Using a hash as a salt provides unnecessarily low entropy, especially when using Symfony's recommended password encoder (bcrypt) which truncates salt at 22 chars, giving only 16^22 bits entropy. Using base64 instead provides _up to_ 256^30 bits (256^16 to bcrypt).
This change doesn't break compatibility with the built-in PasswordEncoderInterface implementations (message-digest, pbkdf2, bcrypt, plaintext), but it _might_ not work with some custom encoders if they've been assuming hexit salts. On balance I think it's fine since the commit this patches was only merged a few hours ago :D
* 2.6:
Fix small coding style
[2.3] Static Code Analysis for Components
[Form] fixed phpdoc
CS: Convert double quotes to single quotes
Fixed MongoODM entity loader. Improved loading behavior of entities and documents by reusing entity loader.
[Validator] added Japanese translation for unmatched charset (id: 80)
[WebProfilerBundle] fixed undefined buttons.
[WebProfilerBundle] Fix javascript toolbar on IE8
[DependencyInjection] Highest precedence for user parameters
bumped Symfony version to 2.6.6
[Translation][MoFileLoader] fixed load empty translation.
updated VERSION for 2.6.5
updated CHANGELOG for 2.6.5
bumped Symfony version to 2.3.27
updated VERSION for 2.3.26
update CONTRIBUTORS for 2.3.26
updated CHANGELOG for 2.3.26
[HttpKernel] UriSigner::buildUrl - default params for http_build_query
Conflicts:
src/Symfony/Bridge/Propel1/Tests/DataCollector/PropelDataCollectorTest.php
src/Symfony/Component/DependencyInjection/Dumper/PhpDumper.php
src/Symfony/Component/HttpKernel/Kernel.php
src/Symfony/Component/Security/Http/Firewall/AbstractPreAuthenticatedListener.php
src/Symfony/Component/Validator/Resources/translations/validators.ja.xlf
* 2.6:
[DependencyInjection] fixed service resolution for factories
[acl][command][SecurityBundle] Fixed user input option mode to be an Array
Conflicts:
src/Symfony/Component/DependencyInjection/Dumper/PhpDumper.php
This PR was merged into the 2.6 branch.
Discussion
----------
[acl][command][SecurityBundle] Fixed user input option mode to be an Array
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #13789
| License | MIT
| Doc PR |
User input option should always return an array, even if only one user is passed.
Commits
-------
bd17ef8 [acl][command][SecurityBundle] Fixed user input option mode to be an Array
* 2.6:
[HttpFoundation] MongoDbSessionHandler::read() now checks for valid session age
Changed visibility of setUp() and tearDown to protected
[WebProfilerBundle] Set debug+charset on the ExceptionHandler fallback
Added default button class
used HTML5 meta charset tag and removed hardcoded ones
Revert "bug #13715 Enforce UTF-8 charset for core controllers (WouterJ)"
fixed XSS in the exception handler
Php Inspections (EA Extended) - static code analysis includes:
[2.3] Remove most refs uses
Test with local components instead of waiting for the subtree-splitter when possible
Conflicts:
.travis.yml
* 2.3:
[HttpFoundation] MongoDbSessionHandler::read() now checks for valid session age
[WebProfilerBundle] Set debug+charset on the ExceptionHandler fallback
used HTML5 meta charset tag and removed hardcoded ones
Revert "bug #13715 Enforce UTF-8 charset for core controllers (WouterJ)"
Conflicts:
src/Symfony/Bundle/TwigBundle/Controller/ExceptionController.php
src/Symfony/Bundle/WebProfilerBundle/Controller/ProfilerController.php
src/Symfony/Component/HttpFoundation/Session/Storage/Handler/MongoDbSessionHandler.php
src/Symfony/Component/HttpFoundation/Tests/Session/Storage/Handler/MongoDbSessionHandlerTest.php
This PR was merged into the 2.7 branch.
Discussion
----------
[WebProfilerBundle] Replaced raster PNG icons with vector SVG icons
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #13298
| License | MIT
| Doc PR | -
Follow up of #13298 : inline svg is supported by the same browsers that support data-uri+svg
Commits
-------
00e3a42 Replaced raster PNG icons with vector SVG icons
* 2.6: (46 commits)
fixxed order of usage
[2.7] [Form] Replaced calls to array_search() by in_array() where is no need to get the index
[Process] Make test AbstractProcessTest::testStartAfterATimeout useful again
removed non-sense example
Fixes small typo.
[Validator] Remove unnecessary include in tests
[HttpFoundation] minor: clarify Request::getUrlencodedPrefix() regex
fixed typo
[Validator] fix DOS-style line endings
Drop useless execution bit
bumped Symfony version to 2.6.5
[Serializer] update changelog
updated VERSION for 2.6.4
updated CHANGELOG for 2.6.4
bumped Symfony version to 2.5.11
[HttpKernel] Added use of provided by #12022 method to instantiate controller class in bundle's controller resolver
updated VERSION for 2.5.10
updated CHANGELOG for 2.5.10
[Validator] Add a Russian translation for invalid charset message
[2.3] [Validator] spanish translation for invalid charset message
...
Conflicts:
src/Symfony/Bridge/Doctrine/Validator/Constraints/UniqueEntityValidator.php
src/Symfony/Component/HttpKernel/Exception/FatalErrorException.php
src/Symfony/Component/HttpKernel/Exception/FlattenException.php
src/Symfony/Component/HttpKernel/Kernel.php
src/Symfony/Component/Routing/Tests/Generator/UrlGeneratorTest.php
src/Symfony/Component/Validator/Resources/translations/validators.de.xlf
src/Symfony/Component/Validator/Resources/translations/validators.en.xlf
src/Symfony/Component/Validator/Resources/translations/validators.es.xlf
src/Symfony/Component/Validator/Resources/translations/validators.fr.xlf
src/Symfony/Component/Validator/Resources/translations/validators.pl.xlf
src/Symfony/Component/Validator/Resources/translations/validators.ru.xlf
src/Symfony/Component/Validator/Resources/translations/validators.sl.xlf
This PR was merged into the 2.7 branch.
Discussion
----------
[Form] Deprecated setDefaultOptions() in favor of configureOptions()
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | yes
| Tests pass? |
| Fixed tickets | #12782
| License | MIT
| Doc PR | symfony/symfony-docs#4786
This tries to provide a compatible API with the depreciation of the OptionResolverInterface. I would like to have this in 2.6.2 but I think that might not be possible? To me I think we should always provide an API where you do not need to use deprecated classes.
Also can you think of any way to trigger errors on the use of the deprecated setDefaultOptions() method? Since it is usually overwritten without calling the parent class this might be tricky. Maybe only in the resolver if we can check if actual options has been resolved in a call to setDefaultOptions.
Commits
-------
3d43cae Deprecated setDefaultOptions() in favor of configureOptions()
* 2.6:
[WIP] Made help information of commands more consistent
[2.6] Added internal annotation on Descriptor classes
Made CLI help consistent
Made help information consistent
* 2.5:
[WIP] Made help information of commands more consistent
Made help information consistent
Conflicts:
src/Symfony/Bundle/FrameworkBundle/Command/TranslationUpdateCommand.php
src/Symfony/Component/Console/Tests/Fixtures/application_1.txt
src/Symfony/Component/Console/Tests/Fixtures/application_2.txt
src/Symfony/Component/Console/Tests/Fixtures/application_astext1.txt
src/Symfony/Component/Console/Tests/Fixtures/application_astext2.txt
src/Symfony/Component/Console/Tests/Fixtures/application_gethelp.txt
src/Symfony/Component/Console/Tests/Fixtures/application_run1.txt
This PR was merged into the 2.6 branch.
Discussion
----------
[2.6] Made help information of commands more consistent
Just like https://github.com/symfony/symfony/pull/13231, but then for commands added in 2.6
Commits
-------
57b08e4 Made CLI help consistent
* 2.3:
[WIP] Made help information of commands more consistent
Conflicts:
src/Symfony/Bundle/FrameworkBundle/Command/CacheClearCommand.php
src/Symfony/Bundle/FrameworkBundle/Command/TranslationUpdateCommand.php
src/Symfony/Bundle/TwigBundle/Command/LintCommand.php
src/Symfony/Component/Console/Tests/Fixtures/application_1.json
src/Symfony/Component/Console/Tests/Fixtures/application_2.json
This PR was squashed before being merged into the 2.3 branch (closes#13231).
Discussion
----------
[WIP] Made help information of commands more consistent
| Q | A
| --- | ---
| Test pass | Not yet
| License | MIT
| Fixed tickets | -
Commits
-------
602d687 [WIP] Made help information of commands more consistent
* 2.5:
[2.3] Remove useless tests skips
[ClassLoader] removes deprecated classes from documentation.
[ClassLoader] added missing deprecation notice.
[HttpFoundation] Fix an issue caused by php's Bug #66606.
[Yaml] Update README.md
Don't add Accept-Range header on unsafe HTTP requests
simplify hasScheme method
adapted merge to 2.5
adapted previous commit for 2.3
[Security] Don't send remember cookie for sub request
[Security] fixed wrong phpdoc
[HttpKernel] Fix UriSigner::check when _hash is not at the end of the uri
[2.3] Cleanup deprecations
Conflicts:
src/Symfony/Bundle/FrameworkBundle/composer.json
src/Symfony/Bundle/WebProfilerBundle/Resources/views/Collector/logger.html.twig
src/Symfony/Component/HttpKernel/composer.json
* 2.6:
Use PHPUnit ini_set wrapper in tests
[Process] Added a test skip check for Windows
[Process] Removed unused variable assignment
Fixes various phpdoc and coding standards.
Fixes Issue #13184 - incremental output getters now return empty strings
Updated copyright to 2015
Updated copyright to 2015
Updated copyright to 2015
[VarDumper] increase debug.max_items to 2500
[Debug] Update exception messages.
use value of DIRECTORY_SEPARATOR to detect Windows
force ExpressionLanguage version >= 2.6
[Debug] fixes ClassNotFoundFatalErrorHandler to correctly handle class not found errors with Symfony ClassLoader component autoloaders.
Clarify a comment.
use PHP_WINDOWS_VERSION_BUILD to detect Windows
Check if a field type_class is defined before using it.
Currently if you want to use inline bootstrap form rendering, this is usually enough:
Conflicts:
src/Symfony/Component/Debug/composer.json
* 2.5:
Use PHPUnit ini_set wrapper in tests
[Process] Added a test skip check for Windows
[Process] Removed unused variable assignment
Fixes various phpdoc and coding standards.
Fixes Issue #13184 - incremental output getters now return empty strings
Updated copyright to 2015
Updated copyright to 2015
Clarify a comment.
Conflicts:
src/Symfony/Component/HttpKernel/Fragment/EsiFragmentRenderer.php
* 2.3:
Use PHPUnit ini_set wrapper in tests
[Process] Added a test skip check for Windows
[Process] Removed unused variable assignment
Fixes various phpdoc and coding standards.
Fixes Issue #13184 - incremental output getters now return empty strings
Updated copyright to 2015
Conflicts:
src/Symfony/Bridge/Doctrine/Form/ChoiceList/EntityChoiceList.php
src/Symfony/Bridge/Propel1/Form/ChoiceList/ModelChoiceList.php
src/Symfony/Bundle/TwigBundle/Command/LintCommand.php
src/Symfony/Component/Debug/ExceptionHandler.php
src/Symfony/Component/Process/Tests/AbstractProcessTest.php
* 2.3:
[Form] Remove a redundant test.
use value of DIRECTORY_SEPARATOR to detect Windows
Conflicts:
src/Symfony/Component/Console/Application.php
src/Symfony/Component/Filesystem/Tests/FilesystemTest.php
src/Symfony/Component/Form/Tests/Extension/Csrf/Type/FormTypeCsrfExtensionTest.php
src/Symfony/Component/Process/Process.php
This PR was merged into the 2.3 branch.
Discussion
----------
[2.3] for consistency, use value of DIRECTORY_SEPARATOR to detect Windows
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
This commit unifies the detection of Windows builds across the Symfony
codebase.
Commits
-------
20a427d use value of DIRECTORY_SEPARATOR to detect Windows
* 2.6: (21 commits)
Updated generateSql tool
Fix grammar
Fix the implementation of deprecated Locale classes
Fix phpdoc and coding standards
Replace usages of the deprecated TypeTestCase by the new one
Remove usages of deprecated constants
Update functional tests to use the PSR NullLogger
fix regression in form tests after pr #13027 | Q | A | ------------- | --- | Bug fix? | yes | New feature? | no | BC breaks? | no | Deprecations? | no | Tests pass? | yes | Fixed tickets | - | License | MIT | Doc PR | -
Make fabbot happy
Clean up testing
No global state for isolated tests and other fixes
No global state for isolated tests and other fixes
fix#10054 - form data collector with dynamic fields
[TwigBundle] Moved the setting of the default escaping strategy from the Twig engine to the Twig environment
[Debug] fix checkip6
[HttpFoundation] fixed error when an IP in the X-Forwarded-For HTTP header contains a port
Update the note about origins of the CssSelector component.
Use the correct cssselect library name in docblocks.
Fix wrong DateTransformer timezone param for non-UTC configuration. #12808
[Form] Add further timezone tests for date type
...
Conflicts:
src/Symfony/Component/Locale/Locale.php
src/Symfony/Component/Locale/composer.json
* 2.5:
Updated generateSql tool
Fix the implementation of deprecated Locale classes
Fix phpdoc and coding standards
Replace usages of the deprecated TypeTestCase by the new one
Remove usages of deprecated constants
Update functional tests to use the PSR NullLogger
fix regression in form tests after pr #13027 | Q | A | ------------- | --- | Bug fix? | yes | New feature? | no | BC breaks? | no | Deprecations? | no | Tests pass? | yes | Fixed tickets | - | License | MIT | Doc PR | -
Make fabbot happy
Clean up testing
No global state for isolated tests and other fixes
No global state for isolated tests and other fixes
fix#10054 - form data collector with dynamic fields
[TwigBundle] Moved the setting of the default escaping strategy from the Twig engine to the Twig environment
[Debug] fix checkip6
[HttpFoundation] fixed error when an IP in the X-Forwarded-For HTTP header contains a port
Update the note about origins of the CssSelector component.
Use the correct cssselect library name in docblocks.
[DomCrawler] fixed bug #12143
Conflicts:
src/Symfony/Bundle/FrameworkBundle/Templating/GlobalVariables.php
src/Symfony/Component/Serializer/Normalizer/DenormalizableInterface.php
* 2.3:
Updated generateSql tool
Fix the implementation of deprecated Locale classes
Fix phpdoc and coding standards
Replace usages of the deprecated TypeTestCase by the new one
Remove usages of deprecated constants
Update functional tests to use the PSR NullLogger
Make fabbot happy
Clean up testing
[DomCrawler] fixed bug #12143
Conflicts:
src/Symfony/Bridge/Doctrine/Tests/Validator/Constraints/UniqueEntityValidatorTest.php
src/Symfony/Bundle/FrameworkBundle/Tests/Templating/TimedPhpEngineTest.php
src/Symfony/Bundle/TwigBundle/Tests/Loader/FilesystemLoaderTest.php
src/Symfony/Component/Console/Application.php
src/Symfony/Component/DomCrawler/Crawler.php
src/Symfony/Component/Form/Tests/Extension/Core/Type/CollectionTypeTest.php
src/Symfony/Component/Form/Tests/Extension/Csrf/Type/FormTypeCsrfExtensionTest.php
src/Symfony/Component/HttpKernel/Tests/Bundle/BundleTest.php
src/Symfony/Component/Serializer/Encoder/EncoderInterface.php
src/Symfony/Component/Serializer/Encoder/XmlEncoder.php
src/Symfony/Component/Validator/Tests/Mapping/ClassMetadataFactoryTest.php
* 2.5:
[FrameworkBundle] fix browserkit requirement
[TwigBridge] fix form requirement
[FrameworkBundle] fix http-foundation requirement
[CssSelector] added the license of the Python library we ported to PHP
[SecurityBundle] avoid unneeded work
Conflicts:
src/Symfony/Bridge/Twig/composer.json
src/Symfony/Bundle/FrameworkBundle/composer.json
src/Symfony/Component/HttpKernel/composer.json
* 2.3:
[TwigBridge] fix form requirement
[CssSelector] added the license of the Python library we ported to PHP
[SecurityBundle] avoid unneeded work
Conflicts:
src/Symfony/Bridge/Twig/composer.json
This PR was merged into the 2.7 branch.
Discussion
----------
[2.7] [SecurityBundle] replaced deprecated SecurityContextInterface dependency by new TokenStorageInterface instance in SecurityDataCollector. Also added unit tests suite for SecurityDataCollector class.
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | ~
| License | MIT
| Doc PR | ~
Commits
-------
337eb57 [SecurityBundle] replaced deprecated SecurityContextInterface dependency by new TokenStorageInterface instance in SecurityDataCollector. Also added unit tests suite for SecurityDataCollector class.
* 2.6:
[SecurityBundle] use TokenStorageInterface instead of deprecated SecurityContextInterface in SecurityDataCollector and added unit tests suite.
[WebProfilerBundle] Fixed IE8 support
Conflicts:
src/Symfony/Bundle/SecurityBundle/DataCollector/SecurityDataCollector.php
src/Symfony/Bundle/SecurityBundle/Resources/config/collectors.xml
This PR was squashed before being merged into the 2.3 branch (closes#13054).
Discussion
----------
[2.3] CS Fixes
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | N/A
| License | MIT
| Doc PR | N/A
##### This pull request provides some cs fixes.
Commits
-------
b521c20 [2.3] CS Fixes
This PR was merged into the 2.6 branch.
Discussion
----------
[2.6] [SecurityBundle] use TokenStorageInterface instead of deprecated SecurityContextInterface in SecurityDataCollector and added unit tests suite.
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | ~
| License | MIT
| Doc PR | ~
Commits
-------
ea4cf33 [SecurityBundle] use TokenStorageInterface instead of deprecated SecurityContextInterface in SecurityDataCollector and added unit tests suite.
* 2.6: (23 commits)
[Config] adds missing « use » statement for InvalidTypeException type hint in documentation.
[Config] fixes broken unit test on ArrayNode class.
fixed CS
[Security] Delete old session on auth strategy migrate
skip if param "translator.logging" doesn't exist.
update required minimum TwigBridge version
Very minor grammar fix in error message
Added the function providers as container resources
[Tests] Silenced all deprecations in tests for 2.3
BinaryFileResponse - add missing newline
fixed CS
add a limit and a test to FlattenExceptionTest.
[DebugBundle] enable the DumpDataCollectorPass
[FrameworkBundle] Use debug namespace.
[FrameworkBundle] update debug commands references
skip compiler pass if interface doesn't exist
Unify the way to provide expression functions for the DI container
CS: There should be no empty lines following phpdocs
fix link format handling with disabled templating
[FrameworkBundle] fix cache:clear command
...
Conflicts:
src/Symfony/Bridge/Doctrine/phpunit.xml.dist
src/Symfony/Bridge/Monolog/phpunit.xml.dist
src/Symfony/Bridge/Propel1/phpunit.xml.dist
src/Symfony/Bridge/ProxyManager/phpunit.xml.dist
src/Symfony/Bridge/Twig/phpunit.xml.dist
src/Symfony/Bundle/FrameworkBundle/phpunit.xml.dist
src/Symfony/Bundle/SecurityBundle/phpunit.xml.dist
src/Symfony/Bundle/TwigBundle/phpunit.xml.dist
src/Symfony/Bundle/WebProfilerBundle/phpunit.xml.dist
src/Symfony/Component/BrowserKit/phpunit.xml.dist
src/Symfony/Component/ClassLoader/phpunit.xml.dist
src/Symfony/Component/Config/phpunit.xml.dist
src/Symfony/Component/Console/phpunit.xml.dist
src/Symfony/Component/CssSelector/phpunit.xml.dist
src/Symfony/Component/Debug/phpunit.xml.dist
src/Symfony/Component/DependencyInjection/phpunit.xml.dist
src/Symfony/Component/DomCrawler/phpunit.xml.dist
src/Symfony/Component/EventDispatcher/phpunit.xml.dist
src/Symfony/Component/Filesystem/phpunit.xml.dist
src/Symfony/Component/Finder/phpunit.xml.dist
src/Symfony/Component/Form/phpunit.xml.dist
src/Symfony/Component/HttpFoundation/phpunit.xml.dist
src/Symfony/Component/HttpKernel/phpunit.xml.dist
src/Symfony/Component/Intl/phpunit.xml.dist
src/Symfony/Component/Locale/phpunit.xml.dist
src/Symfony/Component/OptionsResolver/phpunit.xml.dist
src/Symfony/Component/Process/phpunit.xml.dist
src/Symfony/Component/PropertyAccess/phpunit.xml.dist
src/Symfony/Component/Routing/phpunit.xml.dist
src/Symfony/Component/Security/phpunit.xml.dist
src/Symfony/Component/Serializer/phpunit.xml.dist
src/Symfony/Component/Stopwatch/phpunit.xml.dist
src/Symfony/Component/Templating/phpunit.xml.dist
src/Symfony/Component/Translation/phpunit.xml.dist
src/Symfony/Component/Validator/phpunit.xml.dist
src/Symfony/Component/Yaml/phpunit.xml.dist
* 2.5:
[Config] adds missing « use » statement for InvalidTypeException type hint in documentation.
[Config] fixes broken unit test on ArrayNode class.
fixed CS
[Security] Delete old session on auth strategy migrate
update required minimum TwigBridge version
Very minor grammar fix in error message
[Tests] Silenced all deprecations in tests for 2.3
BinaryFileResponse - add missing newline
fixed CS
add a limit and a test to FlattenExceptionTest.
CS: There should be no empty lines following phpdocs
[FrameworkBundle] fix cache:clear command
[2.3] Docblocks should not be followed by a blank line
Fix return phpdoc
[PropertyAccess] Added test to verify #5775 is fixed
* 2.3:
[Config] adds missing « use » statement for InvalidTypeException type hint in documentation.
[Config] fixes broken unit test on ArrayNode class.
fixed CS
[Security] Delete old session on auth strategy migrate
update required minimum TwigBridge version
Very minor grammar fix in error message
[Tests] Silenced all deprecations in tests for 2.3
BinaryFileResponse - add missing newline
fixed CS
add a limit and a test to FlattenExceptionTest.
CS: There should be no empty lines following phpdocs
[FrameworkBundle] fix cache:clear command
[2.3] Docblocks should not be followed by a blank line
Fix return phpdoc
[PropertyAccess] Added test to verify #5775 is fixed
Conflicts:
src/Symfony/Bundle/TwigBundle/composer.json
src/Symfony/Component/PropertyAccess/Tests/PropertyAccessorTest.php
src/Symfony/Component/Security/Core/Tests/Validator/Constraints/UserPasswordValidatorTest.php
This PR was merged into the 2.7 branch.
Discussion
----------
Deprecations
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #12625, #12605, #12628, #12622, #12642, #12609, #12651, #12604, #12607, #12667, #12648
| License | MIT
| Doc PR | -
Cherry-picking some pending PRs to make them move forward
Commits
-------
badf8fc [Form] Log deprecation of constants, fixes#12607#126671d58df4 Fix deprecation notice on VirtualFormAwareIterator
e2a19ee Add a deprecation note about VirtualFormAwareIterator
ab4d9b8 Add a deprecation note about CsrfProviderInterface
cb70632 [HttpKernel] fix deprecation notice for Kernel::init()
b5a315d [HttpKernel] Added deprecated error to init()
70012c1 [Hackday] [2.7] Add a deprecation note about TypeTestCase
* 2.6:
[2.6] Test lowest versions of dependencies
Test lowest versions of dependencies
Fix placeholder date format
Test components using their lowest possible deps
* symfony/2.5:
Test lowest versions of dependencies
Test components using their lowest possible deps
Conflicts:
src/Symfony/Bridge/Twig/composer.json
src/Symfony/Bundle/FrameworkBundle/composer.json
src/Symfony/Bundle/SecurityBundle/composer.json
src/Symfony/Component/EventDispatcher/composer.json
src/Symfony/Component/HttpKernel/composer.json
src/Symfony/Component/Security/composer.json
This PR was squashed before being merged into the 2.3 branch (closes#12993).
Discussion
----------
[2.3] Docblocks should not be followed by a blank line
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | N/A
| License | MIT
| Doc PR | N/A
There should be no blank line(s) between phpdocs that document properties, interfaces, classes, functions, or traits. This pull request was a test run of a new php-cs-fixer: https://github.com/FriendsOfPHP/PHP-CS-Fixer/pull/864.
Commits
-------
4e7ba1b [2.3] Docblocks should not be followed by a blank line
This PR was merged into the 2.7 branch.
Discussion
----------
[DX][Profiler] Show the inherited roles in the web profiler
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #12892
| License | MIT
| Doc PR | -
Given the following role hierarchy configuration
````php
security:
role_hierarchy:
ROLE_SUPER_ADMIN: [ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH]
ROLE_ADMIN: [ROLE_EMPLOYEE]
ROLE_EMPLOYEE: [ROLE_SALES]
````
If you were checking the user roles in the web profiler as an user with the assigned
role `ROLE_ADMIN` you saw only the following output.
This was kind of tricky since pages where you were checking `is_granted('ROLE_EMPLOYEE')`
granted access. Debugging was hard for newcomers to the project if they did not understand
the role hierarchy.
With this adjustment you will see the assigned roles as well as the inherited roles separately as
follows:
Commits
-------
31dc672 Show the inherited roles in the web profiler
* 2.6: (24 commits)
[Form] fixed a maxlength overring on a guessing
[Debug] Show only unique class candidates
[SecurityBundle] Firewall providers building - code cleaning
[Filesystem] symlink use RealPath instead LinkTarget
[DependencyInjection] Remove duplicate declaration in PhpDumper
terminals are not interactive on Travis
Revert "[DependencyInjection] backport perf optim"
[WebProfiler] Tweaked ajax requests toolbar css reset
[WebProfilerBundle] replaced pattern to path attribute in routes definitions.
fix phpdoc's alignment
Fix missing addExpressionLanguageProvider (used by service container to add expression providers)
Fixed the AuthenticationProviderInterface alignment
Fixed the proxy-manager version constraint
Fix missing space in label_attr
fix DumpDataCollectorTest after CS changes
avoid risky tests
Fixed typo in SecurityContext PHPDoc
[FrameworkBundle][Template name] avoid error message for the shortcut notation.
[DependencyInjection] perf optim: call dirname() at most 5x
[DependencyInjection] backport perf optim
...
* 2.5:
[Form] fixed a maxlength overring on a guessing
[Debug] Show only unique class candidates
[SecurityBundle] Firewall providers building - code cleaning
[Filesystem] symlink use RealPath instead LinkTarget
[DependencyInjection] Remove duplicate declaration in PhpDumper
terminals are not interactive on Travis
Revert "[DependencyInjection] backport perf optim"
[WebProfilerBundle] replaced pattern to path attribute in routes definitions.
fix phpdoc's alignment
Fixed the AuthenticationProviderInterface alignment
Fixed the proxy-manager version constraint
[FrameworkBundle][Template name] avoid error message for the shortcut notation.
[DependencyInjection] perf optim: call dirname() at most 5x
[DependencyInjection] backport perf optim
Fixed#12845 adding a listener to an event that is currently being dispatched will not result into a fatal error in TraceableEventDispatcher [EventDispatcher]
[2.5] Remove possible call_user_func()
[2.3] Remove possible call_user_func()
Conflicts:
src/Symfony/Component/DependencyInjection/Dumper/PhpDumper.php
src/Symfony/Component/DependencyInjection/Tests/Fixtures/php/services1-1.php
src/Symfony/Component/DependencyInjection/Tests/Fixtures/php/services1.php
src/Symfony/Component/DependencyInjection/Tests/Fixtures/php/services11.php
src/Symfony/Component/DependencyInjection/Tests/Fixtures/php/services12.php
src/Symfony/Component/DependencyInjection/Tests/Fixtures/php/services8.php
src/Symfony/Component/DependencyInjection/Tests/Fixtures/php/services9.php
This PR was merged into the 2.3 branch.
Discussion
----------
[2.3] Remove possible call_user_func()
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
Merging this in 2.3 enhances performance a bit, but more importantly will ease future merges into 3.0.
Commits
-------
fad7aba [2.3] Remove possible call_user_func()
* 2.6: (25 commits)
Added information when an error occured during validation of an answer of a question
Adding note about known BC issues
Adding note about the PdoSessionHandler BC break
[Console] fixes some typos and phpdoc.
fix phpdoc's alignment
[2.6] CS Fixes And Removed An Unused Import
Minor phpcs fixes
[ClassLoader] Fix undefined index in ClassCollectionLoader
CS fixes
Revert "minor #12821 Remove deprecated class (MasterB)"
[2.3] More cs fixes
Removed unused imports
CS fixes
bumped Symfony version to 2.6.2
updated VERSION for 2.6.1
updated CHANGELOG for 2.6.1
bumped Symfony version to 2.5.9
updated VERSION for 2.5.8
update CONTRIBUTORS for 2.5.8
updated CHANGELOG for 2.5.8
...
Conflicts:
src/Symfony/Component/HttpKernel/Kernel.php
* 2.5:
CS fixes
[2.3] More cs fixes
Removed unused imports
CS fixes
bumped Symfony version to 2.5.9
updated VERSION for 2.5.8
update CONTRIBUTORS for 2.5.8
updated CHANGELOG for 2.5.8
bumped Symfony version to 2.3.24
updated VERSION for 2.3.23
update CONTRIBUTORS for 2.3.23
updated CHANGELOG for 2.3.23
Conflicts:
src/Symfony/Component/Console/Helper/ProgressBar.php
src/Symfony/Component/Debug/ErrorHandler.php
src/Symfony/Component/HttpKernel/Kernel.php
src/Symfony/Component/Security/Http/HttpUtils.php
src/Symfony/Component/Validator/Mapping/Factory/LazyLoadingMetadataFactory.php
* 2.3:
[2.3] More cs fixes
Removed unused imports
CS fixes
bumped Symfony version to 2.3.24
updated VERSION for 2.3.23
update CONTRIBUTORS for 2.3.23
updated CHANGELOG for 2.3.23
Conflicts:
src/Symfony/Bundle/FrameworkBundle/EventListener/SessionListener.php
src/Symfony/Bundle/SecurityBundle/DependencyInjection/MainConfiguration.php
src/Symfony/Component/HttpKernel/Kernel.php
src/Symfony/Component/HttpKernel/Tests/Bundle/BundleTest.php
src/Symfony/Component/Routing/Matcher/Dumper/PhpMatcherDumper.php
* 2.6:
Configure firewall's kernel exception listener with configured entry point or a default entry point
PSR-2 fixes
[DependencyInjection] make paths relative to __DIR__ in the generated container
[FrameworkBundle][Router Cmd] use debug namespace.
[FrameworkBundle] Update deprecated service call
Removed a dev annotation from a version constraint
Fixed the syntax of a composer.json file
Fixed the symfony/config version constraint
Tweaked the password-compat version constraint
Docblock fixes
[Filesystem] fix lock file permissions
Remove dialog usage
define constant only if it wasn't defined before
Fix incorrect spanish translation
Fixed typos
Fixed a docblock
bumped Symfony version to 2.6.1
updated VERSION for 2.6.0
updated CHANGELOG for 2.6.0
removed unneeded check
Conflicts:
src/Symfony/Component/HttpKernel/Kernel.php
* 2.5:
Configure firewall's kernel exception listener with configured entry point or a default entry point
PSR-2 fixes
[DependencyInjection] make paths relative to __DIR__ in the generated container
Fixed the syntax of a composer.json file
Fixed the symfony/config version constraint
Tweaked the password-compat version constraint
Docblock fixes
Remove dialog usage
define constant only if it wasn't defined before
Fix incorrect spanish translation
Fixed typos
Conflicts:
src/Symfony/Bundle/TwigBundle/Controller/ExceptionController.php
src/Symfony/Component/DependencyInjection/Dumper/PhpDumper.php
src/Symfony/Component/OptionsResolver/Options.php
src/Symfony/Component/OptionsResolver/OptionsResolverInterface.php
src/Symfony/Component/Process/ProcessPipes.php
src/Symfony/Component/Security/Http/Tests/Firewall/RememberMeListenerTest.php
src/Symfony/Component/Serializer/Normalizer/DenormalizableInterface.php
src/Symfony/Component/Validator/ConstraintViolation.php
src/Symfony/Component/Yaml/Inline.php
src/Symfony/Component/Yaml/Parser.php
* 2.3:
Configure firewall's kernel exception listener with configured entry point or a default entry point
PSR-2 fixes
[DependencyInjection] make paths relative to __DIR__ in the generated container
Fixed the syntax of a composer.json file
Fixed the symfony/config version constraint
Tweaked the password-compat version constraint
Docblock fixes
define constant only if it wasn't defined before
Fix incorrect spanish translation
Fixed typos
Conflicts:
composer.json
src/Symfony/Bridge/Twig/TwigEngine.php
src/Symfony/Bundle/FrameworkBundle/Controller/Controller.php
src/Symfony/Bundle/FrameworkBundle/Templating/Loader/FilesystemLoader.php
src/Symfony/Bundle/FrameworkBundle/composer.json
src/Symfony/Component/Console/Descriptor/MarkdownDescriptor.php
src/Symfony/Component/Console/Helper/TableHelper.php
src/Symfony/Component/Console/Tests/Helper/HelperSetTest.php
src/Symfony/Component/Debug/ErrorHandler.php
src/Symfony/Component/DependencyInjection/Dumper/PhpDumper.php
src/Symfony/Component/Finder/Tests/Iterator/RecursiveDirectoryIteratorTest.php
src/Symfony/Component/Form/Tests/Extension/Core/DataMapper/PropertyPathMapperTest.php
src/Symfony/Component/HttpFoundation/Response.php
src/Symfony/Component/HttpFoundation/StreamedResponse.php
src/Symfony/Component/HttpKernel/Controller/ControllerResolver.php
src/Symfony/Component/HttpKernel/Controller/ControllerResolverInterface.php
src/Symfony/Component/HttpKernel/Debug/TraceableEventDispatcher.php
src/Symfony/Component/HttpKernel/Fragment/RoutableFragmentRenderer.php
src/Symfony/Component/HttpKernel/Tests/DataCollector/RequestDataCollectorTest.php
src/Symfony/Component/Intl/NumberFormatter/NumberFormatter.php
src/Symfony/Component/Process/Process.php
src/Symfony/Component/Process/Tests/AbstractProcessTest.php
src/Symfony/Component/PropertyAccess/PropertyAccessorBuilder.php
src/Symfony/Component/Routing/Tests/Fixtures/validpattern.php
src/Symfony/Component/Security/Http/RememberMe/TokenBasedRememberMeServices.php
src/Symfony/Component/Security/composer.json
src/Symfony/Component/Serializer/Encoder/XmlEncoder.php
src/Symfony/Component/Serializer/Normalizer/GetSetMethodNormalizer.php
src/Symfony/Component/Stopwatch/StopwatchEvent.php
src/Symfony/Component/Stopwatch/StopwatchPeriod.php
src/Symfony/Component/Templating/PhpEngine.php
src/Symfony/Component/Templating/TemplateReference.php
src/Symfony/Component/Templating/TemplateReferenceInterface.php
src/Symfony/Component/Translation/TranslatorInterface.php
src/Symfony/Component/Validator/ConstraintViolation.php
src/Symfony/Component/Validator/ExecutionContextInterface.php
src/Symfony/Component/Validator/Mapping/ClassMetadata.php
src/Symfony/Component/Validator/MetadataFactoryInterface.php
* 2.6:
Extract an AbstractEventDispatcherTest from EventDispatcherTest and also use it in ContainerAwareEventDispatcherTest
[SecurityBundle] Authentication entry point is only registered with firewall exception listener, not with authentication listeners
be smarter when guessing the document root
Azerbaijani locale
Fixed grammar error in docblock
[HttpKernel] fix parse error in DumpDataCollector
[TwigBundle/DebugBundle] move dump extension & cleanups
Adjust upgrade file rendering
[Bridge/Propel1] Changed deps to accepts all upcoming propel1 versions
compare version using PHP_VERSION_ID
[Form] Add doc for FormEvents
*_timezone changes also affect the BirthdayType
don't override internal PHP constants
Drop support for model_timezone and view_timezone options in TimeType and DateType.
[DomCrawler] Added support for link tags in the Link class
[Session] Fix parameter names in WriteCheckSessionHandler
Add consistency with request type checking
[FrameworkBundle] Fix server run in case the router script does not exist
* 2.5:
[SecurityBundle] Authentication entry point is only registered with firewall exception listener, not with authentication listeners
be smarter when guessing the document root
Azerbaijani locale
Fixed grammar error in docblock
Adjust upgrade file rendering
[Bridge/Propel1] Changed deps to accepts all upcoming propel1 versions
compare version using PHP_VERSION_ID
[Form] Add doc for FormEvents
don't override internal PHP constants
[Session] Fix parameter names in WriteCheckSessionHandler
Add consistency with request type checking
[FrameworkBundle] Fix server run in case the router script does not exist
Conflicts:
composer.json
src/Symfony/Component/Debug/ErrorHandler.php
src/Symfony/Component/Debug/ExceptionHandler.php
* 2.3:
[SecurityBundle] Authentication entry point is only registered with firewall exception listener, not with authentication listeners
be smarter when guessing the document root
Azerbaijani locale
Fixed grammar error in docblock
Adjust upgrade file rendering
[Bridge/Propel1] Changed deps to accepts all upcoming propel1 versions
compare version using PHP_VERSION_ID
[Form] Add doc for FormEvents
don't override internal PHP constants
Conflicts:
UPGRADE-3.0.md
src/Symfony/Bundle/FrameworkBundle/Command/ServerRunCommand.php
src/Symfony/Component/Debug/ErrorHandler.php
src/Symfony/Component/HttpFoundation/Response.php
To let opcode caches optimize cached code, the `PHP_VERSION_ID`
constant is used to detect the current PHP version instead of calling
`version_compare()` with `PHP_VERSION`.
* 2.5:
Remove aligned '=>' and '='
Break infinite loop while resolving aliases
[Security][listener] change priority of switchuser
Improved the phpdoc for security token classes
bumped Symfony version to 2.5.7
updated VERSION for 2.5.6
updated CHANGELOG for 2.5.6
bumped Symfony version to 2.3.22
updated VERSION for 2.3.21
update CONTRIBUTORS for 2.3.21
updated CHANGELOG for 2.3.21
Conflicts:
src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/ConfigurationTest.php
src/Symfony/Bundle/SecurityBundle/DependencyInjection/Security/Factory/AbstractFactory.php
src/Symfony/Bundle/TwigBundle/Controller/ExceptionController.php
src/Symfony/Component/Debug/ErrorHandler.php
src/Symfony/Component/Debug/ExceptionHandler.php
src/Symfony/Component/Form/Extension/Core/Type/BaseType.php
src/Symfony/Component/Form/Extension/Core/Type/ChoiceType.php
src/Symfony/Component/Form/Extension/Core/Type/DateTimeType.php
src/Symfony/Component/Form/Extension/Core/Type/DateType.php
src/Symfony/Component/Form/Extension/Core/Type/TimeType.php
src/Symfony/Component/Form/Extension/Validator/Type/FormTypeValidatorExtension.php
src/Symfony/Component/HttpFoundation/Request.php
src/Symfony/Component/HttpFoundation/Session/Storage/Handler/MongoDbSessionHandler.php
src/Symfony/Component/HttpFoundation/Session/Storage/Handler/PdoSessionHandler.php
src/Symfony/Component/HttpKernel/Kernel.php
src/Symfony/Component/Security/Core/SecurityContextInterface.php
src/Symfony/Component/Security/Http/Authentication/DefaultAuthenticationFailureHandler.php
src/Symfony/Component/Security/Http/Authentication/DefaultAuthenticationSuccessHandler.php
src/Symfony/Component/Security/Http/Firewall/AnonymousAuthenticationListener.php
src/Symfony/Component/Serializer/Serializer.php
src/Symfony/Component/Validator/Constraints/File.php
This PR was squashed before being merged into the 2.3 branch (closes#12293).
Discussion
----------
Remove aligned '=>' and '='
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | [https://github.com/symfony/symfony/issues/12284]
| License | MIT
Could you said to me if i should make an other PR for 2.5 branch.
Commits
-------
51312d3 Remove aligned '=>' and '='
* 2.5:
enforce memcached version to be 2.1.0
[PropertyAccess] Simplified code
[FrameworkBundle] improve server:run feedback
[Form] no need to add the url listener when it does not do anything
[Form] Fix#11694 - Enforce options value type check in some form types
Lithuanian security translations
[SecurityBundle] Add trust_resolver variable into expression | Q | A | ------------- | --- | Bug fix? | [yes] | New feature? | [no] | BC breaks? | [no] | Deprecations? | [no] | Tests pass? | [yes] | Fixed tickets | [#12224] | License | MIT | Doc PR | [-]
[Router] Cleanup
Fixed UPGRADE-3.0.md markup
[FrameworkBundle] Fixed ide links
Add missing argument
[TwigBundle] do not pass a template reference to twig
[TwigBundle] show correct fallback exception template in debug mode
[TwigBundle] remove unused email placeholder from error page
use meta charset in layouts without legacy http-equiv
Conflicts:
src/Symfony/Bundle/TwigBundle/Controller/ExceptionController.php
* 2.3:
enforce memcached version to be 2.1.0
[FrameworkBundle] improve server:run feedback
[Form] no need to add the url listener when it does not do anything
[Form] Fix#11694 - Enforce options value type check in some form types
Lithuanian security translations
[Router] Cleanup
[FrameworkBundle] Fixed ide links
Add missing argument
[TwigBundle] do not pass a template reference to twig
[TwigBundle] show correct fallback exception template in debug mode
[TwigBundle] remove unused email placeholder from error page
use meta charset in layouts without legacy http-equiv
Conflicts:
src/Symfony/Bundle/TwigBundle/Loader/FilesystemLoader.php
src/Symfony/Bundle/TwigBundle/Resources/views/layout.html.twig
* 2.5:
fixed deps
[Debug] fixed class lookup when using PSR-0 with a target dir
fixed standalone tests
fixed standalone tests
[Validator] fixed component standalone tests
fixed standalone component tests depending on Validator and Form
fixed some composer.json to make standalone component tests pass
[SecurityBundle] fixed tests when used in standalone
* 2.4:
[Debug] fixed class lookup when using PSR-0 with a target dir
fixed standalone tests
fixed standalone tests
[Validator] fixed component standalone tests
fixed standalone component tests depending on Validator and Form
fixed some composer.json to make standalone component tests pass
[SecurityBundle] fixed tests when used in standalone
Conflicts:
src/Symfony/Component/HttpKernel/Tests/Bundle/BundleTest.php
src/Symfony/Component/Validator/composer.json
This PR was merged into the 2.6-dev branch.
Discussion
----------
[Security] make it possible to override the default success/failure handler
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #5432, #9272, #10417, #11926
| License | MIT
| Doc PR | symfony/symfony-docs#4258
Overriding the default success/failure handler of the security firewalls is possible via the `success_handler` and `failure_handler` setting but this approach is not flexible as it does not allow you to get the options/provider key.
To sum up the problem:
* Overriding the default success/failure handler is possible via a service;
* When not overridden, the default success/failure handler gets options and the provider key;
* Those options and the provider key are injected by the factory as they are dynamic (they depend on the firewall and the provider key), so getting those options/provider key is not possible for a custom service that is only configured via the container configuration;
* Extending the default handler does not help as the injection mechanism is only triggered when no custom provider is set;
* Wrapping the default handler is not possible as the service id is dynamic.
... and of course we need to keep BC and make it work for people extending the default handler but also for people just using the interface.
Instead of the current PR, I propose this slightly different approach. It's not perfect, but given the above constraint, I think this is an acceptable trade-of.
So, several use cases:
* Using the default handler (no change);
* Using a custom handler that implements `AuthenticationSuccessHandlerInterface` directly and does not need any options (no change);
* Using a custom handler that needs the options/provider key (that's the new use case this PR supports).
This PR introduces 2 new classes that wrap custom handlers. If those classes define the `setOptions()` and/or `setProviderKey()` methods, they are automatically called with the correct arguments. Yours handler does not need to extend the default handler `DefaultAuthentication*Handler`, but doing so helps as the setters are already defined there.
Commits
-------
810eeaf [Security] made it possible to override the default success/failure handler (take 2)
36116fc [Security] made it possible to override the default success/failure handler
This PR was squashed before being merged into the 2.6-dev branch (closes#10698).
Discussion
----------
[Security] Added a REMOTE_USER based listener to security firewalls
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | /
| License | MIT
| Doc PR | symfony/symfony-docs#3912
TODO
- [x] submit changes to the documentation
I've seen myself implementing a few times a REMOTE_USER based authentication listener, as a large part of security modules for Apache (Kerberos, CAS, and more) are providing the username via an environment variable.
So I thought this could benefit the whole community if directly included in the framework. It is very similar to the X509AuthenticationListener, and basing the RemoteUserAuthenticationListener on the AbstractPreAuthenticatedListener is relevant and very convenient.
Using the X509AuthenticationListener could be possible, but it is confusing to use it directly when your authentication is not certificate based.
Please let me know if I need to update anything.
Regards
Commits
-------
a2872f2 [Security] Added a REMOTE_USER based listener to security firewalls
* 2.5:
[2.3] Add missing development dependencies
Fix @return docs on HttpCache::restoreResponseBody()
[Finder] Escape location for regex searches
Make sure HttpCache is a trusted proxy
Conflicts:
src/Symfony/Component/Form/composer.json
* 2.4:
[2.3] Add missing development dependencies
Fix @return docs on HttpCache::restoreResponseBody()
[Finder] Escape location for regex searches
Make sure HttpCache is a trusted proxy
* 2.3:
[2.3] Add missing development dependencies
Fix @return docs on HttpCache::restoreResponseBody()
[Finder] Escape location for regex searches
Make sure HttpCache is a trusted proxy
Conflicts:
src/Symfony/Bridge/Doctrine/composer.json
src/Symfony/Bundle/FrameworkBundle/composer.json
src/Symfony/Bundle/SecurityBundle/composer.json
src/Symfony/Component/Form/composer.json
This PR was squashed before being merged into the 2.3 branch (closes#11340).
Discussion
----------
[2.3] Add missing development dependencies
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
I've also added a run of the test suite in every component scope.
Commits
-------
3b02af9 [2.3] Add missing development dependencies
* 2.5: (37 commits)
[Validator] Backported constraint validator tests from 2.5
[Validator] Backported constraint validator tests from 2.5
[DIC] Fixed: anonymous services are always private
Fix toolbar vertical alignment.
[HttpFoundation] MongoDbSessionHandler supports auto expiry via configurable expiry_field
[Validator] Fix little typo in ExecutionContextInterface::buildViolation() method comments
fix dependencies on HttpFoundation component
[FrameworkBundle] add missing attribute to XSD
Allow basic auth in url. Improve regex. Add tests.
fix typos and syntax in Profiler controller method comments
resolve parameters before the configs are processed
add symfony/yaml suggestion to composer.json
[HttpKernel] added an analyze of environment parameters for built-in server.
remove volatile tests
[Console] fixed style creation when providing an unknown tag option
change command to which available under most unix systems
add way to test command under windows
fix shell command injection
[Form] allowed CallbackTransformer to use callable
[Process] Added process synchronization to the incremental output tests
...
Conflicts:
src/Symfony/Component/Form/Extension/Validator/Constraints/FormValidator.php
src/Symfony/Component/HttpKernel/Kernel.php
src/Symfony/Component/HttpKernel/composer.json
src/Symfony/Component/Validator/Constraints/AllValidator.php
src/Symfony/Component/Validator/Constraints/CollectionValidator.php
src/Symfony/Component/Validator/Constraints/LegacyAllValidator.php
src/Symfony/Component/Validator/Constraints/LegacyCollectionValidator.php
src/Symfony/Component/Validator/Tests/Constraints/FileValidatorTest.php
This PR was merged into the 2.6-dev branch.
Discussion
----------
[DX] New service to simplify password encoding
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #11299
| License | MIT
| Doc PR | https://github.com/symfony/symfony-docs/pull/3995
This new service siplifies the way to encode a password. Just get the `security.password_encoder` service and encode the `User` password.
```php
$encoded = $this->container->get('security.password_encoder')
->encodePassword($user, $plainPassword);
$user->setPassword($encoded);
```
Commits
-------
7bc190a New service to simplify password encoding
This PR was merged into the 2.6-dev branch.
Discussion
----------
[Security] Allow exception bubbling in RememberMeListener
- Allow optional exception bubbling so that the exception listener has a chance to handle those exceptions
#### While at it
- Test for dispatching the InteractiveLogin event
- Smaller cleanups in the test
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | ye
| Fixed tickets | n.A.
| License | MIT
| Doc PR | n.A.
Commits
-------
fcb7f74 Allow exception bubbling in RememberMeListener
* 2.5:
added missing test
fixed CS
[HttpFoundation] Remove content-related headers if content is empty
bumped Symfony version to 2.5.2
bumped Symfony version to 2.4.8
updated VERSION for 2.5.1
updated CHANGELOG for 2.5.1
removed defaults from PHPUnit configuration
Conflicts:
src/Symfony/Component/HttpKernel/Kernel.php
* 2.4:
added missing test
fixed CS
[HttpFoundation] Remove content-related headers if content is empty
bumped Symfony version to 2.4.8
removed defaults from PHPUnit configuration
Conflicts:
src/Symfony/Component/HttpKernel/Kernel.php
* 2.5:
updated VERSION for 2.4.7
updated CHANGELOG for 2.4.7
bumped Symfony version to 2.3.18
updated VERSION for 2.3.17
update CONTRIBUTORS for 2.3.17
updated CHANGELOG for 2.3.17
added XSD to PHPUnit configuration
fix the return types
add missing docblock for ProcessBuilder::addEnvironmentVariables()
bug #11319 [HttpKernel] Ensure the storage exists before purging it in ProfilerTest
[Translation] Added unescaping of ids in PoFileLoader
updated italian translation for validation messages
[DomCrawler] Fix docblocks and formatting.
[DomCrawler] Remove the query string and the anchor of the uri of a link
Simplified the Travis test command
Remove Expression Language services when the component is unavailable
Added SK translations
[Console] Make sure formatter is the same
* 2.4:
updated VERSION for 2.4.7
updated CHANGELOG for 2.4.7
bumped Symfony version to 2.3.18
updated VERSION for 2.3.17
update CONTRIBUTORS for 2.3.17
updated CHANGELOG for 2.3.17
added XSD to PHPUnit configuration
add missing docblock for ProcessBuilder::addEnvironmentVariables()
bug #11319 [HttpKernel] Ensure the storage exists before purging it in ProfilerTest
[Translation] Added unescaping of ids in PoFileLoader
updated italian translation for validation messages
[DomCrawler] Fix docblocks and formatting.
[DomCrawler] Remove the query string and the anchor of the uri of a link
Simplified the Travis test command
Remove Expression Language services when the component is unavailable
[Console] Make sure formatter is the same
Conflicts:
src/Symfony/Component/HttpKernel/Kernel.php
* 2.3:
bumped Symfony version to 2.3.18
updated VERSION for 2.3.17
update CONTRIBUTORS for 2.3.17
updated CHANGELOG for 2.3.17
added XSD to PHPUnit configuration
bug #11319 [HttpKernel] Ensure the storage exists before purging it in ProfilerTest
[Translation] Added unescaping of ids in PoFileLoader
updated italian translation for validation messages
[DomCrawler] Fix docblocks and formatting.
[DomCrawler] Remove the query string and the anchor of the uri of a link
Simplified the Travis test command
[Console] Make sure formatter is the same
Conflicts:
src/Symfony/Component/HttpKernel/Kernel.php
This PR was merged into the 2.6-dev branch.
Discussion
----------
[SecurityBundle] added acl:set command
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | no
| License | MIT
| Doc PR | n/a
This new command allows to set ACL directly from the command line. This useful to quickly set up an environment and for debugging / maintenance purpose.
This PR also includes a functional test system for the ACL component. As an example, it is used to test the `acl:set` command.
The provided entity class is not mandatory (tests will still be green without it) but can be useful to test other ACL related things. I can remove it if necessary.
The instantiation of the `MaskBuilder` object is done in a separate method to be easily overridable to use a custom one (e.g. the SonataAdmin one).
Commits
-------
a702124 [SecurityBundle] added acl:set command
* 2.4:
made types consistent with those defined in Hack
made {@inheritdoc} annotations consistent across the board
made {@inheritdoc} annotations consistent across the board
fixed types in phpdocs
[Debug] Fixed ClassNotFoundFatalErrorHandler on windows.
made phpdoc types consistent with those defined in Hack
Add support Thai translations
[Validator] Add missing czech translations
made types consistent with those defined in Hack
removed extra/unsupported arguments
[HttpKernel] fixed an error message
[TwigBundle] removed undefined argument
[Translation] Make IcuDatFileLoader/IcuResFileLoader::load invalid resource compatible with HHVM.
Conflicts:
src/Symfony/Component/Console/Helper/TableHelper.php
src/Symfony/Component/DependencyInjection/Loader/XmlFileLoader.php
src/Symfony/Component/Form/FormError.php
src/Symfony/Component/HttpKernel/Debug/TraceableEventDispatcher.php
src/Symfony/Component/Process/ProcessPipes.php
src/Symfony/Component/PropertyAccess/PropertyAccessor.php
src/Symfony/Component/Security/Acl/Dbal/MutableAclProvider.php
src/Symfony/Component/Security/Http/RememberMe/TokenBasedRememberMeServices.php
src/Symfony/Component/Translation/Dumper/FileDumper.php
src/Symfony/Component/Validator/ConstraintViolation.php
src/Symfony/Component/Validator/Constraints/EmailValidator.php
src/Symfony/Component/Validator/ExecutionContextInterface.php
src/Symfony/Component/Validator/Mapping/BlackholeMetadataFactory.php
* 2.3:
made {@inheritdoc} annotations consistent across the board
fixed types in phpdocs
made phpdoc types consistent with those defined in Hack
Add support Thai translations
made types consistent with those defined in Hack
removed extra/unsupported arguments
[HttpKernel] fixed an error message
[TwigBundle] removed undefined argument
[Translation] Make IcuDatFileLoader/IcuResFileLoader::load invalid resource compatible with HHVM.
Conflicts:
src/Symfony/Bridge/ProxyManager/Tests/LazyProxy/Fixtures/php/lazy_service.php
src/Symfony/Bundle/FrameworkBundle/Command/ContainerDebugCommand.php
src/Symfony/Bundle/FrameworkBundle/Templating/Loader/FilesystemLoader.php
src/Symfony/Bundle/WebProfilerBundle/EventListener/WebDebugToolbarListener.php
src/Symfony/Component/Config/Definition/ReferenceDumper.php
src/Symfony/Component/Console/Helper/DescriptorHelper.php
src/Symfony/Component/Debug/ErrorHandler.php
src/Symfony/Component/Finder/Tests/Iterator/RecursiveDirectoryIteratorTest.php
src/Symfony/Component/Form/Extension/Core/DataTransformer/IntegerToLocalizedStringTransformer.php
src/Symfony/Component/Form/Tests/Extension/Core/DataMapper/PropertyPathMapperTest.php
src/Symfony/Component/HttpFoundation/Response.php
src/Symfony/Component/HttpFoundation/StreamedResponse.php
src/Symfony/Component/HttpKernel/Debug/TraceableEventDispatcher.php
src/Symfony/Component/HttpKernel/EventListener/ProfilerListener.php
src/Symfony/Component/HttpKernel/Fragment/FragmentHandler.php
src/Symfony/Component/HttpKernel/Fragment/RoutableFragmentRenderer.php
src/Symfony/Component/HttpKernel/Kernel.php
src/Symfony/Component/HttpKernel/Tests/Fixtures/KernelForTest.php
src/Symfony/Component/Intl/NumberFormatter/NumberFormatter.php
src/Symfony/Component/Security/Core/Authorization/AccessDecisionManager.php
src/Symfony/Component/Stopwatch/StopwatchPeriod.php
src/Symfony/Component/Translation/TranslatorInterface.php
src/Symfony/Component/Validator/ConstraintValidatorFactory.php
* 2.4: (52 commits)
Fix#8205 : Deprecate file mode update when calling dumpFile
Fix#10437: Catch exceptions when reloading a no-cache request
Fix libxml_use_internal_errors and libxml_disable_entity_loader usage
removed ini check to make uploadedfile work on gae
Update OptionsResolver.php
fixed comment in forms.xml file
Clean KernelInterface docblocks
Cast the group name as a string
Fixed doc of InitAclCommand
[Form] Fix "Array was modified outside object" in ResizeFormListener.
Fix IBAN validator
[Process] Remove unreachable code + avoid skipping tests in sigchild environment
Fixed bug that incorrectly causes the "required" attribute to be omitted from select even though it contains the "multiple" attribute
Added travis_retry to .travis.yml
[Process] fix some typos and refactor some code
[Process] Fix unit tests in sigchild disabled environment
[Process] Trow exceptions in case a Process method is supposed to be called after termination
fixed typo
[Process] fixed fatal errors in getOutput and getErrorOutput when process was not started
[Process] Fix escaping on Windows
...
Conflicts:
src/Symfony/Bundle/FrameworkBundle/Command/ServerRunCommand.php
src/Symfony/Component/Form/Extension/Core/EventListener/ResizeFormListener.php
src/Symfony/Component/Process/Process.php
src/Symfony/Component/Process/ProcessPipes.php
src/Symfony/Component/Process/Tests/AbstractProcessTest.php
* 2.3: (34 commits)
Fix#8205 : Deprecate file mode update when calling dumpFile
Fix#10437: Catch exceptions when reloading a no-cache request
Fix libxml_use_internal_errors and libxml_disable_entity_loader usage
removed ini check to make uploadedfile work on gae
Update OptionsResolver.php
fixed comment in forms.xml file
Clean KernelInterface docblocks
Cast the group name as a string
Fixed doc of InitAclCommand
[Form] Fix "Array was modified outside object" in ResizeFormListener.
Fix IBAN validator
[Process] Remove unreachable code + avoid skipping tests in sigchild environment
Fixed bug that incorrectly causes the "required" attribute to be omitted from select even though it contains the "multiple" attribute
Added travis_retry to .travis.yml
[Process] fix some typos and refactor some code
[Process] Fix unit tests in sigchild disabled environment
[Process] Trow exceptions in case a Process method is supposed to be called after termination
fixed typo
[Process] fixed fatal errors in getOutput and getErrorOutput when process was not started
[Process] Fix escaping on Windows
...
Conflicts:
src/Symfony/Component/DomCrawler/Crawler.php
src/Symfony/Component/Filesystem/Filesystem.php
src/Symfony/Component/Process/Process.php
* 2.4:
fixed various inconsistencies
reduced recursion when building DumperPrefixCollection
renamed variables - making next change more readable
removing dead code.
[ExpressionLanguage] added some tests for the built-in constant() function
[ExpressionLanguage] added some documentation about functions
[DomCrawler] Fixed filterXPath() chaining
[DomCrawler] Fixed incorrect handling of image inputs
* 2.3:
fixed various inconsistencies
reduced recursion when building DumperPrefixCollection
renamed variables - making next change more readable
removing dead code.
[DomCrawler] Fixed filterXPath() chaining
[DomCrawler] Fixed incorrect handling of image inputs
Conflicts:
src/Symfony/Component/DomCrawler/Crawler.php
src/Symfony/Component/EventDispatcher/Tests/EventDispatcherTest.php
src/Symfony/Component/Form/Extension/DependencyInjection/DependencyInjectionExtension.php
src/Symfony/Component/Serializer/Tests/Normalizer/CustomNormalizerTest.php
src/Symfony/Component/Templating/Tests/Loader/CacheLoaderTest.php
src/Symfony/Component/Templating/Tests/Loader/LoaderTest.php
* 2.4:
udpated LICENSE year
update year on licenses
rundown and typo fix
[Process] Fix#9861 : Revert TTY mode
[Form] Update minimal requirement in composer.json
Fix Empty translations with Qt files
[Console] Fixed command name guessing if an alternative is an alias.
Update UPGRADE-2.3.md to account for #9388
[WebProfilerBundle] Fixed profiler toolbar icons for XHTML.
[BrowserKit] Throw exception on invalid cookie expiration timestamp
[Propel1Bridge][ModelChoiceList] add exception message for invalid classes
* 2.4:
[Security] fixed pre/post authentication checks
fixed missing use statements
Updated lithuanian validator translation: changed vartotojas to naudotojas as it is more proper term.
Fixed CSS
[Intl] Added round support for ROUND_CEILING, ROUND_FLOOR, ROUND_DOWN, ROUND_UP
[HttpFoundation] Throw proper exception when invalid data is passed to JsonResponse class
addressed == -> === suggestion
Fixed#9020 - Added support for collections in service#parameters
fixes PSR-0 issues in tests
adjusted behavior to always copy override on url files
Skips test that need full lib-intl.
* 2.4:
fixed CS
fixed a typo
fixed CS for lambdas
[Yaml] fixed some license headers
Fixes message value for objects
Check for hour, minute & second validity
avoid tables to have apparently long blank line breaks and be too far appart for long nested array params
fixed various typos
[Filesystem] Fixed mirror for symlinks
[Validator] Removed duplicated test for IBAN in data provider
* 2.3:
fixed a typo
fixed CS for lambdas
[Yaml] fixed some license headers
Fixes message value for objects
Check for hour, minute & second validity
fixed various typos
[Filesystem] Fixed mirror for symlinks
[Validator] Removed duplicated test for IBAN in data provider
Conflicts:
src/Symfony/Bundle/FrameworkBundle/Command/ContainerDebugCommand.php
src/Symfony/Component/Console/Application.php
src/Symfony/Component/Debug/Tests/ErrorHandlerTest.php
src/Symfony/Component/Filesystem/Tests/FilesystemTest.php
src/Symfony/Component/HttpKernel/Tests/DependencyInjection/ContainerAwareHttpKernelTest.php
* 2.3:
[Locale] added support for the position argument to NumberFormatter::parse()
[Locale] added some more stubs for the number formatter
[Yaml] fixed typo
[Yaml] fixed a test on PHP < 5.4
[DomCrawler]Crawler guess charset from html
fixed PHP 5.3 compatibility
[Yaml] reverted previous merge partially (refs #8897)
[Security] remove unused logger
[Security] fix typo
[Yaml] Fixed filename in the ParseException message
* 2.2:
[Locale] added support for the position argument to NumberFormatter::parse()
[Locale] added some more stubs for the number formatter
[Yaml] fixed typo
[Yaml] fixed a test on PHP < 5.4
[DomCrawler]Crawler guess charset from html
fixed PHP 5.3 compatibility
[Yaml] reverted previous merge partially (refs #8897)
[Security] remove unused logger
[Security] fix typo
[Yaml] Fixed filename in the ParseException message
Conflicts:
src/Symfony/Component/Console/Input/InputDefinition.php
src/Symfony/Component/Locale/Stub/StubNumberFormatter.php
src/Symfony/Component/Locale/Tests/Stub/StubNumberFormatterTest.php
This PR was merged into the master branch.
Discussion
----------
New Component: Expression Language
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #8850, #7352
| License | MIT
| Doc PR | not yet
TODO:
- [ ] write documentation
- [x] add tests for the new component
- [x] implement expression support for access rules in the security component
- [x] find a better character/convention for expressions in the YAML format
- [x] check the performance of the evaluation mode
- [x] better error messages in the evaluation mode
- [x] add support in the Routing
- [x] add support in the Validator
The ExpressionLanguage component provides an engine that can compile and
evaluate expressions.
An expression is a one-liner that returns a value (mostly, but not limited to, Booleans).
It is a strip-down version of Twig (only the expression part of it is
implemented.) Like Twig, the expression is lexed, parsed, and
compiled/evaluated. So, it is immune to external injections by design.
If we compare it to Twig, here are the main big differences:
* only support for Twig expressions
* no ambiguity for calls (foo.bar is only valid for properties, foo['bar'] is only valid for array calls, and foo.bar() is required for method calls)
* no support for naming conventions in method calls (if the method is named getFoo(), you must use getFoo() and not foo())
* no notion of a line for errors, but a cursor (we are mostly talking about one-liners here)
* removed everything specific to the templating engine (like output escaping or filters)
* no support for named arguments in method calls
* only one extension point with functions (no possibility to define new operators, ...)
* and probably even more I don't remember right now
* there is no need for a runtime environment, the compiled PHP string is self-sufficient
An open question is whether we keep the difference betweens arrays and hashes.
The other big difference with Twig is that it can work in two modes (possible
because of the restrictions described above):
* compilation: the expression is compiled to PHP and is self-sufficient
* evaluation: the expression is evaluated without being compiled to PHP (the node tree produced by the parser can be serialized and evaluated afterwards -- so it can be saved on disk or in a database to speed up things when needed)
Let's see a simple example:
```php
$language = new ExpressionLanguage();
echo $language->evaluate('1 + 1');
// will echo 2
echo $language->compile('1 + 2');
// will echo "(1 + 2)"
```
The language supports:
* all basic math operators (with precedence rules):
* unary: not, !, -, +
* binary: or, ||, and, &&, b-or, b-xor, b-and, ==, ===, !=, !==, <, >, >=, <=, not in, in, .., +, -, ~, *, /, %, **
* all literals supported by Twig: strings, numbers, arrays (`[1, 2]`), hashes
(`{a: "b"}`), Booleans, and null.
* simple variables (`foo`), array accesses (`foo[1]`), property accesses
(`foo.bar`), and method calls (`foo.bar(1, 2)`).
* the ternary operator: `true ? true : false` (and all the shortcuts
implemented in Twig).
* function calls (`constant('FOO')` -- `constant` is the only built-in
functions).
* and of course, any combination of the above.
The compilation is better for performances as the end result is just a plain PHP string without any runtime. For the evaluation, we need to tokenize, parse, and evaluate the nodes on the fly. This can be optimized by using a `ParsedExpression` or a `SerializedParsedExpression` instead:
```php
$nodes = $language->parse($expr, $names);
$expression = new SerializedParsedExpression($expr, serialize($nodes));
// You can now store the expression in a DB for later reuse
// a SerializedParsedExpression can be evaluated like any other expressions,
// but under the hood, the lexer and the parser won't be used at all, so it''s much faster.
$language->evaluate($expression);
```
That's all folks!
I can see many use cases for this new component, and we have two use cases in
Symfony that we can implement right away.
## Using Expressions in the Service Container
The first one is expression support in the service container (it would replace
#8850) -- anywhere you can pass an argument in the service container, you can
use an expression:
```php
$c->register('foo', 'Foo')->addArgument(new Expression('bar.getvalue()'));
```
You have access to the service container via `this`:
container.get("bar").getvalue(container.getParameter("value"))
The implementation comes with two functions that simplifies expressions
(`service()` to get a service, and `parameter` to get a parameter value). The
previous example can be simplified to:
service("bar").getvalue(parameter("value"))
Here is how to use it in XML:
```xml
<parameters>
<parameter key="value">foobar</parameter>
</parameters>
<services>
<service id="foo" class="Foo">
<argument type="expression">service('bar').getvalue(parameter('value'))</argument>
</service>
<service id="bar" class="Bar" />
</services>
```
and in YAML (I chose the syntax randomly ;)):
```yaml
parameters:
value: foobar
services:
bar:
class: Bar
foo:
class: Foo
arguments: [@=service("bar").getvalue(parameter("value"))]
```
When using the container builder, Symfony uses the evaluator, but with the PHP
dumper, the compiler is used, and there is no overhead as the expression
engine is not needed at runtime. The expression above would be compiled to:
```php
$this->get("bar")->getvalue($this->getParameter("value"))
```
## Using Expression for Security Access Control Rules
The second use case in Symfony is for access rules.
As we all know, the way to configure the security access control rules is confusing, which might lead to insecure applications (see http://symfony.com/blog/security-access-control-documentation-issue for more information).
Here is how the new `allow_if` works:
```yaml
access_control:
- { path: ^/_internal/secure, allow_if: "'127.0.0.1' == request.getClientIp() or has_role('ROLE_ADMIN')" }
```
This one restricts the URLs starting with `/_internal/secure` to people browsing from the localhost. Here, `request` is the current Request instance. In the expression, there is access to the following variables:
* `request`
* `token`
* `user`
And to the following functions:
* `is_anonymous`
* `is_authenticated`
* `is_fully_authenticated`
* `is_rememberme`
* `has_role`
You can also use expressions in Twig, which works well with the `is_granted` function:
```jinja
{% if is_granted(expression('has_role("FOO")')) %}
...
{% endif %}
```
## Using Expressions in the Routing
Out of the box, Symfony can only match an incoming request based on some pre-determined variables (like the path info, the method, the scheme, ...). But some people want to be able to match on more complex logic, based on other information of the Request object. That's why we introduced `RequestMatcherInterface` recently (but we no default implementation in Symfony itself).
The first change I've made (not related to expression support) is implement this interface for the default `UrlMatcher`. It was simple enough.
Then, I've added a new `condition` configuration for Route objects, which allow you to add any valid expression. An expression has access to the `request` and to the routing `context`.
Here is how one would configure it in a YAML file:
```yaml
hello:
path: /hello/{name}
condition: "context.getMethod() in ['GET', 'HEAD'] and request.headers.get('User-Agent') =~ '/firefox/i'"
```
Why do I keep the context as all the data are also available in the request? Because you can also use the condition without using the RequestMatcherInterface, in which case, you don't have access to the request. So, the previous example is equivalent to:
```yaml
hello:
path: /hello/{name}
condition: "request.getMethod() in ['GET', 'HEAD'] and request.headers.get('User-Agent') =~ '/firefox/i'"
```
When using the PHP dumper, there is no overhead as the condition is compiled. Here is how it looks like:
```php
// hello
if (0 === strpos($pathinfo, '/hello') && preg_match('#^/hello/(?P<name>[^/]++)$#s', $pathinfo, $matches) && (in_array($context->getMethod(), array(0 => "GET", 1 => "HEAD")) && preg_match("/firefox/i", $request->headers->get("User-Agent")))) {
return $this->mergeDefaults(array_replace($matches, array('_route' => 'hello')), array ());
}
```
Be warned that conditions are not taken into account when generating a URL.
## Using Expressions in the Validator
There is a new Expression constraint that you can put on a class. The expression is then evaluated for validation:
```php
use Symfony\Component\Validator\Constraints as Assert;
/**
* @Assert\Condition(condition="this.getFoo() == 'fo'", message="Not good!")
*/
class Obj
{
public function getFoo()
{
return 'foo';
}
}
```
In the expression, you get access to the current object via the `this` variable.
## Dynamic annotations
The expression language component is also very useful in annotations. the SensoLabs FrameworkExtraBundle leverages this possibility to implement HTTP validation caching in the `@Cache` annotation and to add a new `@Security` annotation (see sensiolabs/SensioFrameworkExtraBundle#238.)
Commits
-------
d4ebbfd [Validator] Renamed Condition to Expression and added possibility to set it onto properties
a3b3a78 [Validator] added a constraint that runs an expression
1bcfb40 added optimized versions of expressions
984bd38 mades things more consistent for the end user
d477f15 [Routing] added support for expression conditions in routes
86ac8d7 [ExpressionLanguage] improved performance
e369d14 added a Twig extension to create Expression instances
38b7fde added support for expression in control access rules
2777ac7 [HttpFoundation] added ExpressionRequestMatcher
c25abd9 [DependencyInjection] added support for expressions in the service container
3a41781 [ExpressionLanguage] added support for regexes
9d98fa2 [ExpressionLanguage] added the component
* 2.3:
fixes RequestDataCollector bug, visible when used on Drupal8
[Console] fixed exception rendering when nested styles
[Console] added some more information about OutputFormatter::replaceStyle()
[Console] fixed the formatter for single-char tags
[Console] Escape exception message during the rendering of an exception
[DomCrawler] fixed HTML5 form attribute handling
Making tests pass on mac os x without this change tests would fail under mac os x at least in 10.8.2
[BrowserKit] Fixed the handling of parameters when redirecting
[Process] Properly close pipes after a Process::stop call
fixed bytes conversion when used on 32-bits systems
Typo fix
HttpFoundation RequestTest - Fixed indentation and removed comments
HttpFoundation Request test for #8619
LICENSE files moved to meta folders
added missing method in the UPGRADE file for 2.2 (closes#8941)
[Form] Fixed: "required" attribute is not added to <select> tag if no empty value
[Translation] Removed an unneeded return annotation.
[DomCrawler] Added missing docblocks and removed unneeded return annotation.
Conflicts:
src/Symfony/Component/Process/Tests/AbstractProcessTest.php
* 2.2:
fixes RequestDataCollector bug, visible when used on Drupal8
[Console] fixed exception rendering when nested styles
[Console] added some more information about OutputFormatter::replaceStyle()
[Console] fixed the formatter for single-char tags
[Console] Escape exception message during the rendering of an exception
[BrowserKit] Fixed the handling of parameters when redirecting
Typo fix
HttpFoundation RequestTest - Fixed indentation and removed comments
HttpFoundation Request test for #8619
LICENSE files moved to meta folders
added missing method in the UPGRADE file for 2.2 (closes#8941)
[Translation] Removed an unneeded return annotation.
[DomCrawler] Added missing docblocks and removed unneeded return annotation.
Conflicts:
src/Symfony/Component/BrowserKit/Client.php
src/Symfony/Component/DomCrawler/Crawler.php
* 2.3:
Clear lazy loading initializer after the service is successfully initialized
[FrameworkBundle] added support for double-quoted strings in the extractor (closes#8797)
[SecurityBundle] Move format-dependent tests from SecurityExtensionTest
bumped Symfony version to 2.3.5-DEV
updated VERSION for 2.3.4
updated CHANGELOG for 2.3.4
bumped Symfony version to 2.2.7
updated VERSION for 2.2.6
update CONTRIBUTORS for 2.2.6
updated CHANGELOG for 2.2.6
clearToken exception is thrown at wrong place.
fix typo in test skipped message
[Form] Fixed Form::all() signature for PHP 5.3.3
[Form] Fixed Form::all() signature for PHP 5.3.3
[Locale] Fixed: Locale::setDefault() throws no exception when "en" is passed
[Locale] Fixed: StubLocale::setDefault() throws no exception when "en" is passed
[Translation] Grammar fix
[Yaml] fixed embedded folded string parsing
[Validator] fixed Boolean handling in XML constraint mappings (closes#5603)
[Translation] Fixed regression: When only one rule is passed to transChoice(), this rule should be used
Conflicts:
src/Symfony/Component/HttpKernel/Kernel.php
* 2.2:
[FrameworkBundle] added support for double-quoted strings in the extractor (closes#8797)
[SecurityBundle] Move format-dependent tests from SecurityExtensionTest
Conflicts:
src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/SecurityExtensionTest.php
This PR was merged into the master branch.
Discussion
----------
removed deps checks in unit tests
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
As Composer is now widely used in the PHP world, having to run composer install before running the test suite is expected. This also has the nice benefit of removing a bunch of code, making things easier to maintain (there is only one place to declare a dev dependency), and probably more.
see fabpot/Silex#626 where we did the same a while ago for Silex.
Commits
-------
de50621 removed deps checks in unit tests
* 2.3:
[Locale] fixed build-data exit code in case of an error
fixed request format of sub-requests when explicitely set by the developer (closes#8787)
Sets _format attribute only if it wasn't set previously by the user.
Exclude little words of 'ee' to 'oo' plural transformation
fixed the format of the request used to render an exception
Fix typo in the check_path validator
added a missing use statement (closes#8808)
fix for Process:isSuccessful()
Include untrusted host in the exception message
Conflicts:
src/Symfony/Component/HttpKernel/EventListener/ExceptionListener.php
src/Symfony/Component/HttpKernel/Fragment/InlineFragmentRenderer.php
* 2.2:
[Locale] fixed build-data exit code in case of an error
fixed request format of sub-requests when explicitely set by the developer (closes#8787)
Sets _format attribute only if it wasn't set previously by the user.
Exclude little words of 'ee' to 'oo' plural transformation
fixed the format of the request used to render an exception
Fix typo in the check_path validator
added a missing use statement (closes#8808)
fix for Process:isSuccessful()
Conflicts:
UPGRADE-3.0.md
src/Symfony/Component/Locale/Resources/data/build-data.php
As Composer is now widely used in the PHP world, having to run composer
install before running the test suite is expected. This also has the
nice benefit of removing a bunch of code, making things easier to
maintain (there is only one place to declare a dev dependency), and
probably more.
* 2.3:
added missing support for the new output API in PHP 5.4+
Fixed bug introduced in #8675
made the filesystem loader compatible with Twig 2.0
bumped Symfony version to 2.3.4-DEV
updated VERSION for 2.3.3
updated CHANGELOG for 2.3.3
bumped Symfony version to 2.2.6
updated VERSION for 2.2.5
update CONTRIBUTORS for 2.2.5
updated CHANGELOG for 2.2.5
[Intl] Updated stubs to reflect ICU 51.2
replaced deprecated Twig features
Conflicts:
src/Symfony/Component/HttpKernel/Kernel.php
* 2.2:
added missing support for the new output API in PHP 5.4+
Fixed bug introduced in #8675
made the filesystem loader compatible with Twig 2.0
bumped Symfony version to 2.2.6
updated VERSION for 2.2.5
update CONTRIBUTORS for 2.2.5
updated CHANGELOG for 2.2.5
replaced deprecated Twig features
Conflicts:
src/Symfony/Bridge/Twig/Extension/FormExtension.php
src/Symfony/Bridge/Twig/Extension/RoutingExtension.php
src/Symfony/Component/HttpKernel/Kernel.php
This PR was merged into the master branch.
Discussion
----------
Adapt security collector template name to webprofiler conventions
| Q | A
| ------------- | ---
| Bug fix? | no, but syntax consistency & future compatibility(?)
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | fabpot/Twig#1156 which was reverted but will be merged in the future
| License | MIT
Use Twig namespace syntax instead of bundle syntax for security webprofiler template to be consistent with @WebProfiler template names.
Commits
-------
66c792b Adapt security collector template name to webprofiler conventions
* 2.3:
moved some fixed dep versions from 2.2.* to ~2.2 (refs #8613)
[HttpKernel] added a missing dep for dev
[Form] fixed wrong call to setTimeZone() (closes#8644)
Fix issue with \DateTimeZone::UTC / 'UTC' for PHP 5.4
[Form] Fixed patched forms to be valid even if children are not submitted
Revert "[Form] Fix of "PATCH'ed forms are never valid""
[Form] Fixed: If a form is not present in a request, it is not automatically submitted
Fixes link indices
[Form] Removed the "disabled" attribute from the placeholder option in select fields due to problems with the BlackBerry 10 browser
Revert "[Form] Remove "value" attribute on empty_value option"
[routing] added ability for apache matcher to handle array values
removed dead code and fixed CS
[Validator] fixed StaticMethodLoader trying to invoke methods of abstract classes (closes#8589)
* 2.2:
[HttpKernel] added a missing dep for dev
[Form] fixed wrong call to setTimeZone() (closes#8644)
Fix issue with \DateTimeZone::UTC / 'UTC' for PHP 5.4
[Form] Removed the "disabled" attribute from the placeholder option in select fields due to problems with the BlackBerry 10 browser
[routing] added ability for apache matcher to handle array values
removed dead code and fixed CS
[Validator] fixed StaticMethodLoader trying to invoke methods of abstract classes (closes#8589)
Conflicts:
src/Symfony/Bundle/TwigBundle/TokenParser/RenderTokenParser.php
src/Symfony/Component/Form/FormConfigBuilder.php
src/Symfony/Component/HttpKernel/composer.json
src/Symfony/Component/Validator/Tests/GraphWalkerTest.php
