Merge branch '2.3' into 2.4

* 2.3: (35 commits)
  [Form] Fix PHPDoc for builder setData methods The underlying data variable is typed as mixed whereas the methods paramers where typed as array.
  fixed CS
  [Intl] Improved bundle reader implementations
  [Console] guarded against invalid aliases
  switch before_script to before_install and script to install
  fixed typo
  [HttpFoundation] Request - URI - comment improvements
  [Security] Added more tests
  remove `service` parameter type from XSD
  [Intl] Added exception handler to command line scripts
  [Intl] Fixed a few bugs in TextBundleWriter
  [Intl] Updated icu.ini up to ICU 53
  [Intl] Removed non-working $fallback argument from ArrayAccessibleResourceBundle
  Use separated function to resolve command and related arguments
  [SwiftmailerBridge] Bump allowed versions of swiftmailer
  [FrameworkBundle] Remove invalid markup
  [Intl] Added "internal" tag to all classes under Symfony\Component\Intl\ResourceBundle
  Remove routes for removed WebProfiler actions
  [Security] Fix usage of unexistent method in DoctrineAclCache.
  backport more error information from 2.6 to 2.3
  ...

Conflicts:
	.travis.yml
	src/Symfony/Component/DependencyInjection/Loader/YamlFileLoader.php
	src/Symfony/Component/DependencyInjection/Tests/Loader/XmlFileLoaderTest.php
	src/Symfony/Component/HttpKernel/Kernel.php
	src/Symfony/Component/Process/PhpExecutableFinder.php

4 files changed, 96 insertions, 5 deletions

diff --git a/Acl/Domain/DoctrineAclCache.php b/Acl/Domain/DoctrineAclCache.php
index 9e14af5..0c69773 100644
--- a/Acl/Domain/DoctrineAclCache.php
+++ b/Acl/Domain/DoctrineAclCache.php
@@ -12,6 +12,7 @@
 namespace Symfony\Component\Security\Acl\Domain;
 
 use Doctrine\Common\Cache\Cache;
+use Doctrine\Common\Cache\CacheProvider;
 use Symfony\Component\Security\Acl\Model\AclCacheInterface;
 use Symfony\Component\Security\Acl\Model\AclInterface;
 use Symfony\Component\Security\Acl\Model\ObjectIdentityInterface;
@@ -55,7 +56,9 @@ class DoctrineAclCache implements AclCacheInterface
      */
     public function clearCache()
     {
-        $this->cache->deleteByPrefix($this->prefix);
+        if ($this->cache instanceof CacheProvider) {
+            $this->cache->deleteAll();
+        }
     }
 
     /**
diff --git a/Core/Tests/Authorization/AccessDecisionManagerTest.php b/Core/Tests/Authorization/AccessDecisionManagerTest.php
index b0557a3..0db50cf 100644
--- a/Core/Tests/Authorization/AccessDecisionManagerTest.php
+++ b/Core/Tests/Authorization/AccessDecisionManagerTest.php
@@ -73,6 +73,48 @@ class AccessDecisionManagerTest extends \PHPUnit_Framework_TestCase
         $this->assertSame($expected, $manager->decide($token, array('ROLE_FOO')));
     }
 
+    /**
+     * @dataProvider getStrategiesWith2RolesTests
+     */
+    public function testStrategiesWith2Roles($token, $strategy, $voter, $expected)
+    {
+        $manager = new AccessDecisionManager(array($voter), $strategy);
+
+        $this->assertSame($expected, $manager->decide($token, array('ROLE_FOO', 'ROLE_BAR')));
+    }
+
+    public function getStrategiesWith2RolesTests()
+    {
+        $token = $this->getMock('Symfony\Component\Security\Core\Authentication\Token\TokenInterface');
+
+        return array(
+            array($token, 'affirmative', $this->getVoter(VoterInterface::ACCESS_DENIED), false),
+            array($token, 'affirmative', $this->getVoter(VoterInterface::ACCESS_GRANTED), true),
+
+            array($token, 'consensus', $this->getVoter(VoterInterface::ACCESS_DENIED), false),
+            array($token, 'consensus', $this->getVoter(VoterInterface::ACCESS_GRANTED), true),
+ 
+            array($token, 'unanimous', $this->getVoterFor2Roles($token, VoterInterface::ACCESS_DENIED, VoterInterface::ACCESS_DENIED), false),
+            array($token, 'unanimous', $this->getVoterFor2Roles($token, VoterInterface::ACCESS_DENIED, VoterInterface::ACCESS_GRANTED), false),
+            array($token, 'unanimous', $this->getVoterFor2Roles($token, VoterInterface::ACCESS_GRANTED, VoterInterface::ACCESS_DENIED), false),
+            array($token, 'unanimous', $this->getVoterFor2Roles($token, VoterInterface::ACCESS_GRANTED, VoterInterface::ACCESS_GRANTED), true),
+        );
+    }
+
+    protected function getVoterFor2Roles($token, $vote1, $vote2)
+    {
+        $voter = $this->getMock('Symfony\Component\Security\Core\Authorization\Voter\VoterInterface');
+        $voter->expects($this->exactly(2))
+              ->method('vote')
+              ->will($this->returnValueMap(array(
+                  array($token, null, array("ROLE_FOO"),$vote1),
+                  array($token, null, array("ROLE_BAR"),$vote2),
+              )))
+        ;
+
+        return $voter;
+    }
+
     public function getStrategyTests()
     {
         return array(
diff --git a/Core/Tests/Util/StringUtilsTest.php b/Core/Tests/Util/StringUtilsTest.php
index 89da98d..e0366a5 100644
--- a/Core/Tests/Util/StringUtilsTest.php
+++ b/Core/Tests/Util/StringUtilsTest.php
@@ -13,11 +13,49 @@ namespace Symfony\Component\Security\Core\Tests\Util;
 
 use Symfony\Component\Security\Core\Util\StringUtils;
 
+/**
+ * Data from PHP.net's hash_equals tests
+ */
 class StringUtilsTest extends \PHPUnit_Framework_TestCase
 {
-    public function testEquals()
+    public function dataProviderTrue()
+    {
+        return array(
+            array('same', 'same'),
+            array('', ''),
+            array(123, 123),
+            array(null, ''),
+            array(null, null),
+        );
+    }
+
+    public function dataProviderFalse()
+    {
+        return array(
+            array('not1same', 'not2same'),
+            array('short', 'longer'),
+            array('longer', 'short'),
+            array('', 'notempty'),
+            array('notempty', ''),
+            array(123, 'NaN'),
+            array('NaN', 123),
+            array(null, 123),
+        );
+    }
+
+    /**
+     * @dataProvider dataProviderTrue
+     */
+    public function testEqualsTrue($known, $user)
+    {
+        $this->assertTrue(StringUtils::equals($known, $user));
+    }
+
+    /**
+     * @dataProvider dataProviderFalse
+     */
+    public function testEqualsFalse($known, $user)
     {
-        $this->assertTrue(StringUtils::equals('password', 'password'));
-        $this->assertFalse(StringUtils::equals('password', 'foo'));
+        $this->assertFalse(StringUtils::equals($known, $user));
     }
 }
diff --git a/Core/Util/StringUtils.php b/Core/Util/StringUtils.php
index 5e13037..acf8e9e 100644
--- a/Core/Util/StringUtils.php
+++ b/Core/Util/StringUtils.php
@@ -27,6 +27,7 @@ class StringUtils
      * Compares two strings.
      *
      * This method implements a constant-time algorithm to compare strings.
+     * Regardless of the used implementation, it will leak length information.
      *
      * @param string $knownString The string of known length to compare against
      * @param string $userInput   The string that the user can control
@@ -35,6 +36,13 @@ class StringUtils
      */
     public static function equals($knownString, $userInput)
     {
+        $knownString = (string) $knownString;
+        $userInput = (string) $userInput;
+
+        if (function_exists('hash_equals')) {
+            return hash_equals($knownString, $userInput);
+        }
+
         $knownLen = strlen($knownString);
         $userLen = strlen($userInput);
 
@@ -45,7 +53,7 @@ class StringUtils
         $result = $knownLen - $userLen;
 
         // Note that we ALWAYS iterate over the user-supplied length
-        // This is to prevent leaking length information
+        // This is to mitigate leaking length information
         for ($i = 0; $i < $userLen; $i++) {
             $result |= (ord($knownString[$i]) ^ ord($userInput[$i]));
         }