| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |\
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This PR was merged into the 2.7 branch.
Discussion
----------
CS: remove impossible default argument value
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | ?
| Fixed tickets | N/A
| License | MIT
| Doc PR | N/A
Commits
-------
acef3a3 CS: remove impossible default argument value
|
| | | |
|
| |\ \
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
* 2.3:
migrate session after remember me authentication
prevent timing attacks in digest auth listener
mitigate CSRF timing attack vulnerability
fix potential timing attack issue
|
| | |\ \
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
This PR was merged into the 2.3 branch.
Discussion
----------
n/a
n/a
Commits
-------
f88e600 migrate session after remember me authentication
|
| | | | | |
|
| | | | | |
|
| | |/ / |
|
| |\ \ \
| |/ /
| | /
| |/
|/|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* 2.3:
Fix undefined array $server
[ProxyManager] Tmp fix composer reqs issue in ZF
Add missing exclusions from phpunit.xml.dist
Fix the server variables in the router_*.php files
[Validator] Allow an empty path with a non empty fragment or a query
The following change adds support for Armenian pluralization.
[2.3][Process] fix Proccess run with pts enabled
Conflicts:
composer.json
src/Symfony/Bridge/ProxyManager/composer.json
src/Symfony/Bundle/DebugBundle/phpunit.xml.dist
src/Symfony/Component/Security/phpunit.xml.dist
|
| | | |
|
| |\ \
| |/
| |
| |
| |
| |
| |
| |
| | |
* 2.3:
[Routing] use constants in tests
[Validator] Allow an empty path in a URL with only a fragment or a query
[HttpFoundation] Fix some typo in the Request doc
fixed CS
Added separated handling of root paths
|
| | |
| |
| |
| | |
Regenerate session ID with default session strategy
|
| |\ \
| |/
| |
| |
| |
| | |
* 2.3:
[ci] SymfonyTestsListener is now auto-registered
adds validation messages missing italian translations
|
| |\ \
| |/
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* 2.3:
[tests] Use @requires annotation when possible
[ci] Enable collecting and replaying skipped tests
[Process] Workaround buggy PHP warning
[Console] Add additional ways to detect OS400 platform
[Yaml] Allow tabs before comments at the end of a line
Conflicts:
composer.json
src/Symfony/Bridge/Doctrine/Tests/Logger/DbalLoggerTest.php
src/Symfony/Bridge/Monolog/composer.json
src/Symfony/Bridge/Twig/composer.json
src/Symfony/Bundle/FrameworkBundle/composer.json
src/Symfony/Bundle/SecurityBundle/composer.json
src/Symfony/Component/Asset/composer.json
src/Symfony/Component/ClassLoader/Tests/LegacyApcUniversalClassLoaderTest.php
src/Symfony/Component/Console/composer.json
src/Symfony/Component/Debug/composer.json
src/Symfony/Component/DomCrawler/composer.json
src/Symfony/Component/EventDispatcher/composer.json
src/Symfony/Component/HttpFoundation/Tests/Session/Storage/Handler/MongoDbSessionHandlerTest.php
src/Symfony/Component/HttpFoundation/Tests/Session/Storage/Handler/PdoSessionHandlerTest.php
src/Symfony/Component/HttpFoundation/composer.json
src/Symfony/Component/Intl/composer.json
src/Symfony/Component/Routing/composer.json
src/Symfony/Component/Security/composer.json
src/Symfony/Component/Serializer/composer.json
src/Symfony/Component/Templating/composer.json
src/Symfony/Component/Translation/composer.json
src/Symfony/Component/Validator/composer.json
|
| |\ \
| |/
| |
| |
| |
| |
| | |
Conflicts:
src/Symfony/Bundle/FrameworkBundle/DependencyInjection/FrameworkExtension.php
src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/FrameworkExtensionTest.php
src/Symfony/Component/Security/Tests/Core/SecurityContextTest.php
|
| | | |
|
| |\ \
| |/
| |
| |
| |
| |
| |
| |
| | |
* 2.3:
[Security][bugfix] "Remember me" cookie cleared on logout with custom "secure"/"httponly" config options [1]
[ci] Use current PHP_BINARY when running ./phpunit
Fixed typos
[UPGRADE-3.0] fix bullet indentation
[Security] InMemoryUserProvider now concerns whether user's password is changed when refreshing
|
| | |\
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
custom "secure"/"httponly" config options [1] (MacDada)
This PR was squashed before being merged into the 2.3 branch (closes #14842).
Discussion
----------
[Security][bugfix] "Remember me" cookie cleared on logout with custom "secure"/"httponly" config options [1]
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #14822
| License | MIT
| Doc PR | ~
* test now always pass "secure" and "httponly" options, as they are required
* could be considered BC, but [`RememberMeFactory` passes them](https://github.com/symfony/symfony/blob/2.3/src/Symfony/Bundle/SecurityBundle/DependencyInjection/Security/Factory/RememberMeFactory.php#L21), so they should've always been treated as required
* I can squash the commits before merging
* Alternative solution: #14843
Commits
-------
18b1c6a [Security][bugfix] "Remember me" cookie cleared on logout with custom "secure"/"httponly" config options [1]
|
| | | |
| | |
| | |
| | | |
"secure"/"httponly" config options [1]
|
| | | | |
|
| | | | |
|
| |\ \ \
| |/ /
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
* 2.3:
[php7] Fix for substr() always returning a string
[Security] Do not save the target path in the session for a stateless firewall
[DependencyInjection] fixed FrozenParameterBag and improved Parameter…
Conflicts:
src/Symfony/Component/Debug/Tests/ErrorHandlerTest.php
src/Symfony/Component/Security/Http/Firewall/ExceptionListener.php
|
| | | | |
|
| |\ \ \
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
* 2.6:
[Yaml] throw a ParseException on invalid data type
#15331 add infos about deprecated classes to UPGRADE-3.0
[Security] removed useless else condition in SwitchUserListener class.
[travis] Tests deps=low with PHP 5.6
[Console] Fix console output with closed stdout
|
| | |\ \ \
| | |/ /
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
* 2.3:
#15331 add infos about deprecated classes to UPGRADE-3.0
[Security] removed useless else condition in SwitchUserListener class.
[travis] Tests deps=low with PHP 5.6
[Console] Fix console output with closed stdout
|
| | | | | |
|
| |\ \ \ \
| |/ / /
| | | |
| | | |
| | | |
| | | | |
* 2.6:
[2.6] Static Code Analysis for Components
[Security/Http] Fix test relying on a private property
|
| | | | | |
|
| | | | | |
|
| |\ \ \ \
| |/ / /
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
* 2.6:
[2.6] Towards 100% HHVM compat
[Security/Http] Fix test
[Stopwatch] Fix test
Minor fixes
Towards 100% HHVM compat
unify default AccessDeniedExeption message
trigger event with right user (add test)
[Security] Initialize SwitchUserEvent::targetUser on attemptExitUser
[Form] Fixed: Data mappers always receive forms indexed by their names
Conflicts:
src/Symfony/Bundle/FrameworkBundle/Controller/Controller.php
src/Symfony/Component/VarDumper/Tests/CliDumperTest.php
src/Symfony/Component/VarDumper/Tests/HtmlDumperTest.php
|
| | | | | |
|
| | |\ \ \
| | |/ /
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
* 2.3:
Minor fixes
Towards 100% HHVM compat
trigger event with right user (add test)
[Security] Initialize SwitchUserEvent::targetUser on attemptExitUser
[Form] Fixed: Data mappers always receive forms indexed by their names
Conflicts:
src/Symfony/Component/Debug/Tests/ErrorHandlerTest.php
src/Symfony/Component/Filesystem/Filesystem.php
src/Symfony/Component/Process/Tests/AbstractProcessTest.php
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
The `SwitchUserEvent` is triggered in case an account is switched. This works okay while switching to the user, but on exit the `SwitchUserEvent` is triggered again with the original User. That User was not initialized by the provider yet.
load user by UserInterface instead of username
|
| | |\ \ \
| | |/ /
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
* 2.3:
Fix quoting style consistency.
[DependencyInjection] Fail when dumping a Definition with no class nor factory
Normalizing recursively - see #9096
No change - the normalizeParams is a copy-and-paste of the earlier logic
fixes issue with logging array of non-utf8 data
fix validation for Maestro UK card numbers
|
| | | | | |
|
| | | | | |
|
| | | | | |
|
| |\ \ \ \
| |/ / /
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
* 2.6:
Add test for HHVM FatalErrors
[2.6][Debug] Fix fatal-errors handling on HHVM
[2.3][Debug] Fix fatal-errors handling on HHVM
Standardize the name of the exception variables
[2.3] Static Code Analysis for Components
Remove duplicated paths
Conflicts:
src/Symfony/Component/Debug/ErrorHandler.php
src/Symfony/Component/Security/Http/Firewall/BasicAuthenticationListener.php
src/Symfony/Component/Security/Http/Firewall/ContextListener.php
src/Symfony/Component/Security/Http/Firewall/RememberMeListener.php
src/Symfony/Component/Security/Http/RememberMe/AbstractRememberMeServices.php
|
| | |\ \ \
| | |/ /
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
* 2.3:
[2.3][Debug] Fix fatal-errors handling on HHVM
Standardize the name of the exception variables
[2.3] Static Code Analysis for Components
Remove duplicated paths
Conflicts:
src/Symfony/Component/Debug/ErrorHandler.php
src/Symfony/Component/HttpFoundation/Session/Storage/MockArraySessionStorage.php
src/Symfony/Component/Security/Acl/Dbal/AclProvider.php
src/Symfony/Component/Security/Core/Authentication/Provider/UserAuthenticationProvider.php
|
| | | |/ |
|
| | | | |
|
| | | | |
|
| |\ \ \
| |/ /
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
* 2.6: (30 commits)
[Translation] fixed JSON loader on PHP 7 when file is empty
Fix typo
Check instance of FormBuilderInterface instead of FormBuilder
[Security] TokenBasedRememberMeServices test to show why encoding username is required
[Security] AbstractRememberMeServices::encodeCookie() validates cookie parts
fixed typo
[console][formater] allow format toString object.
[HttpFoundation] Fix baseUrl when script filename is contained in pathInfo
Avoid redirection to XHR URIs
[HttpFoundation] IpUtils::checkIp4() should allow networks
[2.6] Fix HTML escaping of to-source links
Fix HTML escaping of to-source links
ExceptionHandler: More Encoding
Fix the rendering of deprecation log messages
[FrameworkBundle] Removed unnecessary parameter in TemplateController
[DomCrawler] Throw an exception if a form field path is incomplete.
Fixed the indentation in the compiled template for the DumpNode
[Console] Delete duplicate test in CommandTest
[TwigBundle] Refresh twig paths when resources change.
WebProfiler break words
...
Conflicts:
src/Symfony/Bridge/Twig/composer.json
src/Symfony/Bundle/WebProfilerBundle/Resources/views/Collector/logger.html.twig
src/Symfony/Component/Debug/ExceptionHandler.php
|
| | |\ \
| | |/
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
* 2.3:
Fix typo
Check instance of FormBuilderInterface instead of FormBuilder
[Security] TokenBasedRememberMeServices test to show why encoding username is required
[Security] AbstractRememberMeServices::encodeCookie() validates cookie parts
[console][formater] allow format toString object.
[HttpFoundation] Fix baseUrl when script filename is contained in pathInfo
Avoid redirection to XHR URIs
[HttpFoundation] IpUtils::checkIp4() should allow networks
Fix HTML escaping of to-source links
[FrameworkBundle] Removed unnecessary parameter in TemplateController
[DomCrawler] Throw an exception if a form field path is incomplete.
[Console] Delete duplicate test in CommandTest
[TwigBundle] Refresh twig paths when resources change.
WebProfiler break words
fixed typo
Update README.md
[HttpKernel] Handle an array vary header in the http cache store
[Security][Translation] fixes #14584
[Framework] added test for Router commands.
Handled bearer authorization header in REDIRECT_ form
Conflicts:
src/Symfony/Component/Debug/ExceptionHandler.php
|
| | | |\
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
encoding username is required (MacDada)
This PR was squashed before being merged into the 2.3 branch (closes #14670).
Discussion
----------
[Security] TokenBasedRememberMeServices test to show why encoding username is required
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #14577
| License | MIT
| Doc PR | no
241538d shows that it's not actually tested, 257b796 reimplements it with test.
I can remove the POC commit if it's not needed.
Commits
-------
63a9736 [Security] TokenBasedRememberMeServices test to show why encoding username is required
|
| | | | |
| | | |
| | | |
| | | | |
is required
|
| | | |\ \
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
cookie parts (MacDada)
This PR was squashed before being merged into the 2.3 branch (closes #14678).
Discussion
----------
[Security] AbstractRememberMeServices::encodeCookie() validates cookie parts
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #14577
| License | MIT
| Doc PR | no
`AbstractRememberMeServices::encodeCookie()` guards against `COOKIE_DELIMITER` in `$cookieParts`.
* it would make `AbstractRememberMeServices::cookieDecode()` broken
* all current extending classes do it anyway (see #14670 )
* added tests – it's not a public method, but it is expected to be used by user implementations – as such, it's good to know that it works properly
Commits
-------
464c39a [Security] AbstractRememberMeServices::encodeCookie() validates cookie parts
|
| | | | |/ |
|
| | | |/ |
|
| |\ \ \
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
This PR was merged into the 2.7 branch.
Discussion
----------
[Security] Removed unnecessary statement
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | ~
| License | MIT
| Doc PR | ~
Removed unnecessary statement from `PersistentTokenBasedRememberMeServices.php`.
`$series` comes from `$cookieParts` and `$this->tokenProvider->loadTokenBySeries($series);` is supposed to find the token with that value. Doing `$persistentToken->getSeries();` should give us exactly the same value, so it is an unnecessary statement.
Why?
* We don't need it? We won't miss it when it's gone.
* It confuses a code reader who starts guessing why would that be needed (at least I did and lost time because of that).
Unless…
It actually is needed, as we want `TokenProviderInterface` implementations to have a possibility to give a `PersistentTokenInterface` with a different series value than asked… I can make a PR to the testing class so that such requirement is checked upon.
I don't believe that this is BC, as this behaviour isn't documented anywhere and no existing (known to me) implementations return different series than the asked ones (and current tests pass successfully).
Commits
-------
c7a91f1 Removed unnecessary statement from PersistentTokenBasedRememberMeServices.php
|
| | | | | |
|
| |\ \ \ \
| | |/ /
| |/| |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
* 2.6:
fixed CS
fixed CS
Conflicts:
src/Symfony/Component/Security/Http/Tests/Firewall/RememberMeListenerTest.php
|
| | | | | |
|
| |\ \ \ \
| |/ / /
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
* 2.6:
[DebugBundle] Allow alternative destination for dumps
[DebugBundle] Use output mechanism of dumpers instead of echoing
[DebugBundle] Always collect dumps
Fix tests in HHVM
CS: Pre incrementation/decrementation should be used if possible
Conflicts:
src/Symfony/Component/Finder/Expression/Glob.php
|
| | |\ \ \
| | | |/
| | |/|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
* 2.3:
Fix tests in HHVM
CS: Pre incrementation/decrementation should be used if possible
Conflicts:
src/Symfony/Bundle/TwigBundle/Command/LintCommand.php
src/Symfony/Component/Console/Helper/TableHelper.php
src/Symfony/Component/EventDispatcher/Tests/EventDispatcherTest.php
src/Symfony/Component/HttpKernel/DataCollector/LoggerDataCollector.php
src/Symfony/Component/HttpKernel/HttpCache/EsiResponseCacheStrategy.php
src/Symfony/Component/Security/Acl/Dbal/AclProvider.php
src/Symfony/Component/Security/Http/RememberMe/TokenBasedRememberMeServices.php
|
| | | |\ \
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
possible (gharlan)
This PR was merged into the 2.3 branch.
Discussion
----------
CS: Pre incrementation/decrementation should be used if possible
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
Fixes provided by new fixer: https://github.com/FriendsOfPHP/PHP-CS-Fixer/pull/1113
If this pr is merged I would change the level of the fixer to `symfony`.
Commits
-------
c5123d6 CS: Pre incrementation/decrementation should be used if possible
|
| | | | | | |
|
| |\ \ \ \ \
| |/ / / /
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
* 2.6:
fix missing links to https://symfony.com
fix missing links to https://symfony.com
[travis] Don't use the cache
[DebugBundle] Remove inlined dumps on XHR
Conflicts:
src/Symfony/Component/Security/Acl/README.md
src/Symfony/Component/Security/Core/README.md
src/Symfony/Component/Security/Csrf/README.md
src/Symfony/Component/Security/Http/README.md
|
| | | | | | |
|
| |\ \ \ \ \
| |/ / / /
| | | | /
| |_|_|/
|/| | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
* 2.6: (21 commits)
bumped Symfony version to 2.6.8
updated VERSION for 2.6.7
updated CHANGELOG for 2.6.7
bumped Symfony version to 2.3.29
updated VERSION for 2.3.28
update CONTRIBUTORS for 2.3.28
updated CHANGELOG for 2.3.28
[Debug] Fixed ClassNotFoundFatalErrorHandlerTest
[SecurityBundle] use access decision constants in config
[SecurityBundle] use session auth constants in config
PhpDoc fix in AbstractRememberMeServices
[Filesystem] Simplified an if statement
[SecurityBundle] Use Enum Nodes Instead Of Scalar
[Debug 2.3] Fix test for PHP7
[HttpKernel] Check if "symfony/proxy-manager-bridge" package is installed
[Translation] simplify getMessages.
[Framework][Translation] added test for debug command.
Run tests on hhvm instead of hhvm-nightly
Use HTTPS in README and some other fixes
add more entropy to generated classnames
...
Conflicts:
.travis.yml
src/Symfony/Component/HttpKernel/Kernel.php
|
| | |\ \ \
| | |/ /
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
* 2.3:
bumped Symfony version to 2.3.29
updated VERSION for 2.3.28
update CONTRIBUTORS for 2.3.28
updated CHANGELOG for 2.3.28
PhpDoc fix in AbstractRememberMeServices
Conflicts:
src/Symfony/Component/HttpKernel/Kernel.php
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
All extending classes return `UserInterface`, not TokenInterface:
* https://github.com/symfony/symfony/blob/2.3/src/Symfony/Component/Security/Http/RememberMe/TokenBasedRememberMeServices.php#L64
* https://github.com/symfony/symfony/blob/2.3/src/Symfony/Component/Security/Http/RememberMe/PersistentTokenBasedRememberMeServices.php#L116
And `AbstractRememberMeServices` actually required the return value to be `UserInterface`:
$user = $this->processAutoLoginCookie($cookieParts, $request);
if (!$user instanceof UserInterface) {
throw new \RuntimeException('processAutoLoginCookie() must return a UserInterface implementation.');
}
|
| |\ \ \ \
| |/ / /
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
* 2.6:
[Routing][DependencyInjection] Support .yaml extension in YAML loaders
[DX] improve file loader error for router/other resources in bundle
[FrameworkBundle] Initialize translator with the default locale.
[FrameworkBundle] Fix Routing\DelegatingLoader resiliency to fatal errors
[2.6][Translation] remove duplicate code for loading catalogue.
[HttpKernel] Cleanup ExceptionListener
CS fixes
[DependencyInjection] Show better error when the Yaml component is not installed
[2.3] SCA for Components - reference mismatches
[Debug] Scream as LogLevel::DEBUG (but for fatal errors / uncaught exceptions)
[2.3] Static Code Analysis for Components
[WebProfilerBundle] Fix resiliency to exceptions thrown by the url generator
[Translation] LoggingTranslator simplifications
[Translation][fixed test] refresh cache when resources are no longer fresh.
[FrameworkBundle] Fixed server:start --router relative path issue #14124
[FrameworkBundle] improve usage of Table helper
[Validator] Added missing Simplified Chinese (zh_CN) translations
[FrameworkBundle] Workaround php -S ignoring auto_prepend_file
Conflicts:
src/Symfony/Bundle/FrameworkBundle/Tests/Translation/TranslatorTest.php
src/Symfony/Component/Console/Helper/Table.php
src/Symfony/Component/Translation/LoggingTranslator.php
|
| | |\ \ \
| | |/ /
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
* 2.3:
[Routing][DependencyInjection] Support .yaml extension in YAML loaders
[DX] improve file loader error for router/other resources in bundle
[FrameworkBundle] Fix Routing\DelegatingLoader resiliency to fatal errors
[HttpKernel] Cleanup ExceptionListener
CS fixes
[DependencyInjection] Show better error when the Yaml component is not installed
[2.3] SCA for Components - reference mismatches
[2.3] Static Code Analysis for Components
[Translation][fixed test] refresh cache when resources are no longer fresh.
[Validator] Added missing Simplified Chinese (zh_CN) translations
[FrameworkBundle] Workaround php -S ignoring auto_prepend_file
Conflicts:
src/Symfony/Bundle/FrameworkBundle/Tests/Translation/TranslatorTest.php
src/Symfony/Component/Config/Exception/FileLoaderLoadException.php
src/Symfony/Component/Console/Descriptor/TextDescriptor.php
src/Symfony/Component/Console/Helper/TableHelper.php
src/Symfony/Component/Console/Tests/Formatter/OutputFormatterTest.php
src/Symfony/Component/DependencyInjection/Dumper/PhpDumper.php
src/Symfony/Component/DependencyInjection/Dumper/YamlDumper.php
src/Symfony/Component/HttpKernel/Debug/TraceableEventDispatcher.php
src/Symfony/Component/HttpKernel/Tests/Debug/TraceableEventDispatcherTest.php
src/Symfony/Component/PropertyAccess/PropertyAccessor.php
src/Symfony/Component/Yaml/Tests/InlineTest.php
|
| | | |/ |
|
| | | | |
|
| | | | |
|
| |\ \ \
| |/ /
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
* 2.6:
[Validator] Add missing pt_BR translations
Add parsing of hexadecimal strings for PHP 7
[Configuration] improve description for ignoreExtraKeys on ArrayNodeDefinition
[Validator] Added missing Hungarian translation
[Validator] Fixed grammar in Hungarian translation
CS: Unary operators should be placed adjacent to their operands
CS: Binary operators should be arounded by at least one space
remove useless tests that fail in php 7
[Translator] fix test for php 7 compatibility
Update phpdoc of ProcessBuilder#setPrefix()
Conflicts:
src/Symfony/Bridge/Propel1/Logger/PropelLogger.php
src/Symfony/Component/Validator/Resources/translations/validators.hu.xlf
|
| | |\ \
| | |/
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
* 2.3:
[Validator] Add missing pt_BR translations
Add parsing of hexadecimal strings for PHP 7
[Configuration] improve description for ignoreExtraKeys on ArrayNodeDefinition
[Validator] Added missing Hungarian translation
[Validator] Fixed grammar in Hungarian translation
CS: Unary operators should be placed adjacent to their operands
CS: Binary operators should be arounded by at least one space
remove useless tests that fail in php 7
[Translator] fix test for php 7 compatibility
Update phpdoc of ProcessBuilder#setPrefix()
Conflicts:
src/Symfony/Component/HttpFoundation/Session/Attribute/NamespacedAttributeBag.php
src/Symfony/Component/PropertyAccess/PropertyAccessor.php
src/Symfony/Component/Validator/Resources/translations/validators.pt_BR.xlf
src/Symfony/Component/Yaml/Parser.php
|
| |\ \ \
| |/ /
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
* 2.6:
CS: fixes
Translator component has default domain for null implemented no need to have default translation domain logic in 3 different places
[Form] [TwigBridge] Bootstrap layout whitespace control
[travis] Kill tests when a new commit has been pushed
fixed CS
Change behavior to mirror hash_equals() returning early if there is a length mismatch
CS fixing
Prevent modifying secrets as much as possible
Update StringUtils.php
Whitespace
Update StringUtils.php
StringUtils::equals() arguments in RememberMe Cookie based implementation are confused
CS: general fixes
[SecurityBundle] removed a duplicated service definition and simplified others.
Conflicts:
src/Symfony/Bundle/SecurityBundle/Resources/config/security_listeners.xml
|
| | | |
| | |
| | |
| | |
| | |
| | | |
are confused
It must be the other way around
|
| |\ \ \
| |/ /
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
* 2.6:
CS: fix some license headers
CS: Ensure there is no code on the same line as the PHP open tag and it is followed by a blankline
use visited lookup with reference to gain performance
Replace GET parameters when changed
[FrameworkBundle][debug:config] added support for dynamic configurations.
[WebProfiler] Fix partial search on url in list
Conflicts:
src/Symfony/Bridge/Propel1/Form/EventListener/TranslationCollectionFormListener.php
src/Symfony/Bridge/Propel1/Form/EventListener/TranslationFormListener.php
|
| | |\ \
| | |/
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
* 2.3:
CS: fix some license headers
CS: Ensure there is no code on the same line as the PHP open tag and it is followed by a blankline
use visited lookup with reference to gain performance
Replace GET parameters when changed
Conflicts:
src/Symfony/Component/DependencyInjection/Dumper/PhpDumper.php
|
| | | |\
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
This PR was merged into the 2.3 branch.
Discussion
----------
CS: fix some license headers
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | ?
| Fixed tickets | N/A
| License | MIT
| Doc PR | N/A
Commits
-------
2b74841 CS: fix some license headers
|
| | | | | |
|
| | | |/
| | |
| | |
| | | |
followed by a blankline
|
| | |\ \
| | |/
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
* 2.3:
Fix small coding style
[2.3] Static Code Analysis for Components
[Form] fixed phpdoc
CS: Convert double quotes to single quotes
Fixed MongoODM entity loader. Improved loading behavior of entities and documents by reusing entity loader.
[Validator] added Japanese translation for unmatched charset (id: 80)
[DependencyInjection] Highest precedence for user parameters
[Translation][MoFileLoader] fixed load empty translation.
bumped Symfony version to 2.3.27
updated VERSION for 2.3.26
update CONTRIBUTORS for 2.3.26
updated CHANGELOG for 2.3.26
Conflicts:
src/Symfony/Bundle/FrameworkBundle/Command/AssetsInstallCommand.php
src/Symfony/Bundle/FrameworkBundle/Command/ContainerDebugCommand.php
src/Symfony/Bundle/TwigBundle/Command/LintCommand.php
src/Symfony/Component/Config/Definition/ReferenceDumper.php
src/Symfony/Component/Debug/ExceptionHandler.php
src/Symfony/Component/DependencyInjection/Dumper/PhpDumper.php
src/Symfony/Component/DependencyInjection/Tests/Compiler/MergeExtensionConfigurationPassTest.php
src/Symfony/Component/DependencyInjection/Tests/DefinitionTest.php
src/Symfony/Component/Filesystem/Filesystem.php
src/Symfony/Component/HttpKernel/DataCollector/DataCollector.php
src/Symfony/Component/HttpKernel/Kernel.php
src/Symfony/Component/Serializer/Encoder/XmlEncoder.php
src/Symfony/Component/Translation/PluralizationRules.php
src/Symfony/Component/Validator/Constraints/IssnValidator.php
src/Symfony/Component/Validator/Resources/translations/validators.ja.xlf
src/Symfony/Component/Yaml/Tests/InlineTest.php
|
| | | | |
|
| | | | |
|
| |\ \ \
| |/ /
| | |
| | |
| | | |
* 2.6:
Changed visibility of setUp() and tearDown to protected
|
| | | | |
|
| |\ \ \
| |/ /
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
* 2.6:
[HttpFoundation] MongoDbSessionHandler::read() now checks for valid session age
Changed visibility of setUp() and tearDown to protected
[WebProfilerBundle] Set debug+charset on the ExceptionHandler fallback
Added default button class
used HTML5 meta charset tag and removed hardcoded ones
Revert "bug #13715 Enforce UTF-8 charset for core controllers (WouterJ)"
fixed XSS in the exception handler
Php Inspections (EA Extended) - static code analysis includes:
[2.3] Remove most refs uses
Test with local components instead of waiting for the subtree-splitter when possible
Conflicts:
.travis.yml
|
| | |\ \
| | |/
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
* 2.3:
Changed visibility of setUp() and tearDown to protected
fixed XSS in the exception handler
Php Inspections (EA Extended) - static code analysis includes:
[2.3] Remove most refs uses
Test with local components instead of waiting for the subtree-splitter when possible
Conflicts:
src/Symfony/Bundle/FrameworkBundle/Command/ContainerDebugCommand.php
src/Symfony/Component/Config/Util/XmlUtils.php
src/Symfony/Component/Console/Helper/ProgressHelper.php
src/Symfony/Component/Debug/ExceptionHandler.php
src/Symfony/Component/Debug/Tests/ErrorHandlerTest.php
src/Symfony/Component/Filesystem/Tests/FilesystemTest.php
src/Symfony/Component/OptionsResolver/Options.php
src/Symfony/Component/Security/Acl/Dbal/MutableAclProvider.php
src/Symfony/Component/Yaml/Inline.php
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Reduce couple count calls in [Yaml]
Modernize type casting, fix several strict comparisons
Unsets merged
Elvis operator usage
Short syntax for applied operations
|
| |\ \ \
| |/ /
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
* 2.6:
Php Inspections (EA Extended): squash all PR-13813 commits
replaced the last remaining is_integer() call
[2.3] [Config] [Console] [DependencyInjection] [DomCrawler] [Form] [HttpKernel] [PropertyAccess] [Security] [Translation] [Yaml] static code analysis, code cleanup
[FrameworkBundle] simplify dep declaration
[VarDumper] Fix "next element is already occupied"
[Validator] Added missing galician (gl) translations
[PropertyAccess] stop overwriting once a reference is reached (3rd)
[OptionsResolver] Remove Unused Variable from Foreach Cycles
[travis] Tests Security sub-components
[Twig] bootstrap_3_layout.html.twig is usable as a trait
[travis] Tests Security sub-components
CS fixes
[TwigBridge] Bootstrap Layout - Fix the label of checkbox cannot be empty
[travis] test with php nightly
Conflicts:
.travis.yml
src/Symfony/Bundle/FrameworkBundle/composer.json
src/Symfony/Component/Security/Http/Tests/Firewall/ExceptionListenerTest.php
src/Symfony/Component/Security/Http/Tests/Firewall/RememberMeListenerTest.php
|
| | |\ \
| | |/
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
* 2.3:
replaced the last remaining is_integer() call
[2.3] [Config] [Console] [DependencyInjection] [DomCrawler] [Form] [HttpKernel] [PropertyAccess] [Security] [Translation] [Yaml] static code analysis, code cleanup
[Validator] Added missing galician (gl) translations
[travis] Tests Security sub-components
[travis] Tests Security sub-components
CS fixes
[travis] test with php nightly
Conflicts:
src/Symfony/Component/Security/Http/Tests/Firewall/RememberMeListenerTest.php
|
| | |\ \
| | |/
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
* 2.3:
Minor hot fix
[PROCESS] make sure /dev/tty is readable
[2.3] require-dev PHPUnit bridge
[FrameworkBundle] Fixed Shell logo
[2.3] Update CONTRIBUTING.md
[2.3][Process] Fixed PhpProcess::getCommandLine() result
[Console] explicit assertion for ArgvInput::getFirstArgument() with no arguments
Enforce UTF-8 charset for core controllers
Conflicts:
CONTRIBUTING.md
src/Symfony/Bridge/Monolog/composer.json
src/Symfony/Bundle/FrameworkBundle/composer.json
src/Symfony/Bundle/SecurityBundle/composer.json
src/Symfony/Bundle/TwigBundle/Controller/ExceptionController.php
src/Symfony/Bundle/WebProfilerBundle/Controller/ProfilerController.php
src/Symfony/Component/Console/composer.json
src/Symfony/Component/Debug/composer.json
src/Symfony/Component/DomCrawler/composer.json
src/Symfony/Component/EventDispatcher/composer.json
src/Symfony/Component/HttpFoundation/composer.json
src/Symfony/Component/Security/composer.json
src/Symfony/Component/Templating/composer.json
|
| | | | |
|
| | | | |
|
| |\ \ \
| |/ /
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
* 2.6: (21 commits)
[FrameworkBundle] Fix title and placeholder rendering in php form templates.
[TwigBridge] Removed duplicated code from TwigRenderer
[Translator][Logging] implement TranslatorBagInterface.
RequestDataCollector - small fix
renamed composer.phar to composer to be consistent with the Symfony docs
[FrameworkBundle] bumped min version of Routing to 2.3
removed composer --dev option everywhere
fixed a test
[Console] Fixed output bug, if escaped string in a formatted string.
“console help” ignores --raw option
Fix form icon position in web profiler
[Security] Remove ContextListener's onKernelResponse listener as it is used
Revert "minor #12652 [HttpFoundation] [Hackday] #9942 test: Request::getContent() for null value (skler)"
Revert "fixed assertion"
fixed assertion
[HttpFoundation] [Hackday] #9942 test: Request::getContent() for null value
fixed URL
Add reference to documentation in FormEvents phpdocs
[YAML] Fix one-liners to work with multiple new lines
Keep "pre" meaning for var_dump quick-and-dirty debug
...
Conflicts:
src/Symfony/Bridge/Twig/composer.json
src/Symfony/Bundle/FrameworkBundle/composer.json
src/Symfony/Component/Security/Http/Firewall/ContextListener.php
src/Symfony/Component/Security/Http/Tests/Firewall/ContextListenerTest.php
|
| | |\ \
| | |/
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
* 2.3:
[FrameworkBundle] Fix title and placeholder rendering in php form templates.
RequestDataCollector - small fix
renamed composer.phar to composer to be consistent with the Symfony docs
[FrameworkBundle] bumped min version of Routing to 2.3
removed composer --dev option everywhere
fixed a test
[Console] Fixed output bug, if escaped string in a formatted string.
[Security] Remove ContextListener's onKernelResponse listener as it is used
Revert "minor #12652 [HttpFoundation] [Hackday] #9942 test: Request::getContent() for null value (skler)"
Revert "fixed assertion"
fixed assertion
[HttpFoundation] [Hackday] #9942 test: Request::getContent() for null value
fixed URL
Add reference to documentation in FormEvents phpdocs
[YAML] Fix one-liners to work with multiple new lines
Keep "pre" meaning for var_dump quick-and-dirty debug
[Console][Table] Fix cell padding with multi-byte
Conflicts:
src/Symfony/Bundle/FrameworkBundle/Resources/views/Form/widget_attributes.html.php
src/Symfony/Bundle/FrameworkBundle/composer.json
src/Symfony/Component/Console/Helper/TableHelper.php
|
| | | |\
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
it is used (davedevelopment)
This PR was squashed before being merged into the 2.3 branch (closes #13466).
Discussion
----------
[Security] Remove ContextListener's onKernelResponse listener as it is used
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
The context listeners are specific to a particular firewall, and as such, should not be applied if the current request doesn't match that context listener. To avoid this, the context listener can remove itself from the dispatcher as it is called.
This comes in to affect when two or more firewalls are setup and using the same kernel for multiple requests. Assuming there are two firewalls 'site' and 'admin'
- Request comes in matching 'site' firewall, 'site' ContextListener adds it's onKernelResponse method to the dispatcher
- Succesful auth for 'site'
- ContextListener writes token to session
- Request comes in matching 'admin' firewall, 'admin' ContextListener can't find anything in the session, so nulls the token in the security context
- 'site' ContextListener listens for response, can't find a token in the security context so removes the 'site' token from the session
Commits
-------
380d805 [Security] Remove ContextListener's onKernelResponse listener as it is used
|
| | | | | |
|
| |\ \ \ \
| |/ / /
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
* 2.6:
[2.3] [HttpFoundation] [MimeTypeGuesser]
Removed dead code and various cleaning
Removed dead code and various cleaning
[FrameworkBundle][xsd] added missing logging attribute.
[Console] Make it clear that the second argument is not about command options.
Added the '-' character for spaceless on tag start and end to be consistent for block, if, set and for nodes
[Yaml] fixed parse shortcut Key after unindented collection.
[Console] fixed #10531
Make the container considered non-fresh if the environment parameters are changed
|
| | |\ \ \
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
* 2.5:
[2.3] [HttpFoundation] [MimeTypeGuesser]
Removed dead code and various cleaning
[Console] Make it clear that the second argument is not about command options.
Added the '-' character for spaceless on tag start and end to be consistent for block, if, set and for nodes
[Yaml] fixed parse shortcut Key after unindented collection.
[Console] fixed #10531
Make the container considered non-fresh if the environment parameters are changed
Conflicts:
src/Symfony/Bridge/Twig/Resources/views/Form/form_div_layout.html.twig
|
| | | |\ \ \
| | | |/ /
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
* 2.3:
[2.3] [HttpFoundation] [MimeTypeGuesser]
Removed dead code and various cleaning
[Console] Make it clear that the second argument is not about command options.
Added the '-' character for spaceless on tag start and end to be consistent for block, if, set and for nodes
[Yaml] fixed parse shortcut Key after unindented collection.
[Console] fixed #10531
Make the container considered non-fresh if the environment parameters are changed
Conflicts:
src/Symfony/Bridge/Twig/Resources/views/Form/form_div_layout.html.twig
src/Symfony/Bridge/Twig/Resources/views/Form/form_table_layout.html.twig
src/Symfony/Component/Console/Tests/ApplicationTest.php
src/Symfony/Component/Security/Core/Authentication/Provider/PreAuthenticatedAuthenticationProvider.php
|
| | | | |/ |
|
| | | | | |
|
| | | | | |
|
| | | | | |
|
| | | | | |
|
