Adds filtering convenience using PHP's filter_var() e.g.
`$request->get->filter($key, '', false, FITLER_SANITIZE_STRING);`
See http://php.net/manual/en/filter.filters.php for capabilities.
Commits
-------
34494b3 whitespace fixes
1a86a4a Refactor mime-type to file extension guessing
e7481a3 Decouple mime-type to extension logic from File class
Discussion
----------
[2.1] Decouple mimetype-to-extension logic from File class
This allows guessing the extension from a given mime type
without requiring the existence of a local file.
If a file's meta information (mime-type, etc.) is already available (i.e. it's
been extracted once and stored in some persistent data store), it would be
nice to be able to make a best-guess on the extension based on the known mime-type.
A concrete use case of this is for the symfony-cmf, where a file has been stored
in the jackrabbit data store. When delivering this file or saving it to disk, we'd like to
use an extension that's created based on the known mime type of the file.
---------------------------------------------------------------------------
by brki at 2011/06/21 04:35:13 -0700
Now implemented similarly to the existing MimeTypeGuesser.
---------------------------------------------------------------------------
by brki at 2011/06/21 07:51:22 -0700
whitespace removed
---------------------------------------------------------------------------
by stof at 2011/09/04 05:04:54 -0700
@fabpot @brki what is the status of this PR ?
Commits
-------
020fa51 [RedirectResponse] Added missing `doctype` and `title` tag
Discussion
----------
[RedirectResponse] Added missing `doctype` and `title` tag
Commits
-------
ea0db2d [HttpFoundation] Remove useless ContentTypeMimeTypeGuesser
Discussion
----------
[2.1] [HttpFoundation] Remove useless ContentTypeMimeTypeGuesser
`mime_content_type` exists just for the compat between the old PHP 5.2
`mime_magic` extension and `file_info` extension
---------------------------------------------------------------------------
by fabpot at 2011/08/19 05:31:25 -0700
I will merge it in 2.1 as some people might rely on it.
---------------------------------------------------------------------------
by stealth35 at 2011/08/19 05:46:02 -0700
ok in the meantime, we can invert the guesser checker :
```php
/**
* Registers all natively provided mime type guessers
*/
private function __construct()
{
if (FileBinaryMimeTypeGuesser::isSupported()) {
$this->register(new FileBinaryMimeTypeGuesser());
}
if (FileinfoMimeTypeGuesser::isSupported()) {
$this->register(new FileinfoMimeTypeGuesser());
}
if (ContentTypeMimeTypeGuesser::isSupported()) {
$this->register(new ContentTypeMimeTypeGuesser());
}
}
```
---------------------------------------------------------------------------
by stloyd at 2011/08/19 05:48:38 -0700
@stealth35 You should make new PR for change you mentioned above.
---------------------------------------------------------------------------
by stealth35 at 2011/08/19 05:53:12 -0700
@stloyd done PR #1989
EDIT : forget this
Commits
-------
007e395 do not set a default CONTENT_TYPE for PATCH
fa2c027 Added support for the PATCH method
Discussion
----------
[2.1] [HttpFoundation] Added support for the PATCH method
http://tools.ietf.org/html/rfc2068#section-19.6.1.1http://tools.ietf.org/html/rfc5789
---------------------------------------------------------------------------
by Seldaek at 2011/08/07 03:23:20 -0700
According to the spec it seems that PATCH requests shouldn't be of application/x-www-form-urlencoded content-type so it shouldn't match the first if, and in the second it's probably wrong to default to application/x-www-form-urlencoded, no?
---------------------------------------------------------------------------
by lsmith77 at 2011/08/07 03:31:48 -0700
Hmm you are right. I assumed the diff would be encoded as ``application/x-www-form-urlencoded`` but there indeed is no indication of that in the spec. But given that the second case would still need some sort of handling for PATCH, just not sure what exactly ``$defaults['CONTENT_TYPE']`` should be set to.
---------------------------------------------------------------------------
by Seldaek at 2011/08/07 03:48:53 -0700
As I understand it, a PATCH request must specify a content-type or it's invalid, so we could just skip the second behavior if no content-type is present.
As your first link says:
The list of differences is in a format defined by the media type of the entity (e.g.,
"application/diff") and MUST include sufficient information to allow
the server to recreate the changes necessary to convert the original
version of the resource to the desired version.
Sounds like PATCH is highly application specific, and not so standardized, probably because it's not very useful for most purposes.
---------------------------------------------------------------------------
by lsmith77 at 2011/08/07 04:02:43 -0700
Yes, but to me this means that the patch is actually correct aside from the fact that its setting a default Content-Type, which I just corrected (not sure if this use of switch is ok with our coding style). Now if the Content-Type does end up being ``application/x-www-form-urlencoded`` then I would say its correct to decode it.
Commits
-------
34a1b53 [HttpFoundation] Do not save session in Session::__destroy() when saved already
Discussion
----------
[HttpFoundation] Saving session data in __destroy() has a side effect on functional tests
Having functional test with several non-insulated requests, TestSessionListener invokes session saving at the end of every request. But instance of Session remains in memory until it's collected by garbage collector which saves the same data again in __destroy() method. The problem is that session object can get collected after other requests changed session data (e. g. user logged in) resulting in former data overwriting the latter.
Commits
-------
eae6a77 fixed wrong case
d0a175bfixes#1659f300ede fixes several bugs
a4f05ac added some tests
Discussion
----------
Http util fixes
Fixes several bugs in the http utils.
Please don't add anymore features without sufficient tests. Especially for the Security\Http namespace, regressions are very likely otherwise.
---------------------------------------------------------------------------
by fabpot at 2011/07/19 22:37:26 -0700
Tests do not pass for me:
There were 2 errors:
1) Symfony\Bundle\SecurityBundle\Tests\Functional\LocalizedRoutesAsPathTest::testLoginLogoutProcedure with data set #0 ('en')
InvalidArgumentException: The current node list is empty.
.../src/Symfony/Component/DomCrawler/Crawler.php:604
.../src/Symfony/Bundle/SecurityBundle/Tests/Functional/LocalizedRoutesAsPathTest.php:16
2) Symfony\Bundle\SecurityBundle\Tests\Functional\LocalizedRoutesAsPathTest::testLoginLogoutProcedure with data set #1 ('de')
InvalidArgumentException: The current node list is empty.
.../src/Symfony/Component/DomCrawler/Crawler.php:604
.../src/Symfony/Bundle/SecurityBundle/Tests/Functional/LocalizedRoutesAsPathTest.php:16
--
There were 4 failures:
1) Symfony\Bundle\SecurityBundle\Tests\Functional\LocalizedRoutesAsPathTest::testAccessRestrictedResource with data set #0 ('en')
Failed asserting that two strings are equal.
--- Expected
+++ Actual
@@ @@
-http://localhost/en/login
+http://localhost/login
.../src/Symfony/Bundle/Securitybundle/Tests/Functional/WebTestCase.php:22
.../src/Symfony/Bundle/SecurityBundle/Tests/Functional/LocalizedRoutesAsPathTest.php:38
2) Symfony\Bundle\SecurityBundle\Tests\Functional\LocalizedRoutesAsPathTest::testAccessRestrictedResource with data set #1 ('de')
Failed asserting that two strings are equal.
--- Expected
+++ Actual
@@ @@
-http://localhost/de/login
+http://localhost/login
.../src/Symfony/Bundle/Securitybundle/Tests/Functional/WebTestCase.php:22
.../src/Symfony/Bundle/SecurityBundle/Tests/Functional/LocalizedRoutesAsPathTest.php:38
3) Symfony\Bundle\SecurityBundle\Tests\Functional\LocalizedRoutesAsPathTest::testAccessRestrictedResourceWithForward with data set #0 ('en')
HTTP/1.0 302 Found
Cache-Control: no-cache
Content-Length: 299
Content-Type: text/html; charset=UTF-8
Date: Wed, 20 Jul 2011 05:36:27 GMT
Location: http://localhost/login
Set-Cookie: PHPSESSID=11c9c6a7e7620e13bddef223a5ba46d9; path=/; domain=
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta http-equiv="refresh" content="1;url=http://localhost/login" />
</head>
<body>
Redirecting to <a href="http://localhost/login">http://localhost/login</a>.
</body>
</html>
Failed asserting that <integer:0> matches expected <integer:1>.
.../src/Symfony/Bundle/SecurityBundle/Tests/Functional/LocalizedRoutesAsPathTest.php:50
4) Symfony\Bundle\SecurityBundle\Tests\Functional\LocalizedRoutesAsPathTest::testAccessRestrictedResourceWithForward with data set #1 ('de')
HTTP/1.0 302 Found
Cache-Control: no-cache
Content-Length: 299
Content-Type: text/html; charset=UTF-8
Date: Wed, 20 Jul 2011 05:36:28 GMT
Location: http://localhost/login
Set-Cookie: PHPSESSID=2bbe63786a088471ade3717917f4ba4f; path=/; domain=
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta http-equiv="refresh" content="1;url=http://localhost/login" />
</head>
<body>
Redirecting to <a href="http://localhost/login">http://localhost/login</a>.
</body>
</html>
Failed asserting that <integer:0> matches expected <integer:1>.
.../src/Symfony/Bundle/SecurityBundle/Tests/Functional/LocalizedRoutesAsPathTest.php:50
---------------------------------------------------------------------------
by schmittjoh at 2011/07/19 23:47:29 -0700
I fixed a wrong case, but I couldn't reproduce the other errors (tested on Ubuntu).
My guess is that the temporary directory on your machine couldn't be deleted for some reason, and the test runs with the configuration of some of the previous tests.
---------------------------------------------------------------------------
by fabpot at 2011/07/20 00:28:41 -0700
That does not make any difference for me. For instance, in `LocalizedRoutesAsPathTest::testLoginLogoutProcedure()`, the first request to `'/'.$locale.'/login'` returns the following Response:
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta http-equiv="refresh" content="1;url=http://localhost/login" />
</head>
<body>
Redirecting to <a href="http://localhost/login">http://localhost/login</a>.
</body>
</html>
---------------------------------------------------------------------------
by schmittjoh at 2011/07/20 00:31:34 -0700
That's weird, did you make sure that the temporary directory does not exist?
``rm -Rf /tmp/StandardFormLogin/``
On Wed, Jul 20, 2011 at 9:28 AM, fabpot <
reply@reply.github.com>wrote:
> That does not make any difference for me. For instance, in
> `LocalizedRoutesAsPathTest::testLoginLogoutProcedure()`, the first request
> to `'/'.$locale.'/login'` returns the following Response:
>
> <html>
> <head>
> <meta http-equiv="Content-Type" content="text/html;
> charset=utf-8" />
> <meta http-equiv="refresh" content="1;url=
> http://localhost/login" />
> </head>
> <body>
> Redirecting to <a href="http://localhost/login">
> http://localhost/login</a>.
> </body>
> </html>
>
> --
> Reply to this email directly or view it on GitHub:
> https://github.com/symfony/symfony/pull/1739#issuecomment-1613504
>
---------------------------------------------------------------------------
by fabpot at 2011/07/20 00:33:40 -0700
Yes, I've just checked and the directory does not exist.
---------------------------------------------------------------------------
by schmittjoh at 2011/07/20 00:39:55 -0700
Sorry, I can't reproduce it on Ubuntu and unless someone wants to sponsor me a Mac, there is not much I can do.
Commits
-------
95011ce [HttpFoundation] Fixed creation of requests without a path.
Discussion
----------
[HttpFoundation] Fixed creation of requests without a path.
Providing urls with no path led to php warning that the index 'path' is
not set. This patch initializes 'path' if no path is set.
Commits
-------
64e9263 Updated UPDATE.md
7cf891a Renamed variable returned and used self in place of static for constants
f91f4dd Added the possibility to set cookies with the same name for different domains and paths for Symfony\Component\HttpFoundation\ResponseHeaderBag
f08eeb4 Moved managing cookies of HeaderBag in ResponseHeaderBag
Discussion
----------
[HttpFoundation] Cookies management in ResponseHeaderBag
Fixed cookies management in `Symfony\Component\HttpFoundation\HeaderBag` and `Symfony\Component\HttpFoundation\ResponseHeaderBag`
Commits
-------
f7d0f65 RFC2616 changes
b9a218a [HttpFoundation] set Content-Length header to the length of content
Discussion
----------
[HttpFoundation] set Content-Length header to the length of content
I can't think of why this could be bad but if somebody knows please chime in.
The good thing is that with this change keepalive will work out of the box.
---------------------------------------------------------------------------
by Seldaek at 2011/07/06 05:34:51 -0700
That sounds like a great change. I think it might explain/fix the issues I've encountered with AppCache on my production box. Never had time to look into it, but IIRC I noticed the missing Content-Length, and it seemed to load forever.
---------------------------------------------------------------------------
by fabpot at 2011/07/06 06:46:50 -0700
The `Content-Length` is automatically added by servers like Apache. Moreover, sometimes, you should not add it: http://www.w3.org/Protocols/rfc2616/rfc2616-sec4.html#sec4.4
---------------------------------------------------------------------------
by lenar at 2011/07/06 07:54:45 -0700
It is not added automatically by default. Yes, in case of Apache it is actually added if deflate module is enabled and if that module decides to compress the content (decision based on content-type).
About RFC2616: I will read it and add changes to this PR if applicable.
---------------------------------------------------------------------------
by fabpot at 2011/07/06 08:38:14 -0700
e943fde2ef
---------------------------------------------------------------------------
by Seldaek at 2011/07/06 08:45:22 -0700
@lenar all you have to do is skip setting the Content-Length for `1xx`, `204`, and `304` responses I believe.
---------------------------------------------------------------------------
by Seldaek at 2011/07/06 08:46:54 -0700
But this should maybe be done in sendHeaders() à la `fixContentType`, because you can't be sure about the statusCode before that.
---------------------------------------------------------------------------
by lenar at 2011/07/06 13:55:33 -0700
I propose this based on what I read and understood from RFC2616.
---------------------------------------------------------------------------
by mheleniak at 2011/07/10 03:57:26 -0700
+1
Commits
-------
6786e81 [HttpFoundation] code factorization in UploadedFile
Discussion
----------
[HttpFoundation] code factorization in UploadedFile
As both #1542 and #1544 have been merged.
This change allows for more flexibility if the developer wants to flush
the Response content early (the drawback being that Response listeners
won't be able to tweak the HTTP headers anymore).
There is another benefit: avoid the infamous
"Fatal error: Exception thrown without a stack frame in Unknown on line 0".
Here is a small scenario when this can happen (thanks dtee for identifying this issue):
* Call flush() in controller to output html early, then throw exception
* ExceptionHandler triggers handle() function and return new Response object to output...
* Because the header is sent (flush() call in Controller), php's E_WARNING error get raised, which gets handled by ErrorHandler->handle() and it throws new ErrorException()
* PHP fatals to prevent Exception loop: "Fatal error: Exception thrown without a stack frame in Unknown on line 0"
Commits
-------
d58ba34 [Validator] Consider the ini directive 'upload_max_filesize' while validating an uploaded file (fixes GH-1441)
Discussion
----------
[Validator] FileValidator support for uploaded files
[Validator] Consider the ini directive 'upload_max_filesize' while validating an uploaded file (fixes GH-1441)
Added validator messages should get translated in all the available languages.
Commits
-------
e80ce57 [HttpFoundation] Add REQUEST_TIME by default
Discussion
----------
[HttpFoundation] Add REQUEST_TIME by default
Without this the getting the REQUEST_TIME from the Request in tests is breaking.
Commits
-------
72c074a [Session] Used \Locale::setDefault() when the locale is setted
Discussion
----------
[Session] Used \Locale::setDefault() when the locale is setted
For `DateType` in form component (by example), `\Locale::getDefault()` is used to displayed the name of months.
If `\Locale` class is not used when the locale is setted in the session, the name of months is not in a good language.
This PR solves this problem.
---------------------------------------------------------------------------
by pborreli at 2011/05/29 09:13:44 -0700
what if user doesn't have intl extension ?
---------------------------------------------------------------------------
by stof at 2011/05/29 09:24:04 -0700
You should wrap the calls to ``\Locale::setDefault`` in a ``class_exist`` check to avoid issue when using the stub implementation (for which calling ``setDefault`` is forbidden).
---------------------------------------------------------------------------
by francisbesset at 2011/05/29 09:26:40 -0700
@pborreli: Symfony have a fake Locale class and this class is used only if the server haven't intl enabled.
---------------------------------------------------------------------------
by stof at 2011/05/29 09:33:16 -0700
@francisbesset Yeah, but ``setDefault`` throw a ``BadMethodCall`` exception.
and so the check has to use ``extension_loaded`` instead of ``class_exists``.
---------------------------------------------------------------------------
by fabpot at 2011/06/13 10:12:15 -0700
Ticket #1121 is related to this PR.
---------------------------------------------------------------------------
by fabpot at 2011/06/15 06:18:28 -0700
I have just tried another implementation where the locale is passed as an argument to the built-in types and some data transformers (via a `LocaleAwareInterface` interface). That works fine as forms are immutable now, but the solution is obviously more "complex" as we need to pass the locale to many different classes. Also, using `Locale::setDefault()` has an advantage over my method: you can change the locale whenever you want within a PHP process (which can be useful even if this is an edge case). Last, but not the least, if make sense to update the PHP Locale to the user locale.
So, to sum up, this patch is probably the best solution (easy and flexible enough).
Commits
-------
9d6357c [HttpFoundation] Document the changes to the File classes
136b80a [HttFoundation] Add File::getExtension() as \SplFileInfo::getExtension() was introduced in PHP 5.3.6
38b3b74 [HttpKernel] Fix and test previous commit
ac0c00c [HttpFoundation] Make File extends \SplFileInfo
Discussion
----------
[HttpFoundation] Make File extends \SplFileInfo
This is a rebased version of [PR 674](https://github.com/symfony/symfony/pull/674).
* File: The API has changed (now extends \SplFileInfo),
* File: move() creates the target directory when it does not exist
* UploadedFile: introduction of getClientXXX() methods (for Size, OriginalName, MimeType)
If this PR does not get merged UploadedFile should at least be fixed: [Client.php](https://github.com/symfony/symfony/blob/master/src/Symfony/Component/HttpKernel/Client.php#L124) relies on a last parameter which is no more defined and which is used to bypass [move_uploaded_file()](https://github.com/symfony/symfony/blob/master/src/Symfony/Component/HttpFoundation/File/UploadedFile.php#L155) in test mode.
If this could be merged, I'll detail the changes in UPDATE.md
---------------------------------------------------------------------------
by fabpot at 2011/06/14 08:20:59 -0700
I'll merge it. Can you update the UPDATE file?
---------------------------------------------------------------------------
by vicb at 2011/06/14 09:24:01 -0700
done
* lmcd/master:
Added an optimisation for PHP-FPM (FastCGI Process Manager). As soon as a full Response is dispatched to the browser, the HTTP connection is closed, but the script stays alive on FPM servers.
The current implementation is not ready for inclusion in 2.0. It has several
known problems (security, not possible to disable it, not "cloud-compatible",
...) and it's not a must have feature anyway.
Some references:
* Security issue in FileType: https://github.com/symfony/symfony/issues/1001
* Validation fails on file, still stored in TemporaryStorage: https://github.com/symfony/symfony/issues/908
* Add a size argument & ability to configure TemporaryStorage: https://github.com/symfony/symfony/pull/748
This feature should be reworked and discussed for inclusion in 2.1.
* gordonslondon/http-foundation/response:
[HttpFoundation] merge Response::isRedirected() with Response::isRedirect() - Response::isRedirected() has been removed
This type of override is supported by MS MVC3 and is recommended by Google.
Also added ability to override request method via ?_method= when
request is made via GET.
Notice: Undefined index: _flash in /var/www/test/symfony2/vendors/symfony/src/Symfony/Component/HttpFoundation/Session.php on line 231
Warning: array_key_exists() expects parameter 2 to be array, null given in /var/www/test/symfony2/vendors/symfony/src/Symfony/Component/HttpFoundation/Session.php on line 231
* schmittjoh/security:
[HttpFoundation] added unit test
[Security][HttpFoundation] splits Request::hasSession() into hasSession(), and hasPreviousSession()
[SecurityBundle] added some tests
add provider to configuration
update DI to handle change in config and another provider
separate dbal specific acl config
add provider to configuration
update DI to handle change in config and another provider
separate dbal specific acl config
* bschussek/form:
[Form] CSRF fields are not included in the children of a FormView anymore if the view is not the root
[Form] FormView::offsetUnset() is now supported. It was possible anyway using getChildren() and setChildren().
[Form] Split the option "modifiable" of the "collection" type into "allow_add" and "allow_delete"
[Form] Added test for last commit by kriswallsmith and improved dealing with original names
[Form] Fixed variable scope when entering nested form helpers
[Form] Added tests for blocks/templates in the format _<ID>_(widget|row|label|...)
[Form] updated listener to check that data is an array
The form component should now guarantee to always pass an UploadedFile object to your model. There you can call getOriginalName() to retrieve the original name of the uploaded file. For security reasons, the real file name is a generated hash value.
This has been removed for several reasons:
* the framework does not know where the document root is and should not care
* as the document root was static, it was impossible to have several document roots depending on some business rules (see next one)
* sometimes, the document root is not under the web root directory (so the logic of getWebPath() is not always correct)
* the feature was not used anywhere in the core
* igorw/ipv6:
[HttpFoundation] minor optimization
minor adjustments suggested by vicb
[HttpFoundation] IPv6 support for RequestMatcher
[HttpFoundation] refactor RequestMatcherTest to use dataProvider
[Validator] use full iPv6 regex
[Validator] add IPv6 support to UrlValidator
[HttpFoundation] add IPv6 support to Request
[HttpFoundation] test Request::create with an IP as host name
[HttpFoundation] refactor Request::getClientIp test
* bschussek/form:
[Form] Automatically setting "data_class" option if objects are passed at the creation of a form
[Form] Improved the way passed data is handled in FormFactory
[Form] Simplified FileType code
[HttpFoundation] TemporaryStorage automatically creates the directory if it doesn't exist yet
[Form] Changed FormBuilder::build() to FormBuilder::create(). You hvae to pass the resulting builder to FormBuilder::add() manually now
[Form] Added FieldTypeValidatorExtension and fixed FQCN of DelegatingValidator
* lsmith77/request_format_tweaks:
added text/html to default format mapping
return "q" from splitHttpAcceptHeader() to enable more complex accept header negotiations
added support for setting a custom default format in Request::getRequestFormat()
* made the options array only for "global" options that are valid for all session storages
* changed the PDO session storage constructor signature to accept an array of options for DB configuration
* changed the storage_id to be the full service id, instead of just part of it
* removed the class parameter for session as it can be changed via the .class parameter (it was the only example in the framework)
* removed the configuration for the PDO session storage for now
