summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* [ci] Enable collecting and replaying skipped testsNicolas Grekas2015-10-102-1/+4
|
* minor #16145 [FrameworkBundle] Fix deps=low/high tests (nicolas-grekas)Fabien Potencier2015-10-061-0/+5
|\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This PR was merged into the 2.3 branch. Discussion ---------- [FrameworkBundle] Fix deps=low/high tests | Q | A | ------------- | --- | Bug fix? | no | New feature? | no | BC breaks? | no | Deprecations? | no | Tests pass? | yes | Fixed tickets | - | License | MIT | Doc PR | - Commits ------- 26ca3dc [FrameworkBundle] Fix deps=low/high tests
| * [FrameworkBundle] Fix deps=low/high testsNicolas Grekas2015-10-061-0/+5
| |
* | [2.3][SECURITY] Add remember me cookie configurationKlaas Cuvelier2015-10-064-26/+5
|/
* [FrameworkBundle] [Security] Remove trans from the security/core in 2.3 & ↵maxime.steinhausser2015-10-062-142/+0
| | | | dir loading
* [Security\Core] Fix test failure after sebastianbergmann/phpunit#1821Nicolas Grekas2015-10-061-1/+1
|
* bug #14842 [Security][bugfix] "Remember me" cookie cleared on logout with ↵Fabien Potencier2015-10-054-6/+50
|\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | custom "secure"/"httponly" config options [1] (MacDada) This PR was squashed before being merged into the 2.3 branch (closes #14842). Discussion ---------- [Security][bugfix] "Remember me" cookie cleared on logout with custom "secure"/"httponly" config options [1] | Q | A | ------------- | --- | Bug fix? | yes | New feature? | no | BC breaks? | no | Deprecations? | no | Tests pass? | yes | Fixed tickets | #14822 | License | MIT | Doc PR | ~ * test now always pass "secure" and "httponly" options, as they are required * could be considered BC, but [`RememberMeFactory` passes them](https://github.com/symfony/symfony/blob/2.3/src/Symfony/Bundle/SecurityBundle/DependencyInjection/Security/Factory/RememberMeFactory.php#L21), so they should've always been treated as required * I can squash the commits before merging * Alternative solution: #14843 Commits ------- 18b1c6a [Security][bugfix] "Remember me" cookie cleared on logout with custom "secure"/"httponly" config options [1]
| * [Security][bugfix] "Remember me" cookie cleared on logout with custom ↵Dawid Nowak2015-10-054-6/+50
| | | | | | | | "secure"/"httponly" config options [1]
* | bug #13627 [Security] InMemoryUserProvider now concerns whether user's ↵Fabien Potencier2015-10-052-17/+53
|\ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | password is changed when refreshing (issei-m) This PR was merged into the 2.3 branch. Discussion ---------- [Security] InMemoryUserProvider now concerns whether user's password is changed when refreshing | Q | A | ------------- | --- | Bug fix? | yes | New feature? | no | BC breaks? | no | Deprecations? | no | Tests pass? | yes | Fixed tickets | - | License | MIT | Doc PR | - When a user has changed own password, I want to logout any sessions which is authenticated by its user except changer itself. [DaoAuthenticationManager::checkAuthentication()](https://github.com/symfony/symfony/blob/2.3/src/Symfony/Component/Security/Core/Authentication/Provider/DaoAuthenticationProvider.php#L59) method seems to concern about it. But, this situation actually never happens because both users that will be passed to this method are always identical in re-authentication. It's because the token refreshes own user via [ContextListener](https://github.com/symfony/symfony/blob/2.3/src/Symfony/Component/Security/Http/Firewall/ContextListener.php#L90) before re-authentication. Commits ------- 729902a [Security] InMemoryUserProvider now concerns whether user's password is changed when refreshing
| * | [Security] InMemoryUserProvider now concerns whether user's password is ↵Issei.M2015-08-102-17/+53
| | | | | | | | | | | | changed when refreshing
* | | Fixed incorrect and inconsistent translationslashae2015-09-281-6/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | "Fiş" is a correct translation for "token", however "bilet" is also used, I fixed that inconsistency. Moreover, "kimlik bilgileri" is a better translation for "credentials" than "girdiler". "Girdiler" is the translation of "inputs", so I fixed sentences with "credentials". "Hesap engellenmiş" is better than "Hesap devre dışı bırakılmış" for "Account is disabled.". "Digest nonce has expired" can be translated better as "Derleme zaman aşımına uğradı." because "Derleme zaman aşımı gerçekleşti" has a confirmation sense like user requested it to expire and it has expired. References: token: http://tureng.com/search/token (3rd entry) credentials: http://www2.zargan.com/tr/q/credentials-ceviri-nedir (1st entry) disable: http://tureng.com/search/disable (15th entry)
* | | Use random_bytes function if it is available for random number generationPierre du Plessis2015-09-232-5/+10
| | |
* | | [Security] Add missing docblock in PreAuthenticatedTokenv2.3.33v2.3.32Titouan Galopin2015-08-072-1/+8
|/ /
* | [Security] Do not save the target path in the session for a stateless firewallGrégoire Pineau2015-07-261-2/+6
| |
* | [Security] removed useless else condition in SwitchUserListener class.Hugo Hamon2015-07-221-2/+2
| |
* | [Security] fix check for empty usernamesChristian Flothmann2015-07-224-4/+4
| |
* | trigger event with right user (add test)v2.3.31Christian Flothmann2015-06-281-0/+52
| |
* | [Security] Initialize SwitchUserEvent::targetUser on attemptExitUserRichard van Laak2015-06-281-1/+2
| | | | | | | | | | | | The `SwitchUserEvent` is triggered in case an account is switched. This works okay while switching to the user, but on exit the `SwitchUserEvent` is triggered again with the original User. That User was not initialized by the provider yet. load user by UserInterface instead of username
* | Fix quoting style consistency.ogizanagi2015-06-281-1/+1
| |
* | Standardize the name of the exception variablesJavier Eguiluz2015-06-1522-72/+72
|/
* minor #14474 [2.3] Static Code Analysis for Components (kalessil)Fabien Potencier2015-06-011-1/+1
|\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This PR was merged into the 2.3 branch. Discussion ---------- [2.3] Static Code Analysis for Components | Q | A | ------------- | --- | Bug fix? | no | New feature? | no | BC breaks? | no | Deprecations? | no | Tests pass? | yes | Fixed tickets | n/a | License | MIT | Doc PR | n/a Static Code Analysis with Php Inspections (EA Extended), no functional changes: - resolved possible PHP Fatal in \Symfony\Component\BrowserKit\Cookie::__toString - resolved callable name case mismatches Commits ------- 9eb2b14 Php Inspections (EA Extended): - resolved possible PHP Fatal in \Symfony\Component\BrowserKit\Cookie::__toString -resolved implicit magic methods calls -resolved callable name case mismatches
| * Php Inspections (EA Extended): - resolved possible PHP Fatal in ↵Vladimir Reznichenko2015-05-291-1/+1
| | | | | | | | \Symfony\Component\BrowserKit\Cookie::__toString -resolved implicit magic methods calls -resolved callable name case mismatches
* | [Security][Acl] enforce string identifiersChristian Flothmann2015-05-312-3/+25
|/
* minor #14670 [Security] TokenBasedRememberMeServices test to show why ↵v2.3.30v2.3.29Fabien Potencier2015-05-212-3/+18
|\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | encoding username is required (MacDada) This PR was squashed before being merged into the 2.3 branch (closes #14670). Discussion ---------- [Security] TokenBasedRememberMeServices test to show why encoding username is required | Q | A | ------------- | --- | Bug fix? | no | New feature? | no | BC breaks? | no | Deprecations? | no | Tests pass? | yes | Fixed tickets | #14577 | License | MIT | Doc PR | no 241538d shows that it's not actually tested, 257b796 reimplements it with test. I can remove the POC commit if it's not needed. Commits ------- 63a9736 [Security] TokenBasedRememberMeServices test to show why encoding username is required
| * [Security] TokenBasedRememberMeServices test to show why encoding username ↵Dawid Nowak2015-05-212-3/+18
| | | | | | | | is required
* | bug #14678 [Security] AbstractRememberMeServices::encodeCookie() validates ↵Fabien Potencier2015-05-213-4/+42
|\ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | cookie parts (MacDada) This PR was squashed before being merged into the 2.3 branch (closes #14678). Discussion ---------- [Security] AbstractRememberMeServices::encodeCookie() validates cookie parts | Q | A | ------------- | --- | Bug fix? | no | New feature? | no | BC breaks? | no | Deprecations? | no | Tests pass? | yes | Fixed tickets | #14577 | License | MIT | Doc PR | no `AbstractRememberMeServices::encodeCookie()` guards against `COOKIE_DELIMITER` in `$cookieParts`. * it would make `AbstractRememberMeServices::cookieDecode()` broken * all current extending classes do it anyway (see #14670 ) * added tests – it's not a public method, but it is expected to be used by user implementations – as such, it's good to know that it works properly Commits ------- 464c39a [Security] AbstractRememberMeServices::encodeCookie() validates cookie parts
| * | [Security] AbstractRememberMeServices::encodeCookie() validates cookie partsDawid Nowak2015-05-213-4/+42
| |/
* | Avoid redirection to XHR URIsAlessandro Siragusa2015-05-201-1/+1
|/
* minor #14601 [Security][Translation] fixes #14584 (MatTheCat)Fabien Potencier2015-05-161-6/+6
|\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This PR was merged into the 2.3 branch. Discussion ---------- [Security][Translation] fixes #14584 | Q | A | ------------- | --- | Fixed tickets | #14584 | License | MIT Some french translations are wrong in the security component. As #14587 has been closed here's my fix. Commits ------- 34c780f [Security][Translation] fixes #14584
| * [Security][Translation] fixes #14584MatTheCat2015-05-101-6/+6
| |
* | minor #14121 CS: Pre incrementation/decrementation should be used if ↵Fabien Potencier2015-05-1514-37/+37
|\ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | possible (gharlan) This PR was merged into the 2.3 branch. Discussion ---------- CS: Pre incrementation/decrementation should be used if possible | Q | A | ------------- | --- | Bug fix? | no | New feature? | no | BC breaks? | no | Deprecations? | no | Tests pass? | yes | Fixed tickets | n/a | License | MIT | Doc PR | n/a Fixes provided by new fixer: https://github.com/FriendsOfPHP/PHP-CS-Fixer/pull/1113 If this pr is merged I would change the level of the fixer to `symfony`. Commits ------- c5123d6 CS: Pre incrementation/decrementation should be used if possible
| * | CS: Pre incrementation/decrementation should be used if possibleGregor Harlan2015-04-0714-37/+37
| | |
* | | Fix tests in HHVMDiego Saint Esteben2015-05-111-1/+1
| |/ |/|
* | PhpDoc fix in AbstractRememberMeServicesv2.3.28Dawid Nowak2015-05-071-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | All extending classes return `UserInterface`, not TokenInterface: * https://github.com/symfony/symfony/blob/2.3/src/Symfony/Component/Security/Http/RememberMe/TokenBasedRememberMeServices.php#L64 * https://github.com/symfony/symfony/blob/2.3/src/Symfony/Component/Security/Http/RememberMe/PersistentTokenBasedRememberMeServices.php#L116 And `AbstractRememberMeServices` actually required the return value to be `UserInterface`: $user = $this->processAutoLoginCookie($cookieParts, $request); if (!$user instanceof UserInterface) { throw new \RuntimeException('processAutoLoginCookie() must return a UserInterface implementation.'); }
* | link to https://symfony.com where possibleChristian Flothmann2015-05-012-3/+3
| |
* | Fix Portuguese (Portugal) translation for SecurityRestless-ET2015-04-221-3/+3
| |
* | CS fixesDariusz Ruminski2015-04-161-1/+1
|/
* CS: Use "self" keyword instead of class name if possibleGregor Harlan2015-04-012-2/+2
|
* minor #14090 CS: Unary operators should be placed adjacent to their operands ↵v2.3.27Fabien Potencier2015-03-303-9/+9
|\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | (keradus) This PR was merged into the 2.3 branch. Discussion ---------- CS: Unary operators should be placed adjacent to their operands | Q | A | ------------- | --- | Bug fix? | no | New feature? | no | BC breaks? | no | Deprecations? | no | Tests pass? | ? | Fixed tickets | N/A | License | MIT | Doc PR | N/A Update before upcoming changes on PHP CS Fixer 1.7 To keep fabbot.io happy ;) Commits ------- 2367f4a CS: Unary operators should be placed adjacent to their operands
| * CS: Unary operators should be placed adjacent to their operandsDariusz Ruminski2015-03-273-9/+9
| |
* | minor #14089 CS: Binary operators should be arounded by at least one space ↵Fabien Potencier2015-03-308-27/+27
|\ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | (keradus) This PR was merged into the 2.3 branch. Discussion ---------- CS: Binary operators should be arounded by at least one space | Q | A | ------------- | --- | Bug fix? | no | New feature? | no | BC breaks? | no | Deprecations? | no | Tests pass? | ? | Fixed tickets | N/A | License | MIT | Doc PR | N/A Update before upcoming changes on PHP CS Fixer 1.7 To keep fabbot.io happy ;) Commits ------- ec2cec6 CS: Binary operators should be arounded by at least one space
| * | CS: Binary operators should be arounded by at least one spaceDariusz Ruminski2015-03-278-27/+27
| |/
* | remove useless tests that fail in php 7Tobias Schultze2015-03-271-17/+0
|/
* fixed CSFabien Potencier2015-03-251-6/+7
|
* Change behavior to mirror hash_equals() returning early if there is a length ↵Anthony Ferrara2015-03-251-9/+9
| | | | mismatch
* CS fixingAnthony Ferrara2015-03-251-1/+1
|
* Prevent modifying secrets as much as possibleAnthony Ferrara2015-03-251-9/+13
|
* Update StringUtils.phpScott Arciszewski2015-03-251-1/+8
|
* WhitespaceScott Arciszewski2015-03-251-2/+3
|
* Update StringUtils.phpScott Arciszewski2015-03-251-2/+16
|
* minor #14038 CS: fix some license headers (keradus)Fabien Potencier2015-03-241-6/+6
|\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This PR was merged into the 2.3 branch. Discussion ---------- CS: fix some license headers | Q | A | ------------- | --- | Bug fix? | no | New feature? | no | BC breaks? | no | Deprecations? | no | Tests pass? | ? | Fixed tickets | N/A | License | MIT | Doc PR | N/A Commits ------- 2b74841 CS: fix some license headers
| * CS: fix some license headersDariusz Ruminski2015-03-241-0/+10
| |
* | CS: Ensure there is no code on the same line as the PHP open tag and it is ↵Dariusz Ruminski2015-03-242-0/+2
|/ | | | followed by a blankline
* CS: Convert double quotes to single quotesDariusz Ruminski2015-03-215-9/+9
|
* [2.3] Static Code Analysis for Componentsv2.3.26Vladimir Reznichenko2015-03-121-3/+0
|
* Php Inspections (EA Extended) - static code analysis includes:Vladimir Reznichenko2015-03-072-6/+6
| | | | | | | | Reduce couple count calls in [Yaml] Modernize type casting, fix several strict comparisons Unsets merged Elvis operator usage Short syntax for applied operations
* minor #13862 [2.3] [Config] [Console] [DependencyInjection] [DomCrawler] ↵Fabien Potencier2015-03-074-16/+18
|\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | [Form] [HttpKernel] [PropertyAccess] [Security] [Translation] [Yaml] static code analysis, code cleanup (kalessil) This PR was squashed before being merged into the 2.3 branch (closes #13862). Discussion ---------- [2.3] [Config] [Console] [DependencyInjection] [DomCrawler] [Form] [HttpKernel] [PropertyAccess] [Security] [Translation] [Yaml] static code analysis, code cleanup | Q | A | ------------- | --- | Bug fix? | no | New feature? | no | BC breaks? | no | Deprecations? | no | Tests pass? | yes | Fixed tickets | n/a | License | MIT | Doc PR | n/a Split <a href="https://github.com/symfony/symfony/pull/13813">PR 13813</a>: part 1 - targeting v2.3 Following is included (no functional changes, found with <a href="https://plugins.jetbrains.com/plugin/7622?pr=phpStorm">Php Inspections (EA Extended)</a>): - Fixed couple of concatenation as array index warnings - Unset calls can be merged inspection fixes - array_search in in_array context inspection fixes - Is null usage inspection fixes - Prefixed increment/decrement inspection fixes - Elvis operator can be used inspection fixes - Alias functions usage inspection fixes - Ternary operator simplification inspection fixes - _ _ DIR _ _ equivalent inspection fixes Commits ------- f13b5f7 [2.3] [Config] [Console] [DependencyInjection] [DomCrawler] [Form] [HttpKernel] [PropertyAccess] [Security] [Translation] [Yaml] static code analysis, code cleanup
| * [2.3] [Config] [Console] [DependencyInjection] [DomCrawler] [Form] ↵Vladimir Reznichenko2015-03-074-16/+18
| | | | | | | | [HttpKernel] [PropertyAccess] [Security] [Translation] [Yaml] static code analysis, code cleanup
* | CS fixesDariusz Ruminski2015-03-023-11/+11
|/
* [2.3] require-dev PHPUnit bridgeNicolas Grekas2015-02-242-2/+2
|
* renamed composer.phar to composer to be consistent with the Symfony docsFabien Potencier2015-02-081-1/+1
|
* bug #13466 [Security] Remove ContextListener's onKernelResponse listener as ↵Fabien Potencier2015-02-052-3/+36
|\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | it is used (davedevelopment) This PR was squashed before being merged into the 2.3 branch (closes #13466). Discussion ---------- [Security] Remove ContextListener's onKernelResponse listener as it is used | Q | A | ------------- | --- | Bug fix? | yes | New feature? | no | BC breaks? | no | Deprecations? | no | Tests pass? | yes | Fixed tickets | | License | MIT | Doc PR | The context listeners are specific to a particular firewall, and as such, should not be applied if the current request doesn't match that context listener. To avoid this, the context listener can remove itself from the dispatcher as it is called. This comes in to affect when two or more firewalls are setup and using the same kernel for multiple requests. Assuming there are two firewalls 'site' and 'admin' - Request comes in matching 'site' firewall, 'site' ContextListener adds it's onKernelResponse method to the dispatcher - Succesful auth for 'site' - ContextListener writes token to session - Request comes in matching 'admin' firewall, 'admin' ContextListener can't find anything in the session, so nulls the token in the security context - 'site' ContextListener listens for response, can't find a token in the security context so removes the 'site' token from the session Commits ------- 380d805 [Security] Remove ContextListener's onKernelResponse listener as it is used
| * [Security] Remove ContextListener's onKernelResponse listener as it is usedDave Marshall2015-02-052-3/+36
| |
* | Removed dead code and various cleaningv2.3.25sarah khalil2015-01-215-12/+5
|/
* [Security] Don't destroy the session on buggy php releases.v2.3.24Alexander M. Turek2015-01-072-1/+21
|
* add missing param names to @param annotationChristian Flothmann2015-01-041-1/+1
|
* minor #13206 [2.3] Cleanup deprecations (nicolas-grekas)Fabien Potencier2015-01-0337-323/+1
|\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This PR was merged into the 2.3 branch. Discussion ---------- [2.3] Cleanup deprecations | Q | A | ------------- | --- | Bug fix? | no | New feature? | no | BC breaks? | no | Deprecations? | no | Tests pass? | let's see | Fixed tickets | - | License | MIT | Doc PR | - Commits ------- d649bef [2.3] Remove useless tests skips 1d68ad3 [2.3] Cleanup deprecations
| * [2.3] Remove useless tests skipsNicolas Grekas2015-01-0336-322/+0
| |
| * [2.3] Cleanup deprecationsNicolas Grekas2015-01-031-1/+1
| |
* | minor #13211 [Security] fixed wrong phpdoc (fabpot)Fabien Potencier2015-01-031-2/+4
|\ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This PR was merged into the 2.3 branch. Discussion ---------- [Security] fixed wrong phpdoc | Q | A | ------------- | --- | Bug fix? | no | New feature? | no | BC breaks? | no | Deprecations? | no | Tests pass? | yes | Fixed tickets | #12597 | License | MIT | Doc PR | n/a Commits ------- 064062d [Security] fixed wrong phpdoc
| * | [Security] fixed wrong phpdocFabien Potencier2015-01-031-2/+4
| |/
* | adapted previous commit for 2.3Fabien Potencier2015-01-032-2/+2
| |
* | [Security] Don't send remember cookie for sub requestblanchonvincent2015-01-032-2/+24
|/
* Fixes various phpdoc and coding standards.Hugo Hamon2015-01-021-1/+3
|
* Updated copyright to 2015Saro0h2015-01-011-1/+1
|
* minor #13147 [2.3] for consistency, use value of DIRECTORY_SEPARATOR to ↵Fabien Potencier2014-12-301-1/+1
|\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | detect Windows (xabbuh) This PR was merged into the 2.3 branch. Discussion ---------- [2.3] for consistency, use value of DIRECTORY_SEPARATOR to detect Windows | Q | A | ------------- | --- | Bug fix? | no | New feature? | no | BC breaks? | no | Deprecations? | no | Tests pass? | yes | Fixed tickets | | License | MIT | Doc PR | This commit unifies the detection of Windows builds across the Symfony codebase. Commits ------- 20a427d use value of DIRECTORY_SEPARATOR to detect Windows
| * use value of DIRECTORY_SEPARATOR to detect WindowsChristian Flothmann2014-12-301-1/+1
| | | | | | | | | | This commit unifies the detection of Windows builds across the Symfony codebase.
* | Updated generateSql toolJoshua Thijssen2014-12-301-2/+2
| |
* | Fix phpdoc and coding standardsChristophe Coevoet2014-12-297-7/+3
|/ | | | | | This removes the unused use statements which were not catched by PHP-CS-Fixer because of string occurences. It also fixes some invalid phpdoc (scalar is not recognized as a valid type for instance).
* [2.3] CS And DocBlock FixesGraham Campbell2014-12-2256-150/+155
|
* bug #13048 [Security] Delete old session on auth strategy migrate (xelaris)Fabien Potencier2014-12-202-2/+2
|\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This PR was merged into the 2.3 branch. Discussion ---------- [Security] Delete old session on auth strategy migrate | Q | A | ------------- | --- | Bug fix? | yes | New feature? | no | BC breaks? | no | Deprecations? | no | Tests pass? | yes | Fixed tickets | #13026 | License | MIT | Doc PR | As identified by @austinh in #13026 there are two sessions after authentication, since the previous session is migrated to a new one by ``session_regenerate_id``. This PR ensures the old session is been deleted immediately on migration. I can't see any drawbacks, but if the change would break BC, another approach would be to add a new strategy like ``switch`` to enable instant deletion of the old session. Commits ------- 5dd11e6 [Security] Delete old session on auth strategy migrate
| * [Security] Delete old session on auth strategy migrateAlexander Schwenn2014-12-202-2/+2
| |
* | [Tests] Silenced all deprecations in tests for 2.3sarah khalil2014-12-182-168/+4
|/
* Test components using their lowest possible depsNicolas Grekas2014-12-151-2/+3
|
* Fixed the AuthenticationProviderInterface alignmentGraham Campbell2014-12-091-8/+8
|
* minor #12887 [2.3] CS Fixes: fix phpdoc's alignment (keradus)Fabien Potencier2014-12-071-7/+7
|\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This PR was merged into the 2.3 branch. Discussion ---------- [2.3] CS Fixes: fix phpdoc's alignment | Q | A | ------------- | --- | Bug fix? | no | New feature? | no | BC breaks? | no | Deprecations? | no | Tests pass? | ? | Fixed tickets | N/A | License | MIT | Doc PR | N/A Fix phpdoc's alignment Commits ------- f588610 fix phpdoc's alignment
| * fix phpdoc's alignmentDariusz Rumiński2014-12-071-7/+7
| |
* | Minor phpcs fixesJeroen Thora2014-12-071-1/+1
|/
* CS fixesGraham Campbell2014-12-038-9/+1
|
* PSR-2 fixesv2.3.23Graham Campbell2014-12-027-20/+20
|
* minor #12774 Docblock Fixes (GrahamCampbell)Fabien Potencier2014-11-3037-141/+201
|\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This PR was merged into the 2.3 branch. Discussion ---------- Docblock Fixes | Q | A | ------------- | --- | Bug fix? | no | New feature? | no | BC breaks? | no | Deprecations? | no | Tests pass? | yes | Fixed tickets | N/A | License | MIT | Doc PR | N/A ##### This pull request fixes the docblock alignment as requested in #12760. It was also necessary for me to ensure the `@return` annotations were correctly separated in order to accurately align the `@param` annotations. Commits ------- 443307e Docblock fixes
| * Docblock fixesGraham Campbell2014-11-3037-141/+201
| |
* | Tweaked the password-compat version constraintGraham Campbell2014-11-301-1/+1
|/
* Azerbaijani localev2.3.22Farhad Safarov2014-11-192-0/+142
|
* compare version using PHP_VERSION_IDChristian Flothmann2014-11-172-2/+2
| | | | | | To let opcode caches optimize cached code, the `PHP_VERSION_ID` constant is used to detect the current PHP version instead of calling `version_compare()` with `PHP_VERSION`.
* Add machine readable eventsDaniel Wehner2014-11-161-0/+4
|
* [Translations] Added missing Hebrew language trans-unit sourcesMichael H. Arieli2014-11-122-0/+142
|
* minor #12293 Remove aligned '=>' and '=' (disquedur)Fabien Potencier2014-10-2619-83/+83
|\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This PR was squashed before being merged into the 2.3 branch (closes #12293). Discussion ---------- Remove aligned '=>' and '=' | Q | A | ------------- | --- | Bug fix? | no | New feature? | no | BC breaks? | no | Deprecations? | no | Tests pass? | yes | Fixed tickets | [https://github.com/symfony/symfony/issues/12284] | License | MIT Could you said to me if i should make an other PR for 2.5 branch. Commits ------- 51312d3 Remove aligned '=>' and '='
| * Remove aligned '=>' and '='Disquedur2014-10-2619-83/+83
| |
* | Improved the phpdoc for security token classesChristophe Coevoet2014-10-242-5/+5
|/
generated by cgit v1.1 at 2025-06-03 09:39:30 +0000