symfony
diff --git a/‎CHANGELOG-3.3.md
Lines changed: 38 additions & 0 deletions b/‎CHANGELOG-3.3.md
Lines changed: 38 additions & 0 deletions
diff --git a/‎UPGRADE-3.4.md
Lines changed: 9 additions & 0 deletions b/‎UPGRADE-3.4.md
Lines changed: 9 additions & 0 deletions
diff --git a/‎UPGRADE-4.0.md
Lines changed: 9 additions & 0 deletions b/‎UPGRADE-4.0.md
Lines changed: 9 additions & 0 deletions
diff --git a/‎src/Symfony/Bridge/Doctrine/CHANGELOG.md
Lines changed: 2 additions & 0 deletions b/‎src/Symfony/Bridge/Doctrine/CHANGELOG.md
Lines changed: 2 additions & 0 deletions
diff --git a/‎src/Symfony/Bundle/SecurityBundle/Tests/Functional/SwitchUserTest.php
Lines changed: 1 addition & 1 deletion b/‎src/Symfony/Bundle/SecurityBundle/Tests/Functional/SwitchUserTest.php
Lines changed: 1 addition & 1 deletion
diff --git a/‎src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/JsonLogin/switchuser_stateless.yml
Lines changed: 1 addition & 0 deletions b/‎src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/JsonLogin/switchuser_stateless.yml
Lines changed: 1 addition & 0 deletions
diff --git a/‎src/Symfony/Component/HttpFoundation/Session/Storage/Handler/MongoDbSessionHandler.php
Lines changed: 1 addition & 1 deletion b/‎src/Symfony/Component/HttpFoundation/Session/Storage/Handler/MongoDbSessionHandler.php
Lines changed: 1 addition & 1 deletion
diff --git a/‎src/Symfony/Component/HttpFoundation/Tests/Session/Storage/Handler/MongoDbSessionHandlerTest.php
Lines changed: 1 addition & 1 deletion b/‎src/Symfony/Component/HttpFoundation/Tests/Session/Storage/Handler/MongoDbSessionHandlerTest.php
Lines changed: 1 addition & 1 deletion
diff --git a/‎src/Symfony/Component/Process/Process.php
Lines changed: 8 additions & 0 deletions b/‎src/Symfony/Component/Process/Process.php
Lines changed: 8 additions & 0 deletions
diff --git a/‎src/Symfony/Component/Process/Tests/ProcessTest.php
Lines changed: 40 additions & 0 deletions b/‎src/Symfony/Component/Process/Tests/ProcessTest.php
Lines changed: 40 additions & 0 deletions
diff --git a/‎src/Symfony/Component/Security/Http/Firewall/SwitchUserListener.php
Lines changed: 8 additions & 8 deletions b/‎src/Symfony/Component/Security/Http/Firewall/SwitchUserListener.php
Lines changed: 8 additions & 8 deletions
diff --git a/‎src/Symfony/Component/Workflow/EventListener/GuardListener.php
Lines changed: 5 additions & 0 deletions b/‎src/Symfony/Component/Workflow/EventListener/GuardListener.php
Lines changed: 5 additions & 0 deletions
diff --git a/‎src/Symfony/Component/Workflow/Exception/InvalidTokenConfigurationException.php
Lines changed: 21 additions & 0 deletions b/‎src/Symfony/Component/Workflow/Exception/InvalidTokenConfigurationException.php
Lines changed: 21 additions & 0 deletions
diff --git a/‎src/Symfony/Component/Workflow/Tests/EventListener/GuardListenerTest.php
Lines changed: 12 additions & 0 deletions b/‎src/Symfony/Component/Workflow/Tests/EventListener/GuardListenerTest.php
Lines changed: 12 additions & 0 deletions
@@ -7,6 +7,44 @@ in 3.3 minor versions.
 To get the diff for a specific change, go to https://github.com/symfony/symfony/commit/XXX where XXX is the change hash
 To get the diff between two versions, go to https://github.com/symfony/symfony/compare/v3.3.0...v3.3.1
 
+* 3.3.10 (2017-10-05)
+
+ * bug #23906 Added support for guards when advancing workflow from a command (GDIBass)
+ * bug #24448 [Session] fix MongoDb session handler to gc all expired sessions (Tobion)
+ * bug #24431 [FrameworkBundle] Fix bad interface hint in AbstractController (nicolas-grekas)
+ * bug #24419 [Cache] Fix race condition in TagAwareAdapter (nicolas-grekas)
+ * bug #24417 [Yaml] parse references on merge keys (xabbuh)
+ * bug #24416 [Yaml] treat trailing backslashes in multi-line strings (xabbuh)
+ * bug #24421 [Config] Fix dumped files invalidation by OPCache (nicolas-grekas)
+ * bug #24418 [DI] Allow setting any public non-initialized services (nicolas-grekas)
+ * bug #23980 Tests and fix for issue in array model data in EntityType field with multiple=true (stoccc)
+ * bug #22586 [Form] Fixed PercentToLocalizedStringTransformer to accept both comma and dot as decimal separator, if possible (aaa2000)
+ * bug #24157 [Intl] Fixed support of Locale::getFallback (lyrixx)
+ * bug #24198 [HttpFoundation] Fix file upload multiple with no files (enumag)
+ * bug #24379 [PHPUnitBridge] don't remove when set to  empty string (Simperfit)
+ * bug #24036 [Form] Fix precision of MoneyToLocalizedStringTransformer's divisions and multiplications (Rubinum)
+ * bug #24191 [DependencyInjection] include file and line number i
1E0A
n deprecation (xabbuh)
+ * bug #24367 PdoSessionHandler: fix advisory lock for pgsql (Tobion)
+ * bug #24189 [Yaml] parse merge keys with PARSE_OBJECT_FOR_MAP flag (xabbuh)
+ * bug #24243 HttpCache does not consider ESI resources in HEAD requests (mpdude)
+ * bug #24237 [WebProfilerBundle] Added missing link to profile token (vtsykun)
+ * bug #24244 TwigBundle exception/deprecation tweaks (ro0NL)
+ * bug #24281 [TwigBundle] Remove profiler related scripting (ro0NL, javiereguiluz)
+ * bug #24251 [PropertyAccess] Set a NullLogger in ApcuAdapter when Apcu is disabled in CLI (iamluc)
+ * bug #24304 [FrameworkBundle] Fix Routing\DelegatingLoader (nicolas-grekas)
+ * bug #24305 [HttpKernel] Make array vs "::" controller definitions consistent (nicolas-grekas)
+ * bug #24255 [TwigBundle] Break long lines in exceptions (kevin-verschaeve)
+ * bug #24219 [Console] Preserving line breaks between sentences according to the exception message (yceruto)
+ * bug #24192 [PhpUnitBridge] do not require an error context (xabbuh)
+ * bug #23722 [Form] Fixed GroupSequence with "constraints" option (HeahDude)
+ * bug #22321 [Filesystem] Fixed makePathRelative (ausi)
+ * bug #24234 [DI] Fix decorated service merge in ResolveInstanceofConditionalsPass (dunglas)
+ * bug #24203 [Security] Preserve URI fragment in HttpUtils::generateUri() (chalasr)
+ * bug #24199 [DI] Fix non-instantiables auto-discovery (nicolas-grekas)
+ * bug #23473 [Filesystem] mirror - fix copying content with same name as source/target. (gitlost)
+ * bug #24177 [FrameworkBundle] Add support to environment variables APP_ENV/DEBUG in KernelTestCase (yceruto)
+ * bug #24162 [WebProfilerBundle] fixed TemplateManager when using Twig 2 without compat interfaces (fabpot)
+
 * 3.3.9 (2017-09-11)
 
  * bug #24141 [DomCrawler] Fix conversion to int on GetPhpFiles (MaraBlaga)
 
@@ -63,6 +63,13 @@ Debug
 
  * Support for stacked errors in the `ErrorHandler` is deprecated and will be removed in Symfony 4.0.
 
+DoctrineBridge
+--------------
+
+* Deprecated `Symfony\Bridge\Doctrine\HttpFoundation\DbalSessionHandler` and
+  `Symfony\Bridge\Doctrine\HttpFoundation\DbalSessionHandlerSchema`. Use
+  `Symfony\Component\HttpFoundation\Session\Storage\Handler\PdoSessionHandler` instead.
+
 EventDispatcher
 ---------------
 
@@ -300,6 +307,8 @@ Process
  * The `Symfony\Component\Process\ProcessBuilder` class has been deprecated,
    use the `Symfony\Component\Process\Process` class directly instead.
 
+ * Calling `Process::start()` without setting a valid working directory (via `setWorkingDirectory()` or constructor) beforehand is deprecated and will throw an exception in 4.0.
+
 Profiler
 --------
 
 
@@ -186,6 +186,13 @@ DependencyInjection
 
  * The `ExtensionCompilerPass` has been moved to before-optimization passes with priority -1000.
 
+DoctrineBridge
+--------------
+
+* The `Symfony\Bridge\Doctrine\HttpFoundation\DbalSessionHandler` and
+  `Symfony\Bridge\Doctrine\HttpFoundation\DbalSessionHandlerSchema` have been removed. Use
+  `Symfony\Component\HttpFoundation\Session\Storage\Handler\PdoSessionHandler` instead.
+
 EventDispatcher
 ---------------
 
@@ -639,6 +646,8 @@ Ldap
 Process
 -------
 
+ * Passing a not existing working directory to the constructor of the `Symfony\Component\Process\Process` class is not supported anymore.
+
  * The `Symfony\Component\Process\ProcessBuilder` class has been removed,
    use the `Symfony\Component\Process\Process` class directly instead.
 
 
@@ -16,6 +16,8 @@ CHANGELOG
 
  * added support for doctrine/dbal v2.6 types
  * added cause of UniqueEntity constraint violation
+ * deprecated `DbalSessionHandler` and `DbalSessionHandlerSchema` in favor of
+   `Symfony\Component\HttpFoundation\Session\Storage\Handler\PdoSessionHandler`
 
 3.1.0
 -----
 
@@ -54,7 +54,7 @@ public function testSwitchedUserExit()
     public function testSwitchUserStateless()
     {
         $client = $this->createClient(array('test_case' => 'JsonLogin', 'root_config' => 'switchuser_stateless.yml'));
-        $client->request('POST', '/chk', array('_switch_user' => 'dunglas'), array(), array('CONTENT_TYPE' => 'application/json'), '{"user": {"login": "user_can_switch", "password": "test"}}');
+        $client->request('POST', '/chk', array(), array(), array('HTTP_X_SWITCH_USER' => 'dunglas', 'CONTENT_TYPE' => 'application/json'), '{"user": {"login": "user_can_switch", "password": "test"}}');
         $response = $client->getResponse();
 
         $this->assertInstanceOf(JsonResponse::class, $response);
 
@@ -10,4 +10,5 @@ security:
     firewalls:
         main:
             switch_user:
+                parameter: X-Switch-User
                 stateless: true
@@ -116,7 +116,7 @@ public function destroy($sessionId)
      */
     public function gc($maxlifetime)
     {
-        $this->getCollection()->deleteOne(array(
+        $this->getCollection()->deleteMany(array(
             $this->options['expiry_field'] => array('$lt' => new \MongoDB\BSON\UTCDateTime()),
         ));
 
 
@@ -181,7 +181,7 @@ public function testGc()
             ->will($this->returnValue($collection));
 
         $collection->expects($this->once())
-            ->method('deleteOne')
+            ->method('deleteMany')
             ->will($this->returnCallback(function ($criteria) {
                 $this->assertInstanceOf(\MongoDB\BSON\UTCDateTime::class, $criteria[$this->options['expiry_field']]['$lt']);
                 $this->assertGreaterThanOrEqual(time() - 1, round((string) $criteria[$this->options['expiry_field']]['$lt'] / 1000));
 
@@ -20,6 +20,7 @@ CHANGELOG
 -----
 
  * deprecated the ProcessBuilder class
+ * deprecated calling `Process::start()` without setting a valid working directory beforehand (via `setWorkingDirectory()` or constructor)
 
 3.3.0
 -----
 
@@ -296,6 +296,14 @@ public function start(callable $callback = null, array $env = array())
             $ptsWorkaround = fopen(__FILE__, 'r');
         }
 
+        if (!is_dir($this->cwd)) {
+            if ('\\' === DIRECTORY_SEPARATOR) {
+                throw new RuntimeException('The provided cwd does not exist.');
+            }
+
+            @trigger_error('The provided cwd does not exist. Command is currently ran against getcwd(). This behavior is deprecated since version 3.4 and will be removed in 4.0.', E_USER_DEPRECATED);
+        }
+
         $this->process = proc_open($commandline, $descriptors, $this->processPipes->pipes, $this->cwd, null, $options);
 
         foreach ($envBackup as $k => $v) {
 
@@ -47,6 +47,46 @@ protected function tearDown()
         }
     }
 
+    /**
+     * @group legacy
+     * @expectedDeprecation The provided cwd does not exist. Command is currently ran against getcwd(). This behavior is deprecated since version 3.4 and will be removed in 4.0.
+     */
+    public function testInvalidCwd()
+    {
+        if ('\\' === DIRECTORY_SEPARATOR) {
+            $this->markTestSkipped('Windows handles this automatically.');
+        }
+
+        // Check that it works fine if the CWD exists
+        $cmd = new Process('echo test', __DIR__);
+        $cmd->run();
+
+        $cmd = new Process('echo test', __DIR__.'/notfound/');
+        $cmd->run();
+    }
+
+    /**
+     * @expectedException \Symfony\Component\Process\Exception\RuntimeException
+     * @expectedExceptionMessage The provided cwd does not exist.
+     */
+    public function testInvalidCwdOnWindows()
+    {
+        if ('\\' !== DIRECTORY_SEPARATOR) {
+            $this->markTestSkipped('Unix handles this automatically.');
+        }
+
+        try {
+            // Check that it works fine if the CWD exists
+            $cmd = new Process('echo test', __DIR__);
+            $cmd->run();
+        } catch (\Exception $e) {
+            $this->fail($e);
+        }
+
+        $cmd = new Process('echo test', __DIR__.'/notfound/');
+        $cmd->run();
+    }
+
     public function testThatProcessDoesNotThrowWarningDuringRun()
     {
         if ('\\' === DIRECTORY_SEPARATOR) {
 
@@ -79,16 +79,17 @@ public function __construct(TokenStorageInterface $tokenStorage, UserProviderInt
     public function handle(GetResponseEvent $event)
     {
         $request = $event->getRequest();
+        $username = $request->get($this->usernameParameter) ?: $request->headers->get($this->usernameParameter);
 
-        if (!$request->get($this->usernameParameter)) {
+        if (!$username) {
             return;
         }
 
-        if (self::EXIT_VALUE === $request->get($this->usernameParameter)) {
+        if (self::EXIT_VALUE === $username) {
             $this->tokenStorage->setToken($this->attemptExitUser($request));
         } else {
             try {
-                $this->tokenStorage->setToken($this->attemptSwitchUser($request));
+                $this->tokenStorage->setToken($this->attemptSwitchUser($request, $username));
             } catch (AuthenticationException $e) {
                 throw new \LogicException(sprintf('Switch User failed: "%s"', $e->getMessage()));
             }
@@ -106,20 +107,21 @@ public function handle(GetResponseEvent $event)
     /**
      * Attempts to switch to another user.
      *
-     * @param Request $request A Request instance
+     * @param Request $request  A Request instance
+     * @param string  $username
      *
      * @return TokenInterface|null The new TokenInterface if successfully switched, null otherwise
      *
      * @throws \LogicException
      * @throws AccessDeniedException
      */
-    private function attemptSwitchUser(Request $request)
+    private function attemptSwitchUser(Request $request, $username)
     {
         $token = $this->tokenStorage->getToken();
         $originalToken = $this->getOriginalToken($token);
 
         if (false !== $originalToken) {
-            if ($token->getUsername() === $request->get($this->usernameParameter)) {
+            if ($token->getUsername() === $username) {
                 return $token;
             }
 
@@ -133,8 +135,6 @@ private function attemptSwitchUser(Request $request)
             throw $exception;
         }
 
-        $username = $request->get($this->usernameParameter);
-
         if (null !== $this->logger) {
             $this->logger->info('Attempting to switch to user.', array('username' => $username));
         }
 
@@ -16,6 +16,7 @@
 use Symfony\Component\Security\Core\Authorization\AuthorizationCheckerInterface;
 use Symfony\Component\Security\Core\Role\RoleHierarchyInterface;
 use Symfony\Component\Workflow\Event\GuardEvent;
+use Symfony\Component\Workflow\Exception\InvalidTokenConfigurationException;
 
 /**
  * @author Grégoire Pineau <lyrixx@lyrixx.info>
@@ -55,6 +56,10 @@ private function getVariables(GuardEvent $event): array
     {
         $token = $this->tokenStorage->getToken();
 
+        if (null === $token) {
+            throw new InvalidTokenConfigurationException(sprintf('There are no tokens available for workflow %s.', $event->getWorkflowName()));
+        }
+
         if (null !== $this->roleHierarchy) {
             $roles = $this->roleHierarchy->getReachableRoles($token->getRoles());
         } else {
 
@@ -0,0 +1,21 @@
+<?php
+
+/*
+ * This file is part of the Symfony package.
+ *
+ * (c) Fabien Potencier <fabien@symfony.com>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace Symfony\Component\Workflow\Exception;
+
+/**
+ * Thrown by GuardListener when there is no token set, but guards are placed on a transition.
+ *
+ * @author Matt Johnson <matj1985@gmail.com>
+ */
+class InvalidTokenConfigurationException extends LogicException implements ExceptionInterface
+{
+}
@@ -69,6 +69,18 @@ public function testWithSupportedEventAndAccept()
         $this->assertTrue($event->isBlocked());
     }
 
+    /**
+     * @expectedException \Symfony\Component\Workflow\Exception\InvalidTokenConfigurationException
+     * @expectedExceptionMessage There are no tokens available for workflow unnamed.
+     */
+    public function testWithNoTokensInTokenStorage()
+    {
+        $event = $this->createEvent();
+        $this->tokenStorage->setToken(null);
+
+        $this->listener->onTransition($event, 'event_name_a');
+    }
+
     private function createEvent()
     {
         $subject = new \stdClass();
Original file line number	Diff line number	Diff line change
`@@ -54,7 +54,7 @@ public function testSwitchedUserExit()`
`54`	`54`	`public function testSwitchUserStateless()`
`55`	`55`	`{`
`56`	`56`	`$client = $this->createClient(array('test_case' => 'JsonLogin', 'root_config' => 'switchuser_stateless.yml'));`
`57`		`- $client->request('POST', '/chk', array('_switch_user' => 'dunglas'), array(), array('CONTENT_TYPE' => 'application/json'), '{"user": {"login": "user_can_switch", "password": "test"}}');`
	`57`	`+ $client->request('POST', '/chk', array(), array(), array('HTTP_X_SWITCH_USER' => 'dunglas', 'CONTENT_TYPE' => 'application/json'), '{"user": {"login": "user_can_switch", "password": "test"}}');`
`58`	`58`	`$response = $client->getResponse();`
`59`	`59`
`60`	`60`	`$this->assertInstanceOf(JsonResponse::class, $response);`
Original file line number	Diff line number	Diff line change
`@@ -116,7 +116,7 @@ public function destroy($sessionId)`
`116`	`116`	`*/`
`117`	`117`	`public function gc($maxlifetime)`
`118`	`118`	`{`
`119`		`- $this->getCollection()->deleteOne(array(`
	`119`	`+ $this->getCollection()->deleteMany(array(`
`120`	`120`	`$this->options['expiry_field'] => array('$lt' => new \MongoDB\BSON\UTCDateTime()),`
`121`	`121`	`));`
`122`	`122`
Original file line number	Diff line number	Diff line change
`@@ -79,16 +79,17 @@ public function __construct(TokenStorageInterface $tokenStorage, UserProviderInt`
`79`	`79`	`public function handle(GetResponseEvent $event)`
`80`	`80`	`{`
`81`	`81`	`$request = $event->getRequest();`
	`82`	`+ $username = $request->get($this->usernameParameter) ?: $request->headers->get($this->usernameParameter);`
`82`	`83`
`83`		`- if (!$request->get($this->usernameParameter)) {`
	`84`	`+ if (!$username) {`
`84`	`85`	`return;`
`85`	`86`	`}`
`86`	`87`
`87`		`- if (self::EXIT_VALUE === $request->get($this->usernameParameter)) {`
	`88`	`+ if (self::EXIT_VALUE === $username) {`
`88`	`89`	`$this->tokenStorage->setToken($this->attemptExitUser($request));`
`89`	`90`	`} else {`
`90`	`91`	`try {`
`91`		`- $this->tokenStorage->setToken($this->attemptSwitchUser($request));`
	`92`	`+ $this->tokenStorage->setToken($this->attemptSwitchUser($request, $username));`
`92`	`93`	`} catch (AuthenticationException $e) {`
`93`	`94`	`throw new \LogicException(sprintf('Switch User failed: "%s"', $e->getMessage()));`
`94`	`95`	`}`
`@@ -106,20 +107,21 @@ public function handle(GetResponseEvent $event)`
`106`	`107`	`/**`
`107`	`108`	`* Attempts to switch to another user.`
`108`	`109`	`*`
`109`		`- * @param Request $request A Request instance`
	`110`	`+ * @param Request $request A Request instance`
	`111`	`+ * @param string $username`
`110`	`112`	`*`
`111`	`113`	`* @return TokenInterface\|null The new TokenInterface if successfully switched, null otherwise`
`112`	`114`	`*`
`113`	`115`	`* @throws \LogicException`
`114`	`116`	`* @throws AccessDeniedException`
`115`	`117`	`*/`
`116`		`- private function attemptSwitchUser(Request $request)`
	`118`	`+ private function attemptSwitchUser(Request $request, $username)`
`117`	`119`	`{`
`118`	`120`	`$token = $this->tokenStorage->getToken();`
`119`	`121`	`$originalToken = $this->getOriginalToken($token);`
`120`	`122`
`121`	`123`	`if (false !== $originalToken) {`
`122`		`- if ($token->getUsername() === $request->get($this->usernameParameter)) {`
	`124`	`+ if ($token->getUsername() === $username) {`
`123`	`125`	`return $token;`
`124`	`126`	`}`
`125`	`127`
`@@ -133,8 +135,6 @@ private function attemptSwitchUser(Request $request)`
`133`	`135`	`throw $exception;`
`134`	`136`	`}`
`135`	`137`
`136`		`- $username = $request->get($this->usernameParameter);`
`137`		`-`
`138`	`138`	`if (null !== $this->logger) {`
`139`	`139`	`$this->logger->info('Attempting to switch to user.', array('username' => $username));`
`140`	`140`	`}`