Commits
-------
e6577de Added a 'post validation' event to the form component.
Discussion
----------
[Form] Add post-validate event
Bug fix: no
Feature addition: yes
Backwards compatibility break: no
Symfony2 tests pass: n/a
Fixes the following tickets: n/a
Todo: n/a
---------------------------------------------------------------------------
by fabpot at 2012-03-02T20:34:18Z
ping @bschussek
---------------------------------------------------------------------------
by vicb at 2012-03-04T09:19:53Z
I think this is a good idea (It was something missing to properly handle PersistentFile i.e. you should not persist invalid files)
---------------------------------------------------------------------------
by vicb at 2012-03-09T22:35:26Z
@jankramer please remove the second commit from this PR (see http://symfony.com/doc/current/contributing/code/patches.html) in order to make this mergeable.
---------------------------------------------------------------------------
by jankramer at 2012-03-10T09:26:04Z
@vicb done, sorry about that commit: overlooked the fact that it was on the same branch...
Commits
-------
5fa1c70 [json-response] Add a JsonResponse class for convenient JSON encoding
Discussion
----------
[json-response] Add a JsonResponse class for convenient JSON encoding
Usage example:
$data = array(user => $user->toArray());
return new JsonResponse($data);
---------------------------------------------------------------------------
by drak at 2012-02-16T11:51:11Z
@fabpot - maybe we could benefit with a bit more sub-namespacing in this component. One for Response for example and probably one for Request.
---------------------------------------------------------------------------
by Seldaek at 2012-02-16T15:07:31Z
@drak Please no. Moving the session was already a pain IMO since it was type-hinted in a few places (lack of interface, and interface doesn't include flash stuff still). Creating BC breaks just for fun like that is annoying for interop of bundles. It doesn't matter whether we have 10 or 15 classes in one directory.
---------------------------------------------------------------------------
by drak at 2012-02-17T08:33:46Z
@francodacosta The most optimal place is `__toString()`.
@Saldaek It just looks like the whole namespace is getting more cluttered. I suggest it because things like Request/Response objects are surely only going to grow over time. There is always the possibility to make BC for moved and renamed classes so there doesn't have to be any extra complications for making things look cleaner. Anyway, just a thought :-)
---------------------------------------------------------------------------
by stof at 2012-02-17T14:47:40Z
@drak Changing the namespace of a class is a BC break. The request and the response are used in many more places than the Session so it would be a real pain to update this. And the component is tagged with ``@api`` so BC breaks are forbidden without a good reason. The session refactoring was one as it was really an issue in the implementation, but simply renaming the class is not.
---------------------------------------------------------------------------
by fabpot at 2012-03-05T15:03:53Z
I'm -1 for adding this to the core. It does not add much value and why add a special response for JSON and not other formats?
---------------------------------------------------------------------------
by Seldaek at 2012-03-05T18:38:05Z
I think it's useful because it's a class we need in almost every project, and I don't think we're alone. It's super simple but makes me wonder every time why I have to recreate it. I don't want an additional bundle just for 3lines of code. Similarly I would say a JsonpResponse would be great, or maybe just an optional $callback arg to the json response to enable jsonp mode.
I just had someone ask me on irc how to do JSONP so while I think it's obvious and I'm sure you'd think that too, it obviously isn't to newcomers. The Response stuff is hidden behind those render methods & such and people don't realize they can simply subclass. If a few examples were in core it would be both helpful for learning and useful on a day to day basis.
As for other formats, well JSON is typically used nowadays, except when you want more fancy XML APIs, but for that the JMSSerializerBundle + FOSRestBundle are superior and we can't achieve such things in a few lines of code. I could also see a BinaryResponse or DownloadResponse or such that has proper "force-download" headers and accepts any binary stream, but that's another debate.
---------------------------------------------------------------------------
by dragoonis at 2012-03-05T19:43:05Z
I'm +1 for the concept but not commenting on how it should be implemented I'll leave that to other people.
Typically when you want to force a download you have to do ``content-disposition: attachment; filename="filehere.pdf"``
Modifying some response headers and the likes automatically for the user by returning a DownloadResponse object would be very handy..
I'm +1 for @Seldaek's point about examples of sub-classing for specific use cases. It will help with demonstrating how to do custom stuff the right way rather than people coming up with their own contraptions.
---------------------------------------------------------------------------
by stof at 2012-03-05T20:14:39Z
btw, regarding the BinaryResponse, there is a pending PR about it: #2606
---------------------------------------------------------------------------
by simensen at 2012-03-05T21:07:33Z
I'm +1 for providing reference implementations fo custom Response cases. I wanted to find best practices for handling JSONP requests/responses and couldn't find anything at all on the topic. I thought maybe extending Response might be useful but wasn't sure if that could be done safely or should be done at all.
---------------------------------------------------------------------------
by lsmith77 at 2012-03-05T22:28:01Z
@stof i think @drak was suggesting moving the class, but leaving an empty class extending from the new class in the old location to maintain BC
---------------------------------------------------------------------------
by stof at 2012-03-05T23:55:36Z
@lsmith77 This would force Symfony to use the BC class so that it does not break all typehints in existing code
---------------------------------------------------------------------------
by lsmith77 at 2012-03-06T00:22:15Z
BC hacks are never nice .. the goal would just be to eventually have all those classes and more importantly all new ones in a subnamespace. actually it might be easier to just leave all the classes in the old location and create new ones extending from the old ones. anyway .. personally i am also not such a big fan of these specialized responses .. but i guess i see FOSRestBundle as the alternative answer which makes me biased.
---------------------------------------------------------------------------
by Seldaek at 2012-03-06T07:57:36Z
I'm using FOSRestBundle when it's needed, but when you just have a small scale app that needs one or two json responses for specialized stuff it is slightly overkill. And again, newcomers probably won't know about it, and encouraging using it for simple use cases isn't exactly the best learning curve we can provide.
---------------------------------------------------------------------------
by COil at 2012-03-06T23:12:15Z
+1 for this. I have implemented such a function in all my sf1 projects, it will be the same for sf2.
---------------------------------------------------------------------------
by fabpot at 2012-03-15T13:22:27Z
Closing this PR in favor of a cookbook that explains how a developer can override the default Response class (this JSON class being a good example). see symfony/symfony-docs#1159
---------------------------------------------------------------------------
by Seldaek at 2012-03-15T13:25:08Z
Meh. Forcing people to copy paste code from the cookbook in every second project isn't exactly a step forward with regard to ease of use and user-friendliness.
---------------------------------------------------------------------------
by Seldaek at 2012-03-15T13:26:48Z
I mean following this logic, things like the X509 authentication should just be put in cookbooks too because almost nobody needs that. We have tons of code in the framework, I don't get the resistance with adding such a simple class which makes code more expressive.
---------------------------------------------------------------------------
by fabpot at 2012-03-15T13:53:07Z
because X509 authentication is not easy to get it right. Sending a JSON response is as simple as it can get:
new Response(json_encode($data), 200, array('Content-Type' => 'application/json'));
---------------------------------------------------------------------------
by marijn at 2012-03-15T13:54:25Z
Perhaps we need a `Symfony\Extensions\{Component}` namespace for things that don't necessarily belong in the core but are truly useful...
---------------------------------------------------------------------------
by Seldaek at 2012-03-15T14:03:40Z
I still fail to see why it doesn't belong in core.. There are tons of little helpers here and there, a base controller class made only of proxies, and then this gets turned down because it is simple to do it yourself? Sure it is simple, but it's repetitive and boring too. And while it's simple when you know your way around, some people aren't really sure how to do it.
The whole point of a framework is to avoid repetitive bullshit and be more productive. @fabpot do you have any real arguments against? I can see that you don't see a big use to it, fair enough, but do you see any downside at all?
Commits
-------
0e4f789 changed test config
a98d554 [SecurityBundle] Allow switching to the user that is already impersonated (fix#2554)
Discussion
----------
[Security] Disabled exception when switching to the user that is already impersonated
Bug fix: yes-ish
Feature addition: no
Backwards compatibility break: no
Symfony2 tests pass: yes
Fixes the following tickets: #2554
Todo: -
---------------------------------------------------------------------------
by vicb at 2012-03-13T14:31:45Z
@meandmymonkey thank you for your work on this issue. Would you have time to add functional tests ?
---------------------------------------------------------------------------
by meandmymonkey at 2012-03-13T14:49:52Z
Probably not today, but during the next few days, yes, of course.
---------------------------------------------------------------------------
by meandmymonkey at 2012-03-14T18:05:19Z
@vicb @schmittjoh Writing the tests I noticed switching to an non-existent user will not raise an exception. While it's not a security issue, it should raise an error for completeness sake, shouldn't it?
---------------------------------------------------------------------------
by vicb at 2012-03-14T20:28:52Z
I think it should (throw an `AuthenticationCredentialsNotFoundException`). _btw there is an extra `sprintf` in the original code that could be remove when attempting to exit_
---------------------------------------------------------------------------
by meandmymonkey at 2012-03-14T21:13:16Z
The problem with throwing an `AuthenticationCredentialsNotFoundException` (or any other security exception for that matter) is that it derives from `AuthenticationException`, which means it gets caught by the framework and redirects to the login form, which is not what we want in this case.
We need to throw something 500-ish at [L89](d40b3376ec/src/Symfony/Component/Security/Http/Firewall/SwitchUserListener.php (L89)), either a generic or a (new) custom Exception.
---------------------------------------------------------------------------
by meandmymonkey at 2012-03-14T21:43:57Z
IMHO a `LogicException`would be fine, like the one used at [L117](d40b3376ec/src/Symfony/Component/Security/Http/Firewall/SwitchUserListener.php (L117)), as the error is not really about a failed authentication.
---------------------------------------------------------------------------
by vicb at 2012-03-14T21:49:04Z
I agree and btw very good job on the tests !
---------------------------------------------------------------------------
by meandmymonkey at 2012-03-14T22:12:43Z
Thanks :)
---------------------------------------------------------------------------
by vicb at 2012-03-15T08:01:13Z
Could you squash the commits, prefix the commit message with `[SecurityBundle]` and add `(fix#2554)` at the end ?
---------------------------------------------------------------------------
by meandmymonkey at 2012-03-15T08:53:12Z
Done.
---------------------------------------------------------------------------
by vicb at 2012-03-15T09:19:09Z
@fabpot this PR looks good to me.
---------------------------------------------------------------------------
by fabpot at 2012-03-15T12:50:50Z
Tests do not pass when you run them all.
---------------------------------------------------------------------------
by meandmymonkey at 2012-03-15T13:41:45Z
@fabpot @vicb With this config change, they pass when run together.
What is weird though is that the reason seems to be that the config for the profiler gets overwritten when running all tests together, while being used correctly when run alone. Any idea what can cause this? They should be isolated from each other.
The new config from 0e4f789 works, but enables the profiler for all SecurityBundle Tests... which is not strictly necessary.
Disabled exception when switching to the user that is already impersonated, exception is now only thrown when trying to switch to a new user.
Added an Excption exception when switching fails because target user does not exist.
Added funtional tests for switching users.
It does not make sense to try and store session ini directives since they can be changes outside
of the class as they are part of the global state.
Coding stan
Commits
-------
17c3482 fixed timezone bug in DateTimeToTimestampTransformer
Discussion
----------
[FIX]fixed timezone bug in DateTimeToTimestampTransformer
After several trials, I found out that the original code
```php
$dateTime = new \DateTime(sprintf("@%s %s", $value, $this->outputTimezone));
```
would create a DateTime object with timezone being '0000', even though $this->outputTimezone is set to my local timezone.
so I expanded the code a bit and it's working now.
PHP Test code,
```PHP
$d = new DateTime("@1234567890 Asia/Tokyo");
echo date_format($d, 'Y/m/d H:i:s')."\n";
echo $d->getTimezone()->getName()."\n";
$d = new DateTime("now Asia/Hong_Kong");
echo date_format($d, 'Y/m/d H:i:s')."\n";
echo $d->getTimezone()->getName()."\n";
```
The output is as followed:
2009/02/13 23:31:30
+00:00
2012/03/13 03:35:55
Asia/Hong_Kong
This could be a bug of PHP,
---------------------------------------------------------------------------
by stealth35 at 2012-03-13T15:54:31Z
👍
Commits
-------
1ec075d [ClassLoader] Fixed version compare
8fb529c [ClassLoader] Fixed ClassMapGenerator and added suport for traits
Discussion
----------
[ClassLoader] Fixed ClassMapGenerator and added suport for traits
---------------------------------------------------------------------------
by hason at 2012-03-08T10:49:53Z
@fabpot, @Seldaek ``PHP_VERSION_ID`` or ``version_compare``?
---------------------------------------------------------------------------
by Seldaek at 2012-03-08T11:42:20Z
Ultimately @fabpot can call it, but I'm pro version_compare because it's just typically used for those checks, which may not make it more readable but makes it less WTF since it's a common pattern.
---------------------------------------------------------------------------
by drak at 2012-03-08T13:43:18Z
I prefer `version_compare()` with `phpversion()` as it's way more readable and obvious what it is.
---------------------------------------------------------------------------
by fabpot at 2012-03-08T17:06:25Z
+1 for `version_compare()`
---------------------------------------------------------------------------
by hason at 2012-03-09T07:19:10Z
@fabpot done
Commits
-------
99079ba Very small semantic changes improving understanding and readability.
Discussion
----------
Very small semantic changes improving understanding and readability.
The "may or may not" change may seem pedantic but it quantifies the use of the field; obviously a boolean is true or not but "may not be empty" made me wonder about it's intent so clarification seemed appropriate.
Change "return" to "returns" as the rest of the code in the class uses this syntax.
Change "contains" to "contain" in an exception message.
Commits
-------
919eee4 [Security] Regenerated the ACL SQL schema with the latest Doctrine version
Discussion
----------
[Security] Regenerated the ACL SQL schema with the latest Doctrine version
This regenerates the SQL schemas for all platforms supported by Doctrine as some changes were made in the DBAL code since the previous run of the script and a new platform has been added.
Commits
-------
ca70a35 [FrameworkBundle] Return Event
876cf96 [EventDispatcher] Add fluid interface on dispatch()
Discussion
----------
[2.1][EventDispatcher] Add fluid interface on dispatch()
Bug fix: no
Feature addition: yes
Backwards compatibility break: no
Symfony2 tests pass: yes
Fixes the following tickets: -
Todo: -
This patch allows for code like the following:-
$response = $dispatcher->dispatch('foo', new FooEvent())->getResponse();
and
if ($dispatcher->dispatch('foo')->isStoppedPropagation()) {
// ...
}
The HTTP status code translation table was updated to include all HTTP status codes as defined by the IANA Hypertext Transfer Protocol (HTTP) Status Code Registry (http://www.iana.org/assignments/http-status-codes/).
Commits
-------
bfb5547 fixed docblock
bf75212 use SecurityContextInterface instead of SecurityContext
498b4b6 use SecurityContextInterface instead of SecurityContext
Discussion
----------
use SecurityContextInterface instead of SecurityContext
Bug fix: no
Feature addition: no
Backwards compatibility break: yes
Symfony2 tests pass: yes
Fixes the following tickets: /
Todo: /
Abstract: it's not possible to exchange the `security.context` with another implementation without this change. You may not be able to extend the `SecurityContext` because `isGranted` is final, so you may implement your own context.
---------------------------------------------------------------------------
by pminnieur at 2012-03-06T17:37:27Z
PS: could you merge this back to 2.0 branch, too?
---------------------------------------------------------------------------
by stof at 2012-03-06T17:42:03Z
@pminnieur send a pull request to the 2.0 branch then
---------------------------------------------------------------------------
by lsmith77 at 2012-03-06T18:42:41Z
i guess this doesn't break BC as SecurityContext always implemented the SecurityContextInterface .. no?
---------------------------------------------------------------------------
by pminnieur at 2012-03-06T19:11:00Z
this would not break BC, correct. I may identify additonal places where its not typed against the Interface but the implementation, which is really annoying. I will update the PR tomorrow morning and also do a PR for the 2.0 branch.
---------------------------------------------------------------------------
by stof at 2012-03-06T22:04:09Z
As it is in the constructor, it is not a BC break indeed as overwritten constructors can have a different signature anyway. For other places, take care that it could be a BC issue for people extending the class
---------------------------------------------------------------------------
by pminnieur at 2012-03-06T22:11:28Z
as the `isGranted ` method in the `SecurityContext ` implementation provided by Symfony is declared `final`, it's not really extendable at all - which ultimately leads to the problem: its indirectly hard coupled ;-)
---------------------------------------------------------------------------
by stof at 2012-03-06T22:38:08Z
@pminnieur the BC break is not for people extending the SecurityContext but for people extending classes that typehint it
---------------------------------------------------------------------------
by pminnieur at 2012-03-07T10:45:55Z
JFYI: the `RememberMeListener ` also does not type hint the interface but the implementation itself (it's always a constructor argument). All the other `Security\Http\Firewall` listeners type hint against the interface. I will update the PR accordingly today and also create a second PR against the 2.0 branch.
---------------------------------------------------------------------------
by pminnieur at 2012-03-07T11:55:52Z
JFYI: same issue w/ JMSSecurityExtraBundle https://github.com/schmittjoh/JMSSecurityExtraBundle/pull/44
Usage would be to extend the Kernel, and set the errorReportingLevel prior to calling parent::__construct(). Not ideal, but this doesn't break BC and allows the user to defer the decision as late as possible. This can/should be handled better in 2.1.x
Commits
-------
49a8654 [Security] Use LogoutException for invalid CSRF token in LogoutListener
a96105e [SecurityBundle] Use assertCount() in tests
4837407 [SecurityBundle] Fix execution of functional tests with different names
66722b3 [SecurityBundle] Templating helpers to generate logout URL's with CSRF tokens
aaaa040 [Security] Allow LogoutListener to validate CSRF tokens
b1f545b [Security] Refactor LogoutListener constructor to take options
c48c775 [SecurityBundle] Add functional test for form login with CSRF token
Discussion
----------
[Security] Implement support for CSRF tokens in logout URL's
```
Bug fix: no
Feature addition: yes
Backwards compatibility break: no
Symfony2 tests pass: yes
Fixes the following tickets: -
Todo: -
```
[![Build Status](https://secure.travis-ci.org/jmikola/symfony.png?branch=logout-csrf)](http://travis-ci.org/jmikola/symfony)
This derived from #3006 but properly targeting on the master branch.
This exposes new configuration options to the logout listener to enable CSRF protection, as already exists for the form login listener. The individual commits and their extended messages should suffice for explaining the logical changes of the PR.
In addition to changing LogoutListener, I also created a templating helper to generate logout URL's, which includes a CSRF token if necessary. This may or may not using routing, depending on how the listener is configured since both route names or hard-coded paths are valid options.
Additionally, I added unit tests for LogoutListener and functional tests for both CSRF-enabled form logins and the new logout listener work.
Kudo's to @henrikbjorn for taking the time to document CSRF validation for form login listeners (see [here](http://henrik.bjrnskov.dk/symfony2-cross-site-request-forgery/)). The [Logout CSRF Protection](http://www.yiiframework.com/wiki/190/logout-csrf-protection/) article on the Yii Framework wiki was also helpful in drafting this.
---------------------------------------------------------------------------
by jmikola at 2011-12-31T07:50:31Z
Odd that Travis CI reported a build failure for PHP 5.3.2, but both 5.3 and 5.4 passed: http://travis-ci.org/#!/jmikola/symfony/builds/463356
My local machine passes as well.
---------------------------------------------------------------------------
by jmikola at 2012-02-06T20:05:30Z
@schmittjoh: Please let me know your thoughts on the last commit. I think it would be overkill to add support for another handler service and/or error page just for logout exceptions.
Perhaps as an alternative, we might just want to consider an invalid CSRF token on logout imply a false return value for `LogoutListener::requiresLogout()`. That would sacrifice the ability to handle the error separately (which a 403 response allows us), although we could still add logging (currently done in ExceptionListener).
---------------------------------------------------------------------------
by jmikola at 2012-02-13T17:41:33Z
@schmittjoh: ping
---------------------------------------------------------------------------
by fabpot at 2012-02-14T23:36:22Z
@jmikola: Instead of merging symfony/master, can you rebase?
---------------------------------------------------------------------------
by jmikola at 2012-02-15T00:00:49Z
Will do.
---------------------------------------------------------------------------
by jmikola at 2012-02-15T00:05:48Z
```
[avocado: symfony] logout-csrf (+9/-216) $ git rebase master
First, rewinding head to replay your work on top of it...
Applying: [SecurityBundle] Add functional test for form login with CSRF token
Applying: [Security] Refactor LogoutListener constructor to take options
Applying: [Security] Allow LogoutListener to validate CSRF tokens
Applying: [SecurityBundle] Templating helpers to generate logout URL's with CSRF tokens
Applying: [SecurityBundle] Fix execution of functional tests with different names
Applying: [SecurityBundle] Use assertCount() in tests
Using index info to reconstruct a base tree...
Falling back to patching base and 3-way merge...
Applying: [Security] Use LogoutException for invalid CSRF token in LogoutListener
[avocado: symfony] logout-csrf (+7) $ git st
# On branch logout-csrf
# Your branch and 'origin/logout-csrf' have diverged,
# and have 223 and 9 different commit(s) each, respectively.
#
nothing to commit (working directory clean)
[avocado: symfony] logout-csrf (+7) $
```
After rebasing, my merge commits disappeared. Is this normal?
---------------------------------------------------------------------------
by stof at 2012-02-15T00:15:07Z
Are you sure they disappeared ? Diverging from the remote branch is logical (you rewrote the history and so changed the commit id) but are you sure it does not have the commits on top of master ? Try ``git log master..logout-scrf``
If your commut are there, you simply need to force the push for the logout-csrf branch (take care to push only this branch during the force push to avoid messing all others as git won't warn you when asking to force)
---------------------------------------------------------------------------
by stof at 2012-02-15T00:17:09Z
ah sorry, you talked only about the merge commit. Yeah it is normal. When reapplying your commits on top of master, the merge commit are not kept as you are reapplying the changes linearly on top of the other branch (and deleting the merge commit was the reason why @fabpot asked you to rebase instead of merging btw)
---------------------------------------------------------------------------
by jmikola at 2012-02-15T00:18:00Z
The merge commits are not present in `git log master..logout-csrf`. Perhaps it used those merge commits when rebasing, as there were definitely conflicts resolved when I originally merged in symfony/master (@fabpot had made his own changes to LogoutListener).
I'll force-push the changes to my PR brange. IIRC, GitHub is smart enough to preserve inline diff comments, provided they were made through the PR and not on the original commits.
---------------------------------------------------------------------------
by jmikola at 2012-02-15T00:19:38Z
That worked well. In the future, I think I'll stick to merging upstream in and then rebasing afterwards. Resolving conflicts is much easier during a merge than interactive rebase.
---------------------------------------------------------------------------
by jmikola at 2012-02-23T18:46:13Z
@fabpot @schmittjoh: Is there anything else I can do for this PR? I believe the exception was the only outstanding question (see: [this comment](https://github.com/symfony/symfony/pull/3007#issuecomment-3835716)).
Commits
-------
100d59b Modified Memcache(d) dsn to be more intuitive. Chnged Exception texts in other storages.
Discussion
----------
[HttpKernel] Modified Memcache(d)ProfilerStorage dsn to be more intuitive
Bug fix: no
Feature addition: -
Backwards compatibility break: no
Symfony2 tests pass: yes
Fixes the following tickets: -
Todo: -
Before:
```
#app/config/config_dev.yml
...
framework:
...
profiler:
...
dsn: memcache://127.0.0.1/11211
...
```
Now:
```
#app/config/config_dev.yml
...
framework:
...
profiler:
...
dsn: memcache://127.0.0.1:11211
...
```
If Memcache host is IPv6 address:
```
#app/config/config_dev.yml
...
framework:
...
profiler:
...
dsn: memcache://[::1]:11211
...
```
I changed texts of some exceptions to be more consistent, too.
Commits
-------
7444fdf Feedback fixes
54cfd44 Restore bypass_shell by default with windows compat
38df47a Fix env inheritance and added tests
f555c62 [Process] Add windows compatibility to Process component
c4e8ff7 [Process] Always escape commands properly and remove windows-specific handling
9e237f6 [Process] Add ProcessBuilder::create() for more fluidity in the interface until 5.4
4882777 [Process] Code clean up
Discussion
----------
ProcessBuilder clean up
- Code cleanup
- Added create() static method for easy creation until we can do `$process = (new ProcessBuilder())->add()->getProcess();`
- Removed windows wrapping of commands. This does not belong there IMO. If assetic needs that it should add it, and if it's generally beneficial to everyone then we should add it to Process, but having it implicitly only when using ProcessBuilder makes on sense.
---------------------------------------------------------------------------
by beberlei at 2012-02-16T16:10:15Z
I agree on the windows stuff. I know it fixes a bunch of issues in Assetic, but it also caused my tons of headaches in my windows commands that didnt need strict escaping. Also this messes with parameters in Powershell for example, when you have "foo /bar:baz" then it makes this to ""foo" "/bar:baz"" which in some circumstances fails. Its all messy.
---------------------------------------------------------------------------
by schmittjoh at 2012-02-16T17:53:30Z
Can you move the wrapping to the Process class instead? It's generally causing no bad side effects, but fixes a few issues in the proc_open implementation. It is also necessary for Assetic, and potentially other tools to work on Windows.
---------------------------------------------------------------------------
by Seldaek at 2012-02-16T17:56:02Z
Sure, although "generally" sounds a bit scary in your sentence :)
What about the bypass_shell option?
---------------------------------------------------------------------------
by schmittjoh at 2012-02-16T18:02:12Z
"generally" means I don't know of any, but what I do know is that the alternative you are suggesting is not working. Have there been any bug reports on Assetic/symfony/your own code that "cmd" wrapping causes problems?
---------------------------------------------------------------------------
by Seldaek at 2012-02-16T18:04:59Z
No no, don't get me wrong, I'm not suggesting this should be removed. I'm just saying it should be done for all processes or none, but not just for those run via the ProcessBuilder because that's a good recipe for WTFs.
---------------------------------------------------------------------------
by schmittjoh at 2012-02-16T18:09:38Z
Yeah, I understand, and it makes sense.
What I would suggest is to move it to the process class, and let a wider audience test this to see if we get any bug reports on strange behavior etc.
---------------------------------------------------------------------------
by Seldaek at 2012-02-16T18:12:00Z
Still not sure about the bypass_shell option though. And @beberlei mentioned problems? Can you expand on that?
---------------------------------------------------------------------------
by Seldaek at 2012-02-16T18:16:34Z
Added back to Process, with a switch so if anyone runs into problems they can easily disable it.
---------------------------------------------------------------------------
by Seldaek at 2012-02-22T10:59:58Z
Ping @fabpot - I think this is ready now
Ping @kriswallsmith if this gets merged please update Assetic stuff to restore the bypass_shell option if it's really needed.
---------------------------------------------------------------------------
by kriswallsmith at 2012-02-22T12:41:15Z
Posting a PR under "code cleanup" that tinkers with a class that is inherently difficult to test for regression and has been tested by the community for over a year is… a bit hard to swallow, honestly. Everything is there for a reason and should not be tinkered with lightly.
For example, it's important that the `$env` variable default to `null` so the current environment is inherited by default — why change that?
I don't know what the `bypass_shell` option does, but @pierrejoye does… which is why he put it there.
I'm okay with adding an "enhanced Windows compatibility" switch, but I personally think is should be on the builder, not `Process`. The builder is where we manipulate the strings that compose the command line, not in `Process`. You're introducing manipulation of the command line to `Process`, which blurs the responsibilities of the two classes.
I'm also okay with the static factory method :)
---------------------------------------------------------------------------
by Seldaek at 2012-02-22T13:19:40Z
@kriswallsmith (Sorry about the confusing title) My concern is just that if you use Process then decide to "upgrade" to the ProcessBuilder, you suddenly have a change of behavior that might break stuff without you noticing. I just want to avoid this unexpected behavior.
As for the $env stuff, I added a couple tests now, and then expanded that ternary operator a bit.. It actually was broken before. It passed null if you had no env set, but even if you did not call `inheritEnvironmentVariables`. If you want to inherit by default - which I agree it should - then why was `inheritEnv = false` in the constructor? I changed it too and now there is hopefully less confusion.
Restored bypass_shell=true unless it's explicitly set to false.
---------------------------------------------------------------------------
by kriswallsmith at 2012-02-22T13:25:23Z
We should also add the PHPUnit `@backupGlobals enabled` annotation while we're in here.
---------------------------------------------------------------------------
by kriswallsmith at 2012-02-22T13:31:41Z
@Seldaek Looks better, thanks for the changes. If `enhanceWindowsCompatibility` is going to live on `Process` we should expose the switch on the builder as well. Speaking of `enhanceWindowsCompatibility`… is there a more descriptive name for that? What exactly does that do, any why would anyone want to switch it off? The name is so vague we might as well call it `enableMagicalWindowsFix()`.
---------------------------------------------------------------------------
by pierrejoye at 2012-02-22T13:33:55Z
I really do not think that having a flag to enable portability is a
good idea, at all.
I do not remember the context right now but a flag is definitively a
bad idea (you will need other on other platforms).
I will take a look again at this next week (end of), as I am still OOF.
On Wed, Feb 22, 2012 at 2:31 PM, Kris Wallsmith
<reply@reply.github.com>
wrote:
> @Seldaek Looks better, thanks for the changes. If `enhanceWindowsCompatibility` is going to live on `Process` we should expose the switch on the builder as well. Speaking of `enhanceWindowsCompatibility`… is there a more descriptive name for that? What exactly does that do, any why would anyone want to switch it off? The name is so vague we might as well call it `enableMagicalWindowsFix()`.
>
> ---
> Reply to this email directly or view it on GitHub:
> https://github.com/symfony/symfony/pull/3381#issuecomment-4103882
--
Pierre
@pierrejoye | http://blog.thepimp.net | http://www.libgd.org
---------------------------------------------------------------------------
by Seldaek at 2012-02-22T13:42:56Z
backupGlobals seems to be enabled by default.
As for the enhanceWindowsCompatibility, yes. It's a poor name, but no I don't have any idea for a better one, because nobody could explain me what it does. People just scream that it's necessary.
@pierrejoye: If you or anyone can conclusively confirm that this stuff is always better, then we always do it. If it's not then it must be optional, and if it's not a flag then what? The point of the component is to abstract the proc_open horrors. If people have to know about windows quirks with regard to proc_open to use it, then it's not a very useful abstraction.
Additionally, if it *is* always better to use those portability fixes, then why isn't php doing it itself?
---------------------------------------------------------------------------
by pierrejoye at 2012-02-22T13:47:02Z
On Wed, Feb 22, 2012 at 2:42 PM, Jordi Boggiano
<reply@reply.github.com>
wrote:
> backupGlobals seems to be enabled by default.
>
> As for the enhanceWindowsCompatibility, yes. It's a poor name, but no I don't have any idea for a better one, because nobody could explain me what it does. People just scream that it's necessary.
> @pierrejoye: If you or anyone can conclusively confirm that this stuff is always better, then we always do it. If it's not then it must be optional, and if it's not a flag then what? The point of the component is to abstract the proc_open horrors. If people have to know about windows quirks with regard to proc_open to use it, then it's not a very useful abstraction.
proc_open has many quirks, not only on windows. That's why it should
work and detect what is needed, that may force you to slightly change
the split between builder and process.
> Additionally, if it *is* always better to use those portability fixes, then why isn't php doing it itself?
BC, like it or not (I do not).
However we cannot change past versions, so today code has to deal it
with it anyway.
I will take a look at what you are trying to fix here next week, if
you have any other requests regarding proc_open&portability, let me
know :)
Cheers,
--
Pierre
@pierrejoye | http://blog.thepimp.net | http://www.libgd.org
---------------------------------------------------------------------------
by Seldaek at 2012-02-22T13:54:38Z
Ok so it sounds to me like the current code is correct, it tries to fix
things as best as we know how to by default, and just gives you a way to
disable things in the odd case we messed up and some of those fixes are
harmful to some use cases.
---------------------------------------------------------------------------
by fabpot at 2012-03-02T21:38:18Z
@Seldaek @kriswallsmith is it ready for merge now?
---------------------------------------------------------------------------
by kriswallsmith at 2012-03-02T21:42:22Z
I'm still not happy with the name of `enhanceWindowsCompatibility`. We need to be more specific about what that does. It sounds like a marketing term right now ;)
---------------------------------------------------------------------------
by Seldaek at 2012-03-05T13:44:56Z
Agreed, but I can't think of anything better. It is indeed esoteric magic fixes that should work better but nobody seems 100% sure about it, so I think it's fairly accurate.
Commits
-------
4f8e8ef Improving performance on digit filtering
Discussion
----------
Improving performance on digit filtering
I haven't tested it on a productive system but I think it should be way faster to use filter_var() instead of preg_replace() for several reasons.
This is my first pull request for symfony and I don't know how you do those kind of performance tests but please verify my assumption if you can :-)
Maybe we can also use filter_var() to replace other regular expressions :-)
HTH =)
---------------------------------------------------------------------------
by drak at 2012-02-22T00:35:44Z
@Toflar - nice move +1
---------------------------------------------------------------------------
by drak at 2012-02-22T18:53:40Z
@Toflar - Maybe you can bench the changes using this as a template: https://gist.github.com/1356129
---------------------------------------------------------------------------
by Toflar at 2012-02-23T13:18:18Z
I have already. And it's way faster, otherwise I wouldn't have opened a pull request ;) But obviously it strongly depends on the length of the string and the environment. That's why I was wondering whether you have a general performance tests environment ;) Because the results strongly depend on other factors, there's - in my opinion - no point in exact results. If a general info is sufficient: my tests for the regex resulted in about 7 - 8 microseconds whereas the filter version only took 1.5 - 2 microseconds for the same string.
Commits
-------
ed8c1c0 Fixed AbstractProfilerStorageTest and some minor CS changes.
1ac581e Overwrite the profile data if the token already exists like in the other implementations.
198d406 Return profiler results sorted by time in descending order like in the other implementations.
9d8e3f2 Refactored profiler storage tests to share some code.
Discussion
----------
[WIP] Refactored profiler tests including some storage fixes
Bug fix: yes
Feature addition: no
Backwards compatibility break: no
Symfony2 tests pass: yes
While refactoring the tests I came across some inconsistencies. Two of them are already fixed in this PR.
One thing left is the [MongoDbProfilerStorageTest::testCleanup()](9d8e3f2da4/tests/Symfony/Tests/Component/HttpKernel/Profiler/MongoDbProfilerStorageTest.php (L51)) test which fails in all other storage implementations. The mongodb implementation uses the `time` value from the profiler data to clean up the storage while the others additionally save a `created_at` value which is then used. For me this `created_at` value does not make any sense and I would suggest to change the other implementations to use the `time` value for cleaning up. What do you think?
---------------------------------------------------------------------------
by pulzarraider at 2012-02-27T06:55:06Z
+1 for refactoring profiler tests, I will update my RedisProfilerStorage after your changes will be merged.
---------------------------------------------------------------------------
by snc at 2012-02-28T20:05:12Z
Any suggestions about the cleanup issue?
Commits
-------
471b564 auto_start should be false
6e2a7da Support session cookie options with cookie_ prefix
e0fba80 Properly merge session cookie_* parameters
Discussion
----------
Set session.cookie_* parameters properly
Bug fix: yes
Feature addition: no
Backwards compatibility break: yes
Symfony2 tests pass: yes
Fixes the following tickets: /
Cookie parameters in $options are not prefixed with cookie_ the same is true for data returned from session_get_cookie_params.
I've marked this as BC because the options that get dumped into the container have different name. But I don't think anybody was actually changing them or accessing them in their bundles.
P.S. @drak also desires some credits for this PR as I incorporated some lines written by him in one of the iterations.
---------------------------------------------------------------------------
by drak at 2012-02-23T14:24:42Z
@mvrhov - what does this fix exactly? It looks like a different way of doing the same thing but now there is no default value on `cookie_httponly`.
---------------------------------------------------------------------------
by mvrhov at 2012-02-23T15:09:17Z
Like I said in description. $option contains some cookie options and none of them has cookie_ prefix.
And this prefix is needed in two cases:
- to properly merge defaults and override them with what user set
- in a foreach for for proper ini_set
Sorry non native speaker an a bit hard to explain, could you ping me in a couple of hours on IRC if this still doesn't make any sense.
---------------------------------------------------------------------------
by drak at 2012-02-23T15:29:41Z
@mvrhov - I wrote some tests for this particular code and I still don't see what this PR fixes. I'll try to catch you on IRC later on but can't guarantee it.
---------------------------------------------------------------------------
by mvrhov at 2012-02-23T16:02:41Z
added test
---------------------------------------------------------------------------
by drak at 2012-02-24T08:30:51Z
Just for reference for those reading this ticket, `session_set_cookie_params()` alters the runtime ini settings it corresponds to see http://docs.php.net/manual/en/function.session-set-cookie-params.php so we agreed to remove the special handling that was present since it is redundant.
---------------------------------------------------------------------------
by dlsniper at 2012-02-28T22:19:32Z
Hi, Is this patch relevant or not after all?
ping @drak @mvrhov
Thanks :)
---------------------------------------------------------------------------
by drak at 2012-02-29T03:34:22Z
It is relevant. Maybe I'll do the cleanup this PR by forking it if @mvrhov doesn't have time.
---------------------------------------------------------------------------
by mvrhov at 2012-02-29T05:40:47Z
Fixed the typo and changed the false to ture as reported in comments. I've also rebased. I'll see what I can do about config file change later today. Sorry for the delay, been too busy for the past week.
---------------------------------------------------------------------------
by mvrhov at 2012-02-29T08:49:23Z
I've also done the config part.
---------------------------------------------------------------------------
by mvrhov at 2012-02-29T11:01:14Z
Ok, this should be it.
---------------------------------------------------------------------------
by drak at 2012-03-01T00:59:16Z
@fabpot - looks good from my side.
Added blocks, updated links and references and fixed typos.
Note it is not possible to throw exceptions in the write or close methods of a session save handler.
Commits
-------
bafcaaf Removed version field
f9d9dc7 Add branch-alias for composer
Discussion
----------
Add branch-alias for composer
This should restore the 2.1-dev version (as an alias of dev-master) so that `2.*` or `2.1.*` constraints work again. I'll adjust packagist soon to also display those aliases.
Commits
-------
eb58dd1 Removed useless parameter from Memcached::set()
Discussion
----------
Removed useless parameter from Memcached::set() which makes users unable to set session expiry time.
Bug fix: yes
Feature addition: no
Backwards compatibility break: no
Symfony2 tests pass: yes
Fixes the following tickets: -
Todo: -
The parameter count is wrong so it makes setting session expiration useless.
---------------------------------------------------------------------------
by stof at 2012-02-25T16:06:16Z
Already fixed in 15c6ba93f
---------------------------------------------------------------------------
by stof at 2012-02-25T16:06:46Z
ah sorry, it was the profiler storage
Commits
-------
09b1bd5 [HttpKernel] Remove the _controller since it is not a route parameter part of the url
Discussion
----------
[HttpKernel] Remove the _controller since it is not a route parameter part of the URL
There is no reason for the _controller to be there, the whole idea behind this _route_params thing was to help re-generating the current page's URL, you can easily grab the _route + _route_params and reconstruct it without having lots of garbage as query parameters like `?_controller=Foo::..`
---------------------------------------------------------------------------
by fabpot at 2012-02-24T10:29:01Z
I agree but isn't it a BC break? I mean, someone may rely on `_controller` in his code.
---------------------------------------------------------------------------
by Seldaek at 2012-02-24T11:45:46Z
This is a new 2.1 feature AFAIK so no it's not breaking anything. If _controller is deemed necessary then we should add it on the attributes, but not in the _route_params IMO.
---------------------------------------------------------------------------
by stof at 2012-02-24T13:32:41Z
indeed, ``_route_params`` is new in 2.1
Commits
-------
e6e9b5a [Routing] Return the _route parameter from ApacheUrlMatcher
Discussion
----------
[Routing] Return the _route parameter from ApacheUrlMatcher
---------------------------------------------------------------------------
by fabpot at 2012-02-22T23:13:49Z
Can you squash your commits before I merge? Thanks.
---------------------------------------------------------------------------
by arnaud-lb at 2012-02-23T09:12:45Z
sure, done
Commits
-------
b269e27 [Config] Improve handling of PrototypedArrayNode defaults
4feba09 [Config] implements feedback
bc122bd [Config] Fix nested prototyped array nodes
675e5eb [Config] Take advantage of the new PrototypedArrayNode API in the core bundles
cba2c33 [Config] Improve error messages & extensibility
bca2b0e [Config] Improve PrototypedArrayNode default value management
Discussion
----------
[Config] Improve prototype nodes usability, error messages, extensibility
### First commit
*Before* (you should set multiple defalutValues)
```php
<?php
$root
->arrayNode('node')
->prototype('array')
// when the node is not set
->defaultValue(array('foo' => 'bar')
->children()
// when the key is not set
->scalarNode('foo')->defaultValue('bar')->end()
$root
->arrayNode('node')
->prototype('array')
// when the node is not set
->defaultValue(array('defaults' => array('foo1' => 'bar1', 'foo2' => 'bar2')
->children()
->arrayNode('bar')
// when the node is not set
->addDefautsIfNotSet()
// when some values are not set (node being set)
->scalarNode('foo1')->defaultValue('bar1')->end()
->scalarNode('foo2')->defaultValue('bar2')->end()
```
*after*
```php
<?php
$root
->arrayNode('node')
->addDefaultChildrenWhenNoneSet()
->prototype('array')
->children()
->scalarNode('foo')->defaultValue('bar')->end()
$root
->arrayNode('node')
->addDefaultChildrenWhenNoneSet()
->prototype('array')
->children()
->arrayNode('bar')
->scalarNode('foo1')->defaultValue('bar1')->end()
->scalarNode('foo2')->defaultValue('bar2')->end()
```
*more* (exclusive configs)
```php
<?php
$root
->arrayNode('node')
// Add a default node named 'defaults'
->addDefaultChildrenWhenNoneSet()
// Add a default node named 'foo'
->addDefaultChildrenWhenNoneSet('foo')
// Add two default nodes named 'foo', 'bar'
->addDefaultChildrenWhenNoneSet(array('foo', 'bar'))
// Add two default nodes
->addDefaultChildrenWhenNoneSet(2)
```
### Second commit
Improves error messages (print the path to the error) & extensibility.
@schmittjoh I would appreciate you feedback on both the commits. Do you think a boolean $throw switch on `getNode` would make sense (i.e. to prevent throwing excs in prod ?).
---------------------------------------------------------------------------
by schmittjoh at 2012-02-20T15:43:18Z
The error improvements seem uncontroversial.
I'm not so convinced by the other changes though. What if the prototype is a map and not a simple list?
---------------------------------------------------------------------------
by vicb at 2012-02-20T16:07:51Z
I think there's one caveat left in the code as it is now that I will fix (nested prototypes).
Could you please give me more details on the use case you are referring to ?
You do not have to use the new feature but It can be really helpful [here](https://github.com/symfony/symfony/pull/3225/files#L4R38) for example.
---------------------------------------------------------------------------
by schmittjoh at 2012-02-20T17:20:02Z
What I mean is something like this:
```php
->arrayNode("foo")
->useAttributeAsKey("name")
->prototype(/* ...
```
---------------------------------------------------------------------------
by vicb at 2012-02-20T17:28:01Z
What would be wrong then ? (that's the use case I link in my previous msg)
---------------------------------------------------------------------------
by schmittjoh at 2012-02-20T17:28:55Z
How would adding defaults look like?
---------------------------------------------------------------------------
by vicb at 2012-02-20T17:36:35Z
Check the "more" part of the PR message.
In the linked use case, it would add a "defaults" server using the default host / port / weight. In this case I do not care about the name but the values are important to help alias the equivalent configs. You can override the "defaults" name by using a parameter.
---------------------------------------------------------------------------
by vicb at 2012-02-20T17:47:27Z
```php
<?php
// [...]
->arrayNode('servers')
->addDefaultChildrenWhenNodeSet()
->useAttributeAsKey('name')
->prototype('array')
->children()
```
---------------------------------------------------------------------------
by schmittjoh at 2012-02-20T17:47:54Z
What I was thinking about is having two nodes with different default values. Right now, both nodes while having different keys would still have the same default values which does not make much sense to me. However, we can address this in another PR.
One thing that we should fix though is that we should require keys in case of a map, and forbid them in case of a list. It might make sense to split it into different methods. Like the following examples make no sense (but are possible atm):
```php
->arrayNode("foo")
->useAttributeAsKey("name")
->addDefaultChildrenIfNotSet(5)
->arrayNode("foo")
->addDefaultChildrenIfNotSet("foo")
->prototype("scalar")->end()
```
Another minor nitpick, please rename "when" to "if".
---------------------------------------------------------------------------
by vicb at 2012-02-20T18:03:19Z
@schmittjoh thank you for your feedback.
message-2:
* I think the first case is fine (children "1" to "5"). Sometimes you just don't care about the names so it should not be forbidden.
* I also think the second case is fine as you would write `foo: value` in your config file anyway.
Let me know your thoughts about the previous statements.
Agree to change when to if.
message-1:
Will change
---------------------------------------------------------------------------
by vicb at 2012-02-20T18:06:33Z
I think "IfNoneSet" is more accurate than "IfNotSet" ?
---------------------------------------------------------------------------
by schmittjoh at 2012-02-20T18:09:59Z
If you call "useAttributeAsKey" it automatically means that the keys are meaningful to you (otherwise there is no point in calling it). In such a case, keys should be explicitly given.
On the other hand, if you do not call it, then the keys are ignored/dropped by the Config component. So if you give a key, it is an obvious error that we should catch. The second case I linked would look like ``foo: [value]`` in contrast to ``foo: { foo: value }``.
---------------------------------------------------------------------------
by schmittjoh at 2012-02-20T18:14:44Z
I'm not feeling strongly about this, but "IfNotSet" is more consistent with
"addDefaultsIfNotSet" and basically reads as "if array node is not set, do
...". Your example would refer to the children and read as "if none
(children) have been defined, do ...".
On Mon, Feb 20, 2012 at 12:06 PM, Victor Berchet <
reply@reply.github.com
> wrote:
> I think "IfNoneSet" is more accurate than "IfNotSet" ?
>
> ---
> Reply to this email directly or view it on GitHub:
> https://github.com/symfony/symfony/pull/3403#issuecomment-4058579
>
---------------------------------------------------------------------------
by vicb at 2012-02-20T18:30:21Z
message-2:
* Agree on first point, will change
* You could specify the keys in your config file if the prototype is an array (you used a scalar). Should we implement a switch in the validation (i.e. array / not array) or just go with numeric / null arg as you suggest ?
message-1:
> Your example would refer to the children and read as "if none (children) have been defined, do ..."
QED
---------------------------------------------------------------------------
by vicb at 2012-02-20T22:11:05Z
@schmittjoh I have implemented your suggestions (other than the "NoneSet"). Let me know if you think this is ok. Thanks.
---------------------------------------------------------------------------
by schmittjoh at 2012-02-21T03:24:19Z
Looks good to me.
As an additional improvement we might consider to allow to prepopulate an prototyped with values. For example, in the FOSRestBundle there is a case where this could be used.
```php
->arrayNode('formats')
->prepopulateValues(array('application/json' => 'json', 'application/xhtml+xml' => 'xml'))
->useAttributeAsKey('name')
->prototype('scalar')->canBeUnset()->end()
```
This could be done in a separate PR however and is not strictly related to these improvements.
---------------------------------------------------------------------------
by vicb at 2012-02-21T07:51:59Z
@schmittjoh that would be a great addition but I think need some thinking (i.e. the name, `initialValues` ?, should we handle duplicates, how - in case we are not using attribue as key, ...) so let's make an other PR, I'd like this one to be merged asap as I need this for the Cache Bundle.
@fabpot ready
Commits
-------
fb2bb65 [HttpFoundation] Fix session.cache_limiter is not set correctly
Discussion
----------
[HttpFoundation] Fix session.cache_limiter is not set correctly
Bug fix: yes
Feature addition: no
Backwards compatibility break: no
Symfony2 tests pass: yes
Fixes the following tickets: -
Todo: -
Fixes a regression after the session refactoring where extra cache control http headers are sent.
This was previously handled by [calling session_cache_limiter(false) in NativeSessionStorage](https://github.com/symfony/symfony/blob/2.0/src/Symfony/Component/HttpFoundation/SessionStorage/NativeSessionStorage.php#L81)
---------------------------------------------------------------------------
by drak at 2012-02-21T12:23:48Z
@fabpot - this code can be merged imo.
Commits
-------
6fbd290 Improved unit tests for MemcacheSessionStorage
b4c5323 Added comma to array initializer, reverted permissions back to 644
3dd851a Use correct parameters
0e01418 Fix default if no serverpool is provided
2a65121 Fix several issues in MemccheSessionStorage which prevented it from being used correctly
Discussion
----------
Fix several issues in MemcacheSessionStorage
Apperently this could never have worked unless someone passed wrong arguments to the options.
---------------------------------------------------------------------------
by mazen at 2012-02-19T07:58:52Z
```
[marcel@development symfony]$ phpunit tests/Symfony/Tests/Component/HttpFoundation/Session/Storage/MemcacheSessionStorageTest.php
PHPUnit 3.6.10 by Sebastian Bergmann.
Configuration read from /www/includes/vendor/symfony/phpunit.xml.dist
......
Time: 0 seconds, Memory: 3.75Mb
OK (6 tests, 11 assertions)
```
---------------------------------------------------------------------------
by lsmith77 at 2012-02-19T16:10:13Z
cc @drak
---------------------------------------------------------------------------
by drak at 2012-02-19T17:44:00Z
Looks like we could do with some tests for the constructor that also test the defaults and the internal properties. And also more extensively tests the mock to test the addServer behaviour.
---------------------------------------------------------------------------
by helmer at 2012-02-19T18:02:03Z
@mazen You've changed file permissions from 644->755 ..
---------------------------------------------------------------------------
by drak at 2012-02-21T12:25:11Z
@fabpot - with the extra tests added in 6fbd290 I believe this code is ready for merge.
Commits
-------
0a176eb [FrameworkBundle] Fix configuration errors
6745b28 [Config] Throw exceptions on invalid definition
fb27de0 [Config] cleanup
Discussion
----------
[Config] Cleanup, error detection, fixes
see #3357
---------------------------------------------------------------------------
by stloyd at 2012-02-15T10:56:00Z
@vicb As you added new exceptions, IMO you should add some tests to cover it.
---------------------------------------------------------------------------
by vicb at 2012-02-15T10:56:50Z
good point, I'll do.
---------------------------------------------------------------------------
by vicb at 2012-02-15T13:49:44Z
@stloyd that was a great idea, I realized I had miss a case. It has been added and should be covered by UT + fixes made.
I am done with the fixes, should be ready to merge.
And time to give the `PrototypedArrayNode` some more usability now.
Commits
-------
b95284e [Profiler] Fix memcache(d)
Discussion
----------
[Profiler] Fix memcache(d) storages
This fixes an ambiguity...
The memcache(d) storages have a `$lifetime` option. The name indicates that we are talking about a ttl (in seconds). This is wrong is `$lifetime` > 2592000 (=30 days), see http://fr.php.net/manual/en/memcache.set.php.
Doctrine is also [affected](e9ab2d2cca).
The ambiguity also exists in the session storage but to a lesser extend as those storage directly use memcache(d) options rather than a `$lifetime`. @drak could you confirm ?
Hopefully the Cache Component will get it right (#3211).
Commits
-------
d077ede [HttpFoundation] Increase test coverage.
cbb3e69 [HttpFoundation] Increase test coverage.
Discussion
----------
[HttpFoundation] Increase session test coverage.
Bug fix: no
Feature addition: no
Backwards compatibility break: no
Symfony2 tests pass: yes
Fixes the following tickets: -
Todo: -
On the advice of @schmittjoh, this commit adds a LogoutException class for use by LogoutListener if the CSRF token is invalid.
The handling in the Security component's ExceptionListener is modeled after AccessDeniedException, which gets wrapped in an AccessDeniedHttpException in the absence of handler service or error page (I didn't think it was appropriate to re-use those for LogoutException).
This adds several new options to the logout listener, modeled after the form_login listener:
* csrf_parameter
* intention
* csrf_provider
The "csrf_parameter" and "intention" have default values if omitted. By default, "csrf_provider" is empty and CSRF validation is disabled in LogoutListener (preserving BC). If a service ID is given for "csrf_provider", CSRF validation will be enabled. Invalid tokens will result in an InvalidCsrfTokenException being thrown before any logout handlers are invoked.
Commits
-------
9d6eb82 [Routing] Fix a bug in the TraceableUrlMatcher
9fc8d28 [FrameworkBundle] Fix a bug in the RedirectableUrlMatcher
4fcf9ef [Routing] Small optimization in the UrlMatcher
abc2141 [Routing] Added a missing property declaration
d86e1eb [Routing] Remove a weird dependency
Discussion
----------
[Routing] Remove a dependency on a derived class, fixes, optim
Subset of #3296 which should be acceptable.
Travis is happy.
The side effect of removing the dependency is that the `UrlMatcher` does not throw an exception any more when the scheme does not match the required scheme. I think it is better because:
* it removes a dependency on a derived class,
* it was an undocumented "feature",
* other thrown excs are component specific while this one was raw SPL.
---------------------------------------------------------------------------
by vicb at 2012-02-09T14:43:02Z
let me know what should go in 2.0 as well.
Commits
-------
e5edf5a [Console] Fixed CS
8abf506 [Console] Added abbreviation into search for bad command / namespace
c6203bc [Console] Added namespace suggest on bad namespace name
117359a [Console] fixed CS according to PR comment
dd0d97e [Console] Added suggest on bad command name
Discussion
----------
[Console] Added suggest on bad command name
Bug fix: no
Feature addition: yes
Backwards compatibility break: no
Symfony2 tests pass: yes
Fixes the following tickets: -
Todo: namespace ?
Added something like in `git` : if user type a wrong command and if a close alternative exists, Command compenent will display a list of similar command(s).
Note : It does not work with namespace. If this PR will be merged, I could work on namespace.
see : https://github.com/fabpot/Twig/blob/master/lib/Twig/Environment.php#L1003
---------------------------------------------------------------------------
by fabpot at 2012-02-11T18:54:49Z
I think we need it to also work on namespace before merging. Is it possible?
---------------------------------------------------------------------------
by henrikbjorn at 2012-02-11T19:01:06Z
could maybe use similar_text ?
---------------------------------------------------------------------------
by lyrixx at 2012-02-11T19:01:55Z
Yes.
I will work on it asap
---------------------------------------------------------------------------
by lyrixx at 2012-02-11T20:06:43Z
I added code for namespace
@henrikbjorn I did the same logic as in twig.
---------------------------------------------------------------------------
by lyrixx at 2012-02-11T20:27:48Z
Note : Travis tests failed : http://travis-ci.org/#!/lyrixx/symfony/builds/663216
```before_script: Execution of 'php vendors.php' took longer than 600 seconds and was terminated.
Consider rewriting your stuff in AssemblyScript, we've heard it handles Web Scale™```
But tests are OK on my laptop
---------------------------------------------------------------------------
by stof at 2012-02-11T20:41:15Z
Well, it may be due to github issues during the setup of the vendors. There is some issues regularly because of the DDoS attack.
---------------------------------------------------------------------------
by lyrixx at 2012-02-11T20:58:07Z
Yes, i guessed it :-) that's why i notice it work on my laptop
---------------------------------------------------------------------------
by fabpot at 2012-02-11T23:11:08Z
This code won't work if you use abbreviations instead of the full namespace or command name.
---------------------------------------------------------------------------
by lyrixx at 2012-02-12T23:30:04Z
I added code to manage abbreviations. But I'm not sure what you are expecting. Can you try it and give me some feedback ?
P.S. : Travis failed again, but tests pass on my laptop.
Commits
-------
beb4fc0 [WIP][Locale] StubIntlDateFormatter::parse was throwing exception instead of returning Boolean false like intl implementation
b61dff7 fixed CS
Discussion
----------
[WIP][Locale] StubIntlDateFormatter::parse was throwing exception instead of returning Boolean false like intl implementation
Bug fix: yes
Feature addition: no
Backwards compatibility break: no
Symfony2 tests pass: ![travis.ci](https://secure.travis-ci.org/eriksencosta/symfony.png?branch=ticket_2781)
Fixes the following tickets: #2781
Todo: A test fail in 32 bit environment, executed tests only with PHP 5.3.2 and ext-intl ICU 4.2 based
Failed test:
1) Symfony\Tests\Component\Locale\Stub\StubIntlDateFormatterTest::testFormatWithDefaultTimezoneIntl
Failed asserting that two strings are equal.
--- Expected
+++ Actual
@@ @@
-'1969-12-31 21:00:00'
+'1969-12-31 16:00:00'
Commits
-------
7474293 memcache profiler storage support added
Discussion
----------
[HttpKernel] [FrameworkBundle] Memcache(d) Profiler Storage added
Bug fix: no
Feature addition: yes
Backwards compatibility break: no
Symfony2 tests pass: yes
Fixes the following tickets: -
Todo: -
There are 2 memcache PHP extensions: Memcache and MemcacheD (with "D" at the end) - both are supported.
How to use Memcache Profiler Storage (Memcache php extension is used):
change (or add if there isn't) "dsn" in framework/profiler section in config_dev.yml
```
...
framework:
...
profiler:
...
dsn: memcache://127.0.0.1/11211
...
```
How to use Memcached Profiler Storage (MemcacheD php extension is used):
change "dsn" in framework/profiler section in config_dev.yml
```
...
framework:
...
profiler:
...
dsn: memcached://127.0.0.1/11211
...
```
Last changes:
- memcached support addedd
- optimized performance (serialization done in extension, index is created with ```append``` function)
- updated to last version of Profiler (find by method, avoid duplications)
- done squash on commits
---------------------------------------------------------------------------
by stloyd at 2011-12-01T23:36:02Z
You need to add check for index name size, AFAIK memcache will fail if key is longer than 250 characters.
Also please do an `squash` for all those commits.
---------------------------------------------------------------------------
by pulzarraider at 2011-12-02T00:15:28Z
@stloyd Thanks. I will add the check for key length.
I am just starting with git. Could you please add some tutorial about squash to a documentation page: http://symfony.com/doc/2.0/contributing/code/patches.html ? It will help me (and maybe some others) to do it correct way.
---------------------------------------------------------------------------
by stof at 2011-12-02T00:19:01Z
http://help.github.com/rebase/
---------------------------------------------------------------------------
by pulzarraider at 2011-12-03T18:56:11Z
Thanks @stof, rebase done.
---------------------------------------------------------------------------
by dlsniper at 2011-12-11T14:00:17Z
Hi,
Would it be possible to either use Memcached instead of Memcache or make it configurable to use either Memcache or Memcached?
I've did a little digging on the benefits of using Memcached over Memcache (like for example: http://stackoverflow.com/questions/1442411/using-memcache-vs-memcached-with-phphttp://devzone.zend.com/1869/zendcon-sessions-episode-040-memcached-the-better-memcache-interface/ ) and maybe this will also help in not having two extensions installed for people who are using Memcached already.
Regards.
---------------------------------------------------------------------------
by pulzarraider at 2011-12-11T16:15:58Z
@dlsniper thanks for great comment. I will add memcached support.
---------------------------------------------------------------------------
by stof at 2011-12-12T20:49:00Z
@pulzarraider what is the status of this PR ? Is it still a WIP ?
---------------------------------------------------------------------------
by pulzarraider at 2011-12-12T22:58:48Z
@stof Yes, it's still WIP. I'm working on a memcached (with D at the end) support. It will be finished in the next few days.
---------------------------------------------------------------------------
by dlsniper at 2011-12-15T12:51:52Z
@pulzarraider if I can help you with the PR let me know.
---------------------------------------------------------------------------
by pulzarraider at 2012-01-08T20:22:24Z
@dlsniper @stof I've finally added memcached support and done some optimizations. Memcache(d) profiler storage is now ready.
---------------------------------------------------------------------------
by dlsniper at 2012-01-08T22:12:29Z
I'm glad you finished this @pulzarraider
Thanks! for your hard work!
+1 for this PR
@stof, @fabpot is it good to go on master?
---------------------------------------------------------------------------
by pulzarraider at 2012-01-28T19:45:56Z
@stof, @fabpot ping
Commits
-------
3dd3d58 [EventListener] Fix an issue with sub-requests
71bf279 cleanup
acdb325 [StopWatch] Provide a cleaner API
acd1287 [Stopwatch] rename the section event to avoid collisions
eb540be [Profiler] Allow profiling the terminate event
4ccdc53 [HttpKernel] Cleanup of PdoProfilerStorage
814876f [HttpKernel] Tweak the code of the ProfilerListener
Discussion
----------
[Profiler] Allow profiling the terminate event
![Travis](https://secure.travis-ci.org/vicb/symfony.png?branch=profiler.terminate)
This PR is mainly about allowing to profile the terminate event (i.e. see it in the timeline panel)
There are some other tweaks.
---------------------------------------------------------------------------
by vicb at 2012-02-02T14:43:20Z
please don't merge for now. good question. bad answer.
---------------------------------------------------------------------------
by vicb at 2012-02-06T15:05:46Z
While first commits were focused on problem solving, the last brings a clean API with the ability to re-open an existing section in order to add events (re-setting event origins and merging them were just hacks).
Should be ready to be merged.
_Edit: Sorry, couldn't resist adding a private helper class again!_
---------------------------------------------------------------------------
by stof at 2012-02-06T18:30:09Z
@vicb you should stop adding such classes defined in the same file. Otherwise we will have to change the CS (and to stop telling we respect the PSR-0 standard)
---------------------------------------------------------------------------
by vicb at 2012-02-06T18:33:36Z
Once again PSR-0 is about autoloading which is exactly why I do not want in such cases. CS are an other matter and yes I think they should be changed to allow this (and I am going to submit a PR right now).
The only argument I could accept is whether this class should be private or not.
---------------------------------------------------------------------------
by vicb at 2012-02-06T19:57:06Z
Thanks for your valuable feedback @stof
---------------------------------------------------------------------------
by fabpot at 2012-02-11T20:53:03Z
Have you tested it on a project? Because it breaks my simple examples (where I have some sub-requests).
---------------------------------------------------------------------------
by vicb at 2012-02-12T09:47:23Z
my bad, should be ok now.