Commits
-------
022a9a7 [Security] Make saving target_path extendible
Discussion
----------
[Security] Make saving target_path extendible
The problem lies in how Security component handles ``target_path`` - the latest request URI is always stored. This can lead to problems in following scenarios:
a) The response type of the request is not HTML (think JSON, XML ..)
b) The URI matches a route that does not listen to HTTP GET
I opened a [PR](https://github.com/symfony/symfony/pull/604) months ago, to partly solve scenario A, which did not make it. Now I am proposing a different solution - user can extend ``ExceptionListener`` and override the logic behind setting the ``target_path`` to match his precise needs.
In my simplified scenario, I would be using:
```
protected function setTargetPath(Request $request)
{
if ($request->isXmlHttpRequest() || 'GET' !== $request->getMethod()) {
return;
}
$request->getSession()->set('_security.target_path', $request->getUri());
}
```
@Seldaek, @schmittjoh, @lsmith77, thoughts?
---------------------------------------------------------------------------
by Seldaek at 2011/09/21 02:37:02 -0700
Seems like a better solution for flexibility's sake. Would be quite awesome if you could add a cookbook entry to symfony/symfony-docs about this, otherwise I'm afraid we'll have to explain it over and over again :)
---------------------------------------------------------------------------
by helmer at 2011/09/21 03:38:57 -0700
[Cookbook](b22c5e666e) entry done. Perhaps though I rushed ahead ..
---------------------------------------------------------------------------
by Seldaek at 2011/09/21 03:52:01 -0700
Thanks. You can already do a pull request against symfony-docs, just reference this pull request in it so it's not merged before this is merged.
Commits
-------
95dc7e1 Fixed fourth argument of Filesystem->mirror()
Discussion
----------
Fixed fourth argument of Filesystem->mirror()
See #2027 and #2033 for discussion.
@fabpot said that we don't want to use symlink at all on Windows so if this is confirmed, we should also change ``Filesystem->symlink()`` implementation.
---------------------------------------------------------------------------
by alexandresalome at 2011/09/16 08:29:40 -0700
Tested on Windows, OK for me
Commits
-------
8e2cbe6 fixes usage of mb_*
Discussion
----------
Fixes usage of mb_strlen
---------------------------------------------------------------------------
by Seldaek at 2011/09/16 05:33:45 -0700
This will fail if the mbstring ext isn't enabled, you should still test for the mb_ function first.
Commits
-------
8d50c16 few optimisations for XliffFileLoader and XmlFileLoader
Discussion
----------
few optimisations for XliffFileLoader and XmlFileLoader
- file_put_contents + file_get_contents -> copy
- use stripos insteed preg_match
- removed useless `$tmpfiles` in XliffFileLoader
Commits
-------
3a7e038 [FrameworkBundle] sanitize target arg in asset:install command
Discussion
----------
[FrameworkBundle] sanitize target arg in asset:install command
`php app/console assets:install web/`
(removed tailing /)
before
`Installing assets for Symfony\Bundle\FrameworkBundle into web//bundles/framework`
after
`Installing assets for Symfony\Bundle\FrameworkBundle into web/bundles/framework`
Commits
-------
d19f1d7 [Doctrine] Fix UniqueEntityValidator reporting a false positive by ignoring multiple query results
Discussion
----------
[Doctrine] Fix UniqueEntityValidator reporting a false positive by ignoring multiple query results
An entity should only be considered unique if its search criteria returns no matches or a single, identical entity. Multiple results indicates that conflicting entities exist.
Note: the DoctrineMongoDBBundle's unique validator checks identifier values if the object strict-equality check is false. This may be a worthwhile improvement, as it would prevent reporting a validation error for an enttiy which is going to overwrite its conflicting counter-part in the database.
---------------------------------------------------------------------------
by jmikola at 2011/09/01 14:23:27 -0700
This is the Doctrine bridge equivalent for my fix to DoctrineMongoDBBundle: https://github.com/symfony/DoctrineMongoDBBundle/pull/42
---------------------------------------------------------------------------
by fabpot at 2011/09/02 00:13:52 -0700
As this is a bug fix, can you base your PR on the symfony/2.0 branch? Thanks.
* EvanK-patch-1:
Per the [documentation][1], the `NotBlank` constraint should be using the `empty` language construct, otherwise it will not trigger on, for example, a boolean false from an unchecked checkbox field.
An entity should only be considered unique if its search criteria returns no matches or a single, identical entity. Multiple results indicates that conflicting entities exist.
Commits
-------
6bd1749 Fixed a bug when multiple expanded choices would render unchecked because of the Form Framework's strict type checking.
Discussion
----------
[DoctrineBridge] Entities to array transformer
Fixed a bug when multiple expanded choices would render unchecked because of the Form Framework's strict type checking.
---------------------------------------------------------------------------
by fabpot at 2011/08/31 09:01:47 -0700
Looks good to me. Can you squash your commits before I merge? Thanks.
Commits
-------
eb8f3cb added uniqueEntity message translation (fr)
df9f223 added missing french translations
f4c133e removed trailing dot to make it consistent with other validator messages
Discussion
----------
[Translation] Unique Entity message
I've added the translation of uniqueEntity validation message, I've used ``trans-unit id="41"`` which seems to be unused
Doctrine caches annotations. For methods, it uses PHP reflection and the getDeclaringClass() to create
a unique cache key. Unfortunately, if you have 2 classes that extend another one, the cache will be shared.
It's not a problem except that before this patch, the default route name was also cached (as the cache is serialized
after we changed the object). So, all other classes inherited this default route name. The fix is quite easy:
just don't change the read annotation object.
Commits
-------
020fa51 [RedirectResponse] Added missing `doctype` and `title` tag
Discussion
----------
[RedirectResponse] Added missing `doctype` and `title` tag
Commits
-------
24bacdc Ignore VCS files in assets:install command (closes#2025)
Discussion
----------
Ignore VCS files in assets:install command (closes#2025)
---------------------------------------------------------------------------
by stloyd at 2011/08/25 06:10:22 -0700
`ignoreVCS` is set to `true` by default, AFAIK also `getIterator()` is not needed.
---------------------------------------------------------------------------
by jalliot at 2011/08/25 06:30:32 -0700
@stloyd I knew about ``ignoreVCS`` defaulting to ``true`` but I thought it made it clearer but you're right it's not really useful.
As for ``getIterator`` I thought the conversion couldn't be made automatically on a method call like here but apparently it works so I changed it.
Thanks.
---------------------------------------------------------------------------
by tiagojsag at 2011/08/25 08:41:02 -0700
This approach creates another problem: the already existing VCS files are deleted when the command is executed, which makes at least SVN throw errors.
---------------------------------------------------------------------------
by jalliot at 2011/08/25 08:50:55 -0700
@tiagojsag If you remove the call to ``remove`` on line 83, does everything work?
Because I'm not really sure we need to remove the entire dir first since ``mirror`` should be able to adapt itself.
BTW, wouldn't it be better if you didn't commit the ``web/bundles`` dir in your SVN and instead ask to call the ``assets:install`` command each time?
---------------------------------------------------------------------------
by stof at 2011/08/25 08:58:16 -0700
Great news about SVN: the incoming 1.7 version stops adding a ``.svn`` folder in every directory but uses a single one at the root of the project (like git does for instance), solving this sort of issues about copying files :)
@tiagojsag this command has always removed the old asset folders before copying the new ones, and there is not real mean to do otherwise by keeping things simple. You could consider ignoring the ``vendor/bundles`` folder in the SVN and running the command when doing checkout (thus allowing devs to use symlinks if they want)
---------------------------------------------------------------------------
by tiagojsag at 2011/08/25 09:01:39 -0700
yes, that was the solution I was using before submitting this bug report. I also agree that it's the simplest and fastest way to address this, provided that docs get updated, so that no one spends their time trying to figure out why files are not synced with their svn repo.
---------------------------------------------------------------------------
by jalliot at 2011/08/25 09:03:11 -0700
@stof That's really great to hear!
But still this PR should be merged to avoid legacy files from current versions of SVN or other VCS.
---------------------------------------------------------------------------
by stof at 2011/08/25 09:04:31 -0700
@jalliot sure. My comment was mainly about the opposite issue raised by @tiagojsag
Since the key was previously concatenating service ID and method without a separator, it's possible that two different listeners could conflict (e.g. service/method pairs: foo/bar and fo/obar).
Commits
-------
89f477e [WebProfilerBundle] Throw exception if a collector template isn't found
6ca72cf [WebProfilerBundle] Allow .html.twig in collector template names
Discussion
----------
WDT debugging
While implementing collectors I did a mistake in the template name and it never told me, so I was left wondering why my stuff didn't show up. Not so nice IMO. Also the first commit is to allow template names to be specified fully. I don't see why this shouldn't be allowed, since it is the way you specify templates everywhere else.
* domcrawler-disabled-fields:
[DomCrawler] fixed disabled fields in forms (they are available in the DOM, but their values are not submitted -- whereas before, they were simply removed from the DOM)
$node->hasAttribute('disabled') sf2 should not create disagreement between implementation and practice for a crawler. If sahi real browser can find an element that is disabled, then sf2 should too. https://github.com/Behat/Mink/pull/58#issuecomment-1712459
Commits
-------
e294211 [DomCrawler] Removed unused document property in Form
Discussion
----------
[DomCrawler] Removed unused document property in Form
Commits
-------
8a980bd $node->hasAttribute('disabled') sf2 should not create disagreement between implementation and practice for a crawler. If sahi real browser can find an element that is disabled, then sf2 should too. https://github.com/Behat/Mink/pull/58#issuecomment-1712459
Discussion
----------
$node->hasAttribute('disabled') sf2 should not create disagreement betwee
$node->hasAttribute('disabled') sf2 should not create disagreement between implementation and practice for a crawler. If sahi real browser can find an element that is disabled, then sf2 should too.
https://github.com/Behat/Mink/pull/58#issuecomment-1712459
---------------------------------------------------------------------------
by cordoval at 2011/08/09 20:34:56 -0700
@fabpot please let me know if this is going to be in sometime soon or not, just wondering why it is deviating ...
---------------------------------------------------------------------------
by fabpot at 2011/08/23 01:11:42 -0700
I have just checked in a browser and the Symfony2 implementation is actually the right one.
Try this in a browser:
<form action='#' method="post">
<input name="foo" disabled="disabled" value="foo" />
<input name="bar" value="bar" />
<input type="submit" />
</form>
<?php
print_r($_POST);
// output: Array ( [bar] => bar ) when the form is submitted
And here is the discussion about it in the HTML4 spec: http://www.w3.org/TR/html4/interact/forms.html#h-17.12:
"In this example, the INPUT element is disabled. Therefore, it cannot receive user input nor will its value be submitted with the form."
And the same is tru for HTML5: http://www.w3.org/TR/html5/association-of-controls-and-forms.html#constructing-form-data-set
---------------------------------------------------------------------------
by cordoval at 2011/08/23 01:29:53 -0700
@fabpot I guess you got my scenario wrong. I am not trying to submit any form. I am just happen to have a disabled box that is checked and I want to read with the DOM Crawler that is checked. Not to submit or anything but for the purposes of testing.
Please consider also that this request comes from asserting values using behat mink, mink is fully dependent on sf2 driver for when it is used except it is told to use a different driver like a real browser like sahi. When testing in chrome and firefox, the verification with the DOM is made that the disabled box is checked properly. Symfony2 DOM Crawler however misses that spot for that use.
Even in the case where Symfony2 DOM Crawler component would have been thought not for this purpose of testing, or further for this particular scenario it would be good to make it more reusable for this kind of scenario.
Just saying....
---------------------------------------------------------------------------
by fabpot at 2011/08/23 02:00:34 -0700
Indeed, I didn't get your issue right. So, basically, all fields should be in the form, but the disabled field values should not be submitted (that makes sense).
I've prepared a fix in this patch: e8852586073bc23d4a41f4cd9cbe0d17a2f0c76d which is in the symfony/domcrawler-disabled-fields branch for now as I don't know if we can make this change in 2.0 or if we need to put it in 2.1.
---------------------------------------------------------------------------
by cordoval at 2011/08/23 02:15:01 -0700
oh no I was hoping to enter the authors, you already did the fix :'(
Commits
-------
e9d2a67 CS
3a64b08 Search in others user providers when a user is not found in the first user provider and throws the right exception.
Discussion
----------
Chain user provider doesn't search in all user providers
I commit these changes because Chain user provider doesn't search in all user providers.
Example with the Acme/DemoBundle:
// security.yml
...
providers:
chain_provider:
providers: [in_memory, in_memory_extend]
in_memory_extend:
users:
admin2: { password: adminpass2, roles: [ 'ROLE_ADMIN' ] }
in_memory:
users:
user: { password: userpass, roles: [ 'ROLE_USER' ] }
...
firewalls:
...
secured_area:
pattern: ^/demo/secured/
provider: chain_provider OR in_memory_extend
...
We can see these logs :
security.INFO: User "admin2" has been authenticated successfully [] []
security.DEBUG: Write SecurityContext in the session [] []
security.DEBUG: Read SecurityContext from the session [] []
security.DEBUG: Reloading user from user provider. [] []
security.WARNING: Username "admin2" could not be found. [] []
The new code search in others user providers when a user is not found in the first user provider and throws the right exception.
---------------------------------------------------------------------------
by lsmith77 at 2011/08/14 12:20:04 -0700
I wonder if it should be a provider option to continue on a failed user lookup. I can see cases where you really dont want to iterate over all providers and others where you do.
---------------------------------------------------------------------------
by Abhoryo at 2011/08/14 17:27:16 -0700
If someone need a provider like you describe, he can create one.
Here we talk about a chain user provider.
Doc : [using-multiple-user-providers](http://symfony.com/doc/current/book/security.html#using-multiple-user-providers)
We can read in the doc: "The chain_provider will, in turn, try to load the user from both the in_memory and user_db providers."
But its not the case right now.
