* 2.3:
fixed CS
fixed CS
[HttpKernel] fixed memory limit display in MemoryDataCollector
Fixed the error handling when decoding invalid XML to avoid a Warning
[Form] Fixed: The "data" option is taken into account even if it is NULL
[DomCrawler] [HttpFoundation] Make `Content-Type` attributes identification case-insensitive
Conflicts:
src/Symfony/Bundle/FrameworkBundle/Tests/Templating/TimedPhpEngineTest.php
* 2.3:
fixed Client when using the terminable event
Fix problem with Windows file links (backslash in JavaScript string)
[Security] fixed wrong phpdoc
[DependencyInjection] Prevented inlining of lazy loaded private service definitions.
[Routing] removed extra argument
[HttpFoundation] Header `HTTP_X_FORWARDED_PROTO` can contain various values Some proxies use `ssl` instead of `https`, as well as Lighttpd mod_proxy allows value chaining (`https, http`, where `https` is always first when request is encrypted).
Added doc comments
Conflicts:
src/Symfony/Component/Routing/Router.php
src/Symfony/Component/Security/Http/Firewall.php
This PR was merged into the master branch.
Discussion
----------
New Component: Expression Language
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #8850, #7352
| License | MIT
| Doc PR | not yet
TODO:
- [ ] write documentation
- [x] add tests for the new component
- [x] implement expression support for access rules in the security component
- [x] find a better character/convention for expressions in the YAML format
- [x] check the performance of the evaluation mode
- [x] better error messages in the evaluation mode
- [x] add support in the Routing
- [x] add support in the Validator
The ExpressionLanguage component provides an engine that can compile and
evaluate expressions.
An expression is a one-liner that returns a value (mostly, but not limited to, Booleans).
It is a strip-down version of Twig (only the expression part of it is
implemented.) Like Twig, the expression is lexed, parsed, and
compiled/evaluated. So, it is immune to external injections by design.
If we compare it to Twig, here are the main big differences:
* only support for Twig expressions
* no ambiguity for calls (foo.bar is only valid for properties, foo['bar'] is only valid for array calls, and foo.bar() is required for method calls)
* no support for naming conventions in method calls (if the method is named getFoo(), you must use getFoo() and not foo())
* no notion of a line for errors, but a cursor (we are mostly talking about one-liners here)
* removed everything specific to the templating engine (like output escaping or filters)
* no support for named arguments in method calls
* only one extension point with functions (no possibility to define new operators, ...)
* and probably even more I don't remember right now
* there is no need for a runtime environment, the compiled PHP string is self-sufficient
An open question is whether we keep the difference betweens arrays and hashes.
The other big difference with Twig is that it can work in two modes (possible
because of the restrictions described above):
* compilation: the expression is compiled to PHP and is self-sufficient
* evaluation: the expression is evaluated without being compiled to PHP (the node tree produced by the parser can be serialized and evaluated afterwards -- so it can be saved on disk or in a database to speed up things when needed)
Let's see a simple example:
```php
$language = new ExpressionLanguage();
echo $language->evaluate('1 + 1');
// will echo 2
echo $language->compile('1 + 2');
// will echo "(1 + 2)"
```
The language supports:
* all basic math operators (with precedence rules):
* unary: not, !, -, +
* binary: or, ||, and, &&, b-or, b-xor, b-and, ==, ===, !=, !==, <, >, >=, <=, not in, in, .., +, -, ~, *, /, %, **
* all literals supported by Twig: strings, numbers, arrays (`[1, 2]`), hashes
(`{a: "b"}`), Booleans, and null.
* simple variables (`foo`), array accesses (`foo[1]`), property accesses
(`foo.bar`), and method calls (`foo.bar(1, 2)`).
* the ternary operator: `true ? true : false` (and all the shortcuts
implemented in Twig).
* function calls (`constant('FOO')` -- `constant` is the only built-in
functions).
* and of course, any combination of the above.
The compilation is better for performances as the end result is just a plain PHP string without any runtime. For the evaluation, we need to tokenize, parse, and evaluate the nodes on the fly. This can be optimized by using a `ParsedExpression` or a `SerializedParsedExpression` instead:
```php
$nodes = $language->parse($expr, $names);
$expression = new SerializedParsedExpression($expr, serialize($nodes));
// You can now store the expression in a DB for later reuse
// a SerializedParsedExpression can be evaluated like any other expressions,
// but under the hood, the lexer and the parser won't be used at all, so it''s much faster.
$language->evaluate($expression);
```
That's all folks!
I can see many use cases for this new component, and we have two use cases in
Symfony that we can implement right away.
## Using Expressions in the Service Container
The first one is expression support in the service container (it would replace
#8850) -- anywhere you can pass an argument in the service container, you can
use an expression:
```php
$c->register('foo', 'Foo')->addArgument(new Expression('bar.getvalue()'));
```
You have access to the service container via `this`:
container.get("bar").getvalue(container.getParameter("value"))
The implementation comes with two functions that simplifies expressions
(`service()` to get a service, and `parameter` to get a parameter value). The
previous example can be simplified to:
service("bar").getvalue(parameter("value"))
Here is how to use it in XML:
```xml
<parameters>
<parameter key="value">foobar</parameter>
</parameters>
<services>
<service id="foo" class="Foo">
<argument type="expression">service('bar').getvalue(parameter('value'))</argument>
</service>
<service id="bar" class="Bar" />
</services>
```
and in YAML (I chose the syntax randomly ;)):
```yaml
parameters:
value: foobar
services:
bar:
class: Bar
foo:
class: Foo
arguments: [@=service("bar").getvalue(parameter("value"))]
```
When using the container builder, Symfony uses the evaluator, but with the PHP
dumper, the compiler is used, and there is no overhead as the expression
engine is not needed at runtime. The expression above would be compiled to:
```php
$this->get("bar")->getvalue($this->getParameter("value"))
```
## Using Expression for Security Access Control Rules
The second use case in Symfony is for access rules.
As we all know, the way to configure the security access control rules is confusing, which might lead to insecure applications (see http://symfony.com/blog/security-access-control-documentation-issue for more information).
Here is how the new `allow_if` works:
```yaml
access_control:
- { path: ^/_internal/secure, allow_if: "'127.0.0.1' == request.getClientIp() or has_role('ROLE_ADMIN')" }
```
This one restricts the URLs starting with `/_internal/secure` to people browsing from the localhost. Here, `request` is the current Request instance. In the expression, there is access to the following variables:
* `request`
* `token`
* `user`
And to the following functions:
* `is_anonymous`
* `is_authenticated`
* `is_fully_authenticated`
* `is_rememberme`
* `has_role`
You can also use expressions in Twig, which works well with the `is_granted` function:
```jinja
{% if is_granted(expression('has_role("FOO")')) %}
...
{% endif %}
```
## Using Expressions in the Routing
Out of the box, Symfony can only match an incoming request based on some pre-determined variables (like the path info, the method, the scheme, ...). But some people want to be able to match on more complex logic, based on other information of the Request object. That's why we introduced `RequestMatcherInterface` recently (but we no default implementation in Symfony itself).
The first change I've made (not related to expression support) is implement this interface for the default `UrlMatcher`. It was simple enough.
Then, I've added a new `condition` configuration for Route objects, which allow you to add any valid expression. An expression has access to the `request` and to the routing `context`.
Here is how one would configure it in a YAML file:
```yaml
hello:
path: /hello/{name}
condition: "context.getMethod() in ['GET', 'HEAD'] and request.headers.get('User-Agent') =~ '/firefox/i'"
```
Why do I keep the context as all the data are also available in the request? Because you can also use the condition without using the RequestMatcherInterface, in which case, you don't have access to the request. So, the previous example is equivalent to:
```yaml
hello:
path: /hello/{name}
condition: "request.getMethod() in ['GET', 'HEAD'] and request.headers.get('User-Agent') =~ '/firefox/i'"
```
When using the PHP dumper, there is no overhead as the condition is compiled. Here is how it looks like:
```php
// hello
if (0 === strpos($pathinfo, '/hello') && preg_match('#^/hello/(?P<name>[^/]++)$#s', $pathinfo, $matches) && (in_array($context->getMethod(), array(0 => "GET", 1 => "HEAD")) && preg_match("/firefox/i", $request->headers->get("User-Agent")))) {
return $this->mergeDefaults(array_replace($matches, array('_route' => 'hello')), array ());
}
```
Be warned that conditions are not taken into account when generating a URL.
## Using Expressions in the Validator
There is a new Expression constraint that you can put on a class. The expression is then evaluated for validation:
```php
use Symfony\Component\Validator\Constraints as Assert;
/**
* @Assert\Condition(condition="this.getFoo() == 'fo'", message="Not good!")
*/
class Obj
{
public function getFoo()
{
return 'foo';
}
}
```
In the expression, you get access to the current object via the `this` variable.
## Dynamic annotations
The expression language component is also very useful in annotations. the SensoLabs FrameworkExtraBundle leverages this possibility to implement HTTP validation caching in the `@Cache` annotation and to add a new `@Security` annotation (see sensiolabs/SensioFrameworkExtraBundle#238.)
Commits
-------
d4ebbfd [Validator] Renamed Condition to Expression and added possibility to set it onto properties
a3b3a78 [Validator] added a constraint that runs an expression
1bcfb40 added optimized versions of expressions
984bd38 mades things more consistent for the end user
d477f15 [Routing] added support for expression conditions in routes
86ac8d7 [ExpressionLanguage] improved performance
e369d14 added a Twig extension to create Expression instances
38b7fde added support for expression in control access rules
2777ac7 [HttpFoundation] added ExpressionRequestMatcher
c25abd9 [DependencyInjection] added support for expressions in the service container
3a41781 [ExpressionLanguage] added support for regexes
9d98fa2 [ExpressionLanguage] added the component
* 2.3:
fixed phpdoc
Fix some annotates
[FrameworkBundle] made sure that the debug event dispatcher is used everywhere
[HttpKernel] remove unneeded strtoupper
updated the composer install command to reflect changes in Composer
Conflicts:
src/Symfony/Component/Serializer/Encoder/XmlEncoder.php
* 2.2:
Fix some annotates
[FrameworkBundle] made sure that the debug event dispatcher is used everywhere
[HttpKernel] remove unneeded strtoupper
updated the composer install command to reflect changes in Composer
Conflicts:
src/Symfony/Component/Console/Application.php
src/Symfony/Component/Console/Command/Command.php
src/Symfony/Component/Console/Input/InputDefinition.php
src/Symfony/Component/CssSelector/Node/CombinedSelectorNode.php
src/Symfony/Component/Form/Form.php
src/Symfony/Component/HttpKernel/Debug/ErrorHandler.php
src/Symfony/Component/HttpKernel/DependencyInjection/RegisterListenersPass.php
src/Symfony/Component/HttpKernel/Tests/DependencyInjection/RegisterListenersPassTest.php
src/Symfony/Component/Locale/Locale.php
src/Symfony/Component/Locale/README.md
src/Symfony/Component/Locale/Stub/DateFormat/FullTransformer.php
* 2.3:
fixes RequestDataCollector bug, visible when used on Drupal8
[Console] fixed exception rendering when nested styles
[Console] added some more information about OutputFormatter::replaceStyle()
[Console] fixed the formatter for single-char tags
[Console] Escape exception message during the rendering of an exception
[DomCrawler] fixed HTML5 form attribute handling
Making tests pass on mac os x without this change tests would fail under mac os x at least in 10.8.2
[BrowserKit] Fixed the handling of parameters when redirecting
[Process] Properly close pipes after a Process::stop call
fixed bytes conversion when used on 32-bits systems
Typo fix
HttpFoundation RequestTest - Fixed indentation and removed comments
HttpFoundation Request test for #8619
LICENSE files moved to meta folders
added missing method in the UPGRADE file for 2.2 (closes#8941)
[Form] Fixed: "required" attribute is not added to <select> tag if no empty value
[Translation] Removed an unneeded return annotation.
[DomCrawler] Added missing docblocks and removed unneeded return annotation.
Conflicts:
src/Symfony/Component/Process/Tests/AbstractProcessTest.php
* 2.2:
fixes RequestDataCollector bug, visible when used on Drupal8
[Console] fixed exception rendering when nested styles
[Console] added some more information about OutputFormatter::replaceStyle()
[Console] fixed the formatter for single-char tags
[Console] Escape exception message during the rendering of an exception
[BrowserKit] Fixed the handling of parameters when redirecting
Typo fix
HttpFoundation RequestTest - Fixed indentation and removed comments
HttpFoundation Request test for #8619
LICENSE files moved to meta folders
added missing method in the UPGRADE file for 2.2 (closes#8941)
[Translation] Removed an unneeded return annotation.
[DomCrawler] Added missing docblocks and removed unneeded return annotation.
Conflicts:
src/Symfony/Component/BrowserKit/Client.php
src/Symfony/Component/DomCrawler/Crawler.php
* 2.3:
[HttpKernel] added a check for private event listeners/subscribers
[FrameworkBundle] fixed registration of the register listener pass
[Form] Fixed regression causing invalid "WHERE id IN ()" statements
[DependencyInjection] fixed a non-detected circular reference in PhpDumper (closes#8425)
[Form] Fixed regression in BooleanToStringTransformer from ed83752
[FrameworkBundle] removed obsolete code
[Process] Close unix pipes before calling `proc_close` to avoid a deadlock
[Process] Fix process merge in 2.3
[Intl] made RegionBundle and LanguageBundle merge fallback data when using a country-specific locale
* 2.2:
[HttpKernel] added a check for private event listeners/subscribers
[FrameworkBundle] fixed registration of the register listener pass
[Form] Fixed regression causing invalid "WHERE id IN ()" statements
[DependencyInjection] fixed a non-detected circular reference in PhpDumper (closes#8425)
[Form] Fixed regression in BooleanToStringTransformer from ed83752
[FrameworkBundle] removed obsolete code
[Process] Close unix pipes before calling `proc_close` to avoid a deadlock
Conflicts:
src/Symfony/Bundle/FrameworkBundle/FrameworkBundle.php
src/Symfony/Component/HttpKernel/DependencyInjection/RegisterListenersPass.php
src/Symfony/Component/Process/Process.php
This circular reference cannot be detected by the compiler pass as we
don't check for method arguments there.
The Container itself already detects such circular references at runtime.
So this fix is about circular references that are not detected at
compile time, and are not even detected at runtime because the code that
would cause the detection is never run (generated after a return
statement.)
* 2.3:
Fixing singular form for kisses, accesses and addresses.
fixed some circular references
[Security] fixed a leak in ExceptionListener
[Security] fixed a leak in the ContextListener
Ignore posix_istatty warnings
removed unused variable
[Form] fix iterator typehint
typos
Button missing getErrorsAsString() fixes#8084 Debug: Not calling undefined method anymore. If the form contained a submit button the call would fail and the debug of the form wasn't possible. Now it will work in all cases. This fixes#8084
Use isset() instead of array_key_exists() in DIC
Fixed annotation
[BrowserKit] fixed method/files/content when redirecting a request
[BrowserKit] removed some headers when redirecting a request
[BrowserKit] fixed headers when redirecting if history is set to false (refs #8697)
[HttpKernel] fixed route parameters storage in the Request data collector (closes#8867)
[BrowserKit] Pass headers when `followRedirect()` is called
Return BC compatibility for `@Route` parameters and default values
Conflicts:
src/Symfony/Component/Security/Http/Firewall/ContextListener.php
* 2.2:
[Security] fixed some phpdoc
Fixed PHPDoc Blocks
optimized circular reference checker
[HttpKernel] changed fragment URLs to be relative by default (closes#8458)
This PR was squashed before being merged into the master branch (closes#8488).
Discussion
----------
Add container aware trait
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR | will create one if merged
This trait can be used inside a class to make it container aware. As it is not always possible to extend the abstract ContainerAware class, the code for creating a container aware class is usually copied over and over (most of the time unchanged), resulting in a lot of redundant code in your project. As my projects are PHP 5.4 based nowadays, I would like to be able to use a trait in these scenarios to improve my workflow.
Commits
-------
4c9e606 Add container aware trait
As Composer is now widely used in the PHP world, having to run composer
install before running the test suite is expected. This also has the
nice benefit of removing a bunch of code, making things easier to
maintain (there is only one place to declare a dev dependency), and
probably more.
* 2.3:
[Form] fixes empty file-inputs get treated as extra field
return 0 if there is no valid data
[DependencyInjection] fixed regression where setting a service to null did not trigger a re-creation of the service when getting it
[DependencyInjection] fixed#8570
fixed file permission
The ignoreAttributes itself should be ignored, too.
[Tests] Tests on php 5.5 should pass
[Twig] fixed TwigEngine::exists() method when a template contains a syntax error (closes#88546)
This PR was merged into the 2.3 branch.
Discussion
----------
[DependencyInjection] setLazy not work on DefinitionDecorator
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #8570
| License | MIT
| Doc PR | n/a
Commits
-------
970ce2c [DependencyInjection] fixed#8570
This PR was merged into the 2.3 branch.
Discussion
----------
[DependencyInjection] fixed regression where setting a service to null did not trigger a re-creation of the service when getting it (closes#8392)
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #8392
| License | MIT
| Doc PR | n/a
Commits
-------
50d0727 [DependencyInjection] fixed regression where setting a service to null did not trigger a re-creation of the service when getting it
* 2.3:
[Validator] fixed ConstraintViolation:: incorrect when nested
handle Optional and Required constraints from XML or YAML sources correctly
added missing comments to WebTestCase
Fixed#8455: PhpExecutableFinder::find() does not always return the correct binary
Added missing files .gitignore
[DependencyInjection] Fix Container::camelize to convert beginning and ending chars
[Validator] Fixed groups argument misplace for validateValue method from validator class
[Form] Fix of "PATCH'ed forms are never valid"
* 2.2:
[Validator] fixed ConstraintViolation:: incorrect when nested
handle Optional and Required constraints from XML or YAML sources correctly
added missing comments to WebTestCase
Fixed#8455: PhpExecutableFinder::find() does not always return the correct binary
[DependencyInjection] Fix Container::camelize to convert beginning and ending chars
[Validator] Fixed groups argument misplace for validateValue method from validator class
Conflicts:
src/Symfony/Component/Validator/Tests/Constraints/CollectionTest.php
src/Symfony/Component/Validator/Tests/GraphWalkerTest.php
* 2.3:
[PropertyAccess] added moves to pluralMap
[Security] fixed issue where authentication listeners clear unrelated tokens
added greek translation
[DependencyInjection] Add exception for service name not dumpable in PHP
bumped Symfony version to 2.3.3-DEV
fix issue #8499 modelChoiceList call getPrimaryKey on a non object
updated VERSION for 2.3.2
updated CHANGELOG for 2.3.2
[DependencyInjection] Add exception for service name not dumpable in PHP
fixed typo
bumped Symfony version to 2.2.5
updated VERSION for 2.2.4
update CONTRIBUTORS for 2.2.4
updated CHANGELOG for 2.2.4
Fixed NativeSessionStorage:regenerate when does not exists
removed extraneous whitespaces
Conflicts:
src/Symfony/Component/HttpKernel/Kernel.php
* 2.3:
Update JsonResponse.php
[HttpKernel] fixed the inline renderer when passing objects as attributes (closes#7124)
CookieJar remove unneeded var, Client remove unneeded else
[DI] Fixed bug requesting non existing service from dumped frozen container
Update validators.sk.xlf
[WebProfiler] fix content-type parameter
Replace romaji period characters with Japanese style zenkaku period characters
fixed CS
fixed CS
[Console] Avoided an unnecessary check.
Added missing French validator translations
typo first->second
Passed the config when building the Configuration in ConfigurableExtension
removed unused code
Fixed variable name used in translation cache
Conflicts:
src/Symfony/Component/Console/Event/ConsoleCommandEvent.php
* 2.3: (33 commits)
[Form] fixed INF usage which does not work on Solaris (closes#8246)
Fix grammar
Removed PHP 5.5 from the allowed failures.
[Intl] Fixed tests failing on PHP 5.5
bumped Symfony version to 2.2.4
updated VERSION for 2.2.3
update CONTRIBUTORS for 2.2.3
updated CHANGELOG for 2.2.3
[DependencyInjection] Replaced try/catch block with an @expectedException annotation in a test.
[CssSelector] tweaked README file (closes#8287)
added a node about HTML extension in readme
[Console] Fixed the table rendering with multi-byte strings.
Feature/fix unit tests
[Process] Disable exception on stream_select timeout
[HttpFoundation] fixed issue with session_regenerate_id (closes#7380)
[DomCrawler] added a note about the default charset
Throw exception if value is passed to VALUE_NONE input, long syntax
fixed date type format pattern regex
[Security] fixed usage of the salt for the bcrypt encoder (refs #8210)
[FrameworkBundle] tweaked previous merge (refs #8242)
...
Conflicts:
src/Symfony/Component/HttpKernel/Kernel.php