This PR was merged into the 2.0 branch.
Commits
-------
f2cbea3 [Security] remove escape charters from username provided by Digest DigestAuthenticationListener
80f6992 [Security] added test extra for digest authentication
d66b03c fixed CS
694697d [Security] Fixed digest authentication
c067586 [Security] Fixed digest authentication
Discussion
----------
Fix digest authentication
Bug fix: yes
Feature addition: no
Backwards compatibility break: no
Symfony2 tests pass: yes
Fixes the following tickets:
Todo: -
License of the code: MIT
Documentation PR: -
Replaces: #5485
This adds the missing fixes.
My only concerns is the ```\"``` removing.
```\"``` is only needed for the HTTP transport, but keeping them would require to also store the username with the escapes as well.
---------------------------------------------------------------------------
by fabpot at 2012-10-30T11:25:28Z
The digest authentication mechanism is not that widespread due to its limitation. And the transport is not HTTP, I think we are talking about very few cases.
---------------------------------------------------------------------------
by sstok at 2012-10-30T12:49:14Z
Apache seems to remove (ignore) escape characters.
```c
if (auth_line[0] == '=') {
auth_line++;
while (apr_isspace(auth_line[0])) {
auth_line++;
}
vv = 0;
if (auth_line[0] == '\"') { /* quoted string */
auth_line++;
while (auth_line[0] != '\"' && auth_line[0] != '\0') {
if (auth_line[0] == '\\' && auth_line[1] != '\0') {
auth_line++; /* escaped char */
}
value[vv++] = *auth_line++;
}
if (auth_line[0] != '\0') {
auth_line++;
}
}
else { /* token */
while (auth_line[0] != ',' && auth_line[0] != '\0'
&& !apr_isspace(auth_line[0])) {
value[vv++] = *auth_line++;
}
}
value[vv] = '\0';
}
```
But would this change be a BC break for people already using quotes but without a comma and thus they never hit this bug?
The change it self is minimum, just calling ```str_replace('\\\\', '\\', str_replace('\\"', '"', $value))``` when getting the username.
---------------------------------------------------------------------------
by fabpot at 2012-11-13T13:00:12Z
@sstok Doing the same as Apache seems the best option here (just document the BC break).
---------------------------------------------------------------------------
by sstok at 2012-11-15T16:05:00Z
Hopefully I did this correct, but the needed escapes seem correctly removed.
`\"` is changed to `"` `\\` is changed to `\`
`\'` it kept as it is, as this needs no correcting.
@Vincent-Simonin Can you verify please.
---------------------------------------------------------------------------
by Vincent-Simonin at 2012-11-19T09:28:18Z
Authentication didn't work with this configuration :
```
providers:
in_memory:
name: in_memory
users:
te"st: { password: test, roles: [ 'ROLE_USER' ] }
```
`te"st` was set in authentication form's user field.
(Must we also escape `"` in configuration file ?)
Tests were performed with nginx.
---------------------------------------------------------------------------
by sstok at 2012-11-19T09:33:34Z
Yes. YAML escapes using an duplicate quote, like SQL.
```yaml
providers:
in_memory:
name: in_memory
users:
"te""st": { password: test, roles: [ 'ROLE_USER' ] }
```
This PR was merged into the 2.0 branch.
Commits
-------
32dc31e [SecurityBundle] Convert Http method to uppercase in the config
Discussion
----------
[SecurityBundle] Convert Http method to uppercase in the config
This is not striclty required as method names would be converted to uppercase by the matcher after #5988.
However I think it is better to always use uppercase for http method names.
The config UT has also been improved as part of this PR.
This is good to propagate to 2.1 & 2.2 also.
This PR was submitted for the master branch but it was merged into the 2.0 branch instead (closes#6015).
Commits
-------
f61c019 Update src/Symfony/Component/DomCrawler/Tests/FormTest.php
9b3aaf2 Update src/Symfony/Component/DomCrawler/Form.php
Discussion
----------
FIX: Malformed field path ""
In case we have the name attribute empty.
---------------------------------------------------------------------------
by fabpot at 2012-11-15T06:12:35Z
Can you add a unit test for that case?
---------------------------------------------------------------------------
by bierdok at 2012-11-15T09:21:01Z
Voila.
This PR was merged into the 2.0 branch.
Commits
-------
b3a8efd fixed comment. The parent ACL is not accessed in this method.
Discussion
----------
fixed comment. The parent ACL is not accessed in this method.
Just fixed a comment on PermissionGrantingStrategy.
hasSufficientPermissions() is not accessing the parent ACL. That's done in isGranted().
This PR was merged into the 2.0 branch.
Commits
-------
e12bd12 [HttpFoundation] Make host & methods really case insensitive in the RequestMacther
Discussion
----------
[HttpFoundation] Make host & methods really case insensitive in the Requ...
...estMacther
and backport changes from 2.2
Details:
- does not take case into account when checking the host (the `Request` always returns a lowercase value) to protect against user typo,
- makes the constructor case proof by invoking setters rather than setting properties directly (you could then add un unreachable method i.e; `get`)
Please propagate to 2.1/2.2 if accpeted. Thanks.
This PR was merged into the 2.0 branch.
Commits
-------
8fb334f [Form] Excluded some tests in NumberToLocalizedStringTransformerTest which fail on ICU 4.4, but work on ICU 4.8
Discussion
----------
[Form] Excluded some tests in NumberToLocalizedStringTransformerTest which fail on ICU 4.4, but work on ICU 4.8
Bug fix: yes
Feature addition: no
Backwards compatibility break: no
Symfony2 tests pass: yes
Fixes the following tickets: -
Todo: -
License of the code: MIT
Documentation PR: -
This PR was merged into the 2.0 branch.
Commits
-------
dc80385 [Form] Fixed NumberToLocalizedStringTransformer to accept both comma and dot as decimal separator, if possible
Discussion
----------
[Form] Fixed NumberToLocalizedStringTransformer to accept both comma and dot
Bug fix: yes
Feature addition: no
Backwards compatibility break: no
Symfony2 tests pass: yes
Fixes the following tickets: #2059
Todo: -
License of the code: MIT
Documentation PR: -
The behaviour after this is as follows:
* if "grouping" (thousands separators) is disabled (the default)
* you may use comma and dot as decimal separator in all locales
* if "grouping" is enabled
* you may use a comma as decimal separator in all locales where the thousands separator is not a comma (e.g. "de", "fr", but not "en")
* you may use a dot as decimal separator in all locales where the thousands separator is not a dot (e.g. "en", "fr", but not "de")
If the form is displayed again, all numbers are displayed in your locale, regardless of which decimal separator you used for input.
**Example 1 (locale "fr"):**
* you enter: "1234.56"
* after submission:
* without grouping: "1234,56"
* with grouping: "1 234,56"
**Example 2 (locale "en"):**
* you enter "1234,56"
* after submission:
* without grouping: "1234.56"
* with grouping: error (because "," is the thousands separator; "1234,560" would have been accepted)
This PR was merged into the 2.0 branch.
Commits
-------
9aec4c8 Show correct class name InputArgument in error message
Discussion
----------
[Console] Show correct class name InputArgument in error message
Bug fix: yes
Feature addition: no
Backwards compatibility break: no
Symfony2 tests pass: yes
License of the code: MIT
This PR was merged into the 2.0 branch.
Commits
-------
762649f shows correct class name InputOption in error message
Discussion
----------
[Console] shows correct class name InputOption in error message
Bug fix: yes
Feature addition: no
Backwards compatibility break: no
Symfony2 tests pass: yes
License of the code: MIT
---------------------------------------------------------------------------
by pborreli at 2012-11-04T03:59:58Z
👍
This PR was merged into the 2.0 branch.
Commits
-------
6b42c8c The exception message should say which field is not mapped
Discussion
----------
The exception message should tell which field is not mapped
This PR was squashed before being merged into the 2.0 branch (closes#5496).
Commits
-------
9872d26 [HttpFoundation] Fix name sanitization after perfoming move
Discussion
----------
[HttpFoundation] Fix name sanitization after perfoming move
Bug fix: yes
Feature addition: no
Backwards compatibility break: no
Symfony2 tests pass: yes
Fixes the following tickets: #2577
License of the code: MIT
Further work on #2577, fixes name sanitization, after moving file name with new name with non latin characters in the beginning.
---------------------------------------------------------------------------
by stloyd at 2012-09-12T09:52:05Z
You must revert chmod changes.
---------------------------------------------------------------------------
by helios-ag at 2012-09-12T14:30:36Z
@stloyd fixed
---------------------------------------------------------------------------
by stof at 2012-10-13T21:12:43Z
@fabpot what is the status of this PR ?
This PR was merged into the 2.0 branch.
Commits
-------
a094f7e Add check to Store::unlock to ensure file exists
Discussion
----------
[2.0] [HttpKernel] Add check to Store::unlock to ensure file exists
Bug fix: yes
Feature addition: no
Backwards compatibility break: no
Symfony2 tests pass: yes
I was seeing this error in my logs when using an `AppCache`:
```
Error 2: /var/www/beta.example.com/shared/vendor/symfony/symfony/src/Symfony/Component/HttpKernel/HttpCache/Store.php line 92: unlink(/var/www/beta.example.com/releases/20120827020525/app/cache/beta/http_cache/md/c2/88/66a911b5266a57bdd55131a47895b8861dfd.lck): No such file or directory
```
It was only occurring when the `http_cache` file was being primed (i.e. first load).
I've added a simple check to ensure that the file is a valid file before trying to unlink. I also added a missing `@return` docblock. Note: I've chosen to return `false` if the file does not exist as this seems to be the behaviour of the `purge` method.
---------------------------------------------------------------------------
by jonathaningram at 2012-08-29T06:46:52Z
@henrikbjorn done and rebased. Thanks.
---------------------------------------------------------------------------
by jonathaningram at 2012-09-17T22:38:47Z
@henrikbjorn any news on this one? It's currently not possible to use the HTTP Cache without the first request failing.
---------------------------------------------------------------------------
by jonathaningram at 2012-09-25T01:28:38Z
ping @fabpot sorry to keep pushing this, but any chance you could take a look at this?
This PR was merged into the 2.0 branch.
Commits
-------
bf3e358 [Form] Fixed creation of multiple money fields with different currencies
Discussion
----------
[Form] Fixed creation of multiple money fields with different currencies
Bug fix: yes
Feature addition: no
Backwards compatibility break: no
Symfony2 tests pass: yes
Fixes the following tickets: #5458
Todo: -
License of the code: MIT
Documentation PR: -
This PR was submitted for the master branch but it was merged into the 2.0 branch instead (closes#5763).
Commits
-------
333ebeb Fixed IPv6 Check in RequestMatcher
Discussion
----------
[HttpFoundation] Fixed IPv6 Check in RequestMatcher
RequestMatcher checks IPv6 support with
```php
if (!defined('AF_INET6')) {
throw new \RuntimeException('Unable to check Ipv6. Check that PHP was not compiled with option "disable-ipv6".');
}
```
wich depends on sockets extension.
This PR adds a fallback by checking return value of silented call to `inet_pton` if extension is not available (code from https://github.com/dsp/v6tools/blob/master/src/v6tools/Runtime.php).
This PR was merged into the 2.0 branch.
Commits
-------
b439d13 fixed DomCrwaler/Form to handle <button> when submitted
Discussion
----------
[DomCrawler] fixed Form to handle <button> when submitted
Bug fix: yes
Feature addition: no
Backwards compatibility break: no
Symfony2 tests pass: yes
License of the code: MIT
Issue appears when submitting form with <button> form element.
Name-value of this button wasn`t passed to the request.
This PR was merged into the 2.0 branch.
Commits
-------
22c7a91 [HttpKernel][Translator] Fixed type-hints
Discussion
----------
[HttpKernel][Translator] Fixed type-hints
Bug fix: yes
Feature addition: no
Backwards compatibility break: no
Symfony2 tests pass: yes
Fixes the following tickets: -
Todo: -
License of the code: MIT
Documentation PR: -
---------------------------------------------------------------------------
by drak at 2012-10-04T15:18:55Z
This PR is ready - the travis build fail is not related to this PR which is just docblock changes.
---------------------------------------------------------------------------
by pborreli at 2012-10-04T15:37:57Z
the travis build fail is indeed not related to your PR but your branch. see https://github.com/drak/symfony/blob/docb/.travis.yml
You should fetch upstream remote, merge, rebase and push again.
---------------------------------------------------------------------------
by drak at 2012-10-04T16:50:28Z
Thanks for the info, but the branch is 100% up to date with `2.0`, the file you quoted is as it is in the main repo: https://github.com/symfony/symfony/blob/2.0/.travis.yml - in any case, it doesnt affect merging this changeset.
This PR was merged into the 2.0 branch.
Commits
-------
6c59fbd [HttpFoundation] Fixed#5611 - Request::splitHttpAcceptHeader incorrect result order.
Discussion
----------
[HttpFoundation] Request::splitHttpAcceptHeader incorrect result order.
Bug fix: yes
Feature addition: no
Backwards compatibility break: no
Symfony2 tests pass: yes
Fixes the following tickets: 5611
Makes items with equal q-values return in the original provided order. Fixes tests to reflect this behavior.
---------------------------------------------------------------------------
by kerihenare at 2012-10-02T20:59:11Z
To avoid confusion over the modified language test I have instead created new tests.
