Commits
-------
34494b3 whitespace fixes
1a86a4a Refactor mime-type to file extension guessing
e7481a3 Decouple mime-type to extension logic from File class
Discussion
----------
[2.1] Decouple mimetype-to-extension logic from File class
This allows guessing the extension from a given mime type
without requiring the existence of a local file.
If a file's meta information (mime-type, etc.) is already available (i.e. it's
been extracted once and stored in some persistent data store), it would be
nice to be able to make a best-guess on the extension based on the known mime-type.
A concrete use case of this is for the symfony-cmf, where a file has been stored
in the jackrabbit data store. When delivering this file or saving it to disk, we'd like to
use an extension that's created based on the known mime type of the file.
---------------------------------------------------------------------------
by brki at 2011/06/21 04:35:13 -0700
Now implemented similarly to the existing MimeTypeGuesser.
---------------------------------------------------------------------------
by brki at 2011/06/21 07:51:22 -0700
whitespace removed
---------------------------------------------------------------------------
by stof at 2011/09/04 05:04:54 -0700
@fabpot @brki what is the status of this PR ?
Commits
-------
020fa51 [RedirectResponse] Added missing `doctype` and `title` tag
Discussion
----------
[RedirectResponse] Added missing `doctype` and `title` tag
Commits
-------
ea0db2d [HttpFoundation] Remove useless ContentTypeMimeTypeGuesser
Discussion
----------
[2.1] [HttpFoundation] Remove useless ContentTypeMimeTypeGuesser
`mime_content_type` exists just for the compat between the old PHP 5.2
`mime_magic` extension and `file_info` extension
---------------------------------------------------------------------------
by fabpot at 2011/08/19 05:31:25 -0700
I will merge it in 2.1 as some people might rely on it.
---------------------------------------------------------------------------
by stealth35 at 2011/08/19 05:46:02 -0700
ok in the meantime, we can invert the guesser checker :
```php
/**
* Registers all natively provided mime type guessers
*/
private function __construct()
{
if (FileBinaryMimeTypeGuesser::isSupported()) {
$this->register(new FileBinaryMimeTypeGuesser());
}
if (FileinfoMimeTypeGuesser::isSupported()) {
$this->register(new FileinfoMimeTypeGuesser());
}
if (ContentTypeMimeTypeGuesser::isSupported()) {
$this->register(new ContentTypeMimeTypeGuesser());
}
}
```
---------------------------------------------------------------------------
by stloyd at 2011/08/19 05:48:38 -0700
@stealth35 You should make new PR for change you mentioned above.
---------------------------------------------------------------------------
by stealth35 at 2011/08/19 05:53:12 -0700
@stloyd done PR #1989
EDIT : forget this
Commits
-------
007e395 do not set a default CONTENT_TYPE for PATCH
fa2c027 Added support for the PATCH method
Discussion
----------
[2.1] [HttpFoundation] Added support for the PATCH method
http://tools.ietf.org/html/rfc2068#section-19.6.1.1http://tools.ietf.org/html/rfc5789
---------------------------------------------------------------------------
by Seldaek at 2011/08/07 03:23:20 -0700
According to the spec it seems that PATCH requests shouldn't be of application/x-www-form-urlencoded content-type so it shouldn't match the first if, and in the second it's probably wrong to default to application/x-www-form-urlencoded, no?
---------------------------------------------------------------------------
by lsmith77 at 2011/08/07 03:31:48 -0700
Hmm you are right. I assumed the diff would be encoded as ``application/x-www-form-urlencoded`` but there indeed is no indication of that in the spec. But given that the second case would still need some sort of handling for PATCH, just not sure what exactly ``$defaults['CONTENT_TYPE']`` should be set to.
---------------------------------------------------------------------------
by Seldaek at 2011/08/07 03:48:53 -0700
As I understand it, a PATCH request must specify a content-type or it's invalid, so we could just skip the second behavior if no content-type is present.
As your first link says:
The list of differences is in a format defined by the media type of the entity (e.g.,
"application/diff") and MUST include sufficient information to allow
the server to recreate the changes necessary to convert the original
version of the resource to the desired version.
Sounds like PATCH is highly application specific, and not so standardized, probably because it's not very useful for most purposes.
---------------------------------------------------------------------------
by lsmith77 at 2011/08/07 04:02:43 -0700
Yes, but to me this means that the patch is actually correct aside from the fact that its setting a default Content-Type, which I just corrected (not sure if this use of switch is ok with our coding style). Now if the Content-Type does end up being ``application/x-www-form-urlencoded`` then I would say its correct to decode it.
Commits
-------
34a1b53 [HttpFoundation] Do not save session in Session::__destroy() when saved already
Discussion
----------
[HttpFoundation] Saving session data in __destroy() has a side effect on functional tests
Having functional test with several non-insulated requests, TestSessionListener invokes session saving at the end of every request. But instance of Session remains in memory until it's collected by garbage collector which saves the same data again in __destroy() method. The problem is that session object can get collected after other requests changed session data (e. g. user logged in) resulting in former data overwriting the latter.
Commits
-------
eae6a77 fixed wrong case
d0a175bfixes#1659f300ede fixes several bugs
a4f05ac added some tests
Discussion
----------
Http util fixes
Fixes several bugs in the http utils.
Please don't add anymore features without sufficient tests. Especially for the Security\Http namespace, regressions are very likely otherwise.
---------------------------------------------------------------------------
by fabpot at 2011/07/19 22:37:26 -0700
Tests do not pass for me:
There were 2 errors:
1) Symfony\Bundle\SecurityBundle\Tests\Functional\LocalizedRoutesAsPathTest::testLoginLogoutProcedure with data set #0 ('en')
InvalidArgumentException: The current node list is empty.
.../src/Symfony/Component/DomCrawler/Crawler.php:604
.../src/Symfony/Bundle/SecurityBundle/Tests/Functional/LocalizedRoutesAsPathTest.php:16
2) Symfony\Bundle\SecurityBundle\Tests\Functional\LocalizedRoutesAsPathTest::testLoginLogoutProcedure with data set #1 ('de')
InvalidArgumentException: The current node list is empty.
.../src/Symfony/Component/DomCrawler/Crawler.php:604
.../src/Symfony/Bundle/SecurityBundle/Tests/Functional/LocalizedRoutesAsPathTest.php:16
--
There were 4 failures:
1) Symfony\Bundle\SecurityBundle\Tests\Functional\LocalizedRoutesAsPathTest::testAccessRestrictedResource with data set #0 ('en')
Failed asserting that two strings are equal.
--- Expected
+++ Actual
@@ @@
-http://localhost/en/login
+http://localhost/login
.../src/Symfony/Bundle/Securitybundle/Tests/Functional/WebTestCase.php:22
.../src/Symfony/Bundle/SecurityBundle/Tests/Functional/LocalizedRoutesAsPathTest.php:38
2) Symfony\Bundle\SecurityBundle\Tests\Functional\LocalizedRoutesAsPathTest::testAccessRestrictedResource with data set #1 ('de')
Failed asserting that two strings are equal.
--- Expected
+++ Actual
@@ @@
-http://localhost/de/login
+http://localhost/login
.../src/Symfony/Bundle/Securitybundle/Tests/Functional/WebTestCase.php:22
.../src/Symfony/Bundle/SecurityBundle/Tests/Functional/LocalizedRoutesAsPathTest.php:38
3) Symfony\Bundle\SecurityBundle\Tests\Functional\LocalizedRoutesAsPathTest::testAccessRestrictedResourceWithForward with data set #0 ('en')
HTTP/1.0 302 Found
Cache-Control: no-cache
Content-Length: 299
Content-Type: text/html; charset=UTF-8
Date: Wed, 20 Jul 2011 05:36:27 GMT
Location: http://localhost/login
Set-Cookie: PHPSESSID=11c9c6a7e7620e13bddef223a5ba46d9; path=/; domain=
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta http-equiv="refresh" content="1;url=http://localhost/login" />
</head>
<body>
Redirecting to <a href="http://localhost/login">http://localhost/login</a>.
</body>
</html>
Failed asserting that <integer:0> matches expected <integer:1>.
.../src/Symfony/Bundle/SecurityBundle/Tests/Functional/LocalizedRoutesAsPathTest.php:50
4) Symfony\Bundle\SecurityBundle\Tests\Functional\LocalizedRoutesAsPathTest::testAccessRestrictedResourceWithForward with data set #1 ('de')
HTTP/1.0 302 Found
Cache-Control: no-cache
Content-Length: 299
Content-Type: text/html; charset=UTF-8
Date: Wed, 20 Jul 2011 05:36:28 GMT
Location: http://localhost/login
Set-Cookie: PHPSESSID=2bbe63786a088471ade3717917f4ba4f; path=/; domain=
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta http-equiv="refresh" content="1;url=http://localhost/login" />
</head>
<body>
Redirecting to <a href="http://localhost/login">http://localhost/login</a>.
</body>
</html>
Failed asserting that <integer:0> matches expected <integer:1>.
.../src/Symfony/Bundle/SecurityBundle/Tests/Functional/LocalizedRoutesAsPathTest.php:50
---------------------------------------------------------------------------
by schmittjoh at 2011/07/19 23:47:29 -0700
I fixed a wrong case, but I couldn't reproduce the other errors (tested on Ubuntu).
My guess is that the temporary directory on your machine couldn't be deleted for some reason, and the test runs with the configuration of some of the previous tests.
---------------------------------------------------------------------------
by fabpot at 2011/07/20 00:28:41 -0700
That does not make any difference for me. For instance, in `LocalizedRoutesAsPathTest::testLoginLogoutProcedure()`, the first request to `'/'.$locale.'/login'` returns the following Response:
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta http-equiv="refresh" content="1;url=http://localhost/login" />
</head>
<body>
Redirecting to <a href="http://localhost/login">http://localhost/login</a>.
</body>
</html>
---------------------------------------------------------------------------
by schmittjoh at 2011/07/20 00:31:34 -0700
That's weird, did you make sure that the temporary directory does not exist?
``rm -Rf /tmp/StandardFormLogin/``
On Wed, Jul 20, 2011 at 9:28 AM, fabpot <
reply@reply.github.com>wrote:
> That does not make any difference for me. For instance, in
> `LocalizedRoutesAsPathTest::testLoginLogoutProcedure()`, the first request
> to `'/'.$locale.'/login'` returns the following Response:
>
> <html>
> <head>
> <meta http-equiv="Content-Type" content="text/html;
> charset=utf-8" />
> <meta http-equiv="refresh" content="1;url=
> http://localhost/login" />
> </head>
> <body>
> Redirecting to <a href="http://localhost/login">
> http://localhost/login</a>.
> </body>
> </html>
>
> --
> Reply to this email directly or view it on GitHub:
> https://github.com/symfony/symfony/pull/1739#issuecomment-1613504
>
---------------------------------------------------------------------------
by fabpot at 2011/07/20 00:33:40 -0700
Yes, I've just checked and the directory does not exist.
---------------------------------------------------------------------------
by schmittjoh at 2011/07/20 00:39:55 -0700
Sorry, I can't reproduce it on Ubuntu and unless someone wants to sponsor me a Mac, there is not much I can do.
Commits
-------
95011ce [HttpFoundation] Fixed creation of requests without a path.
Discussion
----------
[HttpFoundation] Fixed creation of requests without a path.
Providing urls with no path led to php warning that the index 'path' is
not set. This patch initializes 'path' if no path is set.
Commits
-------
64e9263 Updated UPDATE.md
7cf891a Renamed variable returned and used self in place of static for constants
f91f4dd Added the possibility to set cookies with the same name for different domains and paths for Symfony\Component\HttpFoundation\ResponseHeaderBag
f08eeb4 Moved managing cookies of HeaderBag in ResponseHeaderBag
Discussion
----------
[HttpFoundation] Cookies management in ResponseHeaderBag
Fixed cookies management in `Symfony\Component\HttpFoundation\HeaderBag` and `Symfony\Component\HttpFoundation\ResponseHeaderBag`
Commits
-------
f7d0f65 RFC2616 changes
b9a218a [HttpFoundation] set Content-Length header to the length of content
Discussion
----------
[HttpFoundation] set Content-Length header to the length of content
I can't think of why this could be bad but if somebody knows please chime in.
The good thing is that with this change keepalive will work out of the box.
---------------------------------------------------------------------------
by Seldaek at 2011/07/06 05:34:51 -0700
That sounds like a great change. I think it might explain/fix the issues I've encountered with AppCache on my production box. Never had time to look into it, but IIRC I noticed the missing Content-Length, and it seemed to load forever.
---------------------------------------------------------------------------
by fabpot at 2011/07/06 06:46:50 -0700
The `Content-Length` is automatically added by servers like Apache. Moreover, sometimes, you should not add it: http://www.w3.org/Protocols/rfc2616/rfc2616-sec4.html#sec4.4
---------------------------------------------------------------------------
by lenar at 2011/07/06 07:54:45 -0700
It is not added automatically by default. Yes, in case of Apache it is actually added if deflate module is enabled and if that module decides to compress the content (decision based on content-type).
About RFC2616: I will read it and add changes to this PR if applicable.
---------------------------------------------------------------------------
by fabpot at 2011/07/06 08:38:14 -0700
e943fde2ef
---------------------------------------------------------------------------
by Seldaek at 2011/07/06 08:45:22 -0700
@lenar all you have to do is skip setting the Content-Length for `1xx`, `204`, and `304` responses I believe.
---------------------------------------------------------------------------
by Seldaek at 2011/07/06 08:46:54 -0700
But this should maybe be done in sendHeaders() à la `fixContentType`, because you can't be sure about the statusCode before that.
---------------------------------------------------------------------------
by lenar at 2011/07/06 13:55:33 -0700
I propose this based on what I read and understood from RFC2616.
---------------------------------------------------------------------------
by mheleniak at 2011/07/10 03:57:26 -0700
+1
Commits
-------
6786e81 [HttpFoundation] code factorization in UploadedFile
Discussion
----------
[HttpFoundation] code factorization in UploadedFile
As both #1542 and #1544 have been merged.
This change allows for more flexibility if the developer wants to flush
the Response content early (the drawback being that Response listeners
won't be able to tweak the HTTP headers anymore).
There is another benefit: avoid the infamous
"Fatal error: Exception thrown without a stack frame in Unknown on line 0".
Here is a small scenario when this can happen (thanks dtee for identifying this issue):
* Call flush() in controller to output html early, then throw exception
* ExceptionHandler triggers handle() function and return new Response object to output...
* Because the header is sent (flush() call in Controller), php's E_WARNING error get raised, which gets handled by ErrorHandler->handle() and it throws new ErrorException()
* PHP fatals to prevent Exception loop: "Fatal error: Exception thrown without a stack frame in Unknown on line 0"
Commits
-------
d58ba34 [Validator] Consider the ini directive 'upload_max_filesize' while validating an uploaded file (fixes GH-1441)
Discussion
----------
[Validator] FileValidator support for uploaded files
[Validator] Consider the ini directive 'upload_max_filesize' while validating an uploaded file (fixes GH-1441)
Added validator messages should get translated in all the available languages.
Commits
-------
e80ce57 [HttpFoundation] Add REQUEST_TIME by default
Discussion
----------
[HttpFoundation] Add REQUEST_TIME by default
Without this the getting the REQUEST_TIME from the Request in tests is breaking.
Commits
-------
72c074a [Session] Used \Locale::setDefault() when the locale is setted
Discussion
----------
[Session] Used \Locale::setDefault() when the locale is setted
For `DateType` in form component (by example), `\Locale::getDefault()` is used to displayed the name of months.
If `\Locale` class is not used when the locale is setted in the session, the name of months is not in a good language.
This PR solves this problem.
---------------------------------------------------------------------------
by pborreli at 2011/05/29 09:13:44 -0700
what if user doesn't have intl extension ?
---------------------------------------------------------------------------
by stof at 2011/05/29 09:24:04 -0700
You should wrap the calls to ``\Locale::setDefault`` in a ``class_exist`` check to avoid issue when using the stub implementation (for which calling ``setDefault`` is forbidden).
---------------------------------------------------------------------------
by francisbesset at 2011/05/29 09:26:40 -0700
@pborreli: Symfony have a fake Locale class and this class is used only if the server haven't intl enabled.
---------------------------------------------------------------------------
by stof at 2011/05/29 09:33:16 -0700
@francisbesset Yeah, but ``setDefault`` throw a ``BadMethodCall`` exception.
and so the check has to use ``extension_loaded`` instead of ``class_exists``.
---------------------------------------------------------------------------
by fabpot at 2011/06/13 10:12:15 -0700
Ticket #1121 is related to this PR.
---------------------------------------------------------------------------
by fabpot at 2011/06/15 06:18:28 -0700
I have just tried another implementation where the locale is passed as an argument to the built-in types and some data transformers (via a `LocaleAwareInterface` interface). That works fine as forms are immutable now, but the solution is obviously more "complex" as we need to pass the locale to many different classes. Also, using `Locale::setDefault()` has an advantage over my method: you can change the locale whenever you want within a PHP process (which can be useful even if this is an edge case). Last, but not the least, if make sense to update the PHP Locale to the user locale.
So, to sum up, this patch is probably the best solution (easy and flexible enough).
Commits
-------
9d6357c [HttpFoundation] Document the changes to the File classes
136b80a [HttFoundation] Add File::getExtension() as \SplFileInfo::getExtension() was introduced in PHP 5.3.6
38b3b74 [HttpKernel] Fix and test previous commit
ac0c00c [HttpFoundation] Make File extends \SplFileInfo
Discussion
----------
[HttpFoundation] Make File extends \SplFileInfo
This is a rebased version of [PR 674](https://github.com/symfony/symfony/pull/674).
* File: The API has changed (now extends \SplFileInfo),
* File: move() creates the target directory when it does not exist
* UploadedFile: introduction of getClientXXX() methods (for Size, OriginalName, MimeType)
If this PR does not get merged UploadedFile should at least be fixed: [Client.php](https://github.com/symfony/symfony/blob/master/src/Symfony/Component/HttpKernel/Client.php#L124) relies on a last parameter which is no more defined and which is used to bypass [move_uploaded_file()](https://github.com/symfony/symfony/blob/master/src/Symfony/Component/HttpFoundation/File/UploadedFile.php#L155) in test mode.
If this could be merged, I'll detail the changes in UPDATE.md
---------------------------------------------------------------------------
by fabpot at 2011/06/14 08:20:59 -0700
I'll merge it. Can you update the UPDATE file?
---------------------------------------------------------------------------
by vicb at 2011/06/14 09:24:01 -0700
done
* lmcd/master:
Added an optimisation for PHP-FPM (FastCGI Process Manager). As soon as a full Response is dispatched to the browser, the HTTP connection is closed, but the script stays alive on FPM servers.
The current implementation is not ready for inclusion in 2.0. It has several
known problems (security, not possible to disable it, not "cloud-compatible",
...) and it's not a must have feature anyway.
Some references:
* Security issue in FileType: https://github.com/symfony/symfony/issues/1001
* Validation fails on file, still stored in TemporaryStorage: https://github.com/symfony/symfony/issues/908
* Add a size argument & ability to configure TemporaryStorage: https://github.com/symfony/symfony/pull/748
This feature should be reworked and discussed for inclusion in 2.1.
* gordonslondon/http-foundation/response:
[HttpFoundation] merge Response::isRedirected() with Response::isRedirect() - Response::isRedirected() has been removed
This type of override is supported by MS MVC3 and is recommended by Google.
Also added ability to override request method via ?_method= when
request is made via GET.
Notice: Undefined index: _flash in /var/www/test/symfony2/vendors/symfony/src/Symfony/Component/HttpFoundation/Session.php on line 231
Warning: array_key_exists() expects parameter 2 to be array, null given in /var/www/test/symfony2/vendors/symfony/src/Symfony/Component/HttpFoundation/Session.php on line 231
* schmittjoh/security:
[HttpFoundation] added unit test
[Security][HttpFoundation] splits Request::hasSession() into hasSession(), and hasPreviousSession()
[SecurityBundle] added some tests
add provider to configuration
update DI to handle change in config and another provider
separate dbal specific acl config
add provider to configuration
update DI to handle change in config and another provider
separate dbal specific acl config
* bschussek/form:
[Form] CSRF fields are not included in the children of a FormView anymore if the view is not the root
[Form] FormView::offsetUnset() is now supported. It was possible anyway using getChildren() and setChildren().
[Form] Split the option "modifiable" of the "collection" type into "allow_add" and "allow_delete"
[Form] Added test for last commit by kriswallsmith and improved dealing with original names
[Form] Fixed variable scope when entering nested form helpers
[Form] Added tests for blocks/templates in the format _<ID>_(widget|row|label|...)
[Form] updated listener to check that data is an array
The form component should now guarantee to always pass an UploadedFile object to your model. There you can call getOriginalName() to retrieve the original name of the uploaded file. For security reasons, the real file name is a generated hash value.
This has been removed for several reasons:
* the framework does not know where the document root is and should not care
* as the document root was static, it was impossible to have several document roots depending on some business rules (see next one)
* sometimes, the document root is not under the web root directory (so the logic of getWebPath() is not always correct)
* the feature was not used anywhere in the core
* igorw/ipv6:
[HttpFoundation] minor optimization
minor adjustments suggested by vicb
[HttpFoundation] IPv6 support for RequestMatcher
[HttpFoundation] refactor RequestMatcherTest to use dataProvider
[Validator] use full iPv6 regex
[Validator] add IPv6 support to UrlValidator
[HttpFoundation] add IPv6 support to Request
[HttpFoundation] test Request::create with an IP as host name
[HttpFoundation] refactor Request::getClientIp test
* bschussek/form:
[Form] Automatically setting "data_class" option if objects are passed at the creation of a form
[Form] Improved the way passed data is handled in FormFactory
[Form] Simplified FileType code
[HttpFoundation] TemporaryStorage automatically creates the directory if it doesn't exist yet
[Form] Changed FormBuilder::build() to FormBuilder::create(). You hvae to pass the resulting builder to FormBuilder::add() manually now
[Form] Added FieldTypeValidatorExtension and fixed FQCN of DelegatingValidator
* lsmith77/request_format_tweaks:
added text/html to default format mapping
return "q" from splitHttpAcceptHeader() to enable more complex accept header negotiations
added support for setting a custom default format in Request::getRequestFormat()
* made the options array only for "global" options that are valid for all session storages
* changed the PDO session storage constructor signature to accept an array of options for DB configuration
* changed the storage_id to be the full service id, instead of just part of it
* removed the class parameter for session as it can be changed via the .class parameter (it was the only example in the framework)
* removed the configuration for the PDO session storage for now
* Funsational/master:
Update PDO session storage to check if any rows are updated when doing a session write. If no rows are udpated when performing a session write it generally means that we have created a new session id somewhere and we have not inserted into the database. This is the case for when calling regenerate_session_id() from the native session storage class. It will update the session id then call sessionWrite() to save the session but since the new session id does not exist in the DB, no rows are updated and any new session attributes such as security tokens are lost.
* hhamon/cookie_path_fix:
[Security] renamed Cookie::isHttponly() to Cookie::isHttpOnly()
[HttpKernel] renamed Cookie::isHttponly() to Cookie::isHttpOnly()
[BrowserKit] renamed Cookie::isHttponly() to Cookie::isHttpOnly()
[HttpFoundation] fix cookie path default value to / and added some new unit tests to cover the class
* DuoSRX/code-coverage:
[HttpFoundation] Fixed a typo in response->setLastModified()
[HttpFoundation] Added some more tests on response
[HttpFoundation] Added some tests on Response
[HttpFoundation] Replace a duplicated test with a method in Response
Fixed code coverage generation when resources folder are deeper
The Response is not available in the DIC anymore.
When you need to create a response, create an instance of
Symfony\Component\HttpFoundation\Response instead.
As a side effect, the Controller::createResponse() and Controller::redirect()
methods have been removed and can easily be replaced as follows:
return $this->createResponse('content', 200, array('foo' => 'bar'));
return new Response('content', 200, array('foo' => 'bar'));
return $this->redirect($url);
return Response::createRedirect($url);
Without this patch, if you call __toString() on a Response,
the content-type auto-detection would never be trigerred
as __toString() changes the default content-type.
This commit breaks functional tests in Symfony\Component\HttpKernel\HttpCache\HttpCacheTest.php. I tried to fix functional tests but I didn\'t manage to. For your information, the "try { } catch" block in the HttpKernel\HttpCache::lookup() method seems strange because I suspect line 274 to never leverage any exception...
The Request constructor no longer uses values from PHP's super globals. If you want a Request populated with these values you must use the new static method Request::fromGlobals().
Your front controllers (i.e. web/app.php, web/app_dev.php ...) will need to be updated:
// old
$kernel->handle(new Request())->send();
// new
$kernel->handle(Request::fromGlobals())->send();
This adds lazy loading for firewall configurations. This is useful when you have multiple firewalls, only the firewalls which are actually needed to process the Request are initialized. So, your event dispatcher is not as costly to initialize anymore.
It also implements re-using of RequestMatchers if all matching rules are the same, and exposes the remaining rules which are already implemented by the request matcher (host, ip, methods) in the access-control section
The current `loadClass()` implementation tries to load a class from the first matching prefix then stops, producing false-negative results. This is especially evident in groups of related libraries, such as Doctrine:
Doctrine
Doctrine\Common
Doctrine\Common\DataFixtures
Doctrine\DBAL
Doctrine\DBAL\Migrations
Each of these libraries is submoduled into a different vendor directory. Depending on what order these libraries are added to a UniversalClassLoader instance, classes may or may not actually be loaded. This fix continues searching registered namespaces and prefixes if the first partial match is negative.
Original explanation from pull request:
I'm Using symfony2 with URL Rewriting to 'hide' index.php.
On form authentication, symfony2 redirect to http://host:port/index.php/login_path instead of http://host:port/login_path. I do understand that, in my case, redirect is set into one of :
FormAuthenticationEntryPoint with getUriForPath()
FormAuthenticationListener with getUriForPath()
Security/Firewal/ExceptionListener with getUri()
This path modify getUri and getUriForPath to :
remove default port from URI
remove script name if not initially present
When an object has a "main" many relation with related "things" (objects,
parameters, ...), the method names are normalized:
* get()
* set()
* all()
* replace()
* remove()
* clear()
* isEmpty()
* add()
* register()
* count()
* keys()
The classes below follow this method naming convention:
* BrowserKit\CookieJar -> Cookie
* BrowserKit\History -> Request
* Console\Application -> Command
* Console\Application\Helper\HelperSet -> HelperInterface
* DependencyInjection\Container -> services
* DependencyInjection\ContainerBuilder -> services
* DependencyInjection\ParameterBag\ParameterBag -> parameters
* DependencyInjection\ParameterBag\FrozenParameterBag -> parameters
* DomCrawler\Form -> FormField
* EventDispatcher\Event -> parameters
* Form\FieldGroup -> Field
* HttpFoundation\HeaderBag -> headers
* HttpFoundation\ParameterBag -> parameters
* HttpFoundation\Session -> attributes
* HttpKernel\Profiler\Profiler -> DataCollectorInterface
* Routing\RouteCollection -> Route
* Security\Authentication\AuthenticationProviderManager -> AuthenticationProviderInterface
* Templating\Engine -> HelperInterface
* Translation\MessageCatalogue -> messages
The usage of these methods are only allowed when it is clear that there is a
main relation:
* a CookieJar has many Cookies;
* a Container has many services and many parameters (as services is the main
relation, we use the naming convention for this relation);
* a Console Input has many arguments and many options. There is no "main"
relation, and so the naming convention does not apply.
For many relations where the convention does not apply, the following methods
must be used instead (where XXX is the name of the related thing):
* get() -> getXXX()
* set() -> setXXX()
* all() -> getXXXs()
* replace() -> setXXXs()
* remove() -> removeXXX()
* clear() -> clearXXX()
* isEmpty() -> isEmptyXXX()
* add() -> addXXX()
* register() -> registerXXX()
* count() -> countXXX()
* keys()
The PHP native cache limiter feature has been disabled as this is now managed
by the HeaderBag class directly instead (see below.)
The HeaderBag class uses the following rules to define a sensible and
convervative default value for the Response 'Cache-Control' header:
* If no cache header is defined ('Cache-Control', 'ETag', 'Last-Modified',
and 'Expires'), 'Cache-Control' is set to 'no-cache';
* If 'Cache-Control' is empty, its value is set to "private, max-age=0,
must-revalidate";
* But if at least one 'Cache-Control' directive is set, and no 'public' or
'private' directives have been explicitely added, Symfony2 adds the
'private' directive automatically (except when 's-maxage' is set.)
So, remember to explicitly add the 'public' directive to 'Cache-Control' when
you want shared caches to store your application resources:
// The Response is private by default
$response->setEtag($etag);
$response->setLastModified($date);
$response->setMaxAge(10);
// Change the Response to be public
$response->setPublic();
// Set cache settings in one call
$response->setCache(array(
'etag' => $etag,
'last_modified' => $date,
'max_age' => 10,
'public' => true,
));
The idea of a string port is probably semantically wrong, but it actually follows the convention of at least some web servers ($_SERVER['SERVER_PORT'] is actually a string). And since the $port variable is used as a string in getHttpHost(), it's correct to allow the types not to match.
Some explanations on how it works now:
* The Session is an optional dependency of the Request. If you create the
Request yourself (which is mandatory now in the front controller) and if
you don't inject a Session yourself (which is recommended if you want the
session to be configured via dependency injection), the Symfony2 Kernel
will associate the Session configured in the Container with the Request
automatically.
* When duplicating a request, the session is shared between the parent and
the child (that's because duplicated requests are sub-requests of the main
one most of the time.) Notice that when you use ::create(), the behavior is
the same as for the constructor; no session is attached to the Request.
* Symfony2 tries hard to not create a session cookie when it is not needed
but a Session object is always available (the cookie is only created when
"something" is stored in the session.)
* Symfony2 only starts a session when:
* A session already exists in the request ($_COOKIE[session_name()] is
defined -- this is done by RequestListener);
* There is something written in the session object (the cookie will be sent
to the Client).
* Notice that reading from the session does not start the session anymore (as
we don't need to start a new session to get the default values, and because
if a session exists, it has already been started by RequestListener.)
This fixes a bug in UniversalClassLoader when attempting to autoload class names with leading slashes:
$namespacedClass = "\\Foo\\Bar";
$pearlikeClass = "\\Foo_Bar";
$namespaced = new $namespacedClass();
$pearlike = new $pearlikeClass();
`UniversalClassLoader::loadClass()` was unable to load PEAR-like classes with leading slashes because it found the slash and assumed that the requested class was namespaced. It was unable to load namespaced classes with leading slashes because it would look them up in the autoloader's registered namespaces, and was unable to match '\Foo' to 'Foo'. One (ugly) workaround for the namespaced classes was to register all namespaces twice:
$loader->registerNamespaces(array(
'Foo' => __DIR__ . '/lib',
'\Foo' => __DIR__ . '/lib',
));
But that's not very pretty, nor does it solve the bug with PEAR-like classes. Stripping the leading slash before trying to autoload allows UniversalClassLoader to load both namespaced and PEAR-like classes.