This PR was submitted for the 2.3 branch but it was merged into the master branch instead (closes#8195).
Discussion
----------
[Security] Use HMAC construction for remember me cookie hashes
[Security] Use HMAC construction for remember me cookie hashes
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| License | MIT
HMAC is a more secure construction for MACs than the secret suffix method that is currently being used by the remember me cookies, see http://rdist.root.org/2009/10/29/stop-using-unsafe-keyed-hashes-use-hmac/.
Changing the MAC scheme means that current cookies will be invalidated and users will have to login again. Though there are no API BC issues.
Commits
-------
c97e0d0 [Security] Use HMAC construction for remember me cookie hashes
This PR was squashed before being merged into the master branch (closes#8303).
Discussion
----------
[HttpFoundation] Add accessors methods to session handlers
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #7683
| License | MIT
| Doc PR |
Commits
-------
460c696 [HttpFoundation] Add accessors methods to session handlers
This PR was squashed before being merged into the master branch (closes#8452).
Discussion
----------
[Console] Make DialogHelper respect interaction settings
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #8079
| License | MIT
| Doc PR | -
This is based on @cordoval's #8366, but it tries to not break BC and to be a little more userfriendly.
@stof I can't seem to follow the infinite loop you talked about in #8366 . `DialogHelper::ask` will return the default, which is `null`, that breaks the while loop and it returns the default.
Commits
-------
1cde723 [Console] Make DialogHelper respect interaction settings
This PR was merged into the 2.2 branch.
Discussion
----------
[Validator] Fixed groups argument misplace for validateValue method from validator class
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
Signature of validateValue method in ExecutionContext Class is this.
```
public function validateValue($value, $constraints, $subPath = '', $groups = null)
```
But this was called wrongly in Validator Class.
Commits
-------
d3eb9b7 [Validator] Fixed groups argument misplace for validateValue method from validator class
This PR was squashed before being merged into the master branch (closes#8430).
Discussion
----------
[Form] Validation listener remove count()
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
Removing what looks a extra count not needed.
Commits
-------
23a71e5 [Form] Validation listener remove count()
This PR was submitted for the master branch but it was merged into the 2.2 branch instead (closes#8453).
Discussion
----------
added missing comments to WebTestCase
Added comments that are required for autocompletion when extending WebTestCase.
Commits
-------
d056e6b added missing comments to WebTestCase
This PR was submitted for the master branch but it was merged into the 2.2 branch instead (closes#8456).
Discussion
----------
[Process] Fixed#8455: PhpExecutableFinder::find() does not always return the correct binary
Since `PHP_BINARY` is the very first approach considered, there is no way to use a workaround like setting the `PHP_PATH`.
Checking `PHP_PATH` could potentially be put before checking `PHP_BINARY`: that would avoid an extra function call (and system call), at the price of a small BC_BREAK, but I think it's better in this case to have a solution that doesn't force people to set the `PHP_PATH` environment variable.
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #8455
| License | MIT
| Doc PR | none
Commits
-------
35a2fe4 [Process] Fixed#8455: PhpExecutableFinder::find() does not always return the correct binary
This PR was submitted for the master branch but it was merged into the 2.3 branch instead (closes#8498).
Discussion
----------
Added missing .gitignore
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
Commits
-------
60bc41d Added missing files .gitignore
This PR was merged into the 2.2 branch.
Discussion
----------
[DependencyInjection] Fix Container::camelize to convert beginning and ending . and _
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #7431
| License | MIT
| Doc PR | n/a
I'm using strtr to make the conversion in order to ensure that the behavior is the same as `Container::get`.
From the test cases I've added, the following were not passing:
Commits
-------
485d53a [DependencyInjection] Fix Container::camelize to convert beginning and ending chars
* 2.3:
[PropertyAccess] added moves to pluralMap
[Security] fixed issue where authentication listeners clear unrelated tokens
added greek translation
[DependencyInjection] Add exception for service name not dumpable in PHP
bumped Symfony version to 2.3.3-DEV
fix issue #8499 modelChoiceList call getPrimaryKey on a non object
updated VERSION for 2.3.2
updated CHANGELOG for 2.3.2
[DependencyInjection] Add exception for service name not dumpable in PHP
fixed typo
bumped Symfony version to 2.2.5
updated VERSION for 2.2.4
update CONTRIBUTORS for 2.2.4
updated CHANGELOG for 2.2.4
Fixed NativeSessionStorage:regenerate when does not exists
removed extraneous whitespaces
Conflicts:
src/Symfony/Component/HttpKernel/Kernel.php
* 2.2:
[PropertyAccess] added moves to pluralMap
[Security] fixed issue where authentication listeners clear unrelated tokens
fix issue #8499 modelChoiceList call getPrimaryKey on a non object
[DependencyInjection] Add exception for service name not dumpable in PHP
Conflicts:
src/Symfony/Component/DependencyInjection/Dumper/PhpDumper.php
src/Symfony/Component/DependencyInjection/Tests/Dumper/PhpDumperTest.php
src/Symfony/Component/Security/Tests/Http/Firewall/BasicAuthenticationListenerTest.php
This PR was merged into the 2.3 branch.
Discussion
----------
[DependencyInjection][2.3] Add exception for service name not dumpable in PHP
Same as #8494 for branch 2.3 since the DI component has been refactored (bb797ee755, f1c2ab78af)
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #8485#8030
| License | MIT
| Doc PR | n/a
Throws an exception when the DIC is dumped to PHP, before generating invalid PHP.
The regex comes from the PHP doc: http://www.php.net/manual/en/language.oop5.basic.php
Commits
-------
9ac3556 [DependencyInjection] Add exception for service name not dumpable in PHP
This PR was merged into the 2.2 branch.
Discussion
----------
[DependencyInjection] Add exception for service name not dumpable in PHP
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #8485#8030
| License | MIT
| Doc PR | n/a
Throws an exception when the DIC is dumped to PHP, before generating invalid PHP.
The regex comes from the PHP doc: http://www.php.net/manual/en/language.oop5.basic.php
Commits
-------
242b318 [DependencyInjection] Add exception for service name not dumpable in PHP
This PR was merged into the 2.2 branch.
Discussion
----------
[Security] fixed issue where x509 authentication clears unrelated tokens
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #8226
| License | MIT
| Doc PR | symfony/symfony-docs#2825
| Notes | Replaces PR #8283
TODO:
- [x] Feedback on change to make sure security is not affected
- [x] Fix other authentication listeners (they suffer the same problem)
- [x] Write unit tests for bug and maybe a few listener classes as well
This pull request is the summary of the problem mentioned in the ticket above.
It only fixes the "disappearing token" problem for one authentication provider, not all. If acceptable, the change needs to be applied to all authentication listeners since they always clear all tokens from the security context.
Commits
-------
2317443 [Security] fixed issue where authentication listeners clear unrelated tokens
This commit fixes an issue where authentication listeners clear all security tokens in case of authentication failure.
This behavior makes it impossible to combine certain authentication mechanisms, notably x509 with form-based login.
This PR was merged into the master branch.
Discussion
----------
security acl dbal schema: inject the schema instead of the whole container
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
following a discussion with @Stof on https://github.com/doctrine/DoctrinePHPCRBundle/pull/78 i thought to clean up the code i used as template as well.
Commits
-------
b960004 security acl dbal schema: inject the schema instead of the whole container
This PR was submitted for the master branch but it was merged into the 2.3 branch instead (closes#8522).
Discussion
----------
[Security] added greek translation
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
Commits
-------
3a6050b [Security] added greek translation
This PR was merged into the master branch.
Discussion
----------
[SwiftmailerBridge] Marked MessageDataCollector as deprecated
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | yes
| BC breaks? | yes
| Deprecations? | yes
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
Now you can configure several mailers.
Linked to the following PR:
- [ ] https://github.com/symfony/SwiftmailerBundle/pull/34
Commits
-------
15bf1d7 [SwiftmailerBridge] Marked MessageDataCollector as deprecated
This is a combination of 2 commits.
- [Serializer] Added encoding support for DomDocument in XmlEncoder
- [Serializer] Refactor code to allow setting <?xml standalone ?>
This commit refactors the createDomDocument(..) method in XmlEncoder
so
it can set the 'version', 'encoding' and 'standalone' attributes on
the
DOM document.
Code coverage of new code: 100%. Tests: pass.
This PR was merged into the 2.2 branch.
Discussion
----------
[bridge] [propel1] [ModelChoiceList] fix issue #8499 call getPrimaryKey on a non object
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #8499
| License | MIT
| Doc PR | no
This fix an issue #8499 introduced by the PR #8223
CC @willdurand @havvg
Commits
-------
2ebb783 fix issue #8499 modelChoiceList call getPrimaryKey on a non object
* 2.2:
fixed typo
bumped Symfony version to 2.2.5
updated VERSION for 2.2.4
update CONTRIBUTORS for 2.2.4
updated CHANGELOG for 2.2.4
Fixed NativeSessionStorage:regenerate when does not exists
removed extraneous whitespaces
Conflicts:
src/Symfony/Component/HttpKernel/Kernel.php