing makes it more consistent.
3. Even if it's definitely not good to use an over 6 year old PCRE version with a recent PHP version, we can still try to provide the best experience. It doesn't mean we support outdated software stacks of custom PHP compilations as we won't and cannot specifically test against it.
@fabpot: I will do a seperate PR on master when you merged this because the code changed alot in master so it cannot easily be merged I guess. I will also convert the symfony requirement for PCRE in the requirements check to a recommendation.
This PR was merged into the master branch.
Commits
-------
acbb393 Renamed variable for consistency
Discussion
----------
[SecurityBundle] Renamed variable for consistency
Bug fix: no
Feature addition: no
Backwards compatibility break: no
Symfony2 tests pass: yes
Fixes the following tickets: -
Todo: -
License of the code: MIT
Documentation PR: -
This PR was merged into the 2.1 branch.
Commits
-------
ea2bb09 tiny refactoring for consistency
Discussion
----------
tiny refactoring for consistency
no need to use the iterator within the class. not done anywhere else.
This PR was merged into the master branch.
Commits
-------
966e7d6 [DI] removed unneeded is_object() calls
Discussion
----------
[DI] removed unneeded is_object() calls
I searched through all of symfony for occurences of the coding style `(is_object($value) && $value instanceof Object)` with a regex like `is_object\(\$[a-zA-z0-9]+\) && \$[a-zA-z0-9]+ instanceof `.
The `is_object` calls are not needed in this case. Only the DI component made such duplicate checks.
This PR was merged into the master branch.
Commits
-------
acf8a70 [Routing] fix Route recompilation when hostname changed
Discussion
----------
[Routing] fix Route recompilation when hostname changed
This PR was squashed before being merged into the master branch (closes#6030).
Commits
-------
749dac1 Improve docBlock
Discussion
----------
Improve docBlock
This is just a minor change documenting the return type of `SerializerInterface::deserialize()`.
This PR was merged into the master branch.
Commits
-------
644de74 Fix docblock in Doctrine Bridge
Discussion
----------
Fix docblocks in Doctrine Bridge
This PR was merged into the master branch.
Commits
-------
a146156 Merge pull request #2 from Tobion/patch-2
38802ea remove logic that could not be triggered anyway
f7ea68f [Routing] Fixed undefined variable + typo
Discussion
----------
[Routing] Fixed typo + removed dead code
---------------------------------------------------------------------------
by Tobion at 2012-11-17T16:00:04Z
@pborreli: pborreli/symfony#2
---------------------------------------------------------------------------
by pborreli at 2012-11-17T16:02:08Z
@Tobion totally agree, tried to setup a phpunit test which could trigger this exception but couldn't ..
This PR was merged into the master branch.
Commits
-------
83b37ff [DependencyInjection] Return self for add...
Discussion
----------
[DependencyInjection] Return self for add...
Bug fix: no
Forget fix: yes
Feature addition: no
Symfony2 tests pass: yes
License of the code: MIT
Return self instance when call an ADD something method.
---------------------------------------------------------------------------
by pborreli at 2012-11-16T13:24:45Z
Please fix PHPDoc accordingly
---------------------------------------------------------------------------
by ruian at 2012-11-16T13:38:41Z
@pborreli done.
This PR was merged into the master branch.
Commits
-------
97f6a1b [Form] Update password type trimming to false
Discussion
----------
[Form] Update password trimming to false by default
Bug fix: yes
Feature addition: no
Backwards compatibility break: yes
Symfony2 tests pass: yes
Fixes the following tickets: ~
Todo: -
License of the code: MIT
Documentation PR: ~
Hey!
Today, I realize that the password type is by default trimmed. IMHO, this is not the expected behavior. By default, the password type should not trim the input value.
Regards
---------------------------------------------------------------------------
by nomack84 at 2012-11-13T19:16:29Z
👍
---------------------------------------------------------------------------
by mvrhov at 2012-11-13T19:57:29Z
IMHO password and username fields should be trimmed. whitespace at the beginning and at the end of those fields are not wanted. At least I don't want to deal with a user support where WS on those fields is not trimmed.
---------------------------------------------------------------------------
by egeloen at 2012-11-13T20:08:08Z
@mvrhov I agree with you about username fields and other "text" fields but in case of a password field, if the end user specifies white space at the begin/end of his password, it should not be trimmed. It should simply let it as it is. I open this PR due to two customers who reports me this behavior.
---------------------------------------------------------------------------
by clemherreman at 2012-11-14T10:06:15Z
@mvrhov I agree, username shouldn't be trimmed, however password are kind of special. They should be used *"as is"*, as lots of users have wicked passwords.
Moreover, usually the password is asked twice, so if there are spaces, they are most likely wanted by the end user.
So 👍
---------------------------------------------------------------------------
by clemherreman at 2012-11-14T10:07:27Z
Also Travis status on this PR is **failed** because of an error when downloading the deps.
---------------------------------------------------------------------------
by geoffrey-brier at 2012-11-14T10:34:56Z
👍
---------------------------------------------------------------------------
by bschussek at 2012-11-14T15:01:43Z
Could you please add a test case to PasswordTypeTest?
Please also reference this PR in the test
(= add the comment `// https://github.com/symfony/symfony/pull/6007` before the test)
---------------------------------------------------------------------------
by egeloen at 2012-11-14T15:10:36Z
@bschussek I have updated the PR.
---------------------------------------------------------------------------
by bschussek at 2012-11-14T15:24:34Z
Thanks! Could you please squash the commits?
---------------------------------------------------------------------------
by egeloen at 2012-11-14T15:30:11Z
@bschussek Done.
---------------------------------------------------------------------------
by stloyd at 2012-11-14T15:39:47Z
Should this be noted in `UPGRADE` file ? (as this is change of actually BC break =))
---------------------------------------------------------------------------
by egeloen at 2012-11-15T22:59:45Z
@stloyd Where can I put it? In the [UPGRADE-2.2](https://github.com/symfony/symfony/blob/master/UPGRADE-2.2.md) file?
---------------------------------------------------------------------------
by stloyd at 2012-11-15T23:02:51Z
@egeloen IMO yes, according this will go to `master` (which is actual _dev_ branch for `2.2`)
---------------------------------------------------------------------------
by egeloen at 2012-11-16T13:54:04Z
@fabpot I have removed the comment & added an entry in the `UPGRADE-2.2` file.
Bug fix: no
Feature addition: no
Backwards compatibility break: yes
Symfony2 tests pass: yes
License of the code: MIT
Return self instance when call an ADD something method.
This PR was squashed before being merged into the master branch (closes#6018).
Commits
-------
6334343 [Routing] removed getHostnamePattern from RouteCollection
Discussion
----------
[Routing] removed getHostnamePattern from RouteCollection
this method is not useful and can introduce inconsistencies when a sub-route has a different hostname, which already has a getter for the hostname
This PR was submitted for the master branch but it was merged into the 2.1 branch instead (closes#6016).
Commits
-------
9b0cad4 Added HttpCache\Store::generateContentDigest() + changed visibility
Discussion
----------
Added HttpCache\Store::generateContentDigest() + changed $root visibility
Bug fix: no
Feature addition: yes
Backwards compatibility break: no
Symfony2 tests pass: yes
Fixes the following tickets: -
Todo: -
License of the code: MIT
Documentation PR: -
## Description
This PR adds 2 small changes in base `HttpCache\Store`:
1. Adds `generateContentDigest()` protected method, allowing to easily override the default behavior for special cases.
2. Change `$root` visibility to *protected* to let descendant access it.
This allows special implementations of HttpCache when storing specific cache files in a different place is needed.
## Example
An example of implementation can be found [in eZ Publish 5 source code](https://github.com/ezsystems/ezp-next/blob/master/eZ/Publish/Core/MVC/Symfony/Cache/Http/LocationAwareStore.php). In this example, eZ Publish content cache entities are stored under a different folder than regular cache entities in order to ease cache purge based on a content location.
## Testing
No unit tests were added since the behavior didn't change and the new method is protected.
PS : It would be nice to have this in 2.1 branch as well 😃