* 2.3:
Fix: duplicate usage of Symfony\Component\HttpFoundation\Response
[Form] add support for Length and Range constraint in order to replace MaxLength, MinLength, Max and Min constraints in next release (2.3)
Revert "merged branch Tobion/flattenexception (PR #9111)"
[Form] check the required output timezone against the actual timezone of the input datetime object, rather than the expected timezone supplied
Conflicts:
src/Symfony/Component/HttpKernel/EventListener/ExceptionListener.php
* 2.2:
[Form] add support for Length and Range constraint in order to replace MaxLength, MinLength, Max and Min constraints in next release (2.3)
[Form] check the required output timezone against the actual timezone of the input datetime object, rather than the expected timezone supplied
This PR was merged into the master branch.
Discussion
----------
[Security] Added Security\Csrf sub-component with better token generation
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | TODO
**Update September 27, 2013**
This PR simplifies the CSRF mechanism to generate completely random tokens. A random token is generated once per ~~intention~~ token ID and then stored in the session. Tokens are valid until the session expires.
Since the CSRF token generator depends on `StringUtils` and `SecureRandom` from Security\Core, and since Security\Http currently depends on the Form component for token generation, I decided to add a new Security\Csrf sub-component that contains the improved CSRF token generator. Consequences:
* Security\Http now depends on Security\Csrf instead of Form
* Form now optionally depends on Security\Csrf
* The configuration for the "security.secure_random" service and the "security.csrf.*" services was moved to FrameworkBundle to guarantee BC
In the new Security\Csrf sub-component, I tried to improve the naming where I could do so without breaking BC:
* CSRF "providers" are now called "token generators"
* CSRF "intentions" are now called "token IDs", because that's really what they are
##### TODO
- [ ] The documentation needs to be checked for references to the configuration of the application secret. Remarks that the secret is used for CSRF protection need to be removed.
- [ ] Add aliases "csrf_token_generator" and "csrf_token_id" for "csrf_provider" and "intention" in the SecurityBundle configuration
- [x] Make sure `SecureRandom` never blocks for `CsrfTokenGenerator`
Commits
-------
7f02304 [Security] Added missing PHPDoc tag
2e04e32 Updated Composer dependencies to require the Security\Csrf component where necessary
bf85e83 [FrameworkBundle][SecurityBundle] Added service configuration for the new Security CSRF sub-component
2048cf6 [Form] Deprecated the CSRF implementation and added an optional dependency to the Security CSRF sub-component instead
85d4959 [Security] Changed Security HTTP sub-component to depend on CSRF sub-component instead of Form
1bf1640 [Security] Added CSRF sub-component
This PR was merged into the 2.2 branch.
Discussion
----------
[Form] enforce correct timezone
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | not sure if this is a BC break...
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
I'm using the Form component to handle JSON requests which come from AJAX requests. The JSON is formed by the Angular toJson method
A typical request would be:
```
{
name: "Some name"
start: "2013-08-21T05:00:00.000Z"
end: "2013-08-21T15:00:00.000Z"
}
```
Note that in this case, what I entered in my input boxes are 7:00 for start and 17:00 for end times. As you can see, Angular (or Chrome, I'm not sure), converts this to the "Z" timezone. Since I cannot enforce the correct timezone client side, the timezone will differ from the one configured in the DateTimeType, however, instead of resulting in either an error or a conversion to the correct timezone, I get a datetime object in the wrong timezone, eventually resulting in wrong values in the database.
By checking the required output timezone against the actual timezone of the input datetime object, rather than the expected timezone supplied, this problem is solved.
Commits
-------
b0349a1 [Form] check the required output timezone against the actual timezone of the input datetime object, rather than the expected timezone supplied
This PR was merged into the master branch.
Discussion
----------
Update FormTypeCsrfExtension.php
There is no need to store the FormFactory in an Attribute.
The FormFactory can be retrieved directly.
Commits
-------
90d59ea Update FormTypeCsrfExtension.php
* 2.3:
fixed phpdoc
Fix some annotates
[FrameworkBundle] made sure that the debug event dispatcher is used everywhere
[HttpKernel] remove unneeded strtoupper
updated the composer install command to reflect changes in Composer
Conflicts:
src/Symfony/Component/Serializer/Encoder/XmlEncoder.php
* 2.2:
Fix some annotates
[FrameworkBundle] made sure that the debug event dispatcher is used everywhere
[HttpKernel] remove unneeded strtoupper
updated the composer install command to reflect changes in Composer
Conflicts:
src/Symfony/Component/Console/Application.php
src/Symfony/Component/Console/Command/Command.php
src/Symfony/Component/Console/Input/InputDefinition.php
src/Symfony/Component/CssSelector/Node/CombinedSelectorNode.php
src/Symfony/Component/Form/Form.php
src/Symfony/Component/HttpKernel/Debug/ErrorHandler.php
src/Symfony/Component/HttpKernel/DependencyInjection/RegisterListenersPass.php
src/Symfony/Component/HttpKernel/Tests/DependencyInjection/RegisterListenersPassTest.php
src/Symfony/Component/Locale/Locale.php
src/Symfony/Component/Locale/README.md
src/Symfony/Component/Locale/Stub/DateFormat/FullTransformer.php
* 2.3:
fixes RequestDataCollector bug, visible when used on Drupal8
[Console] fixed exception rendering when nested styles
[Console] added some more information about OutputFormatter::replaceStyle()
[Console] fixed the formatter for single-char tags
[Console] Escape exception message during the rendering of an exception
[DomCrawler] fixed HTML5 form attribute handling
Making tests pass on mac os x without this change tests would fail under mac os x at least in 10.8.2
[BrowserKit] Fixed the handling of parameters when redirecting
[Process] Properly close pipes after a Process::stop call
fixed bytes conversion when used on 32-bits systems
Typo fix
HttpFoundation RequestTest - Fixed indentation and removed comments
HttpFoundation Request test for #8619
LICENSE files moved to meta folders
added missing method in the UPGRADE file for 2.2 (closes#8941)
[Form] Fixed: "required" attribute is not added to <select> tag if no empty value
[Translation] Removed an unneeded return annotation.
[DomCrawler] Added missing docblocks and removed unneeded return annotation.
Conflicts:
src/Symfony/Component/Process/Tests/AbstractProcessTest.php
This PR was merged into the 2.3 branch.
Discussion
----------
fixed bytes conversion when used on 32-bits systems
| Q | A
| ------------- | ---
| Bug fix? | yes (on 32-bits systems)
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #8977
| License | MIT
| Doc PR | n/a
This PR reverts #7413 and #742, which does not work well when a number is big (3Go for instance) and the machine is 32bits.
Commits
-------
b3ae29d fixed bytes conversion when used on 32-bits systems
* 2.3:
[FrameworkBundle][Security] Replaced void return type with null for consistency
fixed CS
NativeSessionStorage regenerate
removed unneeded comment
Use setTimeZone if this method exists.
Fix FileResource test
fixed wrong usage of unset()
[HttpFoundation] Fixed the way path to directory is trimmed.
[Console] Fixed argument parsing when a single dash is passed.
* 2.2:
[FrameworkBundle][Security] Replaced void return type with null for consistency
fixed CS
NativeSessionStorage regenerate
removed unneeded comment
Use setTimeZone if this method exists.
Fix FileResource test
fixed wrong usage of unset()
[HttpFoundation] Fixed the way path to directory is trimmed.
[Console] Fixed argument parsing when a single dash is passed.
Conflicts:
src/Symfony/Component/HttpKernel/Debug/ErrorHandler.php
* 2.3:
[HttpKernel] added a check for private event listeners/subscribers
[FrameworkBundle] fixed registration of the register listener pass
[Form] Fixed regression causing invalid "WHERE id IN ()" statements
[DependencyInjection] fixed a non-detected circular reference in PhpDumper (closes#8425)
[Form] Fixed regression in BooleanToStringTransformer from ed83752
[FrameworkBundle] removed obsolete code
[Process] Close unix pipes before calling `proc_close` to avoid a deadlock
[Process] Fix process merge in 2.3
[Intl] made RegionBundle and LanguageBundle merge fallback data when using a country-specific locale
* 2.2:
[HttpKernel] added a check for private event listeners/subscribers
[FrameworkBundle] fixed registration of the register listener pass
[Form] Fixed regression causing invalid "WHERE id IN ()" statements
[DependencyInjection] fixed a non-detected circular reference in PhpDumper (closes#8425)
[Form] Fixed regression in BooleanToStringTransformer from ed83752
[FrameworkBundle] removed obsolete code
[Process] Close unix pipes before calling `proc_close` to avoid a deadlock
Conflicts:
src/Symfony/Bundle/FrameworkBundle/FrameworkBundle.php
src/Symfony/Component/HttpKernel/DependencyInjection/RegisterListenersPass.php
src/Symfony/Component/Process/Process.php
This PR was merged into the 2.3 branch.
Discussion
----------
[Form] Fixed FormValidator::findClickedButton() not to be called exponentially
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #8317
| License | MIT
| Doc PR | -
Commits
-------
b65a515 [Form] Fixed FormValidator::findClickedButton() not to be called exponentially
* 2.3:
[HttpFoundation] removed extra parenthesis
[Process][2.2] Fix Process component on windows
[HttpFoundation] improve perf of previous merge (refs #8882)
Request->getPort() should prefer HTTP_HOST over SERVER_PORT
Fixing broken http auth digest in some circumstances (php-fpm + apache).
fixed typo
Conflicts:
src/Symfony/Component/Process/Process.php
* 2.2:
[HttpFoundation] removed extra parenthesis
[Process][2.2] Fix Process component on windows
[HttpFoundation] improve perf of previous merge (refs #8882)
Request->getPort() should prefer HTTP_HOST over SERVER_PORT
Fixing broken http auth digest in some circumstances (php-fpm + apache).
fixed typo
Conflicts:
src/Symfony/Component/Process/Process.php
* 2.3:
Fixing singular form for kisses, accesses and addresses.
fixed some circular references
[Security] fixed a leak in ExceptionListener
[Security] fixed a leak in the ContextListener
Ignore posix_istatty warnings
removed unused variable
[Form] fix iterator typehint
typos
Button missing getErrorsAsString() fixes#8084 Debug: Not calling undefined method anymore. If the form contained a submit button the call would fail and the debug of the form wasn't possible. Now it will work in all cases. This fixes#8084
Use isset() instead of array_key_exists() in DIC
Fixed annotation
[BrowserKit] fixed method/files/content when redirecting a request
[BrowserKit] removed some headers when redirecting a request
[BrowserKit] fixed headers when redirecting if history is set to false (refs #8697)
[HttpKernel] fixed route parameters storage in the Request data collector (closes#8867)
[BrowserKit] Pass headers when `followRedirect()` is called
Return BC compatibility for `@Route` parameters and default values
Conflicts:
src/Symfony/Component/Security/Http/Firewall/ContextListener.php