Commits
-------
cb7e3f5 [Routing] added route compile check to identify a default value of a required variable that does not match the requirement
Discussion
----------
[Routing] added route compile check to identify a bad default value
BC break: yes but only for strange route definitions
See the exception message in code for the reasoning.
An exception is thrown for a __required__ variable that __has a default__ that __doesn't match__ the requirement.
So optional variables can of course still have a default that don't meet the requirement, which is useful.
This helps to identify useless route definitions at compile time instead of when generating or matching a URL.
Commits
-------
890aea2 FileLocatorInterface used in typehint instead of FileLocator
Discussion
----------
FileLocatorInterface used in typehint instead of FileLocator
---------------------------------------------------------------------------
by stof at 2012-08-30T22:09:39Z
@fabpot this makes sense (and it is BC)
---------------------------------------------------------------------------
by mvrhov at 2012-08-31T08:34:17Z
What's wrong with Interface hint? I always hint interface when available as this means that I can inject whatever class implementing that interface.
Commits
-------
3363832 extended phpdoc of ConfigurableRequirementsInterface
5f64503 [Routing] added test for disabled requirements check
4225869 [Routing] allow disabling the requirements check on URL generation
Discussion
----------
[Routing] allow disabling the requirements check on URL generation
This adds the possibility to disable the requirements check (`strict_requirements = null`) on URL generation.
To sum up, here the possibilities:
- `strict_requirements = true`: throw exception for mismatching requirements (most useful in development environment).
- `strict_requirements = false`: don't throw exception but return null as URL for mismatching requirements and log it (useful when you cannot control all params because they come from third party libs or something but don't want to have a 404 in production environment. it logs the mismatch so you can review it).
- `strict_requirements = null`: Return the URL with the given parameters without checking the requirements at all. When generating an URL you should either trust your params or you validated them beforehand because otherwise it would break your link anyway (just as with strict_requirements=false). So in production environment you should know that params allways pass the requirements. Thus you could disable the check on each URL generation for performance reasons. If you have 300 links on a page and each URL at least one param you safe 300 unneeded `preg_match` calls. I tested the performance in one of my projects. The rendering time of a single template that contains ~300 links with several params was reduced from avg. 46ms to avg. 42ms. That are 8.7% reduction in the twig layer where the links are created on each request. So this option combines the improved usability of strict_requirements=false with an additional increased performance.
---------------------------------------------------------------------------
by fabpot at 2012-08-30T13:40:38Z
Can you put the comment about all the possibilities you have mentioned here in the phpdoc for future reference? Thanks.
---------------------------------------------------------------------------
by Tobion at 2012-08-30T13:49:25Z
In `ConfigurableRequirementsInterface` or which phpdoc would you like to have it? Because `ConfigurableRequirementsInterface` already has it explained. But I can extend its description if thats what you mean.
---------------------------------------------------------------------------
by fabpot at 2012-08-30T13:50:40Z
The comment in the PR is more explicit and more detailed than the one in the interface. So, yes, basically, it would be great if you can move all the information in the interface phpdoc.
---------------------------------------------------------------------------
by Tobion at 2012-08-30T14:35:59Z
Done.
Commits
-------
407db65 Add @Seldaek remote modifications
3bfb976 Add unit test demonstrating bad exit code getter for a failing process
Discussion
----------
Add unit test demonstrating bad exit code getter for a failing process
Since symfony/symfony@7b63428698 exit code are not well handled anymore.
The unit test provided with this PR demonstrates it
---------------------------------------------------------------------------
by fabpot at 2012-08-30T11:05:05Z
ping @Seldaek
---------------------------------------------------------------------------
by stof at 2012-08-30T11:13:13Z
We probably need to enable the workaround only when sigchild is used.
---------------------------------------------------------------------------
by Seldaek at 2012-08-30T12:51:22Z
Ok I figured out the problem, the hack is even hackier I guess now, but it should work for people with and without --enable-sigchild at least.
Commits
-------
7503ec9 Issue #5307: HTML regexp when match is false
Discussion
----------
Issue #5307: HTML regexp when match is false
When match is false the html5 validation regexp should be either inverted or not added.
Since we are in RC added a fix where this is not added, but marked a @todo so that this
can be revisited and we try to inverse the regexp instead.
Discussed in #5307.
---------------------------------------------------------------------------
by bschussek at 2012-08-30T08:40:06Z
👍 once the CS issue is fixed.
---------------------------------------------------------------------------
by rdohms at 2012-08-30T09:23:57Z
Could swear that was the CS in PSR-1 or 2, anyway, fixed.
---------------------------------------------------------------------------
by fabpot at 2012-08-30T09:26:07Z
Can you squash your commits before I merge? Thanks.
---------------------------------------------------------------------------
by rdohms at 2012-08-30T09:54:26Z
@fabpot done.
When match is false the html5 validation regexp should be either inverted or not added.
Since we are in RC added a fix where this is not added, but marked a @todo so that this
can be revisited and we try to inverse the regexp instead.
Commits
-------
58ebd1b [Form] Fixed error bubbling from DateTime widget - Issue #52708ea1607 Update src/Symfony/Component/Form/Extension/Core/Type/DateTimeType.php
Discussion
----------
[Form] Fixed error bubbling from DateTime widget - Issue #5270
This is related to https://github.com/symfony/symfony/issues/5270
---------------------------------------------------------------------------
by mpiecko at 2012-08-16T19:37:45Z
Travisbot shows something like this in it's log:
[Composer\Downloader\TransportException] The "http://nodeload.github.com/phingofficial/phing/zipball/2.4.12" file could not be downloaded (HTTP/1.1 500 Internal Server Error)
So is it my PR ot Travis CI who fails ... ? I saw this error in some other PR's ...
---------------------------------------------------------------------------
by stloyd at 2012-08-16T20:40:39Z
It's GitHub =)
---------------------------------------------------------------------------
by mpiecko at 2012-08-17T09:36:31Z
Bad GitHub :)
---------------------------------------------------------------------------
by bschussek at 2012-08-17T11:21:39Z
Could you please add a test to DateTimeTypeTest?
---------------------------------------------------------------------------
by mpiecko at 2012-08-17T12:23:40Z
Sure!
---------------------------------------------------------------------------
by bschussek at 2012-08-30T08:20:08Z
👍
Commits
-------
0706d18 [Routing] fixed 4 bugs in the UrlGenerator
Discussion
----------
[Routing] UrlGenerator: fixed missing query param and some ignored requirements
This was pretty hard to figure out. I could fix 4 bugs and refactor the code to safe 2 variables and several assignments. Sorry for doing this in one commit, but they were highly interdependent.
See the added tests for what was fixed. The most obvious bug was that a query param was ignored if it had by accident the same name as a default param (but wasn't used in the path).
In 3 cases it generated the wrong URL that wouldn't match this route. The generator wrongly ignored either the requirements or the passed parameter. I had to adjust one test that was asserting something wrong (see comments).
---------------------------------------------------------------------------
by Tobion at 2012-08-13T14:22:35Z
ping @fabpot
---------------------------------------------------------------------------
by Tobion at 2012-08-29T17:53:07Z
@fabpot I think it's important to merge this before 2.1 final.
Commits
-------
f2d8a8a Refactor the unit test for the "MongoDbSessionHandler"
Discussion
----------
[HttpFoundation] Refactor the unit test for the "MongoDbSessionHandler"
Bug fix: no
Feature addition: yes
Backwards compatibility break: no
Symfony2 tests pass: yes
Fixes the following tickets: -
Todo: -
License of the code: MIT
Documentation PR: -
---------------------------------------------------------------------------
by drak at 2012-08-29T19:49:49Z
Big +1 from me. Exactly how these kind of tests should be written.
Commits
-------
cf4189b Move remember me ResponseListener from security bundle into security component
Discussion
----------
Move remember me response listener from security bundle into security component
...ponent
This move allows to implement the remember me feature in Silex without having to reference the security bundle.
This is the pull request for issue #5264
Commits
-------
eb2eba1 [Form] don't allow users to force exceptions by submitting unexpected data
Discussion
----------
[Form] don't allow users to force exceptions by submitting unexpected data
fix#5334
This makes it more fault-tolerant by simply ignoring wrong stuff from hackers.
@bschussek: I didn't find any other UnexpectedTypeExceptions that could be invoked by simply submitting unexpected data. But I'm not 100% sure that there aren't any indirectly invokeable, e.g. in some listeners.
---------------------------------------------------------------------------
by stof at 2012-08-24T22:34:52Z
a test is missing for this.
---------------------------------------------------------------------------
by Tobion at 2012-08-24T23:02:26Z
@stof true, I will add one
---------------------------------------------------------------------------
by Tobion at 2012-08-25T13:51:23Z
Added test.
---------------------------------------------------------------------------
by bschussek at 2012-08-29T11:07:37Z
👍
Could you please squash the commits?
---------------------------------------------------------------------------
by Tobion at 2012-08-29T13:43:52Z
Done.
Commits
-------
7e8ab54 [Form] raise OutOfBoundsException instead of InvalidArgumentException for inexistent form childs to be in line with PropertyPath
Discussion
----------
[Form] raise OutOfBoundsException instead of InvalidArgumentException in Form::get
BC break: yes
Raise OutOfBoundsException instead of InvalidArgumentException in Form::get for inexistent form childs to be in line with PropertyPath, which also uses OutOfBoundsException for invalid indexes. OutOfBoundsException fits much better as it extends RuntimeException instead of LogicException and this error can typically not be detected at compile time.
---------------------------------------------------------------------------
by bschussek at 2012-08-29T11:01:01Z
👍
---------------------------------------------------------------------------
by stloyd at 2012-08-29T11:07:51Z
Shouldn't this change be noted in upgrade file ?
---------------------------------------------------------------------------
by stof at 2012-08-29T11:23:04Z
it should (and in the changelog of the component)
Commits
-------
e7e39e0 [Form] refactor Guess
dcbeeb1 [Form] replaced UnexpectedValueException by InvalidArgumentException in Guess
Discussion
----------
[Form] replaced UnexpectedValueException by InvalidArgumentException in Guess
BC break: yes
this is a better fit because the error is a logic exception (that can be detected at compile time, i.e. when writing the code) instead of a runtime exception
---------------------------------------------------------------------------
by bschussek at 2012-08-29T10:51:54Z
👍
Commits
-------
0186731 [Form] removed hasParent from FormInterface and deprecated its use
Discussion
----------
[Form] removed hasParent from FormInterface and deprecated its use
There are already 2 alternatives with getParent() and isRoot(), so a third one with similar semantics is confusing and unneeded.
---------------------------------------------------------------------------
by bschussek at 2012-08-29T11:11:11Z
👍
Commits
-------
492c990 [Form] optimized PropertyPathMapper to invoke the expensive property path less often
47a8bbd [Form] optimized the binding of child forms and calculation of extra data
8d45539 [Form] refactor Form::bind to save 7 assignments
Discussion
----------
[Form] refactor Form::bind to save 7 assignments and a complete loop
---------------------------------------------------------------------------
by stof at 2012-08-24T23:45:18Z
the new code is not equivalent. See travis for the proof.
---------------------------------------------------------------------------
by Tobion at 2012-08-25T01:50:41Z
@stof fixed, I had to reduce the refactoring a little
---------------------------------------------------------------------------
by bschussek at 2012-08-29T11:05:52Z
👍
Commits
-------
d5eb4f7 [Form] fix phpdoc of Form::hasErrors
5cb8264 [Form] deprecated Form::hasErrors that isn't part of the Interface
Discussion
----------
[Form] deprecated Form::hasErrors that isn't part of the Interface
This method is not part of FormInterface, so I deprecated it as it cannot be used reliably. This is consistent with other hassers that were deprecated like `hasChildren` where one should use `count` instead.
---------------------------------------------------------------------------
by stof at 2012-08-26T19:11:19Z
You should deprecate it, not remove it
---------------------------------------------------------------------------
by Tobion at 2012-08-26T19:17:35Z
oh right. I thought it was added in 2.1 and thus can be removed but it's also in 2.0.
Done.
---------------------------------------------------------------------------
by bschussek at 2012-08-29T11:00:32Z
👍
Commits
-------
0f575a2 added note about 404 error pages
Discussion
----------
added note about 404 error pages and security features
This has been reported a few times now, and it seems we did not have it in the UPGRADE file yet.
Commits
-------
3f8127c fixed '0' problem
7bec460 fixed phpdoc
4c5bfab [FrameworkBundle] non-permanent redirect should be status code 404 according to spec
Discussion
----------
[FrameworkBundle] non-permanent redirect to unknown location with 404
according to spec: http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html see 410 Gone
bc break: tiny when omitting 2 parameter (I can avoid this with `func_num_args` but i think its not necessary and makes the code strange and inconsistent)
Commits
-------
f52e6df minor correction
Discussion
----------
[Form][Validators] Portuguese translation correction
Minor portuguese translation correction and changed the source of id 30 to match the english version.
Commits
-------
8bac442 [Validator] Fix Spanish and Catalan translation messages for the CSRF token validator
Discussion
----------
[Validator] Fix Spanish and Catalan translation messages for the CSRF to...
...ken validator
* 2.0:
updated VERSION for 2.0.17
updated CHANGELOG for 2.0.17
updated vendors for 2.0.17
fixed XML decoding attack vector through external entities
prevents injection of malicious doc types
disabled network access when loading XML documents
refined previous commit
prevents injection of malicious doc types
standardized the way we handle XML errors
Redirects are now absolute
Conflicts:
CHANGELOG-2.0.md
src/Symfony/Component/DependencyInjection/Loader/XmlFileLoader.php
src/Symfony/Component/DomCrawler/Crawler.php
src/Symfony/Component/HttpKernel/Kernel.php
tests/Symfony/Tests/Component/DependencyInjection/Loader/XmlFileLoaderTest.php
tests/Symfony/Tests/Component/Routing/Loader/XmlFileLoaderTest.php
tests/Symfony/Tests/Component/Serializer/Encoder/XmlEncoderTest.php
tests/Symfony/Tests/Component/Translation/Loader/XliffFileLoaderTest.php
tests/Symfony/Tests/Component/Validator/Mapping/Loader/XmlFileLoaderTest.php
vendors.php
Christophe Coevoet
Fabien Potencier
Tobias Schultze
Romain Neutron
Rafael Dohms
DerManoMann
Markus Bachmann
Daniel Gomes
Daniel Perez Pinazo
Albert Casademont