symfony

Archived

forked from https://github.com/symfony/symfony

This repository has been archived on 2023-08-20. You can view files and clone it, but cannot push or open issues or pull requests.

Go to file

Robin Chalas 8622c8c95e bug #33799 [Security]: Don't let falsy usernames slip through impersonation (j4nr6n) This PR was merged into the 3.4 branch. Discussion ---------- [Security]: Don't let falsy usernames slip through impersonation \| Q \| A \| ------------- \| --- \| Branch? \| 3.4 \| Bug fix? \| yes \| New feature? \| no \| Deprecations? \| no \| Tickets \| \| License \| MIT \| Doc PR \| When you try to impersonate users with a falsy username, `SwitchUserListener::handle()` would `return;` and impersonation would fail. I'm using a third party OAuth provider that allows users to change their usernames with no guaranteed protection against re-use. To overcome that issue, I implemented `UserLoaderInterface::loadUserByUsername()` and query by a `providerId`. After loading development fixtures, One user has `0` as it's `providerId`. Commits ------- `64aecab0a7` Don't let falsey usernames slip through		2019-10-03 14:19:04 +02:00
.github	[travis] honor .gitattributes when building local packages	2019-09-21 09:26:15 +02:00
src/Symfony	bug #33799 [Security]: Don't let falsy usernames slip through impersonation (j4nr6n)	2019-10-03 14:19:04 +02:00
.appveyor.yml	[travis] install from dist except for selected components	2019-09-20 23:28:55 +02:00
.editorconfig	Update .editorconfig	2018-09-06 16:22:56 +02:00
.gitignore	Run the phpunit-bridge from a PR	2019-08-02 17:46:19 +02:00
.php_cs.dist	Remove superfluous phpdoc tags	2019-08-14 13:59:53 +02:00
.travis.yml	[travis] fix typo	2019-09-23 15:08:55 +02:00
CHANGELOG-3.0.md	Merge branch '2.8' into 3.1	2016-08-05 10:37:39 +02:00
CHANGELOG-3.1.md	updated CHANGELOG for 3.1.9	2017-01-12 12:43:31 -08:00
CHANGELOG-3.2.md	use behavior instead of behaviour	2019-03-25 08:48:46 +01:00
CHANGELOG-3.3.md	use behavior instead of behaviour	2019-03-25 08:48:46 +01:00
CHANGELOG-3.4.md	updated CHANGELOG for 3.4.31	2019-08-26 18:36:15 +02:00
CODE_OF_CONDUCT.md	Added the Code of Conduct file	2018-10-10 03:13:30 -07:00
composer.json	[ProxyManager] remove ProxiedMethodReturnExpression polyfill	2019-08-29 16:54:55 +02:00
CONTRIBUTING.md	Mention the community review guide	2016-12-18 22:02:35 +01:00
CONTRIBUTORS.md	update CONTRIBUTORS for 3.4.31	2019-08-26 18:36:24 +02:00
LICENSE	update year in license files	2019-01-01 14:45:19 +01:00
link	Use the current working dir as default first arg in 'link' binary	2019-05-16 11:52:39 +02:00
phpunit	sync phpunit script with master	2019-09-28 18:12:11 +02:00
phpunit.xml.dist	Merge branch '2.8' into 3.4	2018-11-11 20:48:54 +01:00
README.md	Merge branch '2.8' into 3.4	2018-05-25 16:50:57 +02:00
UPGRADE-3.0.md	Fixed markdown file	2019-08-13 19:39:09 +02:00
UPGRADE-3.1.md	[Serializer] Remove AbstractObjectNormalizer::isAttributeToNormalize	2016-12-08 16:02:32 +01:00
UPGRADE-3.2.md	Merge branch '2.8' into 3.4	2018-02-22 13:28:57 +01:00
UPGRADE-3.3.md	Merge branch '3.3' into 3.4	2017-11-30 15:59:23 +01:00
UPGRADE-3.4.md	Merge branch '2.8' into 3.4	2018-05-31 12:13:22 +02:00
UPGRADE-4.0.md	Fixed invalid VarDumper upgrade doc.	2019-10-03 11:42:21 +02:00

README.md

Symfony is a PHP framework for web applications and a set of reusable PHP components. Symfony is used by thousands of web applications (including BlaBlaCar.com and Spotify.com) and most of the popular PHP projects (including Drupal and Magento).

Installation

Install Symfony with Composer (see requirements details).
Symfony follows the semantic versioning strictly, publishes "Long Term Support" (LTS) versions and has a release process that is predictable and business-friendly.

Documentation

Read the Getting Started guide if you are new to Symfony.
Try the Symfony Demo application to learn Symfony in practice.
Master Symfony with the Guides and Tutorials, the Components docs and the Best Practices reference.

Community

Join the Symfony Community and meet other members at the Symfony events.
Get Symfony support on Stack Overflow, Slack, IRC, etc.
Follow us on GitHub, Twitter and Facebook.
Read our Code of Conduct and meet the CARE Team

Contributing

Symfony is an Open Source, community-driven project with thousands of contributors. Join them contributing code or contributing documentation.

Security Issues

If you discover a security vulnerability within Symfony, please follow our disclosure procedure.

About Us

Symfony development is sponsored by SensioLabs, led by the Symfony Core Team and supported by Symfony contributors.