This PR was merged into the 2.1 branch.
Commits
-------
06ee53b [Form] improve error message with a "hasser" hint for PropertyAccessDeniedException
Discussion
----------
[Form] improve error msg w/ a "hasser" hint for PropertyAccessDeniedException
"Hasser" support was added under the 2.1 branch of the Form component
Bug fix: no
Feature addition: no
Backwards compatibility break: no
Symfony2 tests pass: no, but fails exactly the same as without this fix
Fixes the following tickets: -
Todo: -
License of the code: MIT
Documentation PR: symfony/symfony-docs#1958
Bug fix: no
Feature addition: no
Backwards compatibility break: no
Symfony2 tests pass: no, but fails exactly the same as without this fix
Fixes the following tickets: -
Todo: -
License of the code: MIT
Documentation PR: symfony/symfony-docs#1958
This PR was merged into the master branch.
Commits
-------
1858b96 [Form] Adapted FormValidator to latest changes in the Validator
1f752e8 [DoctrineBridge] Adapted UniqueValidator to latest changes in the Validator
efe42cb [Validator] Refactored the GraphWalker into an implementation of the Visitor design pattern.
Discussion
----------
[Validator] Refactored the Validator for use in Drupal
Bug fix: no
Feature addition: no
Backwards compatibility break: yes
Symfony2 tests pass: yes
Fixes the following tickets: -
Todo: -
License of the code: MIT
Documentation PR: TODO
Drupal wants to use the Symfony Validator component in their next version. I was talking to @fago recently about the changes that we'd need to make and implemented these changes in this PR. I don't want to rush this, but the deadline is tight, since Drupal feature freeze is on December 1st and @fago needs at least a couple of days to integrate the Validator into Drupal.
This PR introduces two significant changes:
* Interfaces were created for all classes that constitute the Validator's API. This is were the PR breaks BC, because `ConstraintValidatorInterface::initialize()` is now type hinted against `ExecutionContextInterface` instead of `ExecutionContext`.
* The graph walker was refactored into an implementation of the Visitor pattern. This way, the validator was decoupled from the structure of the metadata (class → properties and getter methods) and makes it possible to implement a different metadata structure, as is required by the Drupal Entity API.
As a consequence of the API change, custom validation code is now much easier to write, because `ValidatorInterface` and `ExecutionContextInterface` share the following set of methods:
```php
interface ValidatorInterface
{
public function validate($value, $groups = null, $traverse = false, $deep = false);
public function validateValue($value, $constraints, $groups = null);
public function getMetadataFor($value);
}
interface ExecutionContextInterface
{
public function validate($value, $subPath = '', $groups = null, $traverse = false, $deep = false);
public function validateValue($value, $constraints, $subPath = '', $groups = null);
public function getMetadataFor($value);
}
```
No more juggling with property paths, no more fiddling with the graph walker. Just call on the execution context what you'd call on the validator and you're done.
There are two controversial things to discuss and decide (cc @fabpot):
* I moved the `@api` tags of all implementations to the respective interfaces. Is this ok?
* I would like to deprecate `ValidatorInterface::getMetadataFactory()` (tagged as `@api`) in favor of the added `ValidatorInterface::getMetadataFor()`, which offers the exact same functionality, but with a different API and better encapsulation, which makes it easier to maintain for us. We can tag `getMetadataFor()` as `@api`, as I don't expect it to change. Can we do this or should we leave the old method in?
I would like to decide the major issues of this PR until **Sunday November 25th** in order to give @fago enough room for his implementation.
Let me hear your thoughts.
This PR was merged into the master branch.
Commits
-------
d1b5093 Try to make sure cookies get deleted from the TokenProvider when no longer in use
Discussion
----------
Delete cookies from the TokenProvider that is no longer in use
Bug fix: yes
Feature addition: no
Backwards compatibility break: no
Symfony2 tests pass: yes
Todo: -
License of the code: MIT
When the user logs in, or login fails for some reason, the old "remember me" cookie should be deleted from the TokenProvider if you are using the PersistentTokenBasedRememberMeServices.
As the code is now, the token is only deleted on logout.
---------------------------------------------------------------------------
by TerjeBr at 2012-11-20T13:45:54Z
So, anything else that needs to be done before this is merged?
---------------------------------------------------------------------------
by TerjeBr at 2012-11-21T10:30:53Z
Ok, I have corrected the typo in the comment and squashed the commit.
---------------------------------------------------------------------------
by schmittjoh at 2012-11-21T10:36:29Z
btw, ``canceled`` (more American) and ``cancelled`` (more British) are both
correct English forms.
On Wed, Nov 21, 2012 at 11:30 AM, Terje Bråten <notifications@github.com>wrote:
> Ok, I have corrected the typo in the comment and squashed the commit.
>
> —
> Reply to this email directly or view it on GitHub<https://github.com/symfony/symfony/pull/6055#issuecomment-10592112>.
>
>
---------------------------------------------------------------------------
by schmittjoh at 2012-11-21T10:40:24Z
As a side-note have you verified that this does not break the cookie theft protection?
---------------------------------------------------------------------------
by TerjeBr at 2012-11-21T10:51:10Z
Yes, cookie theft protection is still there and is functioning well.
---------------------------------------------------------------------------
by TerjeBr at 2012-11-21T11:14:04Z
I am using this together with the DoctrineTokenProvider in issue #6057 in my own project and done some extensive testing on it.
---------------------------------------------------------------------------
by TerjeBr at 2012-11-23T10:30:34Z
Is this ready to be merged now?
This PR was squashed before being merged into the master branch (closes#6080).
Commits
-------
e477a2e Handle case of static controller method and controllers using magic __call() method
Discussion
----------
Handle case of static controller method and controllers using magic __call() method
Improve collecting controller details for edge cases where:
- controller is array, but contains class name and static method
- method doesn't exist, but is handled by magic __call() method
---------------------------------------------------------------------------
by fabpot at 2012-11-21T08:12:08Z
Can you add some unit tests?
---------------------------------------------------------------------------
by sli-systems at 2012-11-21T22:19:17Z
@pierredup
I disagree with the your comment about is_callable() only working with objects. The PHP docs state that the first argument is a callable, so it can be a string, array, closure, and perhaps more.
The test I added also shows that the code works as is :)
I've thought about your suggestion of adding reflection to look up the location of __call(). However, I think this doesn't really add a lot and only complicates matters. Also, as you can see in the new test, there is also __callStatic() to consider.
The fact that file/line are n/a is correct, because the most typical case will be that __call() and __callStatic() will delegate to some other method that might not even be in the same class/file (a subclass I would expect), IMHO.
@fabpot
Good catch about the '/'. I hope the test is complete enough. Looks more like an exercise on PHP callables than anything else, tho ;)
---------------------------------------------------------------------------
by pierredup at 2012-11-22T04:56:18Z
True that ````is_callable```` takes any callable argument, except in the one specific case where you have a ````__call()```` method, and pass an array with the first paramater as a string.
Take the following example:
class Controller {
public function __call($method, $arguments) {}
}
$controller = array('Controller', 'action');
var_dump(is_callable($controller));
Here ````is_callable($controller)```` will actually return ````false````, where if you have ````$controller = array(new Controller, 'action');```` it would return true.
Of course if you have a ````__callStatic```` method, then it would always return true.
Your tests doesn't seem to cover this use case
---------------------------------------------------------------------------
by sli-systems at 2012-11-22T20:27:05Z
Hmm, maybe. I have to admin that I do not know about this case. OTOH, if is_callable returns false is it really callable then? I would think this more of a PHP bug then?
I think I might have come across this case during coding, but then dismissed it because in that case FilterControllerEvent failed already before the data collector code is reached.
In FilterControllerEvent there is a check on is_callable and a LogicException is thrown if $controller is not callable.
So, is FilterControllerEvent wrong too then?
---------------------------------------------------------------------------
by pierredup at 2012-11-22T20:41:14Z
One would think that if is_callable returns false, then the controller isn't callable, but in the case I mentioned above, the controller is in fact callable. I also thought it was a bug with php, but the php-internals don't seem to think so.
The problem is, if you specify the class as a string, php looks for a static method, even if you have a __call method, it won't be registered.
I will have a look at the FilterControllerEvent to see if this use case applies there as well.
---------------------------------------------------------------------------
by sli-systems at 2012-11-22T20:50:32Z
Rather strange - if that is the case then using is_callable seems pretty pointless and the only way would be to try to execute the controller to find out if it is, in fact, callable...
---------------------------------------------------------------------------
by pierredup at 2012-11-22T20:51:07Z
Okay so it actually seems that the case above isn't callable after all. If the controller is specified as a string, then a static method need to exist. Hence why it works with __callStatic. Only when an instance of the class is specified, will it handle the __call method.
---------------------------------------------------------------------------
by sli-systems at 2012-11-22T20:57:55Z
So the tests are sufficient then?
---------------------------------------------------------------------------
by pierredup at 2012-11-22T20:59:22Z
Yes it is.
This happens when you just assume something without actually testing it :)
Sorry for the hassle
With this refactoring comes a decoupling of the validator from the structure of
the underlying metadata. This way it is possible for Drupal to use the validator
for validating their Entity API by using their own metadata layer, which is not
modeled as classes and properties/getter methods.
This PR was merged into the 2.1 branch.
Commits
-------
84635bd [Form] allowed no type guesser to be registered
Discussion
----------
[Form] made the factory builder pass null when no type guesser registered
reopened#5422 against 2.1 as it's a bug fix
---------------------------------------------------------------------------
by stof at 2012-10-13T21:23:34Z
@fabpot anything left for this PR ?
---------------------------------------------------------------------------
by fabpot at 2012-10-14T09:41:29Z
@bamarni Can you add some unit tests and also update the FormExtensionInterface interface phpdoc as `getTypeGuesser` can now return `null`? Thanks. ping @bschussek
---------------------------------------------------------------------------
by bamarni at 2012-10-14T17:10:27Z
I've added a few tests covering this.
@fabpot : the phpdoc is already correct, it currently can return null, this only occurs with this convenient class.
---------------------------------------------------------------------------
by bschussek at 2012-10-16T07:43:41Z
This PR breaks FormFactory::createBuilderForProperty(), which expects a guesser to be present. Can you check the component for other uses of the guesser and add a null-check there?
---------------------------------------------------------------------------
by bamarni at 2012-10-16T10:57:54Z
I cannot find other places than the factory (searching for 'getTypeGuesser').
---------------------------------------------------------------------------
by bschussek at 2012-11-08T16:58:37Z
You should also adapt `FormRegistry::getTypeGuesser()` not to build a `FormTypeGuesserChain` if the array of guessers is empty. In that case it will return now `null` (adapt the doc block). We also need a different was of checking if the type guessers have already been parsed in FormRegistry. Otherwise the first if condition in `FormRegistry::getTypeGuesser()` will never become false. You could for example initialize the property `$guesser` to `false` and only set it to `null` after the first run of `getTypeGuesser()`.
---------------------------------------------------------------------------
by bamarni at 2012-11-08T18:40:00Z
good catch I had missed it! I've applied your suggestion in the latest commit. Do you see anything else before I squash?
---------------------------------------------------------------------------
by bschussek at 2012-11-08T18:45:15Z
A test for `FormRegistry::getTypeGuesser()` would of course be awesome.
---------------------------------------------------------------------------
by bamarni at 2012-11-08T18:52:13Z
Then it was already awesome! (see https://github.com/symfony/symfony/blob/master/src/Symfony/Component/Form/Tests/FormRegistryTest.php#L252)
I've also added one for the null case if it's what you meant.
This PR was merged into the master branch.
Commits
-------
e2a50ef [OptionsResolver] fix normalizer without corresponding option
5a53821 [OptionsResolver] fix removing normalizers
Discussion
----------
OptionsResolver: normalizer fix
setNormalizer() -> replace() -> all() would generate an error.
---------------------------------------------------------------------------
by bschussek at 2012-07-29T16:09:20Z
Thank you for the fix! Could you please add a test case?
---------------------------------------------------------------------------
by Tobion at 2012-07-30T15:42:26Z
There is another problem: setNormalizer() (without setting an option) -> all()
I suggest to simply ignore normalizers that have no corresponding option. Do you agree?
---------------------------------------------------------------------------
by Tobion at 2012-07-30T16:19:24Z
On the other hand, one could argue that a normalizer without option should also work like this:
```
$this->options->setNormalizer('foo', function (Options $options) {
return '';
});
$this->assertEquals(array('foo' => ''), $this->options->all());
```
But when having a normalizer that wants a previous value as param, it does not work (because there is none).
---------------------------------------------------------------------------
by stof at 2012-07-30T16:30:34Z
@Tobion according to github, this need to be rebased
---------------------------------------------------------------------------
by bschussek at 2012-07-30T19:16:48Z
I guess setNormalizer() should check whether the option is set and fail otherwise. The second possibility, as you say, is to ignore them in all(). I'd prefer whatever is more efficient.
---------------------------------------------------------------------------
by bschussek at 2012-07-30T19:17:27Z
But setting a normalizer without setting an option, and having that option appear in the final options, does not make sense if you ask me.
---------------------------------------------------------------------------
by Tobion at 2012-07-30T21:23:46Z
Well it could make sense. If you want to override/normalize an option to a given value however it has been overloaded by others or just not overloaded at all. This is what normalizers do. I think its more consistent than the other solutions.
Raising exception in setNormalizer would make the Class dependent on the order you call the methods, e.g. `setNormalizer(); set()` would not work. But the other way round would be ok.
Ignoring some normalizers in `all` would be strange because they are there but not applied under some circumstances.
---------------------------------------------------------------------------
by Tobion at 2012-07-30T21:42:40Z
Added the fix. If you disagree tell me.
---------------------------------------------------------------------------
by bschussek at 2012-08-04T09:30:18Z
> Raising exception in setNormalizer would make the Class dependent on the order you call the methods, e.g. `setNormalizer(); set()` would not work. But the other way round would be ok.
I think this would be a better solution. I dislike if the normalizer magically adds an option that does not exist. This could hide implementation error, e.g. when a refactoring removes an option, but the normalizer is forgotten. Can you throw an exception in this case?
Should we find use cases that rely on this to work, we can soften the behavior and remove the exception.
---------------------------------------------------------------------------
by Tobion at 2012-08-04T15:02:51Z
Well, that would also make it impossible to set a normalizer for on optional option in OptionsResolver.
So `setOptional` + `setNormalizers` would throw an exception which sounds counter-intuitive. Are you sure about that?
---------------------------------------------------------------------------
by Tobion at 2012-08-17T11:47:58Z
ping @bschussek
---------------------------------------------------------------------------
by Tobion at 2012-10-07T22:31:44Z
@bschussek ping
---------------------------------------------------------------------------
by stof at 2012-10-13T18:04:30Z
@bschussek ping
---------------------------------------------------------------------------
by Tobion at 2012-11-08T09:55:15Z
@bschussek please let's get this finished.
They should normally be initialized anyway in the constructor. But when extending the Route (like in CMF) and using an ORM/ODM to persist them in the DB, the constructor is not called. Then a new property that is not saved like hostnamePattern stays null which in turn makes the RouteCompiler fails as it expects '' instead of null.
This PR was merged into the 2.0 branch.
Commits
-------
f2cbea3 [Security] remove escape charters from username provided by Digest DigestAuthenticationListener
80f6992 [Security] added test extra for digest authentication
d66b03c fixed CS
694697d [Security] Fixed digest authentication
c067586 [Security] Fixed digest authentication
Discussion
----------
Fix digest authentication
Bug fix: yes
Feature addition: no
Backwards compatibility break: no
Symfony2 tests pass: yes
Fixes the following tickets:
Todo: -
License of the code: MIT
Documentation PR: -
Replaces: #5485
This adds the missing fixes.
My only concerns is the ```\"``` removing.
```\"``` is only needed for the HTTP transport, but keeping them would require to also store the username with the escapes as well.
---------------------------------------------------------------------------
by fabpot at 2012-10-30T11:25:28Z
The digest authentication mechanism is not that widespread due to its limitation. And the transport is not HTTP, I think we are talking about very few cases.
---------------------------------------------------------------------------
by sstok at 2012-10-30T12:49:14Z
Apache seems to remove (ignore) escape characters.
```c
if (auth_line[0] == '=') {
auth_line++;
while (apr_isspace(auth_line[0])) {
auth_line++;
}
vv = 0;
if (auth_line[0] == '\"') { /* quoted string */
auth_line++;
while (auth_line[0] != '\"' && auth_line[0] != '\0') {
if (auth_line[0] == '\\' && auth_line[1] != '\0') {
auth_line++; /* escaped char */
}
value[vv++] = *auth_line++;
}
if (auth_line[0] != '\0') {
auth_line++;
}
}
else { /* token */
while (auth_line[0] != ',' && auth_line[0] != '\0'
&& !apr_isspace(auth_line[0])) {
value[vv++] = *auth_line++;
}
}
value[vv] = '\0';
}
```
But would this change be a BC break for people already using quotes but without a comma and thus they never hit this bug?
The change it self is minimum, just calling ```str_replace('\\\\', '\\', str_replace('\\"', '"', $value))``` when getting the username.
---------------------------------------------------------------------------
by fabpot at 2012-11-13T13:00:12Z
@sstok Doing the same as Apache seems the best option here (just document the BC break).
---------------------------------------------------------------------------
by sstok at 2012-11-15T16:05:00Z
Hopefully I did this correct, but the needed escapes seem correctly removed.
`\"` is changed to `"` `\\` is changed to `\`
`\'` it kept as it is, as this needs no correcting.
@Vincent-Simonin Can you verify please.
---------------------------------------------------------------------------
by Vincent-Simonin at 2012-11-19T09:28:18Z
Authentication didn't work with this configuration :
```
providers:
in_memory:
name: in_memory
users:
te"st: { password: test, roles: [ 'ROLE_USER' ] }
```
`te"st` was set in authentication form's user field.
(Must we also escape `"` in configuration file ?)
Tests were performed with nginx.
---------------------------------------------------------------------------
by sstok at 2012-11-19T09:33:34Z
Yes. YAML escapes using an duplicate quote, like SQL.
```yaml
providers:
in_memory:
name: in_memory
users:
"te""st": { password: test, roles: [ 'ROLE_USER' ] }
```
This PR was squashed before being merged into the master branch (closes#5888).
Commits
-------
2379d86 CS Fixes - Replaced "array of type" by "Type[]" in PHPDoc block
Discussion
----------
CS Fixes - Replaced "array of type" by "Type[]" in PHPDoc block
Bug fix: no
Feature addition: no
Backwards compatibility break: no
Symfony2 tests pass: no (but tests doesn't pass on master too). See Travis.
License of the code: MIT
Documentation PR: Not Applicable
Status: Finished
To improve support of the eclipse PDT pluggin (for autocompletion), I propose to change the array notation in PHPDoc blocks to match the phpDocumentor notation for "array of type".
Modifications are made for the following components:
- BrowserKit
- ClassLoader
- Config
- Console
- CssSelector
- DependencyInjection
- DomCrawler
- EventDispatcher (no changes)
- Filesystem (no changes)
- Finder
- Form
- HttpFoundation
- HttpKernel
- Locale
- OptionResolver (no changes)
- Process (no changes)
- Routing (no changes)
- Serializer (no changes)
- Templating
- Translation
- Validator
- Yaml (no changes)
- Security
- Stopwatch (no changes)
See Proposal https://github.com/symfony/symfony/pull/5852
---------------------------------------------------------------------------
by pborreli at 2012-11-01T15:19:27Z
will you make a PR for each component ? why not only one PR with one commit for each component instead ?
---------------------------------------------------------------------------
by raziel057 at 2012-11-01T15:32:39Z
Ok, I'm going try to do it.
---------------------------------------------------------------------------
by raziel057 at 2012-11-01T16:12:56Z
I would like to rename my branch from COMPONENT_Form to changes-phpdoc (as all modifications would be commited in only one branch), so I tried to execute the following command but I have an error.
git remote rename COMPONENT_Form changes-phpdoc
error: Could not rename config section 'remote.COMPONENT_Form' to 'remote.changes-phpdoc'
Do you know how to do it?
---------------------------------------------------------------------------
by pborreli at 2012-11-01T16:14:26Z
don't rename it, you will have to close and make another PR which is useless here, just edit the title.
---------------------------------------------------------------------------
by stof at 2012-11-01T16:16:17Z
and ``git remote rename`` is about renaming a remote repo, not a branch
---------------------------------------------------------------------------
by raziel057 at 2012-11-03T11:36:02Z
Is it normal that all my commit are duplicated? I would like just update my master and merge with my branch.
---------------------------------------------------------------------------
by fabpot at 2012-11-06T10:22:55Z
@raziel057 Can you rebase on master? That should fix your problem.
---------------------------------------------------------------------------
by fabpot at 2012-11-09T13:28:53Z
@raziel057 Can you finish this PR?
---------------------------------------------------------------------------
by Tobion at 2012-11-09T13:34:45Z
I'll do it for the routing component this evening because I know it by heart. ^^
---------------------------------------------------------------------------
by raziel057 at 2012-11-09T15:06:26Z
@Tobion ok Thanks!
@fabpot Yes, I will try to finish it this week end.
---------------------------------------------------------------------------
by raziel057 at 2012-11-11T13:04:07Z
@Tobion Did you already change PHPDoc in the Routing component?
---------------------------------------------------------------------------
by Tobion at 2012-11-11T15:21:18Z
@raziel057 Yes I'm working on it.
---------------------------------------------------------------------------
by Tobion at 2012-11-12T15:16:31Z
@raziel057 Done. See #5994
This PR was merged into the master branch.
Commits
-------
824a0f3 [Routing] compatibility with older PCRE (pre 8)
Discussion
----------
[Routing] compatibility with older PCRE (pre 8)
#6062 for master
This PR was merged into the 2.1 branch.
Commits
-------
1daefa5 [Routing] made it compatible with older PCRE version (pre 8)
Discussion
----------
[Routing] compatibility with older PCRE version (pre 8)
fixes#4093
Ok I changed my mind about this issue.
1. I figured more people are affected than I thought and CentOS is stubborn.
2. Symfony still uses the old regex style `?P<param>` in several other components. So also doing so in the routing makes it more consistent.
3. Even if it's definitely not good to use an over 6 year old PCRE version with a recent PHP version, we can still try to provide the best experience. It doesn't mean we support outdated software stacks of custom PHP compilations as we won't and cannot specifically test against it.
@fabpot: I will do a seperate PR on master when you merged this because the code changed alot in master so it cannot easily be merged I guess. I will also convert the symfony requirement for PCRE in the requirements check to a recommendation.
This PR was merged into the master branch.
Commits
-------
966e7d6 [DI] removed unneeded is_object() calls
Discussion
----------
[DI] removed unneeded is_object() calls
I searched through all of symfony for occurences of the coding style `(is_object($value) && $value instanceof Object)` with a regex like `is_object\(\$[a-zA-z0-9]+\) && \$[a-zA-z0-9]+ instanceof `.
The `is_object` calls are not needed in this case. Only the DI component made such duplicate checks.
This PR was squashed before being merged into the master branch (closes#6030).
Commits
-------
749dac1 Improve docBlock
Discussion
----------
Improve docBlock
This is just a minor change documenting the return type of `SerializerInterface::deserialize()`.
This PR was merged into the master branch.
Commits
-------
83b37ff [DependencyInjection] Return self for add...
Discussion
----------
[DependencyInjection] Return self for add...
Bug fix: no
Forget fix: yes
Feature addition: no
Symfony2 tests pass: yes
License of the code: MIT
Return self instance when call an ADD something method.
---------------------------------------------------------------------------
by pborreli at 2012-11-16T13:24:45Z
Please fix PHPDoc accordingly
---------------------------------------------------------------------------
by ruian at 2012-11-16T13:38:41Z
@pborreli done.
This PR was merged into the master branch.
Commits
-------
97f6a1b [Form] Update password type trimming to false
Discussion
----------
[Form] Update password trimming to false by default
Bug fix: yes
Feature addition: no
Backwards compatibility break: yes
Symfony2 tests pass: yes
Fixes the following tickets: ~
Todo: -
License of the code: MIT
Documentation PR: ~
Hey!
Today, I realize that the password type is by default trimmed. IMHO, this is not the expected behavior. By default, the password type should not trim the input value.
Regards
---------------------------------------------------------------------------
by nomack84 at 2012-11-13T19:16:29Z
👍
---------------------------------------------------------------------------
by mvrhov at 2012-11-13T19:57:29Z
IMHO password and username fields should be trimmed. whitespace at the beginning and at the end of those fields are not wanted. At least I don't want to deal with a user support where WS on those fields is not trimmed.
---------------------------------------------------------------------------
by egeloen at 2012-11-13T20:08:08Z
@mvrhov I agree with you about username fields and other "text" fields but in case of a password field, if the end user specifies white space at the begin/end of his password, it should not be trimmed. It should simply let it as it is. I open this PR due to two customers who reports me this behavior.
---------------------------------------------------------------------------
by clemherreman at 2012-11-14T10:06:15Z
@mvrhov I agree, username shouldn't be trimmed, however password are kind of special. They should be used *"as is"*, as lots of users have wicked passwords.
Moreover, usually the password is asked twice, so if there are spaces, they are most likely wanted by the end user.
So 👍
---------------------------------------------------------------------------
by clemherreman at 2012-11-14T10:07:27Z
Also Travis status on this PR is **failed** because of an error when downloading the deps.
---------------------------------------------------------------------------
by geoffrey-brier at 2012-11-14T10:34:56Z
👍
---------------------------------------------------------------------------
by bschussek at 2012-11-14T15:01:43Z
Could you please add a test case to PasswordTypeTest?
Please also reference this PR in the test
(= add the comment `// https://github.com/symfony/symfony/pull/6007` before the test)
---------------------------------------------------------------------------
by egeloen at 2012-11-14T15:10:36Z
@bschussek I have updated the PR.
---------------------------------------------------------------------------
by bschussek at 2012-11-14T15:24:34Z
Thanks! Could you please squash the commits?
---------------------------------------------------------------------------
by egeloen at 2012-11-14T15:30:11Z
@bschussek Done.
---------------------------------------------------------------------------
by stloyd at 2012-11-14T15:39:47Z
Should this be noted in `UPGRADE` file ? (as this is change of actually BC break =))
---------------------------------------------------------------------------
by egeloen at 2012-11-15T22:59:45Z
@stloyd Where can I put it? In the [UPGRADE-2.2](https://github.com/symfony/symfony/blob/master/UPGRADE-2.2.md) file?
---------------------------------------------------------------------------
by stloyd at 2012-11-15T23:02:51Z
@egeloen IMO yes, according this will go to `master` (which is actual _dev_ branch for `2.2`)
---------------------------------------------------------------------------
by egeloen at 2012-11-16T13:54:04Z
@fabpot I have removed the comment & added an entry in the `UPGRADE-2.2` file.
Bug fix: no
Feature addition: no
Backwards compatibility break: yes
Symfony2 tests pass: yes
License of the code: MIT
Return self instance when call an ADD something method.
This PR was squashed before being merged into the master branch (closes#6018).
Commits
-------
6334343 [Routing] removed getHostnamePattern from RouteCollection
Discussion
----------
[Routing] removed getHostnamePattern from RouteCollection
this method is not useful and can introduce inconsistencies when a sub-route has a different hostname, which already has a getter for the hostname
This PR was merged into the master branch.
Commits
-------
f4b630d [HttpFoundation] fix#6002
Discussion
----------
[HttpFoundation] fix#6002
---------------------------------------------------------------------------
by fabpot at 2012-11-13T17:02:45Z
Can you add a test?
---------------------------------------------------------------------------
by Tobion at 2012-11-13T17:04:23Z
hehe see #6004 there is also a test
---------------------------------------------------------------------------
by vicb at 2012-11-13T17:05:06Z
There is a test in the original PR, no need for 6004.
---------------------------------------------------------------------------
by vicb at 2012-11-13T17:05:20Z
Which is why is was failing btw
---------------------------------------------------------------------------
by Tobion at 2012-11-13T17:06:36Z
The test in 6002 did not fail for me without your patch.
---------------------------------------------------------------------------
by fabpot at 2012-11-14T12:47:46Z
@Tobion @vicb What do we do? Just revert #6002 or merge this PR?
---------------------------------------------------------------------------
by vicb at 2012-11-14T13:25:51Z
Merge. Go go go :)
----- Reply message -----
De : "Fabien Potencier" <notifications@github.com>
Pour : "symfony/symfony" <symfony@noreply.github.com>
Cc : "Victor Berchet" <victor@suumit.com>
Objet : [symfony] [HttpFoundation] fix#6002 (#6003)
Date : mer., nov. 14, 2012 13:47
@Tobion @vicb What do we do? Just revert #6002 or merge this PR?
—
Reply to this email directly or view it on GitHub.
---------------------------------------------------------------------------
by Tobion at 2012-11-14T13:31:22Z
@vicb can you explain what it fixes? As I said, your test does not cover something that would fail without the patch. So I don't see the bug.
---------------------------------------------------------------------------
by vicb at 2012-11-14T15:30:55Z
@Tobion php.net states: The `current()` function simply returns the value of the array element that's currently being pointed to by the internal pointer and `reset()` returns the value of the first array element.
I have no clue what the "element that's currently being pointed to by the internal pointer" in this method so `reset()` is probably what you want.
Validated ?
---------------------------------------------------------------------------
by Tobion at 2012-11-14T16:12:03Z
I agree `reset()` is more explicit here. But `current()` should work just as well in this case because the array pointer can only be at the first item when calling the method. Anyway, this is good to merge. I just hoped there was a unit test that ensures this on my machine. This is why I added the test in my patch. Maybe Fabien can just merge the second commit on #6004
---------------------------------------------------------------------------
by vicb at 2012-11-14T16:20:57Z
As explained in #6004, there is already a test from my first PR that made Travis go red.
This PR was merged into the master branch.
Commits
-------
395c004 [HttpFoundation] Fix AcceptHeader
Discussion
----------
[HttpFoundation] Fix AcceptHeader
The important lines are:
```php
<?php
- return !empty($this->items) ? current($this->items) : null;
+ return !empty($this->items) ? $this->items[0] : null;
```
(and the corresponding test).
The commit has some code re-org to make reading tests easier (providers defined close the the corresponding test). This might be personal preferences only, let me know if it should be reverted.
* 2.1:
fixed comment. The parent ACL is not accessed in this method.
[HttpFoundation] Make host & methods really case insensitive in the RequestMacther
[Validator] fixed Ukrainian language code (closes#5972)
Fixed case of php function
* 2.0:
fixed comment. The parent ACL is not accessed in this method.
[HttpFoundation] Make host & methods really case insensitive in the RequestMacther
[Validator] fixed Ukrainian language code (closes#5972)
Fixed case of php function
Conflicts:
src/Symfony/Bundle/FrameworkBundle/Resources/translations/validators.uk.xliff
src/Symfony/Component/HttpFoundation/RequestMatcher.php
* 2.1: (24 commits)
forced Travis to use source to workaround their not-up-to-date Composer on PHP 5.3.3
[Routing] removed irrelevant string cast in Route
Fixed typo
Make YamlFileLoader and XmlFileLoader file loading extensible
[HttpKernel] fix typo
Fixed singularization of "prices"
[Form] Removed an exception that prevented valid formats from being passed, e.g. "h" for the hour, "L" for the month etc.
[HttpKernel] fixed Client when using StreamedResponses (closes#5370)
fixed PDO session handler for Oracle (closes#5829)
[HttpFoundation] fixed PDO session handler for Oracle (closes#5829)
[Locale] removed a check that is done too early (and it is done twice anyways)
Update src/Symfony/Component/Validator/Resources/translations/validators.fa.xlf
Adding new localized strings for farsi validation.
[HttpFoundation] moved the HTTP protocol check from StreamedResponse to Response (closes#5937)
[Form] Fixed forms not to be marked invalid if their children are already marked invalid
[Form] Excluded some tests in NumberToLocalizedStringTransformerTest which fail on ICU 4.4, but work on ICU 4.8
added missing tests from previous merge
[Form] Fixed NumberToLocalizedStringTransformer to accept both comma and dot as decimal separator, if possible
Fix export-ignore on Windows
Show correct class name InputArgument in error message
...
Conflicts:
.travis.yml
src/Symfony/Component/Form/Extension/Core/DataTransformer/NumberToLocalizedStringTransformer.php
This PR was merged into the master branch.
Commits
-------
0159358 refactored CSS, images, templates included in the built-in bundles
812b9b1 replace _ in stylesheets (ids and classes) by - (should be consistent across the whole framework now)
983b2b5 uniformized styles
e0aab40 renamed sf-exceptionreset to sf-reset
Discussion
----------
Public resources refactoring
The first 3 commits are just cosmetic ones.
The last one refactors CSS, images, and templates included in the built-in bundles. Right now, everything is tied to the exception pages, but the code can be used standalone.
So, the goal is to make things more decoupled and more reusable across different bundles. That way, a bundle can provide pages that look like the other ones in Symfony without the need to duplicate code.
See the associated PR for the distribution bundle to see an example.
If you want to have a look at the last commit (not sure if it is worth it), you probably want to append ?w=1 to the URL to avoid too much whitespace noise.
---------------------------------------------------------------------------
by pborreli at 2012-11-13T09:38:00Z
congrats ! #6000
---------------------------------------------------------------------------
by fabpot at 2012-11-13T09:38:39Z
A simple usage example:
```jinja
{% extends "TwigBundle::layout.html.twig" %}
{% block body %}
<div class="block">
FOOBAR
</div>
{% endblock %}
```
This PR was squashed before being merged into the master branch (closes#5879).
Commits
-------
07bd5c6 Make non-instantiable utils classes consistent with each other
Discussion
----------
Make non-instantiable utils classes consistent with each other
Bug fix: no
Feature addition: no
Backwards compatibility break: no
Symfony2 tests pass: yes
License of the code: MIT
As per discussion in #5875 turned out that we don't have a consistent way to define non-instantiatable classes.
I don't like `final` as it removes flexibility with no visible gain.
I don't like `abstract` since it's not specifically clear what is meant by that. Is this class not complete? Should it be extended?
This PR was merged into the 2.0 branch.
Commits
-------
b3a8efd fixed comment. The parent ACL is not accessed in this method.
Discussion
----------
fixed comment. The parent ACL is not accessed in this method.
Just fixed a comment on PermissionGrantingStrategy.
hasSufficientPermissions() is not accessing the parent ACL. That's done in isGranted().
we don't need the logic to merge numeric keys, as we don't have them. I could also improve the genrated code by PhpMatcherDumper a little by saving a function call.
This PR was squashed before being merged into the master branch (closes#5928).
Commits
-------
6a033f3 setData method also accepts objects. Doc should reflect this.
Discussion
----------
setData method also accepts objects. Doc should reflect this.
Bug fix: no
Feature addition: no
Backwards compatibility break: no
Symfony2 tests pass: yes
Fixes the following tickets: NA
Todo: None
License of the code: MIT
Documentation PR: None
This PR was squashed before being merged into the master branch (closes#5904).
Commits
-------
84adcb1 [2.2][Routing] Added support for default attributes with default values of method params
Discussion
----------
[2.2][Routing] Added support for default attributes with default values of method params
Bug fix: no
Feature addition: yes
Backwards compatibility break: no
Symfony2 tests pass: yes
With this patch, you can configure your default values likes this:
``` php
/**
* @Route("/hi/{name}", name="hi")
*/
public function hiAction($name = "Bob")
{
return new Response($name);
}
```
---------------------------------------------------------------------------
by Tobion at 2012-11-03T23:15:32Z
I'm unsure. How does one know if that param defines a default value or a requirement? It's too vague.
---------------------------------------------------------------------------
by lyrixx at 2012-11-03T23:35:27Z
It's only a default value, not a requirement.
It's just a shortcut to avoid `defaults={"name"="bob"}`
---------------------------------------------------------------------------
by Tobion at 2012-11-03T23:43:51Z
Yes, but its not clear. It could also be a shortcut to `requirements={"name"="bob"}`, which has totally different meaning. So it's not self-explanatory.
-1 for me.
---------------------------------------------------------------------------
by lyrixx at 2012-11-03T23:48:21Z
it is the default php behavior. It's a default value for a variable...
---------------------------------------------------------------------------
by stof at 2012-11-04T00:22:58Z
@Tobion using the default value of the method to set a requirement does not make any sense. I don't see why someone would expect this behavior
---------------------------------------------------------------------------
by fabpot at 2012-11-06T10:12:05Z
@lyrixx Can you add some unit tests?
---------------------------------------------------------------------------
by Tobion at 2012-11-06T10:28:42Z
Oh I misunderstood the PR. I thought this makes the `name` param default to `hi`. `@Route("/hi/{name}", name="hi")`. But it's just the name of the route. Your example was easy to misinterpret as you used `name` everywhere.
---------------------------------------------------------------------------
by fabpot at 2012-11-10T08:33:13Z
@lyrixx Can you finish this PR?
---------------------------------------------------------------------------
by lyrixx at 2012-11-10T13:16:34Z
@fabpot Yes i will as soon as possible.
---------------------------------------------------------------------------
by lyrixx at 2012-11-10T18:34:07Z
I rebase and amend my commit. (I changed doc in commit message to be less confusing)
I will try to add tests.
But for now, `AnnotationClassLoader::load` is not really tested, and `AnnotationClassLoader::addRoute` is absolutely not tested. So I think I should add tests for these methods ? And then add tests for my patch.
I will try tomorrow.
---------------------------------------------------------------------------
by lyrixx at 2012-11-11T18:23:41Z
@fabpot I added new tests. I tried to made very atomic commits.
This PR was merged into the master branch.
Commits
-------
bdf0334 Fixed the lap method. Added upgrade notes. Some CS fixes
Discussion
----------
Fixed the lap method. Added upgrade notes. Some CS fixes
Bug fix: yes
Feature addition: no
Backwards compatibility break: no
Symfony2 tests pass: yes
Fixes the following tickets: ~
Todo: ~
License of the code: MIT
Documentation PR: ~
This adds some type-hinting to the Stopwatch components.
I've also split the Section class to its own file, I know it's not a must as per coding standards used by Symfony but it complies with most of the other classes in the framework.
I've updated the UPGRADE-2.2.md file as well.
There's a bug fix which I'm not sure it if should have been done in this branch or not.
Let me know if I should make this PR against an older version of the framework.
Thanks.
This PR was merged into the master branch.
Commits
-------
c7a8f7a [Routing] fixed possible parameters conflict in apache url matcher
Discussion
----------
[Routing] fixed possible parameters conflict in apache url matcher
Bug fix: yes
Feature addition: no
Backwards compatibility break: no (as long as rewrite rules are generated after upgrading)
Symfony2 tests pass: yes
- This fixes a conflict in route parameters:
The rewrite rules currently pass route informations through environment variables:
`_ROUTING_DEFAULT_x`: passes the default value of parameter x
`_ROUTING__allow_x`: passes the information that method x was allowed for this route
`_ROUTING_x`: passes the value of parameter x
The problem is that naming a route parameter `DEFAULT_*` or `_allow_*` would not behave as expected.
I fixed this by namespacing all environment variables; e.g. parameters are in `_ROUTING_param_*`, defaults in `_ROUTING_default_*`, etc.
- The PR fixes a second issue: sometimes the variables are prefixed with multiple REDIRECT_. This PR handles this case by ignoring them all.
- This also improves performance a little:
Matching a route with two parameters and two default parameters 100K times: (`$_SERVER` was copied from a real request, so with many non `_ROUTING_` variables)
master: 6.6s
this branch: 4.7s
---------------------------------------------------------------------------
by fabpot at 2012-10-27T13:37:24Z
Any news on this PR? Is it mergeable?
---------------------------------------------------------------------------
by arnaud-lb at 2012-10-27T14:50:08Z
There is an issue with default parameter values, I can't find how to fix that in a simple way. Before this PR, default values are never used (if a parameter is an optional not present in the url, the parameter's value is the empty string); after this PR, when a parameter is present and empty (e.g. a requirement like `.*`), its value is set to its default value.
---------------------------------------------------------------------------
by Tobion at 2012-10-29T01:36:08Z
The problem is, it's not consistent with the default php matcher. So one cannot safely exchange it with the apache matcher because it behaves differently under some (special) circumstances.
---------------------------------------------------------------------------
by fabpot at 2012-11-05T08:05:54Z
We need to move forward as I want to merge the hostname support in the routing ASAP to have plenty of time for feedback before the 2.2 release.
Does it sound reasonable to merge this PR as is an open a ticket about the remaining issue (which should not occur that often anyways)?
---------------------------------------------------------------------------
by arnaud-lb at 2012-11-05T09:22:02Z
@fabpot it sounds reasonable to me. Also, I've the hostname support branch is currently rebased so that it can be merged without this one.
---------------------------------------------------------------------------
by Tobion at 2012-11-11T21:50:20Z
Btw, does the ApacheMatcherDumper handle the _scheme requirement? It doesn't look like it. This would be another bug.
Anyway, we can probably merge this PR and open new issues for the remaining bugs.
This PR was merged into the master branch.
Commits
-------
e32ca2b [HttpKernel] Fix Symfony2 full framework tests
Discussion
----------
[HttpKernel] Fix Symfony2 full framework tests
Fix the path when the full framework is used
---------------------------------------------------------------------------
by fabpot at 2012-11-12T09:08:06Z
When is it broken?
---------------------------------------------------------------------------
by vicb at 2012-11-12T09:18:01Z
now, https://travis-ci.org/symfony/symfony/jobs/3159326
This PR was squashed before being merged into the master branch (closes#5970).
Commits
-------
d0433b6 [Stopwatch] Get the "real size" used & minor tweaks
Discussion
----------
[Stopwatch] Get the "real size" used & minor tweaks
---------------------------------------------------------------------------
by vicb at 2012-11-11T09:45:50Z
@fabpot @maoueh thanks for your feedback, integrated.
This PR was merged into the master branch.
Commits
-------
4c0c588 [MemoryDataCollector] Stop being optimistic about memory usage
Discussion
----------
[MemoryDataCollector] Stop being optimistic about memory usage
Take into account the memory used in the kernel.terminate listeners
This PR was merged into the master branch.
Commits
-------
b27b749 made usage of Composer autoloader for subtree-split unit tests
Discussion
----------
made usage of Composer autoloader for subtree-split unit tests
This PR also normalizes the way components are tested.
---------------------------------------------------------------------------
by stof at 2012-11-09T23:14:22Z
👍
This PR was merged into the 2.1 branch.
Commits
-------
84b760b [HttpKernel] fixed Client when using StreamedResponses (closes#5370)
Discussion
----------
[HttpKernel] fixed Client when using StreamedResponses (closes#5370)
This PR was merged into the 2.1 branch.
Commits
-------
e34fb41 [HttpFoundation] moved the HTTP protocol check from StreamedResponse to Response (closes#5937)
Discussion
----------
[HttpFoundation] moved the HTTP protocol check from StreamedResponse to Response (closes#5937)
This PR was merged into the 2.1 branch.
Commits
-------
646a714 Fix export-ignore on Windows
Discussion
----------
Fix export-ignore on Windows
Rules:
Tests/ export-ignore
don't work on Windows. My proposition is:
/Tests export-ignore
This PR was merged into the 2.1 branch.
Commits
-------
4909bc3 [Form] Fixed forms not to be marked invalid if their children are already marked invalid
Discussion
----------
[Form] Fixed forms not to be marked invalid if their children are already marked invalid
Bug fix: yes
Feature addition: no
Backwards compatibility break: no
Symfony2 tests pass: yes
Fixes the following tickets: #4359
Todo: -
License of the code: MIT
Documentation PR: -
This PR prevents unsynchronized forms from being marked invalid if any of their children is also unsynchronized (and thus also marked invalid). Displaying an invalid message twice does not help the user and, if used in conjunction with error bubbling, may lead to duplicate errors (see #4359).
This PR was merged into the master branch.
Commits
-------
380cf4f [HttpKernel] added memory information in the Stopwatch
Discussion
----------
[HttpKernel] added memory information in the Stopwatch
* 2.0:
[Form] Fixed NumberToLocalizedStringTransformer to accept both comma and dot as decimal separator, if possible
Show correct class name InputArgument in error message
shows correct class name InputOption in error message
The exception message should say which field is not mapped
[HttpFoundation] Fix name sanitization after perfoming move
Add check to Store::unlock to ensure file exists
Conflicts:
src/Symfony/Bridge/Doctrine/Validator/Constraints/UniqueEntityValidator.php
src/Symfony/Component/HttpFoundation/File/UploadedFile.php
tests/Symfony/Tests/Component/Console/Input/InputArgumentTest.php
tests/Symfony/Tests/Component/Console/Input/InputOptionTest.php
tests/Symfony/Tests/Component/Form/Extension/Core/DataTransformer/NumberToLocalizedStringTransformerTest.php
tests/Symfony/Tests/Component/HttpFoundation/File/FileTest.php
tests/Symfony/Tests/Component/HttpKernel/HttpCache/StoreTest.php
This PR was merged into the master branch.
Commits
-------
af87c2b changed the Firewall to be a proper subscriber
02bd359 changed the remember-me listener to be a proper subscriber
Discussion
----------
Changed some security classes to implement the EventSubscriberInterface interface
---------------------------------------------------------------------------
by fabpot at 2012-11-06T10:11:28Z
That could also be done in 2.1. What do you think?
This PR was merged into the master branch.
Commits
-------
55a0fef Float support added for transchoice in the Translation Component
Discussion
----------
Float support added for transchoice in the Translation Component
Bug fix: no
Feature addition: yes
Backwards compatibility break: no
Symfony2 tests pass: yes
License of the code: MIT
---------------------------------------------------------------------------
by pborreli at 2012-11-01T23:22:50Z
👍 nice PR
* Default to _id for storing session ID
* Use MongoDate instead of MongoTimestamp (BC break)
* Rename default field names ("sess_" is redundant)
* "justOne" is redundant for session removal
* Assert true return values in method tests
* Add note about TTL collections for gc()
* Don't set identifier in upsert (invalid behavior)
This PR was merged into the master branch.
Commits
-------
e193590 [Security] removed the 401 error custom status message
Discussion
----------
[Security] removed the 401 error custom status message
see fabpot/Silex#496
---------------------------------------------------------------------------
by pborreli at 2012-10-31T17:29:24Z
@fabpot please fix the test suite, if you don't know how to do it, read http://symfony.com/doc/current/contributing/code/tests.html, thx 😸
This PR was merged into the master branch.
Commits
-------
73bb47b [Console] Fix#5897 - Console component require Shell component
Discussion
----------
[Console] Fix#5897 - Console component require Shell component
When setting the process isolation of a shell to true:
`setProcessIsolation(true)` throw a `\RuntimeException` if the Process component isn't available.
Bug fix: yes
Feature addition: no
Backwards compatibility break: no
Symfony2 tests pass: yes
Fixes the following tickets: #5897
Todo: -
License of the code: MIT
Documentation PR: -
---------------------------------------------------------------------------
by alias-mac at 2012-11-04T17:07:59Z
I noticed that there is no Unit Testing for the Shell class. Shall I create one with the test for this fix/bug request?
---------------------------------------------------------------------------
by alias-mac at 2012-11-06T01:58:40Z
Updated based on @stof comments.
---------------------------------------------------------------------------
by alias-mac at 2012-11-06T02:11:20Z
The travis-ci build failure as nothing to do with the code. See:
https://travis-ci.org/#!/symfony/symfony/jobs/3076345
When setting the process isolation of a shell to true:
`setProcessIsolation(true)` throw a `\RuntimeException` if the Process component isn't available.
This PR was squashed before being merged into the master branch (closes#5841).
Commits
-------
6b601bd [http-foudation] Better accept header parsing
Discussion
----------
[http-foudation] Better accept header parsing
Bug fix: no
Feature addition: yes
Backwards compatibility break: yes
Symfony2 tests pass: yes
**Quality:**
The special `q` item attribute represents its quality. I had to make some choices:
* if I set `q` attribute, it's assigned to quality property, but not to attributes
* the `__toString()` method only render `q` attribute if quality is less than 1
**BC break:**
The return of `Request::splitHttpAcceptHeader()` has changed. It's result was an array of qualities indexed by an accept value, it now returns an array of `AcceptHeaderItem` indexed by its value.
---------------------------------------------------------------------------
by jfsimon at 2012-10-26T08:35:55Z
As dicussed in https://github.com/symfony/symfony/pull/5711.
---------------------------------------------------------------------------
by Seldaek at 2012-10-27T10:35:49Z
Maybe you can pull 5e8a5267f6 into your branch (for some reason I can't send a PR to your repo, it doesn't show up in github's repo selector.. looks like they don't like projects with too many forks). It allows you to use usort() which hopefully is faster than your merge sort, though I did not bench it. I also added tests to confirm the functionality.
---------------------------------------------------------------------------
by Seldaek at 2012-10-27T10:40:27Z
Sorry please check 376dd93c56 instead, I missed a few tests in the RequestTest class.
---------------------------------------------------------------------------
by jfsimon at 2012-10-29T16:26:03Z
@fabpot do you think the introduced BC break is acceptable?
---------------------------------------------------------------------------
by fabpot at 2012-10-29T16:37:06Z
@jfsimon Are all getAccept*() method BC?
---------------------------------------------------------------------------
by jfsimon at 2012-10-29T16:39:26Z
@fabpot nope, just `Request::splitHttpAcceptHeader()`
---------------------------------------------------------------------------
by jfsimon at 2012-10-29T16:43:18Z
@fabpot I think missunderstood... only `Request::splitHttpAcceptHeader()` breaks BC.
---------------------------------------------------------------------------
by fabpot at 2012-10-29T16:53:22Z
So, a BC break on just splitHttpAcceptHeader is possible... but should be documented properly. Another option would be to deprecate the current method (and keep it as is), and just use the new version everywhere. Sounds better as it won"t introduce any BC breaks.
---------------------------------------------------------------------------
by jfsimon at 2012-10-29T16:55:57Z
@fabpot Okay, I'll update this PR according to your second option.
---------------------------------------------------------------------------
by jfsimon at 2012-10-29T20:14:46Z
@fabpot done.
As you can see here: https://github.com/symfony/symfony/pull/5841/files#L5L1029 value returned by `Request::splitHttpAcceptHeader()` is not **exactly** the same as before because all attributes are present (not only those before the `q` one).
---------------------------------------------------------------------------
by fabpot at 2012-10-30T06:16:23Z
The last thing missing before I can merge is a PR to update the documentation (should probably be just a note somewhere with the example you have in the UPGRADE file).
---------------------------------------------------------------------------
by jfsimon at 2012-10-30T07:07:08Z
@fabpot I could add this example here: http://symfony.com/doc/current/components/http_foundation/introduction.html#request after `Accessing the session`, what do you think?
---------------------------------------------------------------------------
by fabpot at 2012-10-30T07:14:10Z
Yes, looks good to me.
* 2.1:
removed unused use statements
[Form] Adapted HTML5 format in DateTimeType as response to a closed ICU ticket
[2.1][HttpFoundation] Fixed Php doc in Request::get
bumped Symfony version to 2.1.4-DEV
updated VERSION for 2.1.3
update CONTRIBUTORS for 2.1.3
updated CHANGELOG for 2.1.3
merged branch jakzal/yamlDoubleQuotesDumperFix (PR #4320)
Conflicts:
src/Symfony/Component/HttpKernel/Kernel.php
This PR was merged into the 2.1 branch.
Commits
-------
b9f6cac [2.1][HttpFoundation] Fixed Php doc in Request::get
Discussion
----------
[2.1][HttpFoundation] Fixed Php doc in Request::get
Bug fix: yes
Feature addition: no
Backwards compatibility break: no
Symfony2 tests pass: yes
License of the code: MIT
According to php code, `Request::get` method does not seek in cookies.
---------------------------------------------------------------------------
by pborreli at 2012-11-02T11:02:26Z
your PR is full of reSquest typo :)
---------------------------------------------------------------------------
by lyrixx at 2012-11-02T11:25:31Z
@pborreli Fixed
Commits
-------
b631073 [Yaml] Fixed double quotes escaping in Dumper.
Discussion
----------
[Yaml] Fixed double quotes escaping in Dumper
Issue #4308 is caused by Dumper::escapeWithDoubleQuotes() which uses [str_replace()](http://php.net/str_replace).
From the php docs:
> Because str_replace() replaces left to right, it might replace a previously inserted value when doing multiple replacements.
We should be very careful in deciding about the order of elements in $escapees array. I'd really appreciate if someone reviewed my fix. Tests say I didn't break anything but I'm not sure what percentage of Yaml specification is covered by tests.
Bug fix: yes
Feature addition: no
Backwards compatibility break: not that I know
Symfony2 tests pass: [](http://travis-ci.org/jakzal/symfony)
Fixes the following tickets: #4308
---------------------------------------------------------------------------
by travisbot at 2012-05-18T08:53:51Z
This pull request [passes](http://travis-ci.org/symfony/symfony/builds/1364279) (merged 5192722c into a04acc89).
---------------------------------------------------------------------------
by travisbot at 2012-05-18T23:19:49Z
This pull request [fails](http://travis-ci.org/symfony/symfony/builds/1371539) (merged ecaa1aab into fc3c609b).
---------------------------------------------------------------------------
by dinamic at 2012-05-19T07:35:21Z
Something is really wrong with this method. You can see clearly that multiple characters would fail proper escaping.
Here's an example:
```
$value = '\\\\"some value\n \"some quoted string\" and \'some single quotes one\'"';
var_dump(Escaper::escapeWithDoubleQuotes($value));
string(72) ""\\\"some value\n \\some quoted string\\ and 'some single quotes one'\"""
```
To begin with the backslash - in the initial value you have 2 (escaped ones), that after escaping should result in 4, not in 1 (escaped). I guess this behavior has to be verified with the importer, but imho it does not seem right.
Does anyone know why this escaping wasn't done using a regular expression in first place?
---------------------------------------------------------------------------
by clemens-tolboom at 2012-05-19T10:18:58Z
Searching for https://duckduckgo.com/?q=what+is+\xc2\x85 the table on http://stackoverflow.com/questions/6609895/efficiently-replace-bad-characters is interesting enough to decide we need way more documentation on this file.
\xc2\x85 seems to be triple dot (ellipses)
\xe2\x80\xa9 seems to be paragraph separator see http://drupal.org/node/914360#comment-3468550
Conflicts:
src/Symfony/Component/Yaml/Escaper.php
This PR was merged into the master branch.
Commits
-------
2f7bbbf [HttpFoundation] Added BinaryFileResponse.
Discussion
----------
[2.2] [HttpFoundation] Added BinaryFileResponse.
Another stab at #3602, based on @stealth35's code at https://gist.github.com/1472230.
- Move things around a little, clean things up, looking how it has been done in StreamedResponse.
- Add tests.
- Make functions chainable.
- Add a flag whether or not to trust the X-Sendfile-Type header.
---------------------------------------------------------------------------
by Partugal at 2012-06-10T19:56:43Z
What about support X-Accel-Redirect (nginx)?
---------------------------------------------------------------------------
by niklasf at 2012-06-10T20:41:10Z
@Partugal: So we support X-Sendfile-Type to pick the X-Sendfile header. What else would be needed to support X-Accel-Redirect (which we should definitely do)?
---------------------------------------------------------------------------
by Partugal at 2012-06-10T21:29:41Z
@niklasf Because nginx not use full file path, this need X-Accel-Mapping header (http://rack.rubyforge.org/doc/Rack/Sendfile.html)
---------------------------------------------------------------------------
by niklasf at 2012-06-10T22:45:38Z
@Partugal: Alright. Doing such a substitution now. Also added a test for that.
---------------------------------------------------------------------------
by stealth35 at 2012-06-11T07:47:35Z
I think the MIME should be base on the extensions map, for an example with `xlsx` that send an `application/zip` or a `xlsx` file MIME is `application/vnd.openxmlformats-officedocument.spreadsheetml.sheet`
Client to server : Reverve MIME => libmagic
Server to client : MIME => MIME map
---------------------------------------------------------------------------
by niklasf at 2012-06-11T14:40:00Z
@partugal: Thanks! Also added tests. Any e-mail you want to have in your credits?
---------------------------------------------------------------------------
by niklasf at 2012-06-11T14:41:39Z
@stealth35: Yeah ... makes sense. How would I get that information?
---------------------------------------------------------------------------
by stealth35 at 2012-06-11T14:47:36Z
use the `Symfony\Component\HttpFoundation\File\Mimetype\MimeTypeExtensionGuesser` it's the same map as Apache
and if the extension don't exists use `$this->getMimeType` and finaly `application/octet-stream`
---------------------------------------------------------------------------
by Partugal at 2012-06-11T15:46:41Z
@niklasf Thanks you for your work
If needed you may use linniksa@gmail.com
---------------------------------------------------------------------------
by niklasf at 2012-06-14T10:58:19Z
@stealth35: Sorry. I have to ask again.
- So the first step would be using the map in `MimeTypeExtensionGuesser`? I don't see how I can access that, because the `guess()` method it has, is for guessing extensions from mime types, not the reverse.
- Then, by `$this->getMimeType` you mean the getMimeType() method of the file? Sounds good.
- `application/octet-stream` as the fallback. Alright.
---------------------------------------------------------------------------
by stealth35 at 2012-06-14T11:00:33Z
Yeah sorry `MimeTypeExtensionGuesser` is for getting an extension with the Mime, forget about this, i'll take care aboute all MIME intégration later
---------------------------------------------------------------------------
by niklasf at 2012-06-14T13:12:22Z
@stealth35: Awesome. Thanks a lot.
---------------------------------------------------------------------------
by jalliot at 2012-08-07T20:53:54Z
@niklasf You should backport the changes from 532334d23d and 3f51bc0a3d
---------------------------------------------------------------------------
by niklasf at 2012-08-07T21:07:10Z
@jalliot Thanks. Fixed.
This PR was merged into the master branch.
Commits
-------
2817a47 [Finder] Fixed filename containing space bug in gnu adapter.
9bf7cb0 [Finder] Added filename containing space to tests.
Discussion
----------
[Finder] Fixed filename containing space bug in gnu find adapter.
Bug fix: yes
Feature addition: no
Backwards compatibility break: no
Symfony2 tests pass: yes
Fixes: #5851
`GNU find` adapter now uses `cut` instead of `awk`.
This PR was merged into the master branch.
Commits
-------
3e58893 [Security] Tweak UsernamePasswordFormAuthenticationListener
Discussion
----------
[Security] Tweak UsernamePasswordFormAuthenticationListener
Bug fix: no
Feature addition: no
Backwards compatibility break: no
Symfony2 tests pass: [](http://travis-ci.org/acasademont/symfony)
Fixes the following tickets: -
Todo: -
License of the code: MIT
Documentation PR: -
Improvements:
- Do not check twice for the ```only_post``` condition. The condition in the ```attemptAuthentication``` method is useless as this method will never be called if the previous ```requiresAuthentication``` call returns false.
- If the expected request is ```only_post```, check only the POST variables for the username and password parameters. Otherwise, query params and attributes are checked before.
- Use POST instead of post for correctness
This PR was merged into the master branch.
Commits
-------
aecc9b1 fixed tests when OpenSsl is not enabled in PHP, renamed a missnamed test, added missing license doc blocks
ca567b5 fixed CS
5cdf696 added a SecureRandomInterface
234f725 rename String to StringUtils
5849855 moved the secure random dep for remember me as a constructor argument
248703f renamed Prng to SecureRandom
c0c8972 simplified the Prng code
e5dc7af moved the secure random class from JMSSecurityExtraBundle to Symfony (closes#3595)
Discussion
----------
[2.2][Security] Add a PRNG (closes#3595)
As per #3595, I have moved the secure random class from JMSSecurityExtraBundle to Symfony.
It has more impact than I expected ;)
As you will see, the implementation has been refactored a bit. The most notable change is that Doctrine support has been moved to the bridge with the addition of a proper Doctrine seed provider (Doctrine is not a special case anymore).
The Doctrine configuration has been moved to the DoctrineBundle: doctrine/DoctrineBundle#91schmittjoh/JMSSecurityExtraBundle#65 removes the code that has been moved.
---------------------------------------------------------------------------
by Seldaek at 2012-07-05T13:26:01Z
I'm all for more security features, and both the String class & the Prng class for wrapping openssl make a lot of sense IMO, but I fail to see the use of the rest.
If we just want a seed to have a fallback in case openssl is missing, I'd rather have a secret in the config.yml than a million classes to store the same secret in the DB. Maybe I'm missing something though? /cc @schmittjoh
---------------------------------------------------------------------------
by schmittjoh at 2012-07-05T16:32:10Z
Having the configuration in different places (SecurityBundle & DoctrineBundle) feels a bit weird. I would prefer an approach similar to ACL, or the user provider/firewall section with factories. The latter being a bit more work to implement and the former potentially asking for complaints about too tight coupling to Doctrine.
Regarding testing, we probably need to move the disableOpenSsl method to the SecureRandom class in order to allow OpenSSL to be disabled for testing and we also need to change the byte generation algorithm to produce the same output for the same starting seed. I agree that it does not make sense to introduce an interface for SecureRandom as only the seed providers should be replaced.
As for the seed itself, it is constantly updated and does not stay the same as in the beginning. Thus, we need a provider that we can write to, and not only read from. I'm also not sure about using OpenSSL on Windows as I have read enough resources which claimed that the entropy on Windows is not always good (including OpenSSL docs). Always using the custom seed provider at least always ensured proper entropy even if OpenSSL's speed issues have been fixed in newer PHP versions.
---------------------------------------------------------------------------
by stof at 2012-07-05T16:44:24Z
@schmittjoh everything is in SecurityBundle now as it does not use a database anymore
---------------------------------------------------------------------------
by stof at 2012-07-05T16:44:59Z
and there is no seed provider anymore either
---------------------------------------------------------------------------
by schmittjoh at 2012-07-05T16:53:39Z
Not having a seed provider is not such a good idea, but having a file-based seed provider is.
---------------------------------------------------------------------------
by Seldaek at 2012-07-05T17:01:18Z
@schmittjoh why would you need to replace the seed provider? Don't you think that people serious about security to the point that they would want a stronger seed provider would enable openssl instead?
---------------------------------------------------------------------------
by stof at 2012-07-05T17:06:50Z
Well, what I meant is that there is no interchangeable provider anymore. The Prng class uses the file directly.
And btw, I think the Prng class should be mockable for tests, so it should either have an interface or not be final (I vote for adding an interface)
---------------------------------------------------------------------------
by jalliot at 2012-07-09T18:46:12Z
@fabpot @schmittjoh What about using more fallbacks for `openssl_random_pseudo_bytes` like in @Seldaek's post ["Unpredictable hashes for humans"](http://seld.be/notes/unpredictable-hashes-for-humans)?
Trying `mcrypt_create_iv` first might also be faster.
---------------------------------------------------------------------------
by Seldaek at 2012-07-10T08:52:46Z
@jalliot I think mcrypt should be after if you make it use /dev/urandom, not 100% sure but openssl is probably higher quality than urandom.
---------------------------------------------------------------------------
by schmittjoh at 2012-07-10T09:12:07Z
The fallback algorithm that I added should be enough (it passes the
statistical randomness tests).
On Tue, Jul 10, 2012 at 10:52 AM, Jordi Boggiano <
reply@reply.github.com
> wrote:
> @jalliot I think mcrypt should be after if you make it use /dev/urandom,
> not 100% sure but openssl is probably higher quality than urandom.
>
> ---
> Reply to this email directly or view it on GitHub:
> https://github.com/symfony/symfony/pull/4763#issuecomment-6870145
>
---------------------------------------------------------------------------
by stof at 2012-10-13T17:20:06Z
@fabpot please send a PR to the doc so that this can be merged 😃
---------------------------------------------------------------------------
by stof at 2012-10-13T17:22:08Z
hmm, actually, some comments have not been taken into account yet so it is not ready to be merged
---------------------------------------------------------------------------
by stof at 2012-10-27T07:14:43Z
you forgot the SecureRandom file
---------------------------------------------------------------------------
by fabpot at 2012-10-27T08:49:54Z
I think I've addressed all the comments. If everyone agree with the current implementation, I'm going to start updating the documentation.
---------------------------------------------------------------------------
by fabpot at 2012-10-27T10:51:15Z
I've fixed the remaining CS issues.
---------------------------------------------------------------------------
by fabpot at 2012-10-28T07:00:31Z
Documentation is here: symfony/symfony-docs#1858
