This PR was merged into the 2.0 branch.
Commits
-------
f299bd0 [Console] Make getTerminalWith & getTerminalHeight public
Discussion
----------
[Console] Make getTerminalWith & getTerminalHeight public
Bug fix: yes
Feature addition: yes
Backwards compatibility break: no
Fixes the following tickets: ~
Todo: -
License of the code: MIT
Documentation PR: ~
After demand in #6567, I open an other one on the 2.0 branch.
This PR was merged into the 2.0 branch.
Commits
-------
73d9cef [Locale] Adjust `StubIntlDateFormatter` to have new methods added in PHP 5.5
b2ce983 [Locale] Fix failing `StubIntlDateFormatter` tests in PHP 5.5
913b564 [Locale] Fix failing `StubIntlDateFormatter` in PHP 5.5
8ae773b [Form] Fix failing `MonthChoiceList` in PHP 5.5
f4ce2f1 Update .travis.yml
Discussion
----------
[2.0] Add testing of PHP 5.5 on Travis-CI & fix failing code
This PR was merged into the 2.0 branch.
Commits
-------
8b2c17f fix double-decoding in the routing system
Discussion
----------
fix double-decoding in the routing system
@fabpot @vicb This should fix it. You know what ;) Don't want to leak more information.
And the good thing, it's no hack nor does it break BC.
This PR was merged into the 2.0 branch.
Commits
-------
e6bb156 remove realpath call
Discussion
----------
[HttpKernel] remove realpath call
I'm trying to create an executable phar archive from a Symfony application, but when I run the phar, it fails to find any commands because of this php bug/feature:
https://bugs.php.net/bug.php?id=52769
After this change, my archive works just like a normal app/console call
I'm trying to create an executable phar archive from a Symfony application, but when I run the phar, it fails to find any commands because of this php bug/feature:
https://bugs.php.net/bug.php?id=52769
After this change, my archive works just like a normal app/console call
This PR was merged into the 2.0 branch.
Commits
-------
0489799 [HttpFoundation] added a check for the host header value
Discussion
----------
[HttpFoundation] added a check for the host header value
alternative for #3865
This PR was merged into the 2.0 branch.
Commits
-------
57edf56 removed wrong routing xsd statement `mixed="true"`
Discussion
----------
removed wrong routing xsd statement `mixed="true"`
mixed="true" means that the element could contain both text and other elements, e.g.
`<requirement key="_locale">text <subelement /></requirement>`
But this wrong and such a definition would not even validate against the scheme as the xsd does not define which elements would be expected inside.
This PR was merged into the 2.0 branch.
Commits
-------
d5623b4 removed unused attribute from routing.xsd
Discussion
----------
removed unused attribute from routing.xsd
mixed="true" means that the element could contain both text and other elements, e.g.
`<requirement key="_locale">text <subelement /></requirement>`
But this wrong and such a definition would not even validate against the scheme as the xsd does not define which elements would be expected inside.
This PR was merged into the 2.0 branch.
Commits
-------
f2cbea3 [Security] remove escape charters from username provided by Digest DigestAuthenticationListener
80f6992 [Security] added test extra for digest authentication
d66b03c fixed CS
694697d [Security] Fixed digest authentication
c067586 [Security] Fixed digest authentication
Discussion
----------
Fix digest authentication
Bug fix: yes
Feature addition: no
Backwards compatibility break: no
Symfony2 tests pass: yes
Fixes the following tickets:
Todo: -
License of the code: MIT
Documentation PR: -
Replaces: #5485
This adds the missing fixes.
My only concerns is the ```\"``` removing.
```\"``` is only needed for the HTTP transport, but keeping them would require to also store the username with the escapes as well.
---------------------------------------------------------------------------
by fabpot at 2012-10-30T11:25:28Z
The digest authentication mechanism is not that widespread due to its limitation. And the transport is not HTTP, I think we are talking about very few cases.
---------------------------------------------------------------------------
by sstok at 2012-10-30T12:49:14Z
Apache seems to remove (ignore) escape characters.
```c
if (auth_line[0] == '=') {
auth_line++;
while (apr_isspace(auth_line[0])) {
auth_line++;
}
vv = 0;
if (auth_line[0] == '\"') { /* quoted string */
auth_line++;
while (auth_line[0] != '\"' && auth_line[0] != '\0') {
if (auth_line[0] == '\\' && auth_line[1] != '\0') {
auth_line++; /* escaped char */
}
value[vv++] = *auth_line++;
}
if (auth_line[0] != '\0') {
auth_line++;
}
}
else { /* token */
while (auth_line[0] != ',' && auth_line[0] != '\0'
&& !apr_isspace(auth_line[0])) {
value[vv++] = *auth_line++;
}
}
value[vv] = '\0';
}
```
But would this change be a BC break for people already using quotes but without a comma and thus they never hit this bug?
The change it self is minimum, just calling ```str_replace('\\\\', '\\', str_replace('\\"', '"', $value))``` when getting the username.
---------------------------------------------------------------------------
by fabpot at 2012-11-13T13:00:12Z
@sstok Doing the same as Apache seems the best option here (just document the BC break).
---------------------------------------------------------------------------
by sstok at 2012-11-15T16:05:00Z
Hopefully I did this correct, but the needed escapes seem correctly removed.
`\"` is changed to `"` `\\` is changed to `\`
`\'` it kept as it is, as this needs no correcting.
@Vincent-Simonin Can you verify please.
---------------------------------------------------------------------------
by Vincent-Simonin at 2012-11-19T09:28:18Z
Authentication didn't work with this configuration :
```
providers:
in_memory:
name: in_memory
users:
te"st: { password: test, roles: [ 'ROLE_USER' ] }
```
`te"st` was set in authentication form's user field.
(Must we also escape `"` in configuration file ?)
Tests were performed with nginx.
---------------------------------------------------------------------------
by sstok at 2012-11-19T09:33:34Z
Yes. YAML escapes using an duplicate quote, like SQL.
```yaml
providers:
in_memory:
name: in_memory
users:
"te""st": { password: test, roles: [ 'ROLE_USER' ] }
```
This PR was merged into the 2.0 branch.
Commits
-------
b3a8efd fixed comment. The parent ACL is not accessed in this method.
Discussion
----------
fixed comment. The parent ACL is not accessed in this method.
Just fixed a comment on PermissionGrantingStrategy.
hasSufficientPermissions() is not accessing the parent ACL. That's done in isGranted().