This makes the app global variable available also when accessing the Twig
environment directly instead of using the TwigEngine.
Conflicts:
src/Symfony/Bridge/Twig/CHANGELOG.md
src/Symfony/Bundle/TwigBundle/Resources/config/twig.xml
src/Symfony/Bundle/TwigBundle/TwigEngine.php
This PR was merged into the 2.0 branch.
Commits
-------
eec7885 needs to use simpleContent in xsd to allow empty elements
Discussion
----------
needs to use simpleContent in xsd to allow empty elements
This PR was merged into the 2.0 branch.
Commits
-------
57edf56 removed wrong routing xsd statement `mixed="true"`
Discussion
----------
removed wrong routing xsd statement `mixed="true"`
mixed="true" means that the element could contain both text and other elements, e.g.
`<requirement key="_locale">text <subelement /></requirement>`
But this wrong and such a definition would not even validate against the scheme as the xsd does not define which elements would be expected inside.
This PR was merged into the 2.0 branch.
Commits
-------
d5623b4 removed unused attribute from routing.xsd
Discussion
----------
removed unused attribute from routing.xsd
mixed="true" means that the element could contain both text and other elements, e.g.
`<requirement key="_locale">text <subelement /></requirement>`
But this wrong and such a definition would not even validate against the scheme as the xsd does not define which elements would be expected inside.
This PR was merged into the 2.0 branch.
Commits
-------
ac77c5b [Form] Updated checks for the ICU version from 4.5+ to 4.7+ due to test failures with ICU 4.6
Discussion
----------
[Form] Updated checks for the ICU version from 4.5+ to 4.7+
Bug fix: no
Feature addition: no
Backwards compatibility break: no
Symfony2 tests pass: yes
Fixes the following tickets: -
Todo: -
License of the code: MIT
Documentation PR: -
This PR was merged into the 2.0 branch.
Commits
-------
2d9a6fc Use Norm Data instead of Data
Discussion
----------
[Form] Use Norm Data instead of App Data
This listener is triggered when normalized data are binded.
We have to use $event->getForm()->getNormData() instead of $event->getForm()->getData().
I have made a new FormType having 'entity' as parent and having a NormTransformer. I encountered a problem in MergeCollectionListener when the request is binded.
My commit fix it.
This PR was merged into the 2.0 branch.
Commits
-------
29bfa13 small fix of #5984 when the container param is not set
Discussion
----------
small fix of #5984 when the container param is not set
this can happen when the config for the router is unset, but this method does not need to depend on routing. reading an unset config would raise an exception.
---------------------------------------------------------------------------
by Tobion at 2012-11-19T20:44:31Z
Ops, I guess it's wrong. Travis will probably confirm this in a moment.
I will correct that.
---------------------------------------------------------------------------
by flojon at 2012-11-20T22:40:07Z
Yeah you changed the logic...
---------------------------------------------------------------------------
by Tobion at 2012-11-21T14:42:48Z
ok it's fixed.
this can happen when the config for the router is unset, but this method
does not need to depend on routing. reading an unset config would raise an exception.
This PR was merged into the 2.0 branch.
Commits
-------
64b54dc Use better default ports in urlRedirectAction
64216f2 Add tests for urlRedirectAction
Discussion
----------
Default to current port in urlRedirectAction
I was a bit surprised when I used urlRedirectAction from a non-standard port (8000) it redirected me to port 80. I would argue that the default should be to use the current port instead. This is a simple patch to change that. This should only break in the case someone is relying on the current default to redirect from a non-standard port to the standard port, which should be a really rare case...
---------------------------------------------------------------------------
by Tobion at 2012-11-11T20:29:54Z
The idea is right but the implementation not. Seems this patch is not as "simple" as you said.
When you're on HTTPS and want to redirect to $scheme = HTTP, then it still uses the current HTTPS port which is wrong.
---------------------------------------------------------------------------
by flojon at 2012-11-11T20:36:47Z
Ah, I see the problem. So I guess the correct behavior would be to use the current port if staying with the same scheme or go to standard port if switching scheme. Unless the user has specified a port which will always override...
---------------------------------------------------------------------------
by Tobion at 2012-11-11T20:42:18Z
That would be the best solution that is currently possible but not the best solution that should be possible.
Because if you switch scheme but the other scheme does not use the standard port, it still doesn't work.
Ideally the Request class had an option that allows to define the ports symfony should use for HTTP and HTTPS.
This logic is in RequestContext, but it's not used here.
---------------------------------------------------------------------------
by flojon at 2012-11-11T21:32:55Z
Bummer, I forgot to check if the current port is a standard port...
---------------------------------------------------------------------------
by Tobion at 2012-11-11T21:35:13Z
add some tests
---------------------------------------------------------------------------
by flojon at 2012-11-11T23:28:18Z
Added tests and fixed my previous error
---------------------------------------------------------------------------
by flojon at 2012-11-15T18:25:12Z
@Tobion is there anything else I needed for this?
---------------------------------------------------------------------------
by fabpot at 2012-11-19T12:56:04Z
To be consistent with how we manage HTTP ports elsewhere, I'd rather use the values of the `request_listener.http_port` and `request_listener.https_port`:
```php
if (null === $httpPort) {
$httpPort = $this->container->getParameter('request_listener.http_port');
}
if (null === $httpsPort) {
$httpsPort = $this->container->getParameter('request_listener.https_port');
}
```
This is done in the `security.authentication.retry_entry_point` service and for the `router_listener` listener.
The parameter name is probably not the best one, but that could be changed then in master.
---------------------------------------------------------------------------
by flojon at 2012-11-19T13:49:18Z
@fabpot But then you would need to set that parameter manually right? It wouldn't automatically redirect you to the same port, which was what I wanted to achieve...
Could this be the right order of preference:
If a value was specified in the route use that.
Otherwise use the current port
unless switching scheme then use the parameter value
---------------------------------------------------------------------------
by fabpot at 2012-11-19T13:52:17Z
Your order of preference looks good to me.
---------------------------------------------------------------------------
by flojon at 2012-11-19T19:13:19Z
Man this was more involved than I thought... :)
Changed the logic to use the parameters when not using the current port. Also tried clean up the tests a little bit... Enjoy!
This PR was merged into the 2.0 branch.
Commits
-------
f2cbea3 [Security] remove escape charters from username provided by Digest DigestAuthenticationListener
80f6992 [Security] added test extra for digest authentication
d66b03c fixed CS
694697d [Security] Fixed digest authentication
c067586 [Security] Fixed digest authentication
Discussion
----------
Fix digest authentication
Bug fix: yes
Feature addition: no
Backwards compatibility break: no
Symfony2 tests pass: yes
Fixes the following tickets:
Todo: -
License of the code: MIT
Documentation PR: -
Replaces: #5485
This adds the missing fixes.
My only concerns is the ```\"``` removing.
```\"``` is only needed for the HTTP transport, but keeping them would require to also store the username with the escapes as well.
---------------------------------------------------------------------------
by fabpot at 2012-10-30T11:25:28Z
The digest authentication mechanism is not that widespread due to its limitation. And the transport is not HTTP, I think we are talking about very few cases.
---------------------------------------------------------------------------
by sstok at 2012-10-30T12:49:14Z
Apache seems to remove (ignore) escape characters.
```c
if (auth_line[0] == '=') {
auth_line++;
while (apr_isspace(auth_line[0])) {
auth_line++;
}
vv = 0;
if (auth_line[0] == '\"') { /* quoted string */
auth_line++;
while (auth_line[0] != '\"' && auth_line[0] != '\0') {
if (auth_line[0] == '\\' && auth_line[1] != '\0') {
auth_line++; /* escaped char */
}
value[vv++] = *auth_line++;
}
if (auth_line[0] != '\0') {
auth_line++;
}
}
else { /* token */
while (auth_line[0] != ',' && auth_line[0] != '\0'
&& !apr_isspace(auth_line[0])) {
value[vv++] = *auth_line++;
}
}
value[vv] = '\0';
}
```
But would this change be a BC break for people already using quotes but without a comma and thus they never hit this bug?
The change it self is minimum, just calling ```str_replace('\\\\', '\\', str_replace('\\"', '"', $value))``` when getting the username.
---------------------------------------------------------------------------
by fabpot at 2012-11-13T13:00:12Z
@sstok Doing the same as Apache seems the best option here (just document the BC break).
---------------------------------------------------------------------------
by sstok at 2012-11-15T16:05:00Z
Hopefully I did this correct, but the needed escapes seem correctly removed.
`\"` is changed to `"` `\\` is changed to `\`
`\'` it kept as it is, as this needs no correcting.
@Vincent-Simonin Can you verify please.
---------------------------------------------------------------------------
by Vincent-Simonin at 2012-11-19T09:28:18Z
Authentication didn't work with this configuration :
```
providers:
in_memory:
name: in_memory
users:
te"st: { password: test, roles: [ 'ROLE_USER' ] }
```
`te"st` was set in authentication form's user field.
(Must we also escape `"` in configuration file ?)
Tests were performed with nginx.
---------------------------------------------------------------------------
by sstok at 2012-11-19T09:33:34Z
Yes. YAML escapes using an duplicate quote, like SQL.
```yaml
providers:
in_memory:
name: in_memory
users:
"te""st": { password: test, roles: [ 'ROLE_USER' ] }
```
This PR was merged into the 2.0 branch.
Commits
-------
32dc31e [SecurityBundle] Convert Http method to uppercase in the config
Discussion
----------
[SecurityBundle] Convert Http method to uppercase in the config
This is not striclty required as method names would be converted to uppercase by the matcher after #5988.
However I think it is better to always use uppercase for http method names.
The config UT has also been improved as part of this PR.
This is good to propagate to 2.1 & 2.2 also.
This PR was submitted for the master branch but it was merged into the 2.0 branch instead (closes#6015).
Commits
-------
f61c019 Update src/Symfony/Component/DomCrawler/Tests/FormTest.php
9b3aaf2 Update src/Symfony/Component/DomCrawler/Form.php
Discussion
----------
FIX: Malformed field path ""
In case we have the name attribute empty.
---------------------------------------------------------------------------
by fabpot at 2012-11-15T06:12:35Z
Can you add a unit test for that case?
---------------------------------------------------------------------------
by bierdok at 2012-11-15T09:21:01Z
Voila.
This PR was merged into the 2.0 branch.
Commits
-------
b3a8efd fixed comment. The parent ACL is not accessed in this method.
Discussion
----------
fixed comment. The parent ACL is not accessed in this method.
Just fixed a comment on PermissionGrantingStrategy.
hasSufficientPermissions() is not accessing the parent ACL. That's done in isGranted().
This PR was merged into the 2.0 branch.
Commits
-------
e12bd12 [HttpFoundation] Make host & methods really case insensitive in the RequestMacther
Discussion
----------
[HttpFoundation] Make host & methods really case insensitive in the Requ...
...estMacther
and backport changes from 2.2
Details:
- does not take case into account when checking the host (the `Request` always returns a lowercase value) to protect against user typo,
- makes the constructor case proof by invoking setters rather than setting properties directly (you could then add un unreachable method i.e; `get`)
Please propagate to 2.1/2.2 if accpeted. Thanks.
Martin Hasoň
Fabien Potencier
Christophe Coevoet
Tobias Schultze
Bernhard Schussek
Jonas Flodén
Benoît Bourgeois
Sebastiaan Stok
Vincent Simonin
Victor Berchet
Jörn Lang