Commits
-------
dee47b1 [DoctrineBridge] Add minimal tests for DBAL session storage driver
Discussion
----------
[2.1][DoctrineBridge] Add minimal tests for DBAL session storage driver
Bug fix: no
Feature addition: yes
Backwards compatibility break: no
Symfony2 tests pass: yes
Fixes the following tickets: -
Todo: -
This is intentionally only for the `master` branch because the class is different between 2.0 and master. This test is the minimal but at least will mean any refactoring changes in dependencies get caught.
Commits
-------
a5ed6ab [DoctrineBridge] Rewind MongoCursor before use in unique validator
Discussion
----------
[DoctrineBridge] Rewind MongoCursor before use in unique validator
Fixes a regression I introduced in: 265360d142
---------------------------------------------------------------------------
by jmikola at 2012-03-08T22:11:32Z
This was also reported in doctrine/DoctrineMongoDBBundle#84.
Let it be stated that we should create some functional tests for this validator :)
Commits
-------
bfb5547 fixed docblock
bf75212 use SecurityContextInterface instead of SecurityContext
498b4b6 use SecurityContextInterface instead of SecurityContext
Discussion
----------
use SecurityContextInterface instead of SecurityContext
Bug fix: no
Feature addition: no
Backwards compatibility break: yes
Symfony2 tests pass: yes
Fixes the following tickets: /
Todo: /
Abstract: it's not possible to exchange the `security.context` with another implementation without this change. You may not be able to extend the `SecurityContext` because `isGranted` is final, so you may implement your own context.
---------------------------------------------------------------------------
by pminnieur at 2012-03-06T17:37:27Z
PS: could you merge this back to 2.0 branch, too?
---------------------------------------------------------------------------
by stof at 2012-03-06T17:42:03Z
@pminnieur send a pull request to the 2.0 branch then
---------------------------------------------------------------------------
by lsmith77 at 2012-03-06T18:42:41Z
i guess this doesn't break BC as SecurityContext always implemented the SecurityContextInterface .. no?
---------------------------------------------------------------------------
by pminnieur at 2012-03-06T19:11:00Z
this would not break BC, correct. I may identify additonal places where its not typed against the Interface but the implementation, which is really annoying. I will update the PR tomorrow morning and also do a PR for the 2.0 branch.
---------------------------------------------------------------------------
by stof at 2012-03-06T22:04:09Z
As it is in the constructor, it is not a BC break indeed as overwritten constructors can have a different signature anyway. For other places, take care that it could be a BC issue for people extending the class
---------------------------------------------------------------------------
by pminnieur at 2012-03-06T22:11:28Z
as the `isGranted ` method in the `SecurityContext ` implementation provided by Symfony is declared `final`, it's not really extendable at all - which ultimately leads to the problem: its indirectly hard coupled ;-)
---------------------------------------------------------------------------
by stof at 2012-03-06T22:38:08Z
@pminnieur the BC break is not for people extending the SecurityContext but for people extending classes that typehint it
---------------------------------------------------------------------------
by pminnieur at 2012-03-07T10:45:55Z
JFYI: the `RememberMeListener ` also does not type hint the interface but the implementation itself (it's always a constructor argument). All the other `Security\Http\Firewall` listeners type hint against the interface. I will update the PR accordingly today and also create a second PR against the 2.0 branch.
---------------------------------------------------------------------------
by pminnieur at 2012-03-07T11:55:52Z
JFYI: same issue w/ JMSSecurityExtraBundle https://github.com/schmittjoh/JMSSecurityExtraBundle/pull/44
Commits
-------
dd192a1 Add PHPUnit annotation.
Discussion
----------
Add PHPUnit annotation
Bug fix: no
Feature addition: no
Backwards compatibility break: no
Symfony2 tests pass: yes
Fixes the following tickets: -
Todo: -
This test performs an action which affects the global space of the test process, therefor, these
tests must run in separate PHP processes.
Usage would be to extend the Kernel, and set the errorReportingLevel prior to calling parent::__construct(). Not ideal, but this doesn't break BC and allows the user to defer the decision as late as possible. This can/should be handled better in 2.1.x
Commits
-------
afbb8f2 Fixed misleading help for "name" argument as search for services with wildcards is not implemented
Discussion
----------
[FrameworkBundle, Console] Changed help text for container:debug command
Fixed help for "name" argument as search for services with wildcards is not implemented in ContainerDebugCommand
Commits
-------
f718859 [HttpFoundation] Removes use of parameter in Request::getClientIp function.
Discussion
----------
[HttpFoundation] Removes use of parameter in Request::getClientIp function
made in reference to this : https://groups.google.com/forum/#!topic/symfony-devs/cnSLwdAQiSk
Commits
-------
d2f8aa3 Allow autoload to run without vendors being cloned
Discussion
----------
[Tests] Allow autoload to run without vendors being cloned
Bug fix: yes
Feature addition: no
Backwards compatibility break: no
Symfony2 tests pass: yes
Commits
-------
97a9777 removed tab spaces
6e66602 updated and renamed the portuguese from Portugal validator messages file, because it should be the default language file for the portuguese language.
Discussion
----------
renamed and updated the portuguese from Portugal validator messages
Commits
-------
8796276 [SecurityBundle] Avoid direct request dependency in LogoutUrlHelper
Discussion
----------
[SecurityBundle] Avoid direct request dependency in LogoutUrlHelper
This quickly addresses the problem when the helper is constructed in a console environment without request scope. Ideally, the helper should be able to construct the absolute logout URL using data already available in the UrlGenerator's RequestContext and the $_SERVER environment variable; however, that will require copying some code from the Request class to create a base URI and path.
Fixes#3508
[](http://travis-ci.org/jmikola/symfony)
This quickly addresses the problem when the helper is constructed in a console environment without request scope. Ideally, the helper should be able to construct the absolute logout URL using data already available in the UrlGenerator's RequestContext and the $_SERVER environment variable; however, that will require copying some code from the Request class to create a base URI and path.
Fixes#3508
Commits
-------
85fd9f3 This should be 3 not 4, otherwiser I get the following error:
Discussion
----------
Error in logout success handler
I'm getting the following error:
OutOfBoundsException: The index "4" is not in the range [0, 3].
---------------------------------------------------------------------------
by jmikola at 2012-03-06T06:48:08Z
Thanks for catching this. My mistake in b1f545b677. SecurityBundle's functional tests for StandardFormLogin and CsrfFormLogin, which I added, don't test the success handler option.
@fabpot: Looks good to merge.
Commits
-------
654beee [Security] Document CSRF protection for LogoutListener
Discussion
----------
[Security] Document CSRF protection for LogoutListener
---------------------------------------------------------------------------
by Seldaek at 2012-03-05T18:01:36Z
I haven't checked, but for such things I find it way easier to find them in cookbooks than in the changelog - if you don't mind reformatting/copy that in a docs PR it'd be great.
Commits
-------
b73c703 Reverting return type left by mistake
881d290 Updating use of DoctrineBundle Registry to use the proper path to Doctrine\Bundle\DoctrineBundle\Registry
Discussion
----------
Updating use of DoctrineBundle Registry to use the proper path
Pointed to the new class: Doctrine\Bundle\DoctrineBundle\Registry
---------------------------------------------------------------------------
by adrienbrault at 2012-03-01T22:12:42Z
I think the return type should stay ```Registry```
---------------------------------------------------------------------------
by rdohms at 2012-03-01T22:48:35Z
Yes, that was a mistake, reverted.
Commits
-------
eb759c5 [Propel1] Fixed data collector
Discussion
----------
[Propel1] Fixed data collector
---------------------------------------------------------------------------
by jeremyFreeAgent at 2012-03-05T16:25:58Z
Sorry for the two previous pull requests :(
Commits
-------
49a8654 [Security] Use LogoutException for invalid CSRF token in LogoutListener
a96105e [SecurityBundle] Use assertCount() in tests
4837407 [SecurityBundle] Fix execution of functional tests with different names
66722b3 [SecurityBundle] Templating helpers to generate logout URL's with CSRF tokens
aaaa040 [Security] Allow LogoutListener to validate CSRF tokens
b1f545b [Security] Refactor LogoutListener constructor to take options
c48c775 [SecurityBundle] Add functional test for form login with CSRF token
Discussion
----------
[Security] Implement support for CSRF tokens in logout URL's
```
Bug fix: no
Feature addition: yes
Backwards compatibility break: no
Symfony2 tests pass: yes
Fixes the following tickets: -
Todo: -
```
[](http://travis-ci.org/jmikola/symfony)
This derived from #3006 but properly targeting on the master branch.
This exposes new configuration options to the logout listener to enable CSRF protection, as already exists for the form login listener. The individual commits and their extended messages should suffice for explaining the logical changes of the PR.
In addition to changing LogoutListener, I also created a templating helper to generate logout URL's, which includes a CSRF token if necessary. This may or may not using routing, depending on how the listener is configured since both route names or hard-coded paths are valid options.
Additionally, I added unit tests for LogoutListener and functional tests for both CSRF-enabled form logins and the new logout listener work.
Kudo's to @henrikbjorn for taking the time to document CSRF validation for form login listeners (see [here](http://henrik.bjrnskov.dk/symfony2-cross-site-request-forgery/)). The [Logout CSRF Protection](http://www.yiiframework.com/wiki/190/logout-csrf-protection/) article on the Yii Framework wiki was also helpful in drafting this.
---------------------------------------------------------------------------
by jmikola at 2011-12-31T07:50:31Z
Odd that Travis CI reported a build failure for PHP 5.3.2, but both 5.3 and 5.4 passed: http://travis-ci.org/#!/jmikola/symfony/builds/463356
My local machine passes as well.
---------------------------------------------------------------------------
by jmikola at 2012-02-06T20:05:30Z
@schmittjoh: Please let me know your thoughts on the last commit. I think it would be overkill to add support for another handler service and/or error page just for logout exceptions.
Perhaps as an alternative, we might just want to consider an invalid CSRF token on logout imply a false return value for `LogoutListener::requiresLogout()`. That would sacrifice the ability to handle the error separately (which a 403 response allows us), although we could still add logging (currently done in ExceptionListener).
---------------------------------------------------------------------------
by jmikola at 2012-02-13T17:41:33Z
@schmittjoh: ping
---------------------------------------------------------------------------
by fabpot at 2012-02-14T23:36:22Z
@jmikola: Instead of merging symfony/master, can you rebase?
---------------------------------------------------------------------------
by jmikola at 2012-02-15T00:00:49Z
Will do.
---------------------------------------------------------------------------
by jmikola at 2012-02-15T00:05:48Z
```
[avocado: symfony] logout-csrf (+9/-216) $ git rebase master
First, rewinding head to replay your work on top of it...
Applying: [SecurityBundle] Add functional test for form login with CSRF token
Applying: [Security] Refactor LogoutListener constructor to take options
Applying: [Security] Allow LogoutListener to validate CSRF tokens
Applying: [SecurityBundle] Templating helpers to generate logout URL's with CSRF tokens
Applying: [SecurityBundle] Fix execution of functional tests with different names
Applying: [SecurityBundle] Use assertCount() in tests
Using index info to reconstruct a base tree...
Falling back to patching base and 3-way merge...
Applying: [Security] Use LogoutException for invalid CSRF token in LogoutListener
[avocado: symfony] logout-csrf (+7) $ git st
# On branch logout-csrf
# Your branch and 'origin/logout-csrf' have diverged,
# and have 223 and 9 different commit(s) each, respectively.
#
nothing to commit (working directory clean)
[avocado: symfony] logout-csrf (+7) $
```
After rebasing, my merge commits disappeared. Is this normal?
---------------------------------------------------------------------------
by stof at 2012-02-15T00:15:07Z
Are you sure they disappeared ? Diverging from the remote branch is logical (you rewrote the history and so changed the commit id) but are you sure it does not have the commits on top of master ? Try ``git log master..logout-scrf``
If your commut are there, you simply need to force the push for the logout-csrf branch (take care to push only this branch during the force push to avoid messing all others as git won't warn you when asking to force)
---------------------------------------------------------------------------
by stof at 2012-02-15T00:17:09Z
ah sorry, you talked only about the merge commit. Yeah it is normal. When reapplying your commits on top of master, the merge commit are not kept as you are reapplying the changes linearly on top of the other branch (and deleting the merge commit was the reason why @fabpot asked you to rebase instead of merging btw)
---------------------------------------------------------------------------
by jmikola at 2012-02-15T00:18:00Z
The merge commits are not present in `git log master..logout-csrf`. Perhaps it used those merge commits when rebasing, as there were definitely conflicts resolved when I originally merged in symfony/master (@fabpot had made his own changes to LogoutListener).
I'll force-push the changes to my PR brange. IIRC, GitHub is smart enough to preserve inline diff comments, provided they were made through the PR and not on the original commits.
---------------------------------------------------------------------------
by jmikola at 2012-02-15T00:19:38Z
That worked well. In the future, I think I'll stick to merging upstream in and then rebasing afterwards. Resolving conflicts is much easier during a merge than interactive rebase.
---------------------------------------------------------------------------
by jmikola at 2012-02-23T18:46:13Z
@fabpot @schmittjoh: Is there anything else I can do for this PR? I believe the exception was the only outstanding question (see: [this comment](https://github.com/symfony/symfony/pull/3007#issuecomment-3835716)).
Commits
-------
100d59b Modified Memcache(d) dsn to be more intuitive. Chnged Exception texts in other storages.
Discussion
----------
[HttpKernel] Modified Memcache(d)ProfilerStorage dsn to be more intuitive
Bug fix: no
Feature addition: -
Backwards compatibility break: no
Symfony2 tests pass: yes
Fixes the following tickets: -
Todo: -
Before:
```
#app/config/config_dev.yml
...
framework:
...
profiler:
...
dsn: memcache://127.0.0.1/11211
...
```
Now:
```
#app/config/config_dev.yml
...
framework:
...
profiler:
...
dsn: memcache://127.0.0.1:11211
...
```
If Memcache host is IPv6 address:
```
#app/config/config_dev.yml
...
framework:
...
profiler:
...
dsn: memcache://[::1]:11211
...
```
I changed texts of some exceptions to be more consistent, too.
Commits
-------
7444fdf Feedback fixes
54cfd44 Restore bypass_shell by default with windows compat
38df47a Fix env inheritance and added tests
f555c62 [Process] Add windows compatibility to Process component
c4e8ff7 [Process] Always escape commands properly and remove windows-specific handling
9e237f6 [Process] Add ProcessBuilder::create() for more fluidity in the interface until 5.4
4882777 [Process] Code clean up
Discussion
----------
ProcessBuilder clean up
- Code cleanup
- Added create() static method for easy creation until we can do `$process = (new ProcessBuilder())->add()->getProcess();`
- Removed windows wrapping of commands. This does not belong there IMO. If assetic needs that it should add it, and if it's generally beneficial to everyone then we should add it to Process, but having it implicitly only when using ProcessBuilder makes on sense.
---------------------------------------------------------------------------
by beberlei at 2012-02-16T16:10:15Z
I agree on the windows stuff. I know it fixes a bunch of issues in Assetic, but it also caused my tons of headaches in my windows commands that didnt need strict escaping. Also this messes with parameters in Powershell for example, when you have "foo /bar:baz" then it makes this to ""foo" "/bar:baz"" which in some circumstances fails. Its all messy.
---------------------------------------------------------------------------
by schmittjoh at 2012-02-16T17:53:30Z
Can you move the wrapping to the Process class instead? It's generally causing no bad side effects, but fixes a few issues in the proc_open implementation. It is also necessary for Assetic, and potentially other tools to work on Windows.
---------------------------------------------------------------------------
by Seldaek at 2012-02-16T17:56:02Z
Sure, although "generally" sounds a bit scary in your sentence :)
What about the bypass_shell option?
---------------------------------------------------------------------------
by schmittjoh at 2012-02-16T18:02:12Z
"generally" means I don't know of any, but what I do know is that the alternative you are suggesting is not working. Have there been any bug reports on Assetic/symfony/your own code that "cmd" wrapping causes problems?
---------------------------------------------------------------------------
by Seldaek at 2012-02-16T18:04:59Z
No no, don't get me wrong, I'm not suggesting this should be removed. I'm just saying it should be done for all processes or none, but not just for those run via the ProcessBuilder because that's a good recipe for WTFs.
---------------------------------------------------------------------------
by schmittjoh at 2012-02-16T18:09:38Z
Yeah, I understand, and it makes sense.
What I would suggest is to move it to the process class, and let a wider audience test this to see if we get any bug reports on strange behavior etc.
---------------------------------------------------------------------------
by Seldaek at 2012-02-16T18:12:00Z
Still not sure about the bypass_shell option though. And @beberlei mentioned problems? Can you expand on that?
---------------------------------------------------------------------------
by Seldaek at 2012-02-16T18:16:34Z
Added back to Process, with a switch so if anyone runs into problems they can easily disable it.
---------------------------------------------------------------------------
by Seldaek at 2012-02-22T10:59:58Z
Ping @fabpot - I think this is ready now
Ping @kriswallsmith if this gets merged please update Assetic stuff to restore the bypass_shell option if it's really needed.
---------------------------------------------------------------------------
by kriswallsmith at 2012-02-22T12:41:15Z
Posting a PR under "code cleanup" that tinkers with a class that is inherently difficult to test for regression and has been tested by the community for over a year is… a bit hard to swallow, honestly. Everything is there for a reason and should not be tinkered with lightly.
For example, it's important that the `$env` variable default to `null` so the current environment is inherited by default — why change that?
I don't know what the `bypass_shell` option does, but @pierrejoye does… which is why he put it there.
I'm okay with adding an "enhanced Windows compatibility" switch, but I personally think is should be on the builder, not `Process`. The builder is where we manipulate the strings that compose the command line, not in `Process`. You're introducing manipulation of the command line to `Process`, which blurs the responsibilities of the two classes.
I'm also okay with the static factory method :)
---------------------------------------------------------------------------
by Seldaek at 2012-02-22T13:19:40Z
@kriswallsmith (Sorry about the confusing title) My concern is just that if you use Process then decide to "upgrade" to the ProcessBuilder, you suddenly have a change of behavior that might break stuff without you noticing. I just want to avoid this unexpected behavior.
As for the $env stuff, I added a couple tests now, and then expanded that ternary operator a bit.. It actually was broken before. It passed null if you had no env set, but even if you did not call `inheritEnvironmentVariables`. If you want to inherit by default - which I agree it should - then why was `inheritEnv = false` in the constructor? I changed it too and now there is hopefully less confusion.
Restored bypass_shell=true unless it's explicitly set to false.
---------------------------------------------------------------------------
by kriswallsmith at 2012-02-22T13:25:23Z
We should also add the PHPUnit `@backupGlobals enabled` annotation while we're in here.
---------------------------------------------------------------------------
by kriswallsmith at 2012-02-22T13:31:41Z
@Seldaek Looks better, thanks for the changes. If `enhanceWindowsCompatibility` is going to live on `Process` we should expose the switch on the builder as well. Speaking of `enhanceWindowsCompatibility`… is there a more descriptive name for that? What exactly does that do, any why would anyone want to switch it off? The name is so vague we might as well call it `enableMagicalWindowsFix()`.
---------------------------------------------------------------------------
by pierrejoye at 2012-02-22T13:33:55Z
I really do not think that having a flag to enable portability is a
good idea, at all.
I do not remember the context right now but a flag is definitively a
bad idea (you will need other on other platforms).
I will take a look again at this next week (end of), as I am still OOF.
On Wed, Feb 22, 2012 at 2:31 PM, Kris Wallsmith
<reply@reply.github.com>
wrote:
> @Seldaek Looks better, thanks for the changes. If `enhanceWindowsCompatibility` is going to live on `Process` we should expose the switch on the builder as well. Speaking of `enhanceWindowsCompatibility`… is there a more descriptive name for that? What exactly does that do, any why would anyone want to switch it off? The name is so vague we might as well call it `enableMagicalWindowsFix()`.
>
> ---
> Reply to this email directly or view it on GitHub:
> https://github.com/symfony/symfony/pull/3381#issuecomment-4103882
--
Pierre
@pierrejoye | http://blog.thepimp.net | http://www.libgd.org
---------------------------------------------------------------------------
by Seldaek at 2012-02-22T13:42:56Z
backupGlobals seems to be enabled by default.
As for the enhanceWindowsCompatibility, yes. It's a poor name, but no I don't have any idea for a better one, because nobody could explain me what it does. People just scream that it's necessary.
@pierrejoye: If you or anyone can conclusively confirm that this stuff is always better, then we always do it. If it's not then it must be optional, and if it's not a flag then what? The point of the component is to abstract the proc_open horrors. If people have to know about windows quirks with regard to proc_open to use it, then it's not a very useful abstraction.
Additionally, if it *is* always better to use those portability fixes, then why isn't php doing it itself?
---------------------------------------------------------------------------
by pierrejoye at 2012-02-22T13:47:02Z
On Wed, Feb 22, 2012 at 2:42 PM, Jordi Boggiano
<reply@reply.github.com>
wrote:
> backupGlobals seems to be enabled by default.
>
> As for the enhanceWindowsCompatibility, yes. It's a poor name, but no I don't have any idea for a better one, because nobody could explain me what it does. People just scream that it's necessary.
> @pierrejoye: If you or anyone can conclusively confirm that this stuff is always better, then we always do it. If it's not then it must be optional, and if it's not a flag then what? The point of the component is to abstract the proc_open horrors. If people have to know about windows quirks with regard to proc_open to use it, then it's not a very useful abstraction.
proc_open has many quirks, not only on windows. That's why it should
work and detect what is needed, that may force you to slightly change
the split between builder and process.
> Additionally, if it *is* always better to use those portability fixes, then why isn't php doing it itself?
BC, like it or not (I do not).
However we cannot change past versions, so today code has to deal it
with it anyway.
I will take a look at what you are trying to fix here next week, if
you have any other requests regarding proc_open&portability, let me
know :)
Cheers,
--
Pierre
@pierrejoye | http://blog.thepimp.net | http://www.libgd.org
---------------------------------------------------------------------------
by Seldaek at 2012-02-22T13:54:38Z
Ok so it sounds to me like the current code is correct, it tries to fix
things as best as we know how to by default, and just gives you a way to
disable things in the odd case we messed up and some of those fixes are
harmful to some use cases.
---------------------------------------------------------------------------
by fabpot at 2012-03-02T21:38:18Z
@Seldaek @kriswallsmith is it ready for merge now?
---------------------------------------------------------------------------
by kriswallsmith at 2012-03-02T21:42:22Z
I'm still not happy with the name of `enhanceWindowsCompatibility`. We need to be more specific about what that does. It sounds like a marketing term right now ;)
---------------------------------------------------------------------------
by Seldaek at 2012-03-05T13:44:56Z
Agreed, but I can't think of anything better. It is indeed esoteric magic fixes that should work better but nobody seems 100% sure about it, so I think it's fairly accurate.
