This PR was merged into the 2.3 branch.
Discussion
----------
[Security] fixed pre/post authentication checks
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #8510, #9622
| License | MIT
| Doc PR | N/A
After further investigation of #8510, I found that all checks in the `checkPreAuth` actually belongs to `checkPostAuth` and the same goes for checks in `CheckPostAuth` (I checked the original source from Spring and indeed, that's how it is implemented there: see https://github.com/spring-projects/spring-security/blob/master/core/src/main/java/org/springframework/security/authentication/dao/AbstractUserDetailsAuthenticationProvider.java#L305
).
So, this PR fixes that issue. I think that we can do this change safely in 2.3 as the error message is the same for all causes by default (`$hideUserNotFoundExceptions` is `true` by default in `UserAuthenticationProvider`).
The only "real" change is whether the authentication is checked or not.
Commits
-------
ada82a2 [Security] fixed pre/post authentication checks
This PR was squashed before being merged into the 2.5-dev branch (closes#9855).
Discussion
----------
[Twig] Decouple Twig commands from the Famework
I want to use the command `twig:lint` in a Silex project.
In this PR, I've moved the class `Symfony\Bundle\TwigBundle\Command\LintCommand` to `Symfony\Bridge\Twig\Command\LintCommand` and removed dependency to the `ContainerAwareCommand`.
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | yes
| BC breaks? | yes (renamed class)
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | https://github.com/symfony/symfony/pull/9818#issuecomment-30961360
| License | MIT
| Doc PR | n/a
- [ ] Move command `twig:debug` once merged.
- [x] Lazy load twig service
Commits
-------
907748d [Twig] Decouple Twig commands from the Famework
This PR was merged into the 2.5-dev branch.
Discussion
----------
[WIP] [FrameworkBundle] removed some more dependencies on the request service
| Q | A
| ------------- | ---
| Bug fix? | kinda (see linked tickets)
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #8915, #9185
| License | MIT
| Doc PR | n/a
/cc @kriswallsmith
Commits
-------
4f3d502 [FrameworkBundle] removed some more dependencies on the request service
This PR was merged into the 2.3 branch.
Discussion
----------
fixed some PSR-0 class names
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
Commits
-------
a38e2c0 fixes PSR-0 issues in tests
This PR was merged into the 2.3 branch.
Discussion
----------
[Filesystem | WCM] 9339 fix stat on url for filesystem copy
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #9339
| License | MIT
| Doc PR | na
supersedes https://github.com/symfony/symfony/pull/9863
Commits
-------
4fba412 adjusted behavior to always copy override on url files
When overriding the Symfony RoleHierarchy it would be great to be able to get access to the buildRoleMap-method and map-variable for more advanced usage.
This PR was merged into the 2.5-dev branch.
Discussion
----------
[Validator] Added Doctrine cache
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | yes
| Tests pass? | yes
| Fixed tickets | https://github.com/symfony/symfony/issues/9887
| License | MIT
| Doc PR |
I propose to keep the `CacheInterface` and deprecate only the `ApcCache`.
It will leave the classes depending on a `CacheInterface` unchanged and will allow to adapt new cache providers in the future.
Commits
-------
3c4de45 [Validator] Added Doctrine cache
* 2.4:
fix some cs
use restore_error_handler instead of set_error_handler($previous)
fix#9321 Crawler::addHtmlContent add gbk encoding support
[Console] fixed column width when using the Table helper with some decoration in cells
[Security] Fixed problem with losing ROLE_PREVIOUS_ADMIN role.
Fix for cache-key conflict when having a \Traversable as choices
[Security] removed obsolete comment
* 2.3:
fix some cs
use restore_error_handler instead of set_error_handler($previous)
fix#9321 Crawler::addHtmlContent add gbk encoding support
[Console] fixed column width when using the Table helper with some decoration in cells
[Security] Fixed problem with losing ROLE_PREVIOUS_ADMIN role.
Fix for cache-key conflict when having a \Traversable as choices
[Security] removed obsolete comment
Conflicts:
src/Symfony/Component/Console/Helper/TableHelper.php
src/Symfony/Component/Security/Tests/Http/Firewall/ExceptionListenerTest.php
This PR was merged into the 2.3 branch.
Discussion
----------
[Console] fixed column width when using the Table helper with some decoration in cells
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #8152, #9366
| License | MIT
| Doc PR | n/a
This PR fixes the same issue as #9366 but works in all situations (all kind of styles, when the string is shorter than any other one or larger than any other ones, ...).
I'm not very satisfied with the fix and especially the `computeLengthWithoutDecoration` method, but the whole helper should be rethought to make it stateless (out of the scope of this PR).
Commits
-------
5b4d057 [Console] fixed column width when using the Table helper with some decoration in cells
This PR was merged into the 2.5-dev branch.
Discussion
----------
WebTestCase: Assume relative KERNEL_DIR is relative to phpunit.xml[.dist]?
When using the `KERNEL_DIR` setting in phpunit.xml[.dist] files for the `WebTestCase`, a relative path seems to be interpreted relative to the cwd.
That makes no difference in the probably most common case of having the phpunit config in the project's top level directory and just running `phpunit`. It makes a difference however when running it from a lower level dir and referencing the config with `-c ../../phpunit.xml`.
A conservative change would be to interpret the `KERNEL_DIR` as relative to cwd and only try it as relative to the phpunit.xml[.dist] file if the first path does not exist.
A more consistent approach would be to always have it (in case of relative paths) being relative to the config file. That might break things for folks who intentionally start phpunit from different directories to use different kernels.
The docs seem not to say anything about how it is supposed to used, the example values provided suggest using an absolute path.
Opinions?
Commits
-------
05dc0e1 Consider KERNEL_DIR setting as relative to the PhpUnit XML file if it does not point to a directory (relative to the current cwd)
This PR was squashed before being merged into the 2.3 branch (closes#8997).
Discussion
----------
[Security] Fixed problem with losing ROLE_PREVIOUS_ADMIN role.
<table>
<tr>
<td><b>Q</b></td>
<td><b>A</b></td>
</tr>
<tr>
<td>Bug fix?</td>
<td>yes</td>
</tr>
<tr>
<td>New feature</td>
<td>no</td>
</tr>
<tr>
<td>BC breaks?</td>
<td>no</td>
</tr>
<tr>
<td>Deprecations?</td>
<td>no</td>
</tr>
<tr>
<td>Tests pass?</td>
<td>yes</td>
</tr>
<tr>
<td>Fixed tickets</td>
<td>#3085, #8974</td>
</tr>
<tr>
<td>License</td>
<td>MIT</td>
</tr>
<tr>
<td>Doc PR</td>
<td>n/a</td>
</tr>
</table>
Problem occurs while user is impersonated. Authentication process generates new token and doeas not preserve role ```ROLE_PREVIOUS_ADMIN```. Ex. when parameter ```security.always_authenticate_before_granting``` is enabled.
Commits
-------
a7baa3b [Security] Fixed problem with losing ROLE_PREVIOUS_ADMIN role.
* 2.4:
[Security] simplified some unit tests
[Security] made code easier to understand, added some missing unit tests
[DependencyInjection] fixed InlineServiceDefinitionsPass to not inline a service if it's part of the current definition (to avoid an infinite loop)
[DomCrawler] Fixed creating form objects from form nodes.
disabled php.ini changes when using HHVM in .travis.yml
[Process] fixed HHVM support
Add support for HHVM in the getting of the PHP executable
[Security] fixed error 500 instead of 403 if previous exception is provided to AccessDeniedException
* 2.3:
[Security] made code easier to understand, added some missing unit tests
[DependencyInjection] fixed InlineServiceDefinitionsPass to not inline a service if it's part of the current definition (to avoid an infinite loop)
[DomCrawler] Fixed creating form objects from form nodes.
disabled php.ini changes when using HHVM in .travis.yml
[Process] fixed HHVM support
Add support for HHVM in the getting of the PHP executable
[Security] fixed error 500 instead of 403 if previous exception is provided to AccessDeniedException
This PR was merged into the 2.3 branch.
Discussion
----------
[Security] Fix ExceptionListener to catch correctly AccessDeniedException if is not first exception
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #9544, #8467?, #9823
| License | MIT
| Doc PR |
Same as #9823 but with some refactoring of the code and with some unit tests.
When merging to 2.4, the unit tests can be simplified a bit.
Commits
-------
172fd63 [Security] made code easier to understand, added some missing unit tests
616b6c5 [Security] fixed error 500 instead of 403 if previous exception is provided to AccessDeniedException
This PR was merged into the 2.3 branch.
Discussion
----------
[Dependencyinjection] Fixed handling of inlined references in the AnalyzeServiceReferencesPass
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #8299, #9829
| License | MIT
| Doc PR | n/a
Hopefully a better fix for #9829 (ping @jakzal). Unit tests coming soon.
In some cases `InlineServiceDefinitionsPass` replaces a Reference with a service Definition. In such scenarios `AnalyzeServiceReferencesPass` was falling into an infinite loop.
Commits
-------
d650295 [DependencyInjection] fixed InlineServiceDefinitionsPass to not inline a service if it's part of the current definition (to avoid an infinite loop)
This PR was merged into the 2.5-dev branch.
Discussion
----------
[Bridge] [DoctrineExtension] Allow cache drivers that are not an EM's child
| Q | A
| ------------- | ---
| Bug fix? | [no]
| New feature? | [yes]
| BC breaks? | [no]
| Deprecations? | [no]
| Tests pass? | [yes|]
| Fixed tickets | []
| License | MIT
| Doc PR | [https://github.com/doctrine/doctrine2/pull/808, https://github.com/doctrine/DoctrineBundle/pull/224]
Commits
-------
7528e4c Allow cache drivers that are not an EM's child
This PR was merged into the 2.3 branch.
Discussion
----------
[Validator] Fixed IBAN validator with 0750447346 value
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
Commits
-------
cf88ba5 [Validator] Fixed IBAN validator with 0750447346 value
This PR was squashed before being merged into the 2.3 branch (closes#9875).
Discussion
----------
Fixed typo
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | N/A
| License | MIT
| Doc PR | N/A
Commits
-------
660ab38 Fixed typo
* 2.4:
fixed CS
fixed a typo
fixed CS for lambdas
[Yaml] fixed some license headers
Fixes message value for objects
Check for hour, minute & second validity
avoid tables to have apparently long blank line breaks and be too far appart for long nested array params
fixed various typos
[Filesystem] Fixed mirror for symlinks
[Validator] Removed duplicated test for IBAN in data provider
* 2.3:
fixed a typo
fixed CS for lambdas
[Yaml] fixed some license headers
Fixes message value for objects
Check for hour, minute & second validity
fixed various typos
[Filesystem] Fixed mirror for symlinks
[Validator] Removed duplicated test for IBAN in data provider
Conflicts:
src/Symfony/Bundle/FrameworkBundle/Command/ContainerDebugCommand.php
src/Symfony/Component/Console/Application.php
src/Symfony/Component/Debug/Tests/ErrorHandlerTest.php
src/Symfony/Component/Filesystem/Tests/FilesystemTest.php
src/Symfony/Component/HttpKernel/Tests/DependencyInjection/ContainerAwareHttpKernelTest.php
This PR was merged into the 2.5-dev branch.
Discussion
----------
[Finder] Fix finder date constraints and tests
Description:
When you search some files with date constraints, all folders are given, even if they are not in the date scope.
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? |no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #9303
| License | MIT
Commits
-------
4ccafa6 Fix finder date constraints and tests
This PR was merged into the 2.5-dev branch.
Discussion
----------
[Form] added getter to transformer chain
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #9503
| License | MIT
| Doc PR | na
Commits
-------
3565d96 added getter to transformer chain
This PR was merged into the 2.5-dev branch.
Discussion
----------
Added MutableAclProvider::deleteSecurityIdentity
This provides a very simple function to enable the deletion of a SecurityIdentity.
Developers can add a listener on the delete of a user and remove all the related ACLs.
Foreign keys already ensure that the ACEs are properly deleted.
Among the problems of not deleting the SecurityIdentity:
* Inconsistent database, referring to a non-existent user.
* If a user is deleted and another is created with the same name, it will inherit all the old user’s ACEs
Not addressed by this PR: Changing a user’s username breaks the related ACLs. See #5787
See also: https://groups.google.com/forum/#!topic/symfony2/mGTXlTWiMs8/discussion
Commits
-------
bdbbe58 [Security][Acl] Issue #5787 : Added MutableAclProvider::deleteSecurityIdentity
This PR was squashed before being merged into the 2.5-dev branch (closes#8423).
Discussion
----------
Update LocaleTest.php
de_CH locales does not fallback to de
see https://github.com/symfony/symfony/issues/5314
Commits
-------
572126b Update LocaleTest.php
This PR was merged into the 2.3 branch.
Discussion
----------
fixed various typos
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
Commits
-------
2f15ac7 fixed various typos
* 2.4: (44 commits)
[FrameworkBundle] Add missing license headers
Fix parent serialization of user object
[DependencyInjection] fixed typo
added condition to avoid skipping tests on JSON_PRETTY support
add memcache, memcached, and mongodb extensions to run skipped tests
[DependencyInjection] Fixed support for backslashes in service ids.
fix#9356 [Security] Logger should manipulate the user reloaded from provider
[FrameworkBundle] Added extra details in XMLDescriptor to improve container description
fixed CS
Crawler default namespace fix
[BrowserKit] fixes#8311 CookieJar is totally ignorant of RFC 6265 edge cases
[HttpFoundation] fixed constants that do exist in 2.3 (only in 2.4)
fix 5528 let ArrayNode::normalizeValue respect order of value array provided
fix#7243 allow 0 as arraynode name
Fixed issue in BaseDateTimeTransformer when invalid timezone cause Transformation filed exception (closes#9403).
BinaryFileResponse should also return 416 or 200 on some range-requets
fix deprecated usage and clarify constructor defaults for number formatter
Bumping dependency to ProxyManager to allow testing against the new 0.5.x branch changes
Do normalization on tag options
bumped Symfony version to 2.3.9
...
* 2.3: (31 commits)
Fix parent serialization of user object
[DependencyInjection] fixed typo
add memcache, memcached, and mongodb extensions to run skipped tests
[DependencyInjection] Fixed support for backslashes in service ids.
fix#9356 [Security] Logger should manipulate the user reloaded from provider
[BrowserKit] fixes#8311 CookieJar is totally ignorant of RFC 6265 edge cases
[HttpFoundation] fixed constants that do exist in 2.3 (only in 2.4)
fix 5528 let ArrayNode::normalizeValue respect order of value array provided
fix#7243 allow 0 as arraynode name
Fixed issue in BaseDateTimeTransformer when invalid timezone cause Transformation filed exception (closes#9403).
BinaryFileResponse should also return 416 or 200 on some range-requets
Do normalization on tag options
bumped Symfony version to 2.3.9
updated VERSION for 2.3.8
update CONTRIBUTORS for 2.3.8
updated CHANGELOG for 2.3.8
[Filesystem] Changed the mode for a target file in copy() to be write only.
[Console] fixed CS
fixed TableHelper when cell value has new line
Improved and fixed grammar mistakes. Added pluralized messages
...
Conflicts:
src/Symfony/Component/BrowserKit/Cookie.php
src/Symfony/Component/HttpKernel/Kernel.php
src/Symfony/Component/Routing/Matcher/UrlMatcher.php
This PR was merged into the 2.5-dev branch.
Discussion
----------
[Console] hide output of ProgressHelper when isDecorated is false
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #9511
| License | MIT
| Doc PR | n/a
Commits
-------
006cb81 [Console] show no output in ProgressHelper when isDecorated is false (fixes#9511)