* 2.8:
[Locale] Add missing @group legacy annotations
[Form] Add missing @group legacy annotations
[Form] Use FQCN form types
Fix security-acl deps
Fix typo
[Security] Removed security-acl from the core
fixed typos
Fix doctrine mapping validation type error
Remove skipping of tests based on ICU data version whenever possible
Fix the handling of null as locale in the stub intl classes
do not dump leading backslashes in class names
fix issue #15377
Skip ::class constant
[Config] type specific check for emptiness
[Form] Deprecated FormTypeInterface::getName() and passing of type instances
Conflicts:
UPGRADE-2.8.md
composer.json
src/Symfony/Bridge/Doctrine/composer.json
src/Symfony/Bridge/Twig/composer.json
src/Symfony/Bundle/SecurityBundle/composer.json
src/Symfony/Component/ClassLoader/ClassMapGenerator.php
src/Symfony/Component/DependencyInjection/Tests/ContainerTest.php
src/Symfony/Component/Form/Tests/AbstractExtensionTest.php
src/Symfony/Component/Form/Tests/AbstractLayoutTest.php
src/Symfony/Component/Form/Tests/SimpleFormTest.php
src/Symfony/Component/Locale/Tests/LocaleTest.php
src/Symfony/Component/Locale/Tests/Stub/StubLocaleTest.php
src/Symfony/Component/Security/Acl/README.md
src/Symfony/Component/Security/Acl/composer.json
* 2.8: (77 commits)
[travis] Use container-based infrastructure
[HttpKernel] use ConfigCache::getPath() method when it exists
[PropertyAccess] Fix setting public property on a class having a magic getter
[Routing] Display file which contain deprecated option
ContainerInterface: unused exception dropped
bumped Symfony version to 2.6.8
updated VERSION for 2.6.7
updated CHANGELOG for 2.6.7
bumped Symfony version to 2.3.29
updated VERSION for 2.3.28
update CONTRIBUTORS for 2.3.28
updated CHANGELOG for 2.3.28
[Debug] Fixed ClassNotFoundFatalErrorHandlerTest
[SecurityBundle] use access decision constants in config
[SecurityBundle] use session auth constants in config
PhpDoc fix in AbstractRememberMeServices
[FrameworkBundle][DX] Add option to specify additional translation loading paths
[Filesystem] Simplified an if statement
fixed CS
[SecurityBundle] Use Enum Nodes Instead Of Scalar
...
Conflicts:
CHANGELOG-2.3.md
CHANGELOG-2.6.md
src/Symfony/Bridge/Swiftmailer/composer.json
src/Symfony/Bundle/DebugBundle/composer.json
src/Symfony/Bundle/FrameworkBundle/Console/Descriptor/TextDescriptor.php
src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/Fixtures/xml/full.xml
src/Symfony/Bundle/FrameworkBundle/Tests/Fixtures/Descriptor/event_dispatcher_1_event1.txt
src/Symfony/Bundle/FrameworkBundle/Tests/Fixtures/Descriptor/event_dispatcher_1_events.txt
src/Symfony/Component/Debug/DebugClassLoader.php
src/Symfony/Component/Debug/Tests/ErrorHandlerTest.php
src/Symfony/Component/Form/README.md
src/Symfony/Component/Intl/README.md
src/Symfony/Component/Locale/composer.json
src/Symfony/Component/Routing/Loader/XmlFileLoader.php
src/Symfony/Component/Routing/Loader/YamlFileLoader.php
src/Symfony/Component/Security/README.md
src/Symfony/Component/Serializer/Tests/Normalizer/GetSetMethodNormalizerTest.php
src/Symfony/Component/Serializer/Tests/Normalizer/ObjectNormalizerTest.php
src/Symfony/Component/Serializer/Tests/Normalizer/PropertyNormalizerTest.php
src/Symfony/Component/Translation/README.md
src/Symfony/Component/Validator/README.md
src/Symfony/Component/Yaml/Yaml.php
* 2.7: (55 commits)
CS: fix some license headers
CS: Ensure there is no code on the same line as the PHP open tag and it is followed by a blankline
Improve triggering of the deprecation error
[SecurityBundle] Fix typos in LogoutUrlHelper
[VarDumper] add caster for MongoCursor objects
make it possible to dump inlined services to XML
[VarDumper] Fixed notice when Exchange is mocked
[Translation] keep old array structure of resourcesFiles to avoid BC.
removed deprecated notices that make the tests fail
use visited lookup with reference to gain performance
[VarDumper] with-er interface for Cloner\Data
Replace GET parameters when changed
tweaked phpdocs
[Process] Fix outdated Process->start() docblock
prevent inlining service configurators
Improve entropy of generated salt
Complete the removal of API versions in the validator component
[Validator] deprecated API version
Removed 2.5 bc layer
[SecurityBundle] UserPasswordEncoderCommand: fix help arguments order.
...
Conflicts:
CHANGELOG-2.3.md
CHANGELOG-2.6.md
src/Symfony/Bridge/Doctrine/Form/Type/DoctrineType.php
src/Symfony/Bundle/FrameworkBundle/DependencyInjection/Configuration.php
src/Symfony/Bundle/FrameworkBundle/Tests/Templating/Helper/FormHelperDivLayoutTest.php
src/Symfony/Bundle/FrameworkBundle/Tests/Templating/Helper/FormHelperTableLayoutTest.php
src/Symfony/Bundle/FrameworkBundle/composer.json
src/Symfony/Bundle/SecurityBundle/composer.json
src/Symfony/Component/Console/Helper/DialogHelper.php
src/Symfony/Component/Console/Tests/Helper/LegacyTableHelperTest.php
src/Symfony/Component/Form/ResolvedFormType.php
src/Symfony/Component/Routing/Matcher/Dumper/ApacheMatcherDumper.php
* 2.7:
[Debug] track and report deprecated classes and interfaces
[Form] Remove a redundant test.
use value of DIRECTORY_SEPARATOR to detect Windows
Conflicts:
src/Symfony/Bundle/SecurityBundle/Tests/Functional/SecurityRoutingIntegrationTest.php
src/Symfony/Component/Security/Core/Util/SecureRandom.php
* 2.3:
[Form] Remove a redundant test.
use value of DIRECTORY_SEPARATOR to detect Windows
Conflicts:
src/Symfony/Component/Console/Application.php
src/Symfony/Component/Filesystem/Tests/FilesystemTest.php
src/Symfony/Component/Form/Tests/Extension/Csrf/Type/FormTypeCsrfExtensionTest.php
src/Symfony/Component/Process/Process.php
* 2.3:
Updated generateSql tool
Fix the implementation of deprecated Locale classes
Fix phpdoc and coding standards
Replace usages of the deprecated TypeTestCase by the new one
Remove usages of deprecated constants
Update functional tests to use the PSR NullLogger
Make fabbot happy
Clean up testing
[DomCrawler] fixed bug #12143
Conflicts:
src/Symfony/Bridge/Doctrine/Tests/Validator/Constraints/UniqueEntityValidatorTest.php
src/Symfony/Bundle/FrameworkBundle/Tests/Templating/TimedPhpEngineTest.php
src/Symfony/Bundle/TwigBundle/Tests/Loader/FilesystemLoaderTest.php
src/Symfony/Component/Console/Application.php
src/Symfony/Component/DomCrawler/Crawler.php
src/Symfony/Component/Form/Tests/Extension/Core/Type/CollectionTypeTest.php
src/Symfony/Component/Form/Tests/Extension/Csrf/Type/FormTypeCsrfExtensionTest.php
src/Symfony/Component/HttpKernel/Tests/Bundle/BundleTest.php
src/Symfony/Component/Serializer/Encoder/EncoderInterface.php
src/Symfony/Component/Serializer/Encoder/XmlEncoder.php
src/Symfony/Component/Validator/Tests/Mapping/ClassMetadataFactoryTest.php
* 2.3:
No global state for isolated tests and other fixes
[TwigBundle] Moved the setting of the default escaping strategy from the Twig engine to the Twig environment
[Debug] fix checkip6
[HttpFoundation] fixed error when an IP in the X-Forwarded-For HTTP header contains a port
Update the note about origins of the CssSelector component.
Use the correct cssselect library name in docblocks.
* 2.3:
[SecurityBundle] Authentication entry point is only registered with firewall exception listener, not with authentication listeners
be smarter when guessing the document root
Azerbaijani locale
Fixed grammar error in docblock
Adjust upgrade file rendering
[Bridge/Propel1] Changed deps to accepts all upcoming propel1 versions
compare version using PHP_VERSION_ID
[Form] Add doc for FormEvents
don't override internal PHP constants
Conflicts:
UPGRADE-3.0.md
src/Symfony/Bundle/FrameworkBundle/Command/ServerRunCommand.php
src/Symfony/Component/Debug/ErrorHandler.php
src/Symfony/Component/HttpFoundation/Response.php
To let opcode caches optimize cached code, the `PHP_VERSION_ID`
constant is used to detect the current PHP version instead of calling
`version_compare()` with `PHP_VERSION`.
* 2.2:
[DoctrineBridge] Added type check to prevent calling clear() on arrays
[Intl] Improved FormTypeCsrfExtension to use the type class as default intention if the form name is empty
Fix docblock typo
Conflicts:
src/Symfony/Component/Form/Extension/Csrf/Type/FormTypeCsrfExtension.php
As Composer is now widely used in the PHP world, having to run composer
install before running the test suite is expected. This also has the
nice benefit of removing a bunch of code, making things easier to
maintain (there is only one place to declare a dev dependency), and
probably more.
* 2.1:
#7106 - fix for ZTS builds
Added '@@' escaping strategy for YamlFileLoader and YamlDumper
[Yaml] fixed bugs with folded scalar parsing
[Form] made DefaultCsrfProvider using session_status() when available
Added unit tests to Dumper
Update .travis.yml (closes#7355)
[HttpFoudantion] fixed Request::getPreferredLanguage()
Revert "merged branch jfsimon/issue-6928 (PR #7378)"
Routing issue with installation in a sub-directory ref: https://github.com/symfony/symfony/issues/7129
Conflicts:
.travis.yml
src/Symfony/Bundle/FrameworkBundle/Routing/Router.php
src/Symfony/Component/Routing/RouteCollection.php
This PR was squashed before being merged into the master branch (closes#5838).
Commits
-------
201f3e6 [Form] Fixed cannot unset string offsets in CsrfValidationListener
Discussion
----------
[Form] Fixed cannot unset string offsets in CsrfValidationListener
Bug fix: yes
Feature addition: no
Backwards compatibility break: no
Symfony2 tests pass: yes
Fixes the following tickets: -
Todo: -
License of the code: MIT
Documentation PR: -
A php fatal error is happening when someone rewrite the entire form data for an object with a single input.
```
Fatal error: Cannot unset string offsets in vendor/symfony/symfony/src/Symfony/Component/Form/Extension/Csrf/EventListener/CsrfValidationListener.php on line 72
```
Example:
```html
<form action="/app_dev.php/post/create" method="post" >
<div id="posttype">
<div>
<label for="posttype_name" class="required">Name</label>
<input type="text" id="posttype_name" name="posttype[name]" required="required" maxlength="255" />
</div>
<div>
<label for="posttype_text" class="required">Text</label>
<textarea id="posttype_text" name="posttype[text]" required="required"></textarea>
</div>
<input type="hidden" id="posttype__token" name="posttype[_token]" value="83a1617c694fbdea43c2527f1a55c7419ce82a42" /></div>
<p>
<button type="submit">Create</button>
</p>
</form>
```
If someone alters the html to add a simple input at the bottom of the form like this one:
```html
<input type="text" id="posttype" name="posttype" value="test123" />
```
The result will be a php fatal error.
---------------------------------------------------------------------------
by bschussek at 2012-10-26T09:49:05Z
Thank you for the pull request! Could you please reference the pull request in the test?
```php
// https://github.com/symfony/symfony/pull/5838
public function testStringFormData()
{
...
```
---------------------------------------------------------------------------
by jfcixmedia at 2012-10-26T10:21:29Z
@bschussek Added, thanks.
- Removed useless error handlers around FormEvent as the triggering has
been fixed in it.
- Enhanced the triggering of deprecation errors for places where the BC
method provide some user logic needing to be converted to a new way.
- Enhanced the deprecation messages to mention the replacement whenever
possible.