This PR was merged into the 2.0 branch.
Commits
-------
ac77c5b [Form] Updated checks for the ICU version from 4.5+ to 4.7+ due to test failures with ICU 4.6
Discussion
----------
[Form] Updated checks for the ICU version from 4.5+ to 4.7+
Bug fix: no
Feature addition: no
Backwards compatibility break: no
Symfony2 tests pass: yes
Fixes the following tickets: -
Todo: -
License of the code: MIT
Documentation PR: -
Bug fix: no
Feature addition: no
Backwards compatibility break: no
Symfony2 tests pass: no, but fails exactly the same as without this fix
Fixes the following tickets: -
Todo: -
License of the code: MIT
Documentation PR: symfony/symfony-docs#1958
This PR was merged into the master branch.
Commits
-------
1858b96 [Form] Adapted FormValidator to latest changes in the Validator
1f752e8 [DoctrineBridge] Adapted UniqueValidator to latest changes in the Validator
efe42cb [Validator] Refactored the GraphWalker into an implementation of the Visitor design pattern.
Discussion
----------
[Validator] Refactored the Validator for use in Drupal
Bug fix: no
Feature addition: no
Backwards compatibility break: yes
Symfony2 tests pass: yes
Fixes the following tickets: -
Todo: -
License of the code: MIT
Documentation PR: TODO
Drupal wants to use the Symfony Validator component in their next version. I was talking to @fago recently about the changes that we'd need to make and implemented these changes in this PR. I don't want to rush this, but the deadline is tight, since Drupal feature freeze is on December 1st and @fago needs at least a couple of days to integrate the Validator into Drupal.
This PR introduces two significant changes:
* Interfaces were created for all classes that constitute the Validator's API. This is were the PR breaks BC, because `ConstraintValidatorInterface::initialize()` is now type hinted against `ExecutionContextInterface` instead of `ExecutionContext`.
* The graph walker was refactored into an implementation of the Visitor pattern. This way, the validator was decoupled from the structure of the metadata (class → properties and getter methods) and makes it possible to implement a different metadata structure, as is required by the Drupal Entity API.
As a consequence of the API change, custom validation code is now much easier to write, because `ValidatorInterface` and `ExecutionContextInterface` share the following set of methods:
```php
interface ValidatorInterface
{
public function validate($value, $groups = null, $traverse = false, $deep = false);
public function validateValue($value, $constraints, $groups = null);
public function getMetadataFor($value);
}
interface ExecutionContextInterface
{
public function validate($value, $subPath = '', $groups = null, $traverse = false, $deep = false);
public function validateValue($value, $constraints, $subPath = '', $groups = null);
public function getMetadataFor($value);
}
```
No more juggling with property paths, no more fiddling with the graph walker. Just call on the execution context what you'd call on the validator and you're done.
There are two controversial things to discuss and decide (cc @fabpot):
* I moved the `@api` tags of all implementations to the respective interfaces. Is this ok?
* I would like to deprecate `ValidatorInterface::getMetadataFactory()` (tagged as `@api`) in favor of the added `ValidatorInterface::getMetadataFor()`, which offers the exact same functionality, but with a different API and better encapsulation, which makes it easier to maintain for us. We can tag `getMetadataFor()` as `@api`, as I don't expect it to change. Can we do this or should we leave the old method in?
I would like to decide the major issues of this PR until **Sunday November 25th** in order to give @fago enough room for his implementation.
Let me hear your thoughts.
This PR was merged into the master branch.
Commits
-------
d1b5093 Try to make sure cookies get deleted from the TokenProvider when no longer in use
Discussion
----------
Delete cookies from the TokenProvider that is no longer in use
Bug fix: yes
Feature addition: no
Backwards compatibility break: no
Symfony2 tests pass: yes
Todo: -
License of the code: MIT
When the user logs in, or login fails for some reason, the old "remember me" cookie should be deleted from the TokenProvider if you are using the PersistentTokenBasedRememberMeServices.
As the code is now, the token is only deleted on logout.
---------------------------------------------------------------------------
by TerjeBr at 2012-11-20T13:45:54Z
So, anything else that needs to be done before this is merged?
---------------------------------------------------------------------------
by TerjeBr at 2012-11-21T10:30:53Z
Ok, I have corrected the typo in the comment and squashed the commit.
---------------------------------------------------------------------------
by schmittjoh at 2012-11-21T10:36:29Z
btw, ``canceled`` (more American) and ``cancelled`` (more British) are both
correct English forms.
On Wed, Nov 21, 2012 at 11:30 AM, Terje Bråten <notifications@github.com>wrote:
> Ok, I have corrected the typo in the comment and squashed the commit.
>
> —
> Reply to this email directly or view it on GitHub<https://github.com/symfony/symfony/pull/6055#issuecomment-10592112>.
>
>
---------------------------------------------------------------------------
by schmittjoh at 2012-11-21T10:40:24Z
As a side-note have you verified that this does not break the cookie theft protection?
---------------------------------------------------------------------------
by TerjeBr at 2012-11-21T10:51:10Z
Yes, cookie theft protection is still there and is functioning well.
---------------------------------------------------------------------------
by TerjeBr at 2012-11-21T11:14:04Z
I am using this together with the DoctrineTokenProvider in issue #6057 in my own project and done some extensive testing on it.
---------------------------------------------------------------------------
by TerjeBr at 2012-11-23T10:30:34Z
Is this ready to be merged now?
This PR was squashed before being merged into the master branch (closes#6080).
Commits
-------
e477a2e Handle case of static controller method and controllers using magic __call() method
Discussion
----------
Handle case of static controller method and controllers using magic __call() method
Improve collecting controller details for edge cases where:
- controller is array, but contains class name and static method
- method doesn't exist, but is handled by magic __call() method
---------------------------------------------------------------------------
by fabpot at 2012-11-21T08:12:08Z
Can you add some unit tests?
---------------------------------------------------------------------------
by sli-systems at 2012-11-21T22:19:17Z
@pierredup
I disagree with the your comment about is_callable() only working with objects. The PHP docs state that the first argument is a callable, so it can be a string, array, closure, and perhaps more.
The test I added also shows that the code works as is :)
I've thought about your suggestion of adding reflection to look up the location of __call(). However, I think this doesn't really add a lot and only complicates matters. Also, as you can see in the new test, there is also __callStatic() to consider.
The fact that file/line are n/a is correct, because the most typical case will be that __call() and __callStatic() will delegate to some other method that might not even be in the same class/file (a subclass I would expect), IMHO.
@fabpot
Good catch about the '/'. I hope the test is complete enough. Looks more like an exercise on PHP callables than anything else, tho ;)
---------------------------------------------------------------------------
by pierredup at 2012-11-22T04:56:18Z
True that ````is_callable```` takes any callable argument, except in the one specific case where you have a ````__call()```` method, and pass an array with the first paramater as a string.
Take the following example:
class Controller {
public function __call($method, $arguments) {}
}
$controller = array('Controller', 'action');
var_dump(is_callable($controller));
Here ````is_callable($controller)```` will actually return ````false````, where if you have ````$controller = array(new Controller, 'action');```` it would return true.
Of course if you have a ````__callStatic```` method, then it would always return true.
Your tests doesn't seem to cover this use case
---------------------------------------------------------------------------
by sli-systems at 2012-11-22T20:27:05Z
Hmm, maybe. I have to admin that I do not know about this case. OTOH, if is_callable returns false is it really callable then? I would think this more of a PHP bug then?
I think I might have come across this case during coding, but then dismissed it because in that case FilterControllerEvent failed already before the data collector code is reached.
In FilterControllerEvent there is a check on is_callable and a LogicException is thrown if $controller is not callable.
So, is FilterControllerEvent wrong too then?
---------------------------------------------------------------------------
by pierredup at 2012-11-22T20:41:14Z
One would think that if is_callable returns false, then the controller isn't callable, but in the case I mentioned above, the controller is in fact callable. I also thought it was a bug with php, but the php-internals don't seem to think so.
The problem is, if you specify the class as a string, php looks for a static method, even if you have a __call method, it won't be registered.
I will have a look at the FilterControllerEvent to see if this use case applies there as well.
---------------------------------------------------------------------------
by sli-systems at 2012-11-22T20:50:32Z
Rather strange - if that is the case then using is_callable seems pretty pointless and the only way would be to try to execute the controller to find out if it is, in fact, callable...
---------------------------------------------------------------------------
by pierredup at 2012-11-22T20:51:07Z
Okay so it actually seems that the case above isn't callable after all. If the controller is specified as a string, then a static method need to exist. Hence why it works with __callStatic. Only when an instance of the class is specified, will it handle the __call method.
---------------------------------------------------------------------------
by sli-systems at 2012-11-22T20:57:55Z
So the tests are sufficient then?
---------------------------------------------------------------------------
by pierredup at 2012-11-22T20:59:22Z
Yes it is.
This happens when you just assume something without actually testing it :)
Sorry for the hassle
With this refactoring comes a decoupling of the validator from the structure of
the underlying metadata. This way it is possible for Drupal to use the validator
for validating their Entity API by using their own metadata layer, which is not
modeled as classes and properties/getter methods.
This PR was submitted for the master branch but it was merged into the 2.1 branch instead (closes#5028).
Commits
-------
5bfe757 Update src/Symfony/Component/Form/Extension/Core/Type/FileType.php
Discussion
----------
Update src/Symfony/Component/Form/Extension/Core/Type/FileType.php
fixed https://github.com/dustin10/VichUploaderBundle/issues/27
---------------------------------------------------------------------------
by bschussek at 2012-07-24T12:44:11Z
Thank you for the PR! Could you please add a test case?
---------------------------------------------------------------------------
by stfalcon at 2012-07-25T13:53:24Z
> Could you please add a test case?
And what to check? I added one static option :)
---------------------------------------------------------------------------
by bschussek at 2012-07-25T14:22:40Z
Whatever was the reason for adding the option ;) The test should fail when the option is not added and succeed when the option is there.
Probably it is sufficient to create a new field of type "file" in the test which comes prefilled with a `File` object.
```
$file = $this->getMock('Symfony\Component\HttpFoundation\File\File');
$this->factory->create('file', $file)
```
---------------------------------------------------------------------------
by stfalcon at 2012-11-15T12:32:01Z
sorry, it's bug in VichUploaderBundle
---------------------------------------------------------------------------
by stfalcon at 2012-11-21T17:00:59Z
or not :)
---------------------------------------------------------------------------
by stfalcon at 2012-11-22T19:47:34Z
@bschussek done! it was really a bug with FileType
---------------------------------------------------------------------------
by stfalcon at 2012-11-22T22:15:18Z
@stof who can merge it? I want close this bug https://github.com/dustin10/VichUploaderBundle/issues/27 :)
---------------------------------------------------------------------------
by stof at 2012-11-23T02:15:46Z
@stfalcon the rule is that only @fabpot merges PRs on symfony.
---------------------------------------------------------------------------
by stfalcon at 2012-11-23T10:12:05Z
@fabpot do you have a minute :)? it's simple PR but many people wait for it
This PR was merged into the 2.1 branch.
Commits
-------
82334d2 Force loader to be null or a EntityLoaderInterface
Discussion
----------
Force loader to be null or a EntityLoaderInterface
This PR was merged into the 2.0 branch.
Commits
-------
2d9a6fc Use Norm Data instead of Data
Discussion
----------
[Form] Use Norm Data instead of App Data
This listener is triggered when normalized data are binded.
We have to use $event->getForm()->getNormData() instead of $event->getForm()->getData().
I have made a new FormType having 'entity' as parent and having a NormTransformer. I encountered a problem in MergeCollectionListener when the request is binded.
My commit fix it.
This PR was merged into the 2.1 branch.
Commits
-------
84635bd [Form] allowed no type guesser to be registered
Discussion
----------
[Form] made the factory builder pass null when no type guesser registered
reopened#5422 against 2.1 as it's a bug fix
---------------------------------------------------------------------------
by stof at 2012-10-13T21:23:34Z
@fabpot anything left for this PR ?
---------------------------------------------------------------------------
by fabpot at 2012-10-14T09:41:29Z
@bamarni Can you add some unit tests and also update the FormExtensionInterface interface phpdoc as `getTypeGuesser` can now return `null`? Thanks. ping @bschussek
---------------------------------------------------------------------------
by bamarni at 2012-10-14T17:10:27Z
I've added a few tests covering this.
@fabpot : the phpdoc is already correct, it currently can return null, this only occurs with this convenient class.
---------------------------------------------------------------------------
by bschussek at 2012-10-16T07:43:41Z
This PR breaks FormFactory::createBuilderForProperty(), which expects a guesser to be present. Can you check the component for other uses of the guesser and add a null-check there?
---------------------------------------------------------------------------
by bamarni at 2012-10-16T10:57:54Z
I cannot find other places than the factory (searching for 'getTypeGuesser').
---------------------------------------------------------------------------
by bschussek at 2012-11-08T16:58:37Z
You should also adapt `FormRegistry::getTypeGuesser()` not to build a `FormTypeGuesserChain` if the array of guessers is empty. In that case it will return now `null` (adapt the doc block). We also need a different was of checking if the type guessers have already been parsed in FormRegistry. Otherwise the first if condition in `FormRegistry::getTypeGuesser()` will never become false. You could for example initialize the property `$guesser` to `false` and only set it to `null` after the first run of `getTypeGuesser()`.
---------------------------------------------------------------------------
by bamarni at 2012-11-08T18:40:00Z
good catch I had missed it! I've applied your suggestion in the latest commit. Do you see anything else before I squash?
---------------------------------------------------------------------------
by bschussek at 2012-11-08T18:45:15Z
A test for `FormRegistry::getTypeGuesser()` would of course be awesome.
---------------------------------------------------------------------------
by bamarni at 2012-11-08T18:52:13Z
Then it was already awesome! (see https://github.com/symfony/symfony/blob/master/src/Symfony/Component/Form/Tests/FormRegistryTest.php#L252)
I've also added one for the null case if it's what you meant.
This PR was merged into the master branch.
Commits
-------
e2a50ef [OptionsResolver] fix normalizer without corresponding option
5a53821 [OptionsResolver] fix removing normalizers
Discussion
----------
OptionsResolver: normalizer fix
setNormalizer() -> replace() -> all() would generate an error.
---------------------------------------------------------------------------
by bschussek at 2012-07-29T16:09:20Z
Thank you for the fix! Could you please add a test case?
---------------------------------------------------------------------------
by Tobion at 2012-07-30T15:42:26Z
There is another problem: setNormalizer() (without setting an option) -> all()
I suggest to simply ignore normalizers that have no corresponding option. Do you agree?
---------------------------------------------------------------------------
by Tobion at 2012-07-30T16:19:24Z
On the other hand, one could argue that a normalizer without option should also work like this:
```
$this->options->setNormalizer('foo', function (Options $options) {
return '';
});
$this->assertEquals(array('foo' => ''), $this->options->all());
```
But when having a normalizer that wants a previous value as param, it does not work (because there is none).
---------------------------------------------------------------------------
by stof at 2012-07-30T16:30:34Z
@Tobion according to github, this need to be rebased
---------------------------------------------------------------------------
by bschussek at 2012-07-30T19:16:48Z
I guess setNormalizer() should check whether the option is set and fail otherwise. The second possibility, as you say, is to ignore them in all(). I'd prefer whatever is more efficient.
---------------------------------------------------------------------------
by bschussek at 2012-07-30T19:17:27Z
But setting a normalizer without setting an option, and having that option appear in the final options, does not make sense if you ask me.
---------------------------------------------------------------------------
by Tobion at 2012-07-30T21:23:46Z
Well it could make sense. If you want to override/normalize an option to a given value however it has been overloaded by others or just not overloaded at all. This is what normalizers do. I think its more consistent than the other solutions.
Raising exception in setNormalizer would make the Class dependent on the order you call the methods, e.g. `setNormalizer(); set()` would not work. But the other way round would be ok.
Ignoring some normalizers in `all` would be strange because they are there but not applied under some circumstances.
---------------------------------------------------------------------------
by Tobion at 2012-07-30T21:42:40Z
Added the fix. If you disagree tell me.
---------------------------------------------------------------------------
by bschussek at 2012-08-04T09:30:18Z
> Raising exception in setNormalizer would make the Class dependent on the order you call the methods, e.g. `setNormalizer(); set()` would not work. But the other way round would be ok.
I think this would be a better solution. I dislike if the normalizer magically adds an option that does not exist. This could hide implementation error, e.g. when a refactoring removes an option, but the normalizer is forgotten. Can you throw an exception in this case?
Should we find use cases that rely on this to work, we can soften the behavior and remove the exception.
---------------------------------------------------------------------------
by Tobion at 2012-08-04T15:02:51Z
Well, that would also make it impossible to set a normalizer for on optional option in OptionsResolver.
So `setOptional` + `setNormalizers` would throw an exception which sounds counter-intuitive. Are you sure about that?
---------------------------------------------------------------------------
by Tobion at 2012-08-17T11:47:58Z
ping @bschussek
---------------------------------------------------------------------------
by Tobion at 2012-10-07T22:31:44Z
@bschussek ping
---------------------------------------------------------------------------
by stof at 2012-10-13T18:04:30Z
@bschussek ping
---------------------------------------------------------------------------
by Tobion at 2012-11-08T09:55:15Z
@bschussek please let's get this finished.
This PR was merged into the 2.0 branch.
Commits
-------
29bfa13 small fix of #5984 when the container param is not set
Discussion
----------
small fix of #5984 when the container param is not set
this can happen when the config for the router is unset, but this method does not need to depend on routing. reading an unset config would raise an exception.
---------------------------------------------------------------------------
by Tobion at 2012-11-19T20:44:31Z
Ops, I guess it's wrong. Travis will probably confirm this in a moment.
I will correct that.
---------------------------------------------------------------------------
by flojon at 2012-11-20T22:40:07Z
Yeah you changed the logic...
---------------------------------------------------------------------------
by Tobion at 2012-11-21T14:42:48Z
ok it's fixed.
This PR was merged into the master branch.
Commits
-------
b930066 Add Route::hasOption() and Route::hasRequirement() methods.
Discussion
----------
Add Route::hasOption() and Route::hasRequirement() methods.
It seems odd that there's a hasDefault() method but not for options and requirements. Drupal has logic that depends on the existence of a given requirement. So let's add that.
I think I got the coding standards right the first time for once... :-)
This PR was squashed before being merged into the 2.1 branch (closes#6079).
Commits
-------
bbeff54 Xliff with other node than source or target are ignored
Discussion
----------
Xliff with other node than source or target are ignored
Referring to the xliff XSD, the format can allow other nodes like <note>. Check only count is dangerous if others nodes are present, and we aren't sure that nodes are the two we wan't (source and target)
And the real problem if that if there is other node in translation, the translation is silently ignored.
---------------------------------------------------------------------------
by stloyd at 2012-11-20T17:44:47Z
You should add test that covers this, as well as #6078 should be closed (branch `2.1` is merged from time to time to `master`).
---------------------------------------------------------------------------
by xkobal at 2012-11-21T11:13:32Z
I have added a new node to xliff fixtures and edit test to be sure node isn't ignored.
this can happen when the config for the router is unset, but this method
does not need to depend on routing. reading an unset config would raise an exception.
This PR was submitted for the 2.1 branch but it was merged into the master branch instead (closes#5885).
Commits
-------
efc22a8 [HttpKernel] Added ability to set controller result in the kernel.view event
Discussion
----------
[HttpKernel] Added ability to set controller result in the kernel.view event
Added the method `GetResponseForControllerResultEvent:setControllerResult(array $controllerResult)` to allow kernel.view events to inject data into the result.
---------------------------------------------------------------------------
by stof at 2012-11-01T13:48:51Z
new features canot be added in the 2.1 branch, which is a maintenance branch and so receives only bugfixes.
---------------------------------------------------------------------------
by fabpot at 2012-11-02T07:13:56Z
I'm not opposed to the change but can you share your use case with us?
---------------------------------------------------------------------------
by ltouroumov at 2012-11-02T07:55:55Z
I have custom annotations that allow controller methods to be invoked before the actions is run (`@BeforeFilter`) and after the action is run (`@ViewFilter`) and after the response is sent (`@ResponseFilter`).
The view filter allows to alter the controller result for example to inject parent entities into the template.
If you need more details I suppose I could post the code but I would have to ask the boss first.
---------------------------------------------------------------------------
by ltouroumov at 2012-11-02T07:57:53Z
Also I fixed the missing dollar sign in the [`6ffea1dc1cfa23844c6d90a1bfa9a282d1807a61`](6ffea1dc1c) commit. But I can't seem to attach it to the pull request.
---------------------------------------------------------------------------
by henrikbjorn at 2012-11-02T08:12:20Z
Needs tests.
---------------------------------------------------------------------------
by ltouroumov at 2012-11-02T08:38:03Z
Is it really necessary to write a test for a simple setter ? I'm not opposed to testing, just looking for a justification. And should I create a new test case or is there one ?
---------------------------------------------------------------------------
by henrikbjorn at 2012-11-02T08:42:49Z
Since your code had a clear syntax error i think that a test is in order ;)
---------------------------------------------------------------------------
by ltouroumov at 2012-11-02T08:45:03Z
Can't argue with that !
Would putting it in `Symfony\Component\HttpKernel\Tests\EventListener\ControllerResponseTest` do the trick ?
---------------------------------------------------------------------------
by henrikbjorn at 2012-11-02T09:16:55Z
Sounds fair enough.
---------------------------------------------------------------------------
by ltouroumov at 2012-11-02T09:31:09Z
This tests covers my use case(s), but there might be others I didn't think of.
---------------------------------------------------------------------------
by ludekstepan at 2012-11-20T17:15:45Z
+1
Please merge into master, I have a use case for it, now I'm relying on a Reflection to set the private property, but that's really a dirty solution. The setter would be perfect!
This PR was submitted for the master branch but it was merged into the 2.1 branch instead (closes#6073).
Commits
-------
c1c822b Filesystem Component mirror symlinked directory fix
Discussion
----------
Filesystem Component mirror symlinked directory fix
Bug fix: yes
Feature addition: no
Backwards compatibility break: no
Symfony2 tests pass: yes
Fixes the following tickets:#6070
Todo:
License of the code: MIT
Documentation PR:
Because of the order in which file types (i.e. dir, link, file) are checked in the Filesystem component, symlinked directories get treated as directories instead of symlinks. As a result symlinked directories are not truly mirrored when performing a php app/console assets:install. This PR checks that a file is a symlink BEFORE checking that its a directory and properly symlinks as necessary.
This PR was merged into the 2.1 branch.
Commits
-------
915dd30 info about session namespace
4b21d18 fix upgrade info about locale
Discussion
----------
fix upgrade info about locale
it duplicated the header and had an irrelevant point inbetween
I also added an entry about session namespace.
This PR was merged into the 2.1 branch.
Commits
-------
0f4d8af [Process][Tests] fixed chainedCommandsOutput tests
Discussion
----------
[Process][Tests] fixed chainedCommandsOutput tests
Bug fix: no
Feature addition: no
Backwards compatibility break: no
Symfony2 tests pass: yes (previously no)
Fixes the following tickets: -
Todo: -
License of the code: MIT
Currently, if you run the Process Component tests on an OS where echo does not support the -n option (like MacOS X), they will fail.
This PR fix that by using only a simple echo which is universal.
This PR was merged into the 2.0 branch.
Commits
-------
64b54dc Use better default ports in urlRedirectAction
64216f2 Add tests for urlRedirectAction
Discussion
----------
Default to current port in urlRedirectAction
I was a bit surprised when I used urlRedirectAction from a non-standard port (8000) it redirected me to port 80. I would argue that the default should be to use the current port instead. This is a simple patch to change that. This should only break in the case someone is relying on the current default to redirect from a non-standard port to the standard port, which should be a really rare case...
---------------------------------------------------------------------------
by Tobion at 2012-11-11T20:29:54Z
The idea is right but the implementation not. Seems this patch is not as "simple" as you said.
When you're on HTTPS and want to redirect to $scheme = HTTP, then it still uses the current HTTPS port which is wrong.
---------------------------------------------------------------------------
by flojon at 2012-11-11T20:36:47Z
Ah, I see the problem. So I guess the correct behavior would be to use the current port if staying with the same scheme or go to standard port if switching scheme. Unless the user has specified a port which will always override...
---------------------------------------------------------------------------
by Tobion at 2012-11-11T20:42:18Z
That would be the best solution that is currently possible but not the best solution that should be possible.
Because if you switch scheme but the other scheme does not use the standard port, it still doesn't work.
Ideally the Request class had an option that allows to define the ports symfony should use for HTTP and HTTPS.
This logic is in RequestContext, but it's not used here.
---------------------------------------------------------------------------
by flojon at 2012-11-11T21:32:55Z
Bummer, I forgot to check if the current port is a standard port...
---------------------------------------------------------------------------
by Tobion at 2012-11-11T21:35:13Z
add some tests
---------------------------------------------------------------------------
by flojon at 2012-11-11T23:28:18Z
Added tests and fixed my previous error
---------------------------------------------------------------------------
by flojon at 2012-11-15T18:25:12Z
@Tobion is there anything else I needed for this?
---------------------------------------------------------------------------
by fabpot at 2012-11-19T12:56:04Z
To be consistent with how we manage HTTP ports elsewhere, I'd rather use the values of the `request_listener.http_port` and `request_listener.https_port`:
```php
if (null === $httpPort) {
$httpPort = $this->container->getParameter('request_listener.http_port');
}
if (null === $httpsPort) {
$httpsPort = $this->container->getParameter('request_listener.https_port');
}
```
This is done in the `security.authentication.retry_entry_point` service and for the `router_listener` listener.
The parameter name is probably not the best one, but that could be changed then in master.
---------------------------------------------------------------------------
by flojon at 2012-11-19T13:49:18Z
@fabpot But then you would need to set that parameter manually right? It wouldn't automatically redirect you to the same port, which was what I wanted to achieve...
Could this be the right order of preference:
If a value was specified in the route use that.
Otherwise use the current port
unless switching scheme then use the parameter value
---------------------------------------------------------------------------
by fabpot at 2012-11-19T13:52:17Z
Your order of preference looks good to me.
---------------------------------------------------------------------------
by flojon at 2012-11-19T19:13:19Z
Man this was more involved than I thought... :)
Changed the logic to use the parameters when not using the current port. Also tried clean up the tests a little bit... Enjoy!
This PR was merged into the master branch.
Commits
-------
e39b709 [Routing] initialize the Route properties
Discussion
----------
[Routing] initialize the Route properties
They should normally be initialized anyway in the constructor. But when extending the Route (like in CMF) and using an ORM/ODM to persist them in the DB, the constructor is not called. Then a new property that is not saved like hostnamePattern stays null which in turn makes the RouteCompiler fails as it expects '' instead of null.
This PR was squashed before being merged into the master branch (closes#6063).
Commits
-------
d3d8ff4 [travis-ci] Zend Garbage Collection only for PHP5.4
Discussion
----------
[travis-ci] Zend Garbage Collection only for PHP5.4
They should normally be initialized anyway in the constructor. But when extending the Route (like in CMF) and using an ORM/ODM to persist them in the DB, the constructor is not called. Then a new property that is not saved like hostnamePattern stays null which in turn makes the RouteCompiler fails as it expects '' instead of null.
This PR was merged into the 2.0 branch.
Commits
-------
f2cbea3 [Security] remove escape charters from username provided by Digest DigestAuthenticationListener
80f6992 [Security] added test extra for digest authentication
d66b03c fixed CS
694697d [Security] Fixed digest authentication
c067586 [Security] Fixed digest authentication
Discussion
----------
Fix digest authentication
Bug fix: yes
Feature addition: no
Backwards compatibility break: no
Symfony2 tests pass: yes
Fixes the following tickets:
Todo: -
License of the code: MIT
Documentation PR: -
Replaces: #5485
This adds the missing fixes.
My only concerns is the ```\"``` removing.
```\"``` is only needed for the HTTP transport, but keeping them would require to also store the username with the escapes as well.
---------------------------------------------------------------------------
by fabpot at 2012-10-30T11:25:28Z
The digest authentication mechanism is not that widespread due to its limitation. And the transport is not HTTP, I think we are talking about very few cases.
---------------------------------------------------------------------------
by sstok at 2012-10-30T12:49:14Z
Apache seems to remove (ignore) escape characters.
```c
if (auth_line[0] == '=') {
auth_line++;
while (apr_isspace(auth_line[0])) {
auth_line++;
}
vv = 0;
if (auth_line[0] == '\"') { /* quoted string */
auth_line++;
while (auth_line[0] != '\"' && auth_line[0] != '\0') {
if (auth_line[0] == '\\' && auth_line[1] != '\0') {
auth_line++; /* escaped char */
}
value[vv++] = *auth_line++;
}
if (auth_line[0] != '\0') {
auth_line++;
}
}
else { /* token */
while (auth_line[0] != ',' && auth_line[0] != '\0'
&& !apr_isspace(auth_line[0])) {
value[vv++] = *auth_line++;
}
}
value[vv] = '\0';
}
```
But would this change be a BC break for people already using quotes but without a comma and thus they never hit this bug?
The change it self is minimum, just calling ```str_replace('\\\\', '\\', str_replace('\\"', '"', $value))``` when getting the username.
---------------------------------------------------------------------------
by fabpot at 2012-11-13T13:00:12Z
@sstok Doing the same as Apache seems the best option here (just document the BC break).
---------------------------------------------------------------------------
by sstok at 2012-11-15T16:05:00Z
Hopefully I did this correct, but the needed escapes seem correctly removed.
`\"` is changed to `"` `\\` is changed to `\`
`\'` it kept as it is, as this needs no correcting.
@Vincent-Simonin Can you verify please.
---------------------------------------------------------------------------
by Vincent-Simonin at 2012-11-19T09:28:18Z
Authentication didn't work with this configuration :
```
providers:
in_memory:
name: in_memory
users:
te"st: { password: test, roles: [ 'ROLE_USER' ] }
```
`te"st` was set in authentication form's user field.
(Must we also escape `"` in configuration file ?)
Tests were performed with nginx.
---------------------------------------------------------------------------
by sstok at 2012-11-19T09:33:34Z
Yes. YAML escapes using an duplicate quote, like SQL.
```yaml
providers:
in_memory:
name: in_memory
users:
"te""st": { password: test, roles: [ 'ROLE_USER' ] }
```