This PR was merged into the 2.0 branch.
Commits
-------
f2cbea3 [Security] remove escape charters from username provided by Digest DigestAuthenticationListener
80f6992 [Security] added test extra for digest authentication
d66b03c fixed CS
694697d [Security] Fixed digest authentication
c067586 [Security] Fixed digest authentication
Discussion
----------
Fix digest authentication
Bug fix: yes
Feature addition: no
Backwards compatibility break: no
Symfony2 tests pass: yes
Fixes the following tickets:
Todo: -
License of the code: MIT
Documentation PR: -
Replaces: #5485
This adds the missing fixes.
My only concerns is the ```\"``` removing.
```\"``` is only needed for the HTTP transport, but keeping them would require to also store the username with the escapes as well.
---------------------------------------------------------------------------
by fabpot at 2012-10-30T11:25:28Z
The digest authentication mechanism is not that widespread due to its limitation. And the transport is not HTTP, I think we are talking about very few cases.
---------------------------------------------------------------------------
by sstok at 2012-10-30T12:49:14Z
Apache seems to remove (ignore) escape characters.
```c
if (auth_line[0] == '=') {
auth_line++;
while (apr_isspace(auth_line[0])) {
auth_line++;
}
vv = 0;
if (auth_line[0] == '\"') { /* quoted string */
auth_line++;
while (auth_line[0] != '\"' && auth_line[0] != '\0') {
if (auth_line[0] == '\\' && auth_line[1] != '\0') {
auth_line++; /* escaped char */
}
value[vv++] = *auth_line++;
}
if (auth_line[0] != '\0') {
auth_line++;
}
}
else { /* token */
while (auth_line[0] != ',' && auth_line[0] != '\0'
&& !apr_isspace(auth_line[0])) {
value[vv++] = *auth_line++;
}
}
value[vv] = '\0';
}
```
But would this change be a BC break for people already using quotes but without a comma and thus they never hit this bug?
The change it self is minimum, just calling ```str_replace('\\\\', '\\', str_replace('\\"', '"', $value))``` when getting the username.
---------------------------------------------------------------------------
by fabpot at 2012-11-13T13:00:12Z
@sstok Doing the same as Apache seems the best option here (just document the BC break).
---------------------------------------------------------------------------
by sstok at 2012-11-15T16:05:00Z
Hopefully I did this correct, but the needed escapes seem correctly removed.
`\"` is changed to `"` `\\` is changed to `\`
`\'` it kept as it is, as this needs no correcting.
@Vincent-Simonin Can you verify please.
---------------------------------------------------------------------------
by Vincent-Simonin at 2012-11-19T09:28:18Z
Authentication didn't work with this configuration :
```
providers:
in_memory:
name: in_memory
users:
te"st: { password: test, roles: [ 'ROLE_USER' ] }
```
`te"st` was set in authentication form's user field.
(Must we also escape `"` in configuration file ?)
Tests were performed with nginx.
---------------------------------------------------------------------------
by sstok at 2012-11-19T09:33:34Z
Yes. YAML escapes using an duplicate quote, like SQL.
```yaml
providers:
in_memory:
name: in_memory
users:
"te""st": { password: test, roles: [ 'ROLE_USER' ] }
```
This PR was merged into the 2.0 branch.
Commits
-------
32dc31e [SecurityBundle] Convert Http method to uppercase in the config
Discussion
----------
[SecurityBundle] Convert Http method to uppercase in the config
This is not striclty required as method names would be converted to uppercase by the matcher after #5988.
However I think it is better to always use uppercase for http method names.
The config UT has also been improved as part of this PR.
This is good to propagate to 2.1 & 2.2 also.
This PR was submitted for the master branch but it was merged into the 2.0 branch instead (closes#6015).
Commits
-------
f61c019 Update src/Symfony/Component/DomCrawler/Tests/FormTest.php
9b3aaf2 Update src/Symfony/Component/DomCrawler/Form.php
Discussion
----------
FIX: Malformed field path ""
In case we have the name attribute empty.
---------------------------------------------------------------------------
by fabpot at 2012-11-15T06:12:35Z
Can you add a unit test for that case?
---------------------------------------------------------------------------
by bierdok at 2012-11-15T09:21:01Z
Voila.
This PR was merged into the 2.1 branch.
Commits
-------
1daefa5 [Routing] made it compatible with older PCRE version (pre 8)
Discussion
----------
[Routing] compatibility with older PCRE version (pre 8)
fixes#4093
Ok I changed my mind about this issue.
1. I figured more people are affected than I thought and CentOS is stubborn.
2. Symfony still uses the old regex style `?P<param>` in several other components. So also doing so in the routing makes it more consistent.
3. Even if it's definitely not good to use an over 6 year old PCRE version with a recent PHP version, we can still try to provide the best experience. It doesn't mean we support outdated software stacks of custom PHP compilations as we won't and cannot specifically test against it.
@fabpot: I will do a seperate PR on master when you merged this because the code changed alot in master so it cannot easily be merged I guess. I will also convert the symfony requirement for PCRE in the requirements check to a recommendation.
This PR was merged into the 2.1 branch.
Commits
-------
ea2bb09 tiny refactoring for consistency
Discussion
----------
tiny refactoring for consistency
no need to use the iterator within the class. not done anywhere else.
This PR was submitted for the master branch but it was merged into the 2.1 branch instead (closes#6016).
Commits
-------
9b0cad4 Added HttpCache\Store::generateContentDigest() + changed visibility
Discussion
----------
Added HttpCache\Store::generateContentDigest() + changed $root visibility
Bug fix: no
Feature addition: yes
Backwards compatibility break: no
Symfony2 tests pass: yes
Fixes the following tickets: -
Todo: -
License of the code: MIT
Documentation PR: -
## Description
This PR adds 2 small changes in base `HttpCache\Store`:
1. Adds `generateContentDigest()` protected method, allowing to easily override the default behavior for special cases.
2. Change `$root` visibility to *protected* to let descendant access it.
This allows special implementations of HttpCache when storing specific cache files in a different place is needed.
## Example
An example of implementation can be found [in eZ Publish 5 source code](https://github.com/ezsystems/ezp-next/blob/master/eZ/Publish/Core/MVC/Symfony/Cache/Http/LocationAwareStore.php). In this example, eZ Publish content cache entities are stored under a different folder than regular cache entities in order to ease cache purge based on a content location.
## Testing
No unit tests were added since the behavior didn't change and the new method is protected.
PS : It would be nice to have this in 2.1 branch as well 😃
* 2.0:
fixed comment. The parent ACL is not accessed in this method.
[HttpFoundation] Make host & methods really case insensitive in the RequestMacther
[Validator] fixed Ukrainian language code (closes#5972)
Fixed case of php function
Conflicts:
src/Symfony/Bundle/FrameworkBundle/Resources/translations/validators.uk.xliff
src/Symfony/Component/HttpFoundation/RequestMatcher.php
This PR was merged into the 2.0 branch.
Commits
-------
b3a8efd fixed comment. The parent ACL is not accessed in this method.
Discussion
----------
fixed comment. The parent ACL is not accessed in this method.
Just fixed a comment on PermissionGrantingStrategy.
hasSufficientPermissions() is not accessing the parent ACL. That's done in isGranted().
This PR was merged into the 2.1 branch.
Commits
-------
7569ee2 [Routing] removed irrelevant string cast in Route
Discussion
----------
[Routing] removed irrelevant string cast in Route
Even if the passed key is an integer, casting to string won't make any difference in array keys (it remains an int key).
This PR was merged into the 2.0 branch.
Commits
-------
e12bd12 [HttpFoundation] Make host & methods really case insensitive in the RequestMacther
Discussion
----------
[HttpFoundation] Make host & methods really case insensitive in the Requ...
...estMacther
and backport changes from 2.2
Details:
- does not take case into account when checking the host (the `Request` always returns a lowercase value) to protect against user typo,
- makes the constructor case proof by invoking setters rather than setting properties directly (you could then add un unreachable method i.e; `get`)
Please propagate to 2.1/2.2 if accpeted. Thanks.
This PR was merged into the 2.1 branch.
Commits
-------
c659e78 Make YamlFileLoader and XmlFileLoader file loading extensible
Discussion
----------
Make YamlFileLoader and XmlFileLoader file loading extensible
Bug fix: no
Feature addition: no
Backwards compatibility break: no
Symfony2 tests pass: yes
License of the code: MIT
Documentation PR: not needed
For phpBB we want to use a non-dumped container in the dev env to prevent having to clear the cache all the time. We're creating the container twice because we need some information at compile time which must be fetched from the container. The process is as follows:
Create temp container, get list of installed extensions (think bundles), create a compiler pass with the extensions list, create a new container with that compiler pass, compile it, dump it.
The problem is that we need to load and parse the YAML twice which is really slow. Caching it in the YamlFileLoader should save 50-100ms per page load.
By changing visibility to protected it becomes possible to extend the loader and cache file contents.
This PR was merged into the 2.1 branch.
Commits
-------
84b760b [HttpKernel] fixed Client when using StreamedResponses (closes#5370)
Discussion
----------
[HttpKernel] fixed Client when using StreamedResponses (closes#5370)
This PR was submitted for the master branch but it was merged into the 2.1 branch instead (closes#5967).
Commits
-------
79f750d [Form] Fixed singularization of "prices"
Discussion
----------
[Form] Fixed singularization of "prices"
Bug fix: yes
Feature addition: no
Backwards compatibility break: no
Symfony2 tests pass: yes
License of the code: MIT
This PR is similar to #4758, although in this case, the singularization of "prices" into "prex" or "prix" is obviously a mistake. I guess anyone working on a e-commerce platform with multiple prices on a product model could encounter this issue.
I adapted the tests as well ; there shouldn't be any bc break.
---------------------------------------------------------------------------
by bschussek at 2012-11-10T07:23:00Z
👍
This PR was merged into the 2.1 branch.
Commits
-------
0f75586 [Form] Removed an exception that prevented valid formats from being passed, e.g. "h" for the hour, "L" for the month etc.
Discussion
----------
[Form] Removed an exception that prevented valid formats from being passed
Bug fix: yes
Feature addition: no
Backwards compatibility break: no
Symfony2 tests pass: yes
Fixes the following tickets: #5730
Todo: -
License of the code: MIT
Documentation PR: -
This PR was merged into the 2.1 branch.
Commits
-------
e34fb41 [HttpFoundation] moved the HTTP protocol check from StreamedResponse to Response (closes#5937)
Discussion
----------
[HttpFoundation] moved the HTTP protocol check from StreamedResponse to Response (closes#5937)
This PR was merged into the 2.1 branch.
Commits
-------
67e697f fixed PDO session handler for Oracle (closes#5829)
Discussion
----------
fixed PDO session handler for Oracle (closes#5829)
