This looks like a subjective change (one more method, but the method implementations are
simpler), but it wasn't. The problem was that the UserChecker checkPreAuth should happen
*after* we get the user, but *before* the credentials are checked, and that wasn't possible
before this change. Now it is.
Here is the flow:
A) You login using guard and are given a PostAuthGuardToken
B) Your user changes between requests - AbstractToken::setUser() and hasUserChanged() - which
results in the Token becoming "not authenticated"
C) Something calls out to the security system, which then passes the no-longer-authed
token back into the AuthenticationProviderManager
D) Because the PostauthGuardToken implements GuardTokenInterface, the provider responds
to it. But, seeing that this is a no-longer-authed PostAuthGuardToken, it returns
an AnonymousToken, which triggers logout
The reason is that the GuardAuthenticationProvider *must* respond to *all* tokens
created by the system - both "pre auth" and "post auth" tokens. The reason is that
if a "post auth" token becomes not authenticated (e.g. because the user changes between
requests), then it may be passed to the provider system. If no providers respond (which
was the case before this commit), then AuthenticationProviderManager throws an exception.
The next commit will properly handle these "post auth" + "no-longer-authenticated" tokens,
which should cause a log out.
* 2.7:
[VarDumper] Fix missing support for dumping PHP7 return type
[travis] disable symfony_debug ext when deps!=no
Do not normalize the kernel root directory path (see symfony/symfony#15474).
Don't trigger deprecation on interfaces
[Debug] Ignore silencing for deprecations
[ci] Run minimal versions on appveyor only
Fix appveyor file
consistently use str_replace to unify directory separators (remaining)
* 2.7:
Various fixes esp. on Windows
Fix the validation of form resources to register the default theme
Fix the retrieval of the value with property path when using a loader
[appveyor] minor enhancements
[Process] Disable failing tests on Windows
[Translation] Fix the string casting in the XliffFileLoader
Windows and Intl fixes
Add appveyor.yml for C.I. on Windows
[VarDumper] fixed HtmlDumper to target specific the head tag
[travis] merge php: nightly and deps=high test-matrix lines
consistently use str_replace to unify directory separators
Support omitting the <target> node in an .xlf file.
Fix the handling of values for multiple choice types
moved PHP nightly to PHP 7.0
[Security] Add missing docblock in PreAuthenticatedToken
Conflicts:
.travis.yml
* 2.3:
Windows and Intl fixes
Add appveyor.yml for C.I. on Windows
[travis] merge php: nightly and deps=high test-matrix lines
[Security] Add missing docblock in PreAuthenticatedToken
Conflicts:
.travis.yml
src/Symfony/Component/Filesystem/Tests/FilesystemTest.php
src/Symfony/Component/HttpFoundation/JsonResponse.php
src/Symfony/Component/Intl/DateFormatter/IntlDateFormatter.php
This PR was squashed before being merged into the 2.8 branch (closes#15013).
Discussion
----------
[Security] Removed security-acl from the core
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | part of #14718
| License | MIT
| Doc PR | ~
The `Security\Acl` is removed from the core and is loaded from its own repository. All tests were passing and this is fully backwards compatible. I have removed all but the Test files in the first step and added the dependency to verify the Test were still working with the package dependency. The second step was to remove the remaining test files and tests are still running for both the Bundle and the Framework. Once the Read-Only repository is a full standalone repository, this PR can be merged.
- [x] Remove component from the core
- [ ] Remove read-only from https://github.com/symfony/security-acl
Once this PR is merged, I can start working on splitting the SecurityBundle and extracting the ACL part to the AclBundle.
/cc @fabpot
Commits
-------
b26a449 [Security] Removed security-acl from the core
* 2.7:
[php7] Fix for substr() always returning a string
[Security] Do not save the target path in the session for a stateless firewall
Fix calls to HttpCache#getSurrogate triggering E_USER_DEPRECATED errors.
[DependencyInjection] fixed FrozenParameterBag and improved Parameter…
* 2.3:
[php7] Fix for substr() always returning a string
[Security] Do not save the target path in the session for a stateless firewall
[DependencyInjection] fixed FrozenParameterBag and improved Parameter…
Conflicts:
src/Symfony/Component/Debug/Tests/ErrorHandlerTest.php
src/Symfony/Component/Security/Http/Firewall/ExceptionListener.php
* 2.7:
[Yaml] throw a ParseException on invalid data type
[TwigBridge] type-dependent path discovery
Resources as string have the same problem
Introduce failing test case when a SplFileInfo object is passed to the extract() method in the TwigExtractor.
#15331 add infos about deprecated classes to UPGRADE-3.0
[Asset] removed unused private property.
[Security] removed useless else condition in SwitchUserListener class.
[travis] Tests deps=low with PHP 5.6
[Console] Fix console output with closed stdout
* 2.6:
[Yaml] throw a ParseException on invalid data type
#15331 add infos about deprecated classes to UPGRADE-3.0
[Security] removed useless else condition in SwitchUserListener class.
[travis] Tests deps=low with PHP 5.6
[Console] Fix console output with closed stdout
* 2.7:
[Twig+FrameworkBundle] Fix forward compat with Form 2.8
[2.6] Static Code Analysis for Components
[Security/Http] Fix test relying on a private property
[Serializer] Fix bugs reported in b5990be491 (commitcomment-12301266)
Conflicts:
src/Symfony/Bridge/Twig/Resources/views/Form/form_div_layout.html.twig
src/Symfony/Bundle/FrameworkBundle/Resources/views/Form/widget_attributes.html.php
src/Symfony/Component/Security/Http/Tests/Firewall/AnonymousAuthenticationListenerTest.php
This PR was squashed before being merged into the 2.8 branch (closes#15131).
Discussion
----------
[Security] Moved Simple{Form,Pre}AuthenticatorInterfaces to Security\Http
Description
---
The `SimpleFormAuthenticatorInterface` and `SimplePreAuthenticatorInterface` rely on `Request`, which means it's a Http land class. This means they don't belong in core.
Having a form login that doesn't depend on the request is an option as well (e.g. a console application might use the question helper to implement a "form" login). However, then there is a need for a new abstraction of the request. I don't think it's worth it.
Furthermore, the only classes typehinting/relying on this interfaces can be found in `Security\Http`.
Implementation
---
The new interfaces extend the old ones for better backwards compability. Symfony doesn't trigger deprecation errors for interfaces, see 6f57b7b552
PR Info Table
---
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | yes
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
Commits
-------
ebb2064 [Security] Moved Simple{Form,Pre}AuthenticatorInterfaces to Security\Http
* 2.7:
[HttpKernel] Fix lowest dep
[Security] fix check for empty usernames
[Form] updated exception message of ButtonBuilder::setRequestHandler()
[travis] Fix deps=high jobs
Fix typo 'assets.package' => 'assets.packages' in UPGRADE-2.7
[Serializer] Simplify AbstractNormalizer::prepareForDenormalization()
[HttpFoundation] [PSR-7] Allow to use resources as content body and to return resources from string content
[DependencyInjection] Remove unused code in XmlFileLoader
[HttpFoundation] Behaviour change in PHP7 for substr
bumped Symfony version to 2.3.32
updated VERSION for 2.3.31
update CONTRIBUTORS for 2.3.31
updated CHANGELOG for 2.3.31
Conflicts:
src/Symfony/Bridge/Twig/composer.json
src/Symfony/Bundle/FrameworkBundle/composer.json
src/Symfony/Component/HttpKernel/composer.json
* 2.6:
[Security] fix check for empty usernames
[Form] updated exception message of ButtonBuilder::setRequestHandler()
[travis] Fix deps=high jobs
[HttpFoundation] [PSR-7] Allow to use resources as content body and to return resources from string content
[DependencyInjection] Remove unused code in XmlFileLoader
[HttpFoundation] Behaviour change in PHP7 for substr
bumped Symfony version to 2.3.32
updated VERSION for 2.3.31
update CONTRIBUTORS for 2.3.31
updated CHANGELOG for 2.3.31
Conflicts:
src/Symfony/Bridge/Twig/composer.json
src/Symfony/Bundle/FrameworkBundle/composer.json
* 2.3:
[Security] fix check for empty usernames
[Form] updated exception message of ButtonBuilder::setRequestHandler()
[travis] Fix deps=high jobs
[HttpFoundation] [PSR-7] Allow to use resources as content body and to return resources from string content
[DependencyInjection] Remove unused code in XmlFileLoader
[HttpFoundation] Behaviour change in PHP7 for substr
bumped Symfony version to 2.3.32
updated VERSION for 2.3.31
update CONTRIBUTORS for 2.3.31
updated CHANGELOG for 2.3.31
Conflicts:
src/Symfony/Bridge/Twig/composer.json
src/Symfony/Bundle/FrameworkBundle/composer.json
src/Symfony/Component/DependencyInjection/Loader/XmlFileLoader.php
src/Symfony/Component/HttpKernel/Kernel.php
* 2.7:
Added 'default' color
[HttpFoundation] Reload the session after regenerating its id
[HttpFoundation] Add a test case to confirm a bug in session migration
[Serializer] Fix ClassMetadata::sleep()
[2.6] Static Code Analysis for Components and Bundles
[Finder] Command::addAtIndex() fails with Command instance argument
[DependencyInjection] Freeze also FrozenParameterBag::remove
[Twig][Bridge] replaced `extends` with `use` in bootstrap_3_horizontal_layout.html.twig
fix CS
fixed CS
Add a way to reset the singleton
[Security] allow to use `method` in XML configs
[Serializer] Fix Groups tests.
Remove duplicate example
Remove var not used due to returning early (introduced in 8982c32)
[Serializer] Fix Groups PHPDoc
Enhance hhvm test skip message
fix for legacy asset() with EmptyVersionStrategy
[Form] Added upgrade notes for #15061
* 2.6:
Added 'default' color
[HttpFoundation] Reload the session after regenerating its id
[HttpFoundation] Add a test case to confirm a bug in session migration
[2.6] Static Code Analysis for Components and Bundles
[Finder] Command::addAtIndex() fails with Command instance argument
[DependencyInjection] Freeze also FrozenParameterBag::remove
[Twig][Bridge] replaced `extends` with `use` in bootstrap_3_horizontal_layout.html.twig
fix CS
fixed CS
Add a way to reset the singleton
[Security] allow to use `method` in XML configs
Remove duplicate example
Remove var not used due to returning early (introduced in 8982c32)
Enhance hhvm test skip message
This PR was squashed before being merged into the 2.8 branch (closes#15141).
Discussion
----------
[DX] [Security] Renamed Token#getKey() to getSecret()
There are 2 very vague parameter names in the authentication process: `$providerKey` and `$key`. Some tokens/providers have the first one, some tokens/providers the second one and some both. An overview:
| Token | `providerKey` | `key`
| --- | --- | ---
| `AnonymousToken` | - | yes
| `PreAuth...Token` | yes | -
| `RememberMeToken` | yes | yes
| `UsernamePasswordToken` | yes | -
Both names are extremely general and their PHPdocs contains pure no-shit-sherlock-descriptions :squirrel: (like "The key."). This made me and @iltar think it's just an inconsistency and they have the same meaning.
...until we dived deeper into the code and came to the conclusion that `$key` has a Security task (while `$providerKey` doesn't really). If it takes people connected to Symfony internals 30+ minutes to find this out, it should be considered for an improvement imo.
So here is our suggestion: **Rename `$key` to `$secret`**. This explains much better what the value of the string has to be (for instance, it's important that the string is not easily guessable and cannot be found out, according to the Spring docs). It also explains the usage better (it's used as a replacement for credentials and to hash the RememberMeToken).
**Tl;dr**: `$key` and `$providerKey` are too general names, let's improve DX by renaming them. This PR tackles `$key` by renaming it to `$secret`.
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | yes
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
*My excuse for the completely unrelated branch name*
Commits
-------
24e0eb6 [DX] [Security] Renamed Token#getKey() to getSecret()
* 2.6:
[2.6] Towards 100% HHVM compat
[Security/Http] Fix test
[Stopwatch] Fix test
Minor fixes
Towards 100% HHVM compat
unify default AccessDeniedExeption message
trigger event with right user (add test)
[Security] Initialize SwitchUserEvent::targetUser on attemptExitUser
[Form] Fixed: Data mappers always receive forms indexed by their names
Conflicts:
src/Symfony/Bundle/FrameworkBundle/Controller/Controller.php
src/Symfony/Component/VarDumper/Tests/CliDumperTest.php
src/Symfony/Component/VarDumper/Tests/HtmlDumperTest.php
* 2.3:
Minor fixes
Towards 100% HHVM compat
trigger event with right user (add test)
[Security] Initialize SwitchUserEvent::targetUser on attemptExitUser
[Form] Fixed: Data mappers always receive forms indexed by their names
Conflicts:
src/Symfony/Component/Debug/Tests/ErrorHandlerTest.php
src/Symfony/Component/Filesystem/Filesystem.php
src/Symfony/Component/Process/Tests/AbstractProcessTest.php
The `SwitchUserEvent` is triggered in case an account is switched. This works okay while switching to the user, but on exit the `SwitchUserEvent` is triggered again with the original User. That User was not initialized by the provider yet.
load user by UserInterface instead of username
* 2.3:
Fix quoting style consistency.
[DependencyInjection] Fail when dumping a Definition with no class nor factory
Normalizing recursively - see #9096
No change - the normalizeParams is a copy-and-paste of the earlier logic
fixes issue with logging array of non-utf8 data
fix validation for Maestro UK card numbers
* 2.7:
[FrameworkBundle] Reuse PropertyAccessor service for ObjectNormalizer
[VarDumper] Fix dump output for better readability
[PhpUnitBridge] Enforce @-silencing of deprecation notices according to new policy
* 2.7: (36 commits)
[DoctrineBridge] Bypass the db when no valid identifier is provided in ORMQueryBuilderLoader
[Serializer] Fixed typo in comment
[Form] Fixed: Filter non-integers when selecting entities by int ID
Fix merge
Fix merge
Add test for HHVM FatalErrors
[2.6][Debug] Fix fatal-errors handling on HHVM
[Debug] Fix log level of stacked errors
[VarDumper] Fix uninitialized id in HtmlDumper
Fixed fluent interface
[Console] Fix tests on Windows
[2.7] Fix unsilenced deprecation notices
[2.3][Debug] Fix fatal-errors handling on HHVM
[Debug] fix debug class loader case test on windows
Standardize the name of the exception variables
[Debug+VarDumper] Fix handling of PHP7 exception/error model
Do not trigger deprecation error in ResolveParameterPlaceHoldersPass
[2.3] Static Code Analysis for Components
Added a small Upgrade note regarding security.context
added missing deprecation in CHANGELOG
...
Conflicts:
src/Symfony/Bundle/WebProfilerBundle/Resources/views/Collector/logger.html.twig
src/Symfony/Component/HttpKernel/Kernel.php
* 2.6:
Add test for HHVM FatalErrors
[2.6][Debug] Fix fatal-errors handling on HHVM
[2.3][Debug] Fix fatal-errors handling on HHVM
Standardize the name of the exception variables
[2.3] Static Code Analysis for Components
Remove duplicated paths
Conflicts:
src/Symfony/Component/Debug/ErrorHandler.php
src/Symfony/Component/Security/Http/Firewall/BasicAuthenticationListener.php
src/Symfony/Component/Security/Http/Firewall/ContextListener.php
src/Symfony/Component/Security/Http/Firewall/RememberMeListener.php
src/Symfony/Component/Security/Http/RememberMe/AbstractRememberMeServices.php
* 2.3:
[2.3][Debug] Fix fatal-errors handling on HHVM
Standardize the name of the exception variables
[2.3] Static Code Analysis for Components
Remove duplicated paths
Conflicts:
src/Symfony/Component/Debug/ErrorHandler.php
src/Symfony/Component/HttpFoundation/Session/Storage/MockArraySessionStorage.php
src/Symfony/Component/Security/Acl/Dbal/AclProvider.php
src/Symfony/Component/Security/Core/Authentication/Provider/UserAuthenticationProvider.php
* 2.6:
[Debug] Fix log level of stacked errors
[VarDumper] Fix uninitialized id in HtmlDumper
Fixed fluent interface
[Debug] fix debug class loader case test on windows
[Debug+VarDumper] Fix handling of PHP7 exception/error model
[2.6][Security][Translation] #14920 update translations
[VarDumper] Cherry-pick code style fixes from 2.7
Bug #14836 [HttpFoundation] Moves default JSON encoding assignment from constructor to property
Conflicts:
src/Symfony/Component/Debug/Tests/DebugClassLoaderTest.php
src/Symfony/Component/VarDumper/Caster/DOMCaster.php
src/Symfony/Component/VarDumper/Caster/ExceptionCaster.php
src/Symfony/Component/VarDumper/Caster/PdoCaster.php
src/Symfony/Component/VarDumper/Caster/SplCaster.php
This PR was merged into the 2.7 branch.
Discussion
----------
added missing deprecation in CHANGELOG
Commits
-------
ddddeb5 added missing deprecation in CHANGELOG
* 2.7:
Fix test name
fixed CS
Allow new lines in Messages translated with transchoice() (replacement for #14867)
[Form] Swap new ChoiceView constructor arguments to ease migrating from the deprecated one
[2.3] Fix tests on Windows
[Yaml] remove partial deprecation annotation
Silence invasive deprecation warnings, opt-in for warnings
Documenting how to keep option value BC - see #14377
Conflicts:
src/Symfony/Bridge/Doctrine/composer.json
src/Symfony/Bridge/Twig/composer.json
* 2.7:
[Console] SymfonyStyle : Fix blocks wordwrapping
[Console] SymfonyStyle : Fix blocks output is broken on windows cmd
[Validator] remove partial deprecation annotation
Updated UPGRADE-2.4.md
[Form] Support DateTimeImmutable in transform()
Show the FormType and FormTypeExtension in case of deprecated use of setDefaultOptions
[FrameworkBundle] Document form.csrf_provider service deprecation
[Form] add test to avoid regression of #14891
without this change allways the legacy code get called
[Form] Fix call to removed method (BC broken in 2.3)
Fix ask and askHidden methods
[HttpFoundation] Get response content as resource several times for PHP >= 5.6
Change error message to reflect SecurityContext deprecation.
fixed merge
Issue #14815
[Console] SymfonyStyle : fix & automate block gaps.
[Console] SymfonyStyle : Improve EOL consistency by relying on output instance
Improved duplicated code in FileLocator
* 2.7:
[Security] Update tests after a merge
[Console] Remove an unused argument and fix a small cs issue
[Translator] avoid serialize unserializable resources.
* 2.7: (95 commits)
[DependencyInjection] provide better error message when using deprecated configuration options
[console][TableCell] get cell width without decoration.
Improve the config validation in TwigBundle
[VarDumper] Changed tooltip to expand-all keybinding in OS X
[Bridge\PhpUnit] Fix composer installed phpunit detection
[VarDumper] Fix generic casters calling order
[2.7][SecurityBundle] Remove SecurityContext from Compile
[WebProfilerBundle][logger] added missing deprecation message.
Fix profiler CSS
[Security][Acl] enforce string identifiers
[FrameworkBundle] make `templating.helper.router` service available again for BC reasons
[BrowserKit] Fix bug when uri starts with http.
bumped Symfony version to 2.7.1
updated VERSION for 2.7.0
updated CHANGELOG for 2.7.0
bumped Symfony version to 2.6.10
updated VERSION for 2.6.9
updated CHANGELOG for 2.6.9
fixed tests
bumped Symfony version to 2.3.31
...
Conflicts:
src/Symfony/Bundle/FrameworkBundle/Command/TranslationDebugCommand.php
src/Symfony/Bundle/WebProfilerBundle/Resources/views/Collector/logger.html.twig
src/Symfony/Component/HttpKernel/Kernel.php
src/Symfony/Component/Translation/Loader/JsonFileLoader.php
* 2.6:
Improve the config validation in TwigBundle
[WebProfilerBundle][logger] added missing deprecation message.
[Security][Acl] enforce string identifiers
[BrowserKit] Fix bug when uri starts with http.
bumped Symfony version to 2.3.31
updated VERSION for 2.3.30
updated CHANGELOG for 2.3.30
Php Inspections (EA Extended): - resolved possible PHP Fatal in \Symfony\Component\BrowserKit\Cookie::__toString -resolved implicit magic methods calls -resolved callable name case mismatches
* 2.3:
Improve the config validation in TwigBundle
[Security][Acl] enforce string identifiers
[BrowserKit] Fix bug when uri starts with http.
bumped Symfony version to 2.3.31
updated VERSION for 2.3.30
updated CHANGELOG for 2.3.30
Php Inspections (EA Extended): - resolved possible PHP Fatal in \Symfony\Component\BrowserKit\Cookie::__toString -resolved implicit magic methods calls -resolved callable name case mismatches
Conflicts:
src/Symfony/Component/Debug/Tests/ErrorHandlerTest.php
src/Symfony/Component/DependencyInjection/Tests/Dumper/PhpDumperTest.php
src/Symfony/Component/HttpKernel/Kernel.php
This PR was merged into the 2.3 branch.
Discussion
----------
[2.3] Static Code Analysis for Components
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
Static Code Analysis with Php Inspections (EA Extended), no functional changes:
- resolved possible PHP Fatal in \Symfony\Component\BrowserKit\Cookie::__toString
- resolved callable name case mismatches
Commits
-------
9eb2b14 Php Inspections (EA Extended): - resolved possible PHP Fatal in \Symfony\Component\BrowserKit\Cookie::__toString -resolved implicit magic methods calls -resolved callable name case mismatches
- resolved possible PHP Fatal in \Symfony\Component\BrowserKit\Cookie::__toString
-resolved implicit magic methods calls
-resolved callable name case mismatches
* 2.6: (30 commits)
[Translation] fixed JSON loader on PHP 7 when file is empty
Fix typo
Check instance of FormBuilderInterface instead of FormBuilder
[Security] TokenBasedRememberMeServices test to show why encoding username is required
[Security] AbstractRememberMeServices::encodeCookie() validates cookie parts
fixed typo
[console][formater] allow format toString object.
[HttpFoundation] Fix baseUrl when script filename is contained in pathInfo
Avoid redirection to XHR URIs
[HttpFoundation] IpUtils::checkIp4() should allow networks
[2.6] Fix HTML escaping of to-source links
Fix HTML escaping of to-source links
ExceptionHandler: More Encoding
Fix the rendering of deprecation log messages
[FrameworkBundle] Removed unnecessary parameter in TemplateController
[DomCrawler] Throw an exception if a form field path is incomplete.
Fixed the indentation in the compiled template for the DumpNode
[Console] Delete duplicate test in CommandTest
[TwigBundle] Refresh twig paths when resources change.
WebProfiler break words
...
Conflicts:
src/Symfony/Bridge/Twig/composer.json
src/Symfony/Bundle/WebProfilerBundle/Resources/views/Collector/logger.html.twig
src/Symfony/Component/Debug/ExceptionHandler.php
* 2.3:
Fix typo
Check instance of FormBuilderInterface instead of FormBuilder
[Security] TokenBasedRememberMeServices test to show why encoding username is required
[Security] AbstractRememberMeServices::encodeCookie() validates cookie parts
[console][formater] allow format toString object.
[HttpFoundation] Fix baseUrl when script filename is contained in pathInfo
Avoid redirection to XHR URIs
[HttpFoundation] IpUtils::checkIp4() should allow networks
Fix HTML escaping of to-source links
[FrameworkBundle] Removed unnecessary parameter in TemplateController
[DomCrawler] Throw an exception if a form field path is incomplete.
[Console] Delete duplicate test in CommandTest
[TwigBundle] Refresh twig paths when resources change.
WebProfiler break words
fixed typo
Update README.md
[HttpKernel] Handle an array vary header in the http cache store
[Security][Translation] fixes#14584
[Framework] added test for Router commands.
Handled bearer authorization header in REDIRECT_ form
Conflicts:
src/Symfony/Component/Debug/ExceptionHandler.php
This PR was squashed before being merged into the 2.3 branch (closes#14670).
Discussion
----------
[Security] TokenBasedRememberMeServices test to show why encoding username is required
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #14577
| License | MIT
| Doc PR | no
241538d shows that it's not actually tested, 257b796 reimplements it with test.
I can remove the POC commit if it's not needed.
Commits
-------
63a9736 [Security] TokenBasedRememberMeServices test to show why encoding username is required
This PR was squashed before being merged into the 2.3 branch (closes#14678).
Discussion
----------
[Security] AbstractRememberMeServices::encodeCookie() validates cookie parts
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #14577
| License | MIT
| Doc PR | no
`AbstractRememberMeServices::encodeCookie()` guards against `COOKIE_DELIMITER` in `$cookieParts`.
* it would make `AbstractRememberMeServices::cookieDecode()` broken
* all current extending classes do it anyway (see #14670 )
* added tests – it's not a public method, but it is expected to be used by user implementations – as such, it's good to know that it works properly
Commits
-------
464c39a [Security] AbstractRememberMeServices::encodeCookie() validates cookie parts
This PR was merged into the 2.3 branch.
Discussion
----------
[Security][Translation] fixes#14584
| Q | A
| ------------- | ---
| Fixed tickets | #14584
| License | MIT
Some french translations are wrong in the security component.
As #14587 has been closed here's my fix.
Commits
-------
34c780f [Security][Translation] fixes#14584
This PR was merged into the 2.7 branch.
Discussion
----------
[Security] Removed unnecessary statement
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | ~
| License | MIT
| Doc PR | ~
Removed unnecessary statement from `PersistentTokenBasedRememberMeServices.php`.
`$series` comes from `$cookieParts` and `$this->tokenProvider->loadTokenBySeries($series);` is supposed to find the token with that value. Doing `$persistentToken->getSeries();` should give us exactly the same value, so it is an unnecessary statement.
Why?
* We don't need it? We won't miss it when it's gone.
* It confuses a code reader who starts guessing why would that be needed (at least I did and lost time because of that).
Unless…
It actually is needed, as we want `TokenProviderInterface` implementations to have a possibility to give a `PersistentTokenInterface` with a different series value than asked… I can make a PR to the testing class so that such requirement is checked upon.
I don't believe that this is BC, as this behaviour isn't documented anywhere and no existing (known to me) implementations return different series than the asked ones (and current tests pass successfully).
Commits
-------
c7a91f1 Removed unnecessary statement from PersistentTokenBasedRememberMeServices.php
* 2.7:
fixed CS
fixed CS
fixed CS
Fix WebProfilerBundle compatiblity with HttpKernel < 2.7
[Validator] Deprecated PHP7-incompatible constraints and related validators
[DebugBundle] Allow alternative destination for dumps
[DebugBundle] Use output mechanism of dumpers instead of echoing
[DebugBundle] Always collect dumps
[FrameworkBundle] Applied new styles to the config:debug & config:dump-reference commands
Fix tests in HHVM
CS: Pre incrementation/decrementation should be used if possible
Conflicts:
src/Symfony/Bundle/FrameworkBundle/composer.json
* 2.6:
[DebugBundle] Allow alternative destination for dumps
[DebugBundle] Use output mechanism of dumpers instead of echoing
[DebugBundle] Always collect dumps
Fix tests in HHVM
CS: Pre incrementation/decrementation should be used if possible
Conflicts:
src/Symfony/Component/Finder/Expression/Glob.php
* 2.3:
Fix tests in HHVM
CS: Pre incrementation/decrementation should be used if possible
Conflicts:
src/Symfony/Bundle/TwigBundle/Command/LintCommand.php
src/Symfony/Component/Console/Helper/TableHelper.php
src/Symfony/Component/EventDispatcher/Tests/EventDispatcherTest.php
src/Symfony/Component/HttpKernel/DataCollector/LoggerDataCollector.php
src/Symfony/Component/HttpKernel/HttpCache/EsiResponseCacheStrategy.php
src/Symfony/Component/Security/Acl/Dbal/AclProvider.php
src/Symfony/Component/Security/Http/RememberMe/TokenBasedRememberMeServices.php
This PR was merged into the 2.3 branch.
Discussion
----------
CS: Pre incrementation/decrementation should be used if possible
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
Fixes provided by new fixer: https://github.com/FriendsOfPHP/PHP-CS-Fixer/pull/1113
If this pr is merged I would change the level of the fixer to `symfony`.
Commits
-------
c5123d6 CS: Pre incrementation/decrementation should be used if possible
* 2.7: (70 commits)
[travis] Use container-based infrastructure
[HttpKernel] use ConfigCache::getPath() method when it exists
[PropertyAccess] Fix setting public property on a class having a magic getter
[Routing] Display file which contain deprecated option
ContainerInterface: unused exception dropped
bumped Symfony version to 2.6.8
updated VERSION for 2.6.7
updated CHANGELOG for 2.6.7
bumped Symfony version to 2.3.29
updated VERSION for 2.3.28
update CONTRIBUTORS for 2.3.28
updated CHANGELOG for 2.3.28
[Debug] Fixed ClassNotFoundFatalErrorHandlerTest
[SecurityBundle] use access decision constants in config
[SecurityBundle] use session auth constants in config
PhpDoc fix in AbstractRememberMeServices
[Filesystem] Simplified an if statement
[SecurityBundle] Use Enum Nodes Instead Of Scalar
[Debug 2.3] Fix test for PHP7
[HttpKernel] Check if "symfony/proxy-manager-bridge" package is installed
...
Conflicts:
src/Symfony/Bundle/DebugBundle/composer.json
src/Symfony/Bundle/FrameworkBundle/Command/ServerRunCommand.php
src/Symfony/Bundle/FrameworkBundle/Command/TranslationDebugCommand.php
src/Symfony/Component/Form/README.md
src/Symfony/Component/Intl/README.md
src/Symfony/Component/Security/README.md
src/Symfony/Component/Translation/Loader/CsvFileLoader.php
src/Symfony/Component/Translation/Loader/IniFileLoader.php
src/Symfony/Component/Translation/Loader/MoFileLoader.php
src/Symfony/Component/Translation/Loader/PhpFileLoader.php
src/Symfony/Component/Translation/Loader/PoFileLoader.php
src/Symfony/Component/Translation/Loader/YamlFileLoader.php
src/Symfony/Component/Translation/README.md
src/Symfony/Component/Translation/Translator.php
src/Symfony/Component/Validator/README.md
* 2.6: (21 commits)
bumped Symfony version to 2.6.8
updated VERSION for 2.6.7
updated CHANGELOG for 2.6.7
bumped Symfony version to 2.3.29
updated VERSION for 2.3.28
update CONTRIBUTORS for 2.3.28
updated CHANGELOG for 2.3.28
[Debug] Fixed ClassNotFoundFatalErrorHandlerTest
[SecurityBundle] use access decision constants in config
[SecurityBundle] use session auth constants in config
PhpDoc fix in AbstractRememberMeServices
[Filesystem] Simplified an if statement
[SecurityBundle] Use Enum Nodes Instead Of Scalar
[Debug 2.3] Fix test for PHP7
[HttpKernel] Check if "symfony/proxy-manager-bridge" package is installed
[Translation] simplify getMessages.
[Framework][Translation] added test for debug command.
Run tests on hhvm instead of hhvm-nightly
Use HTTPS in README and some other fixes
add more entropy to generated classnames
...
Conflicts:
.travis.yml
src/Symfony/Component/HttpKernel/Kernel.php
* 2.3:
bumped Symfony version to 2.3.29
updated VERSION for 2.3.28
update CONTRIBUTORS for 2.3.28
updated CHANGELOG for 2.3.28
PhpDoc fix in AbstractRememberMeServices
Conflicts:
src/Symfony/Component/HttpKernel/Kernel.php
* 2.6: (25 commits)
[2.6] link to https://symfony.com where possible
Do not override PHP constants, only use when available
link to https://symfony.com where possible
[FrameworkBundle] Added missing log in server:run command
[Finder] Only use GLOB_BRACE when available
[HttpFoundation] Allow curly braces in trusted host patterns
Fix merge
Fix typo in variable name
[profiler][security] check authenticated user by tokenClass instead of username.
[WebProfiler] fix html syntax for input types
[TwigBundle] Fix deprecated use of FlattenException
[DependencyInjection] Removed extra strtolower calls
Use https://symfony.com/search for searching
[Debug] PHP7 compatibility with BaseException
[Validator] Fixed Choice when an empty array is used in the "choices" option
Fixed tests
[StringUtil] Fixed singularification of 'selfies'
Fix Portuguese (Portugal) translation for Security
improved exception when missing required component
[DependencyInjection] resolve circular reference
...
Conflicts:
src/Symfony/Bundle/WebProfilerBundle/Resources/views/Collector/config.html.twig
src/Symfony/Component/Form/README.md
src/Symfony/Component/Intl/README.md
src/Symfony/Component/Security/README.md
src/Symfony/Component/Translation/README.md
src/Symfony/Component/Validator/README.md
* 2.3:
link to https://symfony.com where possible
[FrameworkBundle] Added missing log in server:run command
[HttpFoundation] Allow curly braces in trusted host patterns
[profiler][security] check authenticated user by tokenClass instead of username.
Use https://symfony.com/search for searching
Conflicts:
src/Symfony/Bundle/FrameworkBundle/Test/WebTestCase.php
src/Symfony/Component/Form/README.md
src/Symfony/Component/Intl/README.md
src/Symfony/Component/Routing/composer.json
src/Symfony/Component/Security/README.md
src/Symfony/Component/Translation/README.md
src/Symfony/Component/Validator/README.md
* 2.3:
[DependencyInjection] Removed extra strtolower calls
[Validator] Fixed Choice when an empty array is used in the "choices" option
Fixed tests
[StringUtil] Fixed singularification of 'selfies'
Fix Portuguese (Portugal) translation for Security
improved exception when missing required component
CS: unalign =
Show a better error when the port is in use
CS: unalign =>
[FrameworkBundle] Check for 'xlf' instead of 'xliff'
Add better phpdoc message for getListeners method of the EventDispatcher
Conflicts:
src/Symfony/Bundle/FrameworkBundle/Command/ServerRunCommand.php
src/Symfony/Bundle/TwigBundle/Command/LintCommand.php
src/Symfony/Component/DependencyInjection/ContainerBuilder.php
src/Symfony/Component/DependencyInjection/Tests/Fixtures/php/services11.php
src/Symfony/Component/Validator/Constraints/ChoiceValidator.php
* 2.7: (40 commits)
[Debug] Fix ClassNotFoundFatalErrorHandler candidates lookups
[2.6][Translator] Extend, refactor and simplify Translator tests.
Update DebugClassLoader.php
inject asset packages in assets helper service
[travis] Do not exclude legacy tests on 2.7
[HttpFoundation] remove getExtension method
[2.6][Translation] fix legacy tests.
[Form] Removed remaining deprecation notices in the test suite
[Form] Moved deprecation notice triggers to file level
[Debug] Map PHP errors to LogLevel::CRITICAL
[Routing][DependencyInjection] Support .yaml extension in YAML loaders
[DX] improve file loader error for router/other resources in bundle
[FrameworkBundle] Initialize translator with the default locale.
[FrameworkBundle] Fix Routing\DelegatingLoader resiliency to fatal errors
[2.7][Translation] remove duplicate code for loading catalogue.
[2.6][Translation] remove duplicate code for loading catalogue.
[HttpKernel] Cleanup ExceptionListener
CS fixes
[DependencyInjection] Show better error when the Yaml component is not installed
[2.3] SCA for Components - reference mismatches
...
* 2.6:
[Translator] Cache does not take fallback locales into consideration
[VarDumper] Fix call site detection
[Process] Fix volatile test
Remove some useless @group annotations
Removed useless strtolower call
[Validator] Use strict comparisons in loaders
CS: Use "self" keyword instead of class name if possible
Conflicts:
.travis.yml
src/Symfony/Component/Translation/Translator.php
* 2.3:
Remove some useless @group annotations
Removed useless strtolower call
[Validator] Use strict comparisons in loaders
CS: Use "self" keyword instead of class name if possible
* 2.6:
[Validator] Add missing pt_BR translations
Add parsing of hexadecimal strings for PHP 7
[Configuration] improve description for ignoreExtraKeys on ArrayNodeDefinition
[Validator] Added missing Hungarian translation
[Validator] Fixed grammar in Hungarian translation
CS: Unary operators should be placed adjacent to their operands
CS: Binary operators should be arounded by at least one space
remove useless tests that fail in php 7
[Translator] fix test for php 7 compatibility
Update phpdoc of ProcessBuilder#setPrefix()
Conflicts:
src/Symfony/Bridge/Propel1/Logger/PropelLogger.php
src/Symfony/Component/Validator/Resources/translations/validators.hu.xlf
* 2.3:
[Validator] Add missing pt_BR translations
Add parsing of hexadecimal strings for PHP 7
[Configuration] improve description for ignoreExtraKeys on ArrayNodeDefinition
[Validator] Added missing Hungarian translation
[Validator] Fixed grammar in Hungarian translation
CS: Unary operators should be placed adjacent to their operands
CS: Binary operators should be arounded by at least one space
remove useless tests that fail in php 7
[Translator] fix test for php 7 compatibility
Update phpdoc of ProcessBuilder#setPrefix()
Conflicts:
src/Symfony/Component/HttpFoundation/Session/Attribute/NamespacedAttributeBag.php
src/Symfony/Component/PropertyAccess/PropertyAccessor.php
src/Symfony/Component/Validator/Resources/translations/validators.pt_BR.xlf
src/Symfony/Component/Yaml/Parser.php
This PR was merged into the 2.3 branch.
Discussion
----------
CS: Unary operators should be placed adjacent to their operands
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | ?
| Fixed tickets | N/A
| License | MIT
| Doc PR | N/A
Update before upcoming changes on PHP CS Fixer 1.7
To keep fabbot.io happy ;)
Commits
-------
2367f4a CS: Unary operators should be placed adjacent to their operands
This PR was merged into the 2.3 branch.
Discussion
----------
CS: Binary operators should be arounded by at least one space
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | ?
| Fixed tickets | N/A
| License | MIT
| Doc PR | N/A
Update before upcoming changes on PHP CS Fixer 1.7
To keep fabbot.io happy ;)
Commits
-------
ec2cec6 CS: Binary operators should be arounded by at least one space
* 2.6:
CS: fixes
Translator component has default domain for null implemented no need to have default translation domain logic in 3 different places
[Form] [TwigBridge] Bootstrap layout whitespace control
[travis] Kill tests when a new commit has been pushed
fixed CS
Change behavior to mirror hash_equals() returning early if there is a length mismatch
CS fixing
Prevent modifying secrets as much as possible
Update StringUtils.php
Whitespace
Update StringUtils.php
StringUtils::equals() arguments in RememberMe Cookie based implementation are confused
CS: general fixes
[SecurityBundle] removed a duplicated service definition and simplified others.
Conflicts:
src/Symfony/Bundle/SecurityBundle/Resources/config/security_listeners.xml
* 2.3:
CS: fixes
Translator component has default domain for null implemented no need to have default translation domain logic in 3 different places
[travis] Kill tests when a new commit has been pushed
fixed CS
Change behavior to mirror hash_equals() returning early if there is a length mismatch
CS fixing
Prevent modifying secrets as much as possible
Update StringUtils.php
Whitespace
Update StringUtils.php
CS: general fixes
[SecurityBundle] removed a duplicated service definition and simplified others.
Conflicts:
src/Symfony/Bundle/FrameworkBundle/Resources/views/Form/choice_widget_collapsed.html.php
src/Symfony/Bundle/SecurityBundle/Resources/config/security_rememberme.xml
src/Symfony/Component/Console/Tests/Helper/LegacyTableHelperTest.php
src/Symfony/Component/DependencyInjection/Tests/Fixtures/php/services11.php
This PR was squashed before being merged into the 2.7 branch (closes#13482).
Discussion
----------
Implemented check on interface implementation
| Q | A
| ------------- | ---
| Bug fix? | Yes
| New feature? | No
| BC breaks? | No
| Deprecations? | No
| Tests pass? | Yes
| Fixed tickets | #13480
| License | MIT
| Doc PR |
Commits
-------
2a79ace Implemented check on interface implementation
* 2.6:
CS: fix some license headers
CS: Ensure there is no code on the same line as the PHP open tag and it is followed by a blankline
use visited lookup with reference to gain performance
Replace GET parameters when changed
[FrameworkBundle][debug:config] added support for dynamic configurations.
[WebProfiler] Fix partial search on url in list
Conflicts:
src/Symfony/Bridge/Propel1/Form/EventListener/TranslationCollectionFormListener.php
src/Symfony/Bridge/Propel1/Form/EventListener/TranslationFormListener.php
* 2.3:
CS: fix some license headers
CS: Ensure there is no code on the same line as the PHP open tag and it is followed by a blankline
use visited lookup with reference to gain performance
Replace GET parameters when changed
Conflicts:
src/Symfony/Component/DependencyInjection/Dumper/PhpDumper.php
This PR was merged into the 2.3 branch.
Discussion
----------
CS: fix some license headers
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | ?
| Fixed tickets | N/A
| License | MIT
| Doc PR | N/A
Commits
-------
2b74841 CS: fix some license headers
* 2.6:
Fix small coding style
[2.3] Static Code Analysis for Components
[Form] fixed phpdoc
CS: Convert double quotes to single quotes
Fixed MongoODM entity loader. Improved loading behavior of entities and documents by reusing entity loader.
[Validator] added Japanese translation for unmatched charset (id: 80)
[WebProfilerBundle] fixed undefined buttons.
[WebProfilerBundle] Fix javascript toolbar on IE8
[DependencyInjection] Highest precedence for user parameters
bumped Symfony version to 2.6.6
[Translation][MoFileLoader] fixed load empty translation.
updated VERSION for 2.6.5
updated CHANGELOG for 2.6.5
bumped Symfony version to 2.3.27
updated VERSION for 2.3.26
update CONTRIBUTORS for 2.3.26
updated CHANGELOG for 2.3.26
[HttpKernel] UriSigner::buildUrl - default params for http_build_query
Conflicts:
src/Symfony/Bridge/Propel1/Tests/DataCollector/PropelDataCollectorTest.php
src/Symfony/Component/DependencyInjection/Dumper/PhpDumper.php
src/Symfony/Component/HttpKernel/Kernel.php
src/Symfony/Component/Security/Http/Firewall/AbstractPreAuthenticatedListener.php
src/Symfony/Component/Validator/Resources/translations/validators.ja.xlf
* 2.6:
[HttpFoundation] MongoDbSessionHandler::read() now checks for valid session age
Changed visibility of setUp() and tearDown to protected
[WebProfilerBundle] Set debug+charset on the ExceptionHandler fallback
Added default button class
used HTML5 meta charset tag and removed hardcoded ones
Revert "bug #13715 Enforce UTF-8 charset for core controllers (WouterJ)"
fixed XSS in the exception handler
Php Inspections (EA Extended) - static code analysis includes:
[2.3] Remove most refs uses
Test with local components instead of waiting for the subtree-splitter when possible
Conflicts:
.travis.yml
* 2.3:
Changed visibility of setUp() and tearDown to protected
fixed XSS in the exception handler
Php Inspections (EA Extended) - static code analysis includes:
[2.3] Remove most refs uses
Test with local components instead of waiting for the subtree-splitter when possible
Conflicts:
src/Symfony/Bundle/FrameworkBundle/Command/ContainerDebugCommand.php
src/Symfony/Component/Config/Util/XmlUtils.php
src/Symfony/Component/Console/Helper/ProgressHelper.php
src/Symfony/Component/Debug/ExceptionHandler.php
src/Symfony/Component/Debug/Tests/ErrorHandlerTest.php
src/Symfony/Component/Filesystem/Tests/FilesystemTest.php
src/Symfony/Component/OptionsResolver/Options.php
src/Symfony/Component/Security/Acl/Dbal/MutableAclProvider.php
src/Symfony/Component/Yaml/Inline.php
Reduce couple count calls in [Yaml]
Modernize type casting, fix several strict comparisons
Unsets merged
Elvis operator usage
Short syntax for applied operations
* 2.6: (21 commits)
[FrameworkBundle] Fix title and placeholder rendering in php form templates.
[TwigBridge] Removed duplicated code from TwigRenderer
[Translator][Logging] implement TranslatorBagInterface.
RequestDataCollector - small fix
renamed composer.phar to composer to be consistent with the Symfony docs
[FrameworkBundle] bumped min version of Routing to 2.3
removed composer --dev option everywhere
fixed a test
[Console] Fixed output bug, if escaped string in a formatted string.
“console help” ignores --raw option
Fix form icon position in web profiler
[Security] Remove ContextListener's onKernelResponse listener as it is used
Revert "minor #12652 [HttpFoundation] [Hackday] #9942 test: Request::getContent() for null value (skler)"
Revert "fixed assertion"
fixed assertion
[HttpFoundation] [Hackday] #9942 test: Request::getContent() for null value
fixed URL
Add reference to documentation in FormEvents phpdocs
[YAML] Fix one-liners to work with multiple new lines
Keep "pre" meaning for var_dump quick-and-dirty debug
...
Conflicts:
src/Symfony/Bridge/Twig/composer.json
src/Symfony/Bundle/FrameworkBundle/composer.json
src/Symfony/Component/Security/Http/Firewall/ContextListener.php
src/Symfony/Component/Security/Http/Tests/Firewall/ContextListenerTest.php
* 2.3:
[FrameworkBundle] Fix title and placeholder rendering in php form templates.
RequestDataCollector - small fix
renamed composer.phar to composer to be consistent with the Symfony docs
[FrameworkBundle] bumped min version of Routing to 2.3
removed composer --dev option everywhere
fixed a test
[Console] Fixed output bug, if escaped string in a formatted string.
[Security] Remove ContextListener's onKernelResponse listener as it is used
Revert "minor #12652 [HttpFoundation] [Hackday] #9942 test: Request::getContent() for null value (skler)"
Revert "fixed assertion"
fixed assertion
[HttpFoundation] [Hackday] #9942 test: Request::getContent() for null value
fixed URL
Add reference to documentation in FormEvents phpdocs
[YAML] Fix one-liners to work with multiple new lines
Keep "pre" meaning for var_dump quick-and-dirty debug
[Console][Table] Fix cell padding with multi-byte
Conflicts:
src/Symfony/Bundle/FrameworkBundle/Resources/views/Form/widget_attributes.html.php
src/Symfony/Bundle/FrameworkBundle/composer.json
src/Symfony/Component/Console/Helper/TableHelper.php
This PR was squashed before being merged into the 2.3 branch (closes#13466).
Discussion
----------
[Security] Remove ContextListener's onKernelResponse listener as it is used
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
The context listeners are specific to a particular firewall, and as such, should not be applied if the current request doesn't match that context listener. To avoid this, the context listener can remove itself from the dispatcher as it is called.
This comes in to affect when two or more firewalls are setup and using the same kernel for multiple requests. Assuming there are two firewalls 'site' and 'admin'
- Request comes in matching 'site' firewall, 'site' ContextListener adds it's onKernelResponse method to the dispatcher
- Succesful auth for 'site'
- ContextListener writes token to session
- Request comes in matching 'admin' firewall, 'admin' ContextListener can't find anything in the session, so nulls the token in the security context
- 'site' ContextListener listens for response, can't find a token in the security context so removes the 'site' token from the session
Commits
-------
380d805 [Security] Remove ContextListener's onKernelResponse listener as it is used
* 2.6: (46 commits)
fixxed order of usage
[2.7] [Form] Replaced calls to array_search() by in_array() where is no need to get the index
[Process] Make test AbstractProcessTest::testStartAfterATimeout useful again
removed non-sense example
Fixes small typo.
[Validator] Remove unnecessary include in tests
[HttpFoundation] minor: clarify Request::getUrlencodedPrefix() regex
fixed typo
[Validator] fix DOS-style line endings
Drop useless execution bit
bumped Symfony version to 2.6.5
[Serializer] update changelog
updated VERSION for 2.6.4
updated CHANGELOG for 2.6.4
bumped Symfony version to 2.5.11
[HttpKernel] Added use of provided by #12022 method to instantiate controller class in bundle's controller resolver
updated VERSION for 2.5.10
updated CHANGELOG for 2.5.10
[Validator] Add a Russian translation for invalid charset message
[2.3] [Validator] spanish translation for invalid charset message
...
Conflicts:
src/Symfony/Bridge/Doctrine/Validator/Constraints/UniqueEntityValidator.php
src/Symfony/Component/HttpKernel/Exception/FatalErrorException.php
src/Symfony/Component/HttpKernel/Exception/FlattenException.php
src/Symfony/Component/HttpKernel/Kernel.php
src/Symfony/Component/Routing/Tests/Generator/UrlGeneratorTest.php
src/Symfony/Component/Validator/Resources/translations/validators.de.xlf
src/Symfony/Component/Validator/Resources/translations/validators.en.xlf
src/Symfony/Component/Validator/Resources/translations/validators.es.xlf
src/Symfony/Component/Validator/Resources/translations/validators.fr.xlf
src/Symfony/Component/Validator/Resources/translations/validators.pl.xlf
src/Symfony/Component/Validator/Resources/translations/validators.ru.xlf
src/Symfony/Component/Validator/Resources/translations/validators.sl.xlf
* 2.6:
[2.3] [HttpFoundation] [MimeTypeGuesser]
Removed dead code and various cleaning
Removed dead code and various cleaning
[FrameworkBundle][xsd] added missing logging attribute.
[Console] Make it clear that the second argument is not about command options.
Added the '-' character for spaceless on tag start and end to be consistent for block, if, set and for nodes
[Yaml] fixed parse shortcut Key after unindented collection.
[Console] fixed#10531
Make the container considered non-fresh if the environment parameters are changed
* 2.5:
[2.3] [HttpFoundation] [MimeTypeGuesser]
Removed dead code and various cleaning
[Console] Make it clear that the second argument is not about command options.
Added the '-' character for spaceless on tag start and end to be consistent for block, if, set and for nodes
[Yaml] fixed parse shortcut Key after unindented collection.
[Console] fixed#10531
Make the container considered non-fresh if the environment parameters are changed
Conflicts:
src/Symfony/Bridge/Twig/Resources/views/Form/form_div_layout.html.twig
* 2.3:
[2.3] [HttpFoundation] [MimeTypeGuesser]
Removed dead code and various cleaning
[Console] Make it clear that the second argument is not about command options.
Added the '-' character for spaceless on tag start and end to be consistent for block, if, set and for nodes
[Yaml] fixed parse shortcut Key after unindented collection.
[Console] fixed#10531
Make the container considered non-fresh if the environment parameters are changed
Conflicts:
src/Symfony/Bridge/Twig/Resources/views/Form/form_div_layout.html.twig
src/Symfony/Bridge/Twig/Resources/views/Form/form_table_layout.html.twig
src/Symfony/Component/Console/Tests/ApplicationTest.php
src/Symfony/Component/Security/Core/Authentication/Provider/PreAuthenticatedAuthenticationProvider.php
* 2.6:
bumped Symfony version to 2.6.4
updated VERSION for 2.6.3
updated CHANGELOG for 2.6.3
bumped Symfony version to 2.6.3
updated VERSION for 2.6.2
updated CHANGELOG for 2.6.2
bumped Symfony version to 2.5.10
updated VERSION for 2.5.9
updated CHANGELOG for 2.5.9
[FrameworkBundle] Use security.token_storage service in Controller::getUser()
bumped Symfony version to 2.3.25
updated VERSION for 2.3.24
update CONTRIBUTORS for 2.3.24
Removed unneeded version requirements
updated CHANGELOG for 2.3.24
fixed tests
[Security] Don't destroy the session on buggy php releases.
[Process] Fix input reset in WindowsPipes
add back model_timezone and view_timezone options
Conflicts:
src/Symfony/Component/HttpKernel/Kernel.php
* 2.5:
bumped Symfony version to 2.5.10
updated VERSION for 2.5.9
updated CHANGELOG for 2.5.9
bumped Symfony version to 2.3.25
updated VERSION for 2.3.24
update CONTRIBUTORS for 2.3.24
Removed unneeded version requirements
updated CHANGELOG for 2.3.24
fixed tests
[Security] Don't destroy the session on buggy php releases.
Conflicts:
src/Symfony/Component/HttpKernel/Kernel.php
* 2.3:
bumped Symfony version to 2.3.25
updated VERSION for 2.3.24
update CONTRIBUTORS for 2.3.24
updated CHANGELOG for 2.3.24
fixed tests
[Security] Don't destroy the session on buggy php releases.
Conflicts:
src/Symfony/Component/Console/Tests/Fixtures/application_2.json
src/Symfony/Component/HttpKernel/Kernel.php
* 2.6:
use Table instead of the deprecated TableHelper
[2.3] fix failing test
fixed typo
Escape annotations in comments, refs #13089.
[2.3] missing cleanup for legacy test
add missing param names to @param annotation
Improve the composer root version setting on Travis
use Table instead of the deprecated TableHelper
Conflicts:
src/Symfony/Bundle/FrameworkBundle/composer.json
* 2.5:
[2.3] fix failing test
fixed typo
Escape annotations in comments, refs #13089.
[2.3] missing cleanup for legacy test
add missing param names to @param annotation
Improve the composer root version setting on Travis
use Table instead of the deprecated TableHelper
Conflicts:
src/Symfony/Bundle/FrameworkBundle/Console/Descriptor/TextDescriptor.php
* 2.3:
[2.3] fix failing test
fixed typo
Escape annotations in comments, refs #13089.
[2.3] missing cleanup for legacy test
add missing param names to @param annotation
Improve the composer root version setting on Travis
This PR was merged into the 2.7 branch.
Discussion
----------
[2.7] adds deprecation notices.
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | yes
| Tests pass? | yes
| Fixed tickets | #12608, #12672, #12675#12684, #12686
| License | MIT
| Doc PR | ~
Commits
-------
f9fbb4f Fixes more deprecation notices as per @stof review.
fd47c07 Fixed some deprecations according to @stof feedbacks.
2a3e7d2 Normalizes deprecation notice messages.
738b9be [Validator] fixes UuidValidator deprecated class namespace.
e608ba6 [Form] adds more deprecation notices.
cd9617a [Validator] adds more deprecation notices.
a7f841e [Form] Adds a way to trigger deprecation notice on demand for VirtualFormAwareIterator class.
97efd2c Fixes more deprecation notices.
fd9c7bb Normalized @deprecated annotations.
39cfd47 Removed deprecation notices from test files.
2a9749d Fixes deprecation notices.
6f57b7b Reverted trigger_error() function calls on deprecated interfaces to prevent breaking third party projects implementing them.
86b9f6b Adds deprecation notices for structures to be removed in 3.0.
* 2.6:
[2.6] fix deprecation silencing...
[Form] fix Context\ExecutionContextInterface mock
[Validator] marks TraversalStrategy::STOP_RECURSION constant internal as it has been introduced for the BC layer and will be removed in 3.0.
* 2.5:
[Form] fix Context\ExecutionContextInterface mock
[Validator] marks TraversalStrategy::STOP_RECURSION constant internal as it has been introduced for the BC layer and will be removed in 3.0.
* 2.6:
fixed typo
Fixed minor typo - override
[Filesystem] enforce umask while testing
[TwigBridge] moved fixtures into their own directory
Use $this->iniSet() in tests
* 2.5:
[2.3] Remove useless tests skips
[ClassLoader] removes deprecated classes from documentation.
[ClassLoader] added missing deprecation notice.
[HttpFoundation] Fix an issue caused by php's Bug #66606.
[Yaml] Update README.md
Don't add Accept-Range header on unsafe HTTP requests
simplify hasScheme method
adapted merge to 2.5
adapted previous commit for 2.3
[Security] Don't send remember cookie for sub request
[Security] fixed wrong phpdoc
[HttpKernel] Fix UriSigner::check when _hash is not at the end of the uri
[2.3] Cleanup deprecations
Conflicts:
src/Symfony/Bundle/FrameworkBundle/composer.json
src/Symfony/Bundle/WebProfilerBundle/Resources/views/Collector/logger.html.twig
src/Symfony/Component/HttpKernel/composer.json
* 2.3:
adapted previous commit for 2.3
[Security] Don't send remember cookie for sub request
[HttpKernel] Fix UriSigner::check when _hash is not at the end of the uri
Conflicts:
src/Symfony/Component/Security/Http/Tests/RememberMe/ResponseListenerTest.php
* 2.6:
Use PHPUnit ini_set wrapper in tests
[Process] Added a test skip check for Windows
[Process] Removed unused variable assignment
Fixes various phpdoc and coding standards.
Fixes Issue #13184 - incremental output getters now return empty strings
Updated copyright to 2015
Updated copyright to 2015
Updated copyright to 2015
[VarDumper] increase debug.max_items to 2500
[Debug] Update exception messages.
use value of DIRECTORY_SEPARATOR to detect Windows
force ExpressionLanguage version >= 2.6
[Debug] fixes ClassNotFoundFatalErrorHandler to correctly handle class not found errors with Symfony ClassLoader component autoloaders.
Clarify a comment.
use PHP_WINDOWS_VERSION_BUILD to detect Windows
Check if a field type_class is defined before using it.
Currently if you want to use inline bootstrap form rendering, this is usually enough:
Conflicts:
src/Symfony/Component/Debug/composer.json
* 2.5:
Use PHPUnit ini_set wrapper in tests
[Process] Added a test skip check for Windows
[Process] Removed unused variable assignment
Fixes various phpdoc and coding standards.
Fixes Issue #13184 - incremental output getters now return empty strings
Updated copyright to 2015
Updated copyright to 2015
Clarify a comment.
Conflicts:
src/Symfony/Component/HttpKernel/Fragment/EsiFragmentRenderer.php
* 2.3:
Use PHPUnit ini_set wrapper in tests
[Process] Added a test skip check for Windows
[Process] Removed unused variable assignment
Fixes various phpdoc and coding standards.
Fixes Issue #13184 - incremental output getters now return empty strings
Updated copyright to 2015
Conflicts:
src/Symfony/Bridge/Doctrine/Form/ChoiceList/EntityChoiceList.php
src/Symfony/Bridge/Propel1/Form/ChoiceList/ModelChoiceList.php
src/Symfony/Bundle/TwigBundle/Command/LintCommand.php
src/Symfony/Component/Debug/ExceptionHandler.php
src/Symfony/Component/Process/Tests/AbstractProcessTest.php