This PR was merged into the master branch.
Commits
-------
af87c2b changed the Firewall to be a proper subscriber
02bd359 changed the remember-me listener to be a proper subscriber
Discussion
----------
Changed some security classes to implement the EventSubscriberInterface interface
---------------------------------------------------------------------------
by fabpot at 2012-11-06T10:11:28Z
That could also be done in 2.1. What do you think?
This PR was merged into the master branch.
Commits
-------
55a0fef Float support added for transchoice in the Translation Component
Discussion
----------
Float support added for transchoice in the Translation Component
Bug fix: no
Feature addition: yes
Backwards compatibility break: no
Symfony2 tests pass: yes
License of the code: MIT
---------------------------------------------------------------------------
by pborreli at 2012-11-01T23:22:50Z
👍 nice PR
This PR was submitted for the 2.1 branch but it was merged into the master branch instead (closes#5916).
Commits
-------
917cc14 [HttpFoundation] Revise Mongo session storage
Discussion
----------
[HttpFoundation] Revise MongoDB session storage
```
Bug fix: yes
Feature addition: no
Backwards compatibility break: yes
Symfony2 tests pass: yes
Fixes the following tickets: -
Todo: -
License of the code: MIT
Documentation PR: -
```
I decided to take a look at the MongoDB session driver after reading @pgodel's [blog post](http://blog.servergrove.com/2012/11/05/storing-sessions-in-mongodb-with-symfony2/) today. This PR contains some fixes to make this session handler integrate better with MongoDB, as well as make it more in line with the work I did in zendframework/zf2/#2031:
* Default to _id for storing session ID (BC break)
* Use MongoDate instead of MongoTimestamp (BC break)
* Rename default field names ("sess_" is redundant)
* "justOne" is redundant for session removal
* Assert true return values in method tests
* Add note about TTL collections for gc()
* Don't set identifier in upsert (invalid behavior)
In my opinion, the BC breaks are reasonable. `_id` is the logical field to store the session ID, as I'd expect many users may not even think to index the `sess_id` field to avoid inefficient queries otherwise. Also, MongoTimestamp should never have been used in the existing manner. Per the [documentation](http://php.net/manual/en/class.mongotimestamp.php):
> This class is not for measuring time, creating a timestamp on a document or automatically adding or updating a timestamp on a document. Unless you are writing something that interacts with the sharding internals, stop, go directly to MongoDate, do not pass go, do not collect 200 dollars. This is not the class you are looking for.
On a side note, I'm not sure why `sess_` prefixes exist for the PDO driver. It seems redundant in either case (the table/collection would logically have "session" in the name).
The fix to the update statement actually addresses a bug were `_id` to appear in the `$set` query.
I'm not sure how to document the BC breaks or changes, as the 2.1 branch's readme files look a lot sparser than those for 2.0. Let me know if there's something else to be done, though.
---------------------------------------------------------------------------
by jmikola at 2012-11-06T02:49:06Z
FYI: the Travis CI build failure looks unrelated to these changes (something to do with Form tests): https://travis-ci.org/#!/jmikola/symfony/jobs/3076587
---------------------------------------------------------------------------
by pgodel at 2012-11-06T04:27:24Z
I think the BC breaks are very mino, so there is no reason to not merge this.
---------------------------------------------------------------------------
by jmikola at 2012-11-06T07:32:44Z
Thanks, @stof. That looked like something @pborreli would have caught sooner or later :)
---------------------------------------------------------------------------
by fabpot at 2012-11-06T08:00:48Z
As there is a BC break, I'm going to merge it on master.
---------------------------------------------------------------------------
by pborreli at 2012-11-06T08:05:08Z
@jmikola merging with master you will have a little conflict as i already fixed the citeria => criteria typo :)
* Default to _id for storing session ID
* Use MongoDate instead of MongoTimestamp (BC break)
* Rename default field names ("sess_" is redundant)
* "justOne" is redundant for session removal
* Assert true return values in method tests
* Add note about TTL collections for gc()
* Don't set identifier in upsert (invalid behavior)
This PR was merged into the master branch.
Commits
-------
e193590 [Security] removed the 401 error custom status message
Discussion
----------
[Security] removed the 401 error custom status message
see fabpot/Silex#496
---------------------------------------------------------------------------
by pborreli at 2012-10-31T17:29:24Z
@fabpot please fix the test suite, if you don't know how to do it, read http://symfony.com/doc/current/contributing/code/tests.html, thx 😸
This PR was merged into the master branch.
Commits
-------
73bb47b [Console] Fix#5897 - Console component require Shell component
Discussion
----------
[Console] Fix#5897 - Console component require Shell component
When setting the process isolation of a shell to true:
`setProcessIsolation(true)` throw a `\RuntimeException` if the Process component isn't available.
Bug fix: yes
Feature addition: no
Backwards compatibility break: no
Symfony2 tests pass: yes
Fixes the following tickets: #5897
Todo: -
License of the code: MIT
Documentation PR: -
---------------------------------------------------------------------------
by alias-mac at 2012-11-04T17:07:59Z
I noticed that there is no Unit Testing for the Shell class. Shall I create one with the test for this fix/bug request?
---------------------------------------------------------------------------
by alias-mac at 2012-11-06T01:58:40Z
Updated based on @stof comments.
---------------------------------------------------------------------------
by alias-mac at 2012-11-06T02:11:20Z
The travis-ci build failure as nothing to do with the code. See:
https://travis-ci.org/#!/symfony/symfony/jobs/3076345
When setting the process isolation of a shell to true:
`setProcessIsolation(true)` throw a `\RuntimeException` if the Process component isn't available.
This PR was squashed before being merged into the master branch (closes#5841).
Commits
-------
6b601bd [http-foudation] Better accept header parsing
Discussion
----------
[http-foudation] Better accept header parsing
Bug fix: no
Feature addition: yes
Backwards compatibility break: yes
Symfony2 tests pass: yes
**Quality:**
The special `q` item attribute represents its quality. I had to make some choices:
* if I set `q` attribute, it's assigned to quality property, but not to attributes
* the `__toString()` method only render `q` attribute if quality is less than 1
**BC break:**
The return of `Request::splitHttpAcceptHeader()` has changed. It's result was an array of qualities indexed by an accept value, it now returns an array of `AcceptHeaderItem` indexed by its value.
---------------------------------------------------------------------------
by jfsimon at 2012-10-26T08:35:55Z
As dicussed in https://github.com/symfony/symfony/pull/5711.
---------------------------------------------------------------------------
by Seldaek at 2012-10-27T10:35:49Z
Maybe you can pull 5e8a5267f6 into your branch (for some reason I can't send a PR to your repo, it doesn't show up in github's repo selector.. looks like they don't like projects with too many forks). It allows you to use usort() which hopefully is faster than your merge sort, though I did not bench it. I also added tests to confirm the functionality.
---------------------------------------------------------------------------
by Seldaek at 2012-10-27T10:40:27Z
Sorry please check 376dd93c56 instead, I missed a few tests in the RequestTest class.
---------------------------------------------------------------------------
by jfsimon at 2012-10-29T16:26:03Z
@fabpot do you think the introduced BC break is acceptable?
---------------------------------------------------------------------------
by fabpot at 2012-10-29T16:37:06Z
@jfsimon Are all getAccept*() method BC?
---------------------------------------------------------------------------
by jfsimon at 2012-10-29T16:39:26Z
@fabpot nope, just `Request::splitHttpAcceptHeader()`
---------------------------------------------------------------------------
by jfsimon at 2012-10-29T16:43:18Z
@fabpot I think missunderstood... only `Request::splitHttpAcceptHeader()` breaks BC.
---------------------------------------------------------------------------
by fabpot at 2012-10-29T16:53:22Z
So, a BC break on just splitHttpAcceptHeader is possible... but should be documented properly. Another option would be to deprecate the current method (and keep it as is), and just use the new version everywhere. Sounds better as it won"t introduce any BC breaks.
---------------------------------------------------------------------------
by jfsimon at 2012-10-29T16:55:57Z
@fabpot Okay, I'll update this PR according to your second option.
---------------------------------------------------------------------------
by jfsimon at 2012-10-29T20:14:46Z
@fabpot done.
As you can see here: https://github.com/symfony/symfony/pull/5841/files#L5L1029 value returned by `Request::splitHttpAcceptHeader()` is not **exactly** the same as before because all attributes are present (not only those before the `q` one).
---------------------------------------------------------------------------
by fabpot at 2012-10-30T06:16:23Z
The last thing missing before I can merge is a PR to update the documentation (should probably be just a note somewhere with the example you have in the UPGRADE file).
---------------------------------------------------------------------------
by jfsimon at 2012-10-30T07:07:08Z
@fabpot I could add this example here: http://symfony.com/doc/current/components/http_foundation/introduction.html#request after `Accessing the session`, what do you think?
---------------------------------------------------------------------------
by fabpot at 2012-10-30T07:14:10Z
Yes, looks good to me.
* 2.1:
removed unused use statements
[Form] Adapted HTML5 format in DateTimeType as response to a closed ICU ticket
[2.1][HttpFoundation] Fixed Php doc in Request::get
bumped Symfony version to 2.1.4-DEV
updated VERSION for 2.1.3
update CONTRIBUTORS for 2.1.3
updated CHANGELOG for 2.1.3
merged branch jakzal/yamlDoubleQuotesDumperFix (PR #4320)
Conflicts:
src/Symfony/Component/HttpKernel/Kernel.php
This PR was merged into the 2.1 branch.
Commits
-------
b9f6cac [2.1][HttpFoundation] Fixed Php doc in Request::get
Discussion
----------
[2.1][HttpFoundation] Fixed Php doc in Request::get
Bug fix: yes
Feature addition: no
Backwards compatibility break: no
Symfony2 tests pass: yes
License of the code: MIT
According to php code, `Request::get` method does not seek in cookies.
---------------------------------------------------------------------------
by pborreli at 2012-11-02T11:02:26Z
your PR is full of reSquest typo :)
---------------------------------------------------------------------------
by lyrixx at 2012-11-02T11:25:31Z
@pborreli Fixed
This PR was merged into the 2.1 branch.
Commits
-------
a0af8bf [Form] Adapted HTML5 format in DateTimeType as response to a closed ICU ticket
Discussion
----------
[Form] Adapted HTML5 format in DateTimeType as response to a closed ICU ticket
Bug fix: no
Feature addition: no
Backwards compatibility break: no
Symfony2 tests pass: yes
Fixes the following tickets: -
Todo: -
License of the code: MIT
Documentation PR: -
This PR was merged into the master branch.
Commits
-------
b550677 [Finder] Fix the BSD adapter
2401274 [Finder] Added bsd adapter (need tests).
Discussion
----------
[Finder] Adds bsd adapter.
OK on mac os x.
---------------------------------------------------------------------------
by fabpot at 2012-10-31T08:22:05Z
Here are the results for the Finder tests on my Mac:
```
............................................................... 63 / 181 ( 34%)
......................find: -regextype: unknown primary or operator
F..............find: -regextype: unknown primary or operator
find: -regextype: unknown primary or operator
.find: -regextype: unknown primary or operator
find: -regextype: unknown primary or operator
......................... 126 / 181 ( 69%)
.......................................................
Time: 1 second, Memory: 10.75Mb
There was 1 failure:
1) Symfony\Component\Finder\Tests\FinderTest::testIgnoreDotFiles with data set #1 (Symfony\Component\Finder\Adapter\PhpAdapter)
Failed asserting that two arrays are equal.
--- Expected
+++ Actual
@@ @@
Array (
- 0 => '/var/folders/h7/55h7wcsx4g1cl...r/.bar'
- 1 => '/var/folders/h7/55h7wcsx4g1cl...r/.foo'
- 2 => '/var/folders/h7/55h7wcsx4g1cl...o/.bar'
- 3 => '/var/folders/h7/55h7wcsx4g1cl...r/.git'
- 4 => '/var/folders/h7/55h7wcsx4g1cl...er/foo'
- 5 => '/var/folders/h7/55h7wcsx4g1cl...oo bar'
- 6 => '/var/folders/h7/55h7wcsx4g1cl...ar.tmp'
- 7 => '/var/folders/h7/55h7wcsx4g1cl...st.php'
- 8 => '/var/folders/h7/55h7wcsx4g1cl...est.py'
- 9 => '/var/folders/h7/55h7wcsx4g1cl...r/toto'
)
.../src/Symfony/Component/Finder/Tests/Iterator/IteratorTestCase.php:25
.../src/Symfony/Component/Finder/Tests/FinderTest.php:207
phpunit:46
```
---------------------------------------------------------------------------
by jfsimon at 2012-10-31T08:46:22Z
@fabpot thank you! It seems I need to experiment a little more...
---------------------------------------------------------------------------
by jfsimon at 2012-11-01T14:38:31Z
@fabpot BSD adapter is OK on mac os x.
This PR was merged into the master branch.
Commits
-------
4e21bf2 [Finder] Added path & notPath support to gnu find adapter.
6258d12 [Finder] Fixed expression classes.
5c6dbeb [Finder] Fixed tests.
c36dfc1 [Component][Finder] ->path(), ->notPath() methods (with basic tests)
Discussion
----------
[2.2][Finder] ->pathContains(), ->pathNotContains() methods (with basic tests)
Bug fix: no
Feature addition: yes
Backwards compatibility break: no
Symfony2 tests pass: [](http://travis-ci.org/gajdaw/symfony)
Fixes the following tickets: #4581
Todo: -
License of the code: MIT
Documentation PR: -
Two additional methods: `Finder->path()` and `Finder->notPath()`.
They allow filtering with paths, e.g. `->path('some/special/dir')`.
---------------------------------------------------------------------------
by fabpot at 2012-09-21T05:52:01Z
Can you submit a PR on symfony/symfony-docs to update the documentation and reference it here before I merge? Thanks.
---------------------------------------------------------------------------
by gajdaw at 2012-09-21T10:54:50Z
I've already done it in PR1527.
https://github.com/symfony/symfony-docs/pull/1527
---------------------------------------------------------------------------
by stof at 2012-09-21T22:15:46Z
Actually, to be BC in PHPUnit when switching to Finder (this feature is the reason why the switch was reverted in 3.7), they will need the support of the glob syntax. Should it be supported directly in the Finder or should we consider that PHPUnit will have to put the code converting globs to regexes themselves before calling the finder ?
---------------------------------------------------------------------------
by fabpot at 2012-09-23T13:15:08Z
@stof what about supporting globs/patterns for the `in()` method?
---------------------------------------------------------------------------
by stof at 2012-09-23T13:38:00Z
yeah, this could be a good idea too
---------------------------------------------------------------------------
by gajdaw at 2012-09-26T06:11:56Z
Supporting globs in `path(), notPath()` methods is trivial: we have `Glob::toRegex()`. The only thing to do is to convert (when necessary) parameter sent to `path(), notPath()`.
---------------------------------------------------------------------------
by stof at 2012-10-13T17:19:08Z
@gajdaw can you update this PR with the glob support and rebase it ?
---------------------------------------------------------------------------
by fabpot at 2012-10-29T11:20:55Z
@gajdaw You also need to rebase and update the new adapters accordingly. Maybe @jfsimon can help.
---------------------------------------------------------------------------
by jfsimon at 2012-10-29T16:22:25Z
With pleasure! @gajdaw let me know if I can do anything.
---------------------------------------------------------------------------
by gajdaw at 2012-10-29T16:48:10Z
I have moved `->path()` and `->notPath()` methods to `PhpAdapter`.
This implementation passes all the tests on Windows, but Travis reports failures.
I think that similar methods should be implemented for `GnuFindAdapter`.
@jfsimon What do you think?
---------------------------------------------------------------------------
by jfsimon at 2012-10-29T17:03:36Z
@gajdaw Travis says class 'Symfony\Component\HttpKernel\Exception\InternalServerErrorHttpException' not found in /home/travis/builds/symfony/symfony/src/Symfony/Component/HttpKernel/Tests/Exception/FlattenExceptionTest.php on line 83. This is weird.
And yes, `AdapterInterface` and `GnuFindAdapter` should be updated too. I can work on it if you like.
---------------------------------------------------------------------------
by fabpot at 2012-10-29T17:07:46Z
I've just fixed the unit tests
---------------------------------------------------------------------------
by gajdaw at 2012-10-29T17:25:43Z
@jfsimon Can implement `path(), notPath()` for `GnuFindAdapter`? I have no time to analyse Gnu's `find` command at the moment. Thanks!
---------------------------------------------------------------------------
by jfsimon at 2012-10-29T17:30:13Z
@gajdaw okay.
---------------------------------------------------------------------------
by jfsimon at 2012-10-29T19:05:26Z
@gajdaw work complete! I cant make a PR on your repos :-/ Could you merge my repos https://github.com/jfsimon/symfony/tree/component_finder_path_notPath please? Or maybe could I post a new PR on symfony/master.
---------------------------------------------------------------------------
by gajdaw at 2012-10-30T05:34:17Z
@jfsimon I have pulled your changes. I don't know wheather you should post a new PR.
This PR was squashed before being merged into the master branch (closes#5312).
Commits
-------
e0c4d99 [HttpKernel] Additional HTTP exceptions
Discussion
----------
[HttpKernel] Additional HTTP exceptions
I wanted to continue using exceptions for many other types of HTTP 4xx and 5xx status codes, particularly because I like the notion that I can trap the exception based on the type, rather than inspecting HttpException to see what status code it contains. I've decided to contribute these back to the Symfony HttpKernel component, in case others find them useful.
* Bug fix: no
* Feature addition: yes
* Backwards compatibility break: no
* Symfony2 tests pass: yes
* Fixes the following tickets: -
* Todo: -
* License of the code: MIT
* Documentation PR: n/a
This pull request provides the following new HttpKernel Exceptions:
Exception | Applicable HTTP Status Code
---------------------------------- | ---------------------------------------
BadRequestHttpException | `400 Bad Request`
ConflictHttpException | `409 Conflict`
GoneHttpException | `410 Gone`
InternalServerErrorHttpException | `500 Internal Server Error`
LengthRequiredHttpException | `411 Length Required`
NotAcceptableHttpException | `406 Not Acceptable`
PreconditionFailedHttpException | `412 Precondition Failed`
PreconditionRequiredHttpException | `428 Precondition Required`†
ServiceUnavailableHttpException | `503 Service Unavailable`
TooManyRequestsHttpException | `429 Too Many Requests`†
UnauthorizedHttpException | `401 Unauthorized`
UnsupportedMediaTypeHttpException | `415 Unsupported Media Type`
All the tests have been placed in the FlattenExceptionTest, since that's where the previous status code and method tests for HttpException exceptions are located, but I can move them to a more logical location, if needed.
† These codes have been included from [RFC 6585, Additional HTTP Status Codes](http://tools.ietf.org/html/rfc6585).
---------------------------------------------------------------------------
by stof at 2012-08-21T23:10:45Z
I would remove the InternalServerError one, as you get a 500 for any non-http exception anyway
---------------------------------------------------------------------------
by stof at 2012-08-21T23:11:34Z
and please rebase your branch to get rid of the merge commit at the beginning of your PR
---------------------------------------------------------------------------
by ramsey at 2012-10-03T20:22:59Z
@stof Can you provide some pointers on how to get rid of the merge commit through a rebase? I generally avoid rebase, so doing this is fairly new to me. I realize that what created the commit was a non-fast-forward merge, so I just need to understand how to get it to apply merges cleanly without creating merge commits like that. Thanks!
---------------------------------------------------------------------------
by alexandresalome at 2012-10-04T07:14:00Z
@ramsey
# suppose you are on branch-feature
# given origin is the symfony repository
git pull --rebase origin/master
# equivalent to
git fetch origin
git rebase origin/master
If you want to rebase your branch on 2.1:
git pull --rebase origin/2.1
---------------------------------------------------------------------------
by stof at 2012-10-04T18:52:22Z
@ramsey http://symfony.com/doc/current/contributing/code/patches.html#rework-your-patch for the documentation about the way to do it
---------------------------------------------------------------------------
by stof at 2012-10-13T20:44:26Z
@ramsey ping
---------------------------------------------------------------------------
by fabpot at 2012-10-29T09:47:36Z
I'm going to finish this PR, but #5862 should be merged first.
---------------------------------------------------------------------------
by ramsey at 2012-10-29T15:36:31Z
Sorry I've been sitting on this for so long. I haven't had time to figure out how to get rid of the merge commit, as @stof requested. That's the only outstanding issue here, as far as I know.
---------------------------------------------------------------------------
by fabpot at 2012-10-29T15:47:54Z
I can see another issue. For some HTTP codes, you can/should/must add some headers or some content (like for the 406 status code).
Don't worry about the merge commit or the rebasing, I will take care of that myself when merging the PR.
---------------------------------------------------------------------------
by ramsey at 2012-10-29T16:05:04Z
I don't know what header is required for the 406 status code. RFC 2616 doesn't specify one. It does say "the response should include an entity containing a list of available entity characteristics and locations."
In other exceptions, such as UnauthorizedHttpException, TooManyRequestsHttpException, and ServiceUnavailableException, I did provide the required headers.
On Monday, October 29, 2012 at 10:48 AM, Fabien Potencier wrote:
> I can see another issue. For some HTTP codes, you can/should/must add some headers or some content (like for the 406 status code).
> Don't worry about the merge commit or the rebasing, I will take care of that myself when merging the PR.
>
> —
> Reply to this email directly or view it on GitHub (https://github.com/symfony/symfony/pull/5312#issuecomment-9871877).
>
>
>
Commits
-------
b631073 [Yaml] Fixed double quotes escaping in Dumper.
Discussion
----------
[Yaml] Fixed double quotes escaping in Dumper
Issue #4308 is caused by Dumper::escapeWithDoubleQuotes() which uses [str_replace()](http://php.net/str_replace).
From the php docs:
> Because str_replace() replaces left to right, it might replace a previously inserted value when doing multiple replacements.
We should be very careful in deciding about the order of elements in $escapees array. I'd really appreciate if someone reviewed my fix. Tests say I didn't break anything but I'm not sure what percentage of Yaml specification is covered by tests.
Bug fix: yes
Feature addition: no
Backwards compatibility break: not that I know
Symfony2 tests pass: [](http://travis-ci.org/jakzal/symfony)
Fixes the following tickets: #4308
---------------------------------------------------------------------------
by travisbot at 2012-05-18T08:53:51Z
This pull request [passes](http://travis-ci.org/symfony/symfony/builds/1364279) (merged 5192722c into a04acc89).
---------------------------------------------------------------------------
by travisbot at 2012-05-18T23:19:49Z
This pull request [fails](http://travis-ci.org/symfony/symfony/builds/1371539) (merged ecaa1aab into fc3c609b).
---------------------------------------------------------------------------
by dinamic at 2012-05-19T07:35:21Z
Something is really wrong with this method. You can see clearly that multiple characters would fail proper escaping.
Here's an example:
```
$value = '\\\\"some value\n \"some quoted string\" and \'some single quotes one\'"';
var_dump(Escaper::escapeWithDoubleQuotes($value));
string(72) ""\\\"some value\n \\some quoted string\\ and 'some single quotes one'\"""
```
To begin with the backslash - in the initial value you have 2 (escaped ones), that after escaping should result in 4, not in 1 (escaped). I guess this behavior has to be verified with the importer, but imho it does not seem right.
Does anyone know why this escaping wasn't done using a regular expression in first place?
---------------------------------------------------------------------------
by clemens-tolboom at 2012-05-19T10:18:58Z
Searching for https://duckduckgo.com/?q=what+is+\xc2\x85 the table on http://stackoverflow.com/questions/6609895/efficiently-replace-bad-characters is interesting enough to decide we need way more documentation on this file.
\xc2\x85 seems to be triple dot (ellipses)
\xe2\x80\xa9 seems to be paragraph separator see http://drupal.org/node/914360#comment-3468550
Conflicts:
src/Symfony/Component/Yaml/Escaper.php
This PR was merged into the master branch.
Commits
-------
2f7bbbf [HttpFoundation] Added BinaryFileResponse.
Discussion
----------
[2.2] [HttpFoundation] Added BinaryFileResponse.
Another stab at #3602, based on @stealth35's code at https://gist.github.com/1472230.
- Move things around a little, clean things up, looking how it has been done in StreamedResponse.
- Add tests.
- Make functions chainable.
- Add a flag whether or not to trust the X-Sendfile-Type header.
---------------------------------------------------------------------------
by Partugal at 2012-06-10T19:56:43Z
What about support X-Accel-Redirect (nginx)?
---------------------------------------------------------------------------
by niklasf at 2012-06-10T20:41:10Z
@Partugal: So we support X-Sendfile-Type to pick the X-Sendfile header. What else would be needed to support X-Accel-Redirect (which we should definitely do)?
---------------------------------------------------------------------------
by Partugal at 2012-06-10T21:29:41Z
@niklasf Because nginx not use full file path, this need X-Accel-Mapping header (http://rack.rubyforge.org/doc/Rack/Sendfile.html)
---------------------------------------------------------------------------
by niklasf at 2012-06-10T22:45:38Z
@Partugal: Alright. Doing such a substitution now. Also added a test for that.
---------------------------------------------------------------------------
by stealth35 at 2012-06-11T07:47:35Z
I think the MIME should be base on the extensions map, for an example with `xlsx` that send an `application/zip` or a `xlsx` file MIME is `application/vnd.openxmlformats-officedocument.spreadsheetml.sheet`
Client to server : Reverve MIME => libmagic
Server to client : MIME => MIME map
---------------------------------------------------------------------------
by niklasf at 2012-06-11T14:40:00Z
@partugal: Thanks! Also added tests. Any e-mail you want to have in your credits?
---------------------------------------------------------------------------
by niklasf at 2012-06-11T14:41:39Z
@stealth35: Yeah ... makes sense. How would I get that information?
---------------------------------------------------------------------------
by stealth35 at 2012-06-11T14:47:36Z
use the `Symfony\Component\HttpFoundation\File\Mimetype\MimeTypeExtensionGuesser` it's the same map as Apache
and if the extension don't exists use `$this->getMimeType` and finaly `application/octet-stream`
---------------------------------------------------------------------------
by Partugal at 2012-06-11T15:46:41Z
@niklasf Thanks you for your work
If needed you may use linniksa@gmail.com
---------------------------------------------------------------------------
by niklasf at 2012-06-14T10:58:19Z
@stealth35: Sorry. I have to ask again.
- So the first step would be using the map in `MimeTypeExtensionGuesser`? I don't see how I can access that, because the `guess()` method it has, is for guessing extensions from mime types, not the reverse.
- Then, by `$this->getMimeType` you mean the getMimeType() method of the file? Sounds good.
- `application/octet-stream` as the fallback. Alright.
---------------------------------------------------------------------------
by stealth35 at 2012-06-14T11:00:33Z
Yeah sorry `MimeTypeExtensionGuesser` is for getting an extension with the Mime, forget about this, i'll take care aboute all MIME intégration later
---------------------------------------------------------------------------
by niklasf at 2012-06-14T13:12:22Z
@stealth35: Awesome. Thanks a lot.
---------------------------------------------------------------------------
by jalliot at 2012-08-07T20:53:54Z
@niklasf You should backport the changes from 532334d23d and 3f51bc0a3d
---------------------------------------------------------------------------
by niklasf at 2012-08-07T21:07:10Z
@jalliot Thanks. Fixed.
This PR was merged into the master branch.
Commits
-------
2817a47 [Finder] Fixed filename containing space bug in gnu adapter.
9bf7cb0 [Finder] Added filename containing space to tests.
Discussion
----------
[Finder] Fixed filename containing space bug in gnu find adapter.
Bug fix: yes
Feature addition: no
Backwards compatibility break: no
Symfony2 tests pass: yes
Fixes: #5851
`GNU find` adapter now uses `cut` instead of `awk`.
This PR was merged into the master branch.
Commits
-------
3e58893 [Security] Tweak UsernamePasswordFormAuthenticationListener
Discussion
----------
[Security] Tweak UsernamePasswordFormAuthenticationListener
Bug fix: no
Feature addition: no
Backwards compatibility break: no
Symfony2 tests pass: [](http://travis-ci.org/acasademont/symfony)
Fixes the following tickets: -
Todo: -
License of the code: MIT
Documentation PR: -
Improvements:
- Do not check twice for the ```only_post``` condition. The condition in the ```attemptAuthentication``` method is useless as this method will never be called if the previous ```requiresAuthentication``` call returns false.
- If the expected request is ```only_post```, check only the POST variables for the username and password parameters. Otherwise, query params and attributes are checked before.
- Use POST instead of post for correctness
This PR was merged into the master branch.
Commits
-------
aecc9b1 fixed tests when OpenSsl is not enabled in PHP, renamed a missnamed test, added missing license doc blocks
ca567b5 fixed CS
5cdf696 added a SecureRandomInterface
234f725 rename String to StringUtils
5849855 moved the secure random dep for remember me as a constructor argument
248703f renamed Prng to SecureRandom
c0c8972 simplified the Prng code
e5dc7af moved the secure random class from JMSSecurityExtraBundle to Symfony (closes#3595)
Discussion
----------
[2.2][Security] Add a PRNG (closes#3595)
As per #3595, I have moved the secure random class from JMSSecurityExtraBundle to Symfony.
It has more impact than I expected ;)
As you will see, the implementation has been refactored a bit. The most notable change is that Doctrine support has been moved to the bridge with the addition of a proper Doctrine seed provider (Doctrine is not a special case anymore).
The Doctrine configuration has been moved to the DoctrineBundle: doctrine/DoctrineBundle#91schmittjoh/JMSSecurityExtraBundle#65 removes the code that has been moved.
---------------------------------------------------------------------------
by Seldaek at 2012-07-05T13:26:01Z
I'm all for more security features, and both the String class & the Prng class for wrapping openssl make a lot of sense IMO, but I fail to see the use of the rest.
If we just want a seed to have a fallback in case openssl is missing, I'd rather have a secret in the config.yml than a million classes to store the same secret in the DB. Maybe I'm missing something though? /cc @schmittjoh
---------------------------------------------------------------------------
by schmittjoh at 2012-07-05T16:32:10Z
Having the configuration in different places (SecurityBundle & DoctrineBundle) feels a bit weird. I would prefer an approach similar to ACL, or the user provider/firewall section with factories. The latter being a bit more work to implement and the former potentially asking for complaints about too tight coupling to Doctrine.
Regarding testing, we probably need to move the disableOpenSsl method to the SecureRandom class in order to allow OpenSSL to be disabled for testing and we also need to change the byte generation algorithm to produce the same output for the same starting seed. I agree that it does not make sense to introduce an interface for SecureRandom as only the seed providers should be replaced.
As for the seed itself, it is constantly updated and does not stay the same as in the beginning. Thus, we need a provider that we can write to, and not only read from. I'm also not sure about using OpenSSL on Windows as I have read enough resources which claimed that the entropy on Windows is not always good (including OpenSSL docs). Always using the custom seed provider at least always ensured proper entropy even if OpenSSL's speed issues have been fixed in newer PHP versions.
---------------------------------------------------------------------------
by stof at 2012-07-05T16:44:24Z
@schmittjoh everything is in SecurityBundle now as it does not use a database anymore
---------------------------------------------------------------------------
by stof at 2012-07-05T16:44:59Z
and there is no seed provider anymore either
---------------------------------------------------------------------------
by schmittjoh at 2012-07-05T16:53:39Z
Not having a seed provider is not such a good idea, but having a file-based seed provider is.
---------------------------------------------------------------------------
by Seldaek at 2012-07-05T17:01:18Z
@schmittjoh why would you need to replace the seed provider? Don't you think that people serious about security to the point that they would want a stronger seed provider would enable openssl instead?
---------------------------------------------------------------------------
by stof at 2012-07-05T17:06:50Z
Well, what I meant is that there is no interchangeable provider anymore. The Prng class uses the file directly.
And btw, I think the Prng class should be mockable for tests, so it should either have an interface or not be final (I vote for adding an interface)
---------------------------------------------------------------------------
by jalliot at 2012-07-09T18:46:12Z
@fabpot @schmittjoh What about using more fallbacks for `openssl_random_pseudo_bytes` like in @Seldaek's post ["Unpredictable hashes for humans"](http://seld.be/notes/unpredictable-hashes-for-humans)?
Trying `mcrypt_create_iv` first might also be faster.
---------------------------------------------------------------------------
by Seldaek at 2012-07-10T08:52:46Z
@jalliot I think mcrypt should be after if you make it use /dev/urandom, not 100% sure but openssl is probably higher quality than urandom.
---------------------------------------------------------------------------
by schmittjoh at 2012-07-10T09:12:07Z
The fallback algorithm that I added should be enough (it passes the
statistical randomness tests).
On Tue, Jul 10, 2012 at 10:52 AM, Jordi Boggiano <
reply@reply.github.com
> wrote:
> @jalliot I think mcrypt should be after if you make it use /dev/urandom,
> not 100% sure but openssl is probably higher quality than urandom.
>
> ---
> Reply to this email directly or view it on GitHub:
> https://github.com/symfony/symfony/pull/4763#issuecomment-6870145
>
---------------------------------------------------------------------------
by stof at 2012-10-13T17:20:06Z
@fabpot please send a PR to the doc so that this can be merged 😃
---------------------------------------------------------------------------
by stof at 2012-10-13T17:22:08Z
hmm, actually, some comments have not been taken into account yet so it is not ready to be merged
---------------------------------------------------------------------------
by stof at 2012-10-27T07:14:43Z
you forgot the SecureRandom file
---------------------------------------------------------------------------
by fabpot at 2012-10-27T08:49:54Z
I think I've addressed all the comments. If everyone agree with the current implementation, I'm going to start updating the documentation.
---------------------------------------------------------------------------
by fabpot at 2012-10-27T10:51:15Z
I've fixed the remaining CS issues.
---------------------------------------------------------------------------
by fabpot at 2012-10-28T07:00:31Z
Documentation is here: symfony/symfony-docs#1858
