summaryrefslogtreecommitdiffstats
path: root/Http
Commit message (Collapse)AuthorAgeFilesLines
* Merge branch '2.3' into 2.7v2.7.13Fabien Potencier2016-05-092-0/+10
|\ | | | | | | | | * 2.3: limited the maximum length of a submitted username
| * limited the maximum length of a submitted usernamev2.3.42v2.3.41origin/2.3Fabien Potencier2016-05-091-0/+5
| |
* | Merge branch '2.3' into 2.7v2.7.12Christian Flothmann2016-04-091-1/+0
|\ \ | |/ | | | | | | | | | | | | | | * 2.3: [DependencyInjection] Resolve aliases before removing abstract services + add tests Fix Dom Crawler select option with empty value Remove unnecessary option assignment remove unused variable [PropertyAccess] Fix regression
* | mock the proper methodChristian Flothmann2016-04-051-1/+7
| |
* | Merge branch '2.3' into 2.7Fabien Potencier2016-04-052-1/+50
|\ \ | |/ | | | | | | | | | | | | * 2.3: [HttpFoundation] Improve phpdoc [Logging] Add support for firefox in ChromePhpHandler [Security] Fixed SwitchUserListener when exiting an impersonication with AnonymousToken [Form] fix "prototype" not required when parent form is not required
| * [Security] Fixed SwitchUserListener when exiting an impersonication with ↵Grégoire Pineau2016-04-041-1/+2
| | | | | | | | | | | | | | | | | | | | AnonymousToken If you configure a firewall with switch user with `role: IS_AUTHENTICATED_ANONYMOUSLY` it's impossible to exit the impersonation because the next line `$this->provider->refreshUser($original->getUser())` will fail. It fails because `RefreshUser` expects an instance of `UserInterface` and here it's a string. Therefore, it does not make sense to refresh an Anonymous Token, right ?
* | fix mocksv2.7.11Christian Flothmann2016-03-251-1/+1
| | | | | | | | | | | | | | | | * check for existance of `setMetadataFactory()` method (this is needed for tests run with deps=high as the method was removed in Symfony 3.0) * fix mock testing the `EngineInterface` as the `stream()` method cannot be mocked when it is does not exist in the mocked interface
* | Merge branch '2.3' into 2.7Nicolas Grekas2016-03-251-1/+1
|\ \ | |/ | | | | | | | | | | | | * 2.3: fix mocks Conflicts: src/Symfony/Component/Security/Http/Tests/Firewall/SwitchUserListenerTest.php
* | [2.7] update readme files for new componentsChristian Flothmann2016-03-071-12/+5
| |
* | Merge branch '2.3' into 2.7Nicolas Grekas2016-02-011-0/+9
|\ \ | |/ | | | | | | * 2.3: [appveyor] Fix failure reporting
* | Merge branch '2.3' into 2.7Fabien Potencier2016-01-271-2/+1
|\ \ | |/ | | | | | | | | | | | | * 2.3: Static code analysis Update AnnotationDirectoryLoader.php [FrameworkBundle] Fix template location for PHP templates [FrameworkBundle] Add path verification to the template parsing test cases
* | Merge branch '2.3' into 2.7Fabien Potencier2016-01-121-4/+2
|\ \ | |/ | | | | | | | | | | | | | | | | * 2.3: Typo fix [2.3] Static Code Analysis for Components Added support \IteratorAggregate for UniqueEntityValidator Fix #17306 Paths with % in it are note allowed (like urlencoded) Added sort order SORT_STRING for params in UriSigner Remove normalizer cache in Serializer class
| * [2.3] Static Code Analysis for ComponentsVladimir Reznichenko2016-01-121-4/+2
| |
* | updated copyright yearFabien Potencier2016-01-031-1/+1
| |
* | Fix the logout path when not using the routerChristophe Coevoet2015-12-171-1/+1
| | | | | | | | | | This needs to use the base url, not the base path, so that it goes through the front controller when not using url rewriting.
* | Merge branch '2.3' into 2.7Tobias Schultze2015-12-151-1/+11
|\ \ | |/
| * [Security] backported phpdoc from Guard component.Hugo Hamon2015-12-101-1/+11
| |
* | minor #16697 CS: remove impossible default argument value (keradus)Fabien Potencier2015-11-281-1/+1
|\ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This PR was merged into the 2.7 branch. Discussion ---------- CS: remove impossible default argument value | Q | A | ------------- | --- | Bug fix? | no | New feature? | no | BC breaks? | no | Deprecations? | no | Tests pass? | ? | Fixed tickets | N/A | License | MIT | Doc PR | N/A Commits ------- acef3a3 CS: remove impossible default argument value
| * | CS: remove impossible default argument valueDariusz Ruminski2015-11-261-1/+1
| | |
* | | Merge branch '2.3' into 2.7v2.7.7Fabien Potencier2015-11-234-4/+70
|\ \ \ | | |/ | |/| | | | | | | | | | | | | | | | * 2.3: migrate session after remember me authentication prevent timing attacks in digest auth listener mitigate CSRF timing attack vulnerability fix potential timing attack issue
| * | security #16631 n/a (xabbuh)v2.3.35Fabien Potencier2015-11-231-0/+8
| |\ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This PR was merged into the 2.3 branch. Discussion ---------- n/a n/a Commits ------- f88e600 migrate session after remember me authentication
| | * | migrate session after remember me authenticationChristian Flothmann2015-11-231-0/+8
| | | |
| * | | prevent timing attacks in digest auth listenerChristian Flothmann2015-11-231-1/+2
| | | |
| * | | fix potential timing attack issueChristian Flothmann2015-11-232-27/+4
| |/ /
* | | Merge branch '2.3' into 2.7Nicolas Grekas2015-11-181-1/+1
|\ \ \ | |/ / | | / | |/ |/| | | | | | | | | | | | | | | | | | | | | | | | | * 2.3: Fix undefined array $server [ProxyManager] Tmp fix composer reqs issue in ZF Add missing exclusions from phpunit.xml.dist Fix the server variables in the router_*.php files [Validator] Allow an empty path with a non empty fragment or a query The following change adds support for Armenian pluralization. [2.3][Process] fix Proccess run with pts enabled Conflicts: composer.json src/Symfony/Bridge/ProxyManager/composer.json src/Symfony/Bundle/DebugBundle/phpunit.xml.dist src/Symfony/Component/Security/phpunit.xml.dist
* | added the new Composer exclude-from-classmap optionFabien Potencier2015-10-301-1/+4
| |
* | Merge branch '2.3' into 2.7v2.7.6Fabien Potencier2015-10-181-1/+2
|\ \ | |/ | | | | | | | | | | | | | | * 2.3: [Routing] use constants in tests [Validator] Allow an empty path in a URL with only a fragment or a query [HttpFoundation] Fix some typo in the Request doc fixed CS Added separated handling of root paths
* | [Security] Use SessionAuthenticationStrategy on RememberMe loginSergey Novikov2015-10-162-10/+88
| | | | | | | | Regenerate session ID with default session strategy
* | Merge branch '2.3' into 2.7Nicolas Grekas2015-10-111-4/+0
|\ \ | |/ | | | | | | | | * 2.3: [ci] SymfonyTestsListener is now auto-registered adds validation messages missing italian translations
* | Merge branch '2.3' into 2.7Nicolas Grekas2015-10-102-1/+4
|\ \ | |/ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * 2.3: [tests] Use @requires annotation when possible [ci] Enable collecting and replaying skipped tests [Process] Workaround buggy PHP warning [Console] Add additional ways to detect OS400 platform [Yaml] Allow tabs before comments at the end of a line Conflicts: composer.json src/Symfony/Bridge/Doctrine/Tests/Logger/DbalLoggerTest.php src/Symfony/Bridge/Monolog/composer.json src/Symfony/Bridge/Twig/composer.json src/Symfony/Bundle/FrameworkBundle/composer.json src/Symfony/Bundle/SecurityBundle/composer.json src/Symfony/Component/Asset/composer.json src/Symfony/Component/ClassLoader/Tests/LegacyApcUniversalClassLoaderTest.php src/Symfony/Component/Console/composer.json src/Symfony/Component/Debug/composer.json src/Symfony/Component/DomCrawler/composer.json src/Symfony/Component/EventDispatcher/composer.json src/Symfony/Component/HttpFoundation/Tests/Session/Storage/Handler/MongoDbSessionHandlerTest.php src/Symfony/Component/HttpFoundation/Tests/Session/Storage/Handler/PdoSessionHandlerTest.php src/Symfony/Component/HttpFoundation/composer.json src/Symfony/Component/Intl/composer.json src/Symfony/Component/Routing/composer.json src/Symfony/Component/Security/composer.json src/Symfony/Component/Serializer/composer.json src/Symfony/Component/Templating/composer.json src/Symfony/Component/Translation/composer.json src/Symfony/Component/Validator/composer.json
* | Merge branch '2.3' into 2.7Nicolas Grekas2015-10-064-26/+5
|\ \ | |/ | | | | | | | | | | Conflicts: src/Symfony/Bundle/FrameworkBundle/DependencyInjection/FrameworkExtension.php src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/FrameworkExtensionTest.php src/Symfony/Component/Security/Tests/Core/SecurityContextTest.php
| * [2.3][SECURITY] Add remember me cookie configurationKlaas Cuvelier2015-10-061-2/+5
| |
* | Merge branch '2.3' into 2.7Fabien Potencier2015-10-054-6/+50
|\ \ | |/ | | | | | | | | | | | | | | * 2.3: [Security][bugfix] "Remember me" cookie cleared on logout with custom "secure"/"httponly" config options [1] [ci] Use current PHP_BINARY when running ./phpunit Fixed typos [UPGRADE-3.0] fix bullet indentation [Security] InMemoryUserProvider now concerns whether user's password is changed when refreshing
| * bug #14842 [Security][bugfix] "Remember me" cookie cleared on logout with ↵Fabien Potencier2015-10-051-1/+1
| |\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | custom "secure"/"httponly" config options [1] (MacDada) This PR was squashed before being merged into the 2.3 branch (closes #14842). Discussion ---------- [Security][bugfix] "Remember me" cookie cleared on logout with custom "secure"/"httponly" config options [1] | Q | A | ------------- | --- | Bug fix? | yes | New feature? | no | BC breaks? | no | Deprecations? | no | Tests pass? | yes | Fixed tickets | #14822 | License | MIT | Doc PR | ~ * test now always pass "secure" and "httponly" options, as they are required * could be considered BC, but [`RememberMeFactory` passes them](https://github.com/symfony/symfony/blob/2.3/src/Symfony/Bundle/SecurityBundle/DependencyInjection/Security/Factory/RememberMeFactory.php#L21), so they should've always been treated as required * I can squash the commits before merging * Alternative solution: #14843 Commits ------- 18b1c6a [Security][bugfix] "Remember me" cookie cleared on logout with custom "secure"/"httponly" config options [1]
| | * [Security][bugfix] "Remember me" cookie cleared on logout with custom ↵Dawid Nowak2015-10-051-1/+1
| | | | | | | | | | | | "secure"/"httponly" config options [1]
* | | fix leftover changes from previous mergeTobias Schultze2015-09-091-1/+1
| | |
* | | fixes CSFabien Potencier2015-08-243-3/+4
| | |
* | | Merge branch '2.3' into 2.7v2.7.3Nicolas Grekas2015-07-281-2/+6
|\ \ \ | |/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | * 2.3: [php7] Fix for substr() always returning a string [Security] Do not save the target path in the session for a stateless firewall [DependencyInjection] fixed FrozenParameterBag and improved Parameter… Conflicts: src/Symfony/Component/Debug/Tests/ErrorHandlerTest.php src/Symfony/Component/Security/Http/Firewall/ExceptionListener.php
| * | [Security] Do not save the target path in the session for a stateless firewallGrégoire Pineau2015-07-261-2/+6
| | |
* | | Merge branch '2.6' into 2.7Fabien Potencier2015-07-261-2/+2
|\ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * 2.6: [Yaml] throw a ParseException on invalid data type #15331 add infos about deprecated classes to UPGRADE-3.0 [Security] removed useless else condition in SwitchUserListener class. [travis] Tests deps=low with PHP 5.6 [Console] Fix console output with closed stdout
| * \ \ Merge branch '2.3' into 2.6v2.6.11Fabien Potencier2015-07-261-2/+2
| |\ \ \ | | |/ / | | | | | | | | | | | | | | | | | | | | | | | | * 2.3: #15331 add infos about deprecated classes to UPGRADE-3.0 [Security] removed useless else condition in SwitchUserListener class. [travis] Tests deps=low with PHP 5.6 [Console] Fix console output with closed stdout
| | * | [Security] removed useless else condition in SwitchUserListener class.Hugo Hamon2015-07-221-2/+2
| | | |
* | | | Merge branch '2.6' into 2.7Nicolas Grekas2015-07-241-4/+3
|\ \ \ \ | |/ / / | | | | | | | | | | | | | | | | * 2.6: [2.6] Static Code Analysis for Components [Security/Http] Fix test relying on a private property
| * | | [Security/Http] Fix test relying on a private propertyNicolas Grekas2015-07-221-4/+3
| | | |
* | | | Fix mergeNicolas Grekas2015-07-011-2/+2
| | | |
* | | | Merge branch '2.6' into 2.7Nicolas Grekas2015-07-012-1/+60
|\ \ \ \ | |/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * 2.6: [2.6] Towards 100% HHVM compat [Security/Http] Fix test [Stopwatch] Fix test Minor fixes Towards 100% HHVM compat unify default AccessDeniedExeption message trigger event with right user (add test) [Security] Initialize SwitchUserEvent::targetUser on attemptExitUser [Form] Fixed: Data mappers always receive forms indexed by their names Conflicts: src/Symfony/Bundle/FrameworkBundle/Controller/Controller.php src/Symfony/Component/VarDumper/Tests/CliDumperTest.php src/Symfony/Component/VarDumper/Tests/HtmlDumperTest.php
| * | | [Security/Http] Fix testNicolas Grekas2015-06-301-0/+6
| | | |
| * | | Merge branch '2.3' into 2.6Nicolas Grekas2015-06-302-1/+54
| |\ \ \ | | |/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * 2.3: Minor fixes Towards 100% HHVM compat trigger event with right user (add test) [Security] Initialize SwitchUserEvent::targetUser on attemptExitUser [Form] Fixed: Data mappers always receive forms indexed by their names Conflicts: src/Symfony/Component/Debug/Tests/ErrorHandlerTest.php src/Symfony/Component/Filesystem/Filesystem.php src/Symfony/Component/Process/Tests/AbstractProcessTest.php
| | * | [Security] Initialize SwitchUserEvent::targetUser on attemptExitUserRichard van Laak2015-06-281-1/+2
| | | | | | | | | | | | | | | | | | | | | | | | The `SwitchUserEvent` is triggered in case an account is switched. This works okay while switching to the user, but on exit the `SwitchUserEvent` is triggered again with the original User. That User was not initialized by the provider yet. load user by UserInterface instead of username
| * | | Merge branch '2.3' into 2.6Fabien Potencier2015-06-281-1/+1
| |\ \ \ | | |/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * 2.3: Fix quoting style consistency. [DependencyInjection] Fail when dumping a Definition with no class nor factory Normalizing recursively - see #9096 No change - the normalizeParams is a copy-and-paste of the earlier logic fixes issue with logging array of non-utf8 data fix validation for Maestro UK card numbers
| | * | Fix quoting style consistency.ogizanagi2015-06-281-1/+1
| | | |
| * | | Fix mergeNicolas Grekas2015-06-181-1/+1
| | | |
* | | | Fix mergeNicolas Grekas2015-06-181-1/+1
| | | |
* | | | Merge branch '2.6' into 2.7Nicolas Grekas2015-06-188-24/+24
|\ \ \ \ | |/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * 2.6: Add test for HHVM FatalErrors [2.6][Debug] Fix fatal-errors handling on HHVM [2.3][Debug] Fix fatal-errors handling on HHVM Standardize the name of the exception variables [2.3] Static Code Analysis for Components Remove duplicated paths Conflicts: src/Symfony/Component/Debug/ErrorHandler.php src/Symfony/Component/Security/Http/Firewall/BasicAuthenticationListener.php src/Symfony/Component/Security/Http/Firewall/ContextListener.php src/Symfony/Component/Security/Http/Firewall/RememberMeListener.php src/Symfony/Component/Security/Http/RememberMe/AbstractRememberMeServices.php
| * | | Merge branch '2.3' into 2.6Nicolas Grekas2015-06-188-24/+24
| |\ \ \ | | |/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * 2.3: [2.3][Debug] Fix fatal-errors handling on HHVM Standardize the name of the exception variables [2.3] Static Code Analysis for Components Remove duplicated paths Conflicts: src/Symfony/Component/Debug/ErrorHandler.php src/Symfony/Component/HttpFoundation/Session/Storage/MockArraySessionStorage.php src/Symfony/Component/Security/Acl/Dbal/AclProvider.php src/Symfony/Component/Security/Core/Authentication/Provider/UserAuthenticationProvider.php
| | * | Standardize the name of the exception variablesJavier Eguiluz2015-06-157-23/+23
| | |/
* | | Added a small Upgrade note regarding security.contextIltar van der Berg2015-06-153-8/+4
| | |
* | | Change error message to reflect SecurityContext deprecation.Nicholas Byfleet2015-06-051-1/+1
| | |
* | | Merge branch '2.6' into 2.7v2.7.0Fabien Potencier2015-05-225-8/+61
|\ \ \ | |/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * 2.6: (30 commits) [Translation] fixed JSON loader on PHP 7 when file is empty Fix typo Check instance of FormBuilderInterface instead of FormBuilder [Security] TokenBasedRememberMeServices test to show why encoding username is required [Security] AbstractRememberMeServices::encodeCookie() validates cookie parts fixed typo [console][formater] allow format toString object. [HttpFoundation] Fix baseUrl when script filename is contained in pathInfo Avoid redirection to XHR URIs [HttpFoundation] IpUtils::checkIp4() should allow networks [2.6] Fix HTML escaping of to-source links Fix HTML escaping of to-source links ExceptionHandler: More Encoding Fix the rendering of deprecation log messages [FrameworkBundle] Removed unnecessary parameter in TemplateController [DomCrawler] Throw an exception if a form field path is incomplete. Fixed the indentation in the compiled template for the DumpNode [Console] Delete duplicate test in CommandTest [TwigBundle] Refresh twig paths when resources change. WebProfiler break words ... Conflicts: src/Symfony/Bridge/Twig/composer.json src/Symfony/Bundle/WebProfilerBundle/Resources/views/Collector/logger.html.twig src/Symfony/Component/Debug/ExceptionHandler.php
| * | Merge branch '2.3' into 2.6v2.6.9v2.6.8Fabien Potencier2015-05-225-8/+61
| |\ \ | | |/ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * 2.3: Fix typo Check instance of FormBuilderInterface instead of FormBuilder [Security] TokenBasedRememberMeServices test to show why encoding username is required [Security] AbstractRememberMeServices::encodeCookie() validates cookie parts [console][formater] allow format toString object. [HttpFoundation] Fix baseUrl when script filename is contained in pathInfo Avoid redirection to XHR URIs [HttpFoundation] IpUtils::checkIp4() should allow networks Fix HTML escaping of to-source links [FrameworkBundle] Removed unnecessary parameter in TemplateController [DomCrawler] Throw an exception if a form field path is incomplete. [Console] Delete duplicate test in CommandTest [TwigBundle] Refresh twig paths when resources change. WebProfiler break words fixed typo Update README.md [HttpKernel] Handle an array vary header in the http cache store [Security][Translation] fixes #14584 [Framework] added test for Router commands. Handled bearer authorization header in REDIRECT_ form Conflicts: src/Symfony/Component/Debug/ExceptionHandler.php
| | * minor #14670 [Security] TokenBasedRememberMeServices test to show why ↵v2.3.30v2.3.29Fabien Potencier2015-05-211-0/+2
| | |\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | encoding username is required (MacDada) This PR was squashed before being merged into the 2.3 branch (closes #14670). Discussion ---------- [Security] TokenBasedRememberMeServices test to show why encoding username is required | Q | A | ------------- | --- | Bug fix? | no | New feature? | no | BC breaks? | no | Deprecations? | no | Tests pass? | yes | Fixed tickets | #14577 | License | MIT | Doc PR | no 241538d shows that it's not actually tested, 257b796 reimplements it with test. I can remove the POC commit if it's not needed. Commits ------- 63a9736 [Security] TokenBasedRememberMeServices test to show why encoding username is required
| | | * [Security] TokenBasedRememberMeServices test to show why encoding username ↵Dawid Nowak2015-05-211-0/+2
| | | | | | | | | | | | | | | | is required
| | * | bug #14678 [Security] AbstractRememberMeServices::encodeCookie() validates ↵Fabien Potencier2015-05-212-4/+8
| | |\ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | cookie parts (MacDada) This PR was squashed before being merged into the 2.3 branch (closes #14678). Discussion ---------- [Security] AbstractRememberMeServices::encodeCookie() validates cookie parts | Q | A | ------------- | --- | Bug fix? | no | New feature? | no | BC breaks? | no | Deprecations? | no | Tests pass? | yes | Fixed tickets | #14577 | License | MIT | Doc PR | no `AbstractRememberMeServices::encodeCookie()` guards against `COOKIE_DELIMITER` in `$cookieParts`. * it would make `AbstractRememberMeServices::cookieDecode()` broken * all current extending classes do it anyway (see #14670 ) * added tests – it's not a public method, but it is expected to be used by user implementations – as such, it's good to know that it works properly Commits ------- 464c39a [Security] AbstractRememberMeServices::encodeCookie() validates cookie parts
| | | * | [Security] AbstractRememberMeServices::encodeCookie() validates cookie partsDawid Nowak2015-05-212-4/+8
| | | |/
| | * | Avoid redirection to XHR URIsAlessandro Siragusa2015-05-201-1/+1
| | |/
* | | minor #14581 [Security] Removed unnecessary statement (MacDada)Fabien Potencier2015-05-151-1/+0
|\ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This PR was merged into the 2.7 branch. Discussion ---------- [Security] Removed unnecessary statement | Q | A | ------------- | --- | Bug fix? | no | New feature? | no | BC breaks? | no | Deprecations? | no | Tests pass? | yes | Fixed tickets | ~ | License | MIT | Doc PR | ~ Removed unnecessary statement from `PersistentTokenBasedRememberMeServices.php`. `$series` comes from `$cookieParts` and `$this->tokenProvider->loadTokenBySeries($series);` is supposed to find the token with that value. Doing `$persistentToken->getSeries();` should give us exactly the same value, so it is an unnecessary statement. Why? * We don't need it? We won't miss it when it's gone. * It confuses a code reader who starts guessing why would that be needed (at least I did and lost time because of that). Unless… It actually is needed, as we want `TokenProviderInterface` implementations to have a possibility to give a `PersistentTokenInterface` with a different series value than asked… I can make a PR to the testing class so that such requirement is checked upon. I don't believe that this is BC, as this behaviour isn't documented anywhere and no existing (known to me) implementations return different series than the asked ones (and current tests pass successfully). Commits ------- c7a91f1 Removed unnecessary statement from PersistentTokenBasedRememberMeServices.php
| * | | Removed unnecessary statement from PersistentTokenBasedRememberMeServices.phpDawid Nowak2015-05-071-1/+0
| | | |
* | | | Merge branch '2.6' into 2.7Fabien Potencier2015-05-151-1/+1
|\ \ \ \ | | |/ / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | * 2.6: fixed CS fixed CS Conflicts: src/Symfony/Component/Security/Http/Tests/Firewall/RememberMeListenerTest.php
| * | | fixed CSFabien Potencier2015-05-151-1/+1
| | | |
* | | | Merge branch '2.6' into 2.7Fabien Potencier2015-05-151-1/+1
|\ \ \ \ | |/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * 2.6: [DebugBundle] Allow alternative destination for dumps [DebugBundle] Use output mechanism of dumpers instead of echoing [DebugBundle] Always collect dumps Fix tests in HHVM CS: Pre incrementation/decrementation should be used if possible Conflicts: src/Symfony/Component/Finder/Expression/Glob.php
| * | | Merge branch '2.3' into 2.6Fabien Potencier2015-05-151-1/+1
| |\ \ \ | | | |/ | | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * 2.3: Fix tests in HHVM CS: Pre incrementation/decrementation should be used if possible Conflicts: src/Symfony/Bundle/TwigBundle/Command/LintCommand.php src/Symfony/Component/Console/Helper/TableHelper.php src/Symfony/Component/EventDispatcher/Tests/EventDispatcherTest.php src/Symfony/Component/HttpKernel/DataCollector/LoggerDataCollector.php src/Symfony/Component/HttpKernel/HttpCache/EsiResponseCacheStrategy.php src/Symfony/Component/Security/Acl/Dbal/AclProvider.php src/Symfony/Component/Security/Http/RememberMe/TokenBasedRememberMeServices.php
| | * | minor #14121 CS: Pre incrementation/decrementation should be used if ↵Fabien Potencier2015-05-151-1/+1
| | |\ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | possible (gharlan) This PR was merged into the 2.3 branch. Discussion ---------- CS: Pre incrementation/decrementation should be used if possible | Q | A | ------------- | --- | Bug fix? | no | New feature? | no | BC breaks? | no | Deprecations? | no | Tests pass? | yes | Fixed tickets | n/a | License | MIT | Doc PR | n/a Fixes provided by new fixer: https://github.com/FriendsOfPHP/PHP-CS-Fixer/pull/1113 If this pr is merged I would change the level of the fixer to `symfony`. Commits ------- c5123d6 CS: Pre incrementation/decrementation should be used if possible
| | | * | CS: Pre incrementation/decrementation should be used if possibleGregor Harlan2015-04-071-1/+1
| | | | |
* | | | | Merge branch '2.6' into 2.7v2.7.0-BETA2Nicolas Grekas2015-05-132-3/+3
|\ \ \ \ \ | |/ / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * 2.6: fix missing links to https://symfony.com fix missing links to https://symfony.com [travis] Don't use the cache [DebugBundle] Remove inlined dumps on XHR Conflicts: src/Symfony/Component/Security/Acl/README.md src/Symfony/Component/Security/Core/README.md src/Symfony/Component/Security/Csrf/README.md src/Symfony/Component/Security/Http/README.md
| * | | | fix missing links to https://symfony.comNicolas Grekas2015-05-132-3/+3
| | | | |
* | | | | Merge branch '2.6' into 2.7Fabien Potencier2015-05-111-1/+1
|\ \ \ \ \ | |/ / / / | | | | / | |_|_|/ |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * 2.6: (21 commits) bumped Symfony version to 2.6.8 updated VERSION for 2.6.7 updated CHANGELOG for 2.6.7 bumped Symfony version to 2.3.29 updated VERSION for 2.3.28 update CONTRIBUTORS for 2.3.28 updated CHANGELOG for 2.3.28 [Debug] Fixed ClassNotFoundFatalErrorHandlerTest [SecurityBundle] use access decision constants in config [SecurityBundle] use session auth constants in config PhpDoc fix in AbstractRememberMeServices [Filesystem] Simplified an if statement [SecurityBundle] Use Enum Nodes Instead Of Scalar [Debug 2.3] Fix test for PHP7 [HttpKernel] Check if "symfony/proxy-manager-bridge" package is installed [Translation] simplify getMessages. [Framework][Translation] added test for debug command. Run tests on hhvm instead of hhvm-nightly Use HTTPS in README and some other fixes add more entropy to generated classnames ... Conflicts: .travis.yml src/Symfony/Component/HttpKernel/Kernel.php
| * | | Merge branch '2.3' into 2.6v2.6.7Fabien Potencier2015-05-111-1/+1
| |\ \ \ | | |/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * 2.3: bumped Symfony version to 2.3.29 updated VERSION for 2.3.28 update CONTRIBUTORS for 2.3.28 updated CHANGELOG for 2.3.28 PhpDoc fix in AbstractRememberMeServices Conflicts: src/Symfony/Component/HttpKernel/Kernel.php
| | * | PhpDoc fix in AbstractRememberMeServicesv2.3.28Dawid Nowak2015-05-071-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | All extending classes return `UserInterface`, not TokenInterface: * https://github.com/symfony/symfony/blob/2.3/src/Symfony/Component/Security/Http/RememberMe/TokenBasedRememberMeServices.php#L64 * https://github.com/symfony/symfony/blob/2.3/src/Symfony/Component/Security/Http/RememberMe/PersistentTokenBasedRememberMeServices.php#L116 And `AbstractRememberMeServices` actually required the return value to be `UserInterface`: $user = $this->processAutoLoginCookie($cookieParts, $request); if (!$user instanceof UserInterface) { throw new \RuntimeException('processAutoLoginCookie() must return a UserInterface implementation.'); }
* | | | Merge branch '2.6' into 2.7Nicolas Grekas2015-04-181-1/+1
|\ \ \ \ | |/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * 2.6: [Routing][DependencyInjection] Support .yaml extension in YAML loaders [DX] improve file loader error for router/other resources in bundle [FrameworkBundle] Initialize translator with the default locale. [FrameworkBundle] Fix Routing\DelegatingLoader resiliency to fatal errors [2.6][Translation] remove duplicate code for loading catalogue. [HttpKernel] Cleanup ExceptionListener CS fixes [DependencyInjection] Show better error when the Yaml component is not installed [2.3] SCA for Components - reference mismatches [Debug] Scream as LogLevel::DEBUG (but for fatal errors / uncaught exceptions) [2.3] Static Code Analysis for Components [WebProfilerBundle] Fix resiliency to exceptions thrown by the url generator [Translation] LoggingTranslator simplifications [Translation][fixed test] refresh cache when resources are no longer fresh. [FrameworkBundle] Fixed server:start --router relative path issue #14124 [FrameworkBundle] improve usage of Table helper [Validator] Added missing Simplified Chinese (zh_CN) translations [FrameworkBundle] Workaround php -S ignoring auto_prepend_file Conflicts: src/Symfony/Bundle/FrameworkBundle/Tests/Translation/TranslatorTest.php src/Symfony/Component/Console/Helper/Table.php src/Symfony/Component/Translation/LoggingTranslator.php
| * | | Merge branch '2.3' into 2.6Nicolas Grekas2015-04-181-1/+1
| |\ \ \ | | |/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * 2.3: [Routing][DependencyInjection] Support .yaml extension in YAML loaders [DX] improve file loader error for router/other resources in bundle [FrameworkBundle] Fix Routing\DelegatingLoader resiliency to fatal errors [HttpKernel] Cleanup ExceptionListener CS fixes [DependencyInjection] Show better error when the Yaml component is not installed [2.3] SCA for Components - reference mismatches [2.3] Static Code Analysis for Components [Translation][fixed test] refresh cache when resources are no longer fresh. [Validator] Added missing Simplified Chinese (zh_CN) translations [FrameworkBundle] Workaround php -S ignoring auto_prepend_file Conflicts: src/Symfony/Bundle/FrameworkBundle/Tests/Translation/TranslatorTest.php src/Symfony/Component/Config/Exception/FileLoaderLoadException.php src/Symfony/Component/Console/Descriptor/TextDescriptor.php src/Symfony/Component/Console/Helper/TableHelper.php src/Symfony/Component/Console/Tests/Formatter/OutputFormatterTest.php src/Symfony/Component/DependencyInjection/Dumper/PhpDumper.php src/Symfony/Component/DependencyInjection/Dumper/YamlDumper.php src/Symfony/Component/HttpKernel/Debug/TraceableEventDispatcher.php src/Symfony/Component/HttpKernel/Tests/Debug/TraceableEventDispatcherTest.php src/Symfony/Component/PropertyAccess/PropertyAccessor.php src/Symfony/Component/Yaml/Tests/InlineTest.php
| | * | CS fixesDariusz Ruminski2015-04-161-1/+1
| | |/
* | | Use PSR-4 everywhere instead of PSR-0Tobias Schultze2015-04-111-2/+1
| | |
* | | removed 3.0 constraints from 2.7 composer filesv2.7.0-BETA1Fabien Potencier2015-04-101-7/+7
| | |
* | | Merge branch '2.6' into 2.7Fabien Potencier2015-03-301-2/+2
|\ \ \ | |/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * 2.6: [Validator] Add missing pt_BR translations Add parsing of hexadecimal strings for PHP 7 [Configuration] improve description for ignoreExtraKeys on ArrayNodeDefinition [Validator] Added missing Hungarian translation [Validator] Fixed grammar in Hungarian translation CS: Unary operators should be placed adjacent to their operands CS: Binary operators should be arounded by at least one space remove useless tests that fail in php 7 [Translator] fix test for php 7 compatibility Update phpdoc of ProcessBuilder#setPrefix() Conflicts: src/Symfony/Bridge/Propel1/Logger/PropelLogger.php src/Symfony/Component/Validator/Resources/translations/validators.hu.xlf
| * | Merge branch '2.3' into 2.6v2.6.6Fabien Potencier2015-03-301-2/+2
| |\ \ | | |/ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * 2.3: [Validator] Add missing pt_BR translations Add parsing of hexadecimal strings for PHP 7 [Configuration] improve description for ignoreExtraKeys on ArrayNodeDefinition [Validator] Added missing Hungarian translation [Validator] Fixed grammar in Hungarian translation CS: Unary operators should be placed adjacent to their operands CS: Binary operators should be arounded by at least one space remove useless tests that fail in php 7 [Translator] fix test for php 7 compatibility Update phpdoc of ProcessBuilder#setPrefix() Conflicts: src/Symfony/Component/HttpFoundation/Session/Attribute/NamespacedAttributeBag.php src/Symfony/Component/PropertyAccess/PropertyAccessor.php src/Symfony/Component/Validator/Resources/translations/validators.pt_BR.xlf src/Symfony/Component/Yaml/Parser.php
* | | Merge branch '2.6' into 2.7Fabien Potencier2015-03-271-1/+1
|\ \ \ | |/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * 2.6: CS: fixes Translator component has default domain for null implemented no need to have default translation domain logic in 3 different places [Form] [TwigBridge] Bootstrap layout whitespace control [travis] Kill tests when a new commit has been pushed fixed CS Change behavior to mirror hash_equals() returning early if there is a length mismatch CS fixing Prevent modifying secrets as much as possible Update StringUtils.php Whitespace Update StringUtils.php StringUtils::equals() arguments in RememberMe Cookie based implementation are confused CS: general fixes [SecurityBundle] removed a duplicated service definition and simplified others. Conflicts: src/Symfony/Bundle/SecurityBundle/Resources/config/security_listeners.xml
| * | StringUtils::equals() arguments in RememberMe Cookie based implementation ↵Ivan Kurnosov2015-03-251-1/+1
| | | | | | | | | | | | | | | | | | are confused It must be the other way around
* | | Merge branch '2.6' into 2.7Fabien Potencier2015-03-241-5/+6
|\ \ \ | |/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * 2.6: CS: fix some license headers CS: Ensure there is no code on the same line as the PHP open tag and it is followed by a blankline use visited lookup with reference to gain performance Replace GET parameters when changed [FrameworkBundle][debug:config] added support for dynamic configurations. [WebProfiler] Fix partial search on url in list Conflicts: src/Symfony/Bridge/Propel1/Form/EventListener/TranslationCollectionFormListener.php src/Symfony/Bridge/Propel1/Form/EventListener/TranslationFormListener.php
| * | Merge branch '2.3' into 2.6Fabien Potencier2015-03-241-5/+6
| |\ \ | | |/ | | | | | | | | | | | | | | | | | | | | | | | | | | | * 2.3: CS: fix some license headers CS: Ensure there is no code on the same line as the PHP open tag and it is followed by a blankline use visited lookup with reference to gain performance Replace GET parameters when changed Conflicts: src/Symfony/Component/DependencyInjection/Dumper/PhpDumper.php
| | * minor #14038 CS: fix some license headers (keradus)Fabien Potencier2015-03-241-6/+6
| | |\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This PR was merged into the 2.3 branch. Discussion ---------- CS: fix some license headers | Q | A | ------------- | --- | Bug fix? | no | New feature? | no | BC breaks? | no | Deprecations? | no | Tests pass? | ? | Fixed tickets | N/A | License | MIT | Doc PR | N/A Commits ------- 2b74841 CS: fix some license headers
| | | * CS: fix some license headersDariusz Ruminski2015-03-241-0/+10
| | | |
| | * | CS: Ensure there is no code on the same line as the PHP open tag and it is ↵Dariusz Ruminski2015-03-241-0/+1
| | |/ | | | | | | | | | followed by a blankline
| * | Merge branch '2.3' into 2.6Fabien Potencier2015-03-221-1/+1
| |\ \ | | |/ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * 2.3: Fix small coding style [2.3] Static Code Analysis for Components [Form] fixed phpdoc CS: Convert double quotes to single quotes Fixed MongoODM entity loader. Improved loading behavior of entities and documents by reusing entity loader. [Validator] added Japanese translation for unmatched charset (id: 80) [DependencyInjection] Highest precedence for user parameters [Translation][MoFileLoader] fixed load empty translation. bumped Symfony version to 2.3.27 updated VERSION for 2.3.26 update CONTRIBUTORS for 2.3.26 updated CHANGELOG for 2.3.26 Conflicts: src/Symfony/Bundle/FrameworkBundle/Command/AssetsInstallCommand.php src/Symfony/Bundle/FrameworkBundle/Command/ContainerDebugCommand.php src/Symfony/Bundle/TwigBundle/Command/LintCommand.php src/Symfony/Component/Config/Definition/ReferenceDumper.php src/Symfony/Component/Debug/ExceptionHandler.php src/Symfony/Component/DependencyInjection/Dumper/PhpDumper.php src/Symfony/Component/DependencyInjection/Tests/Compiler/MergeExtensionConfigurationPassTest.php src/Symfony/Component/DependencyInjection/Tests/DefinitionTest.php src/Symfony/Component/Filesystem/Filesystem.php src/Symfony/Component/HttpKernel/DataCollector/DataCollector.php src/Symfony/Component/HttpKernel/Kernel.php src/Symfony/Component/Serializer/Encoder/XmlEncoder.php src/Symfony/Component/Translation/PluralizationRules.php src/Symfony/Component/Validator/Constraints/IssnValidator.php src/Symfony/Component/Validator/Resources/translations/validators.ja.xlf src/Symfony/Component/Yaml/Tests/InlineTest.php
| | * CS: Convert double quotes to single quotesDariusz Ruminski2015-03-211-1/+1
| | |
* | | Changed visibility of setUp() and tearDown to protectedsarah khalil2015-03-131-2/+2
| | |
* | | Merge branch '2.6' into 2.7Nicolas Grekas2015-03-131-1/+1
|\ \ \ | |/ / | | | | | | | | | * 2.6: Changed visibility of setUp() and tearDown to protected
| * | Changed visibility of setUp() and tearDown to protectedsarah khalil2015-03-131-1/+1
| | |
* | | Merge branch '2.6' into 2.7Fabien Potencier2015-03-121-1/+1
|\ \ \ | |/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * 2.6: [HttpFoundation] MongoDbSessionHandler::read() now checks for valid session age Changed visibility of setUp() and tearDown to protected [WebProfilerBundle] Set debug+charset on the ExceptionHandler fallback Added default button class used HTML5 meta charset tag and removed hardcoded ones Revert "bug #13715 Enforce UTF-8 charset for core controllers (WouterJ)" fixed XSS in the exception handler Php Inspections (EA Extended) - static code analysis includes: [2.3] Remove most refs uses Test with local components instead of waiting for the subtree-splitter when possible Conflicts: .travis.yml
| * | Merge branch '2.3' into 2.6Nicolas Grekas2015-03-121-1/+1
| |\ \ | | |/ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * 2.3: Changed visibility of setUp() and tearDown to protected fixed XSS in the exception handler Php Inspections (EA Extended) - static code analysis includes: [2.3] Remove most refs uses Test with local components instead of waiting for the subtree-splitter when possible Conflicts: src/Symfony/Bundle/FrameworkBundle/Command/ContainerDebugCommand.php src/Symfony/Component/Config/Util/XmlUtils.php src/Symfony/Component/Console/Helper/ProgressHelper.php src/Symfony/Component/Debug/ExceptionHandler.php src/Symfony/Component/Debug/Tests/ErrorHandlerTest.php src/Symfony/Component/Filesystem/Tests/FilesystemTest.php src/Symfony/Component/OptionsResolver/Options.php src/Symfony/Component/Security/Acl/Dbal/MutableAclProvider.php src/Symfony/Component/Yaml/Inline.php
| | * Php Inspections (EA Extended) - static code analysis includes:Vladimir Reznichenko2015-03-071-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | Reduce couple count calls in [Yaml] Modernize type casting, fix several strict comparisons Unsets merged Elvis operator usage Short syntax for applied operations