From f73133dd2c8b6dbb47ba518003aeddd526e3ed50 Mon Sep 17 00:00:00 2001 From: Javier Eguiluz Date: Thu, 8 Oct 2015 12:06:06 +0200 Subject: [PATCH 01/13] Removed "http_basic" config from the login form cookbook --- cookbook/security/form_login_setup.rst | 3 --- 1 file changed, 3 deletions(-) diff --git a/cookbook/security/form_login_setup.rst b/cookbook/security/form_login_setup.rst index ea3981c7760..3b58d5e3240 100644 --- a/cookbook/security/form_login_setup.rst +++ b/cookbook/security/form_login_setup.rst @@ -29,7 +29,6 @@ First, enable form login under your firewall: firewalls: default: anonymous: ~ - http_basic: ~ form_login: login_path: /login check_path: /login_check @@ -47,7 +46,6 @@ First, enable form login under your firewall: - @@ -60,7 +58,6 @@ First, enable form login under your firewall: 'firewalls' => array( 'default' => array( 'anonymous' => null, - 'http_basic' => null, 'form_login' => array( 'login_path' => '/login', 'check_path' => '/login_check', From 6c5e72664669b1f4ee7dd8be320d7b4d10698af8 Mon Sep 17 00:00:00 2001 From: Oskar Stark Date: Fri, 30 Oct 2015 12:02:28 +0100 Subject: [PATCH 02/13] updated sentence --- cookbook/configuration/override_dir_structure.rst | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/cookbook/configuration/override_dir_structure.rst b/cookbook/configuration/override_dir_structure.rst index 7ab35d98733..813a4e30965 100644 --- a/cookbook/configuration/override_dir_structure.rst +++ b/cookbook/configuration/override_dir_structure.rst @@ -176,8 +176,7 @@ The change in the ``composer.json`` will look like this: ... } -In ``app/autoload.php``, you need to modify the path leading to the -``vendor/autoload.php`` file:: +In ``app/autoload.php``, you need to modify the path to the ``autoload.php`` file:: // app/autoload.php // ... From 4dd3b8ad27f8c622af6b5a3d61edfd9607439478 Mon Sep 17 00:00:00 2001 From: WouterJ Date: Tue, 3 Nov 2015 17:25:35 +0100 Subject: [PATCH 03/13] Fixes done automatically by the docbot --- create_framework/dependency-injection.rst | 2 +- create_framework/event-dispatcher.rst | 2 +- create_framework/front-controller.rst | 2 +- create_framework/http-foundation.rst | 2 +- create_framework/http-kernel-httpkernel-class.rst | 2 +- create_framework/routing.rst | 2 +- create_framework/separation-of-concerns.rst | 2 +- create_framework/templating.rst | 2 +- 8 files changed, 8 insertions(+), 8 deletions(-) diff --git a/create_framework/dependency-injection.rst b/create_framework/dependency-injection.rst index 86e6b6d78cf..39eaae4702e 100644 --- a/create_framework/dependency-injection.rst +++ b/create_framework/dependency-injection.rst @@ -132,7 +132,7 @@ them. Objects will be created on-demand when you access them from the container or when the container needs them to create other objects. For instance, to create the router listener, we tell Symfony that its class -name is ``Symfony\Component\HttpKernel\EventListener\RouterListener``, and +name is ``Symfony\Component\HttpKernel\EventListener\RouterListener`` and that its constructor takes a matcher object (``new Reference('matcher')``). As you can see, each object is referenced by a name, a string that uniquely identifies each object. The name allows us to get an object and to reference diff --git a/create_framework/event-dispatcher.rst b/create_framework/event-dispatcher.rst index ac9a465fd8e..d2b062e415b 100644 --- a/create_framework/event-dispatcher.rst +++ b/create_framework/event-dispatcher.rst @@ -154,7 +154,7 @@ event (``response``); the event name must be the same as the one used in the ``dispatch()`` call. In the listener, we add the Google Analytics code only if the response is not -a redirection, if the requested format is HTML, and if the response content +a redirection, if the requested format is HTML and if the response content type is HTML (these conditions demonstrate the ease of manipulating the Request and Response data from your code). diff --git a/create_framework/front-controller.rst b/create_framework/front-controller.rst index dcff8303f37..0e140393dfa 100644 --- a/create_framework/front-controller.rst +++ b/create_framework/front-controller.rst @@ -57,7 +57,7 @@ And for the "Goodbye" page:: We have indeed moved most of the shared code into a central place, but it does not feel like a good abstraction, does it? We still have the ``send()`` method -for all pages, our pages do not look like templates, and we are still not able +for all pages, our pages do not look like templates and we are still not able to test this code properly. Moreover, adding a new page means that we need to create a new PHP script, diff --git a/create_framework/http-foundation.rst b/create_framework/http-foundation.rst index 261821879b1..fcaa6c005b2 100644 --- a/create_framework/http-foundation.rst +++ b/create_framework/http-foundation.rst @@ -299,7 +299,7 @@ the wheel. I've almost forgot to talk about one added benefit: using the HttpFoundation component is the start of better interoperability between all frameworks and applications using it (like `Symfony`_, `Drupal 8`_, `phpBB 4`_, `ezPublish -5`_, `Laravel`_, `Silex`_, and `more`_). +5`_, `Laravel`_, `Silex`_ and `more`_). .. _`Twig`: http://twig.sensiolabs.org/ .. _`HTTP specification`: http://tools.ietf.org/wg/httpbis/ diff --git a/create_framework/http-kernel-httpkernel-class.rst b/create_framework/http-kernel-httpkernel-class.rst index eb3b8cf7741..ab0663dcbce 100644 --- a/create_framework/http-kernel-httpkernel-class.rst +++ b/create_framework/http-kernel-httpkernel-class.rst @@ -11,7 +11,7 @@ There should be an easier way, right? Enter the ``HttpKernel`` class. Instead of solving the same problem over and over again and instead of reinventing the wheel each time, the ``HttpKernel`` -class is a generic, extensible, and flexible implementation of +class is a generic, extensible and flexible implementation of ``HttpKernelInterface``. This class is very similar to the framework class we have written so far: it diff --git a/create_framework/routing.rst b/create_framework/routing.rst index 7d84622e4c0..01350294212 100644 --- a/create_framework/routing.rst +++ b/create_framework/routing.rst @@ -82,7 +82,7 @@ of default values for route attributes (``array('name' => 'World')``). :doc:`Routing component documentation ` to learn more about its many features like URL generation, attribute requirements, HTTP method enforcements, loaders for YAML or XML files, - dumpers to PHP or Apache rewrite rules for enhanced performance, and much + dumpers to PHP or Apache rewrite rules for enhanced performance and much more. Based on the information stored in the ``RouteCollection`` instance, a diff --git a/create_framework/separation-of-concerns.rst b/create_framework/separation-of-concerns.rst index d7bb049970c..8eba278c6da 100644 --- a/create_framework/separation-of-concerns.rst +++ b/create_framework/separation-of-concerns.rst @@ -8,7 +8,7 @@ class. It would bring us better *reusability* and easier testing to name just a few benefits. If you have a closer look at the code, ``front.php`` has one input, the -Request, and one output, the Response. Our framework class will follow this +Request and one output, the Response. Our framework class will follow this simple principle: the logic is about creating the Response associated with a Request. diff --git a/create_framework/templating.rst b/create_framework/templating.rst index a6d55350f78..5fa4b4bc468 100644 --- a/create_framework/templating.rst +++ b/create_framework/templating.rst @@ -50,7 +50,7 @@ rendered:: As ``render_template`` is used as an argument to the PHP ``call_user_func()`` function, we can replace it with any valid PHP `callbacks`_. This allows us to -use a function, an anonymous function, or a method of a class as a +use a function, an anonymous function or a method of a class as a controller... your choice. As a convention, for each route, the associated controller is configured via From 9d56e24c9629324ff8b302741f759181e7674e22 Mon Sep 17 00:00:00 2001 From: Ryan Weaver Date: Sun, 8 Nov 2015 18:52:41 -0500 Subject: [PATCH 04/13] minor lang tweak --- cookbook/configuration/override_dir_structure.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cookbook/configuration/override_dir_structure.rst b/cookbook/configuration/override_dir_structure.rst index 813a4e30965..a6048bb2072 100644 --- a/cookbook/configuration/override_dir_structure.rst +++ b/cookbook/configuration/override_dir_structure.rst @@ -176,7 +176,7 @@ The change in the ``composer.json`` will look like this: ... } -In ``app/autoload.php``, you need to modify the path to the ``autoload.php`` file:: +Then, update the path to the ``autoload.php`` file in ``app/autoload.php``:: // app/autoload.php // ... From d019f83c7d72d9a4d1a30b8139694b8f2eabcb7e Mon Sep 17 00:00:00 2001 From: Javier Eguiluz Date: Wed, 11 Nov 2015 17:13:49 +0100 Subject: [PATCH 05/13] Removed an outdate paragraph --- cookbook/security/form_login_setup.rst | 4 ---- 1 file changed, 4 deletions(-) diff --git a/cookbook/security/form_login_setup.rst b/cookbook/security/form_login_setup.rst index 3b58d5e3240..6fea457d556 100644 --- a/cookbook/security/form_login_setup.rst +++ b/cookbook/security/form_login_setup.rst @@ -12,10 +12,6 @@ In this entry, you'll build a traditional login form. Of course, when the user logs in, you can load your users from anywhere - like the database. See :ref:`security-user-providers` for details. -This chapter assumes that you've followed the beginning of the -:doc:`security chapter ` and have ``http_basic`` authentication -working properly. - First, enable form login under your firewall: .. configuration-block:: From 30eb4fa22a4add3b1a1f61b6ea1143fcd0512345 Mon Sep 17 00:00:00 2001 From: Zander Baldwin Date: Wed, 11 Nov 2015 17:47:25 +0000 Subject: [PATCH 06/13] Book: Update Service Container Documentation Missing XML block wrapper for the Tags section example. Fixes #5882. --- book/service_container.rst | 22 ++++++++++++---------- 1 file changed, 12 insertions(+), 10 deletions(-) diff --git a/book/service_container.rst b/book/service_container.rst index 7646cfff9db..5bcd90ebe1e 100644 --- a/book/service_container.rst +++ b/book/service_container.rst @@ -318,10 +318,10 @@ The service container is built using a single configuration resource be imported from inside this file in one way or another. This gives you absolute flexibility over the services in your application. -External service configuration can be imported in two different ways. The first -method, commonly used to import container configuration from the bundles you've -created - is via the ``imports`` directive. The second method, although slightly more -complex offers more flexibility and is commonly used to import third-party bundle +External service configuration can be imported in two different ways. The first +method, commonly used to import container configuration from the bundles you've +created - is via the ``imports`` directive. The second method, although slightly more +complex offers more flexibility and is commonly used to import third-party bundle configuration. Read on to learn more about both methods. .. index:: @@ -943,13 +943,15 @@ to be used for a specific purpose. Take the following example: xsi:schemaLocation="http://symfony.com/schema/dic/services http://symfony.com/schema/dic/services/services-1.0.xsd"> - + + - - + + + .. code-block:: php From b0cae3beb9c7bd8a0c896f4975eb43daf78df8e1 Mon Sep 17 00:00:00 2001 From: Javier Eguiluz Date: Tue, 17 Nov 2015 09:00:29 +0100 Subject: [PATCH 07/13] Removed the use of ContainerAware class --- book/routing.rst | 25 ++++++--------------- cookbook/form/dynamic_form_modification.rst | 19 ++++++++-------- 2 files changed, 17 insertions(+), 27 deletions(-) diff --git a/book/routing.rst b/book/routing.rst index 3881dc78a3a..dacefe4d848 100644 --- a/book/routing.rst +++ b/book/routing.rst @@ -1397,25 +1397,14 @@ route. With this information, any URL can easily be generated:: .. note:: - In controllers that don't extend Symfony's base - :class:`Symfony\\Bundle\\FrameworkBundle\\Controller\\Controller`, - you can use the ``router`` service's - :method:`Symfony\\Component\\Routing\\Router::generate` method:: + The ``generateUrl()`` method defined in the base + :class:`Symfony\\Bundle\\FrameworkBundle\\Controller\\Controller` class is + just a shortcut for this code:: - use Symfony\Component\DependencyInjection\ContainerAware; - - class MainController extends ContainerAware - { - public function showAction($slug) - { - // ... - - $url = $this->container->get('router')->generate( - 'blog_show', - array('slug' => 'my-blog-post') - ); - } - } + $url = $this->container->get('router')->generate( + 'blog_show', + array('slug' => 'my-blog-post') + ); In an upcoming section, you'll learn how to generate URLs from inside templates. diff --git a/cookbook/form/dynamic_form_modification.rst b/cookbook/form/dynamic_form_modification.rst index df49ff753c9..f79dbc403cd 100644 --- a/cookbook/form/dynamic_form_modification.rst +++ b/cookbook/form/dynamic_form_modification.rst @@ -416,25 +416,26 @@ it with :ref:`dic-tags-form-type`. array('security.context') ); -If you wish to create it from within a controller or any other service that has -access to the form factory, you then use:: +If you wish to create it from within a service that has access to the form factory, +you then use:: - use Symfony\Component\DependencyInjection\ContainerAware; + $form = $formFactory->create('friend_message'); - class FriendMessageController extends ContainerAware +In a controller that extends the :class:`Symfony\\Bundle\\FrameworkBundle\\Controller\\Controller` +class, you can simply call:: + + use Symfony\Bundle\FrameworkBundle\Controller\Controller; + + class FriendMessageController extends Controller { public function newAction(Request $request) { - $form = $this->get('form.factory')->create('friend_message'); + $form = $this->createForm('friend_message'); // ... } } -If you extend the ``Symfony\Bundle\FrameworkBundle\Controller\Controller`` class, you can simply call:: - - $form = $this->createForm('friend_message'); - You can also easily embed the form type into another form:: // inside some other "form type" class From 50274c466f6b09f9ca92939ede99ea0b638c69f0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?M=2EEng=2E=20Ren=C3=A9=20Schwarz?= Date: Sat, 21 Nov 2015 15:25:20 +0100 Subject: [PATCH 08/13] Fixed some wrong line numbers in doctrine.rst Some line numbers for the code example in section "Persisting Objects to the Database" were wrong. --- book/doctrine.rst | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/book/doctrine.rst b/book/doctrine.rst index 003b31798ea..e1f0768730d 100644 --- a/book/doctrine.rst +++ b/book/doctrine.rst @@ -534,10 +534,10 @@ Take a look at the previous example in more detail: responsible for handling the process of persisting and fetching objects to and from the database. -* **line 16** The ``persist()`` method tells Doctrine to "manage" the ``$product`` +* **line 17** The ``persist()`` method tells Doctrine to "manage" the ``$product`` object. This does not actually cause a query to be made to the database (yet). -* **line 17** When the ``flush()`` method is called, Doctrine looks through +* **line 18** When the ``flush()`` method is called, Doctrine looks through all of the objects that it's managing to see if they need to be persisted to the database. In this example, the ``$product`` object has not been persisted yet, so the entity manager executes an ``INSERT`` query and a From 68fdb033a4bf02b4b608a3577d52a6d25cf30243 Mon Sep 17 00:00:00 2001 From: Fabien Potencier Date: Mon, 23 Nov 2015 13:49:08 +0100 Subject: [PATCH 09/13] Added new security advisories to the docs --- contributing/code/security.rst | 2 ++ 1 file changed, 2 insertions(+) diff --git a/contributing/code/security.rst b/contributing/code/security.rst index ab4cc402b1c..a468aa0da3b 100644 --- a/contributing/code/security.rst +++ b/contributing/code/security.rst @@ -96,6 +96,8 @@ Security Advisories This section indexes security vulnerabilities that were fixed in Symfony releases, starting from Symfony 1.0.0: +* November 23, 2015: `CVE-2015-8125: Potential Remote Timing Attack Vulnerability in Security Remember-Me Service `_ (2.3.35, 2.6.12 and 2.7.7) +* November 23, 2015: `CVE-2015-8124: Session Fixation in the "Remember Me" Login Feature `_ (2.3.35, 2.6.12 and 2.7.7) * May 26, 2015: `CVE-2015-4050: ESI unauthorized access `_ (Symfony 2.3.29, 2.5.12 and 2.6.8) * April 1, 2015: `CVE-2015-2309: Unsafe methods in the Request class `_ (Symfony 2.3.27, 2.5.11 and 2.6.6) * April 1, 2015: `CVE-2015-2308: Esi Code Injection `_ (Symfony 2.3.27, 2.5.11 and 2.6.6) From beef19e9ff7e2e6e5c117fecdc570e02aaaf4036 Mon Sep 17 00:00:00 2001 From: Nicolas Grekas Date: Fri, 14 Aug 2015 12:26:47 +0200 Subject: [PATCH 10/13] Tell about SYMFONY__TEMPLATING__HELPER__CODE__FILE_LINK_FORMAT --- reference/configuration/framework.rst | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/reference/configuration/framework.rst b/reference/configuration/framework.rst index cace8c57949..55262ae5db5 100644 --- a/reference/configuration/framework.rst +++ b/reference/configuration/framework.rst @@ -211,7 +211,7 @@ If you're using an IDE like TextMate or Mac Vim, then Symfony can turn all of the file paths in an exception message into a link, which will open that file in your IDE. -Symfony contains preconfigured urls for some popular IDEs, you can set them +Symfony contains preconfigured URLs for some popular IDEs, you can set them using the following keys: * ``textmate`` @@ -222,7 +222,7 @@ using the following keys: .. versionadded:: 2.3.14 The ``emacs`` and ``sublime`` editors were introduced in Symfony 2.3.14. -You can also specify a custom url string. If you do this, all percentage +You can also specify a custom URL string. If you do this, all percentage signs (``%``) must be doubled to escape that character. For example, if you use PHPstorm on the Mac OS platform, you will do something like: @@ -261,8 +261,11 @@ you use PHPstorm on the Mac OS platform, you will do something like: Of course, since every developer uses a different IDE, it's better to set this on a system level. This can be done by setting the ``xdebug.file_link_format`` -in the ``php.ini`` configuration to the url string. If this configuration -value is set, then the ``ide`` option will be ignored. +in the ``php.ini`` configuration to the URL string. + +If you don't use Xdebug, another way is to set this URL string in the +``SYMFONY__TEMPLATING__HELPER__CODE__FILE_LINK_FORMAT`` environment variable. +If any of these configurations values are set, the ``ide`` option will be ignored. .. _reference-framework-test: From 5abf3e26677e34460b1514a53eac719ed1ec29ce Mon Sep 17 00:00:00 2001 From: Turdaliev Nursultan Date: Wed, 25 Nov 2015 12:26:25 +0100 Subject: [PATCH 11/13] Update front controller --- create_framework/front-controller.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/create_framework/front-controller.rst b/create_framework/front-controller.rst index 0e140393dfa..3ef47eb618b 100644 --- a/create_framework/front-controller.rst +++ b/create_framework/front-controller.rst @@ -159,7 +159,7 @@ web root directory: Now, configure your web server root directory to point to ``web/`` and all other files won't be accessible from the client anymore. -To test your changes in a browser (``http://localhost:4321/?name=Fabien``), run +To test your changes in a browser (``http://localhost:4321/hello/?name=Fabien``), run the PHP built-in server: .. code-block:: bash From 1498140702caa4dcc723397bb3d1e336f95ca4b4 Mon Sep 17 00:00:00 2001 From: Oskar Stark Date: Fri, 23 Oct 2015 08:48:57 +0200 Subject: [PATCH 12/13] move the getEntityManager, only get it if needed --- cookbook/doctrine/event_listeners_subscribers.rst | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/cookbook/doctrine/event_listeners_subscribers.rst b/cookbook/doctrine/event_listeners_subscribers.rst index f9fc092bd49..8bbdb402d2f 100644 --- a/cookbook/doctrine/event_listeners_subscribers.rst +++ b/cookbook/doctrine/event_listeners_subscribers.rst @@ -135,10 +135,10 @@ a ``postPersist`` method, which will be called when the event is dispatched:: public function postPersist(LifecycleEventArgs $args) { $entity = $args->getEntity(); - $entityManager = $args->getEntityManager(); // perhaps you only want to act on some "Product" entity if ($entity instanceof Product) { + $entityManager = $args->getEntityManager(); // ... do something with the Product } } @@ -191,10 +191,10 @@ interface and have an event method for each event it subscribes to:: public function index(LifecycleEventArgs $args) { $entity = $args->getEntity(); - $entityManager = $args->getEntityManager(); // perhaps you only want to act on some "Product" entity if ($entity instanceof Product) { + $entityManager = $args->getEntityManager(); // ... do something with the Product } } From fab0985f3ed32f9fca6d04ec00a6a94ba41108c0 Mon Sep 17 00:00:00 2001 From: WouterJ Date: Wed, 25 Nov 2015 15:25:13 +0100 Subject: [PATCH 13/13] [#5828] Return early --- cookbook/doctrine/event_listeners_subscribers.rst | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/cookbook/doctrine/event_listeners_subscribers.rst b/cookbook/doctrine/event_listeners_subscribers.rst index 8bbdb402d2f..bda41b7c212 100644 --- a/cookbook/doctrine/event_listeners_subscribers.rst +++ b/cookbook/doctrine/event_listeners_subscribers.rst @@ -136,11 +136,13 @@ a ``postPersist`` method, which will be called when the event is dispatched:: { $entity = $args->getEntity(); - // perhaps you only want to act on some "Product" entity - if ($entity instanceof Product) { - $entityManager = $args->getEntityManager(); - // ... do something with the Product + // only act on some "Product" entity + if (!$entity instanceof Product) { + return; } + + $entityManager = $args->getEntityManager(); + // ... do something with the Product } }