diff --git a/book/doctrine.rst b/book/doctrine.rst
index 7cde77256c8..87e894c1f45 100644
--- a/book/doctrine.rst
+++ b/book/doctrine.rst
@@ -534,10 +534,10 @@ Take a look at the previous example in more detail:
responsible for handling the process of persisting and fetching objects
to and from the database.
-* **line 16** The ``persist()`` method tells Doctrine to "manage" the ``$product``
+* **line 17** The ``persist()`` method tells Doctrine to "manage" the ``$product``
object. This does not actually cause a query to be made to the database (yet).
-* **line 17** When the ``flush()`` method is called, Doctrine looks through
+* **line 18** When the ``flush()`` method is called, Doctrine looks through
all of the objects that it's managing to see if they need to be persisted
to the database. In this example, the ``$product`` object has not been
persisted yet, so the entity manager executes an ``INSERT`` query and a
diff --git a/book/routing.rst b/book/routing.rst
index 76989494359..ed0b4bf809c 100644
--- a/book/routing.rst
+++ b/book/routing.rst
@@ -1473,25 +1473,14 @@ route. With this information, any URL can easily be generated::
.. note::
- In controllers that don't extend Symfony's base
- :class:`Symfony\\Bundle\\FrameworkBundle\\Controller\\Controller`,
- you can use the ``router`` service's
- :method:`Symfony\\Component\\Routing\\Router::generate` method::
+ The ``generateUrl()`` method defined in the base
+ :class:`Symfony\\Bundle\\FrameworkBundle\\Controller\\Controller` class is
+ just a shortcut for this code::
- use Symfony\Component\DependencyInjection\ContainerAware;
-
- class MainController extends ContainerAware
- {
- public function showAction($slug)
- {
- // ...
-
- $url = $this->container->get('router')->generate(
- 'blog_show',
- array('slug' => 'my-blog-post')
- );
- }
- }
+ $url = $this->container->get('router')->generate(
+ 'blog_show',
+ array('slug' => 'my-blog-post')
+ );
In an upcoming section, you'll learn how to generate URLs from inside templates.
diff --git a/book/service_container.rst b/book/service_container.rst
index 66eb38641be..2cb08ae4078 100644
--- a/book/service_container.rst
+++ b/book/service_container.rst
@@ -276,10 +276,10 @@ The service container is built using a single configuration resource
be imported from inside this file in one way or another. This gives you absolute
flexibility over the services in your application.
-External service configuration can be imported in two different ways. The first
-method, commonly used to import container configuration from the bundles you've
-created - is via the ``imports`` directive. The second method, although slightly more
-complex offers more flexibility and is commonly used to import third-party bundle
+External service configuration can be imported in two different ways. The first
+method, commonly used to import container configuration from the bundles you've
+created - is via the ``imports`` directive. The second method, although slightly more
+complex offers more flexibility and is commonly used to import third-party bundle
configuration. Read on to learn more about both methods.
.. index::
@@ -1104,13 +1104,15 @@ to be used for a specific purpose. Take the following example:
xsi:schemaLocation="http://symfony.com/schema/dic/services
http://symfony.com/schema/dic/services/services-1.0.xsd">
-
+
+
-
-
+
+
+
.. code-block:: php
diff --git a/contributing/code/security.rst b/contributing/code/security.rst
index a9260491486..baa1baf711f 100644
--- a/contributing/code/security.rst
+++ b/contributing/code/security.rst
@@ -103,6 +103,8 @@ Security Advisories
This section indexes security vulnerabilities that were fixed in Symfony
releases, starting from Symfony 1.0.0:
+* November 23, 2015: `CVE-2015-8125: Potential Remote Timing Attack Vulnerability in Security Remember-Me Service `_ (2.3.35, 2.6.12 and 2.7.7)
+* November 23, 2015: `CVE-2015-8124: Session Fixation in the "Remember Me" Login Feature `_ (2.3.35, 2.6.12 and 2.7.7)
* May 26, 2015: `CVE-2015-4050: ESI unauthorized access `_ (Symfony 2.3.29, 2.5.12 and 2.6.8)
* April 1, 2015: `CVE-2015-2309: Unsafe methods in the Request class `_ (Symfony 2.3.27, 2.5.11 and 2.6.6)
* April 1, 2015: `CVE-2015-2308: Esi Code Injection `_ (Symfony 2.3.27, 2.5.11 and 2.6.6)
diff --git a/cookbook/configuration/override_dir_structure.rst b/cookbook/configuration/override_dir_structure.rst
index 105b225fd62..d387a7931fa 100644
--- a/cookbook/configuration/override_dir_structure.rst
+++ b/cookbook/configuration/override_dir_structure.rst
@@ -176,8 +176,7 @@ The change in the ``composer.json`` will look like this:
...
}
-In ``app/autoload.php``, you need to modify the path leading to the
-``vendor/autoload.php`` file::
+Then, update the path to the ``autoload.php`` file in ``app/autoload.php``::
// app/autoload.php
// ...
diff --git a/cookbook/doctrine/event_listeners_subscribers.rst b/cookbook/doctrine/event_listeners_subscribers.rst
index 93cbf3b4c1d..64c8d79ab9a 100644
--- a/cookbook/doctrine/event_listeners_subscribers.rst
+++ b/cookbook/doctrine/event_listeners_subscribers.rst
@@ -135,12 +135,14 @@ a ``postPersist`` method, which will be called when the event is dispatched::
public function postPersist(LifecycleEventArgs $args)
{
$entity = $args->getEntity();
- $entityManager = $args->getEntityManager();
- // perhaps you only want to act on some "Product" entity
- if ($entity instanceof Product) {
- // ... do something with the Product
+ // only act on some "Product" entity
+ if (!$entity instanceof Product) {
+ return;
}
+
+ $entityManager = $args->getEntityManager();
+ // ... do something with the Product
}
}
@@ -197,10 +199,10 @@ interface and have an event method for each event it subscribes to::
public function index(LifecycleEventArgs $args)
{
$entity = $args->getEntity();
- $entityManager = $args->getEntityManager();
// perhaps you only want to act on some "Product" entity
if ($entity instanceof Product) {
+ $entityManager = $args->getEntityManager();
// ... do something with the Product
}
}
diff --git a/cookbook/form/dynamic_form_modification.rst b/cookbook/form/dynamic_form_modification.rst
index db442c85740..4772ae871c2 100644
--- a/cookbook/form/dynamic_form_modification.rst
+++ b/cookbook/form/dynamic_form_modification.rst
@@ -411,25 +411,26 @@ it with :ref:`dic-tags-form-type`.
array('security.token_storage')
);
-If you wish to create it from within a controller or any other service that has
-access to the form factory, you then use::
+If you wish to create it from within a service that has access to the form factory,
+you then use::
- use Symfony\Component\DependencyInjection\ContainerAware;
+ $form = $formFactory->create('friend_message');
- class FriendMessageController extends ContainerAware
+In a controller that extends the :class:`Symfony\\Bundle\\FrameworkBundle\\Controller\\Controller`
+class, you can simply call::
+
+ use Symfony\Bundle\FrameworkBundle\Controller\Controller;
+
+ class FriendMessageController extends Controller
{
public function newAction(Request $request)
{
- $form = $this->get('form.factory')->create('friend_message');
+ $form = $this->createForm('friend_message');
// ...
}
}
-If you extend the ``Symfony\Bundle\FrameworkBundle\Controller\Controller`` class, you can simply call::
-
- $form = $this->createForm('friend_message');
-
You can also easily embed the form type into another form::
// inside some other "form type" class
diff --git a/cookbook/security/form_login_setup.rst b/cookbook/security/form_login_setup.rst
index 82a30190cc8..c936dd8b08e 100644
--- a/cookbook/security/form_login_setup.rst
+++ b/cookbook/security/form_login_setup.rst
@@ -12,10 +12,6 @@ In this entry, you'll build a traditional login form. Of course, when the
user logs in, you can load your users from anywhere - like the database.
See :ref:`security-user-providers` for details.
-This chapter assumes that you've followed the beginning of the
-:doc:`security chapter ` and have ``http_basic`` authentication
-working properly.
-
First, enable form login under your firewall:
.. configuration-block::
@@ -29,7 +25,6 @@ First, enable form login under your firewall:
firewalls:
default:
anonymous: ~
- http_basic: ~
form_login:
login_path: /login
check_path: /login_check
@@ -47,7 +42,6 @@ First, enable form login under your firewall:
-
@@ -60,7 +54,6 @@ First, enable form login under your firewall:
'firewalls' => array(
'default' => array(
'anonymous' => null,
- 'http_basic' => null,
'form_login' => array(
'login_path' => '/login',
'check_path' => '/login_check',
diff --git a/create_framework/dependency-injection.rst b/create_framework/dependency-injection.rst
index 86e6b6d78cf..39eaae4702e 100644
--- a/create_framework/dependency-injection.rst
+++ b/create_framework/dependency-injection.rst
@@ -132,7 +132,7 @@ them. Objects will be created on-demand when you access them from the
container or when the container needs them to create other objects.
For instance, to create the router listener, we tell Symfony that its class
-name is ``Symfony\Component\HttpKernel\EventListener\RouterListener``, and
+name is ``Symfony\Component\HttpKernel\EventListener\RouterListener`` and
that its constructor takes a matcher object (``new Reference('matcher')``). As
you can see, each object is referenced by a name, a string that uniquely
identifies each object. The name allows us to get an object and to reference
diff --git a/create_framework/event-dispatcher.rst b/create_framework/event-dispatcher.rst
index ac9a465fd8e..d2b062e415b 100644
--- a/create_framework/event-dispatcher.rst
+++ b/create_framework/event-dispatcher.rst
@@ -154,7 +154,7 @@ event (``response``); the event name must be the same as the one used in the
``dispatch()`` call.
In the listener, we add the Google Analytics code only if the response is not
-a redirection, if the requested format is HTML, and if the response content
+a redirection, if the requested format is HTML and if the response content
type is HTML (these conditions demonstrate the ease of manipulating the
Request and Response data from your code).
diff --git a/create_framework/front-controller.rst b/create_framework/front-controller.rst
index dcff8303f37..3ef47eb618b 100644
--- a/create_framework/front-controller.rst
+++ b/create_framework/front-controller.rst
@@ -57,7 +57,7 @@ And for the "Goodbye" page::
We have indeed moved most of the shared code into a central place, but it does
not feel like a good abstraction, does it? We still have the ``send()`` method
-for all pages, our pages do not look like templates, and we are still not able
+for all pages, our pages do not look like templates and we are still not able
to test this code properly.
Moreover, adding a new page means that we need to create a new PHP script,
@@ -159,7 +159,7 @@ web root directory:
Now, configure your web server root directory to point to ``web/`` and all
other files won't be accessible from the client anymore.
-To test your changes in a browser (``http://localhost:4321/?name=Fabien``), run
+To test your changes in a browser (``http://localhost:4321/hello/?name=Fabien``), run
the PHP built-in server:
.. code-block:: bash
diff --git a/create_framework/http-foundation.rst b/create_framework/http-foundation.rst
index 261821879b1..fcaa6c005b2 100644
--- a/create_framework/http-foundation.rst
+++ b/create_framework/http-foundation.rst
@@ -299,7 +299,7 @@ the wheel.
I've almost forgot to talk about one added benefit: using the HttpFoundation
component is the start of better interoperability between all frameworks and
applications using it (like `Symfony`_, `Drupal 8`_, `phpBB 4`_, `ezPublish
-5`_, `Laravel`_, `Silex`_, and `more`_).
+5`_, `Laravel`_, `Silex`_ and `more`_).
.. _`Twig`: http://twig.sensiolabs.org/
.. _`HTTP specification`: http://tools.ietf.org/wg/httpbis/
diff --git a/create_framework/http-kernel-httpkernel-class.rst b/create_framework/http-kernel-httpkernel-class.rst
index eb3b8cf7741..ab0663dcbce 100644
--- a/create_framework/http-kernel-httpkernel-class.rst
+++ b/create_framework/http-kernel-httpkernel-class.rst
@@ -11,7 +11,7 @@ There should be an easier way, right?
Enter the ``HttpKernel`` class. Instead of solving the same problem over and
over again and instead of reinventing the wheel each time, the ``HttpKernel``
-class is a generic, extensible, and flexible implementation of
+class is a generic, extensible and flexible implementation of
``HttpKernelInterface``.
This class is very similar to the framework class we have written so far: it
diff --git a/create_framework/routing.rst b/create_framework/routing.rst
index 8a59ce83c8a..2d994b4d8f0 100644
--- a/create_framework/routing.rst
+++ b/create_framework/routing.rst
@@ -82,7 +82,7 @@ of default values for route attributes (``array('name' => 'World')``).
:doc:`Routing component documentation ` to
learn more about its many features like URL generation, attribute
requirements, HTTP method enforcements, loaders for YAML or XML files,
- dumpers to PHP or Apache rewrite rules for enhanced performance, and much
+ dumpers to PHP or Apache rewrite rules for enhanced performance and much
more.
Based on the information stored in the ``RouteCollection`` instance, a
diff --git a/create_framework/separation-of-concerns.rst b/create_framework/separation-of-concerns.rst
index d7bb049970c..8eba278c6da 100644
--- a/create_framework/separation-of-concerns.rst
+++ b/create_framework/separation-of-concerns.rst
@@ -8,7 +8,7 @@ class. It would bring us better *reusability* and easier testing to name just
a few benefits.
If you have a closer look at the code, ``front.php`` has one input, the
-Request, and one output, the Response. Our framework class will follow this
+Request and one output, the Response. Our framework class will follow this
simple principle: the logic is about creating the Response associated with a
Request.
diff --git a/create_framework/templating.rst b/create_framework/templating.rst
index a6d55350f78..5fa4b4bc468 100644
--- a/create_framework/templating.rst
+++ b/create_framework/templating.rst
@@ -50,7 +50,7 @@ rendered::
As ``render_template`` is used as an argument to the PHP ``call_user_func()``
function, we can replace it with any valid PHP `callbacks`_. This allows us to
-use a function, an anonymous function, or a method of a class as a
+use a function, an anonymous function or a method of a class as a
controller... your choice.
As a convention, for each route, the associated controller is configured via
diff --git a/reference/configuration/framework.rst b/reference/configuration/framework.rst
index c7bd399c188..5510868a158 100644
--- a/reference/configuration/framework.rst
+++ b/reference/configuration/framework.rst
@@ -219,7 +219,7 @@ If you're using an IDE like TextMate or Mac Vim, then Symfony can turn all
of the file paths in an exception message into a link, which will open that
file in your IDE.
-Symfony contains preconfigured urls for some popular IDEs, you can set them
+Symfony contains preconfigured URLs for some popular IDEs, you can set them
using the following keys:
* ``textmate``
@@ -230,7 +230,7 @@ using the following keys:
.. versionadded:: 2.3.14
The ``emacs`` and ``sublime`` editors were introduced in Symfony 2.3.14.
-You can also specify a custom url string. If you do this, all percentage
+You can also specify a custom URL string. If you do this, all percentage
signs (``%``) must be doubled to escape that character. For example, if
you use PHPstorm on the Mac OS platform, you will do something like:
@@ -269,8 +269,11 @@ you use PHPstorm on the Mac OS platform, you will do something like:
Of course, since every developer uses a different IDE, it's better to set
this on a system level. This can be done by setting the ``xdebug.file_link_format``
-in the ``php.ini`` configuration to the url string. If this configuration
-value is set, then the ``ide`` option will be ignored.
+in the ``php.ini`` configuration to the URL string.
+
+If you don't use Xdebug, another way is to set this URL string in the
+``SYMFONY__TEMPLATING__HELPER__CODE__FILE_LINK_FORMAT`` environment variable.
+If any of these configurations values are set, the ``ide`` option will be ignored.
.. _reference-framework-test: