summaryrefslogtreecommitdiffstats
path: root/Http
Commit message (Collapse)AuthorAgeFilesLines
* Merge branch '2.7' into 2.8Nicolas Grekas2016-09-061-1/+1
|\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | * 2.7: [FrameworkBundle] Check for class existence before is_subclass_of Update GroupSequence.php Code enhancement and cleanup [DI] Add anti-regression test Revert "minor #19689 [DI] Cleanup array_key_exists (ro0NL)" [BrowserKit] Fix cookie expiration on 32 bit systems bumped Symfony version to 2.7.18 updated VERSION for 2.7.17 update CONTRIBUTORS for 2.7.17 updated CHANGELOG for 2.7.17 Update misleading comment about RFC4627
| * Code enhancement and cleanupYonel Ceruto2016-09-061-1/+1
| |
* | Merge branch '2.7' into 2.8v2.8.10Nicolas Grekas2016-08-268-12/+18
|\ \ | |/ | | | | | | | | | | | | | | | | | | | | | | * 2.7: [Validator][GroupSequence] fixed GroupSequence validation ignores PropertyMetadata of parent classes [FrameworkBundle][Security] Remove useless mocks [DoctrineBridge] Enhance exception message in EntityUserProvider added friendly exception when constraint validator does not exist or it is not enabled remove duplicate instruction [FrameworkBundle] Remove TranslatorBagInterface check [FrameworkBundle] Remove duplicated code in RouterDebugCommand [Validator] fixed duplicate constraints with parent class interfaces SecurityBundle:BasicAuthenticationListener: removed a default argument on getting a header value
| * minor #19736 [FrameworkBundle][Security] Remove useless mocks (Ener-Getick)v2.7.17Fabien Potencier2016-08-257-11/+17
| |\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This PR was merged into the 2.7 branch. Discussion ---------- [FrameworkBundle][Security] Remove useless mocks | Q | A | ------------- | --- | Branch? | 2.7 | Bug fix? | no | New feature? | no | BC breaks? | no | Deprecations? | no | Tests pass? | yes | Fixed tickets | | License | MIT | Doc PR | Removes mocks causing issues in https://github.com/symfony/symfony/pull/19734. Commits ------- fcd3345 [FrameworkBundle][Security] Remove useless mocks
| | * [FrameworkBundle][Security] Remove useless mocksEner-Getick2016-08-257-11/+17
| | |
| * | SecurityBundle:BasicAuthenticationListener: removed a default argument on ↵Dawid Nowak2016-08-011-1/+1
| |/ | | | | | | | | | | getting a header value it's unnecessary.
* | Merge branch '2.7' into 2.8v2.8.9Nicolas Grekas2016-07-171-1/+7
|\ \ | |/ | | | | | | | | | | | | | | | | | | * 2.7: [VarDumper] Fix dumping jsons casted as arrays PassConfig::getMergePass is not an array Revert "bug #19114 [HttpKernel] Dont close the reponse stream in debug (nicolas-grekas)" Fix the retrieval of the last username when using forwarding [Yaml] Fix PHPDoc of the Yaml class [HttpFoundation] Add OPTIONS and TRACE to the list of safe methods Update getAbsoluteUri() for query string uris
| * Fix the retrieval of the last username when using forwardingChristophe Coevoet2016-07-111-1/+7
| |
* | [Security] Fix deprecated usage of DigestAuthenticationEntryPoint::getKey() ↵Maxime STEINHAUSSER2016-07-082-1/+80
| | | | | | | | in DigestAuthenticationListener
* | Merge branch '2.7' into 2.8v2.8.8Fabien Potencier2016-06-292-2/+2
|\ \ | |/ | | | | | | | | * 2.7: removed dots at the end of @param and @return fixed typo
| * removed dots at the end of @param and @returnv2.7.15Fabien Potencier2016-06-282-2/+2
| |
* | Merge branch '2.7' into 2.8Fabien Potencier2016-05-092-0/+10
|\ \ | |/ | | | | | | * 2.7: limited the maximum length of a submitted username
| * Merge branch '2.3' into 2.7v2.7.13Fabien Potencier2016-05-092-0/+10
| |\ | | | | | | | | | | | | * 2.3: limited the maximum length of a submitted username
| | * limited the maximum length of a submitted usernamev2.3.42v2.3.41origin/2.3Fabien Potencier2016-05-091-0/+5
| | |
* | | Merge branch '2.7' into 2.8Christian Flothmann2016-04-121-2/+7
|\ \ \ | |/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * 2.7: [Filesystem] Better error handling in remove() [DependencyInjection] Add coverage for invalid Expression in exportParameters [DependencyInjection] Add coverage for all invalid arguments in exportParameters anonymous services are always private [Console] Correct time formatting. [DependencyInjection] Resolve aliases before removing abstract services + add tests Fix Dom Crawler select option with empty value Remove unnecessary option assignment remove unused variable mock the proper method [PropertyAccess] Fix regression
| * | Merge branch '2.3' into 2.7v2.7.12Christian Flothmann2016-04-091-1/+0
| |\ \ | | |/ | | | | | | | | | | | | | | | | | | | | | * 2.3: [DependencyInjection] Resolve aliases before removing abstract services + add tests Fix Dom Crawler select option with empty value Remove unnecessary option assignment remove unused variable [PropertyAccess] Fix regression
| * | mock the proper methodChristian Flothmann2016-04-051-1/+7
| | |
* | | Merge branch '2.7' into 2.8Fabien Potencier2016-04-052-1/+50
|\ \ \ | |/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * 2.7: [HttpFoundation] Improve phpdoc [Logging] Add support for firefox in ChromePhpHandler Windows 10 version check in just one line Detect CLI color support for Windows 10 build 10586 [Security] Fixed SwitchUserListener when exiting an impersonication with AnonymousToken [EventDispatcher] Try first if the event is Stopped [FrameworkBundle] fixes grammar in container:debug command manual. [Form] fix "prototype" not required when parent form is not required
| * | Merge branch '2.3' into 2.7Fabien Potencier2016-04-052-1/+50
| |\ \ | | |/ | | | | | | | | | | | | | | | | | | * 2.3: [HttpFoundation] Improve phpdoc [Logging] Add support for firefox in ChromePhpHandler [Security] Fixed SwitchUserListener when exiting an impersonication with AnonymousToken [Form] fix "prototype" not required when parent form is not required
| | * [Security] Fixed SwitchUserListener when exiting an impersonication with ↵Grégoire Pineau2016-04-041-1/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | AnonymousToken If you configure a firewall with switch user with `role: IS_AUTHENTICATED_ANONYMOUSLY` it's impossible to exit the impersonation because the next line `$this->provider->refreshUser($original->getUser())` will fail. It fails because `RefreshUser` expects an instance of `UserInterface` and here it's a string. Therefore, it does not make sense to refresh an Anonymous Token, right ?
| * | fix mocksv2.7.11Christian Flothmann2016-03-251-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | * check for existance of `setMetadataFactory()` method (this is needed for tests run with deps=high as the method was removed in Symfony 3.0) * fix mock testing the `EngineInterface` as the `stream()` method cannot be mocked when it is does not exist in the mocked interface
| * | Merge branch '2.3' into 2.7Nicolas Grekas2016-03-251-1/+1
| |\ \ | | |/ | | | | | | | | | | | | | | | | | | * 2.3: fix mocks Conflicts: src/Symfony/Component/Security/Http/Tests/Firewall/SwitchUserListenerTest.php
* | | Merge branch '2.7' into 2.8Nicolas Grekas2016-03-071-12/+5
|\ \ \ | |/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * 2.7: [HttpFoundation] Fix transient test [HttpFoundation] Add a dependency on the mbstring polyfill [2.7] update readme files for new components add readme files where missing fix lowest TwigBridge deps versions [EventDispatcher] fix syntax error Don't use reflections when possible Don't use reflections when possible [Form] Update form tests after the ICU data update [Intl] Update tests and the number formatter to match behaviour of the intl extension [Intl] Update the ICU data to version 55 [Intl] Fix the update-data.php script in preparation for ICU 5.5 [Process] Fix memory issue when using large input streams Use constant instead of function call. fixed test name automatically generate safe fallback filename [Console] default to stderr in the console helpers Conflicts: composer.json src/Symfony/Bridge/PhpUnit/README.md src/Symfony/Bridge/Twig/composer.json src/Symfony/Component/Console/Helper/DialogHelper.php src/Symfony/Component/Debug/DebugClassLoader.php src/Symfony/Component/HttpFoundation/composer.json src/Symfony/Component/Security/Acl/README.md src/Symfony/Component/Security/Core/README.md src/Symfony/Component/Security/Csrf/README.md src/Symfony/Component/Security/Http/README.md
| * | [2.7] update readme files for new componentsChristian Flothmann2016-03-071-12/+5
| | |
* | | Merge branch '2.7' into 2.8Nicolas Grekas2016-02-021-0/+9
|\ \ \ | |/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * 2.7: [Console] Add missing `@require` annotation in test Fix merge [appveyor] Fix failure reporting [#17634] move DebugBundle license file backport GlobTest from 2.7 branch Move licenses according to new best practices [FrameworkBundle] Remove unused code in test [2.3] Fixed an undefined variable in Glob::toRegex simplified a test fix container cache key generation [Form] fix option name in changelog [Translation] Add resources from fallback locale [DependencyInjection] enforce tags to have a name [YAML] Refine the return value of Yaml::parse() Conflicts: src/Symfony/Component/DependencyInjection/Tests/Loader/YamlFileLoaderTest.php
| * | Merge branch '2.3' into 2.7Nicolas Grekas2016-02-011-0/+9
| |\ \ | | |/ | | | | | | | | | * 2.3: [appveyor] Fix failure reporting
* | | Merge branch '2.7' into 2.8Fabien Potencier2016-01-271-2/+1
|\ \ \ | |/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * 2.7: Increase the inlining YAML level for config:debug [Serializer] Minor: fix CS and PHPDoc [Form] fix tests [Serializer] Ensure that groups are strings [Debug] Tell that the extension is for PHP 5 only Static code analysis Update AnnotationDirectoryLoader.php added a test Escape the delimiter in Glob::toRegex [FrameworkBundle] Fix template location for PHP templates [FrameworkBundle] Add path verification to the template parsing test cases
| * | Merge branch '2.3' into 2.7Fabien Potencier2016-01-271-2/+1
| |\ \ | | |/ | | | | | | | | | | | | | | | | | | * 2.3: Static code analysis Update AnnotationDirectoryLoader.php [FrameworkBundle] Fix template location for PHP templates [FrameworkBundle] Add path verification to the template parsing test cases
* | | Merge branch '2.7' into 2.8Fabien Potencier2016-01-121-4/+2
|\ \ \ | |/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * 2.7: Typo fix [2.3] Static Code Analysis for Components Added support \IteratorAggregate for UniqueEntityValidator Update AbstractChoiceListTest.php Fix #17306 Paths with % in it are note allowed (like urlencoded) Use proper class to fetch $versionStrategy property Added sort order SORT_STRING for params in UriSigner Remove normalizer cache in Serializer class
| * | Merge branch '2.3' into 2.7Fabien Potencier2016-01-121-4/+2
| |\ \ | | |/ | | | | | | | | | | | | | | | | | | | | | | | | * 2.3: Typo fix [2.3] Static Code Analysis for Components Added support \IteratorAggregate for UniqueEntityValidator Fix #17306 Paths with % in it are note allowed (like urlencoded) Added sort order SORT_STRING for params in UriSigner Remove normalizer cache in Serializer class
| | * [2.3] Static Code Analysis for ComponentsVladimir Reznichenko2016-01-121-4/+2
| | |
* | | Merge branch '2.7' into 2.8Fabien Potencier2016-01-031-1/+1
|\ \ \ | |/ / | | | | | | | | | | | | | | | * 2.7: updated copyright year Update copyright year [2.3] Static Code Analysis for Components
| * | updated copyright yearFabien Potencier2016-01-031-1/+1
| | |
* | | Merge branch '2.7' into 2.8Nicolas Grekas2015-12-181-1/+1
|\ \ \ | |/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * 2.7: prefer phpunit 5.x on hhvm [FrameworkBundle][HttpKernel] the finder is required to discover bundle commands [travis] Auto-conf deps=high matrix line Fix the logout path when not using the router Fix the logout path when not using the router [Form] cast IDs to match deprecated behaviour of EntityChoiceList [HttpFoundation] Added the ability of mapping stream wrapper protocols when using X-Sendfile [HttpFoundation] Add a test case for using BinaryFileResponse with stream wrappers Conflicts: .travis.yml src/Symfony/Bundle/FrameworkBundle/composer.json
| * | Fix the logout path when not using the routerChristophe Coevoet2015-12-171-1/+1
| | | | | | | | | | | | | | | This needs to use the base url, not the base path, so that it goes through the front controller when not using url rewriting.
* | | Merge branch '2.7' into 2.8Tobias Schultze2015-12-151-1/+1
|\ \ \ | |/ /
| * | Merge branch '2.3' into 2.7Tobias Schultze2015-12-151-1/+11
| |\ \ | | |/
| | * [Security] backported phpdoc from Guard component.Hugo Hamon2015-12-101-1/+11
| | |
| * | minor #16697 CS: remove impossible default argument value (keradus)Fabien Potencier2015-11-281-1/+1
| |\ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This PR was merged into the 2.7 branch. Discussion ---------- CS: remove impossible default argument value | Q | A | ------------- | --- | Bug fix? | no | New feature? | no | BC breaks? | no | Deprecations? | no | Tests pass? | ? | Fixed tickets | N/A | License | MIT | Doc PR | N/A Commits ------- acef3a3 CS: remove impossible default argument value
| | * | CS: remove impossible default argument valueDariusz Ruminski2015-11-261-1/+1
| | | |
* | | | [Security][SecurityBundle] Use csrf_token_id instead of deprecated intentionJakub Zalas2015-11-284-7/+37
| | | |
* | | | removed usage of the deprecated StringUtils::equals() methodFabien Potencier2015-11-232-4/+2
| | | |
* | | | Merge branch '2.7' into 2.8Fabien Potencier2015-11-234-4/+70
|\ \ \ \ | |/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | * 2.7: fixed tests migrate session after remember me authentication prevent timing attacks in digest auth listener mitigate CSRF timing attack vulnerability fix potential timing attack issue
| * | | Merge branch '2.3' into 2.7v2.7.7Fabien Potencier2015-11-234-4/+70
| |\ \ \ | | | |/ | | |/| | | | | | | | | | | | | | | | | | | | | * 2.3: migrate session after remember me authentication prevent timing attacks in digest auth listener mitigate CSRF timing attack vulnerability fix potential timing attack issue
| | * | security #16631 n/a (xabbuh)v2.3.35Fabien Potencier2015-11-231-0/+8
| | |\ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This PR was merged into the 2.3 branch. Discussion ---------- n/a n/a Commits ------- f88e600 migrate session after remember me authentication
| | | * | migrate session after remember me authenticationChristian Flothmann2015-11-231-0/+8
| | | | |
| | * | | prevent timing attacks in digest auth listenerChristian Flothmann2015-11-231-1/+2
| | | | |
| | * | | fix potential timing attack issueChristian Flothmann2015-11-232-27/+4
| | |/ /
* | | | Merge branch '2.7' into 2.8Nicolas Grekas2015-11-181-1/+1
|\ \ \ \ | |/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * 2.7: Fix undefined array $server Fix bug in windows detection [ProxyManager] Tmp fix composer reqs issue in ZF Add missing exclusions from phpunit.xml.dist [Serializer] ObjectNormalizer: don't serialize static methods and props Fix the server variables in the router_*.php files [Validator] Allow an empty path with a non empty fragment or a query The following change adds support for Armenian pluralization. [2.3][Process] fix Proccess run with pts enabled Conflicts: composer.json src/Symfony/Bridge/ProxyManager/composer.json src/Symfony/Component/Security/phpunit.xml.dist
| * | | Merge branch '2.3' into 2.7Nicolas Grekas2015-11-181-1/+1
| |\ \ \ | | |/ / | | | / | | |/ | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * 2.3: Fix undefined array $server [ProxyManager] Tmp fix composer reqs issue in ZF Add missing exclusions from phpunit.xml.dist Fix the server variables in the router_*.php files [Validator] Allow an empty path with a non empty fragment or a query The following change adds support for Armenian pluralization. [2.3][Process] fix Proccess run with pts enabled Conflicts: composer.json src/Symfony/Bridge/ProxyManager/composer.json src/Symfony/Bundle/DebugBundle/phpunit.xml.dist src/Symfony/Component/Security/phpunit.xml.dist
* | | Renamed key to secretv2.8.0-BETA1WouterJ2015-11-073-13/+23
| | |
* | | Merge branch '2.7' into 2.8Fabien Potencier2015-10-301-1/+4
|\ \ \ | |/ / | | | | | | | | | | | | | | | | | | | | | * 2.7: added the new Composer exclude-from-classmap option added the new Composer exclude-from-classmap option fix expected argument type docblock Set back libxml settings after testings. fixed Twig deprecation notices
| * | added the new Composer exclude-from-classmap optionFabien Potencier2015-10-301-1/+4
| | |
* | | Rely on iconv and symfony/polyfill-*Nicolas Grekas2015-10-282-4/+4
| | |
* | | [Routing] deprecate the old url generator reference type valuesTobias Schultze2015-10-181-1/+1
| | |
* | | Merge branch '2.7' into 2.8Fabien Potencier2015-10-181-1/+2
|\ \ \ | |/ / | | | | | | | | | | | | | | | | | | | | | | | | * 2.7: [Routing] use constants in tests [Process] tweaked README [Validator] Allow an empty path in a URL with only a fragment or a query [HttpFoundation] Fix some typo in the Request doc fixed CS Added separated handling of root paths
| * | Merge branch '2.3' into 2.7v2.7.6Fabien Potencier2015-10-181-1/+2
| |\ \ | | |/ | | | | | | | | | | | | | | | | | | | | | * 2.3: [Routing] use constants in tests [Validator] Allow an empty path in a URL with only a fragment or a query [HttpFoundation] Fix some typo in the Request doc fixed CS Added separated handling of root paths
* | | Merge branch '2.7' into 2.8Fabien Potencier2015-10-172-10/+88
|\ \ \ | |/ / | | | | | | | | | | | | * 2.7: [TwigBundle] Fix Twig cache is not properly warmed [Security] Use SessionAuthenticationStrategy on RememberMe login
| * | [Security] Use SessionAuthenticationStrategy on RememberMe loginSergey Novikov2015-10-162-10/+88
| | | | | | | | | | | | Regenerate session ID with default session strategy
| * | Merge branch '2.3' into 2.7Nicolas Grekas2015-10-111-4/+0
| |\ \ | | |/ | | | | | | | | | | | | * 2.3: [ci] SymfonyTestsListener is now auto-registered adds validation messages missing italian translations
* | | [PhpUnit] Auto-register SymfonyTestsListenerNicolas Grekas2015-10-111-4/+0
| | |
* | | Merge branch '2.7' into 2.8Nicolas Grekas2015-10-102-1/+4
|\ \ \ | |/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * 2.7: [tests] Use @requires annotation when possible [tests] Use @requires annotation when possible [ci] Enable collecting and replaying skipped tests [Process] Workaround buggy PHP warning [Console] Add additional ways to detect OS400 platform [Yaml] Allow tabs before comments at the end of a line Added more tests for PropertyAccess Conflicts: .travis.yml src/Symfony/Bridge/Doctrine/composer.json src/Symfony/Bridge/Monolog/composer.json src/Symfony/Bridge/ProxyManager/composer.json src/Symfony/Bridge/Swiftmailer/composer.json src/Symfony/Bridge/Twig/composer.json src/Symfony/Bundle/DebugBundle/composer.json src/Symfony/Bundle/FrameworkBundle/composer.json src/Symfony/Bundle/SecurityBundle/composer.json src/Symfony/Bundle/TwigBundle/composer.json src/Symfony/Bundle/WebProfilerBundle/composer.json src/Symfony/Component/Asset/composer.json src/Symfony/Component/BrowserKit/composer.json src/Symfony/Component/ClassLoader/composer.json src/Symfony/Component/Config/composer.json src/Symfony/Component/Console/composer.json src/Symfony/Component/CssSelector/composer.json src/Symfony/Component/Debug/composer.json src/Symfony/Component/DependencyInjection/composer.json src/Symfony/Component/DomCrawler/composer.json src/Symfony/Component/EventDispatcher/composer.json src/Symfony/Component/ExpressionLanguage/composer.json src/Symfony/Component/Filesystem/composer.json src/Symfony/Component/Finder/composer.json src/Symfony/Component/Form/composer.json src/Symfony/Component/HttpFoundation/composer.json src/Symfony/Component/HttpKernel/composer.json src/Symfony/Component/Intl/composer.json src/Symfony/Component/Locale/composer.json src/Symfony/Component/OptionsResolver/composer.json src/Symfony/Component/Process/composer.json src/Symfony/Component/PropertyAccess/composer.json src/Symfony/Component/Routing/composer.json src/Symfony/Component/Security/Acl/composer.json src/Symfony/Component/Security/Core/composer.json src/Symfony/Component/Security/Csrf/composer.json src/Symfony/Component/Security/Http/composer.json src/Symfony/Component/Security/composer.json src/Symfony/Component/Serializer/composer.json src/Symfony/Component/Stopwatch/composer.json src/Symfony/Component/Templating/composer.json src/Symfony/Component/Translation/Tests/Dumper/IcuResFileDumperTest.php src/Symfony/Component/Translation/composer.json src/Symfony/Component/Validator/composer.json src/Symfony/Component/VarDumper/composer.json src/Symfony/Component/Yaml/composer.json
| * | Merge branch '2.3' into 2.7Nicolas Grekas2015-10-102-1/+4
| |\ \ | | |/ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * 2.3: [tests] Use @requires annotation when possible [ci] Enable collecting and replaying skipped tests [Process] Workaround buggy PHP warning [Console] Add additional ways to detect OS400 platform [Yaml] Allow tabs before comments at the end of a line Conflicts: composer.json src/Symfony/Bridge/Doctrine/Tests/Logger/DbalLoggerTest.php src/Symfony/Bridge/Monolog/composer.json src/Symfony/Bridge/Twig/composer.json src/Symfony/Bundle/FrameworkBundle/composer.json src/Symfony/Bundle/SecurityBundle/composer.json src/Symfony/Component/Asset/composer.json src/Symfony/Component/ClassLoader/Tests/LegacyApcUniversalClassLoaderTest.php src/Symfony/Component/Console/composer.json src/Symfony/Component/Debug/composer.json src/Symfony/Component/DomCrawler/composer.json src/Symfony/Component/EventDispatcher/composer.json src/Symfony/Component/HttpFoundation/Tests/Session/Storage/Handler/MongoDbSessionHandlerTest.php src/Symfony/Component/HttpFoundation/Tests/Session/Storage/Handler/PdoSessionHandlerTest.php src/Symfony/Component/HttpFoundation/composer.json src/Symfony/Component/Intl/composer.json src/Symfony/Component/Routing/composer.json src/Symfony/Component/Security/composer.json src/Symfony/Component/Serializer/composer.json src/Symfony/Component/Templating/composer.json src/Symfony/Component/Translation/composer.json src/Symfony/Component/Validator/composer.json
* | | cs fixNicolas Grekas2015-10-071-1/+1
| | |
* | | Deprecate the SecureRandom classPierre du Plessis2015-10-063-10/+13
| | |
* | | Merge branch '2.7' into 2.8Nicolas Grekas2015-10-064-26/+5
|\ \ \ | |/ / | | | | | | | | | | | | | | | Conflicts: src/Symfony/Component/Security/Http/Tests/RememberMe/PersistentTokenBasedRememberMeServicesTest.php src/Symfony/Component/Security/Http/Tests/RememberMe/TokenBasedRememberMeServicesTest.php src/Symfony/Component/Security/composer.json
| * | Merge branch '2.3' into 2.7Nicolas Grekas2015-10-064-26/+5
| |\ \ | | |/ | | | | | | | | | | | | | | | Conflicts: src/Symfony/Bundle/FrameworkBundle/DependencyInjection/FrameworkExtension.php src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/FrameworkExtensionTest.php src/Symfony/Component/Security/Tests/Core/SecurityContextTest.php
| | * [2.3][SECURITY] Add remember me cookie configurationKlaas Cuvelier2015-10-061-2/+5
| | |
* | | Merge branch '2.7' into 2.8Fabien Potencier2015-10-054-6/+50
|\ \ \ | |/ / | | | | | | | | | | | | | | | | | | | | | | | | * 2.7: [Security][bugfix] "Remember me" cookie cleared on logout with custom "secure"/"httponly" config options [1] [ci] Use current PHP_BINARY when running ./phpunit Fixed typos [UPGRADE-3.0] fix bullet indentation Fix PropertyAccessor modifying array in object when array key does not exist [Security] InMemoryUserProvider now concerns whether user's password is changed when refreshing
| * | Merge branch '2.3' into 2.7Fabien Potencier2015-10-054-6/+50
| |\ \ | | |/ | | | | | | | | | | | | | | | | | | | | | * 2.3: [Security][bugfix] "Remember me" cookie cleared on logout with custom "secure"/"httponly" config options [1] [ci] Use current PHP_BINARY when running ./phpunit Fixed typos [UPGRADE-3.0] fix bullet indentation [Security] InMemoryUserProvider now concerns whether user's password is changed when refreshing
| | * bug #14842 [Security][bugfix] "Remember me" cookie cleared on logout with ↵Fabien Potencier2015-10-051-1/+1
| | |\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | custom "secure"/"httponly" config options [1] (MacDada) This PR was squashed before being merged into the 2.3 branch (closes #14842). Discussion ---------- [Security][bugfix] "Remember me" cookie cleared on logout with custom "secure"/"httponly" config options [1] | Q | A | ------------- | --- | Bug fix? | yes | New feature? | no | BC breaks? | no | Deprecations? | no | Tests pass? | yes | Fixed tickets | #14822 | License | MIT | Doc PR | ~ * test now always pass "secure" and "httponly" options, as they are required * could be considered BC, but [`RememberMeFactory` passes them](https://github.com/symfony/symfony/blob/2.3/src/Symfony/Bundle/SecurityBundle/DependencyInjection/Security/Factory/RememberMeFactory.php#L21), so they should've always been treated as required * I can squash the commits before merging * Alternative solution: #14843 Commits ------- 18b1c6a [Security][bugfix] "Remember me" cookie cleared on logout with custom "secure"/"httponly" config options [1]
| | | * [Security][bugfix] "Remember me" cookie cleared on logout with custom ↵Dawid Nowak2015-10-051-1/+1
| | | | | | | | | | | | | | | | "secure"/"httponly" config options [1]
* | | | [Security] made tests work for 2.8 and 3.0Fabien Potencier2015-10-011-14/+9
| | | |
* | | | deprecate finding deep items in request parametersChristian Flothmann2015-09-3010-17/+147
| | | |
* | | | Thanks fabbot!Ryan Weaver2015-09-201-1/+1
| | | |
* | | | Improving phpdoc on AuthenticationEntryPointInterface so people that ↵Ryan Weaver2015-09-201-3/+13
| | | | | | | | | | | | | | | | implement this understand it
* | | | Merge branch '2.7' into 2.8Tobias Schultze2015-09-091-1/+1
|\ \ \ \ | |/ / / | | | | | | | | | | | | Conflicts: src/Symfony/Component/HttpKernel/Kernel.php
| * | | fix leftover changes from previous mergeTobias Schultze2015-09-091-1/+1
| | | |
* | | | [Security\Http] Fix depNicolas Grekas2015-09-071-1/+1
| | | |
* | | | [2.8] CleanupNicolas Grekas2015-09-061-2/+2
| | | |
* | | | Merge branch '2.7' into 2.8Fabien Potencier2015-08-243-3/+4
|\ \ \ \ | |/ / / | | | | | | | | | | | | * 2.7: fixes CS
| * | | fixes CSFabien Potencier2015-08-243-3/+4
| | | |
* | | | Merge branch '2.7' into 2.8Nicolas Grekas2015-07-291-2/+6
|\ \ \ \ | |/ / / | | | | | | | | | | | | | | | | | | | | | | | | * 2.7: [php7] Fix for substr() always returning a string [Security] Do not save the target path in the session for a stateless firewall Fix calls to HttpCache#getSurrogate triggering E_USER_DEPRECATED errors. [DependencyInjection] fixed FrozenParameterBag and improved Parameter…
| * | | Merge branch '2.3' into 2.7v2.7.3Nicolas Grekas2015-07-281-2/+6
| |\ \ \ | | |/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * 2.3: [php7] Fix for substr() always returning a string [Security] Do not save the target path in the session for a stateless firewall [DependencyInjection] fixed FrozenParameterBag and improved Parameter… Conflicts: src/Symfony/Component/Debug/Tests/ErrorHandlerTest.php src/Symfony/Component/Security/Http/Firewall/ExceptionListener.php
| | * | [Security] Do not save the target path in the session for a stateless firewallGrégoire Pineau2015-07-261-2/+6
| | | |
* | | | Merge branch '2.7' into 2.8Fabien Potencier2015-07-261-2/+2
|\ \ \ \ | |/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * 2.7: [Yaml] throw a ParseException on invalid data type [TwigBridge] type-dependent path discovery Resources as string have the same problem Introduce failing test case when a SplFileInfo object is passed to the extract() method in the TwigExtractor. #15331 add infos about deprecated classes to UPGRADE-3.0 [Asset] removed unused private property. [Security] removed useless else condition in SwitchUserListener class. [travis] Tests deps=low with PHP 5.6 [Console] Fix console output with closed stdout
| * | | Merge branch '2.6' into 2.7Fabien Potencier2015-07-261-2/+2
| |\ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * 2.6: [Yaml] throw a ParseException on invalid data type #15331 add infos about deprecated classes to UPGRADE-3.0 [Security] removed useless else condition in SwitchUserListener class. [travis] Tests deps=low with PHP 5.6 [Console] Fix console output with closed stdout
| | * \ \ Merge branch '2.3' into 2.6v2.6.11Fabien Potencier2015-07-261-2/+2
| | |\ \ \ | | | |/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * 2.3: #15331 add infos about deprecated classes to UPGRADE-3.0 [Security] removed useless else condition in SwitchUserListener class. [travis] Tests deps=low with PHP 5.6 [Console] Fix console output with closed stdout
| | | * | [Security] removed useless else condition in SwitchUserListener class.Hugo Hamon2015-07-221-2/+2
| | | | |
* | | | | Merge branch '2.7' into 2.8Nicolas Grekas2015-07-241-4/+3
|\ \ \ \ \ | |/ / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * 2.7: [Twig+FrameworkBundle] Fix forward compat with Form 2.8 [2.6] Static Code Analysis for Components [Security/Http] Fix test relying on a private property [Serializer] Fix bugs reported in https://github.com/symfony/symfony/commit/b5990be49149501bef7bb83a797a1aea2eb5fbe0#commitcomment-12301266 Conflicts: src/Symfony/Bridge/Twig/Resources/views/Form/form_div_layout.html.twig src/Symfony/Bundle/FrameworkBundle/Resources/views/Form/widget_attributes.html.php src/Symfony/Component/Security/Http/Tests/Firewall/AnonymousAuthenticationListenerTest.php
| * | | | Merge branch '2.6' into 2.7Nicolas Grekas2015-07-241-4/+3
| |\ \ \ \ | | |/ / / | | | | | | | | | | | | | | | | | | | | * 2.6: [2.6] Static Code Analysis for Components [Security/Http] Fix test relying on a private property
| | * | | [Security/Http] Fix test relying on a private propertyNicolas Grekas2015-07-221-4/+3
| | | | |
* | | | | [Security] Moved Simple{Form,Pre}AuthenticatorInterfaces to Security\HttpWouterJ2015-07-222-0/+42
| | | | |
* | | | | feature #15141 [DX] [Security] Renamed Token#getKey() to getSecret() (WouterJ)Fabien Potencier2015-07-028-27/+37
|\ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This PR was squashed before being merged into the 2.8 branch (closes #15141). Discussion ---------- [DX] [Security] Renamed Token#getKey() to getSecret() There are 2 very vague parameter names in the authentication process: `$providerKey` and `$key`. Some tokens/providers have the first one, some tokens/providers the second one and some both. An overview: | Token | `providerKey` | `key` | --- | --- | --- | `AnonymousToken` | - | yes | `PreAuth...Token` | yes | - | `RememberMeToken` | yes | yes | `UsernamePasswordToken` | yes | - Both names are extremely general and their PHPdocs contains pure no-shit-sherlock-descriptions :squirrel: (like "The key."). This made me and @iltar think it's just an inconsistency and they have the same meaning. ...until we dived deeper into the code and came to the conclusion that `$key` has a Security task (while `$providerKey` doesn't really). If it takes people connected to Symfony internals 30+ minutes to find this out, it should be considered for an improvement imo. So here is our suggestion: **Rename `$key` to `$secret`**. This explains much better what the value of the string has to be (for instance, it's important that the string is not easily guessable and cannot be found out, according to the Spring docs). It also explains the usage better (it's used as a replacement for credentials and to hash the RememberMeToken). **Tl;dr**: `$key` and `$providerKey` are too general names, let's improve DX by renaming them. This PR tackles `$key` by renaming it to `$secret`. | Q | A | ------------- | --- | Bug fix? | yes | New feature? | no | BC breaks? | no | Deprecations? | yes | Tests pass? | yes | Fixed tickets | - | License | MIT | Doc PR | - *My excuse for the completely unrelated branch name* Commits ------- 24e0eb6 [DX] [Security] Renamed Token#getKey() to getSecret()
| * | | | | [DX] [Security] Renamed Token#getKey() to getSecret()WouterJ2015-07-028-27/+37
| | | | | |
* | | | | | Merge remote-tracking branch 'origin/2.7' into 2.8Abdellatif Ait boudad2015-07-012-1/+60
|\ \ \ \ \ \ | |/ / / / / |/| / / / / | |/ / / / | | | | | | | | | | Conflicts: src/Symfony/Bundle/FrameworkBundle/Command/TranslationDebugCommand.php src/Symfony/Component/DependencyInjection/Tests/Compiler/ResolveDefinitionTemplatesPassTest.php
| * | | | Fix mergeNicolas Grekas2015-07-011-2/+2
| | | | |
| * | | | Merge branch '2.6' into 2.7Nicolas Grekas2015-07-012-1/+60
| |\ \ \ \ | | |/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * 2.6: [2.6] Towards 100% HHVM compat [Security/Http] Fix test [Stopwatch] Fix test Minor fixes Towards 100% HHVM compat unify default AccessDeniedExeption message trigger event with right user (add test) [Security] Initialize SwitchUserEvent::targetUser on attemptExitUser [Form] Fixed: Data mappers always receive forms indexed by their names Conflicts: src/Symfony/Bundle/FrameworkBundle/Controller/Controller.php src/Symfony/Component/VarDumper/Tests/CliDumperTest.php src/Symfony/Component/VarDumper/Tests/HtmlDumperTest.php
| | * | | [Security/Http] Fix testNicolas Grekas2015-06-301-0/+6
| | | | |
| | * | | Merge branch '2.3' into 2.6Nicolas Grekas2015-06-302-1/+54
| | |\ \ \ | | | |/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * 2.3: Minor fixes Towards 100% HHVM compat trigger event with right user (add test) [Security] Initialize SwitchUserEvent::targetUser on attemptExitUser [Form] Fixed: Data mappers always receive forms indexed by their names Conflicts: src/Symfony/Component/Debug/Tests/ErrorHandlerTest.php src/Symfony/Component/Filesystem/Filesystem.php src/Symfony/Component/Process/Tests/AbstractProcessTest.php
generated by cgit v1.1 at 2025-05-12 20:09:05 +0000