A ternary operator is considered safe by the Twig auto-escaping only when
both branches are safe. But this ternary was safe only in the ELSE branch,
causing it to be unsafe. This triggered a double-escaping of the value
(escaping the output of the dump). The fix is to use a {% if %} and 2 separate
output statements, allowing them to be auto-escaped separately.
* 3.1: (31 commits)
fixed CS
fixed CS
fixed CS fixer config
fixed typo
Revert "fixed typo"
fixed typo
fixed CS
Avoid setting request attributes from signature arguments in AnnotationClassLoader
[DependencyInjection] Add some missing typehints in YamlFileLoader
[DependencyInjection] minor: Fix a DocBlock
[HttpKernel] Give higher priority to adding request formats
[PropertyInfo] Don't try to access a property thru a static method
[PropertyInfo] Exclude static methods form properties guessing
[FrameworkBundle] Fix third level headers for MarkdownDescriptor
[Ldap] Using Ldap stored username instead of form submitted one
[Ldap] load users with the good username case
[DoctrineBridge] Fixed invalid unique value as composite key
[Doctrine Bridge] fix UniqueEntityValidator for composite object primary keys
[TwigBundle] do not lose already set method calls
#20411 fix Yaml parsing for very long quoted strings
...
* 2.8: (26 commits)
fixed CS
fixed CS
fixed CS fixer config
fixed typo
Revert "fixed typo"
fixed typo
fixed CS
Avoid setting request attributes from signature arguments in AnnotationClassLoader
[DependencyInjection] Add some missing typehints in YamlFileLoader
[DependencyInjection] minor: Fix a DocBlock
[HttpKernel] Give higher priority to adding request formats
[PropertyInfo] Don't try to access a property thru a static method
[PropertyInfo] Exclude static methods form properties guessing
[FrameworkBundle] Fix third level headers for MarkdownDescriptor
[TwigBundle] do not lose already set method calls
#20411 fix Yaml parsing for very long quoted strings
CS: apply is_null
DX: remove invalid inheritdoc
bumped Symfony version to 2.8.17
updated VERSION for 2.8.16
...
* 2.7:
fixed typo
Revert "fixed typo"
fixed typo
fixed CS
Avoid setting request attributes from signature arguments in AnnotationClassLoader
[DependencyInjection] Add some missing typehints in YamlFileLoader
[DependencyInjection] minor: Fix a DocBlock
[HttpKernel] Give higher priority to adding request formats
[FrameworkBundle] Fix third level headers for MarkdownDescriptor
[TwigBundle] do not lose already set method calls
#20411 fix Yaml parsing for very long quoted strings
CS: apply is_null
DX: remove invalid inheritdoc
bumped Symfony version to 2.7.24
updated VERSION for 2.7.23
update CONTRIBUTORS for 2.7.23
updated CHANGELOG for 2.7.23
[FrameworkBundle] Skip test if xdebug.file_link_format is defined.
* 3.1:
Fix merge
[DI] Dont share service when no id provided
Fix Container and PhpDumper test inaccuracies
[DI] Fix missing new line after private alias
[ClassLoader] Throw an exception if the cache is not writeable
Fixing regression in TwigEngine exception handling.
* 2.8:
Fix merge
[DI] Dont share service when no id provided
Fix Container and PhpDumper test inaccuracies
[DI] Fix missing new line after private alias
[ClassLoader] Throw an exception if the cache is not writeable
Fixing regression in TwigEngine exception handling.
* 2.7:
[DI] Dont share service when no id provided
Fix Container and PhpDumper test inaccuracies
[DI] Fix missing new line after private alias
[ClassLoader] Throw an exception if the cache is not writeable
Fixing regression in TwigEngine exception handling.
* 3.1:
do not depend on a fixed date in layout tests
[Console] Escape default value when dumping help
[Console] OS X Can't call cli_set_process_title php without superuser
Fixed @return when returning this or static #bis
fixed @return when returning this or static
Polish translation improvement in Validator component
[Console] Descriptors should use Helper::strlen
[Config] Improve PHPdoc / IDE autocomplete
[Debug] Wrap call to ->log in a try catch block
[Debug] UndefinedMethodFatalErrorHandler - Handle anonymous classes
fix merge
[cache] Bump RedisAdapter timeout to 5s
fixed @return when returning this or static
[SecurityBundle] Made collection of user provider unique when injecting them to the RemberMeService
remove is_writable check on filesystem cache
* 2.8:
do not depend on a fixed date in layout tests
[Console] Escape default value when dumping help
[Console] OS X Can't call cli_set_process_title php without superuser
Fixed @return when returning this or static #bis
Polish translation improvement in Validator component
[Console] Descriptors should use Helper::strlen
[Config] Improve PHPdoc / IDE autocomplete
[Debug] Wrap call to ->log in a try catch block
[Debug] UndefinedMethodFatalErrorHandler - Handle anonymous classes
[SecurityBundle] Made collection of user provider unique when injecting them to the RemberMeService
* 2.7:
do not depend on a fixed date in layout tests
[Console] Escape default value when dumping help
[Console] OS X Can't call cli_set_process_title php without superuser
Polish translation improvement in Validator component
[Console] Descriptors should use Helper::strlen
[Config] Improve PHPdoc / IDE autocomplete
[Debug] Wrap call to ->log in a try catch block
[Debug] UndefinedMethodFatalErrorHandler - Handle anonymous classes
[SecurityBundle] Made collection of user provider unique when injecting them to the RemberMeService
* 3.1:
[Routing] Fail properly when a route parameter name cannot be used as a PCRE subpattern name
[FrameworkBundle] Improve performance of ControllerNameParser
Update documentation link to the component
[HttpFoundation] Add links to RFC-7231
[DI] Initialize properties before method calls
Tag missing internals
[WebProfilerBundle] Dont use request attributes in RouterController
Fix complete config tests
* 2.8:
[Routing] Fail properly when a route parameter name cannot be used as a PCRE subpattern name
[FrameworkBundle] Improve performance of ControllerNameParser
Update documentation link to the component
[HttpFoundation] Add links to RFC-7231
[DI] Initialize properties before method calls
Tag missing internals
[WebProfilerBundle] Dont use request attributes in RouterController
Fix complete config tests
* 2.7:
[Routing] Fail properly when a route parameter name cannot be used as a PCRE subpattern name
[FrameworkBundle] Improve performance of ControllerNameParser
Update documentation link to the component
[HttpFoundation] Add links to RFC-7231
[DI] Initialize properties before method calls
Tag missing internals
[WebProfilerBundle] Dont use request attributes in RouterController
Fix complete config tests
* 3.1:
[Debug] Remove GLOBALS from exception context to avoid endless recursion
[Serializer] Improve test coverage of the MaxDepth annotation
DX: replace @link with @see annotation
bumped min version of Twig to 1.28
This PR was squashed before being merged into the 3.2-dev branch (closes#20405).
Discussion
----------
[SecurityBundle] Display firewall in debug bar even if not authenticated
| Q | A
| ------------- | ---
| Branch? | master
| Tests pass? | yes
| License | MIT
Before:
After:
I will take any input to improve the result, I feel it not optimal.
Commits
-------
d81da79 [SecurityBundle] Display firewall in debug bar even if not authenticated
This PR was merged into the 3.2-dev branch.
Discussion
----------
[SecurityBundle] Make the FirewallConfig class final
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | N/A
| License | MIT
| Doc PR | N/A
I suggest to make the `FirewallConfig` class final. This value object is only built by the `SecurityExtension` from the `SecurityBundle` and is not meant to be an extension point.
ping @chalasr
Commits
-------
5963627 [SecurityBundle] Make the FirewallConfig class final
This PR was merged into the 3.2-dev branch.
Discussion
----------
[DX][SecurityBundle] Introduce a FirewallConfig class accessible from FirewallContext
| Q | A |
| --- | --- |
| Branch? | master |
| Bug fix? | no |
| New feature? | yes |
| BC breaks? | no |
| Deprecations? | yes but it should not have any impact in userland |
| Tests pass? | yes |
| Fixed tickets | #15294 |
| License | MIT |
| Doc PR | todo |
With this, the `FirewallContext` class now has a `getConfig()` method returning a `FirewallConfig` object representing the firewall configuration.
Also this adds a `getContext()` method to the `FirewallMap` class of the `SecurityBundle`, to be able to retrieve the current context.
In a next time, this could be useful to display some firewall related informations to the Profiler, as pointed out in #15294.
Also, it can be useful to be able to access the current firewall configuration from an AuthenticationListener, especially for third party bundles (I can develop on demand).
Commits
-------
52d25ed Introduce a FirewallConfig class
