summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
| * | | | [Security] Run tests on all PHP versionsv2.7.8Jakub Zalas2015-12-231-9/+0
| | | | | | | | | | | | | | | | | | | | Symfony 2.7 supports PHP >= 5.3.9
* | | | | Merge branch '2.7' into 2.8Nicolas Grekas2015-12-221-0/+9
|\ \ \ \ \ | |/ / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * 2.7: Clean EOL whitespace [travis] Fix [Routing] Reduce memory usage of a high consuming test case use requires annotation skip bcrypt tests on incompatible platforms
| * | | | Merge branch '2.3' into 2.7Nicolas Grekas2015-12-221-0/+9
| |\ \ \ \ | | |/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * 2.3: Clean EOL whitespace [travis] Fix [Routing] Reduce memory usage of a high consuming test case use requires annotation skip bcrypt tests on incompatible platforms Conflicts: .travis.yml
| | * | | use requires annotationv2.3.36Christian Flothmann2015-12-221-13/+9
| | | | |
| | * | | skip bcrypt tests on incompatible platformsChristian Flothmann2015-12-191-0/+13
| | |/ / | | | | | | | | | | | | | | | | | | | | Not all PHP versions before 5.3.7 have backported fixes that make it possible to use `password_hash()` function. Therefore, we have to skip tests on not supported platforms.
* | | | Merge branch '2.7' into 2.8Nicolas Grekas2015-12-223-3/+7
|\ \ \ \ | |/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * 2.7: [SecurityBundle] Removing test insulations for a huge perf win [Validator] Use the new interface in the README [Filesystem] fix tests on 2.3 [Filesystem] Recursivly widen non-executable directories [Form] fix #15544 when a collection type attribute "required" is false, "prototype" should too updated validators.bg.xlf [Security] Enable bcrypt validation and result length tests on all PHP versions [Security] Verify if a password encoded with bcrypt is no longer than 72 characters [Console] Avoid extra blank lines when rendering exceptions [Console][Table] fixed render row with multiple cells. [Yaml] do not remove "comments" in scalar blocks Conflicts: src/Symfony/Component/Console/Application.php src/Symfony/Component/Console/Tests/Fixtures/application_renderexception1.txt src/Symfony/Component/Console/Tests/Fixtures/application_renderexception2.txt src/Symfony/Component/Console/Tests/Fixtures/application_renderexception4.txt src/Symfony/Component/Form/Extension/Core/Type/CollectionType.php src/Symfony/Component/Form/Tests/Extension/Core/Type/CollectionTypeTest.php src/Symfony/Component/Yaml/Tests/ParserTest.php
| * | | Merge branch '2.3' into 2.7Fabien Potencier2015-12-183-3/+7
| |\ \ \ | | |/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * 2.3: [Form] fix #15544 when a collection type attribute "required" is false, "prototype" should too updated validators.bg.xlf [Security] Enable bcrypt validation and result length tests on all PHP versions [Security] Verify if a password encoded with bcrypt is no longer than 72 characters [Console] Avoid extra blank lines when rendering exceptions [Yaml] do not remove "comments" in scalar blocks
| | * | [Security] Enable bcrypt validation and result length tests on all PHP versionsJakub Zalas2015-12-171-6/+0
| | | |
| | * | [Security] Verify if a password encoded with bcrypt is no longer than 72 ↵Jakub Zalas2015-12-173-3/+7
| | | | | | | | | | | | | | | | characters
* | | | Merge branch '2.7' into 2.8Nicolas Grekas2015-12-181-1/+1
|\ \ \ \ | |/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * 2.7: prefer phpunit 5.x on hhvm [FrameworkBundle][HttpKernel] the finder is required to discover bundle commands [travis] Auto-conf deps=high matrix line Fix the logout path when not using the router Fix the logout path when not using the router [Form] cast IDs to match deprecated behaviour of EntityChoiceList [HttpFoundation] Added the ability of mapping stream wrapper protocols when using X-Sendfile [HttpFoundation] Add a test case for using BinaryFileResponse with stream wrappers Conflicts: .travis.yml src/Symfony/Bundle/FrameworkBundle/composer.json
| * | | Fix the logout path when not using the routerChristophe Coevoet2015-12-171-1/+1
| | | | | | | | | | | | | | | | | | | | This needs to use the base url, not the base path, so that it goes through the front controller when not using url rewriting.
* | | | Merge branch '2.7' into 2.8Tobias Schultze2015-12-151-1/+1
|\ \ \ \ | |/ / /
| * | | Merge branch '2.3' into 2.7Tobias Schultze2015-12-151-1/+11
| |\ \ \ | | |/ /
| | * | [Security] backported phpdoc from Guard component.Hugo Hamon2015-12-101-1/+11
| | | |
* | | | Added @return to checkCredentials()Alexander M. Turek2015-12-101-0/+2
| | | |
* | | | [Security] Fix a Polyfill import statement in StringUtilsBaptiste Lafontaine2015-12-081-1/+1
| | | |
* | | | Merge branch '2.7' into 2.8Christophe Coevoet2015-12-051-1/+1
|\ \ \ \ | |/ / / | | | | | | | | | | | | | | | | | | | | * 2.7: [Process] Fix stopping a process on Windows Added a test case for the Logger class. CS: general fixes
| * | | Merge branch '2.3' into 2.7Christophe Coevoet2015-12-052-4/+4
| |\ \ \ | | |/ / | | | | | | | | | | | | | | | | | | | | * 2.3: [Process] Fix stopping a process on Windows Added a test case for the Logger class. CS: general fixes
| | * | CS: general fixesDariusz Ruminski2015-12-012-4/+4
| | | |
| * | | minor #16697 CS: remove impossible default argument value (keradus)Fabien Potencier2015-11-282-2/+2
| |\ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This PR was merged into the 2.7 branch. Discussion ---------- CS: remove impossible default argument value | Q | A | ------------- | --- | Bug fix? | no | New feature? | no | BC breaks? | no | Deprecations? | no | Tests pass? | ? | Fixed tickets | N/A | License | MIT | Doc PR | N/A Commits ------- acef3a3 CS: remove impossible default argument value
| | * | | CS: remove impossible default argument valueDariusz Ruminski2015-11-262-2/+2
| | | | |
* | | | | add subject variable to expression contextv2.8.0Christian Flothmann2015-11-301-0/+1
| | | | |
* | | | | [Bridge/Doctrine+Ldap] Fix testsNicolas Grekas2015-11-292-0/+6
| | | | |
* | | | | feature #16735 [WIP] [Ldap] Marked the Ldap component as internal (csarrazi)Fabien Potencier2015-11-292-2/+2
|\ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This PR was merged into the 2.8 branch. Discussion ---------- [WIP] [Ldap] Marked the Ldap component as internal | Q | A | ------------- | --- | Bug fix? | no | New feature? | no | BC breaks? | yes | Deprecations? | no | Tests pass? | no | Fixed tickets | no | License | MIT | Doc PR | not yet As mentioned earlier, the LDAP component suffers from a few problems, addressed in PR #15994 However, as raised by @Tobion, the component does not yet have tests (they can be added at a later time, though), and is not considered stable yet. Commits ------- 3f89b2c Marked the Ldap component as internal and removed Ldap constants polyfill
| * | | | | Marked the Ldap component as internal and removed Ldap constants polyfillCharles Sarrazin2015-11-282-2/+2
| | | | | |
* | | | | | [SecurityBundle] Fix disabling of RoleHierarchyVoter when passing empty ↵WouterJ2015-11-281-0/+15
| | | | | | | | | | | | | | | | | | | | | | | | hierarchy
* | | | | | [Security][SecurityBundle] Use csrf_token_id instead of deprecated intentionJakub Zalas2015-11-285-7/+39
|/ / / / /
* | | | | [Security] Deprecate "AbstractVoter" in favor of "Voter"Grégoire Pineau2015-11-242-0/+155
| | | | |
* | | | | [Security] Revert changes made between 2.7 and 2.8-betaNicolas Grekas2015-11-243-149/+41
| | | | |
* | | | | removed usage of the deprecated StringUtils::equals() methodFabien Potencier2015-11-232-4/+2
| | | | |
* | | | | Merge branch '2.7' into 2.8Fabien Potencier2015-11-234-4/+70
|\ \ \ \ \ | |/ / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * 2.7: fixed tests migrate session after remember me authentication prevent timing attacks in digest auth listener mitigate CSRF timing attack vulnerability fix potential timing attack issue
| * | | | Merge branch '2.3' into 2.7v2.7.7Fabien Potencier2015-11-234-4/+70
| |\ \ \ \ | | | |/ / | | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | * 2.3: migrate session after remember me authentication prevent timing attacks in digest auth listener mitigate CSRF timing attack vulnerability fix potential timing attack issue
| | * | | security #16631 n/a (xabbuh)v2.3.35Fabien Potencier2015-11-232-0/+71
| | |\ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This PR was merged into the 2.3 branch. Discussion ---------- n/a n/a Commits ------- f88e600 migrate session after remember me authentication
| | | * | | migrate session after remember me authenticationChristian Flothmann2015-11-232-0/+71
| | | | | |
| | * | | | prevent timing attacks in digest auth listenerChristian Flothmann2015-11-231-1/+2
| | | | | |
| | * | | | fix potential timing attack issueChristian Flothmann2015-11-232-27/+4
| | |/ / /
* | | | | Merge branch '2.7' into 2.8Nicolas Grekas2015-11-185-12/+12
|\ \ \ \ \ | |/ / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * 2.7: Fix undefined array $server Fix bug in windows detection [ProxyManager] Tmp fix composer reqs issue in ZF Add missing exclusions from phpunit.xml.dist [Serializer] ObjectNormalizer: don't serialize static methods and props Fix the server variables in the router_*.php files [Validator] Allow an empty path with a non empty fragment or a query The following change adds support for Armenian pluralization. [2.3][Process] fix Proccess run with pts enabled Conflicts: composer.json src/Symfony/Bridge/ProxyManager/composer.json src/Symfony/Component/Security/phpunit.xml.dist
| * | | | Merge branch '2.3' into 2.7Nicolas Grekas2015-11-185-11/+12
| |\ \ \ \ | | |/ / / | | | / / | | |/ / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * 2.3: Fix undefined array $server [ProxyManager] Tmp fix composer reqs issue in ZF Add missing exclusions from phpunit.xml.dist Fix the server variables in the router_*.php files [Validator] Allow an empty path with a non empty fragment or a query The following change adds support for Armenian pluralization. [2.3][Process] fix Proccess run with pts enabled Conflicts: composer.json src/Symfony/Bridge/ProxyManager/composer.json src/Symfony/Bundle/DebugBundle/phpunit.xml.dist src/Symfony/Component/Security/phpunit.xml.dist
| | * | Add missing exclusions from phpunit.xml.distNicolas Grekas2015-11-181-1/+4
| | | |
* | | | Renamed key to secretv2.8.0-BETA1WouterJ2015-11-075-20/+30
| | | |
* | | | [Security\Core] Deprecate passing $salt to ↵Nicolas Grekas2015-11-041-0/+2
| | | | | | | | | | | | | | | | BCryptPasswordEncoder::encodePassword()
* | | | minor #16416 [Security][Guard] Check whether $this->logger is not null on ↵Fabien Potencier2015-11-041-1/+3
|\ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | GuardAuthenticationListener (aeoris, Diego Agulló) This PR was merged into the 2.8 branch. Discussion ---------- [Security][Guard] Check whether $this->logger is not null on GuardAuthenticationListener | Q | A | ------------- | --- | Bug fix? | yes | New feature? | no | BC breaks? | no | Deprecations? | no | Tests pass? | yes | Fixed tickets | #16415 | License | MIT | Doc PR | Commits ------- ebc751d Write the log message on a single line againn 713b99f Check whether $this->logger is not null on GuardAuthenticationListener
| * | | | Write the log message on a single line againnDiego Agulló2015-11-031-4/+1
| | | | |
| * | | | Check whether $this->logger is not null on GuardAuthenticationListenerDiego Agulló2015-11-011-1/+6
| | | | |
* | | | | Merge branch '2.7' into 2.8Nicolas Grekas2015-11-032-4/+2
|\ \ \ \ \ | | |/ / / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * 2.7: [Security][2.7] Clean deps [HttpKernel] Fix time-sensitive test case [travis] Fail early when an invalid composer.json is found Conflicts: src/Symfony/Component/Security/Core/composer.json src/Symfony/Component/Security/composer.json
| * | | | [Security][2.7] Clean depsNicolas Grekas2015-11-032-4/+2
| | | | |
* | | | | [Security] Clean depsNicolas Grekas2015-11-031-4/+0
| | | | |
* | | | | Merge branch '2.7' into 2.8Nicolas Grekas2015-11-031-5/+0
|\ \ \ \ \ | |/ / / / | | | | | | | | | | | | | | | * 2.7: [Security] Fix composer.json
| * | | | [Security] Fix composer.jsonNicolas Grekas2015-11-031-5/+0
| | | | |
* | | | | Merge branch '2.7' into 2.8Fabien Potencier2015-11-022-52/+0
|\ \ \ \ \ | |/ / / / | | / / / | |/ / / |/| | | | | | | | | | | * 2.7: removed @covers annotations in tests removed all @covers annotations [PropertyAccess] Major performance improvement
| * | | removed @covers annotations in testsFabien Potencier2015-11-021-3/+0
| | | |
| * | | Merge branch '2.3' into 2.7Fabien Potencier2015-11-022-49/+0
| |\ \ \ | | |/ / | | | | | | | | | | | | | | | | * 2.3: removed all @covers annotations [PropertyAccess] Major performance improvement
| | * | minor #16414 removed all @covers annotations (fabpot)Fabien Potencier2015-11-022-49/+0
| | |\ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This PR was merged into the 2.3 branch. Discussion ---------- removed all @covers annotations | Q | A | ------------- | --- | Bug fix? | no | New feature? | no | BC breaks? | no | Deprecations? | no | Tests pass? | yes | Fixed tickets | n/a | License | MIT | Doc PR | n/a Some unit tests have a `@covers` PHPUnit annotations. Most of them were added a very long time ago, but since then, we did not use them anymore and the existing ones are not maintained (see #16413). So, I propose to remove them all. Commits ------- 1e0af36 removed all @covers annotations
| | | * | removed all @covers annotationsFabien Potencier2015-11-012-49/+0
| | | | |
* | | | | feature #16395 checkCredentials() force it to be an affirmative yes! ↵Fabien Potencier2015-10-313-3/+45
|\ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | (weaverryan) This PR was squashed before being merged into the 2.8 branch (closes #16395). Discussion ---------- checkCredentials() force it to be an affirmative yes! | Q | A | ------------- | --- | Bug fix? | no | New feature? | no | BC breaks? | no (because 2.8 isn't released) | Deprecations? | no | Tests pass? | yes | Fixed tickets | n/a | License | MIT | Doc PR | n/a This changes `GuardAuthenticatorInterface::checkCredentials()`: you now *must* return true in order for authentication to pass. Before: You could do nothing (i.e. return null) and authentication would pass. You threw an AuthenticationException to cause a failure. New: You *must* return `true` for authentication to pass. If you do nothing, we will throw a `BadCredentialsException` on your behalf. You can still throw your own exception. This was a suggestion at symfony_live to make things more secure. I think it makes sense. Commits ------- 14acadd checkCredentials() force it to be an affirmative yes!
| * | | | | checkCredentials() force it to be an affirmative yes!Ryan Weaver2015-10-313-3/+45
| | | | | |
* | | | | | Merge branch '2.7' into 2.8Fabien Potencier2015-10-305-5/+20
|\ \ \ \ \ \ | |/ / / / / |/| / / / / | |/ / / / | | | | | | | | | | | | | | | | | | | | | | | | | * 2.7: added the new Composer exclude-from-classmap option added the new Composer exclude-from-classmap option fix expected argument type docblock Set back libxml settings after testings. fixed Twig deprecation notices
| * | | | added the new Composer exclude-from-classmap optionFabien Potencier2015-10-304-4/+16
| | | | |
| * | | | Merge branch '2.3' into 2.7Fabien Potencier2015-10-301-1/+4
| |\ \ \ \ | | |/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * 2.3: added the new Composer exclude-from-classmap option fix expected argument type docblock Set back libxml settings after testings. fixed Twig deprecation notices
| | * | | minor #16397 added the new Composer exclude-from-classmap option (annesosensio)Fabien Potencier2015-10-301-1/+4
| | |\ \ \ | | | |_|/ | | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This PR was merged into the 2.3 branch. Discussion ---------- added the new Composer exclude-from-classmap option | Q | A | ------------- | --- | Bug fix? | no | New feature? | no | BC breaks? | no | Deprecations? | no | Tests pass? | yes | Fixed tickets | n/a | License | MIT | Doc PR | n/a Commits ------- 65bef75 added the new Composer exclude-from-classmap option
| | | * | added the new Composer exclude-from-classmap optionAnne-Sophie Bachelard2015-10-301-1/+4
| | | |/
* | | | Add the PHP 7 polyfill for the random_bytes functionPierre du Plessis2015-10-282-0/+2
| | | |
* | | | Merge branch '2.7' into 2.8Fabien Potencier2015-10-271-0/+5
|\ \ \ \ | |/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * 2.7: added missing quotes in YAML files [HttpKernel] Add `@group time-sensitive` on some transient tests [DoctrineBridge] Fix issue which prevent the profiler to explain a query Use mb_detect_encoding with $strict = true don't allow to install the split Security packages bumped Symfony version to 2.3.35 updated VERSION for 2.3.34 update CONTRIBUTORS for 2.3.34 updated CHANGELOG for 2.3.34
| * | | Merge branch '2.3' into 2.7Fabien Potencier2015-10-271-0/+5
| |\ \ \ | | |/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * 2.3: added missing quotes in YAML files [HttpKernel] Add `@group time-sensitive` on some transient tests [DoctrineBridge] Fix issue which prevent the profiler to explain a query Use mb_detect_encoding with $strict = true don't allow to install the split Security packages bumped Symfony version to 2.3.35 updated VERSION for 2.3.34 update CONTRIBUTORS for 2.3.34 updated CHANGELOG for 2.3.34
| | * | bug #16144 [Security] don't allow to install the split Security packages ↵Fabien Potencier2015-10-271-0/+5
| | |\ \ | | | |/ | | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | (xabbuh) This PR was merged into the 2.3 branch. Discussion ---------- [Security] don't allow to install the split Security packages | Q | A | ------------- | --- | Bug fix? | yes | New feature? | no | BC breaks? | no | Deprecations? | no | Tests pass? | yes | Fixed tickets | #16134 | License | MIT | Doc PR | Currently, you would be able to install the Security component fromm Symfony 2.3 together with one of the split packages from a higher Symfony vesion like this: ```json { "require": { "symfony/symfony": "2.3.*", "symfony/security-core": "~2.7" } } ``` However, you will end up with classes being present twice. This must be reverted after merging up in the `2.7` branch. Commits ------- 0d14064 don't allow to install the split Security packages
| | | * don't allow to install the split Security packagesChristian Flothmann2015-10-271-0/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Currently, you would be able to install the Security component fromm Symfony 2.3 together with one of the split packages from a higher Symfony vesion like this: ```json { "require": { "symfony/symfony": "2.3.*", "symfony/security-core": "~2.7" } } ``` However, you will end up with classes being present twice. This must be reverted after merging up in the `2.7` branch.
* | | | Rely on iconv and symfony/polyfill-*Nicolas Grekas2015-10-2811-82/+31
| | | |
* | | | [Routing] deprecate the old url generator reference type valuesTobias Schultze2015-10-181-1/+1
| | | |
* | | | Merge branch '2.7' into 2.8Fabien Potencier2015-10-181-1/+2
|\ \ \ \ | |/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * 2.7: [Routing] use constants in tests [Process] tweaked README [Validator] Allow an empty path in a URL with only a fragment or a query [HttpFoundation] Fix some typo in the Request doc fixed CS Added separated handling of root paths
| * | | Merge branch '2.3' into 2.7v2.7.6Fabien Potencier2015-10-181-1/+2
| |\ \ \ | | |/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | * 2.3: [Routing] use constants in tests [Validator] Allow an empty path in a URL with only a fragment or a query [HttpFoundation] Fix some typo in the Request doc fixed CS Added separated handling of root paths
| | * | [Routing] use constants in testsv2.3.34Tobias Schultze2015-10-181-1/+2
| | | |
* | | | Merge branch '2.7' into 2.8Fabien Potencier2015-10-172-10/+88
|\ \ \ \ | |/ / / | | | | | | | | | | | | | | | | * 2.7: [TwigBundle] Fix Twig cache is not properly warmed [Security] Use SessionAuthenticationStrategy on RememberMe login
| * | | [Security] Use SessionAuthenticationStrategy on RememberMe loginSergey Novikov2015-10-162-10/+88
| | | | | | | | | | | | | | | | Regenerate session ID with default session strategy
| * | | Merge branch '2.3' into 2.7Nicolas Grekas2015-10-122-8/+6
| |\ \ \ | | |/ / | | | | | | | | | | | | | | | | | | | | | | | | * 2.3: [ci] Fix tests requirements Conflicts: src/Symfony/Component/Validator/Tests/Mapping/Cache/LegacyApcCacheTest.php
| | * | [ci] Fix tests requirementsNicolas Grekas2015-10-123-19/+12
| | | |
| * | | Merge branch '2.3' into 2.7Nicolas Grekas2015-10-115-20/+0
| |\ \ \ | | |/ / | | | | | | | | | | | | | | | | * 2.3: [ci] SymfonyTestsListener is now auto-registered adds validation messages missing italian translations
| | * | [ci] SymfonyTestsListener is now auto-registeredNicolas Grekas2015-10-111-4/+0
| | | |
* | | | Added UserLoaderInterface for loading users through Doctrine.Michal Trojanowski2015-10-161-2/+0
| | | |
* | | | [PhpUnit] Auto-register SymfonyTestsListenerNicolas Grekas2015-10-115-20/+0
| | | |
* | | | Merge branch '2.7' into 2.8Nicolas Grekas2015-10-1012-13/+23
|\ \ \ \ | |/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * 2.7: [tests] Use @requires annotation when possible [tests] Use @requires annotation when possible [ci] Enable collecting and replaying skipped tests [Process] Workaround buggy PHP warning [Console] Add additional ways to detect OS400 platform [Yaml] Allow tabs before comments at the end of a line Added more tests for PropertyAccess Conflicts: .travis.yml src/Symfony/Bridge/Doctrine/composer.json src/Symfony/Bridge/Monolog/composer.json src/Symfony/Bridge/ProxyManager/composer.json src/Symfony/Bridge/Swiftmailer/composer.json src/Symfony/Bridge/Twig/composer.json src/Symfony/Bundle/DebugBundle/composer.json src/Symfony/Bundle/FrameworkBundle/composer.json src/Symfony/Bundle/SecurityBundle/composer.json src/Symfony/Bundle/TwigBundle/composer.json src/Symfony/Bundle/WebProfilerBundle/composer.json src/Symfony/Component/Asset/composer.json src/Symfony/Component/BrowserKit/composer.json src/Symfony/Component/ClassLoader/composer.json src/Symfony/Component/Config/composer.json src/Symfony/Component/Console/composer.json src/Symfony/Component/CssSelector/composer.json src/Symfony/Component/Debug/composer.json src/Symfony/Component/DependencyInjection/composer.json src/Symfony/Component/DomCrawler/composer.json src/Symfony/Component/EventDispatcher/composer.json src/Symfony/Component/ExpressionLanguage/composer.json src/Symfony/Component/Filesystem/composer.json src/Symfony/Component/Finder/composer.json src/Symfony/Component/Form/composer.json src/Symfony/Component/HttpFoundation/composer.json src/Symfony/Component/HttpKernel/composer.json src/Symfony/Component/Intl/composer.json src/Symfony/Component/Locale/composer.json src/Symfony/Component/OptionsResolver/composer.json src/Symfony/Component/Process/composer.json src/Symfony/Component/PropertyAccess/composer.json src/Symfony/Component/Routing/composer.json src/Symfony/Component/Security/Acl/composer.json src/Symfony/Component/Security/Core/composer.json src/Symfony/Component/Security/Csrf/composer.json src/Symfony/Component/Security/Http/composer.json src/Symfony/Component/Security/composer.json src/Symfony/Component/Serializer/composer.json src/Symfony/Component/Stopwatch/composer.json src/Symfony/Component/Templating/composer.json src/Symfony/Component/Translation/Tests/Dumper/IcuResFileDumperTest.php src/Symfony/Component/Translation/composer.json src/Symfony/Component/Validator/composer.json src/Symfony/Component/VarDumper/composer.json src/Symfony/Component/Yaml/composer.json
| * | | minor #16186 [2.7][tests] Use @requires annotation when possible ↵Nicolas Grekas2015-10-102-8/+3
| |\ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | (nicolas-grekas) This PR was merged into the 2.7 branch. Discussion ---------- [2.7][tests] Use @requires annotation when possible | Q | A | ------------- | --- | Bug fix? | no | New feature? | no | BC breaks? | no | Deprecations? | no | Tests pass? | yes | Fixed tickets | - | License | MIT | Doc PR | - Commits ------- b028aea [tests] Use @requires annotation when possible
| | * | | [tests] Use @requires annotation when possibleNicolas Grekas2015-10-102-8/+3
| | | | |
| * | | | Merge branch '2.3' into 2.7Nicolas Grekas2015-10-1010-5/+20
| |\ \ \ \ | | |/ / / | |/| / / | | |/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * 2.3: [tests] Use @requires annotation when possible [ci] Enable collecting and replaying skipped tests [Process] Workaround buggy PHP warning [Console] Add additional ways to detect OS400 platform [Yaml] Allow tabs before comments at the end of a line Conflicts: composer.json src/Symfony/Bridge/Doctrine/Tests/Logger/DbalLoggerTest.php src/Symfony/Bridge/Monolog/composer.json src/Symfony/Bridge/Twig/composer.json src/Symfony/Bundle/FrameworkBundle/composer.json src/Symfony/Bundle/SecurityBundle/composer.json src/Symfony/Component/Asset/composer.json src/Symfony/Component/ClassLoader/Tests/LegacyApcUniversalClassLoaderTest.php src/Symfony/Component/Console/composer.json src/Symfony/Component/Debug/composer.json src/Symfony/Component/DomCrawler/composer.json src/Symfony/Component/EventDispatcher/composer.json src/Symfony/Component/HttpFoundation/Tests/Session/Storage/Handler/MongoDbSessionHandlerTest.php src/Symfony/Component/HttpFoundation/Tests/Session/Storage/Handler/PdoSessionHandlerTest.php src/Symfony/Component/HttpFoundation/composer.json src/Symfony/Component/Intl/composer.json src/Symfony/Component/Routing/composer.json src/Symfony/Component/Security/composer.json src/Symfony/Component/Serializer/composer.json src/Symfony/Component/Templating/composer.json src/Symfony/Component/Translation/composer.json src/Symfony/Component/Validator/composer.json
| | * | [ci] Enable collecting and replaying skipped testsNicolas Grekas2015-10-102-1/+4
| | | |
* | | | cs fixNicolas Grekas2015-10-074-4/+4
| | | |
* | | | Deprecate the SecureRandom classPierre du Plessis2015-10-0612-177/+50
| | | |
* | | | Merge branch '2.7' into 2.8Nicolas Grekas2015-10-069-33/+78
|\ \ \ \ | |/ / / | | | | | | | | | | | | | | | | | | | | Conflicts: src/Symfony/Component/Security/Http/Tests/RememberMe/PersistentTokenBasedRememberMeServicesTest.php src/Symfony/Component/Security/Http/Tests/RememberMe/TokenBasedRememberMeServicesTest.php src/Symfony/Component/Security/composer.json
| * | | Merge branch '2.3' into 2.7Nicolas Grekas2015-10-064-26/+5
| |\ \ \ | | |/ / | | | | | | | | | | | | | | | | | | | | Conflicts: src/Symfony/Bundle/FrameworkBundle/DependencyInjection/FrameworkExtension.php src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/FrameworkExtensionTest.php src/Symfony/Component/Security/Tests/Core/SecurityContextTest.php
| | * | minor #16145 [FrameworkBundle] Fix deps=low/high tests (nicolas-grekas)Fabien Potencier2015-10-061-0/+5
| | |\ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This PR was merged into the 2.3 branch. Discussion ---------- [FrameworkBundle] Fix deps=low/high tests | Q | A | ------------- | --- | Bug fix? | no | New feature? | no | BC breaks? | no | Deprecations? | no | Tests pass? | yes | Fixed tickets | - | License | MIT | Doc PR | - Commits ------- 26ca3dc [FrameworkBundle] Fix deps=low/high tests
| | | * | [FrameworkBundle] Fix deps=low/high testsNicolas Grekas2015-10-061-0/+5
| | | | |
| | * | | [2.3][SECURITY] Add remember me cookie configurationKlaas Cuvelier2015-10-064-26/+5
| | |/ /
| | * | [FrameworkBundle] [Security] Remove trans from the security/core in 2.3 & ↵maxime.steinhausser2015-10-062-142/+0
| | |/ | | | | | | | | | dir loading
| * | [Security] sync translations and add a test for itChristian Flothmann2015-10-064-6/+72
| | |
| * | Merge branch '2.3' into 2.7Nicolas Grekas2015-10-061-1/+1
| |\ \ | | |/ | | | | | | | | | | | | | | | Conflicts: src/Symfony/Bundle/FrameworkBundle/DependencyInjection/FrameworkExtension.php src/Symfony/Bundle/SecurityBundle/composer.json src/Symfony/Component/Process/Process.php
| | * [Security\Core] Fix test failure after sebastianbergmann/phpunit#1821Nicolas Grekas2015-10-061-1/+1
| | |
* | | Merge branch '2.7' into 2.8Fabien Potencier2015-10-056-23/+103
|\ \ \ | |/ / | | | | | | | | | | | | | | | | | | | | | | | | * 2.7: [Security][bugfix] "Remember me" cookie cleared on logout with custom "secure"/"httponly" config options [1] [ci] Use current PHP_BINARY when running ./phpunit Fixed typos [UPGRADE-3.0] fix bullet indentation Fix PropertyAccessor modifying array in object when array key does not exist [Security] InMemoryUserProvider now concerns whether user's password is changed when refreshing
| * | Merge branch '2.3' into 2.7Fabien Potencier2015-10-056-23/+103
| |\ \ | | |/ | | | | | | | | | | | | | | | | | | | | | * 2.3: [Security][bugfix] "Remember me" cookie cleared on logout with custom "secure"/"httponly" config options [1] [ci] Use current PHP_BINARY when running ./phpunit Fixed typos [UPGRADE-3.0] fix bullet indentation [Security] InMemoryUserProvider now concerns whether user's password is changed when refreshing
| | * bug #14842 [Security][bugfix] "Remember me" cookie cleared on logout with ↵Fabien Potencier2015-10-054-6/+50
| | |\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | custom "secure"/"httponly" config options [1] (MacDada) This PR was squashed before being merged into the 2.3 branch (closes #14842). Discussion ---------- [Security][bugfix] "Remember me" cookie cleared on logout with custom "secure"/"httponly" config options [1] | Q | A | ------------- | --- | Bug fix? | yes | New feature? | no | BC breaks? | no | Deprecations? | no | Tests pass? | yes | Fixed tickets | #14822 | License | MIT | Doc PR | ~ * test now always pass "secure" and "httponly" options, as they are required * could be considered BC, but [`RememberMeFactory` passes them](https://github.com/symfony/symfony/blob/2.3/src/Symfony/Bundle/SecurityBundle/DependencyInjection/Security/Factory/RememberMeFactory.php#L21), so they should've always been treated as required * I can squash the commits before merging * Alternative solution: #14843 Commits ------- 18b1c6a [Security][bugfix] "Remember me" cookie cleared on logout with custom "secure"/"httponly" config options [1]
| | | * [Security][bugfix] "Remember me" cookie cleared on logout with custom ↵Dawid Nowak2015-10-054-6/+50
| | | | | | | | | | | | | | | | "secure"/"httponly" config options [1]
| | * | bug #13627 [Security] InMemoryUserProvider now concerns whether user's ↵Fabien Potencier2015-10-052-17/+53
| | |\ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | password is changed when refreshing (issei-m) This PR was merged into the 2.3 branch. Discussion ---------- [Security] InMemoryUserProvider now concerns whether user's password is changed when refreshing | Q | A | ------------- | --- | Bug fix? | yes | New feature? | no | BC breaks? | no | Deprecations? | no | Tests pass? | yes | Fixed tickets | - | License | MIT | Doc PR | - When a user has changed own password, I want to logout any sessions which is authenticated by its user except changer itself. [DaoAuthenticationManager::checkAuthentication()](https://github.com/symfony/symfony/blob/2.3/src/Symfony/Component/Security/Core/Authentication/Provider/DaoAuthenticationProvider.php#L59) method seems to concern about it. But, this situation actually never happens because both users that will be passed to this method are always identical in re-authentication. It's because the token refreshes own user via [ContextListener](https://github.com/symfony/symfony/blob/2.3/src/Symfony/Component/Security/Http/Firewall/ContextListener.php#L90) before re-authentication. Commits ------- 729902a [Security] InMemoryUserProvider now concerns whether user's password is changed when refreshing
generated by cgit v1.1 at 2025-05-31 17:31:06 +0000