* 2.5:
added missing files
[TwigBundle] added a test
Indicate which file was being parsed if an exception is thrown while running translation:debug
[ClassLoader] Cast $useIncludePath property to boolean
[HttpFoundation] Minor spelling fix in PHPDocs
improve error message for multiple documents
Remove aligned '=>' and '='
[Session] remove invalid workaround in session regenerate
[Kernel] ensure session is saved before sending response
[Routing] serialize the compiled route to speed things up
[Form] Fixed usage of "name" variable in form_start block
[Validator] Fixed Regex::getHtmlPattern() to work with complex and negated patterns
[DependencyInjection] use inheritdoc for loaders
[Config] fix filelocator with empty name
[Form] fix form handling with unconventional request methods like OPTIONS
CSRF warning docs on Request::enableHttpMethodParameterOverride()
Conflicts:
src/Symfony/Component/Console/Helper/ProgressBar.php
* 2.5:
Remove aligned '=>' and '='
Break infinite loop while resolving aliases
[Security][listener] change priority of switchuser
Improved the phpdoc for security token classes
bumped Symfony version to 2.5.7
updated VERSION for 2.5.6
updated CHANGELOG for 2.5.6
bumped Symfony version to 2.3.22
updated VERSION for 2.3.21
update CONTRIBUTORS for 2.3.21
updated CHANGELOG for 2.3.21
Conflicts:
src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/ConfigurationTest.php
src/Symfony/Bundle/SecurityBundle/DependencyInjection/Security/Factory/AbstractFactory.php
src/Symfony/Bundle/TwigBundle/Controller/ExceptionController.php
src/Symfony/Component/Debug/ErrorHandler.php
src/Symfony/Component/Debug/ExceptionHandler.php
src/Symfony/Component/Form/Extension/Core/Type/BaseType.php
src/Symfony/Component/Form/Extension/Core/Type/ChoiceType.php
src/Symfony/Component/Form/Extension/Core/Type/DateTimeType.php
src/Symfony/Component/Form/Extension/Core/Type/DateType.php
src/Symfony/Component/Form/Extension/Core/Type/TimeType.php
src/Symfony/Component/Form/Extension/Validator/Type/FormTypeValidatorExtension.php
src/Symfony/Component/HttpFoundation/Request.php
src/Symfony/Component/HttpFoundation/Session/Storage/Handler/MongoDbSessionHandler.php
src/Symfony/Component/HttpFoundation/Session/Storage/Handler/PdoSessionHandler.php
src/Symfony/Component/HttpKernel/Kernel.php
src/Symfony/Component/Security/Core/SecurityContextInterface.php
src/Symfony/Component/Security/Http/Authentication/DefaultAuthenticationFailureHandler.php
src/Symfony/Component/Security/Http/Authentication/DefaultAuthenticationSuccessHandler.php
src/Symfony/Component/Security/Http/Firewall/AnonymousAuthenticationListener.php
src/Symfony/Component/Serializer/Serializer.php
src/Symfony/Component/Validator/Constraints/File.php
* 2.5:
[Doc] Use Markdown syntax highlighting
[Finder] tweaked docs
[Finder] Add info about possibilities offered by SplFileInfo
fixed CS
[Security][Http][Authentication] Make a test pass on HHVM
fix components tests
[Intl] FIxed failing test
[Intl] Generated the data for ICU version 54-rc
[EventDispatcher] fix doc bloc on EventDispatcherInterface
[Validator] Update validators.zh_CN.xlf, fix translation error
bumped Symfony version to 2.5.6
updated VERSION for 2.5.5
updated CHANGELOG for 2.5.5
bumped Symfony version to 2.3.21
updated VERSION for 2.3.20
update CONTRIBUTORS for 2.3.20
updated CHANGELOG for 2.3.20
[Intl] Integrated ICU data into Intl component
Conflicts:
src/Symfony/Component/Debug/README.md
src/Symfony/Component/DependencyInjection/README.md
src/Symfony/Component/HttpKernel/Kernel.php
src/Symfony/Component/OptionsResolver/README.md
This PR was merged into the 2.6-dev branch.
Discussion
----------
[Security] make it possible to override the default success/failure handler
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #5432, #9272, #10417, #11926
| License | MIT
| Doc PR | symfony/symfony-docs#4258
Overriding the default success/failure handler of the security firewalls is possible via the `success_handler` and `failure_handler` setting but this approach is not flexible as it does not allow you to get the options/provider key.
To sum up the problem:
* Overriding the default success/failure handler is possible via a service;
* When not overridden, the default success/failure handler gets options and the provider key;
* Those options and the provider key are injected by the factory as they are dynamic (they depend on the firewall and the provider key), so getting those options/provider key is not possible for a custom service that is only configured via the container configuration;
* Extending the default handler does not help as the injection mechanism is only triggered when no custom provider is set;
* Wrapping the default handler is not possible as the service id is dynamic.
... and of course we need to keep BC and make it work for people extending the default handler but also for people just using the interface.
Instead of the current PR, I propose this slightly different approach. It's not perfect, but given the above constraint, I think this is an acceptable trade-of.
So, several use cases:
* Using the default handler (no change);
* Using a custom handler that implements `AuthenticationSuccessHandlerInterface` directly and does not need any options (no change);
* Using a custom handler that needs the options/provider key (that's the new use case this PR supports).
This PR introduces 2 new classes that wrap custom handlers. If those classes define the `setOptions()` and/or `setProviderKey()` methods, they are automatically called with the correct arguments. Yours handler does not need to extend the default handler `DefaultAuthentication*Handler`, but doing so helps as the setters are already defined there.
Commits
-------
810eeaf [Security] made it possible to override the default success/failure handler (take 2)
36116fc [Security] made it possible to override the default success/failure handler
* 2.5:
[Command] Set the process title as late as possible
[Form] Removed constructor argument from FormTypeHttpFoundationExtension for forward compatibility with 2.5
[Validator] Simplified testing of violations
remove obsolete test file
[FrameworkBundle] output failed matched path for clarification
bug #10242 Missing checkPreAuth from RememberMeAuthenticationProvider
[Validator] Fixed StaticMethodLoaderTest to actually test something
[Form] Fixed ValidatorTypeGuesser to guess properties without constraints not to be required
Use request format from request in twig ExceptionController
fixed bug
added the possibility to return null from SimplePreAuthenticationListener
[Form] Moved POST_MAX_SIZE validation from FormValidator to request handler
[Form] Add a form error if post_max_size has been reached.
Response::isNotModified returns true when If-Modified-Since is later than Last-Modified
[WebProfilerBundle] turbolinks compatibility
Conflicts:
src/Symfony/Component/Form/Tests/Extension/Validator/Constraints/FormValidatorTest.php
* 2.4:
[Form] Removed constructor argument from FormTypeHttpFoundationExtension for forward compatibility with 2.5
[Validator] Simplified testing of violations
remove obsolete test file
[FrameworkBundle] output failed matched path for clarification
bug #10242 Missing checkPreAuth from RememberMeAuthenticationProvider
[Validator] Fixed StaticMethodLoaderTest to actually test something
[Form] Fixed ValidatorTypeGuesser to guess properties without constraints not to be required
Use request format from request in twig ExceptionController
fixed bug
added the possibility to return null from SimplePreAuthenticationListener
[Form] Moved POST_MAX_SIZE validation from FormValidator to request handler
[Form] Add a form error if post_max_size has been reached.
Response::isNotModified returns true when If-Modified-Since is later than Last-Modified
[WebProfilerBundle] turbolinks compatibility
Conflicts:
src/Symfony/Component/Form/Extension/Core/Type/FormType.php
src/Symfony/Component/Form/Extension/Validator/Constraints/FormValidator.php
src/Symfony/Component/Form/Extension/Validator/Util/ServerParams.php
src/Symfony/Component/Security/Core/Tests/Authentication/Provider/RememberMeAuthenticationProviderTest.php
src/Symfony/Component/Validator/Tests/Constraints/AbstractConstraintValidatorTest.php
This PR was squashed before being merged into the 2.6-dev branch (closes#10698).
Discussion
----------
[Security] Added a REMOTE_USER based listener to security firewalls
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | /
| License | MIT
| Doc PR | symfony/symfony-docs#3912
TODO
- [x] submit changes to the documentation
I've seen myself implementing a few times a REMOTE_USER based authentication listener, as a large part of security modules for Apache (Kerberos, CAS, and more) are providing the username via an environment variable.
So I thought this could benefit the whole community if directly included in the framework. It is very similar to the X509AuthenticationListener, and basing the RemoteUserAuthenticationListener on the AbstractPreAuthenticatedListener is relevant and very convenient.
Using the X509AuthenticationListener could be possible, but it is confusing to use it directly when your authentication is not certificate based.
Please let me know if I need to update anything.
Regards
Commits
-------
a2872f2 [Security] Added a REMOTE_USER based listener to security firewalls
* 2.5:
Update validators.eu.xlf
fixed CS
remove unused imports
[Validator] Added markObjectAsInitialized() and isObjectInitialized() to ExecutionContextInterface
[Validator] Fixed doc block
[Routing] simplify the XML schema file
Unify null comparisons
[EventDispatcher] don't count empty listeners
[Process] Fix unit tests in sigchild environment
[Process] fix signal handling in wait()
[BrowserKit] refactor code and fix unquoted regex
Fixed server HTTP_HOST port uri conversion
[HttpFoundation] moved test file to the right directory
[Validator] Made sure that context changes don't leak out of (Contextual)ValidatorInterface
[MonologBridge] fixed Console handler priorities
Bring code into standard
[Process] Add test to verify fix for issue #11421
[Process] Fixes issue #11421
[DependencyInjection] Pass a Scope instance instead of a scope name.
* 2.4:
Update validators.eu.xlf
fixed CS
remove unused imports
[Routing] simplify the XML schema file
Unify null comparisons
[EventDispatcher] don't count empty listeners
[Process] Fix unit tests in sigchild environment
[Process] fix signal handling in wait()
[BrowserKit] refactor code and fix unquoted regex
Fixed server HTTP_HOST port uri conversion
[MonologBridge] fixed Console handler priorities
Bring code into standard
[Process] Add test to verify fix for issue #11421
[Process] Fixes issue #11421
[DependencyInjection] Pass a Scope instance instead of a scope name.
Conflicts:
src/Symfony/Bundle/FrameworkBundle/Test/WebTestCase.php
src/Symfony/Component/DependencyInjection/Tests/Dumper/GraphvizDumperTest.php
src/Symfony/Component/PropertyAccess/Tests/PropertyAccessorCollectionTest.php
* 2.3:
Update validators.eu.xlf
fixed CS
remove unused imports
Unify null comparisons
[EventDispatcher] don't count empty listeners
[Process] Fix unit tests in sigchild environment
[Process] fix signal handling in wait()
[BrowserKit] refactor code and fix unquoted regex
Fixed server HTTP_HOST port uri conversion
Bring code into standard
[Process] Add test to verify fix for issue #11421
[Process] Fixes issue #11421
[DependencyInjection] Pass a Scope instance instead of a scope name.
Conflicts:
src/Symfony/Component/EventDispatcher/Tests/EventDispatcherTest.php
This PR was merged into the 2.6-dev branch.
Discussion
----------
[Security] Allow exception bubbling in RememberMeListener
- Allow optional exception bubbling so that the exception listener has a chance to handle those exceptions
#### While at it
- Test for dispatching the InteractiveLogin event
- Smaller cleanups in the test
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | ye
| Fixed tickets | n.A.
| License | MIT
| Doc PR | n.A.
Commits
-------
fcb7f74 Allow exception bubbling in RememberMeListener
This PR was merged into the 2.6-dev branch.
Discussion
----------
[Security] Allow overloading ContextListener::refreshUser()
Allow overloading refreshUser() for the use case of doing something special with user providers.
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n.A.
| License | MIT
| Doc PR | n.A.
Commits
-------
b67ed43 Allow overloading ContextListener::refreshUser()
* 2.4:
bumped Symfony version to 2.4.5
updated VERSION for 2.4.4
updated CHANGELOG for 2.4.4
bumped Symfony version to 2.3.14
updated VERSION for 2.3.13
update CONTRIBUTORS for 2.3.13
updated CHANGELOG for 2.3.13
Updated Serbian validation translation
[Console] Fixed the rendering of exceptions on HHVM with a terminal width
[WebProfilerBundle ] Fixed an edge case on WDT loading
[Security] removed $csrfTokenManager type hint from SimpleFormAuthenticationListener constructor argument
fixed typo
[Process] Disable TTY mode on Windows platform
[Validator] added missing ANNOTATION config to @Target annotation
[Finder] Fix ignoring of unreadable dirs in the RecursiveDirectoryIterator.
Conflicts:
src/Symfony/Component/HttpKernel/Kernel.php
* 2.4:
fix docblock
Fixed incompatibility of x509 auth with nginx
[Process] Setting STDIN while running should not be possible
[Validator] slovenian translation updated
[FrameworkBundle] improve English in RouterMatchCommand
[Validator] Updated Hungarian translations
[Doctrine Bridge] simplify session handler by using main connection
[Validator] Fixed typos in German translation
[Validator] Completed French translations
[Validator] Completed German translations
[Validator] Completed Luxembourgish translations
* 2.3:
fix docblock
Fixed incompatibility of x509 auth with nginx
[Process] Setting STDIN while running should not be possible
[FrameworkBundle] improve English in RouterMatchCommand
[Doctrine Bridge] simplify session handler by using main connection
Conflicts:
src/Symfony/Component/Process/Tests/AbstractProcessTest.php
* 2.4:
Little correction for case 'ar'
No need to use mb functions here
Fix doc-blocks
Fix doc blocks
[HttpFoundation] update phpdoc of SessionHandlerInterface and unify parameters of all handlers according to interface
[Doctrine Bridge] fix DbalSessionHandler for high concurrency, interface compliance, compatibility with all drivers (oci8, mysqli, pdo with mysql, sqlsrv, sqlite)
[Finder] Marked test skipped when ftp stream wrapper is not available
Conflicts:
src/Symfony/Component/Security/Core/Authorization/Voter/ExpressionVoter.php
This PR was merged into the 2.4 branch.
Discussion
----------
[2.4] Fix doc blocks
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
this follows #10737
Commits
-------
c01915d Fix doc blocks
* 2.4:
unified return null usages
[Validator] added Japanese translation
Textarea value should default to empty string instead of null.
Fix doc blocks
[Process] Fix#10681, process are failing on Windows Server 2003
updated doc
[Security] fix DBAL connection typehint
[HttpFoundation] status 201 is allowed to have a body
unified return null usages
Conflicts:
src/Symfony/Component/DependencyInjection/ContainerBuilder.php
src/Symfony/Component/DomCrawler/Crawler.php
src/Symfony/Component/Security/Core/Authentication/Provider/PreAuthenticatedAuthenticationProvider.php
* 2.3:
Textarea value should default to empty string instead of null.
Fix doc blocks
[Process] Fix#10681, process are failing on Windows Server 2003
[Security] fix DBAL connection typehint
[HttpFoundation] status 201 is allowed to have a body
unified return null usages
Conflicts:
src/Symfony/Component/Console/Helper/DescriptorHelper.php
src/Symfony/Component/DependencyInjection/ContainerBuilder.php
src/Symfony/Component/Finder/Tests/Iterator/RecursiveDirectoryIteratorTest.php
src/Symfony/Component/Form/Extension/Core/DataTransformer/IntegerToLocalizedStringTransformer.php
src/Symfony/Component/HttpKernel/Fragment/InlineFragmentRenderer.php
This PR was merged into the 2.3 branch.
Discussion
----------
unified return null usages
| Q | A
| ------------- | ---
| License | MIT
This PR unifies the way we return `null` from a function or method:
* always use `return;` instead of `return null;` (the current code base uses both);
* never use `return;` at the end of a function/method.
Commits
-------
d1d569b unified return null usages
* 2.4:
made types consistent with those defined in Hack
made {@inheritdoc} annotations consistent across the board
made {@inheritdoc} annotations consistent across the board
fixed types in phpdocs
[Debug] Fixed ClassNotFoundFatalErrorHandler on windows.
made phpdoc types consistent with those defined in Hack
Add support Thai translations
[Validator] Add missing czech translations
made types consistent with those defined in Hack
removed extra/unsupported arguments
[HttpKernel] fixed an error message
[TwigBundle] removed undefined argument
[Translation] Make IcuDatFileLoader/IcuResFileLoader::load invalid resource compatible with HHVM.
Conflicts:
src/Symfony/Component/Console/Helper/TableHelper.php
src/Symfony/Component/DependencyInjection/Loader/XmlFileLoader.php
src/Symfony/Component/Form/FormError.php
src/Symfony/Component/HttpKernel/Debug/TraceableEventDispatcher.php
src/Symfony/Component/Process/ProcessPipes.php
src/Symfony/Component/PropertyAccess/PropertyAccessor.php
src/Symfony/Component/Security/Acl/Dbal/MutableAclProvider.php
src/Symfony/Component/Security/Http/RememberMe/TokenBasedRememberMeServices.php
src/Symfony/Component/Translation/Dumper/FileDumper.php
src/Symfony/Component/Validator/ConstraintViolation.php
src/Symfony/Component/Validator/Constraints/EmailValidator.php
src/Symfony/Component/Validator/ExecutionContextInterface.php
src/Symfony/Component/Validator/Mapping/BlackholeMetadataFactory.php
* 2.3:
made {@inheritdoc} annotations consistent across the board
fixed types in phpdocs
made phpdoc types consistent with those defined in Hack
Add support Thai translations
made types consistent with those defined in Hack
removed extra/unsupported arguments
[HttpKernel] fixed an error message
[TwigBundle] removed undefined argument
[Translation] Make IcuDatFileLoader/IcuResFileLoader::load invalid resource compatible with HHVM.
Conflicts:
src/Symfony/Bridge/ProxyManager/Tests/LazyProxy/Fixtures/php/lazy_service.php
src/Symfony/Bundle/FrameworkBundle/Command/ContainerDebugCommand.php
src/Symfony/Bundle/FrameworkBundle/Templating/Loader/FilesystemLoader.php
src/Symfony/Bundle/WebProfilerBundle/EventListener/WebDebugToolbarListener.php
src/Symfony/Component/Config/Definition/ReferenceDumper.php
src/Symfony/Component/Console/Helper/DescriptorHelper.php
src/Symfony/Component/Debug/ErrorHandler.php
src/Symfony/Component/Finder/Tests/Iterator/RecursiveDirectoryIteratorTest.php
src/Symfony/Component/Form/Extension/Core/DataTransformer/IntegerToLocalizedStringTransformer.php
src/Symfony/Component/Form/Tests/Extension/Core/DataMapper/PropertyPathMapperTest.php
src/Symfony/Component/HttpFoundation/Response.php
src/Symfony/Component/HttpFoundation/StreamedResponse.php
src/Symfony/Component/HttpKernel/Debug/TraceableEventDispatcher.php
src/Symfony/Component/HttpKernel/EventListener/ProfilerListener.php
src/Symfony/Component/HttpKernel/Fragment/FragmentHandler.php
src/Symfony/Component/HttpKernel/Fragment/RoutableFragmentRenderer.php
src/Symfony/Component/HttpKernel/Kernel.php
src/Symfony/Component/HttpKernel/Tests/Fixtures/KernelForTest.php
src/Symfony/Component/Intl/NumberFormatter/NumberFormatter.php
src/Symfony/Component/Security/Core/Authorization/AccessDecisionManager.php
src/Symfony/Component/Stopwatch/StopwatchPeriod.php
src/Symfony/Component/Translation/TranslatorInterface.php
src/Symfony/Component/Validator/ConstraintValidatorFactory.php
* 2.4: (52 commits)
Fix#8205 : Deprecate file mode update when calling dumpFile
Fix#10437: Catch exceptions when reloading a no-cache request
Fix libxml_use_internal_errors and libxml_disable_entity_loader usage
removed ini check to make uploadedfile work on gae
Update OptionsResolver.php
fixed comment in forms.xml file
Clean KernelInterface docblocks
Cast the group name as a string
Fixed doc of InitAclCommand
[Form] Fix "Array was modified outside object" in ResizeFormListener.
Fix IBAN validator
[Process] Remove unreachable code + avoid skipping tests in sigchild environment
Fixed bug that incorrectly causes the "required" attribute to be omitted from select even though it contains the "multiple" attribute
Added travis_retry to .travis.yml
[Process] fix some typos and refactor some code
[Process] Fix unit tests in sigchild disabled environment
[Process] Trow exceptions in case a Process method is supposed to be called after termination
fixed typo
[Process] fixed fatal errors in getOutput and getErrorOutput when process was not started
[Process] Fix escaping on Windows
...
Conflicts:
src/Symfony/Bundle/FrameworkBundle/Command/ServerRunCommand.php
src/Symfony/Component/Form/Extension/Core/EventListener/ResizeFormListener.php
src/Symfony/Component/Process/Process.php
src/Symfony/Component/Process/ProcessPipes.php
src/Symfony/Component/Process/Tests/AbstractProcessTest.php
* 2.3: (34 commits)
Fix#8205 : Deprecate file mode update when calling dumpFile
Fix#10437: Catch exceptions when reloading a no-cache request
Fix libxml_use_internal_errors and libxml_disable_entity_loader usage
removed ini check to make uploadedfile work on gae
Update OptionsResolver.php
fixed comment in forms.xml file
Clean KernelInterface docblocks
Cast the group name as a string
Fixed doc of InitAclCommand
[Form] Fix "Array was modified outside object" in ResizeFormListener.
Fix IBAN validator
[Process] Remove unreachable code + avoid skipping tests in sigchild environment
Fixed bug that incorrectly causes the "required" attribute to be omitted from select even though it contains the "multiple" attribute
Added travis_retry to .travis.yml
[Process] fix some typos and refactor some code
[Process] Fix unit tests in sigchild disabled environment
[Process] Trow exceptions in case a Process method is supposed to be called after termination
fixed typo
[Process] fixed fatal errors in getOutput and getErrorOutput when process was not started
[Process] Fix escaping on Windows
...
Conflicts:
src/Symfony/Component/DomCrawler/Crawler.php
src/Symfony/Component/Filesystem/Filesystem.php
src/Symfony/Component/Process/Process.php
* 2.4:
fixed various inconsistencies
reduced recursion when building DumperPrefixCollection
renamed variables - making next change more readable
removing dead code.
[ExpressionLanguage] added some tests for the built-in constant() function
[ExpressionLanguage] added some documentation about functions
[DomCrawler] Fixed filterXPath() chaining
[DomCrawler] Fixed incorrect handling of image inputs
* 2.3:
fixed various inconsistencies
reduced recursion when building DumperPrefixCollection
renamed variables - making next change more readable
removing dead code.
[DomCrawler] Fixed filterXPath() chaining
[DomCrawler] Fixed incorrect handling of image inputs
Conflicts:
src/Symfony/Component/DomCrawler/Crawler.php
src/Symfony/Component/EventDispatcher/Tests/EventDispatcherTest.php
src/Symfony/Component/Form/Extension/DependencyInjection/DependencyInjectionExtension.php
src/Symfony/Component/Serializer/Tests/Normalizer/CustomNormalizerTest.php
src/Symfony/Component/Templating/Tests/Loader/CacheLoaderTest.php
src/Symfony/Component/Templating/Tests/Loader/LoaderTest.php
* 2.4:
udpated LICENSE year
update year on licenses
rundown and typo fix
[Process] Fix#9861 : Revert TTY mode
[Form] Update minimal requirement in composer.json
Fix Empty translations with Qt files
[Console] Fixed command name guessing if an alternative is an alias.
Update UPGRADE-2.3.md to account for #9388
[WebProfilerBundle] Fixed profiler toolbar icons for XHTML.
[BrowserKit] Throw exception on invalid cookie expiration timestamp
[Propel1Bridge][ModelChoiceList] add exception message for invalid classes
* 2.4:
removed unneeded use statements
[DoctrineBridge] Fixed an issue with DoctrineParserCache
removed unneeded use statements
Prepend Child Bundle paths before the parent
[Routing] add unit tests for Symfony\Component\Routing\RequestContext class
* 2.3:
removed unneeded use statements
Prepend Child Bundle paths before the parent
[Routing] add unit tests for Symfony\Component\Routing\RequestContext class
Conflicts:
src/Symfony/Component/Form/Extension/Csrf/CsrfExtension.php
src/Symfony/Component/HttpKernel/DataCollector/TimeDataCollector.php
src/Symfony/Component/Validator/ConstraintValidatorFactory.php
* 2.4:
[Security] fixed pre/post authentication checks
fixed missing use statements
Updated lithuanian validator translation: changed vartotojas to naudotojas as it is more proper term.
Fixed CSS
[Intl] Added round support for ROUND_CEILING, ROUND_FLOOR, ROUND_DOWN, ROUND_UP
[HttpFoundation] Throw proper exception when invalid data is passed to JsonResponse class
addressed == -> === suggestion
Fixed#9020 - Added support for collections in service#parameters
fixes PSR-0 issues in tests
adjusted behavior to always copy override on url files
Skips test that need full lib-intl.
* 2.3:
[Security] fixed pre/post authentication checks
Updated lithuanian validator translation: changed vartotojas to naudotojas as it is more proper term.
Fixed CSS
[HttpFoundation] Throw proper exception when invalid data is passed to JsonResponse class
addressed == -> === suggestion
Fixed#9020 - Added support for collections in service#parameters
fixes PSR-0 issues in tests
adjusted behavior to always copy override on url files
Skips test that need full lib-intl.
Conflicts:
src/Symfony/Component/Security/Acl/Tests/Permission/MaskBuilderTest.php
src/Symfony/Component/Security/Core/Tests/Authentication/Token/RememerMeTokenTest.php
src/Symfony/Component/Security/Core/Tests/User/AccountCheckerTest.php
src/Symfony/Component/Security/Core/Tests/User/InMemoryProviderTest.php
src/Symfony/Component/Security/Http/Tests/Authentication/DefaultAuthenticationFailureHandlerTest.php
src/Symfony/Component/Security/Http/Tests/Authentication/DefaultAuthenticationSuccessHandlerTest.php
src/Symfony/Component/Security/Tests/Core/Authentication/Token/RememberMeTokenTest.php
src/Symfony/Component/Security/Tests/Core/Authentication/Token/RememerMeTokenTest.php
src/Symfony/Component/Security/Tests/Core/User/AccountCheckerTest.php
src/Symfony/Component/Security/Tests/Core/User/InMemoryProviderTest.php
src/Symfony/Component/Security/Tests/Core/User/InMemoryUserProviderTest.php
src/Symfony/Component/Security/Tests/Core/User/UserCheckerTest.php
* 2.4:
[Security] simplified some unit tests
[Security] made code easier to understand, added some missing unit tests
[DependencyInjection] fixed InlineServiceDefinitionsPass to not inline a service if it's part of the current definition (to avoid an infinite loop)
[DomCrawler] Fixed creating form objects from form nodes.
disabled php.ini changes when using HHVM in .travis.yml
[Process] fixed HHVM support
Add support for HHVM in the getting of the PHP executable
[Security] fixed error 500 instead of 403 if previous exception is provided to AccessDeniedException
* 2.3:
[Security] made code easier to understand, added some missing unit tests
[DependencyInjection] fixed InlineServiceDefinitionsPass to not inline a service if it's part of the current definition (to avoid an infinite loop)
[DomCrawler] Fixed creating form objects from form nodes.
disabled php.ini changes when using HHVM in .travis.yml
[Process] fixed HHVM support
Add support for HHVM in the getting of the PHP executable
[Security] fixed error 500 instead of 403 if previous exception is provided to AccessDeniedException
* 2.4:
fixed CS
fixed a typo
fixed CS for lambdas
[Yaml] fixed some license headers
Fixes message value for objects
Check for hour, minute & second validity
avoid tables to have apparently long blank line breaks and be too far appart for long nested array params
fixed various typos
[Filesystem] Fixed mirror for symlinks
[Validator] Removed duplicated test for IBAN in data provider
* 2.3:
fixed a typo
fixed CS for lambdas
[Yaml] fixed some license headers
Fixes message value for objects
Check for hour, minute & second validity
fixed various typos
[Filesystem] Fixed mirror for symlinks
[Validator] Removed duplicated test for IBAN in data provider
Conflicts:
src/Symfony/Bundle/FrameworkBundle/Command/ContainerDebugCommand.php
src/Symfony/Component/Console/Application.php
src/Symfony/Component/Debug/Tests/ErrorHandlerTest.php
src/Symfony/Component/Filesystem/Tests/FilesystemTest.php
src/Symfony/Component/HttpKernel/Tests/DependencyInjection/ContainerAwareHttpKernelTest.php
* 2.4: (44 commits)
[FrameworkBundle] Add missing license headers
Fix parent serialization of user object
[DependencyInjection] fixed typo
added condition to avoid skipping tests on JSON_PRETTY support
add memcache, memcached, and mongodb extensions to run skipped tests
[DependencyInjection] Fixed support for backslashes in service ids.
fix#9356 [Security] Logger should manipulate the user reloaded from provider
[FrameworkBundle] Added extra details in XMLDescriptor to improve container description
fixed CS
Crawler default namespace fix
[BrowserKit] fixes#8311 CookieJar is totally ignorant of RFC 6265 edge cases
[HttpFoundation] fixed constants that do exist in 2.3 (only in 2.4)
fix 5528 let ArrayNode::normalizeValue respect order of value array provided
fix#7243 allow 0 as arraynode name
Fixed issue in BaseDateTimeTransformer when invalid timezone cause Transformation filed exception (closes#9403).
BinaryFileResponse should also return 416 or 200 on some range-requets
fix deprecated usage and clarify constructor defaults for number formatter
Bumping dependency to ProxyManager to allow testing against the new 0.5.x branch changes
Do normalization on tag options
bumped Symfony version to 2.3.9
...
* 2.3: (31 commits)
Fix parent serialization of user object
[DependencyInjection] fixed typo
add memcache, memcached, and mongodb extensions to run skipped tests
[DependencyInjection] Fixed support for backslashes in service ids.
fix#9356 [Security] Logger should manipulate the user reloaded from provider
[BrowserKit] fixes#8311 CookieJar is totally ignorant of RFC 6265 edge cases
[HttpFoundation] fixed constants that do exist in 2.3 (only in 2.4)
fix 5528 let ArrayNode::normalizeValue respect order of value array provided
fix#7243 allow 0 as arraynode name
Fixed issue in BaseDateTimeTransformer when invalid timezone cause Transformation filed exception (closes#9403).
BinaryFileResponse should also return 416 or 200 on some range-requets
Do normalization on tag options
bumped Symfony version to 2.3.9
updated VERSION for 2.3.8
update CONTRIBUTORS for 2.3.8
updated CHANGELOG for 2.3.8
[Filesystem] Changed the mode for a target file in copy() to be write only.
[Console] fixed CS
fixed TableHelper when cell value has new line
Improved and fixed grammar mistakes. Added pluralized messages
...
Conflicts:
src/Symfony/Component/BrowserKit/Cookie.php
src/Symfony/Component/HttpKernel/Kernel.php
src/Symfony/Component/Routing/Matcher/UrlMatcher.php
* 2.4:
[HttpKernel] fixed regression introduced in 2.4 in the base DataCollector class. Added more unit tests coverage for the RequestDataCollector object.
Fixed mistake in upgrade docu
bumped Symfony version to 2.4.0
updated VERSION for 2.4.0-RC1
updated CHANGELOG for 2.4.0-RC1
Container::camelize also takes backslashes into consideration
fixed typos
fixed @expectedException class names
Fix an issue when overriding Client::setServerParameters() and using the getContainer() method in it.
fixed some typos
fixed @expectedException class names
Typo and better wording for german validator translation
* 2.3:
Fixed mistake in upgrade docu
Container::camelize also takes backslashes into consideration
fixed typos
fixed @expectedException class names
fixed some typos
fixed @expectedException class names
Typo and better wording for german validator translation
This PR was merged into the master branch.
Discussion
----------
unify constructor initialization style throughout symfony
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | n/a
In almost all classes symfony uses property initialization when the value is static. Constructor initialization is only used for things that actually have logic, like passed parameters or dynamic values. IMHO it makes the code much more readable because property definition, phpdoc and default value is in one place. Also one can easily see what the constructor implements for logic like overridden default value of a parent class. Otherwise the real deal is just hidden behind 10 property initializations. One more advantage is that it requires less code. As you can see, the code was almost cut in half (210 additions and 395 deletions).
I unified it accordingly across symfony. Sometimes it was [not even consistent within one class](https://github.com/symfony/symfony/blob/master/src/Symfony/Component/Config/Definition/BaseNode.php#L32). At the same time I recognized some errors like missing parent constructor call, or undefined properties or private properties that are not even used.
I then realized that a few Kernel tests were not passing because they were deeply implementation specific like modifying booted flag with a custom `KernelForTest->setIsBooted();`. I improved and refactored the kernel tests in the __second commit__.
__Third commit__ unifies short ternary operator, e.g. `$foo ?: new Foo()`. __Forth commit__ unifies missing parentheses, e.g. `new Foo()`.
Commits
-------
077a089 unify missing parentheses
2888594 unify short ternary operator
2a9daff [HttpKernel] better written kernel tests
111ac18 unify constructor initialization style throughout symfony
This PR was merged into the master branch.
Discussion
----------
adjust doctrine dependencies
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #9384, #9385
| License | MIT
| Doc PR | -
I went through all components/bundles/bridges in symfony and searched for doctrine dependencies. Then looked if it only requires a subset (annotations instead of common for example).
Commits
-------
7366901 adjust doctrine dependencies
* 2.3:
fixed CS
fixed CS
[HttpKernel] fixed memory limit display in MemoryDataCollector
Fixed the error handling when decoding invalid XML to avoid a Warning
[Form] Fixed: The "data" option is taken into account even if it is NULL
[DomCrawler] [HttpFoundation] Make `Content-Type` attributes identification case-insensitive
Conflicts:
src/Symfony/Bundle/FrameworkBundle/Tests/Templating/TimedPhpEngineTest.php
* 2.2:
fixed CS
Fixed the error handling when decoding invalid XML to avoid a Warning
[Form] Fixed: The "data" option is taken into account even if it is NULL
[DomCrawler] [HttpFoundation] Make `Content-Type` attributes identification case-insensitive
Conflicts:
src/Symfony/Component/Form/Extension/Core/Type/FormType.php
* 2.3:
[DoctrineBridge] Added type check to prevent calling clear() on arrays
[Intl] Improved FormTypeCsrfExtension to use the type class as default intention if the form name is empty
Fix docblock typo
* 2.2:
[DoctrineBridge] Added type check to prevent calling clear() on arrays
[Intl] Improved FormTypeCsrfExtension to use the type class as default intention if the form name is empty
Fix docblock typo
Conflicts:
src/Symfony/Component/Form/Extension/Csrf/Type/FormTypeCsrfExtension.php
* 2.2:
[DoctrineBridge] Loosened CollectionToArrayTransformer::transform() to accept arrays
Removed unused use statements.
Make usleep longer and simplify assertions
Added japanese translation resource for security component.
[Yaml] Fixed the escaping of strings starting with a dash when dumping
Fix in ChainLoader.php
fixed wrong started states
* 2.3:
Fix: duplicate usage of Symfony\Component\HttpFoundation\Response
[Form] add support for Length and Range constraint in order to replace MaxLength, MinLength, Max and Min constraints in next release (2.3)
Revert "merged branch Tobion/flattenexception (PR #9111)"
[Form] check the required output timezone against the actual timezone of the input datetime object, rather than the expected timezone supplied
Conflicts:
src/Symfony/Component/HttpKernel/EventListener/ExceptionListener.php
This PR was merged into the master branch.
Discussion
----------
[HttpFoundation] added a way to override the Request class
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #7461, #7453
| License | MIT
| Doc PR | symfony/symfony-docs#3021
This is an alternative implementation for #7461.
I've also reverted #7381 and #7390 as these changes are not needed anymore.
Todo:
- [ ] add some tests
Commits
-------
464439d [HttpFoundation] added a way to override the Request class
This PR was merged into the master branch.
Discussion
----------
[Security] Added Security\Csrf sub-component with better token generation
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | TODO
**Update September 27, 2013**
This PR simplifies the CSRF mechanism to generate completely random tokens. A random token is generated once per ~~intention~~ token ID and then stored in the session. Tokens are valid until the session expires.
Since the CSRF token generator depends on `StringUtils` and `SecureRandom` from Security\Core, and since Security\Http currently depends on the Form component for token generation, I decided to add a new Security\Csrf sub-component that contains the improved CSRF token generator. Consequences:
* Security\Http now depends on Security\Csrf instead of Form
* Form now optionally depends on Security\Csrf
* The configuration for the "security.secure_random" service and the "security.csrf.*" services was moved to FrameworkBundle to guarantee BC
In the new Security\Csrf sub-component, I tried to improve the naming where I could do so without breaking BC:
* CSRF "providers" are now called "token generators"
* CSRF "intentions" are now called "token IDs", because that's really what they are
##### TODO
- [ ] The documentation needs to be checked for references to the configuration of the application secret. Remarks that the secret is used for CSRF protection need to be removed.
- [ ] Add aliases "csrf_token_generator" and "csrf_token_id" for "csrf_provider" and "intention" in the SecurityBundle configuration
- [x] Make sure `SecureRandom` never blocks for `CsrfTokenGenerator`
Commits
-------
7f02304 [Security] Added missing PHPDoc tag
2e04e32 Updated Composer dependencies to require the Security\Csrf component where necessary
bf85e83 [FrameworkBundle][SecurityBundle] Added service configuration for the new Security CSRF sub-component
2048cf6 [Form] Deprecated the CSRF implementation and added an optional dependency to the Security CSRF sub-component instead
85d4959 [Security] Changed Security HTTP sub-component to depend on CSRF sub-component instead of Form
1bf1640 [Security] Added CSRF sub-component
* 2.3:
fixed Client when using the terminable event
Fix problem with Windows file links (backslash in JavaScript string)
[Security] fixed wrong phpdoc
[DependencyInjection] Prevented inlining of lazy loaded private service definitions.
[Routing] removed extra argument
[HttpFoundation] Header `HTTP_X_FORWARDED_PROTO` can contain various values Some proxies use `ssl` instead of `https`, as well as Lighttpd mod_proxy allows value chaining (`https, http`, where `https` is always first when request is encrypted).
Added doc comments
Conflicts:
src/Symfony/Component/Routing/Router.php
src/Symfony/Component/Security/Http/Firewall.php
* 2.2:
fixed Client when using the terminable event
Fix problem with Windows file links (backslash in JavaScript string)
[Security] fixed wrong phpdoc
[Routing] removed extra argument
[HttpFoundation] Header `HTTP_X_FORWARDED_PROTO` can contain various values Some proxies use `ssl` instead of `https`, as well as Lighttpd mod_proxy allows value chaining (`https, http`, where `https` is always first when request is encrypted).
Added doc comments
Conflicts:
src/Symfony/Component/HttpFoundation/Request.php
* 2.3:
[Locale] added support for the position argument to NumberFormatter::parse()
[Locale] added some more stubs for the number formatter
[Yaml] fixed typo
[Yaml] fixed a test on PHP < 5.4
[DomCrawler]Crawler guess charset from html
fixed PHP 5.3 compatibility
[Yaml] reverted previous merge partially (refs #8897)
[Security] remove unused logger
[Security] fix typo
[Yaml] Fixed filename in the ParseException message
* 2.2:
[Locale] added support for the position argument to NumberFormatter::parse()
[Locale] added some more stubs for the number formatter
[Yaml] fixed typo
[Yaml] fixed a test on PHP < 5.4
[DomCrawler]Crawler guess charset from html
fixed PHP 5.3 compatibility
[Yaml] reverted previous merge partially (refs #8897)
[Security] remove unused logger
[Security] fix typo
[Yaml] Fixed filename in the ParseException message
Conflicts:
src/Symfony/Component/Console/Input/InputDefinition.php
src/Symfony/Component/Locale/Stub/StubNumberFormatter.php
src/Symfony/Component/Locale/Tests/Stub/StubNumberFormatterTest.php
This PR was merged into the master branch.
Discussion
----------
New Component: Expression Language
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #8850, #7352
| License | MIT
| Doc PR | not yet
TODO:
- [ ] write documentation
- [x] add tests for the new component
- [x] implement expression support for access rules in the security component
- [x] find a better character/convention for expressions in the YAML format
- [x] check the performance of the evaluation mode
- [x] better error messages in the evaluation mode
- [x] add support in the Routing
- [x] add support in the Validator
The ExpressionLanguage component provides an engine that can compile and
evaluate expressions.
An expression is a one-liner that returns a value (mostly, but not limited to, Booleans).
It is a strip-down version of Twig (only the expression part of it is
implemented.) Like Twig, the expression is lexed, parsed, and
compiled/evaluated. So, it is immune to external injections by design.
If we compare it to Twig, here are the main big differences:
* only support for Twig expressions
* no ambiguity for calls (foo.bar is only valid for properties, foo['bar'] is only valid for array calls, and foo.bar() is required for method calls)
* no support for naming conventions in method calls (if the method is named getFoo(), you must use getFoo() and not foo())
* no notion of a line for errors, but a cursor (we are mostly talking about one-liners here)
* removed everything specific to the templating engine (like output escaping or filters)
* no support for named arguments in method calls
* only one extension point with functions (no possibility to define new operators, ...)
* and probably even more I don't remember right now
* there is no need for a runtime environment, the compiled PHP string is self-sufficient
An open question is whether we keep the difference betweens arrays and hashes.
The other big difference with Twig is that it can work in two modes (possible
because of the restrictions described above):
* compilation: the expression is compiled to PHP and is self-sufficient
* evaluation: the expression is evaluated without being compiled to PHP (the node tree produced by the parser can be serialized and evaluated afterwards -- so it can be saved on disk or in a database to speed up things when needed)
Let's see a simple example:
```php
$language = new ExpressionLanguage();
echo $language->evaluate('1 + 1');
// will echo 2
echo $language->compile('1 + 2');
// will echo "(1 + 2)"
```
The language supports:
* all basic math operators (with precedence rules):
* unary: not, !, -, +
* binary: or, ||, and, &&, b-or, b-xor, b-and, ==, ===, !=, !==, <, >, >=, <=, not in, in, .., +, -, ~, *, /, %, **
* all literals supported by Twig: strings, numbers, arrays (`[1, 2]`), hashes
(`{a: "b"}`), Booleans, and null.
* simple variables (`foo`), array accesses (`foo[1]`), property accesses
(`foo.bar`), and method calls (`foo.bar(1, 2)`).
* the ternary operator: `true ? true : false` (and all the shortcuts
implemented in Twig).
* function calls (`constant('FOO')` -- `constant` is the only built-in
functions).
* and of course, any combination of the above.
The compilation is better for performances as the end result is just a plain PHP string without any runtime. For the evaluation, we need to tokenize, parse, and evaluate the nodes on the fly. This can be optimized by using a `ParsedExpression` or a `SerializedParsedExpression` instead:
```php
$nodes = $language->parse($expr, $names);
$expression = new SerializedParsedExpression($expr, serialize($nodes));
// You can now store the expression in a DB for later reuse
// a SerializedParsedExpression can be evaluated like any other expressions,
// but under the hood, the lexer and the parser won't be used at all, so it''s much faster.
$language->evaluate($expression);
```
That's all folks!
I can see many use cases for this new component, and we have two use cases in
Symfony that we can implement right away.
## Using Expressions in the Service Container
The first one is expression support in the service container (it would replace
#8850) -- anywhere you can pass an argument in the service container, you can
use an expression:
```php
$c->register('foo', 'Foo')->addArgument(new Expression('bar.getvalue()'));
```
You have access to the service container via `this`:
container.get("bar").getvalue(container.getParameter("value"))
The implementation comes with two functions that simplifies expressions
(`service()` to get a service, and `parameter` to get a parameter value). The
previous example can be simplified to:
service("bar").getvalue(parameter("value"))
Here is how to use it in XML:
```xml
<parameters>
<parameter key="value">foobar</parameter>
</parameters>
<services>
<service id="foo" class="Foo">
<argument type="expression">service('bar').getvalue(parameter('value'))</argument>
</service>
<service id="bar" class="Bar" />
</services>
```
and in YAML (I chose the syntax randomly ;)):
```yaml
parameters:
value: foobar
services:
bar:
class: Bar
foo:
class: Foo
arguments: [@=service("bar").getvalue(parameter("value"))]
```
When using the container builder, Symfony uses the evaluator, but with the PHP
dumper, the compiler is used, and there is no overhead as the expression
engine is not needed at runtime. The expression above would be compiled to:
```php
$this->get("bar")->getvalue($this->getParameter("value"))
```
## Using Expression for Security Access Control Rules
The second use case in Symfony is for access rules.
As we all know, the way to configure the security access control rules is confusing, which might lead to insecure applications (see http://symfony.com/blog/security-access-control-documentation-issue for more information).
Here is how the new `allow_if` works:
```yaml
access_control:
- { path: ^/_internal/secure, allow_if: "'127.0.0.1' == request.getClientIp() or has_role('ROLE_ADMIN')" }
```
This one restricts the URLs starting with `/_internal/secure` to people browsing from the localhost. Here, `request` is the current Request instance. In the expression, there is access to the following variables:
* `request`
* `token`
* `user`
And to the following functions:
* `is_anonymous`
* `is_authenticated`
* `is_fully_authenticated`
* `is_rememberme`
* `has_role`
You can also use expressions in Twig, which works well with the `is_granted` function:
```jinja
{% if is_granted(expression('has_role("FOO")')) %}
...
{% endif %}
```
## Using Expressions in the Routing
Out of the box, Symfony can only match an incoming request based on some pre-determined variables (like the path info, the method, the scheme, ...). But some people want to be able to match on more complex logic, based on other information of the Request object. That's why we introduced `RequestMatcherInterface` recently (but we no default implementation in Symfony itself).
The first change I've made (not related to expression support) is implement this interface for the default `UrlMatcher`. It was simple enough.
Then, I've added a new `condition` configuration for Route objects, which allow you to add any valid expression. An expression has access to the `request` and to the routing `context`.
Here is how one would configure it in a YAML file:
```yaml
hello:
path: /hello/{name}
condition: "context.getMethod() in ['GET', 'HEAD'] and request.headers.get('User-Agent') =~ '/firefox/i'"
```
Why do I keep the context as all the data are also available in the request? Because you can also use the condition without using the RequestMatcherInterface, in which case, you don't have access to the request. So, the previous example is equivalent to:
```yaml
hello:
path: /hello/{name}
condition: "request.getMethod() in ['GET', 'HEAD'] and request.headers.get('User-Agent') =~ '/firefox/i'"
```
When using the PHP dumper, there is no overhead as the condition is compiled. Here is how it looks like:
```php
// hello
if (0 === strpos($pathinfo, '/hello') && preg_match('#^/hello/(?P<name>[^/]++)$#s', $pathinfo, $matches) && (in_array($context->getMethod(), array(0 => "GET", 1 => "HEAD")) && preg_match("/firefox/i", $request->headers->get("User-Agent")))) {
return $this->mergeDefaults(array_replace($matches, array('_route' => 'hello')), array ());
}
```
Be warned that conditions are not taken into account when generating a URL.
## Using Expressions in the Validator
There is a new Expression constraint that you can put on a class. The expression is then evaluated for validation:
```php
use Symfony\Component\Validator\Constraints as Assert;
/**
* @Assert\Condition(condition="this.getFoo() == 'fo'", message="Not good!")
*/
class Obj
{
public function getFoo()
{
return 'foo';
}
}
```
In the expression, you get access to the current object via the `this` variable.
## Dynamic annotations
The expression language component is also very useful in annotations. the SensoLabs FrameworkExtraBundle leverages this possibility to implement HTTP validation caching in the `@Cache` annotation and to add a new `@Security` annotation (see sensiolabs/SensioFrameworkExtraBundle#238.)
Commits
-------
d4ebbfd [Validator] Renamed Condition to Expression and added possibility to set it onto properties
a3b3a78 [Validator] added a constraint that runs an expression
1bcfb40 added optimized versions of expressions
984bd38 mades things more consistent for the end user
d477f15 [Routing] added support for expression conditions in routes
86ac8d7 [ExpressionLanguage] improved performance
e369d14 added a Twig extension to create Expression instances
38b7fde added support for expression in control access rules
2777ac7 [HttpFoundation] added ExpressionRequestMatcher
c25abd9 [DependencyInjection] added support for expressions in the service container
3a41781 [ExpressionLanguage] added support for regexes
9d98fa2 [ExpressionLanguage] added the component
This PR was merged into the 2.2 branch.
Discussion
----------
[Security] fix typo and remove unused logger
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| License | MIT
Commits
-------
a33cc51 [Security] remove unused logger
62de9c1 [Security] fix typo
This PR was merged into the master branch.
Discussion
----------
[Security] Remove unused use statement
Commits
-------
6981669 Remove unused use statement
* 2.3:
fixed phpdoc
Fix some annotates
[FrameworkBundle] made sure that the debug event dispatcher is used everywhere
[HttpKernel] remove unneeded strtoupper
updated the composer install command to reflect changes in Composer
Conflicts:
src/Symfony/Component/Serializer/Encoder/XmlEncoder.php
* 2.2:
Fix some annotates
[FrameworkBundle] made sure that the debug event dispatcher is used everywhere
[HttpKernel] remove unneeded strtoupper
updated the composer install command to reflect changes in Composer
Conflicts:
src/Symfony/Component/Console/Application.php
src/Symfony/Component/Console/Command/Command.php
src/Symfony/Component/Console/Input/InputDefinition.php
src/Symfony/Component/CssSelector/Node/CombinedSelectorNode.php
src/Symfony/Component/Form/Form.php
src/Symfony/Component/HttpKernel/Debug/ErrorHandler.php
src/Symfony/Component/HttpKernel/DependencyInjection/RegisterListenersPass.php
src/Symfony/Component/HttpKernel/Tests/DependencyInjection/RegisterListenersPassTest.php
src/Symfony/Component/Locale/Locale.php
src/Symfony/Component/Locale/README.md
src/Symfony/Component/Locale/Stub/DateFormat/FullTransformer.php
* 2.3:
Fixing singular form for kisses, accesses and addresses.
fixed some circular references
[Security] fixed a leak in ExceptionListener
[Security] fixed a leak in the ContextListener
Ignore posix_istatty warnings
removed unused variable
[Form] fix iterator typehint
typos
Button missing getErrorsAsString() fixes#8084 Debug: Not calling undefined method anymore. If the form contained a submit button the call would fail and the debug of the form wasn't possible. Now it will work in all cases. This fixes#8084
Use isset() instead of array_key_exists() in DIC
Fixed annotation
[BrowserKit] fixed method/files/content when redirecting a request
[BrowserKit] removed some headers when redirecting a request
[BrowserKit] fixed headers when redirecting if history is set to false (refs #8697)
[HttpKernel] fixed route parameters storage in the Request data collector (closes#8867)
[BrowserKit] Pass headers when `followRedirect()` is called
Return BC compatibility for `@Route` parameters and default values
Conflicts:
src/Symfony/Component/Security/Http/Firewall/ContextListener.php
* 2.2:
Fixing singular form for kisses, accesses and addresses.
fixed some circular references
[Security] fixed a leak in ExceptionListener
[Security] fixed a leak in the ContextListener
Ignore posix_istatty warnings
typos
[HttpKernel] fixed route parameters storage in the Request data collector (closes#8867)
Return BC compatibility for `@Route` parameters and default values
Conflicts:
src/Symfony/Bundle/FrameworkBundle/Templating/Helper/FormHelper.php
src/Symfony/Component/Console/Application.php
* 2.2:
[Security] fixed some phpdoc
Fixed PHPDoc Blocks
optimized circular reference checker
[HttpKernel] changed fragment URLs to be relative by default (closes#8458)
This PR was merged into the master branch.
Discussion
----------
[Security] Keep other query string parameters when switching users
| Q | A
| ---------------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| Doc PR | n/a
When switching users, the whole query string gets dropped when redirecting after the switch.
I think only the switch user parameter should be dropped from the query string.
Commits
-------
0a338f5 [Security] Keep other query string parameters when switching users
* 2.3:
Clear lazy loading initializer after the service is successfully initialized
[FrameworkBundle] added support for double-quoted strings in the extractor (closes#8797)
[SecurityBundle] Move format-dependent tests from SecurityExtensionTest
bumped Symfony version to 2.3.5-DEV
updated VERSION for 2.3.4
updated CHANGELOG for 2.3.4
bumped Symfony version to 2.2.7
updated VERSION for 2.2.6
update CONTRIBUTORS for 2.2.6
updated CHANGELOG for 2.2.6
clearToken exception is thrown at wrong place.
fix typo in test skipped message
[Form] Fixed Form::all() signature for PHP 5.3.3
[Form] Fixed Form::all() signature for PHP 5.3.3
[Locale] Fixed: Locale::setDefault() throws no exception when "en" is passed
[Locale] Fixed: StubLocale::setDefault() throws no exception when "en" is passed
[Translation] Grammar fix
[Yaml] fixed embedded folded string parsing
[Validator] fixed Boolean handling in XML constraint mappings (closes#5603)
[Translation] Fixed regression: When only one rule is passed to transChoice(), this rule should be used
Conflicts:
src/Symfony/Component/HttpKernel/Kernel.php
* 2.2:
bumped Symfony version to 2.2.7
updated VERSION for 2.2.6
update CONTRIBUTORS for 2.2.6
updated CHANGELOG for 2.2.6
clearToken exception is thrown at wrong place.
Conflicts:
src/Symfony/Component/HttpKernel/Kernel.php
* 2.3:
[Locale] fixed build-data exit code in case of an error
fixed request format of sub-requests when explicitely set by the developer (closes#8787)
Sets _format attribute only if it wasn't set previously by the user.
Exclude little words of 'ee' to 'oo' plural transformation
fixed the format of the request used to render an exception
Fix typo in the check_path validator
added a missing use statement (closes#8808)
fix for Process:isSuccessful()
Include untrusted host in the exception message
Conflicts:
src/Symfony/Component/HttpKernel/EventListener/ExceptionListener.php
src/Symfony/Component/HttpKernel/Fragment/InlineFragmentRenderer.php
* 2.2:
[Locale] fixed build-data exit code in case of an error
fixed request format of sub-requests when explicitely set by the developer (closes#8787)
Sets _format attribute only if it wasn't set previously by the user.
Exclude little words of 'ee' to 'oo' plural transformation
fixed the format of the request used to render an exception
Fix typo in the check_path validator
added a missing use statement (closes#8808)
fix for Process:isSuccessful()
Conflicts:
UPGRADE-3.0.md
src/Symfony/Component/Locale/Resources/data/build-data.php
* 2.3:
moved some fixed dep versions from 2.2.* to ~2.2 (refs #8613)
[HttpKernel] added a missing dep for dev
[Form] fixed wrong call to setTimeZone() (closes#8644)
Fix issue with \DateTimeZone::UTC / 'UTC' for PHP 5.4
[Form] Fixed patched forms to be valid even if children are not submitted
Revert "[Form] Fix of "PATCH'ed forms are never valid""
[Form] Fixed: If a form is not present in a request, it is not automatically submitted
Fixes link indices
[Form] Removed the "disabled" attribute from the placeholder option in select fields due to problems with the BlackBerry 10 browser
Revert "[Form] Remove "value" attribute on empty_value option"
[routing] added ability for apache matcher to handle array values
removed dead code and fixed CS
[Validator] fixed StaticMethodLoader trying to invoke methods of abstract classes (closes#8589)
* 2.2:
[HttpKernel] added a missing dep for dev
[Form] fixed wrong call to setTimeZone() (closes#8644)
Fix issue with \DateTimeZone::UTC / 'UTC' for PHP 5.4
[Form] Removed the "disabled" attribute from the placeholder option in select fields due to problems with the BlackBerry 10 browser
[routing] added ability for apache matcher to handle array values
removed dead code and fixed CS
[Validator] fixed StaticMethodLoader trying to invoke methods of abstract classes (closes#8589)
Conflicts:
src/Symfony/Bundle/TwigBundle/TokenParser/RenderTokenParser.php
src/Symfony/Component/Form/FormConfigBuilder.php
src/Symfony/Component/HttpKernel/composer.json
src/Symfony/Component/Validator/Tests/GraphWalkerTest.php
* 2.3:
[PropertyAccess] added moves to pluralMap
[Security] fixed issue where authentication listeners clear unrelated tokens
added greek translation
[DependencyInjection] Add exception for service name not dumpable in PHP
bumped Symfony version to 2.3.3-DEV
fix issue #8499 modelChoiceList call getPrimaryKey on a non object
updated VERSION for 2.3.2
updated CHANGELOG for 2.3.2
[DependencyInjection] Add exception for service name not dumpable in PHP
fixed typo
bumped Symfony version to 2.2.5
updated VERSION for 2.2.4
update CONTRIBUTORS for 2.2.4
updated CHANGELOG for 2.2.4
Fixed NativeSessionStorage:regenerate when does not exists
removed extraneous whitespaces
Conflicts:
src/Symfony/Component/HttpKernel/Kernel.php
* 2.2:
[PropertyAccess] added moves to pluralMap
[Security] fixed issue where authentication listeners clear unrelated tokens
fix issue #8499 modelChoiceList call getPrimaryKey on a non object
[DependencyInjection] Add exception for service name not dumpable in PHP
Conflicts:
src/Symfony/Component/DependencyInjection/Dumper/PhpDumper.php
src/Symfony/Component/DependencyInjection/Tests/Dumper/PhpDumperTest.php
src/Symfony/Component/Security/Tests/Http/Firewall/BasicAuthenticationListenerTest.php
This commit fixes an issue where authentication listeners clear all security tokens in case of authentication failure.
This behavior makes it impossible to combine certain authentication mechanisms, notably x509 with form-based login.
* 2.3:
Reverts JSON_NUMERIC_CHECK
Just a Typo
[Yaml] removed wrong comment removal inside a string block
Fixing configuration validation error messages.
[HtppKernel] fixed inline fragment renderer
fixed inline fragment renderer
ProgressHelper shows percentage complete.
Comment fixed: RedrawFrequency is measured in steps.
fix handling of a default 'template' as a string
Conflicts:
src/Symfony/Component/Console/Tests/Helper/ProgressHelperTest.php
* 2.2:
Reverts JSON_NUMERIC_CHECK
Just a Typo
[Yaml] removed wrong comment removal inside a string block
Fixing configuration validation error messages.
[HtppKernel] fixed inline fragment renderer
fixed inline fragment renderer
ProgressHelper shows percentage complete.
Comment fixed: RedrawFrequency is measured in steps.
fix handling of a default 'template' as a string
Conflicts:
src/Symfony/Component/Console/Helper/ProgressHelper.php
src/Symfony/Component/Console/Tests/Helper/ProgressHelperTest.php
src/Symfony/Component/HttpKernel/Tests/Fragment/HIncludeFragmentRendererTest.php
src/Symfony/Component/HttpKernel/Tests/Fragment/InlineFragmentRendererTest.php
This PR was merged into the master branch.
Discussion
----------
[Security] Add simpler customization options
The goal of this is to provide a simpler extension point for people that don't have the time to dive into the whole security factory + authentication provider + user provider + authentication listener + token mess. As it stands, it gives you a way to just create one class that is handling all the security stuff in one (by implementing SimpleFormAuthenticatorInterface and UserProviderInterface) + one or more token classes.
I would like feedback on whether people think this makes sense or not before continuing and doing a SimpleHttpAuthenticatorInterface for non-form based stuff.
Just FYI that's how it would look in security.yml:
```yaml
security:
providers:
simple:
id: simple_authenticator
firewalls:
foo:
pattern: ^/
simple_form:
provider: simple
authenticator: simple_authenticator
```
/cc @atrauzzi (who posted a long rant on the ML about how hard this all is, and I can't agree more - I hope it's the right account on github?)
Commits
-------
74cfc84 marked some classes as being experimental in 2.3
471e5bc [Security] allowed simple pre-auth to be optional if another auth mechanism already authenticated the user
01c913b moved the simple HTTP authenticator to a pre-auth one
887d9b8 fixed wrong Logger interface
65335ea [Security] Renamed simple_token to simple_http, added support for failure and success handler to both simple firewalls
f7a11a1 [Security] Add simple_token auth method
1fe2ed6 [Security] Add SimpleForm authentication
* 2.2:
added additional tests to cover invalid argument exceptions in OutputFormatterStyle component
added a missing check for the provider key
[Validator] fixed wrong URL for XSD
[Validator] Fixed: $traverse and $deep is passed to the visitor from Validator::validate()
[Form] Fixed transform()/reverseTransform() to always throw TransformationFailedExceptions
[Form] Fixed: String validation groups are never interpreted as callbacks
if the repository method returns an array ensure that it's internal poin...
[Form] Improved multi-byte handling of NumberToLocalizedStringTransformer
Fix wrong method in findTaggedServiceIds(), add example to docblock.
Conflicts:
src/Symfony/Component/Form/Extension/Core/DataTransformer/ChoicesToBooleanArrayTransformer.php
src/Symfony/Component/Form/Extension/Validator/Constraints/FormValidator.php
* 2.1:
added additional tests to cover invalid argument exceptions in OutputFormatterStyle component
added a missing check for the provider key
[Validator] fixed wrong URL for XSD
[Form] Fixed transform()/reverseTransform() to always throw TransformationFailedExceptions
[Form] Fixed: String validation groups are never interpreted as callbacks
if the repository method returns an array ensure that it's internal poin...
Fix wrong method in findTaggedServiceIds(), add example to docblock.
Conflicts:
src/Symfony/Bridge/Doctrine/Form/DataTransformer/CollectionToArrayTransformer.php
src/Symfony/Component/Form/Extension/Core/DataTransformer/DataTransformerChain.php
src/Symfony/Component/Form/Tests/Extension/Core/DataTransformer/ArrayToPartsTransformerTest.php
src/Symfony/Component/Form/Tests/Extension/Core/DataTransformer/ChoiceToValueTransformerTest.php
src/Symfony/Component/Form/Tests/Extension/Core/DataTransformer/ChoicesToValuesTransformerTest.php
src/Symfony/Component/Form/Tests/Extension/Core/DataTransformer/DateTimeToArrayTransformerTest.php
src/Symfony/Component/Form/Tests/Extension/Core/DataTransformer/DateTimeToRfc3339TransformerTest.php
src/Symfony/Component/Form/Tests/Extension/Core/DataTransformer/IntegerToLocalizedStringTransformerTest.php
src/Symfony/Component/Form/Tests/Extension/Core/DataTransformer/ValueToDuplicatesTransformerTest.php
* 2.2:
Fix default value handling for multi-value options
[HttpKernel] truncate profiler token to 6 chars (see #7665)
Disabled APC on Travis for PHP 5.5+ as it is not available
[HttpFoundation] do not use server variable PATH_INFO because it is already decoded and thus symfony is fragile to double encoding of the path
Fix download over SSL using IE < 8 and binary file response
[Console] Fix merging of application definition, fixes#7068, replaces #7158
[HttpKernel] fixed the Kernel when the ClassLoader component is not available (closes#7406)
fixed output of bag values
[Yaml] improved boolean naming ($notEOF -> !$EOF)
[Yaml] fixed handling an empty value
[Routing][XML Loader] Add a possibility to set a default value to null
[Console] fixed handling of "0" input on ask
The /e modifier for preg_replace() is deprecated in PHP 5.5; replace with preg_replace_callback()
fixed handling of "0" input on ask
[HttpFoundation] Fixed bug in key searching for NamespacedAttributeBag
[Form] DateTimeToRfc3339Transformer use proper transformation exteption in reverse transformation
Update PhpEngine.php
[PropertyAccess] Add objectives to pluralMap
[Security] Removed unused var
[HttpFoundation] getClientIp is fixed.
Conflicts:
src/Symfony/Component/Console/Tests/Command/CommandTest.php
src/Symfony/Component/Console/Tests/Input/ArgvInputTest.php
src/Symfony/Component/HttpFoundation/Request.php
src/Symfony/Component/HttpKernel/Kernel.php
This PR was merged into the 2.2 branch.
Discussion
----------
[Security] Removed unused var
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | I guess
| Fixed tickets | -
Commits
-------
bd26419 [Security] Removed unused var
* 2.2: (22 commits)
fixed doc references (closes#7515)
fixed doc references (closes#7515)
On OS X, sys_get_tmp_dir() returns /var/private/..., which really is below /private/var.
Doctrine cannot handle bare random non-utf8 strings
small changes
[SecurityBundle] Fixed configuration exemple
idAsIndex should be true with a smallint or bigint id field.
[PropertyAccess] Remove trailing periods from doc blocks
Fix param docs for PropertyAccessor read method
Fixed long multibyte parameter logging in DbalLogger:startQuery
Keep the file extension in the temporary copy and test that it exists (closes#7482)
bumped Symfony version to 2.1.10-DEV
[Validator][translation][japanese]replaced period to japanese one [Validator][translation][japanese]fixed japanese translation to more practical one [Validator][translation][japanese]fixed message ordering to be consistent with other languages [Validator][translation][japanese]added new validation messages in japanese translation
updated VERSION for 2.1.9
update CONTRIBUTORS for 2.1.9
updated CHANGELOG for 2.1.9
[Security] fixed wrong interface
Remove already defined arguments
Add missing use
[FrameworkBundle] Reuse definition variable in FormPass
...
Conflicts:
src/Symfony/Bridge/Doctrine/Logger/DbalLogger.php
src/Symfony/Bundle/WebProfilerBundle/Resources/views/Collector/config.html.twig
This PR was merged into the master branch.
Discussion
----------
[2.2] [Security] Add an option to disable the hasPreviousSession() check in AbstractAuthenticationListener
Bug fix: no
Feature addition: yes
Backwards compatibility break: no
Symfony2 tests pass: [](http://travis-ci.org/adrienbrault/symfony)
Fixes the following tickets: #3703
Todo: Add this option to the symfony doc security configuration reference
License of the code: MIT
Documentation PR: N/A
As stated in #3703, all authentication listeners that inherit from AbstractAuthenticationListener, only work when a previous session has been created.
This PR allows to change the default behavior in the security.yml file.
Example:
```yml
security:
firewalls:
secured_area:
pattern: ^/demo/secured/
form_login:
check_path: /demo/secured/login_check
login_path: /demo/secured/login
require_previous_session: false # The default value is true
logout:
path: /demo/secured/logout
target: /demo/
#anonymous: ~
#http_basic:
# realm: "Secured Demo Area"
```
PS: While removing my old commit, it closed the #4774 PR ...
Commits
-------
0562463 [Security] Add an option to disable the hasPreviousSession() check in AbstractAuthenticationListener
* 2.1:
sub-requests are now created with the same class as their parent
[FrameworkBundle] removed BC break
[FrameworkBundle] changed temp kernel name in cache:clear
[DoctrineBridge] Avoids blob values to be logged by doctrine
[Security] use current request attributes to generate redirect url?
[Validator] fix showing wrong max file size for upload errors
[TwigBridge] removed double var initialization (refs #7344)
[2.1][TwigBridge] Fixes Issue #7342 in TwigBridge
[FrameworkBundle] fixed cahe:clear command's warmup
[TwigBridge] now enter/leave scope on Twig_Node_Module
[TwigBridge] fixed fixed scope & trans_default_domain node visitor
[TwigBridge] fixed non probant tests & added new one
[BrowserKit] added ability to ignored malformed set-cookie header
[Translation] removed wriong 'use'
[Translation] added xliff loader/dumper with resname support
[TwigBridge] fixes
Conflicts:
src/Symfony/Bundle/FrameworkBundle/HttpKernel.php
src/Symfony/Component/Security/Http/HttpUtils.php
src/Symfony/Component/Translation/Loader/XliffFileLoader.php
src/Symfony/Component/Translation/Tests/Loader/XliffFileLoaderTest.php
* 2.1:
added support for the X-Forwarded-For header (closes#6982, closes#7000)
fixed the IP address in HttpCache when calling the backend
[EventDispatcher] Added assertion.
[EventDispathcer] Fix removeListener
[DependencyInjection] Add clone for resources which were introduced in 2.1
[DependencyInjection] Allow frozen containers to be dumped to graphviz
Fix 'undefined index' error, when entering scope recursively
[Security] fixed session creation on login (closes#7011)
Add dot character `.` to legal mime subtype regular expression
[HttpFoundation] fixed the creation of sub-requests under some circumstancies (closes#6923, closes#6936)
* 2.1:
[HttpKernel] fixed the creation of the Profiler directory
[Security] fixed session creation when none is needed (closes#6917)
[FrameworkBundle] removed obsolete comment (see 2e356c1)
* 2.1:
[DependencyInjection] fixed the creation of synthetic services in ContainerBuilder
[Security] PHPDoc in SecurityEvents
Fix typos in README
Added an error message in the DebugClassLoader when using / instead of \.
KNOWN_ISSUES with php 5.3.16
[FrameworkBundle] fixed Client::doRequest that must call its parent method (closes#6737)
[Yaml] fixed ignored text when parsing an inlined mapping or sequence (closes#6786)
[Yaml] fixed#6773
[Yaml] fixed#6770
bumped Symfony version to 2.1.8-DEV
bumped Symfony version to 2.0.23-DEV
Conflicts:
src/Symfony/Bundle/FrameworkBundle/Client.php
src/Symfony/Component/HttpKernel/Kernel.php
* 2.0:
[DependencyInjection] fixed the creation of synthetic services in ContainerBuilder
[Security] PHPDoc in SecurityEvents
[FrameworkBundle] fixed Client::doRequest that must call its parent method (closes#6737)
[Yaml] fixed ignored text when parsing an inlined mapping or sequence (closes#6786)
[Yaml] fixed#6773
[Yaml] fixed#6770
bumped Symfony version to 2.0.23-DEV
Conflicts:
src/Symfony/Component/DependencyInjection/ContainerBuilder.php
src/Symfony/Component/HttpKernel/Kernel.php
src/Symfony/Component/Yaml/Inline.php
src/Symfony/Component/Yaml/Tests/InlineTest.php
This PR was merged into the master branch.
Commits
-------
67d7423 Remove use of deprecated HttpKernel LoggerInterface
dca4528 [HttpKernel] Extend psr/log's NullLogger class
1e5a890 [Monolog] Mark old non-PSR3 methods as deprecated
91a86f8 [HttpKernel][Monolog] Add PSR-3 support to the LoggerInterface
Discussion
----------
[HttpKernel][MonologBridge] PSR-3 support
This enables PSR-3 support and monolog 1.3+. The first commit is the main part. The rest deals with deprecation of short-hand methods (warn/err/crit/emerg) that are fully expanded in PSR-3 (warning/error/critical/emergency).
The downside of deprecating them is that for bundles it's a bit harder to support older and newer versions. If that is too much of a hassle you can drop that for now and cherry pick the first commit.
The upside is that it forces people to move towards PSR-3 compatible stuff, which means eventually we could completely drop the LoggerInterface from the framework. In any case I think the documentation should only mention the `Psr\Log\LoggerInterface` and people should start hinting against that. The change should be done in core as well I suppose.
Anyway I wanted to throw this out there as it is to get feedback.
---------------------------------------------------------------------------
by stof at 2013-01-09T09:15:15Z
@Seldaek I also think you should change the typehint to use the PSR LoggerInterface in all classes using the logger
---------------------------------------------------------------------------
by Seldaek at 2013-01-09T09:54:55Z
OK updated according to all the feedback. I tested it in an app and it still seems to work so there shouldn't be any major issues.
---------------------------------------------------------------------------
by Seldaek at 2013-01-09T09:59:55Z
@fabpot if you merge please merge also the bundle PR, otherwise it won't be possible to update without conflict.
---------------------------------------------------------------------------
by frosas at 2013-01-10T14:59:20Z
I'm trying to understand why a `composer update` of a Symfony 2.1.* resulted in a fatal error. Shouldn't a stable version don't break like this?
As @olaurendeau points, why Symfony depends 1.* instead of 1.2.*? Or why Monolog 1.3 breaks its public interface (EDIT: I'm not sure about it)? Or why isn't this PR being merged (into branch 2.1) at the same time Monolog 1.3 is released?
Please, understand I'm not looking for who to blame, it's just I want to know if this situation is unexpected or if otherwise a `composer update` on a stable branch is not as innocent as it seems.
---------------------------------------------------------------------------
by stof at 2013-01-10T15:06:51Z
@frosas it cannot be merged into 2.1 as it is a BC break. The 2.1 branch has been updated to forbid Monolog 1.3 already
---------------------------------------------------------------------------
by Seldaek at 2013-01-10T15:11:58Z
@frosas you can blame me for releasing as 1.3.0 and not 2.0, but technically for monolog this isn't really a BC break, I just added an interface. The problem is due to the way it's used in symfony, it ended up as a fatal error. In any case the situation is now sorted out I think.
---------------------------------------------------------------------------
by frosas at 2013-01-10T15:26:43Z
@stof now I see this `>=1.0,<1.3-dev` change in the 2.1 branch. Now, shouldn't a new (2.1.7) version be released for all of us not in the dev minimum-stability?
@Seldaek then do you see feasible to rely only in X.Y.* versions to avoid this kind of errors?
---------------------------------------------------------------------------
by Seldaek at 2013-01-10T15:45:22Z
@frosas relying on X.Y.* is painful because you always need to wait until someone updates the constraint to get the new version. Of course using ~1.3 like in this PR means if I fuck up and break BC people will update to it, but that's a less likely occurrence than the alternative I think, so I would rather not use X.Y.*
---------------------------------------------------------------------------
by frosas at 2013-01-10T15:50:50Z
@Seldaek you are right about this, but I was thinking more in changing it only for the stable versions. EDIT: I mean, how often do you need a new feature in a branch you only apply fixes to?
---------------------------------------------------------------------------
by stof at 2013-01-10T15:57:32Z
@frosas Monolog and Symfony have separate release cycles. Foorcing Symfony users to use an old version of Monolog until they update to a new version of Symfony whereas the newer Monolog is compatible is a bad idea. Thus, as Monolog keeps BC, it does not maintain bugfix releases for all older versions (just like Twig does too). So it would also forbid you to get the fixes done in newer Monolog versions.
The incompatibility between Symfony 2.1 LoggerInterface and PSR-3 (whereas they expect exactly the same behavior and signature for methods with the same name) is unfortunate and is the reason why we get some issues here.
---------------------------------------------------------------------------
by frosas at 2013-01-10T16:21:06Z
@stof I appreciate you prefer to allow newer versions at the price of having to be constantly monitoring its changes to avoid breaks.
Another similar but safer strategy would be to stick to X.Y.* versions and upgrade to X.Y+1.* once the new version integration is tested, but I understand this is discutible in projects as close to Symfony as Monolog.
Returning to the issue, what do you say to release this 2.1.7 version? Or is it only me who is having issues here?
---------------------------------------------------------------------------
by stof at 2013-01-10T16:26:20Z
@frosas a minor release should not break BC when following smeantic versionning (Symfony warned about the fact it is not strictly followed for the first releases of 2.x). But as far as monolog is concerned, 1.3 is BC with 1.2.
---------------------------------------------------------------------------
by Seldaek at 2013-01-10T16:49:55Z
@frosas sorry I didn't get you still had the problem. I tagged a 2.1.7 of monologbundle which hopefully fixes your issue.
This PR was merged into the master branch.
Commits
-------
73db84f [Security] Move translations file to 'security' domain
324703a [Security] Switch to English messages as message keys
aa74769 [Security] Fix CS + unreachable code
2d7a7ba [Security] Fix `AuthenticationException` serialization
50d5724 [Security] Introduced `UsernameNotFoundException#get/setUsername`
39da27a [Security] Removed `get/setExtraInformation`, added `get/set(Token|User)`
837ae15 [Security] Add note about changed constructor to changelog
d6c57cf [FrameworkBundle] Register security exception translations
d7129b9 [Security] Fix exception constructors called in `UserChecker`
0038fbb [Security] Add initial translations for AccountStatusException childs
50e2cfc [Security] Add custom `getMessageKey` AccountStatusException childs
1147977 [Security] Fix InsufficientAuthenticationException constructor calls
79430b8 [Security] Fix AuthenticationServiceException constructor calls
42cced4 [Security] Fix AuthenticationException constructor calls
963a1d7 [Security] Add initial translations for the exceptions
ed6eed4 [Security] Add `getMessageKey` and `getMessageData` to auth exceptions
694c47c [Security] Change signature of `AuthenticationException` to match `\Exception`
Discussion
----------
[2.2][Security] AuthenticationException enhancements
Bug fix: semi
Feature addition: yes
Backwards compatibility break: yes
Symfony2 tests pass: [](http://travis-ci.org/asm89/symfony)
Fixes the following tickets: #837
License of the code: MIT
This PR adds the functionality discussed in #837 and changes the constructor of the `AuthenticationException` to match that of `\Exception`. This PR will allow developers to show a translated (save) authentication exception message to the user. :)
*Todo:*
- Add some functional test to check that the exceptions can indeed be translated?
- Get feedback on the current English messages
---------------------------------------------------------------------------
by asm89 at 2012-07-15T14:04:11Z
ping @schmittjoh
---------------------------------------------------------------------------
by schmittjoh at 2012-07-15T14:57:32Z
Looks good to me.
While you are at the exceptions, I think we can also get rid of the "extra information" thing and replace it by explicit getters/setters. Mostly that will mean adding set/getToken, set/getUser, set/getUsername. Bundles might add custom exceptions which have other data. This will make it a bit more useful and predictable.
---------------------------------------------------------------------------
by asm89 at 2012-07-15T15:40:45Z
@schmittjoh I removed the `get/setExtraInformation` and added the more explicit getters/setters as you suggested.
---------------------------------------------------------------------------
by asm89 at 2012-07-15T19:33:15Z
@fabpot Did you reschedule this for 2.2? Why? It was originally a 2.1 ticket. I think it is an important one because at the moment there is no reliable way to show users the cause of an `AuthenticationException` without the threat of exposing sensitive information. This issue has been around for a while, see the original issue this PR refers to, or for example [this TODO comment in FOSUB](https://github.com/FriendsOfSymfony/FOSUserBundle/blob/master/Controller/SecurityController.php#L37).
The PR itself is ready to merge now. My only question that remains is about whether the actual translations should be functional tested?
---------------------------------------------------------------------------
by fabpot at 2012-07-15T19:43:19Z
We need to stop at some point. If not, we never release anything. beta3 was scheduled for today and I don't plan any other one before the first RC and I won't have time to review this PR next week. So, if you, @schmittjoh, @vicb, @stof, and a few other core devs "validate" this PR, I might consider merging it before 2.1.
---------------------------------------------------------------------------
by asm89 at 2012-07-15T19:46:09Z
@fabpot I totally agree with your point of view. I just have been trying to pickup some security issues that were still open. :)
---------------------------------------------------------------------------
by stof at 2012-07-15T19:50:29Z
This looks good to me
---------------------------------------------------------------------------
by asm89 at 2012-08-12T09:06:24Z
Since the beta period is over I assume the window was missed to get this security related PR in 2.1. If I have feedback from @fabpot I'll still try to make it mergeable asap though.
---------------------------------------------------------------------------
by fabpot at 2012-08-13T10:10:32Z
@asm89 This would indeed be considered for merging in 2.2.
---------------------------------------------------------------------------
by Antek88 at 2012-10-03T10:30:46Z
+1
---------------------------------------------------------------------------
by stof at 2012-10-04T21:27:15Z
@asm89 could you rebase this PR ? It conflicts with master
---------------------------------------------------------------------------
by fabpot at 2012-10-05T17:16:44Z
What's the status of this PR? @asm89 Have you taken all the feedback into account?
---------------------------------------------------------------------------
by stof at 2012-10-13T17:48:48Z
@asm89 ping
---------------------------------------------------------------------------
by fabpot at 2012-10-29T09:48:40Z
@asm89 If you don't have time, I can finish the work on this PR, but can you just tell me what's left?
---------------------------------------------------------------------------
by asm89 at 2012-10-29T10:02:22Z
I can pick this up, but I have two outstanding questions:
- One about adding `::create()`? https://github.com/symfony/symfony/pull/4935#discussion_r1358297
- And what is the final verdict on the messages? https://github.com/symfony/symfony/pull/4935#discussion_r1165701 The initial idea was that the exception itself have an exception message which is plain english and informative for the developer. If you want to display the 'safe' user messages you have the optional dependency on the translator. There is a comparison made with the Validator component, but in my opinion that's a different case because the violations always contain the message directed at the user and have no plain english message for the developer. Apart from that the Validator component contains it's own code for replacing `{{ }}` variables in messages (duplication? not as flexible as the translator). Concluding I'd opt for: optional dependency on translator component if you want to show 'safe' user messages + message keys.
@schmittjoh Any things to add?
---------------------------------------------------------------------------
by schmittjoh at 2012-10-29T10:14:09Z
Message keys sound good to me. I wouldn't add the ``create`` method for now.
On Mon, Oct 29, 2012 at 11:02 AM, Alexander <notifications@github.com>wrote:
> I can pick this up, but I have two outstanding questions:
>
> - One about adding ::create()? symfony/symfony#4935<https://github.com/symfony/symfony/issues/4935#discussion_r1358297>
> - And what is the final verdict on the messages? symfony/symfony#4935<https://github.com/symfony/symfony/issues/4935#discussion_r1165701>The initial idea was that the exception itself have an exception message
> which is plain english and informative for the developer. If you want to
> display the 'safe' user messages you have the optional dependency on the
> translator. There is a comparison made with the Validator component, but in
> my opinion that's a different case because the violations always contain
> the message directed at the user and have no plain english message for the
> developer. Apart from that the Validator component contains it's own code
> for replacing {{ }} variables in messages (duplication? not as
> flexible as the translator). Concluding I'd opt for: optional dependency on
> translator component if you want to show 'safe' user messages + message
> keys.
>
> @schmittjoh <https://github.com/schmittjoh> Any things to add?
>
> —
> Reply to this email directly or view it on GitHub<https://github.com/symfony/symfony/pull/4935#issuecomment-9861016>.
>
>
---------------------------------------------------------------------------
by fabpot at 2012-10-29T10:27:37Z
As I said in the discussion about the translations, I'm -1 for the message keys to be consistent with how we manage translations everywhere else in the framework.
---------------------------------------------------------------------------
by stof at 2012-10-29T10:30:50Z
@fabpot When we changed the English translation for the validation errors in 2.1, we had to tag the commit as a BC rbeak as it was changing the source for all other translations. And if you look at the state of the files now, you will see that we are *not* using the English as source anymore in some places as some validation errors have a pluralized translation but the source has not been changed.
So I think using a key is more future-proof.
---------------------------------------------------------------------------
by asm89 at 2012-10-30T19:44:49Z
Any final decision on this? On one hand I have @stof and @schmittjoh +1 on message keys, on the other @fabpot -1. I guess it's your call @fabpot.
Edit: also @vicb seemed to be +1 on message keys earlier on.
---------------------------------------------------------------------------
by drak at 2012-11-01T20:19:00Z
I am also -1, I agree with @fabpot
---------------------------------------------------------------------------
by asm89 at 2012-11-12T09:38:51Z
@fabpot Can you please give a definite answer on this? I personally think @stof and @vicb have good points to do message keys, but with all these different people +1 and -1'ing the PR I'm lost on what it should actually do.
---------------------------------------------------------------------------
by asm89 at 2012-11-14T09:59:06Z
ping @fabpot
---------------------------------------------------------------------------
by asm89 at 2012-11-26T10:01:27Z
ping @fabpot We talked about this in Berlin. Any final thoughts on the PR? :) One idea was to do message keys + opt depend on the translator component if you want to use them, or use your own implementation.
---------------------------------------------------------------------------
by fabpot at 2012-11-26T14:01:37Z
The conclusion is: keep using plain English.
On Mon, Nov 26, 2012 at 11:01 AM, Alexander <notifications@github.com>wrote:
> ping @fabpot <https://github.com/fabpot> We talked about this in Berlin.
> Any final thoughts on the PR? :) One idea was to do message keys + opt
> depend on the translator component if you want to use them, or use your own
> implementation.
>
> —
> Reply to this email directly or view it on GitHub<https://github.com/symfony/symfony/pull/4935#issuecomment-10709997>.
>
>
---------------------------------------------------------------------------
by Inori at 2012-11-26T15:00:22Z
is this final? if not, then +1 for message keys
---------------------------------------------------------------------------
by vicb at 2012-11-27T22:33:47Z
@fabpot I can't understand why we keep discussing this for months as this implementation use *both* keys and plain Englis, ie using keys is optional ( if it was not it would not be an issue according to #6129)
---------------------------------------------------------------------------
by asm89 at 2013-01-02T21:43:46Z
@fabpot @vicb I'll rebase this PR, fix the comments and refactor the message keys to use plain English + {{ }} syntax for the placeholders.
---------------------------------------------------------------------------
by asm89 at 2013-01-07T15:00:58Z
@fabpot If I fix this tonight, will it make the beta?
---------------------------------------------------------------------------
by fabpot at 2013-01-07T15:53:00Z
yes, definitely.
---------------------------------------------------------------------------
by asm89 at 2013-01-07T20:13:38Z
@fabpot I switched the implementation to English messages instead of message keys and fixed the final comments + rebased. Anything you want me to do after this?
Still happy with `getMessageKey()`?
This PR was merged into the master branch.
Commits
-------
6703fb5 added changelog entries
1997e2e fix phpdoc of UrlGeneratorInterface that missed some exceptions and improve language of exception message
f0415ed [Routing] made reference type fully BC and improved phpdoc considerably
7db07d9 [Routing] added tests for generating relative paths and network paths
75f59eb [Routing] add support for path-relative and scheme-relative URL generation
Discussion
----------
[2.2] [Routing] add support for path-relative URL generation
Tests pass: yes
Feature addition: yes
BC break: <del>tiny (see below)</del> NO
deprecations: NO
At the moment the Routing component only supports absolute and domain-relative URLs, e.g.
`http://example.org/user-slug/article-slug/comments` and
`/user-slug/article-slug/comments`.
But there are two link types missing: schema-relative URLs and path-relative URLs.
schema-relative: e.g. `//example.org/user-slug/article-slug/comments`
path-relative: e.g. `comments`.
Both of them would now be possible with this PR. I think it closes a huge gap in the Routing component.
Use cases are pretty common. Schema-relative URLs are for example used when you want to include assets (scripts, images etc) in a secured website with HTTPS. Path-relative URLs are the only option when you want to generate static files (e.g. documentation) that can be downloaded as an HTML archive. Such use-cases are currently not possible with symfony.
The calculation of the relative path based on the request path and target path is hightly unit tested. So it is really equivalent. I found several implemenations on the internet but none of them worked in all cases. Mine is pretty short and works.
I also added an optional parameter to the twig `path` function, so this feature can also be used in twig templates.
Ref: This implements path-relative URLs as suggested in #3908.
<del>[BC BREAK] The signature of UrlGeneratorInterface::generate changed to support scheme-relative and path-relative URLs. The core UrlGenerator is BC and does not break anything, but users who implemented their own UrlGenerator need to be aware of this change. See UrlGenerator::convertReferenceType.</del>
---------------------------------------------------------------------------
by jalliot at 2012-04-16T09:56:56Z
@Tobion For completeness, you should add the option to the `url` and `asset` twig functions/template helpers.
---------------------------------------------------------------------------
by stof at 2012-04-16T10:46:06Z
@jalliot adding the option to ``url`` does not make any sense. The difference between ``path`` and ``url`` is that ``path`` generates a path and ``url`` generates an absolute url (thus including the scheme and the hostname)
---------------------------------------------------------------------------
by Tobion at 2012-04-16T12:27:49Z
@stof I guess jalliot meant we could then generate scheme-relative URLs with `url`. Otherwise this would have no equivalent in twig.
---------------------------------------------------------------------------
by jalliot at 2012-04-16T12:34:08Z
@stof Yep I meant what @Tobion said :)
---------------------------------------------------------------------------
by Tobion at 2012-04-18T11:57:04Z
The $relative parameter I added besides the existing $absolute parameter of the `->generate` method was not clear enough. So I merged those into a different parameter `referenceType`. I adjusted all parts of symfony to use the new signature. And also made the default `UrlGenerator` implementation BC with the old style. So almost nobody will recognize a change. The only BC break would be for somebody who implemented his own `UrlGenerator` and did not call the parent default generator.
Using `referenceType` instead of a simple Boolean is much more flexible. It will for example allow a custom generator to support a new reference type like http://en.wikipedia.org/wiki/CURIE
---------------------------------------------------------------------------
by Tobion at 2012-04-18T13:34:58Z
ping @schmittjoh considering your https://github.com/schmittjoh/JMSI18nRoutingBundle/blob/master/Router/I18nRouter.php would need a tiny change
---------------------------------------------------------------------------
by schmittjoh at 2012-04-18T13:37:39Z
Can you elaborate the necessary change?
---------------------------------------------------------------------------
by Tobion at 2012-04-18T13:51:10Z
This PR changes the signature of `generate` to be able to generate path-relative and scheme-relative URLs. So it needs to be
`public function generate($name, $parameters = array(), $referenceType = self::ABSOLUTE_PATH)` and your implementation would need to change `if ($absolute && $this->hostMap) {` to `if (self::ABSOLUTE_URL === $referenceType && $this->hostMap) {`
I can do a PR if this gets merged.
---------------------------------------------------------------------------
by schmittjoh at 2012-04-18T13:52:14Z
If I understand correctly, the old parameter still works, no?
edit: Ah, ok I see what you mean now.
---------------------------------------------------------------------------
by Tobion at 2012-04-18T13:56:33Z
Yeah the old parameter still works but $absolute would also evaluate to true (a string) in your case for non-absolute URLs, i.e. paths.
---------------------------------------------------------------------------
by Tobion at 2012-04-19T21:09:46Z
ping @fabpot
---------------------------------------------------------------------------
by fabpot at 2012-04-20T04:30:18Z
Let's discuss that feature for 2.2.
---------------------------------------------------------------------------
by Tobion at 2012-04-20T10:40:59Z
What are your objections against it? It's already implemented, it works and it adds support for things that are part of a web standard. The BC break is tiny at the moment (almost nobody is affected) because the core UrlGenerator works as before. But if we waited for 2.2 it will be much harder to make the transition because 2.1 is LTS. So I think is makes sense to add it now. Furthermore it makes it much more future-proof as custom generators can more easiliy add support for other link types like CURIE. At the moment a Boolean for absolute URLs is simply too limited and also somehow inconsistent because $absolute = false stands for an absolute path. You see the awkwardness in this naming.
Btw, I added a note in the changelog. And I will add documentation of this feature in symfony-docs once this is merged.
---------------------------------------------------------------------------
by fabpot at 2012-04-20T12:14:32Z
nobody has ever said that 2.1 would be LTS. Actually, I think we are going to wait for 2.3 for LTS.
---------------------------------------------------------------------------
by Tobion at 2012-04-20T12:27:18Z
Well what I meant is, the longer we wait with this, the harder to apply it.
In 04ac1fdba2 you modified `generate` signature for better extensibility that is not even made use of. I think changing `$abolute` param goes in the same direction and has direct use.
I'd like to know your reason to wait for 2.2. Not enough time to review it, or afraid of breaking something, or marketing for 2.2?
---------------------------------------------------------------------------
by stof at 2012-04-20T16:28:27Z
@Tobion the issue is that merging new features forces to postpone the release so that it is tested by enough devs first to be sure there is no blocking bug in it. Big changes cannot be merged when we are hunting the remaining bugs to be able to release.
---------------------------------------------------------------------------
by schmittjoh at 2012-04-20T16:42:11Z
Considering the changes that have been made to the Form component, and are still being made, I think this is in comparison to that a fairly minor change.
Maybe a clearer guideline on the release process, or the direction would help, and avoid confusion, or wrong expectations on contributors' part.
---------------------------------------------------------------------------
by Tobion at 2012-10-05T13:52:11Z
@fabpot this is ready. So if you agree with it, I would create a documentation PR.
---------------------------------------------------------------------------
by stof at 2012-10-13T16:09:47Z
@fabpot what do you think about this PR ?
---------------------------------------------------------------------------
by Crell at 2012-11-01T16:05:01Z
This feels like it's overloading the generate() method to do double duty: One, make a URl based on a route. Two, make a URI based on a URI snippet. Those are two separate operations. Why not just add a second method that does the second operation and avoid the conditionals? (We're likely to do that in Drupal for our own generator as well.)
---------------------------------------------------------------------------
by Tobion at 2012-11-01T16:38:39Z
@crell: No, you must have misunderstood something. The generate method still only generates a URI based on a route. The returned URI reference can now also be a relative path and a network path. Thats all.
---------------------------------------------------------------------------
by Tobion at 2012-12-13T18:30:28Z
@fabpot this is ready. It is fully BC! I also improved phpdoc considerably.
---------------------------------------------------------------------------
by Tobion at 2012-12-14T20:51:38Z
@fabpot Do you want me to write documentation for it? I would also be interested to write about the new features of the routing component in general. I wanted to do that anyway and it would probably be a good fit for your "new in symfony" articles.
---------------------------------------------------------------------------
by fabpot at 2012-12-14T20:58:16Z
Im' going to review this PR in the next coming days. And to answer your second question, more documentation or better documentation is always a good thing, so go for it.
---------------------------------------------------------------------------
by Tobion at 2013-01-02T21:50:20Z
@fabpot ping. I added changelog entries.
* 2.1:
Restrict Monolog version to be in version <1.3
[Console] Make getTerminalWith & getTerminalHeight public
[DependencyInjection] fixed PhpDumper optimizations when an inlined service depends on the current one indirectly
[DependencyInjection] fixed PhpDumper when an inlined service definition has some properties
[DependencyInjection] added some tests for PhpDumper when the container is compiled
[DependencyInjection] fixed CS
[Process] Do not reset stdout/stderr pipes on Interrupted system call
[Locale] Adjust `StubIntlDateFormatter` to have new methods added in PHP 5.5
use the right RequestMatcherInterface
[Locale] Fix failing `StubIntlDateFormatter` tests in PHP 5.5
[Locale] Fix failing `StubIntlDateFormatter` in PHP 5.5
[Form] Fix failing `MonthChoiceList` in PHP 5.5
Update .travis.yml
Conflicts:
src/Symfony/Bridge/Monolog/composer.json
src/Symfony/Component/DependencyInjection/Tests/Fixtures/php/services9.php
* 2.1: (24 commits)
updated license year
Update src/Symfony/Component/HttpFoundation/Response.php
[Form] Fixed inheritance of "error_bubbling" in RepeatedType
[Form] Fixed DateType when used with the intl extension disabled.
[HttpFoundation] fix return types and handling of zero in Response
[HttpFoundation] better fix for non-parseable Expires header date
Fixed missing plural message in portuguese validator
Fix Expires when the header is -1
[DoctrineBridge] Allowing memcache port to be 0 to support memcache unix domain sockets.
[Console] fixed unitialized properties (closes#5935)
[Process] Prevented test from failing when pcntl extension is not enabled.
Revert "[DoctrineBridge] Improved performance of the EntityType when used with the "query_builder" option"
[Form] Fixed failing tests for DateTimeToStringTransformer.
[Locale] Fixed the StubLocaleTest for ICU versions lower than 4.8.
[Bundle] [FrameworkBundle] fixed typo in phpdoc of the SessionListener.
[Form] Fixed test regression introduced in #6440
[Tests] Fix namespaces
Fixed php doc of GenericEvent::__construct
HttpUtils must handle RequestMatcher too
use preferred_choices in favor of preferred_query
...
Conflicts:
src/Symfony/Bridge/Propel1/Form/ChoiceList/ModelChoiceList.php
This PR was merged into the 2.0 branch.
Commits
-------
8b2c17f fix double-decoding in the routing system
Discussion
----------
fix double-decoding in the routing system
@fabpot @vicb This should fix it. You know what ;) Don't want to leak more information.
And the good thing, it's no hack nor does it break BC.
* 2.1:
fixed CS
fixed CS
[Security] fixed path info encoding (closes#6040, closes#5695)
[HttpFoundation] added some tests for the previous merge and removed dead code (closes#6037)
Improved Cache-Control header when no-cache is sent
removed unneeded comment
Fix to allow null values in labels array
fix date in changelog
removed the Travis icon (as this is not stable enough -- many false positive, closes#6186)
Revert "merged branch gajdaw/finder_splfileinfo_fpassthu (PR #4751)" (closes#6224)
Fixed a typo
Fixed: HeaderBag::parseCacheControl() not parsing quoted zero correctly
[Form] Fix const inside an anonymous function
[Config] Loader::import must return imported data
[DoctrineBridge] Fixed caching in DoctrineType when "choices" or "preferred_choices" is passed
[Form] Fixed the default value of "format" in DateType to DateType::DEFAULT_FORMAT if "widget" is not "single_text"
[HttpFoundation] fixed a small regression
Conflicts:
src/Symfony/Component/HttpFoundation/Tests/Session/Storage/Handler/MongoDbSessionHandlerTest.php
* 2.0:
fixed CS
removed the Travis icon (as this is not stable enough -- many false positive, closes#6186)
[Config] Loader::import must return imported data
[HttpFoundation] fixed a small regression
Conflicts:
README.md
src/Symfony/Bridge/Twig/Extension/FormExtension.php
src/Symfony/Bundle/FrameworkBundle/Resources/views/Form/attributes.html.php
src/Symfony/Bundle/FrameworkBundle/Resources/views/Form/form_widget.html.php
src/Symfony/Bundle/FrameworkBundle/Templating/Helper/FormHelper.php
src/Symfony/Component/Form/Form.php
src/Symfony/Component/HttpFoundation/Request.php
src/Symfony/Component/HttpFoundation/SessionStorage/PdoSessionStorage.php
tests/Symfony/Tests/Bridge/Doctrine/Logger/DbalLoggerTest.php
This PR was squashed before being merged into the master branch (closes#5860).
Commits
-------
d0057d0 Added failure_path_parameter to mirror target_path_parameter
Discussion
----------
Added failure_path_parameter to mirror target_path_parameter
Bug fix: no
Feature addition: yes
Backwards compatibility break: no
Symfony2 tests pass: yes
License of the code: MIT
Enable login failure redirect path can be assigned in a form field just like target path.
---------------------------------------------------------------------------
by stof at 2012-10-29T09:40:17Z
Please also open a PR to the doc repo to document this new feature
---------------------------------------------------------------------------
by leevigraham at 2012-10-29T09:56:29Z
@stof @fabpot Done.
* 2.1: (29 commits)
[DependencyInjection] fixed composer.json
[Validator] Fix typos in validators.ru.xlf
Edited some minor grammar and style errors in russian validation file
Updated Bulgarian translation
[Form] improve error message with a "hasser" hint for PropertyAccessDeniedException
[Form] Updated checks for the ICU version from 4.5+ to 4.7+ due to test failures with ICU 4.6
[Form] simplified a test from previous merge
Update src/Symfony/Component/Form/Extension/Core/Type/FileType.php
fixed CS
Xliff with other node than source or target are ignored
small fix of #5984 when the container param is not set
Filesystem Component mirror symlinked directory fix
[Process][Tests] fixed chainedCommandsOutput tests
fixed CS
Use better default ports in urlRedirectAction
Add tests for urlRedirectAction
info about session namespace
fix upgrade info about locale
Update src/Symfony/Component/DomCrawler/Tests/FormTest.php
Update src/Symfony/Component/DomCrawler/Form.php
...
* 2.0:
[DependencyInjection] fixed composer.json
[Form] Updated checks for the ICU version from 4.5+ to 4.7+ due to test failures with ICU 4.6
fixed CS
small fix of #5984 when the container param is not set
fixed CS
Use better default ports in urlRedirectAction
Add tests for urlRedirectAction
Update src/Symfony/Component/DomCrawler/Tests/FormTest.php
Update src/Symfony/Component/DomCrawler/Form.php
[Security] remove escape charters from username provided by Digest DigestAuthenticationListener
[Security] added test extra for digest authentication
fixed CS
[Security] Fixed digest authentication
[Security] Fixed digest authentication
[SecurityBundle] Convert Http method to uppercase in the config
Use Norm Data instead of Data
Conflicts:
src/Symfony/Bridge/Doctrine/Form/EventListener/MergeCollectionListener.php
src/Symfony/Bundle/FrameworkBundle/Controller/RedirectController.php
src/Symfony/Component/DependencyInjection/composer.json
This PR was merged into the master branch.
Commits
-------
3e58893 [Security] Tweak UsernamePasswordFormAuthenticationListener
Discussion
----------
[Security] Tweak UsernamePasswordFormAuthenticationListener
Bug fix: no
Feature addition: no
Backwards compatibility break: no
Symfony2 tests pass: [](http://travis-ci.org/acasademont/symfony)
Fixes the following tickets: -
Todo: -
License of the code: MIT
Documentation PR: -
Improvements:
- Do not check twice for the ```only_post``` condition. The condition in the ```attemptAuthentication``` method is useless as this method will never be called if the previous ```requiresAuthentication``` call returns false.
- If the expected request is ```only_post```, check only the POST variables for the username and password parameters. Otherwise, query params and attributes are checked before.
- Use POST instead of post for correctness
- Do not check twice for the only_post condition
- If the expected request is only_post, check only the post variables for the username and password parameters
* 2.1:
[2.1] Fix SessionHandlerInterface autoloading
Remove executable bit from HttpKernel/DependencyInjection/ConfigurableExtension.php
[2.0][http-foundation] Fix Response::getDate method
[DoctrineBridge] Require class option for DoctrineType
[HttpFoundation] fixed the path to the SensioHandlerInterface class in composer.json
Support the new Microsoft URL Rewrite Module for IIS 7.0. @see http://framework.zend.com/issues/browse/ZF-4491 @see http://framework.zend.com/code/revision.php?repname=Zend+Framework&rev=24842
fixed undefined variable
hasColorSupport does not take an argument
Improve FilterResponseEvent docblocks Response ref
