Adds filtering convenience using PHP's filter_var() e.g.
`$request->get->filter($key, '', false, FITLER_SANITIZE_STRING);`
See http://php.net/manual/en/filter.filters.php for capabilities.
* 2.0:
bumped Symfony version to 2.0.3-DEV
updated VERSION for 2.0.2
update CONTRIBUTORS for 2.0.2
updated CHANGELOG for 2.0.2
updated vendors for 2.0.2
merged branch helmer/target_path (PR #2228)
Commits
-------
022a9a7 [Security] Make saving target_path extendible
Discussion
----------
[Security] Make saving target_path extendible
The problem lies in how Security component handles ``target_path`` - the latest request URI is always stored. This can lead to problems in following scenarios:
a) The response type of the request is not HTML (think JSON, XML ..)
b) The URI matches a route that does not listen to HTTP GET
I opened a [PR](https://github.com/symfony/symfony/pull/604) months ago, to partly solve scenario A, which did not make it. Now I am proposing a different solution - user can extend ``ExceptionListener`` and override the logic behind setting the ``target_path`` to match his precise needs.
In my simplified scenario, I would be using:
```
protected function setTargetPath(Request $request)
{
if ($request->isXmlHttpRequest() || 'GET' !== $request->getMethod()) {
return;
}
$request->getSession()->set('_security.target_path', $request->getUri());
}
```
@Seldaek, @schmittjoh, @lsmith77, thoughts?
---------------------------------------------------------------------------
by Seldaek at 2011/09/21 02:37:02 -0700
Seems like a better solution for flexibility's sake. Would be quite awesome if you could add a cookbook entry to symfony/symfony-docs about this, otherwise I'm afraid we'll have to explain it over and over again :)
---------------------------------------------------------------------------
by helmer at 2011/09/21 03:38:57 -0700
[Cookbook](b22c5e666e) entry done. Perhaps though I rushed ahead ..
---------------------------------------------------------------------------
by Seldaek at 2011/09/21 03:52:01 -0700
Thanks. You can already do a pull request against symfony-docs, just reference this pull request in it so it's not merged before this is merged.
Commits
-------
67c33a8 Rebased with master, and fixed wrong behavior with proper tests coverage
f8a6a4b Be sure that both fields have same value for required option in RepeatedType
0679220 Additional test coverage for changes in RepeatedType
b23d47d moved options test form from class->method scope
5fe5556 fixed accidental permission change
a969434 [Form] fixed CS, merged options, added tests
8819db3 [Form] Allow setting different options to repeating fields
Discussion
----------
[2.1] [Form] Allow setting different options at RepeatedType fields
This an test covered version of #1348 (rebased with master).
---------------------------------------------------------------------------
by stloyd at 2011/06/27 04:18:19 -0700
@fabpot What do you think about this ? I'm just not sure that we should allow setting `required` per field, IMO better would be forcing this option from default `$options['options']` and ignore that field in `$options['first_options']` and/or `$options['second_options']`.
---------------------------------------------------------------------------
by stloyd at 2011/07/02 00:00:04 -0700
@fabpot ping.
---------------------------------------------------------------------------
by fabpot at 2011/07/06 05:45:56 -0700
Let's discuss this new feature for 2.1.
---------------------------------------------------------------------------
by stloyd at 2011/08/24 01:12:59 -0700
Rebased with master.
---------------------------------------------------------------------------
by stof at 2011/09/04 05:02:42 -0700
@fabpot What do you think about this feature ? It is now time to discuss it :)
---------------------------------------------------------------------------
by fabpot at 2011/09/22 00:18:29 -0700
Tests do not pass.
---------------------------------------------------------------------------
by stloyd at 2011/09/24 01:54:42 -0700
@fabpot Should be ok now.
Commits
-------
afc0971 make it easier to customize the cache lookup in the TemplateLocator
Discussion
----------
make it easier to customize the cache lookup in the TemplateLocator
---------------------------------------------------------------------------
by fabpot at 2011/09/22 01:21:56 -0700
Do you any use case for that?
---------------------------------------------------------------------------
by lsmith77 at 2011/09/22 01:27:06 -0700
Yes in the ThemeBundle we override the default cache to include the key + theme:
https://github.com/liip/liipthemebundle/pull/9/files#L7R53
---------------------------------------------------------------------------
by lsmith77 at 2011/09/22 01:29:18 -0700
though i just thought about it .. if we do not put this into 2.0, it might not be worth the trouble.
---------------------------------------------------------------------------
by pjedrzejewski at 2011/09/22 02:19:42 -0700
+1 for this.
Commits
-------
f4784f7 [DomCrawler] Submit on a <form> node
Discussion
----------
DomCrawler - ability to submit a form that doesn't have any buttons
The proposed modification allows to submit above a <form> tag.
Using the DomCrawler component (among others), I have to interact with a remote site that has a form without a submit button (submitted automatically by javascript). This prompted the quick fix I'm sending. Please tell me if there is anything I should do differently and I'll modify it.
Thanks :)
---------------------------------------------------------------------------
by fabpot at 2011/09/12 00:46:07 -0700
Looks good to me. Can you add some unit tests for this new behavior? Thanks.
---------------------------------------------------------------------------
by jc- at 2011/09/12 02:27:25 -0700
Honored to meet you. I'm trying to run the test suite but 24 tests fail even without my commit. I'll try to get it sorted out and submit tests for this ASAP.
Commits
-------
6d8c4a8 change nested collection indentation from 2 to 4
Discussion
----------
Changed Yaml Dumper nested collection indentation
This PR changes the dumpers nested collection indentation from 2 to 4 which seems to be the standard.
Commits
-------
022a9a7 [Security] Make saving target_path extendible
Discussion
----------
[Security] Make saving target_path extendible
The problem lies in how Security component handles ``target_path`` - the latest request URI is always stored. This can lead to problems in following scenarios:
a) The response type of the request is not HTML (think JSON, XML ..)
b) The URI matches a route that does not listen to HTTP GET
I opened a [PR](https://github.com/symfony/symfony/pull/604) months ago, to partly solve scenario A, which did not make it. Now I am proposing a different solution - user can extend ``ExceptionListener`` and override the logic behind setting the ``target_path`` to match his precise needs.
In my simplified scenario, I would be using:
```
protected function setTargetPath(Request $request)
{
if ($request->isXmlHttpRequest() || 'GET' !== $request->getMethod()) {
return;
}
$request->getSession()->set('_security.target_path', $request->getUri());
}
```
@Seldaek, @schmittjoh, @lsmith77, thoughts?
---------------------------------------------------------------------------
by Seldaek at 2011/09/21 02:37:02 -0700
Seems like a better solution for flexibility's sake. Would be quite awesome if you could add a cookbook entry to symfony/symfony-docs about this, otherwise I'm afraid we'll have to explain it over and over again :)
---------------------------------------------------------------------------
by helmer at 2011/09/21 03:38:57 -0700
[Cookbook](b22c5e666e) entry done. Perhaps though I rushed ahead ..
---------------------------------------------------------------------------
by Seldaek at 2011/09/21 03:52:01 -0700
Thanks. You can already do a pull request against symfony-docs, just reference this pull request in it so it's not merged before this is merged.
Commits
-------
e1aabd2 [FrameworkBundle] Updated the Russian translations.
Discussion
----------
[FrameworkBundle] Updated the Russian translations.
Added translations for a new error messages of image validator.
Added translations for the user password validator.
Commits
-------
fea74db Added information page with better messages for Profiler
Discussion
----------
[WebProfiler] Added information page with better messages
---------------------------------------------------------------------------
by stloyd at 2011/08/30 23:29:27 -0700
@fabpot Any decision about this ?
Commits
-------
132fbe3 [WebProfilerBundle] Merge position and css_position
defdb82 [WebProfilerBundle] Remove unused line
69a50ab [WebProfilerBundle] Add the posibility to specify position of toolbar
Discussion
----------
[WebProfilerBundle] Add the posibility to specify position of toolbar
I'm facing a project where everything is at the bottom of the page, positioned with CSS.
This PR adds the possibility to specify the position of the toolbar, with configuration :
web_profiler:
toolbar: true
intercept_redirects: false
css_position: top
---------------------------------------------------------------------------
by stof at 2011/09/06 12:11:27 -0700
Looking at the code rendering the toolbar, there is already a ``position`` parameter used to display the toolbar on top in the profiler. Maybe we could look into reusing it instead of having a second one named ``css_position``.
But the phpdoc says ``bottom, normal, or null -- automatically guessed``. Using ``bottom`` will result in ``position: bottom`` in the CSS, which is broken. @fabpot is it simply a left-over of a previous version ?
---------------------------------------------------------------------------
by alexandresalome at 2011/09/16 00:56:11 -0700
I merged parameters and changed the documentation for 3 values : ```bottom, top or normal```.
Commits
-------
4ca09a9 [Validator] Validate object with it's own entity manager by default
Discussion
----------
[Validator] Validate object with it's own entity manager by default
While working with multiple object managers the default validation uses default entity manager, requiring the dev to create own validation services for each entity using other entity managers. This commit causes entity to be validated (by default) by it's own entity manager, while still preserving a possiblity to specifiy $constraint->em.
This is was a pull request to 2.0, changed to master according to stof's suggestion.
Commits
-------
7d3c2df [SecurityBundle] added a validator for the user password
Discussion
----------
[SecurityBundle] added a validator for the user password
This validator is useful when you want to validate that an input value
is equal to the user current password (in a form where the user can change
his password for instance).
Note that this should not be used to validate a login form as this is
done automatically by the built-in security mechanism.
---------------------------------------------------------------------------
by Palleas at 2011/09/21 08:36:14 -0700
This is kinda what I wrote for my project 2 days ago, I'm definitely +1 on this ;-)
---------------------------------------------------------------------------
by stealth35 at 2011/09/21 08:45:55 -0700
👍
Commits
-------
e13998d updated indonesian translation for image validator
Discussion
----------
Updated indonesian translation for image validator
---------------------------------------------------------------------------
by stof at 2011/09/21 10:49:48 -0700
Can you send a PR to the 2.0 branch for the trans-unit 41 ?
---------------------------------------------------------------------------
by alifity at 2011/09/21 11:05:48 -0700
Hi @stof, I've sent another PR for trans-unit-41 :)
This validator is useful when you want to validate that an input value
is equal to the user current password (in a form where the user can change
his password for instance).
Note that this should not be used to validate a login form as this is
done automatically by the built-in security mechanism.
Commits
-------
a0329c3 Added lifetime/cleanup support.
365e73a Fixed the find() method and changed the way the profile data is stored.
beeec5e Allow socket dsn (for example mongodb:///tmp/mongodb-27017.sock).
218eaba Fixed storage of time value.
85c3806 Added support for sorting by time like other profiler storage implementations.
73692c6 Fixed MongoDbProfilerStorage::find() when passing empty parameters.
4cd2dec Use token as identifier to make usage of the automatically created index.
Discussion
----------
[2.1] [HttpKernel] MongoDB profiler updates
I fixed one issue within the MongoDbProfilerStorage::find() function and made some more changes.
---------------------------------------------------------------------------
by snc at 2011/09/11 02:28:35 -0700
Please don't merge this in yet. There are some more commits pending...
---------------------------------------------------------------------------
by fabpot at 2011/09/14 01:07:39 -0700
@snc: is it ready for a merge?
---------------------------------------------------------------------------
by snc at 2011/09/14 01:20:32 -0700
Unfortunately not... while testing I found out that the currently merged in implementation does not work completely. The web profiler search function errors because the find function returns the wrong data. I fixed this already but now I have some strange "maximum function nesting level reached" errors when viewing profiles with children. I will work on it later today.
---------------------------------------------------------------------------
by snc at 2011/09/14 13:27:50 -0700
Now only one thing is missing... the generated container code looks like this:
`$this->services['profiler'] = $instance = new \Symfony\Component\HttpKernel\Profiler\Profiler(new \Symfony\Component\HttpKernel\Profiler\MongoDbProfilerStorage('mongodb://localhost/sf2-mongo-profiler/profiler', '', '', 86400), $a);`
The current constructor only uses the first parameter (dsn). What about the username, password and lifetime? Username and passwort can already be passed via the dsn... but the lifetime feature is not part of the interface... should I implement it?
---------------------------------------------------------------------------
by fabpot at 2011/09/15 11:03:02 -0700
The `lifetime` is used to cleanup the database (see https://github.com/symfony/symfony/blob/master/src/Symfony/Component/HttpKernel/Profiler/PdoProfilerStorage.php#L136). So, it should probably be implemented for MongoDB as well (but it can probably be done in another PR).
---------------------------------------------------------------------------
by snc at 2011/09/19 13:42:52 -0700
Sorry for the delay, lifetime support is now implemented. What do you think about an AbstractProfilerStorageTest class to share some testing code between the different implementations (of cause in a separate PR)?
Commits
-------
83199ae [FrameworkBundle] Fix unintuitive merging behavior for assets_base_urls
4061114 [FrameworkBundle] fixes unintuitive merging behavior
Discussion
----------
[FrameworkBundle] fixes unintuitive merging behavior
---------------------------------------------------------------------------
by fabpot at 2011/09/16 10:04:53 -0700
I think this is a "bug", no? If this is the case, then we need to fix the 2.0 branch.
---------------------------------------------------------------------------
by schmittjoh at 2011/09/17 00:34:14 -0700
It is a change in behavior, but whether or how you want to merge this is really up to you.
---------------------------------------------------------------------------
by jmikola at 2011/09/19 08:09:26 -0700
I was about to create a PR for this very same quirk, as this was causing my CDN's for various environments to all get merged together. I think we can get away with merging it directly to 2.0 since `assets_base_urls` are hardly covered in the documentation at all.
Once this gets merged, I wouldn't mind writing up a blurb on them to explain how the shorthand syntax works and this merging strategy.
---------------------------------------------------------------------------
by jmikola at 2011/09/19 08:28:21 -0700
I just noticed this PR only fixes the `base_urls` config option under `packages`. We should also correct this behavior for `assets_base_urls`, which appears further up in FrameworkBundle's Configuration.php file.
---------------------------------------------------------------------------
by jmikola at 2011/09/19 08:44:57 -0700
@schmittjoh: I have the second commit for this sitting in https://github.com/jmikola/symfony/tree/configFix (rebased on your branch) if you'd prefer to merge that into your branch to update this PR.
---------------------------------------------------------------------------
by schmittjoh at 2011/09/19 08:55:42 -0700
Merged it in. Thanks.
---------------------------------------------------------------------------
by fabpot at 2011/09/19 09:01:27 -0700
ok, I'm going to merge this into master.
@jmikola: Can you submit documentation for the new way?
Commits
-------
b9b6084 [FrameworkBundle] Updated Czech translations for image validator
Discussion
----------
[FrameworkBundle] Updated Czech translations for image validator
---------------------------------------------------------------------------
by stof at 2011/09/10 12:10:08 -0700
Could you send a PR against the 2.0 branch for the trans-unit up to 41 which are already part of 2.0 ? Adding 42 to 46 should then still be done in master as they are new for 2.1
Commits
-------
c6b15b3 [WebProfilerBundle] Variables only used once
847c665 [WebProfilerBundle] Use panel URL for debugging toolbar
fe13a6c [WebProfilerBundle] Fix CS
fe76d74 [WebProfilerBundle] Propose to open debug toolbar request in an error occured.
Discussion
----------
[WebProfilerBundle] Propose to open debug toolbar request in an error occ
[WebProfilerBundle] Propose to open debug toolbar request in an error occured.
This is very useful when creating data collectors and an error occurs
when redering the toolbar via XHR.
The only problem is that the exception page renders the toolbar via JS, too.
---------------------------------------------------------------------------
by stof at 2011/09/17 05:26:10 -0700
IMO, you should propose to open the link to the profiler (if the profiler is enabled) instead of opening the toolbar alone
---------------------------------------------------------------------------
by alexandresalome at 2011/09/17 05:34:50 -0700
Thanks @stof
---------------------------------------------------------------------------
by alexandresalome at 2011/09/17 05:50:11 -0700
4 commits for 2 lines... I should change my job. Thanks @stof, again
Commits
-------
9fe87be More explicit default value for assets_version_format
Discussion
----------
Fixed default asset version format
This is not needed as it is already the value that is set when null in ``Symfony\Component\Templating\Asset\Package`` but that would make it clearer for people who just read the configuration.
Commits
-------
78c630c Added access to Doctrine's ValidateSchema command from the console. See ticket 2200.
Discussion
----------
Added access to Doctrine's ValidateSchema command from the console.
See ticket 2200.
Add a trivial Proxy wrapper class to access Doctrine's ValidateSchema() command from app/console
* 2.0:
[HttpKernel] fixed typo
fixed previous merge, done the same change to other occurences
fixes usage of mb_*
Profiler session import fixed.
[Process] workaround a faulty implementation of is_executable on Windows
Swedish translation fix.
[Locale] Fix#2179 StubIntlDateFormatter support yy format
Fixed fourth argument of Filesystem->mirror()
Commits
-------
046a125 [FrameworkBundle] Set the file storage as default storage for Symfony2
Discussion
----------
[FrameworkBundle] Set the file storage as default storage for Symfony2
---------------------------------------------------------------------------
by Seldaek at 2011/09/16 07:41:48 -0700
What's the reasoning behind this? Is SQLite causing issues? Isn't it faster than file storage?
---------------------------------------------------------------------------
by alexandresalome at 2011/09/16 07:50:50 -0700
3 reasons :
* The file storage is faster than the SQLite storage (see https://github.com/symfony/symfony/pull/1772)
* It's the only reason why Symfony2 is dependent of SQLite
* SQLite profiler has problems with concurrency (especially when concurrent access occurs).
---------------------------------------------------------------------------
by Seldaek at 2011/09/16 07:51:50 -0700
Ok sorry I missed the other PR. Sounds great :)
Commits
-------
95dc7e1 Fixed fourth argument of Filesystem->mirror()
Discussion
----------
Fixed fourth argument of Filesystem->mirror()
See #2027 and #2033 for discussion.
@fabpot said that we don't want to use symlink at all on Windows so if this is confirmed, we should also change ``Filesystem->symlink()`` implementation.
---------------------------------------------------------------------------
by alexandresalome at 2011/09/16 08:29:40 -0700
Tested on Windows, OK for me
Commits
-------
8e2cbe6 fixes usage of mb_*
Discussion
----------
Fixes usage of mb_strlen
---------------------------------------------------------------------------
by Seldaek at 2011/09/16 05:33:45 -0700
This will fail if the mbstring ext isn't enabled, you should still test for the mb_ function first.
Commits
-------
13b77bf Treat defaults enclosed between % as parameters from dic This allows as to define default like this
Discussion
----------
[Route] Treat defaults enclosed between % as parameters from dic
This allows as to define default like this
foo:
pattern: /{_locale}/login
defaults:
_controller: my_login_controller:loginAction
_locale: %session.default_locale%
---------------------------------------------------------------------------
by lsmith77 at 2011/08/10 07:00:14 -0700
this is a bit of a BC break .. but in general it does address a huge need for being able to make routes more easily configurable.
also didnt check this, but we should make sure that this doesnt open any security issues.
---------------------------------------------------------------------------
by maoueh at 2011/08/10 08:31:18 -0700
Hi,
There is an issue pending for the same feature here #1718. Maybe this one could be linked to #1718 somehow.
Regards,
Matt
---------------------------------------------------------------------------
by fabpot at 2011/09/12 23:51:53 -0700
@lsmith77: Why is it a BC break?
---------------------------------------------------------------------------
by lsmith77 at 2011/09/13 00:04:46 -0700
well its only a BC break on the off chance that someone puts stuff enclosed in % in the defaults atm and does not expect them to be interpreted as parameters. not very likely. but at the least we might want to first check if the parameter exists before replacing it.
---------------------------------------------------------------------------
by mvrhov at 2011/09/13 23:28:48 -0700
So, do I check if parameter exists inside dic and throw a notice if not, or do I just fix the comment?
Commits
-------
e6e5146 [Translation] now support ResourceBundle
Discussion
----------
[2.1][Translation] now support ResourceBundle
support `.res` and `.dat` bundles
---------------------------------------------------------------------------
by marijn at 2011/09/08 08:59:39 -0700
There are a few references to `ressource`, I guess that is a typo...
---------------------------------------------------------------------------
by stealth35 at 2011/09/08 09:13:32 -0700
@marijn thank, done
---------------------------------------------------------------------------
by fabpot at 2011/09/11 00:42:37 -0700
Is it possible to add a dumper like we have for all other loaders?
---------------------------------------------------------------------------
by stof at 2011/09/11 03:46:39 -0700
Btw, you need to rebase your branch as it conflicts with master
---------------------------------------------------------------------------
by stealth35 at 2011/09/11 04:04:23 -0700
@fabpot it's more difficult (or the easy way it's to use `exec` with `derb`), I can create the text resources
@stof oki
---------------------------------------------------------------------------
by fabpot at 2011/09/11 23:52:19 -0700
@stealth35: Can you remove the `@api` tags? We will review what is included into the public API later on. thanks.
---------------------------------------------------------------------------
by stealth35 at 2011/09/12 04:18:07 -0700
@fabpot done
Commits
-------
aecfd0a [HttpFoundation] Support user and password in url
Discussion
----------
[HttpFoundation] Support user and password in url
Allow `http://user:password@test.com` for url request and `basic auth`
Added Methods for `Request`
- `getUser`
- `getPassword `
---------------------------------------------------------------------------
by stealth35 at 2011/08/26 07:52:57 -0700
@seldaek @stof thanks guys it's done
---------------------------------------------------------------------------
by stof at 2011/08/28 11:52:11 -0700
btw, you should rebase your branch on top of the upstream master branch as it conflicts
---------------------------------------------------------------------------
by stealth35 at 2011/08/28 13:15:55 -0700
@stof done
---------------------------------------------------------------------------
by stof at 2011/09/04 02:09:11 -0700
@stealth35 you made an error when rebasing: you merged the previous version of the branch instead of forcing the push, thus duplicating all commits in the PR (rebasing rewrites the history so it creates new commits). Could you clean your branch ?
---------------------------------------------------------------------------
by stealth35 at 2011/09/05 02:00:17 -0700
@stof 👍
---------------------------------------------------------------------------
by stealth35 at 2011/09/06 08:21:00 -0700
should be 2.0 ?
---------------------------------------------------------------------------
by fabpot at 2011/09/11 23:52:30 -0700
@stealth35: Can you remove the `@api` tags? We will review what is included into the public API later on. thanks.
---------------------------------------------------------------------------
by stealth35 at 2011/09/12 04:02:01 -0700
@fabpot done