From 440bd7ea5018a108483232e81c80a771ad41c9e8 Mon Sep 17 00:00:00 2001 From: Fabien Potencier Date: Mon, 21 May 2018 13:44:24 +0200 Subject: [PATCH 01/74] fixed test --- .../Tests/DependencyInjection/ConfigurationTest.php | 1 + 1 file changed, 1 insertion(+) diff --git a/src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/ConfigurationTest.php b/src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/ConfigurationTest.php index dd26d59d970f1..0c0167630dede 100644 --- a/src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/ConfigurationTest.php +++ b/src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/ConfigurationTest.php @@ -129,6 +129,7 @@ public function getTestInvalidSessionName() /** * @dataProvider getTestValidTrustedProxiesData + * @group legacy */ public function testValidTrustedProxies($trustedProxies, $processedProxies) { From e559215fcf8bb8b4ab873c2a052caf7f2009a318 Mon Sep 17 00:00:00 2001 From: Fabien Potencier Date: Mon, 21 May 2018 13:47:41 +0200 Subject: [PATCH 02/74] updated CHANGELOG for 2.7.47 --- CHANGELOG-2.7.md | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/CHANGELOG-2.7.md b/CHANGELOG-2.7.md index 2f6ece9b92809..6903fb4ed455d 100644 --- a/CHANGELOG-2.7.md +++ b/CHANGELOG-2.7.md @@ -7,6 +7,20 @@ in 2.7 minor versions. To get the diff for a specific change, go to https://github.com/symfony/symfony/commit/XXX where XXX is the change hash To get the diff between two versions, go to https://github.com/symfony/symfony/compare/v2.7.0...v2.7.1 +* 2.7.47 (2018-05-21) + + * bug #26781 [Form] Fix precision of MoneyToLocalizedStringTransformer's divisions on transform() (syastrebov) + * bug #27286 [Translation] Add Occitan plural rule (kylekatarnls) + * bug #27246 Disallow invalid characters in session.name (ostrolucky) + * bug #24805 [Security] Fix logout (MatTheCat) + * bug #27141 [Process] Suppress warnings when open_basedir is non-empty (cbj4074) + * bug #27250 [Session] limiting :key for GET_LOCK to 64 chars (oleg-andreyev) + * bug #27237 [Debug] Fix populating error_get_last() for handled silent errors (nicolas-grekas) + * bug #27236 [Filesystem] Fix usages of error_get_last() (nicolas-grekas) + * bug #27152 [HttpFoundation] use brace-style regex delimiters (xabbuh) + * feature #24896 Add CODE_OF_CONDUCT.md (egircys) + * bug #27067 [HttpFoundation] Fix setting session-related ini settings (e-moe) + * 2.7.46 (2018-04-27) * bug #26831 [Bridge/Doctrine] count(): Parameter must be an array or an object that implements Countable (gpenverne) From fb1aea810e0dda8b7c8aa2247ad3f4e75bdda7a0 Mon Sep 17 00:00:00 2001 From: Fabien Potencier Date: Mon, 21 May 2018 13:48:28 +0200 Subject: [PATCH 03/74] update CONTRIBUTORS for 2.7.47 --- CONTRIBUTORS.md | 50 +++++++++++++++++++++++++++++-------------------- 1 file changed, 30 insertions(+), 20 deletions(-) diff --git a/CONTRIBUTORS.md b/CONTRIBUTORS.md index bc4ebf6f78139..672246e7f9da8 100644 --- a/CONTRIBUTORS.md +++ b/CONTRIBUTORS.md @@ -17,9 +17,9 @@ Symfony is the result of the work of many people who made the code better - Johannes S (johannes) - Jakub Zalas (jakubzalas) - Kris Wallsmith (kriswallsmith) + - Maxime Steinhausser (ogizanagi) - Ryan Weaver (weaverryan) - Javier Eguiluz (javier.eguiluz) - - Maxime Steinhausser (ogizanagi) - Grégoire Pineau (lyrixx) - Hugo Hamon (hhamon) - Abdellatif Ait boudad (aitboudad) @@ -35,17 +35,17 @@ Symfony is the result of the work of many people who made the code better - Jean-François Simon (jfsimon) - Benjamin Eberlei (beberlei) - Igor Wiedler (igorw) + - Samuel ROZE (sroze) - Jules Pietri (heah) - Eriksen Costa (eriksencosta) - Guilhem Niot (energetick) - Sarah Khalil (saro0h) - - Samuel ROZE (sroze) + - Yonel Ceruto (yonelceruto) - Jonathan Wage (jwage) - Hamza Amrouche (simperfit) - Diego Saint Esteben (dosten) - - Yonel Ceruto (yonelceruto) - - Alexandre Salomé (alexandresalome) - Iltar van der Berg (kjarli) + - Alexandre Salomé (alexandresalome) - William Durand (couac) - ornicar - Francis Besset (francisbesset) @@ -59,9 +59,9 @@ Symfony is the result of the work of many people who made the code better - Henrik Bjørnskov (henrikbjorn) - Dany Maillard (maidmaid) - Miha Vrhovnik + - Kevin Bond (kbond) - Tobias Nyholm (tobias) - Diego Saint Esteben (dii3g0) - - Kevin Bond (kbond) - Konstantin Kudryashov (everzet) - Alexander M. Turek (derrabus) - Bilal Amarni (bamarni) @@ -83,12 +83,12 @@ Symfony is the result of the work of many people who made the code better - Dariusz Górecki (canni) - Issei Murasawa (issei_m) - Douglas Greenshields (shieldo) + - David Maicher (dmaicher) - Lee McDermott - Brandon Turner - Luis Cordova (cordoval) - Graham Campbell (graham) - Daniel Holmes (dholmes) - - David Maicher (dmaicher) - Dariusz Ruminski - Toni Uebernickel (havvg) - Bart van den Burg (burgov) @@ -103,9 +103,9 @@ Symfony is the result of the work of many people who made the code better - Maxime STEINHAUSSER - Michal Piotrowski (eventhorizon) - Tim Nagel (merk) + - Grégoire Paris (greg0ire) - Brice BERNARD (brikou) - Baptiste Clavié (talus) - - Grégoire Paris (greg0ire) - marc.weistroff - lenar - Alexander Schwenn (xelaris) @@ -139,21 +139,21 @@ Symfony is the result of the work of many people who made the code better - Sebastian Hörl (blogsh) - Daniel Gomes (danielcsgomes) - Hidenori Goto (hidenorigoto) + - Jérôme Vasseur (jvasseur) + - Valentin Udaltsov (vudaltsov) + - gadelat (gadelat) - Guilherme Blanco (guilhermeblanco) - Pablo Godel (pgodel) - - Jérôme Vasseur (jvasseur) - Jérémie Augustin (jaugustin) - Andréia Bohner (andreia) - Philipp Wahala (hifi) - Julien Falque (julienfalque) - Rafael Dohms (rdohms) - Arnaud Kleinpeter (nanocom) - - gadelat (gadelat) - jwdeitch - Teoh Han Hui (teohhanhui) - Mikael Pajunen - Joel Wurtz (brouznouf) - - Valentin Udaltsov (vudaltsov) - Chris Wilkinson (thewilkybarkid) - Oleg Voronkovich - Vyacheslav Pavlov @@ -226,6 +226,7 @@ Symfony is the result of the work of many people who made the code better - Julien Brochet (mewt) - Leo Feyer - Tristan Darricau (nicofuma) + - Nikolay Labinskiy (e-moe) - Michaël Perrin (michael.perrin) - Marcel Beerta (mazen) - Loïc Faugeron @@ -260,6 +261,7 @@ Symfony is the result of the work of many people who made the code better - Kristen Gilden (kgilden) - Pierre-Yves LEBECQ (pylebecq) - Jordan Samouh (jordansamouh) + - Baptiste Lafontaine (magnetik) - Jakub Kucharovic (jkucharovic) - Uwe Jäger (uwej711) - Eugene Leonovich (rybakit) @@ -270,7 +272,6 @@ Symfony is the result of the work of many people who made the code better - Jan Sorgalla (jsor) - Ray - Tyson Andre - - Nikolay Labinskiy (e-moe) - Chekote - Thomas Adam - Albert Casademont (acasademont) @@ -286,6 +287,7 @@ Symfony is the result of the work of many people who made the code better - Oskar Stark (oskarstark) - Thomas Lallement (raziel057) - Giorgio Premi + - Christian Schmidt - Beau Simensen (simensen) - Michael Hirschler (mvhirsch) - Robert Kiss (kepten) @@ -317,7 +319,6 @@ Symfony is the result of the work of many people who made the code better - Jerzy Zawadzki (jzawadzki) - Wouter J - Ismael Ambrosi (iambrosi) - - Baptiste Lafontaine - François Pluchino (francoispluchino) - Aurelijus Valeiša (aurelijus) - Jan Decavele (jandc) @@ -361,6 +362,7 @@ Symfony is the result of the work of many people who made the code better - Yaroslav Kiliba - Terje Bråten - Mathieu Lechat + - MatTheCat - Robbert Klarenbeek (robbertkl) - JhonnyL - David Badura (davidbadura) @@ -424,7 +426,6 @@ Symfony is the result of the work of many people who made the code better - Jeanmonod David (jeanmonod) - Christopher Davis (chrisguitarguy) - Jan Schumann - - Christian Schmidt - Niklas Fiekas - Markus Bachmann (baachi) - lancergr @@ -437,6 +438,7 @@ Symfony is the result of the work of many people who made the code better - Josip Kruslin - Asmir Mustafic (goetas) - vagrant + - Aurimas Niekis (gcds) - EdgarPE - Florian Pfitzer (marmelatze) - Asier Illarramendi (doup) @@ -514,6 +516,7 @@ Symfony is the result of the work of many people who made the code better - De Cock Xavier (xdecock) - Almog Baku (almogbaku) - Scott Arciszewski + - Xavier HAUSHERR - Norbert Orzechowicz (norzechowicz) - Denis Charrier (brucewouaigne) - Matthijs van den Bos (matthijs) @@ -529,7 +532,6 @@ Symfony is the result of the work of many people who made the code better - Dawid Pakuła (zulusx) - Florian Rey (nervo) - Rodrigo Borrego Bernabé (rodrigobb) - - MatTheCat - Denis Gorbachev (starfall) - Peter van Dommelen - Tim van Densen @@ -563,6 +565,7 @@ Symfony is the result of the work of many people who made the code better - Mantas Var (mvar) - Sebastian Krebs - Jean-Christophe Cuvelier [Artack] + - Simon DELICATA - alcaeus - Fred Cox - vitaliytv @@ -580,6 +583,7 @@ Symfony is the result of the work of many people who made the code better - James Johnston - Sinan Eldem - Alexandre Dupuy (satchette) + - Malte Blättermann - Andre Rømcke (andrerom) - Nahuel Cuesta (ncuesta) - Chris Boden (cboden) @@ -604,7 +608,6 @@ Symfony is the result of the work of many people who made the code better - Michal Trojanowski - David Fuhr - Kamil Kokot (pamil) - - Aurimas Niekis (gcds) - Max Grigorian (maxakawizard) - mcfedr (mcfedr) - Rostyslav Kinash @@ -721,6 +724,7 @@ Symfony is the result of the work of many people who made the code better - Adam Szaraniec (mimol) - Yosmany Garcia (yosmanyga) - Wouter de Wild + - Antoine M (amakdessi) - Degory Valentine - izzyp - Benoit Lévêque (benoit_leveque) @@ -730,6 +734,7 @@ Symfony is the result of the work of many people who made the code better - Xavier Lacot (xavier) - possum - Denis Zunke (donalberto) + - Philipp Cordes - Ahmed TAILOULOUTE (ahmedtai) - Olivier Maisonneuve (olineuve) - Masterklavi @@ -749,7 +754,6 @@ Symfony is the result of the work of many people who made the code better - Adrien Lucas (adrienlucas) - Zhuravlev Alexander (scif) - James Michael DuPont - - Xavier HAUSHERR - Tom Klingenberg - Christopher Hall (mythmakr) - Patrick Dawkins (pjcdawkins) @@ -802,6 +806,7 @@ Symfony is the result of the work of many people who made the code better - corphi - grizlik - Derek ROTH + - Ben Johnson - Dmytro Boiko (eagle) - Shin Ohno (ganchiku) - Geert De Deckere (geertdd) @@ -882,6 +887,7 @@ Symfony is the result of the work of many people who made the code better - Michael Tibben - Billie Thompson - Sander Marechal + - Icode4Food (icode4food) - Radosław Benkel - jean pasqualini (darkilliant) - Ross Motley (rossmotley) @@ -993,6 +999,7 @@ Symfony is the result of the work of many people who made the code better - DerManoMann - Olaf Klischat - orlovv + - Jonathan Hedstrom - Peter Smeets (darkspartan) - Jhonny Lidfors (jhonny) - Julien Bianchi (jubianchi) @@ -1005,7 +1012,6 @@ Symfony is the result of the work of many people who made the code better - Andrew Tch - Alexander Cheprasov - Rodrigo Díez Villamuera (rodrigodiez) - - Malte Blättermann - e-ivanov - Jochen Bayer (jocl) - Alex Bowers @@ -1092,9 +1098,11 @@ Symfony is the result of the work of many people who made the code better - Tobias Stöckler - Mario Young - Ilia (aliance) + - Chris McCafferty (cilefen) - Grégoire Penverne (gpenverne) - Mo Di (modi) - Pablo Schläpfer + - Gert de Pagter - Jelte Steijaert (jelte) - Quique Porta (quiqueporta) - stoccc @@ -1177,9 +1185,9 @@ Symfony is the result of the work of many people who made the code better - Andreas Frömer - Philip Frank - Lance McNearney - - Antoine M (amakdessi) - Gonzalo Vilaseca (gonzalovilaseca) - Giorgio Premi + - ncou - Ian Carroll - caponica - Matt Daum (daum) @@ -1197,7 +1205,6 @@ Symfony is the result of the work of many people who made the code better - Tadcka - Beth Binkovitz - Gonzalo Míguez - - Philipp Cordes - Pierre Rineau - Romain Geissler - Adrien Moiruad @@ -1352,6 +1359,7 @@ Symfony is the result of the work of many people who made the code better - Pablo Maria Martelletti (pmartelletti) - Yassine Guedidi (yguedidi) - Waqas Ahmed + - Bert Hekman - Luis Muñoz - Matthew Donadio - Houziaux mike @@ -1450,6 +1458,7 @@ Symfony is the result of the work of many people who made the code better - Yannick Warnier (ywarnier) - Kevin Decherf - Jason Woods + - Oleg Andreyev - klemens - dened - Dmitry Korotovsky @@ -1508,6 +1517,7 @@ Symfony is the result of the work of many people who made the code better - Pierre Rineau - Maxim Lovchikov - adenkejawen + - Florent SEVESTRE (aniki-taicho) - Ari Pringle (apringle) - Dan Ordille (dordille) - Jan Eichhorn (exeu) @@ -1759,7 +1769,6 @@ Symfony is the result of the work of many people who made the code better - Matt Janssen - Ben Miller - Peter Gribanov - - Ben Johnson - kwiateusz - David Soria Parra - Sergiy Sokolenko @@ -1889,6 +1898,7 @@ Symfony is the result of the work of many people who made the code better - Julien Sanchez (sumbobyboys) - Guillermo Gisinger (t3chn0r) - Markus Tacker (tacker) + - Tarmo Leppänen (tarlepp) - Tyler Stroud (tystr) - Moritz Kraft (userfriendly) - Víctor Mateo (victormateo) From e55c38be006f8a9e47d8d4ab43a3b0698a2b7a87 Mon Sep 17 00:00:00 2001 From: Fabien Potencier Date: Mon, 21 May 2018 13:48:33 +0200 Subject: [PATCH 04/74] updated VERSION for 2.7.47 --- src/Symfony/Component/HttpKernel/Kernel.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/Symfony/Component/HttpKernel/Kernel.php b/src/Symfony/Component/HttpKernel/Kernel.php index 33bbddabc9eff..e0d221e2edce8 100644 --- a/src/Symfony/Component/HttpKernel/Kernel.php +++ b/src/Symfony/Component/HttpKernel/Kernel.php @@ -58,12 +58,12 @@ abstract class Kernel implements KernelInterface, TerminableInterface protected $startTime; protected $loadClassCache; - const VERSION = '2.7.47-DEV'; + const VERSION = '2.7.47'; const VERSION_ID = 20747; const MAJOR_VERSION = 2; const MINOR_VERSION = 7; const RELEASE_VERSION = 47; - const EXTRA_VERSION = 'DEV'; + const EXTRA_VERSION = ''; const END_OF_MAINTENANCE = '05/2018'; const END_OF_LIFE = '05/2019'; From 84bba75ad1192f59fbefa9386c0c522f1a9d2704 Mon Sep 17 00:00:00 2001 From: Fabien Potencier Date: Mon, 21 May 2018 13:56:57 +0200 Subject: [PATCH 05/74] bumped Symfony version to 2.7.48 --- src/Symfony/Component/HttpKernel/Kernel.php | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/src/Symfony/Component/HttpKernel/Kernel.php b/src/Symfony/Component/HttpKernel/Kernel.php index e0d221e2edce8..158099cd316cd 100644 --- a/src/Symfony/Component/HttpKernel/Kernel.php +++ b/src/Symfony/Component/HttpKernel/Kernel.php @@ -58,12 +58,12 @@ abstract class Kernel implements KernelInterface, TerminableInterface protected $startTime; protected $loadClassCache; - const VERSION = '2.7.47'; - const VERSION_ID = 20747; + const VERSION = '2.7.48-DEV'; + const VERSION_ID = 20748; const MAJOR_VERSION = 2; const MINOR_VERSION = 7; - const RELEASE_VERSION = 47; - const EXTRA_VERSION = ''; + const RELEASE_VERSION = 48; + const EXTRA_VERSION = 'DEV'; const END_OF_MAINTENANCE = '05/2018'; const END_OF_LIFE = '05/2019'; From b9ff0b012455ed805ad19013fb20c8c50641c4a5 Mon Sep 17 00:00:00 2001 From: Fabien Potencier Date: Mon, 21 May 2018 15:17:24 +0200 Subject: [PATCH 06/74] updated CHANGELOG for 2.8.40 --- CHANGELOG-2.8.md | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/CHANGELOG-2.8.md b/CHANGELOG-2.8.md index 9b7d325c0e9dc..9f76090b789b7 100644 --- a/CHANGELOG-2.8.md +++ b/CHANGELOG-2.8.md @@ -7,6 +7,19 @@ in 2.8 minor versions. To get the diff for a specific change, go to https://github.com/symfony/symfony/commit/XXX where XXX is the change hash To get the diff between two versions, go to https://github.com/symfony/symfony/compare/v2.8.0...v2.8.1 +* 2.8.40 (2018-05-21) + + * bug #26781 [Form] Fix precision of MoneyToLocalizedStringTransformer's divisions on transform() (syastrebov) + * bug #27286 [Translation] Add Occitan plural rule (kylekatarnls) + * bug #27246 Disallow invalid characters in session.name (ostrolucky) + * bug #24805 [Security] Fix logout (MatTheCat) + * bug #27141 [Process] Suppress warnings when open_basedir is non-empty (cbj4074) + * bug #27250 [Session] limiting :key for GET_LOCK to 64 chars (oleg-andreyev) + * bug #27237 [Debug] Fix populating error_get_last() for handled silent errors (nicolas-grekas) + * bug #27236 [Filesystem] Fix usages of error_get_last() (nicolas-grekas) + * bug #27152 [HttpFoundation] use brace-style regex delimiters (xabbuh) + * feature #24896 Add CODE_OF_CONDUCT.md (egircys) + * 2.8.39 (2018-04-30) * bug #27067 [HttpFoundation] Fix setting session-related ini settings (e-moe) From ca80b59dc1c1d91eed0171331d8e49a4a5e367a6 Mon Sep 17 00:00:00 2001 From: Fabien Potencier Date: Mon, 21 May 2018 15:17:29 +0200 Subject: [PATCH 07/74] updated VERSION for 2.8.40 --- src/Symfony/Component/HttpKernel/Kernel.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/Symfony/Component/HttpKernel/Kernel.php b/src/Symfony/Component/HttpKernel/Kernel.php index baeb200a6dd28..1eee70532ab18 100644 --- a/src/Symfony/Component/HttpKernel/Kernel.php +++ b/src/Symfony/Component/HttpKernel/Kernel.php @@ -59,12 +59,12 @@ abstract class Kernel implements KernelInterface, TerminableInterface protected $startTime; protected $loadClassCache; - const VERSION = '2.8.40-DEV'; + const VERSION = '2.8.40'; const VERSION_ID = 20840; const MAJOR_VERSION = 2; const MINOR_VERSION = 8; const RELEASE_VERSION = 40; - const EXTRA_VERSION = 'DEV'; + const EXTRA_VERSION = ''; const END_OF_MAINTENANCE = '11/2018'; const END_OF_LIFE = '11/2019'; From 6d4de556664daa49a22a3700d6bbade5a9170b2d Mon Sep 17 00:00:00 2001 From: Fabien Potencier Date: Mon, 21 May 2018 15:43:22 +0200 Subject: [PATCH 08/74] bumped Symfony version to 2.8.41 --- src/Symfony/Component/HttpKernel/Kernel.php | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/src/Symfony/Component/HttpKernel/Kernel.php b/src/Symfony/Component/HttpKernel/Kernel.php index 1eee70532ab18..70038526fac48 100644 --- a/src/Symfony/Component/HttpKernel/Kernel.php +++ b/src/Symfony/Component/HttpKernel/Kernel.php @@ -59,12 +59,12 @@ abstract class Kernel implements KernelInterface, TerminableInterface protected $startTime; protected $loadClassCache; - const VERSION = '2.8.40'; - const VERSION_ID = 20840; + const VERSION = '2.8.41-DEV'; + const VERSION_ID = 20841; const MAJOR_VERSION = 2; const MINOR_VERSION = 8; - const RELEASE_VERSION = 40; - const EXTRA_VERSION = ''; + const RELEASE_VERSION = 41; + const EXTRA_VERSION = 'DEV'; const END_OF_MAINTENANCE = '11/2018'; const END_OF_LIFE = '11/2019'; From 56c711fd6ee58fda8f6d3adae816a25fe408689f Mon Sep 17 00:00:00 2001 From: Fabien Potencier Date: Mon, 21 May 2018 15:43:55 +0200 Subject: [PATCH 09/74] updated CHANGELOG for 3.4.10 --- CHANGELOG-3.4.md | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) diff --git a/CHANGELOG-3.4.md b/CHANGELOG-3.4.md index 394f0eb4471f1..4b307918d34b4 100644 --- a/CHANGELOG-3.4.md +++ b/CHANGELOG-3.4.md @@ -7,6 +7,33 @@ in 3.4 minor versions. To get the diff for a specific change, go to https://github.com/symfony/symfony/commit/XXX where XXX is the change hash To get the diff between two versions, go to https://github.com/symfony/symfony/compare/v3.4.0...v3.4.1 +* 3.4.10 (2018-05-21) + + * bug #27264 [Validator] Use strict type in URL validator (mimol91) + * bug #27267 [DependencyInjection] resolve array env vars (jamesthomasonjr) + * bug #26781 [Form] Fix precision of MoneyToLocalizedStringTransformer's divisions on transform() (syastrebov) + * bug #27286 [Translation] Add Occitan plural rule (kylekatarnls) + * bug #27271 [DI] Allow defining bindings on ChildDefinition (nicolas-grekas) + * bug #27246 Disallow invalid characters in session.name (ostrolucky) + * bug #27287 [PropertyInfo] fix resolving parent|self type hints (nicolas-grekas) + * bug #27281 [HttpKernel] Fix dealing with self/parent in ArgumentMetadataFactory (fabpot) + * bug #24805 [Security] Fix logout (MatTheCat) + * bug #27265 [DI] Shared services should not be inlined in non-shared ones (nicolas-grekas) + * bug #27141 [Process] Suppress warnings when open_basedir is non-empty (cbj4074) + * bug #27250 [Session] limiting :key for GET_LOCK to 64 chars (oleg-andreyev) + * bug #27237 [Debug] Fix populating error_get_last() for handled silent errors (nicolas-grekas) + * bug #27232 [Cache][Lock] Fix usages of error_get_last() (nicolas-grekas) + * bug #27236 [Filesystem] Fix usages of error_get_last() (nicolas-grekas) + * bug #27191 [DI] Display previous error messages when throwing unused bindings (nicolas-grekas) + * bug #27231 [FrameworkBundle] Fix cache:clear on vagrant (nicolas-grekas) + * bug #27222 [WebProfilerBundle][Cache] Fix misses calculation when calling getItems (fsevestre) + * bug #27227 [HttpKernel] Handle NoConfigurationException "onKernelException()" (nicolas-grekas) + * bug #27152 [HttpFoundation] use brace-style regex delimiters (xabbuh) + * bug #27158 [Cache] fix logic for fetching tag versions on TagAwareAdapter (dmaicher) + * bug #27143 [Console] By default hide the short exception trace line from exception messages in Symfony's commands (yceruto) + * bug #27133 [Doctrine Bridge] fix priority for doctrine event listeners (dmaicher) + * bug #27135 [FrameworkBundle] Use the correct service id for CachePoolPruneCommand in its compiler pass (DemonTPx) + * 3.4.9 (2018-04-30) * feature #24896 Add CODE_OF_CONDUCT.md (egircys) From 7be0b084a59575ffeb468b12b2bb3cbac848ac9a Mon Sep 17 00:00:00 2001 From: Fabien Potencier Date: Mon, 21 May 2018 15:44:03 +0200 Subject: [PATCH 10/74] updated VERSION for 3.4.10 --- src/Symfony/Component/HttpKernel/Kernel.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/Symfony/Component/HttpKernel/Kernel.php b/src/Symfony/Component/HttpKernel/Kernel.php index b5e5a2b5ca068..abd7f74a03c87 100644 --- a/src/Symfony/Component/HttpKernel/Kernel.php +++ b/src/Symfony/Component/HttpKernel/Kernel.php @@ -67,12 +67,12 @@ abstract class Kernel implements KernelInterface, RebootableInterface, Terminabl private $requestStackSize = 0; private $resetServices = false; - const VERSION = '3.4.10-DEV'; + const VERSION = '3.4.10'; const VERSION_ID = 30410; const MAJOR_VERSION = 3; const MINOR_VERSION = 4; const RELEASE_VERSION = 10; - const EXTRA_VERSION = 'DEV'; + const EXTRA_VERSION = ''; const END_OF_MAINTENANCE = '11/2020'; const END_OF_LIFE = '11/2021'; From 52270d1e5abbb91bfb939395818f6faa61cb7c15 Mon Sep 17 00:00:00 2001 From: Fabien Potencier Date: Mon, 21 May 2018 16:00:59 +0200 Subject: [PATCH 11/74] bumped Symfony version to 3.4.11 --- src/Symfony/Component/HttpKernel/Kernel.php | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/src/Symfony/Component/HttpKernel/Kernel.php b/src/Symfony/Component/HttpKernel/Kernel.php index abd7f74a03c87..5e3b9a857827f 100644 --- a/src/Symfony/Component/HttpKernel/Kernel.php +++ b/src/Symfony/Component/HttpKernel/Kernel.php @@ -67,12 +67,12 @@ abstract class Kernel implements KernelInterface, RebootableInterface, Terminabl private $requestStackSize = 0; private $resetServices = false; - const VERSION = '3.4.10'; - const VERSION_ID = 30410; + const VERSION = '3.4.11-DEV'; + const VERSION_ID = 30411; const MAJOR_VERSION = 3; const MINOR_VERSION = 4; - const RELEASE_VERSION = 10; - const EXTRA_VERSION = ''; + const RELEASE_VERSION = 11; + const EXTRA_VERSION = 'DEV'; const END_OF_MAINTENANCE = '11/2020'; const END_OF_LIFE = '11/2021'; From c5dc846806f16d0252688d3f195810e2897d2982 Mon Sep 17 00:00:00 2001 From: Fabien Potencier Date: Mon, 21 May 2018 16:02:26 +0200 Subject: [PATCH 12/74] updated CHANGELOG for 4.0.10 --- CHANGELOG-4.0.md | 28 ++++++++++++++++++++++++++++ 1 file changed, 28 insertions(+) diff --git a/CHANGELOG-4.0.md b/CHANGELOG-4.0.md index 9abb4a61a6634..906a472b9fe36 100644 --- a/CHANGELOG-4.0.md +++ b/CHANGELOG-4.0.md @@ -7,6 +7,34 @@ in 4.0 minor versions. To get the diff for a specific change, go to https://github.com/symfony/symfony/commit/XXX where XXX is the change hash To get the diff between two versions, go to https://github.com/symfony/symfony/compare/v4.0.0...v4.0.1 +* 4.0.10 (2018-05-21) + + * bug #27264 [Validator] Use strict type in URL validator (mimol91) + * bug #27267 [DependencyInjection] resolve array env vars (jamesthomasonjr) + * bug #26781 [Form] Fix precision of MoneyToLocalizedStringTransformer's divisions on transform() (syastrebov) + * bug #27286 [Translation] Add Occitan plural rule (kylekatarnls) + * bug #27271 [DI] Allow defining bindings on ChildDefinition (nicolas-grekas) + * bug #27246 Disallow invalid characters in session.name (ostrolucky) + * bug #27287 [PropertyInfo] fix resolving parent|self type hints (nicolas-grekas) + * bug #27281 [HttpKernel] Fix dealing with self/parent in ArgumentMetadataFactory (fabpot) + * bug #24805 [Security] Fix logout (MatTheCat) + * bug #27265 [DI] Shared services should not be inlined in non-shared ones (nicolas-grekas) + * bug #27141 [Process] Suppress warnings when open_basedir is non-empty (cbj4074) + * bug #27250 [Session] limiting :key for GET_LOCK to 64 chars (oleg-andreyev) + * bug #27237 [Debug] Fix populating error_get_last() for handled silent errors (nicolas-grekas) + * bug #27232 [Cache][Lock] Fix usages of error_get_last() (nicolas-grekas) + * bug #27236 [Filesystem] Fix usages of error_get_last() (nicolas-grekas) + * bug #27191 [DI] Display previous error messages when throwing unused bindings (nicolas-grekas) + * bug #27231 [FrameworkBundle] Fix cache:clear on vagrant (nicolas-grekas) + * bug #27222 [WebProfilerBundle][Cache] Fix misses calculation when calling getItems (fsevestre) + * bug #27227 [HttpKernel] Handle NoConfigurationException "onKernelException()" (nicolas-grekas) + * bug #27152 [HttpFoundation] use brace-style regex delimiters (xabbuh) + * bug #27158 [Cache] fix logic for fetching tag versions on TagAwareAdapter (dmaicher) + * bug #27143 [Console] By default hide the short exception trace line from exception messages in Symfony's commands (yceruto) + * bug #27133 [Doctrine Bridge] fix priority for doctrine event listeners (dmaicher) + * bug #27135 [FrameworkBundle] Use the correct service id for CachePoolPruneCommand in its compiler pass (DemonTPx) + * feature #24896 Add CODE_OF_CONDUCT.md (egircys) + * 4.0.9 (2018-04-30) * bug #27074 [Debug][WebProfilerBundle] Fix setting file link format (lyrixx, nicolas-grekas) From 1313ba3f46c569f6c08f59567ef392ac8e2f1f2f Mon Sep 17 00:00:00 2001 From: Fabien Potencier Date: Mon, 21 May 2018 16:02:31 +0200 Subject: [PATCH 13/74] updated VERSION for 4.0.10 --- src/Symfony/Component/HttpKernel/Kernel.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/Symfony/Component/HttpKernel/Kernel.php b/src/Symfony/Component/HttpKernel/Kernel.php index 2840606fdb422..79e96ffb1abf4 100644 --- a/src/Symfony/Component/HttpKernel/Kernel.php +++ b/src/Symfony/Component/HttpKernel/Kernel.php @@ -63,12 +63,12 @@ abstract class Kernel implements KernelInterface, RebootableInterface, Terminabl private $requestStackSize = 0; private $resetServices = false; - const VERSION = '4.0.10-DEV'; + const VERSION = '4.0.10'; const VERSION_ID = 40010; const MAJOR_VERSION = 4; const MINOR_VERSION = 0; const RELEASE_VERSION = 10; - const EXTRA_VERSION = 'DEV'; + const EXTRA_VERSION = ''; const END_OF_MAINTENANCE = '07/2018'; const END_OF_LIFE = '01/2019'; From 47529b51e49bf69d516bd0bd13add08578c26493 Mon Sep 17 00:00:00 2001 From: Fabien Potencier Date: Mon, 21 May 2018 16:04:59 +0200 Subject: [PATCH 14/74] bumped Symfony version to 4.0.11 --- src/Symfony/Component/HttpKernel/Kernel.php | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/src/Symfony/Component/HttpKernel/Kernel.php b/src/Symfony/Component/HttpKernel/Kernel.php index 79e96ffb1abf4..8004fc81ce514 100644 --- a/src/Symfony/Component/HttpKernel/Kernel.php +++ b/src/Symfony/Component/HttpKernel/Kernel.php @@ -63,12 +63,12 @@ abstract class Kernel implements KernelInterface, RebootableInterface, Terminabl private $requestStackSize = 0; private $resetServices = false; - const VERSION = '4.0.10'; - const VERSION_ID = 40010; + const VERSION = '4.0.11-DEV'; + const VERSION_ID = 40011; const MAJOR_VERSION = 4; const MINOR_VERSION = 0; - const RELEASE_VERSION = 10; - const EXTRA_VERSION = ''; + const RELEASE_VERSION = 11; + const EXTRA_VERSION = 'DEV'; const END_OF_MAINTENANCE = '07/2018'; const END_OF_LIFE = '01/2019'; From 72fb10057f29f59dd585a68202222a80607c54e0 Mon Sep 17 00:00:00 2001 From: Fabien Potencier Date: Mon, 21 May 2018 16:30:52 +0200 Subject: [PATCH 15/74] bumped Symfony version to 4.1.0 --- src/Symfony/Component/HttpKernel/Kernel.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/Symfony/Component/HttpKernel/Kernel.php b/src/Symfony/Component/HttpKernel/Kernel.php index ae3ea7243749f..a408ae1888b99 100644 --- a/src/Symfony/Component/HttpKernel/Kernel.php +++ b/src/Symfony/Component/HttpKernel/Kernel.php @@ -63,12 +63,12 @@ abstract class Kernel implements KernelInterface, RebootableInterface, Terminabl private $requestStackSize = 0; private $resetServices = false; - const VERSION = '4.1.0-BETA2'; + const VERSION = '4.1.0-DEV'; const VERSION_ID = 40100; const MAJOR_VERSION = 4; const MINOR_VERSION = 1; const RELEASE_VERSION = 0; - const EXTRA_VERSION = 'BETA2'; + const EXTRA_VERSION = 'DEV'; const END_OF_MAINTENANCE = '01/2019'; const END_OF_LIFE = '07/2019'; From 3c789c610aa0696d1ff09cfc990ce61c81475a5b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?K=C3=A9vin=20Dunglas?= Date: Thu, 17 May 2018 07:48:00 +0200 Subject: [PATCH 16/74] [Serializer] Fix and improve constraintViolationListNormalizer's RFC7807 compliance --- .../ConstraintViolationListNormalizer.php | 34 ++++++++++++++----- .../ConstraintViolationListNormalizerTest.php | 11 +++--- 2 files changed, 31 insertions(+), 14 deletions(-) diff --git a/src/Symfony/Component/Serializer/Normalizer/ConstraintViolationListNormalizer.php b/src/Symfony/Component/Serializer/Normalizer/ConstraintViolationListNormalizer.php index 2ba258ecb7271..bc9aa60bd3a08 100644 --- a/src/Symfony/Component/Serializer/Normalizer/ConstraintViolationListNormalizer.php +++ b/src/Symfony/Component/Serializer/Normalizer/ConstraintViolationListNormalizer.php @@ -32,21 +32,37 @@ public function normalize($object, $format = null, array $context = array()) $violations = array(); $messages = array(); foreach ($object as $violation) { - $violations[] = array( - 'propertyPath' => $violation->getPropertyPath(), - 'message' => $violation->getMessage(), - 'code' => $violation->getCode(), - ); $propertyPath = $violation->getPropertyPath(); + + $violationEntry = array( + 'propertyPath' => $propertyPath, + 'title' => $violation->getMessage(), + ); + if (null !== $code = $violation->getCode()) { + $violationEntry['type'] = sprintf('urn:uuid:%s', $code); + } + + $violations[] = $violationEntry; + $prefix = $propertyPath ? sprintf('%s: ', $propertyPath) : ''; $messages[] = $prefix.$violation->getMessage(); } - return array( - 'title' => isset($context['title']) ? $context['title'] : 'An error occurred', - 'detail' => $messages ? implode("\n", $messages) : '', - 'violations' => $violations, + $result = array( + 'type' => $context['type'] ?? 'https://symfony.com/errors/validation', + 'title' => $context['title'] ?? 'Validation Failed', ); + if (isset($context['status'])) { + $result['status'] = $context['status']; + } + if ($messages) { + $result['detail'] = implode("\n", $messages); + } + if (isset($context['instance'])) { + $result['instance'] = $context['instance']; + } + + return $result + array('violations' => $violations); } /** diff --git a/src/Symfony/Component/Serializer/Tests/Normalizer/ConstraintViolationListNormalizerTest.php b/src/Symfony/Component/Serializer/Tests/Normalizer/ConstraintViolationListNormalizerTest.php index 5c9c55028ff2f..9e8aec51477ba 100644 --- a/src/Symfony/Component/Serializer/Tests/Normalizer/ConstraintViolationListNormalizerTest.php +++ b/src/Symfony/Component/Serializer/Tests/Normalizer/ConstraintViolationListNormalizerTest.php @@ -43,19 +43,20 @@ public function testNormalize() )); $expected = array( - 'title' => 'An error occurred', + 'type' => 'https://symfony.com/errors/validation', + 'title' => 'Validation Failed', 'detail' => 'd: a 4: 1', 'violations' => array( array( 'propertyPath' => 'd', - 'message' => 'a', - 'code' => 'f', + 'title' => 'a', + 'type' => 'urn:uuid:f', ), array( 'propertyPath' => '4', - 'message' => '1', - 'code' => '6', + 'title' => '1', + 'type' => 'urn:uuid:6', ), ), ); From b1ec831cce8dbac5839f7905fa48377f288cbc87 Mon Sep 17 00:00:00 2001 From: Emilie Lorenzo <30348909+emilielorenzo@users.noreply.github.com> Date: Tue, 22 May 2018 12:57:49 +0200 Subject: [PATCH 17/74] [FrameworkBundle] fix typo in CacheClearCommand --- .../Bundle/FrameworkBundle/Command/CacheClearCommand.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/Symfony/Bundle/FrameworkBundle/Command/CacheClearCommand.php b/src/Symfony/Bundle/FrameworkBundle/Command/CacheClearCommand.php index 650f36dc15b71..25ba58f13fdf3 100644 --- a/src/Symfony/Bundle/FrameworkBundle/Command/CacheClearCommand.php +++ b/src/Symfony/Bundle/FrameworkBundle/Command/CacheClearCommand.php @@ -148,7 +148,7 @@ protected function execute(InputInterface $input, OutputInterface $output) if ('/' === \DIRECTORY_SEPARATOR && $mounts = @file('/proc/mounts')) { foreach ($mounts as $mount) { $mount = array_slice(explode(' ', $mount), 1, -3); - if (!\in_array(array_pop($mount), array('vboxfs', 'nfs'))) { + if (!\in_array(array_pop($mount), array('vboxsf', 'nfs'))) { continue; } $mount = implode(' ', $mount).'/'; From 208d1d1306eac1d6d43d385ed0b5ecaf0c24ed47 Mon Sep 17 00:00:00 2001 From: Nicolas Grekas Date: Tue, 22 May 2018 13:34:43 +0200 Subject: [PATCH 18/74] [Form] fix tests on old phpunit versions --- .../Component/Form/Test/Traits/ValidatorExtensionTrait.php | 2 +- .../Form/Tests/Extension/Validator/ValidatorExtensionTest.php | 1 + .../Component/Serializer/Mapping/AttributeMetadataInterface.php | 2 +- 3 files changed, 3 insertions(+), 2 deletions(-) diff --git a/src/Symfony/Component/Form/Test/Traits/ValidatorExtensionTrait.php b/src/Symfony/Component/Form/Test/Traits/ValidatorExtensionTrait.php index 0724f697ba77a..d5bcb04a4df6d 100644 --- a/src/Symfony/Component/Form/Test/Traits/ValidatorExtensionTrait.php +++ b/src/Symfony/Component/Form/Test/Traits/ValidatorExtensionTrait.php @@ -31,7 +31,7 @@ protected function getValidatorExtension() } $this->validator = $this->getMockBuilder(ValidatorInterface::class)->getMock(); - $metadata = $this->getMockBuilder(ClassMetadata::class)->disableOriginalConstructor()->getMock(); + $metadata = $this->getMockBuilder(ClassMetadata::class)->disableOriginalConstructor()->setMethods(array('addPropertyConstraint'))->getMock(); $this->validator->expects($this->any())->method('getMetadataFor')->will($this->returnValue($metadata)); $this->validator->expects($this->any())->method('validate')->will($this->returnValue(array())); diff --git a/src/Symfony/Component/Form/Tests/Extension/Validator/ValidatorExtensionTest.php b/src/Symfony/Component/Form/Tests/Extension/Validator/ValidatorExtensionTest.php index 1b77e1ff6accb..a2b4e2ef9fb6b 100644 --- a/src/Symfony/Component/Form/Tests/Extension/Validator/ValidatorExtensionTest.php +++ b/src/Symfony/Component/Form/Tests/Extension/Validator/ValidatorExtensionTest.php @@ -22,6 +22,7 @@ public function test2Dot5ValidationApi() ->disableOriginalConstructor() ->getMock(); $metadata = $this->getMockBuilder('Symfony\Component\Validator\Mapping\ClassMetadata') + ->setMethods(array('addConstraint', 'addPropertyConstraint')) ->disableOriginalConstructor() ->getMock(); diff --git a/src/Symfony/Component/Serializer/Mapping/AttributeMetadataInterface.php b/src/Symfony/Component/Serializer/Mapping/AttributeMetadataInterface.php index d9a15d5ac0de5..944a7b3133f35 100644 --- a/src/Symfony/Component/Serializer/Mapping/AttributeMetadataInterface.php +++ b/src/Symfony/Component/Serializer/Mapping/AttributeMetadataInterface.php @@ -60,5 +60,5 @@ public function getMaxDepth(); /** * Merges an {@see AttributeMetadataInterface} with in the current one. */ - public function merge(self $attributeMetadata); + public function merge(AttributeMetadataInterface $attributeMetadata); } From 607529202d4dae977d7a5463cb11c188e24c5880 Mon Sep 17 00:00:00 2001 From: Yonel Ceruto Date: Tue, 22 May 2018 12:15:23 -0400 Subject: [PATCH 19/74] Fixed content trace CSS in profiler --- .../Resources/views/Profiler/profiler.css.twig | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/Symfony/Bundle/WebProfilerBundle/Resources/views/Profiler/profiler.css.twig b/src/Symfony/Bundle/WebProfilerBundle/Resources/views/Profiler/profiler.css.twig index 96cd8878a8091..40138d07ffb17 100644 --- a/src/Symfony/Bundle/WebProfilerBundle/Resources/views/Profiler/profiler.css.twig +++ b/src/Symfony/Bundle/WebProfilerBundle/Resources/views/Profiler/profiler.css.twig @@ -898,6 +898,7 @@ table.logs .metadata { background: #FFF; padding: 10px; margin: 0.5em 0; + overflow: auto; } #collector-content .sf-validator .trace { font-size: 12px; @@ -929,6 +930,7 @@ table.logs .metadata { background: #FFF; padding: 10px; margin: 0.5em 0; + overflow: auto; } #collector-content pre.sf-dump, From a7a1325eabe98d8e4421622801ee25583f83d957 Mon Sep 17 00:00:00 2001 From: Peter Kokot Date: Wed, 23 May 2018 08:22:59 +0200 Subject: [PATCH 20/74] [Validator] Update sl translation --- .../Validator/Resources/translations/validators.sl.xlf | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/src/Symfony/Component/Validator/Resources/translations/validators.sl.xlf b/src/Symfony/Component/Validator/Resources/translations/validators.sl.xlf index 834db4015e8e4..6f5fd98ca192e 100644 --- a/src/Symfony/Component/Validator/Resources/translations/validators.sl.xlf +++ b/src/Symfony/Component/Validator/Resources/translations/validators.sl.xlf @@ -314,6 +314,10 @@ This is not a valid Business Identifier Code (BIC). To ni veljavna identifikacijska koda podjetja (BIC). + + Error + Napaka + From 0ecaefe17954c44d0e1f1b058e3dc85d43aa0d4e Mon Sep 17 00:00:00 2001 From: Alessandro Chitolina Date: Wed, 23 May 2018 10:10:33 +0200 Subject: [PATCH 21/74] [HttpKernel] fix deprecation in AbstractTestSessionListener --- .../EventListener/AbstractTestSessionListener.php | 4 +++- .../Tests/EventListener/TestSessionListenerTest.php | 10 ++++++++++ 2 files changed, 13 insertions(+), 1 deletion(-) diff --git a/src/Symfony/Component/HttpKernel/EventListener/AbstractTestSessionListener.php b/src/Symfony/Component/HttpKernel/EventListener/AbstractTestSessionListener.php index 82061fd6ea0fc..f07647f8a67dc 100644 --- a/src/Symfony/Component/HttpKernel/EventListener/AbstractTestSessionListener.php +++ b/src/Symfony/Component/HttpKernel/EventListener/AbstractTestSessionListener.php @@ -61,10 +61,12 @@ public function onKernelResponse(FilterResponseEvent $event) return; } - if (!$session = $event->getRequest()->getSession()) { + $request = $event->getRequest(); + if (!$request->hasSession()) { return; } + $session = $request->getSession(); if ($wasStarted = $session->isStarted()) { $session->save(); } diff --git a/src/Symfony/Component/HttpKernel/Tests/EventListener/TestSessionListenerTest.php b/src/Symfony/Component/HttpKernel/Tests/EventListener/TestSessionListenerTest.php index 22a2b71239874..84ca04a680d61 100644 --- a/src/Symfony/Component/HttpKernel/Tests/EventListener/TestSessionListenerTest.php +++ b/src/Symfony/Component/HttpKernel/Tests/EventListener/TestSessionListenerTest.php @@ -123,6 +123,16 @@ public function testDoesNotImplementServiceSubscriberInterface() $this->assertFalse(is_subclass_of(TestSessionListener::class, ServiceSubscriberInterface::class, 'Implementing ServiceSubscriberInterface would create a dep on the DI component, which eg Silex cannot afford')); } + public function testDoesNotThrowIfRequestDoesNotHaveASession() + { + $kernel = $this->getMockBuilder('Symfony\Component\HttpKernel\HttpKernelInterface')->getMock(); + $event = new FilterResponseEvent($kernel, new Request(), HttpKernelInterface::MASTER_REQUEST, new Response()); + + $this->listener->onKernelResponse($event); + + $this->assertTrue(true); + } + private function filterResponse(Request $request, $type = HttpKernelInterface::MASTER_REQUEST) { $request->setSession($this->session); From 3e0a0f4cb57127b1c9ae63e93f749e7993ba99a5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=A9r=C3=B4me?= Date: Wed, 23 May 2018 12:02:33 +0200 Subject: [PATCH 22/74] Fix missing use in UserInterface Fix missing Role use used for getRoles return type. --- src/Symfony/Component/Security/Core/User/UserInterface.php | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/Symfony/Component/Security/Core/User/UserInterface.php b/src/Symfony/Component/Security/Core/User/UserInterface.php index 0a359d079da19..0ce8eca92aa4e 100644 --- a/src/Symfony/Component/Security/Core/User/UserInterface.php +++ b/src/Symfony/Component/Security/Core/User/UserInterface.php @@ -11,6 +11,8 @@ namespace Symfony\Component\Security\Core\User; +use Symfony\Component\Security\Core\Role\Role; + /** * Represents the interface that all user classes must implement. * From d8fb1b97c9593a120b4781ab721f584fe82aa390 Mon Sep 17 00:00:00 2001 From: Christophe Coevoet Date: Wed, 23 May 2018 12:38:43 +0200 Subject: [PATCH 23/74] Remove reference to the test container after kernel shutdown This reference is not working anymore, as the main container was reset and cleaned. Keeping a reference to the test container will prevent collecting the object graph. --- src/Symfony/Bundle/FrameworkBundle/Test/KernelTestCase.php | 1 + 1 file changed, 1 insertion(+) diff --git a/src/Symfony/Bundle/FrameworkBundle/Test/KernelTestCase.php b/src/Symfony/Bundle/FrameworkBundle/Test/KernelTestCase.php index 8dfc292073ed8..351d27900e83a 100644 --- a/src/Symfony/Bundle/FrameworkBundle/Test/KernelTestCase.php +++ b/src/Symfony/Bundle/FrameworkBundle/Test/KernelTestCase.php @@ -123,6 +123,7 @@ protected static function ensureKernelShutdown() $container->reset(); } } + static::$container = null; } /** From 0cf874e23e12cad4e3546de10aa793e5fe8a31f0 Mon Sep 17 00:00:00 2001 From: Nicolas Grekas Date: Fri, 18 May 2018 09:42:46 +0200 Subject: [PATCH 24/74] [HttpFoundation] Break infinite loop in PdoSessionHandler when MySQL is in loose mode --- .../Session/Storage/Handler/PdoSessionHandler.php | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/src/Symfony/Component/HttpFoundation/Session/Storage/Handler/PdoSessionHandler.php b/src/Symfony/Component/HttpFoundation/Session/Storage/Handler/PdoSessionHandler.php index 0825ee6ea9899..bb000f5c9a7a0 100644 --- a/src/Symfony/Component/HttpFoundation/Session/Storage/Handler/PdoSessionHandler.php +++ b/src/Symfony/Component/HttpFoundation/Session/Storage/Handler/PdoSessionHandler.php @@ -494,6 +494,7 @@ private function doRead($sessionId) $selectSql = $this->getSelectSql(); $selectStmt = $this->pdo->prepare($selectSql); $selectStmt->bindParam(':id', $sessionId, \PDO::PARAM_STR); + $insertStmt = null; do { $selectStmt->execute(); @@ -509,6 +510,11 @@ private function doRead($sessionId) return is_resource($sessionRows[0][0]) ? stream_get_contents($sessionRows[0][0]) : $sessionRows[0][0]; } + if (null !== $insertStmt) { + $this->rollback(); + throw new \RuntimeException('Failed to read session: INSERT reported a duplicate id but next SELECT did not return any data.'); + } + if (self::LOCK_TRANSACTIONAL === $this->lockMode && 'sqlite' !== $this->driver) { // Exclusive-reading of non-existent rows does not block, so we need to do an insert to block // until other connections to the session are committed. From a5855e8c9700c4f438cfad5e3e2cbf5994298605 Mon Sep 17 00:00:00 2001 From: Ryan Weaver Date: Sat, 10 Feb 2018 17:35:59 -0500 Subject: [PATCH 25/74] Adding session strategy to ALL listeners to avoid *any* possible fixation --- .../AbstractPreAuthenticatedListener.php | 15 +++++++++++++++ .../Firewall/BasicAuthenticationListener.php | 16 ++++++++++++++++ .../Firewall/DigestAuthenticationListener.php | 14 ++++++++++++++ .../Firewall/SimplePreAuthenticationListener.php | 16 ++++++++++++++++ .../Session/SessionAuthenticationStrategy.php | 5 ++++- .../SessionAuthenticationStrategyInterface.php | 4 ++-- 6 files changed, 67 insertions(+), 3 deletions(-) diff --git a/src/Symfony/Component/Security/Http/Firewall/AbstractPreAuthenticatedListener.php b/src/Symfony/Component/Security/Http/Firewall/AbstractPreAuthenticatedListener.php index 0065fe8237c3e..2054c4aa0774e 100644 --- a/src/Symfony/Component/Security/Http/Firewall/AbstractPreAuthenticatedListener.php +++ b/src/Symfony/Component/Security/Http/Firewall/AbstractPreAuthenticatedListener.php @@ -82,6 +82,9 @@ final public function handle(GetResponseEvent $event) if (null !== $this->logger) { $this->logger->info('Pre-authentication successful.', array('token' => (string) $token)); } + + $this->migrateSession($request); + $this->tokenStorage->setToken($token); if (null !== $this->dispatcher) { @@ -114,4 +117,16 @@ private function clearToken(AuthenticationException $exception) * @return array An array composed of the user and the credentials */ abstract protected function getPreAuthenticatedData(Request $request); + + private function migrateSession(Request $request) + { + if (!$request->hasSession() || !$request->hasPreviousSession()) { + return; + } + + // Destroying the old session is broken in php 5.4.0 - 5.4.10 + // See https://bugs.php.net/63379 + $destroy = \PHP_VERSION_ID < 50400 || \PHP_VERSION_ID >= 50411; + $request->getSession()->migrate($destroy); + } } diff --git a/src/Symfony/Component/Security/Http/Firewall/BasicAuthenticationListener.php b/src/Symfony/Component/Security/Http/Firewall/BasicAuthenticationListener.php index 1ddc41643448e..63bd013c64e31 100644 --- a/src/Symfony/Component/Security/Http/Firewall/BasicAuthenticationListener.php +++ b/src/Symfony/Component/Security/Http/Firewall/BasicAuthenticationListener.php @@ -11,6 +11,7 @@ namespace Symfony\Component\Security\Http\Firewall; +use Symfony\Component\HttpFoundation\Request; use Symfony\Component\Security\Core\Authentication\AuthenticationManagerInterface; use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface; use Symfony\Component\Security\Http\EntryPoint\AuthenticationEntryPointInterface; @@ -70,6 +71,9 @@ public function handle(GetResponseEvent $event) try { $token = $this->authenticationManager->authenticate(new UsernamePasswordToken($username, $request->headers->get('PHP_AUTH_PW'), $this->providerKey)); + + $this->migrateSession($request); + $this->tokenStorage->setToken($token); } catch (AuthenticationException $e) { $token = $this->tokenStorage->getToken(); @@ -88,4 +92,16 @@ public function handle(GetResponseEvent $event) $event->setResponse($this->authenticationEntryPoint->start($request, $e)); } } + + private function migrateSession(Request $request) + { + if (!$request->hasSession() || !$request->hasPreviousSession()) { + return; + } + + // Destroying the old session is broken in php 5.4.0 - 5.4.10 + // See https://bugs.php.net/63379 + $destroy = \PHP_VERSION_ID < 50400 || \PHP_VERSION_ID >= 50411; + $request->getSession()->migrate($destroy); + } } diff --git a/src/Symfony/Component/Security/Http/Firewall/DigestAuthenticationListener.php b/src/Symfony/Component/Security/Http/Firewall/DigestAuthenticationListener.php index 070d61a6740e4..91b46e4f8197a 100644 --- a/src/Symfony/Component/Security/Http/Firewall/DigestAuthenticationListener.php +++ b/src/Symfony/Component/Security/Http/Firewall/DigestAuthenticationListener.php @@ -118,6 +118,8 @@ public function handle(GetResponseEvent $event) $this->logger->info('Digest authentication successful.', array('username' => $digestAuth->getUsername(), 'received' => $digestAuth->getResponse())); } + $this->migrateSession($request); + $this->tokenStorage->setToken(new UsernamePasswordToken($user, $user->getPassword(), $this->providerKey)); } @@ -134,6 +136,18 @@ private function fail(GetResponseEvent $event, Request $request, AuthenticationE $event->setResponse($this->authenticationEntryPoint->start($request, $authException)); } + + private function migrateSession(Request $request) + { + if (!$request->hasSession() || !$request->hasPreviousSession()) { + return; + } + + // Destroying the old session is broken in php 5.4.0 - 5.4.10 + // See https://bugs.php.net/63379 + $destroy = \PHP_VERSION_ID < 50400 || \PHP_VERSION_ID >= 50411; + $request->getSession()->migrate($destroy); + } } class DigestData diff --git a/src/Symfony/Component/Security/Http/Firewall/SimplePreAuthenticationListener.php b/src/Symfony/Component/Security/Http/Firewall/SimplePreAuthenticationListener.php index dd51869405547..23e517969f4e5 100644 --- a/src/Symfony/Component/Security/Http/Firewall/SimplePreAuthenticationListener.php +++ b/src/Symfony/Component/Security/Http/Firewall/SimplePreAuthenticationListener.php @@ -11,6 +11,7 @@ namespace Symfony\Component\Security\Http\Firewall; +use Symfony\Component\HttpFoundation\Request; use Symfony\Component\Security\Core\Authentication\AuthenticationManagerInterface; use Psr\Log\LoggerInterface; use Symfony\Component\HttpKernel\Event\GetResponseEvent; @@ -85,6 +86,9 @@ public function handle(GetResponseEvent $event) } $token = $this->authenticationManager->authenticate($token); + + $this->migrateSession($request); + $this->tokenStorage->setToken($token); if (null !== $this->dispatcher) { @@ -119,4 +123,16 @@ public function handle(GetResponseEvent $event) } } } + + private function migrateSession(Request $request) + { + if (!$request->hasSession() || !$request->hasPreviousSession()) { + return; + } + + // Destroying the old session is broken in php 5.4.0 - 5.4.10 + // See https://bugs.php.net/63379 + $destroy = \PHP_VERSION_ID < 50400 || \PHP_VERSION_ID >= 50411; + $request->getSession()->migrate($destroy); + } } diff --git a/src/Symfony/Component/Security/Http/Session/SessionAuthenticationStrategy.php b/src/Symfony/Component/Security/Http/Session/SessionAuthenticationStrategy.php index b431289392561..15e9b24bb9771 100644 --- a/src/Symfony/Component/Security/Http/Session/SessionAuthenticationStrategy.php +++ b/src/Symfony/Component/Security/Http/Session/SessionAuthenticationStrategy.php @@ -47,8 +47,11 @@ public function onAuthentication(Request $request, TokenInterface $token) return; case self::MIGRATE: + // Note: this logic is duplicated in several authentication listeners + // until Symfony 5.0 due to a security fix with BC compat + // Destroying the old session is broken in php 5.4.0 - 5.4.10 - // See php bug #63379 + // See https://bugs.php.net/63379 $destroy = \PHP_VERSION_ID < 50400 || \PHP_VERSION_ID >= 50411; $request->getSession()->migrate($destroy); diff --git a/src/Symfony/Component/Security/Http/Session/SessionAuthenticationStrategyInterface.php b/src/Symfony/Component/Security/Http/Session/SessionAuthenticationStrategyInterface.php index 9b05f151340ee..8de89b1868d16 100644 --- a/src/Symfony/Component/Security/Http/Session/SessionAuthenticationStrategyInterface.php +++ b/src/Symfony/Component/Security/Http/Session/SessionAuthenticationStrategyInterface.php @@ -27,8 +27,8 @@ interface SessionAuthenticationStrategyInterface /** * This performs any necessary changes to the session. * - * This method is called before the TokenStorage is populated with a - * Token, and only by classes inheriting from AbstractAuthenticationListener. + * This method should be called before the TokenStorage is populated with a + * Token. It should be used by authentication listeners when a session is used. */ public function onAuthentication(Request $request, TokenInterface $token); } From f2e83ba44df88adea3268ab81380417cb7366538 Mon Sep 17 00:00:00 2001 From: Ryan Weaver Date: Thu, 1 Feb 2018 08:53:47 -0500 Subject: [PATCH 26/74] Adding session authentication strategy to Guard to avoid session fixation --- .../Security/Guard/GuardAuthenticatorHandler.php | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/src/Symfony/Component/Security/Guard/GuardAuthenticatorHandler.php b/src/Symfony/Component/Security/Guard/GuardAuthenticatorHandler.php index 3b62c41253a22..5e6eba339bf64 100644 --- a/src/Symfony/Component/Security/Guard/GuardAuthenticatorHandler.php +++ b/src/Symfony/Component/Security/Guard/GuardAuthenticatorHandler.php @@ -46,6 +46,7 @@ public function __construct(TokenStorageInterface $tokenStorage, EventDispatcher */ public function authenticateWithToken(TokenInterface $token, Request $request) { + $this->migrateSession($request); $this->tokenStorage->setToken($token); if (null !== $this->dispatcher) { @@ -127,4 +128,16 @@ public function handleAuthenticationFailure(AuthenticationException $authenticat is_object($response) ? get_class($response) : gettype($response) )); } + + private function migrateSession(Request $request) + { + if (!$request->hasSession() || !$request->hasPreviousSession()) { + return; + } + + // Destroying the old session is broken in php 5.4.0 - 5.4.10 + // See https://bugs.php.net/63379 + $destroy = \PHP_VERSION_ID < 50400 || \PHP_VERSION_ID >= 50411; + $request->getSession()->migrate($destroy); + } } From 625fece149cc5257ed0a4099713977b0385f719d Mon Sep 17 00:00:00 2001 From: Ryan Weaver Date: Tue, 22 May 2018 10:38:56 -0400 Subject: [PATCH 27/74] migrating session for UsernamePasswordJsonAuthenticationListener --- .../UsernamePasswordJsonAuthenticationListener.php | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/src/Symfony/Component/Security/Http/Firewall/UsernamePasswordJsonAuthenticationListener.php b/src/Symfony/Component/Security/Http/Firewall/UsernamePasswordJsonAuthenticationListener.php index 955288c23c375..748ba07ad81ee 100644 --- a/src/Symfony/Component/Security/Http/Firewall/UsernamePasswordJsonAuthenticationListener.php +++ b/src/Symfony/Component/Security/Http/Firewall/UsernamePasswordJsonAuthenticationListener.php @@ -139,6 +139,8 @@ private function onSuccess(Request $request, TokenInterface $token) $this->logger->info('User has been authenticated successfully.', array('username' => $token->getUsername())); } + $this->migrateSession($request); + $this->tokenStorage->setToken($token); if (null !== $this->eventDispatcher) { @@ -182,4 +184,15 @@ private function onFailure(Request $request, AuthenticationException $failed) return $response; } + + private function migrateSession(Request $request) + { + if (!$request->hasSession() || !$request->hasPreviousSession()) { + return; + } + // Destroying the old session is broken in php 5.4.0 - 5.4.10 + // See https://bugs.php.net/63379 + $destroy = \PHP_VERSION_ID < 50400 || \PHP_VERSION_ID >= 50411; + $request->getSession()->migrate($destroy); + } } From 891ae6b28b33dc3482ed6a5724976cf01b57df78 Mon Sep 17 00:00:00 2001 From: Ryan Weaver Date: Tue, 22 May 2018 10:38:56 -0400 Subject: [PATCH 28/74] migrating session for UsernamePasswordJsonAuthenticationListener --- .../UsernamePasswordJsonAuthenticationListener.php | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/src/Symfony/Component/Security/Http/Firewall/UsernamePasswordJsonAuthenticationListener.php b/src/Symfony/Component/Security/Http/Firewall/UsernamePasswordJsonAuthenticationListener.php index 955288c23c375..748ba07ad81ee 100644 --- a/src/Symfony/Component/Security/Http/Firewall/UsernamePasswordJsonAuthenticationListener.php +++ b/src/Symfony/Component/Security/Http/Firewall/UsernamePasswordJsonAuthenticationListener.php @@ -139,6 +139,8 @@ private function onSuccess(Request $request, TokenInterface $token) $this->logger->info('User has been authenticated successfully.', array('username' => $token->getUsername())); } + $this->migrateSession($request); + $this->tokenStorage->setToken($token); if (null !== $this->eventDispatcher) { @@ -182,4 +184,15 @@ private function onFailure(Request $request, AuthenticationException $failed) return $response; } + + private function migrateSession(Request $request) + { + if (!$request->hasSession() || !$request->hasPreviousSession()) { + return; + } + // Destroying the old session is broken in php 5.4.0 - 5.4.10 + // See https://bugs.php.net/63379 + $destroy = \PHP_VERSION_ID < 50400 || \PHP_VERSION_ID >= 50411; + $request->getSession()->migrate($destroy); + } } From 87b3ad91d240e1b2a4b5c30e038e177f5cb40c4d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Gabriel=20Ostroluck=C3=BD?= Date: Wed, 23 May 2018 22:28:22 +0200 Subject: [PATCH 29/74] [PhpUnitBridge] silence some stderr outputs --- src/Symfony/Bridge/PhpUnit/Tests/CoverageListenerTest.php | 4 ++-- src/Symfony/Bridge/PhpUnit/bin/simple-phpunit | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/src/Symfony/Bridge/PhpUnit/Tests/CoverageListenerTest.php b/src/Symfony/Bridge/PhpUnit/Tests/CoverageListenerTest.php index 957499dfb6a2b..83f4085c8051e 100644 --- a/src/Symfony/Bridge/PhpUnit/Tests/CoverageListenerTest.php +++ b/src/Symfony/Bridge/PhpUnit/Tests/CoverageListenerTest.php @@ -31,11 +31,11 @@ public function test() $dir = __DIR__.'/../Tests/Fixtures/coverage'; $phpunit = $_SERVER['argv'][0]; - exec("$php $phpunit -c $dir/phpunit-without-listener.xml.dist $dir/tests/ --coverage-text", $output); + exec("$php $phpunit -c $dir/phpunit-without-listener.xml.dist $dir/tests/ --coverage-text 2> /dev/null", $output); $output = implode("\n", $output); $this->assertContains('FooCov', $output); - exec("$php $phpunit -c $dir/phpunit-with-listener.xml.dist $dir/tests/ --coverage-text", $output); + exec("$php $phpunit -c $dir/phpunit-with-listener.xml.dist $dir/tests/ --coverage-text 2> /dev/null", $output); $output = implode("\n", $output); $this->assertNotContains('FooCov', $output); $this->assertContains("SutNotFoundTest::test\nCould not find the tested class.", $output); diff --git a/src/Symfony/Bridge/PhpUnit/bin/simple-phpunit b/src/Symfony/Bridge/PhpUnit/bin/simple-phpunit index a824eae8f2ab4..59c7a1fe3565e 100755 --- a/src/Symfony/Bridge/PhpUnit/bin/simple-phpunit +++ b/src/Symfony/Bridge/PhpUnit/bin/simple-phpunit @@ -47,7 +47,7 @@ if ('phpdbg' === PHP_SAPI) { $PHP .= ' -qrr'; } -$COMPOSER = file_exists($COMPOSER = $oldPwd.'/composer.phar') || ($COMPOSER = rtrim('\\' === DIRECTORY_SEPARATOR ? preg_replace('/[\r\n].*/', '', `where.exe composer.phar`) : `which composer.phar`)) +$COMPOSER = file_exists($COMPOSER = $oldPwd.'/composer.phar') || ($COMPOSER = rtrim('\\' === DIRECTORY_SEPARATOR ? preg_replace('/[\r\n].*/', '', `where.exe composer.phar`) : `which composer.phar 2> /dev/null`)) ? $PHP.' '.escapeshellarg($COMPOSER) : 'composer'; From f8e7a18d1b21e0e0127deb56622ff9f52b4bd886 Mon Sep 17 00:00:00 2001 From: Nicolas Grekas Date: Wed, 23 May 2018 23:20:28 +0200 Subject: [PATCH 30/74] [HttpFoundation] Fix perf issue during MimeTypeGuesser intialization --- .../File/MimeType/MimeTypeGuesser.php | 21 ++++++------------- 1 file changed, 6 insertions(+), 15 deletions(-) diff --git a/src/Symfony/Component/HttpFoundation/File/MimeType/MimeTypeGuesser.php b/src/Symfony/Component/HttpFoundation/File/MimeType/MimeTypeGuesser.php index e3ef45ef672cf..d78c76068234f 100644 --- a/src/Symfony/Component/HttpFoundation/File/MimeType/MimeTypeGuesser.php +++ b/src/Symfony/Component/HttpFoundation/File/MimeType/MimeTypeGuesser.php @@ -80,13 +80,8 @@ public static function reset() */ private function __construct() { - if (FileBinaryMimeTypeGuesser::isSupported()) { - $this->register(new FileBinaryMimeTypeGuesser()); - } - - if (FileinfoMimeTypeGuesser::isSupported()) { - $this->register(new FileinfoMimeTypeGuesser()); - } + $this->register(new FileBinaryMimeTypeGuesser()); + $this->register(new FileinfoMimeTypeGuesser()); } /** @@ -125,18 +120,14 @@ public function guess($path) throw new AccessDeniedException($path); } - if (!$this->guessers) { - $msg = 'Unable to guess the mime type as no guessers are available'; - if (!FileinfoMimeTypeGuesser::isSupported()) { - $msg .= ' (Did you enable the php_fileinfo extension?)'; - } - throw new \LogicException($msg); - } - foreach ($this->guessers as $guesser) { if (null !== $mimeType = $guesser->guess($path)) { return $mimeType; } } + + if (2 === \count($this->guessers) && !FileBinaryMimeTypeGuesser::isSupported() && !FileinfoMimeTypeGuesser::isSupported()) { + throw new \LogicException('Unable to guess the mime type as no guessers are available (Did you enable the php_fileinfo extension?)'); + } } } From 1314a952cd45525dd7b574d185fa5cafdeba9632 Mon Sep 17 00:00:00 2001 From: Nicolas Grekas Date: Thu, 24 May 2018 09:11:23 +0200 Subject: [PATCH 31/74] [DI] remove dead code --- .../DependencyInjection/LazyProxy/ProxyHelper.php | 13 ------------- 1 file changed, 13 deletions(-) diff --git a/src/Symfony/Component/DependencyInjection/LazyProxy/ProxyHelper.php b/src/Symfony/Component/DependencyInjection/LazyProxy/ProxyHelper.php index 84686efff5d6a..57ea90eae0e5e 100644 --- a/src/Symfony/Component/DependencyInjection/LazyProxy/ProxyHelper.php +++ b/src/Symfony/Component/DependencyInjection/LazyProxy/ProxyHelper.php @@ -62,17 +62,4 @@ public static function getTypeHint(\ReflectionFunctionAbstract $r, \ReflectionPa return $prefix.$parent->name; } } - - private static function export($value) - { - if (!is_array($value)) { - return var_export($value, true); - } - $code = array(); - foreach ($value as $k => $v) { - $code[] = sprintf('%s => %s', var_export($k, true), self::export($v)); - } - - return sprintf('array(%s)', implode(', ', $code)); - } } From e88e0f30f168958ac311b7d865b26b30a572dac9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?K=C3=A9vin=20Dunglas?= Date: Thu, 24 May 2018 13:48:55 +0200 Subject: [PATCH 32/74] [Serializer] Check the value of enable_max_depth if defined --- .../Component/Serializer/Normalizer/AbstractObjectNormalizer.php | 1 + 1 file changed, 1 insertion(+) diff --git a/src/Symfony/Component/Serializer/Normalizer/AbstractObjectNormalizer.php b/src/Symfony/Component/Serializer/Normalizer/AbstractObjectNormalizer.php index 08fbc5fa3fd88..e02626a5fdf1c 100644 --- a/src/Symfony/Component/Serializer/Normalizer/AbstractObjectNormalizer.php +++ b/src/Symfony/Component/Serializer/Normalizer/AbstractObjectNormalizer.php @@ -333,6 +333,7 @@ private function isMaxDepthReached(array $attributesMetadata, $class, $attribute { if ( !isset($context[static::ENABLE_MAX_DEPTH]) || + !$context[static::ENABLE_MAX_DEPTH] || !isset($attributesMetadata[$attribute]) || null === $maxDepth = $attributesMetadata[$attribute]->getMaxDepth() ) { From 8bba68f811ff9cadfb403a67b2ab307797d2ac74 Mon Sep 17 00:00:00 2001 From: Nicolas Grekas Date: Thu, 24 May 2018 13:25:06 +0200 Subject: [PATCH 33/74] [DI] Fix bad exception on uninitialized references to non-shared services --- ...xceptionOnInvalidReferenceBehaviorPass.php | 4 ---- .../DependencyInjection/Dumper/PhpDumper.php | 3 +++ ...tionOnInvalidReferenceBehaviorPassTest.php | 21 ------------------- 3 files changed, 3 insertions(+), 25 deletions(-) diff --git a/src/Symfony/Component/DependencyInjection/Compiler/CheckExceptionOnInvalidReferenceBehaviorPass.php b/src/Symfony/Component/DependencyInjection/Compiler/CheckExceptionOnInvalidReferenceBehaviorPass.php index 7ffedd3dc0523..d33c376df1d9e 100644 --- a/src/Symfony/Component/DependencyInjection/Compiler/CheckExceptionOnInvalidReferenceBehaviorPass.php +++ b/src/Symfony/Component/DependencyInjection/Compiler/CheckExceptionOnInvalidReferenceBehaviorPass.php @@ -11,7 +11,6 @@ namespace Symfony\Component\DependencyInjection\Compiler; -use Symfony\Component\DependencyInjection\Exception\InvalidArgumentException; use Symfony\Component\DependencyInjection\Exception\ServiceNotFoundException; use Symfony\Component\DependencyInjection\ContainerInterface; use Symfony\Component\DependencyInjection\Reference; @@ -31,9 +30,6 @@ protected function processValue($value, $isRoot = false) if (ContainerInterface::EXCEPTION_ON_INVALID_REFERENCE === $value->getInvalidBehavior() && !$this->container->has($id = (string) $value)) { throw new ServiceNotFoundException($id, $this->currentId); } - if (ContainerInterface::IGNORE_ON_UNINITIALIZED_REFERENCE === $value->getInvalidBehavior() && $this->container->has($id = (string) $value) && !$this->container->findDefinition($id)->isShared()) { - throw new InvalidArgumentException(sprintf('Invalid ignore-on-uninitialized reference found in service "%s": target service "%s" is not shared.', $this->currentId, $id)); - } return $value; } diff --git a/src/Symfony/Component/DependencyInjection/Dumper/PhpDumper.php b/src/Symfony/Component/DependencyInjection/Dumper/PhpDumper.php index a92e11e503c49..d640b9a2351d1 100644 --- a/src/Symfony/Component/DependencyInjection/Dumper/PhpDumper.php +++ b/src/Symfony/Component/DependencyInjection/Dumper/PhpDumper.php @@ -1896,6 +1896,9 @@ private function getServiceCall($id, Reference $reference = null) if ($this->container->hasDefinition($id) && ($definition = $this->container->getDefinition($id)) && !$definition->isSynthetic()) { if (null !== $reference && ContainerInterface::IGNORE_ON_UNINITIALIZED_REFERENCE === $reference->getInvalidBehavior()) { $code = 'null'; + if (!$definition->isShared()) { + return $code; + } } elseif ($this->isTrivialInstance($definition)) { $code = substr($this->addNewInstance($definition, '', '', $id), 8, -2); if ($definition->isShared()) { diff --git a/src/Symfony/Component/DependencyInjection/Tests/Compiler/CheckExceptionOnInvalidReferenceBehaviorPassTest.php b/src/Symfony/Component/DependencyInjection/Tests/Compiler/CheckExceptionOnInvalidReferenceBehaviorPassTest.php index ac002d834d1c5..a3fbfcf10132f 100644 --- a/src/Symfony/Component/DependencyInjection/Tests/Compiler/CheckExceptionOnInvalidReferenceBehaviorPassTest.php +++ b/src/Symfony/Component/DependencyInjection/Tests/Compiler/CheckExceptionOnInvalidReferenceBehaviorPassTest.php @@ -68,27 +68,6 @@ public function testProcessThrowsExceptionOnInvalidReferenceFromInlinedDefinitio $this->process($container); } - /** - * @expectedException \Symfony\Component\DependencyInjection\Exception\InvalidArgumentException - * @expectedExceptionMessage Invalid ignore-on-uninitialized reference found in service - */ - public function testProcessThrowsExceptionOnNonSharedUninitializedReference() - { - $container = new ContainerBuilder(); - - $container - ->register('a', 'stdClass') - ->addArgument(new Reference('b', $container::IGNORE_ON_UNINITIALIZED_REFERENCE)) - ; - - $container - ->register('b', 'stdClass') - ->setShared(false) - ; - - $this->process($container); - } - public function testProcessDefinitionWithBindings() { $container = new ContainerBuilder(); From 4b91c171af18ea2fb40200b05bed325cbfaf5ba5 Mon Sep 17 00:00:00 2001 From: Christian Flothmann Date: Fri, 18 May 2018 19:27:18 +0200 Subject: [PATCH 34/74] clear CSRF tokens when the user is logged out --- ...sterCsrfTokenClearingLogoutHandlerPass.php | 42 ++++++++++ .../Bundle/SecurityBundle/SecurityBundle.php | 2 + .../Tests/Functional/LogoutTest.php | 18 +++++ .../bundles.php | 18 +++++ .../config.yml | 26 +++++++ .../routing.yml | 5 ++ .../Bundle/SecurityBundle/composer.json | 2 +- .../NativeSessionTokenStorageTest.php | 28 +++++++ .../TokenStorage/SessionTokenStorageTest.php | 27 +++++++ .../ClearableTokenStorageInterface.php | 23 ++++++ .../NativeSessionTokenStorage.php | 10 ++- .../Csrf/TokenStorage/SessionTokenStorage.php | 14 +++- .../Logout/CsrfTokenClearingLogoutHandler.php | 35 +++++++++ .../CsrfTokenClearingLogoutHandlerTest.php | 76 +++++++++++++++++++ .../Component/Security/Http/composer.json | 5 +- 15 files changed, 327 insertions(+), 4 deletions(-) create mode 100644 src/Symfony/Bundle/SecurityBundle/DependencyInjection/Compiler/RegisterCsrfTokenClearingLogoutHandlerPass.php create mode 100644 src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/LogoutWithoutSessionInvalidation/bundles.php create mode 100644 src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/LogoutWithoutSessionInvalidation/config.yml create mode 100644 src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/LogoutWithoutSessionInvalidation/routing.yml create mode 100644 src/Symfony/Component/Security/Csrf/TokenStorage/ClearableTokenStorageInterface.php create mode 100644 src/Symfony/Component/Security/Http/Logout/CsrfTokenClearingLogoutHandler.php create mode 100644 src/Symfony/Component/Security/Http/Tests/Logout/CsrfTokenClearingLogoutHandlerTest.php diff --git a/src/Symfony/Bundle/SecurityBundle/DependencyInjection/Compiler/RegisterCsrfTokenClearingLogoutHandlerPass.php b/src/Symfony/Bundle/SecurityBundle/DependencyInjection/Compiler/RegisterCsrfTokenClearingLogoutHandlerPass.php new file mode 100644 index 0000000000000..d4d28ecc4eb35 --- /dev/null +++ b/src/Symfony/Bundle/SecurityBundle/DependencyInjection/Compiler/RegisterCsrfTokenClearingLogoutHandlerPass.php @@ -0,0 +1,42 @@ + + * + * For the full copyright and license information, please view the LICENSE + * file that was distributed with this source code. + */ + +namespace Symfony\Bundle\SecurityBundle\DependencyInjection\Compiler; + +use Symfony\Component\DependencyInjection\Compiler\CompilerPassInterface; +use Symfony\Component\DependencyInjection\ContainerBuilder; +use Symfony\Component\DependencyInjection\Reference; + +/** + * @author Christian Flothmann + */ +class RegisterCsrfTokenClearingLogoutHandlerPass implements CompilerPassInterface +{ + public function process(ContainerBuilder $container) + { + if (!$container->has('security.logout_listener') || !$container->has('security.csrf.token_storage')) { + return; + } + + $csrfTokenStorage = $container->findDefinition('security.csrf.token_storage'); + $csrfTokenStorageClass = $container->getParameterBag()->resolveValue($csrfTokenStorage->getClass()); + + if (!is_subclass_of($csrfTokenStorageClass, 'Symfony\Component\Security\Csrf\TokenStorage\ClearableTokenStorageInterface')) { + return; + } + + $container->register('security.logout.handler.csrf_token_clearing', 'Symfony\Component\Security\Http\Logout\CsrfTokenClearingLogoutHandler') + ->addArgument(new Reference('security.csrf.token_storage')) + ->setPublic(false); + + $container->findDefinition('security.logout_listener')->addMethodCall('addHandler', array(new Reference('security.logout.handler.csrf_token_clearing'))); + } +} diff --git a/src/Symfony/Bundle/SecurityBundle/SecurityBundle.php b/src/Symfony/Bundle/SecurityBundle/SecurityBundle.php index 9bcd504a9c25e..80ccb554ed73e 100644 --- a/src/Symfony/Bundle/SecurityBundle/SecurityBundle.php +++ b/src/Symfony/Bundle/SecurityBundle/SecurityBundle.php @@ -11,6 +11,7 @@ namespace Symfony\Bundle\SecurityBundle; +use Symfony\Bundle\SecurityBundle\DependencyInjection\Compiler\RegisterCsrfTokenClearingLogoutHandlerPass; use Symfony\Component\HttpKernel\Bundle\Bundle; use Symfony\Component\DependencyInjection\Compiler\PassConfig; use Symfony\Component\DependencyInjection\ContainerBuilder; @@ -50,5 +51,6 @@ public function build(ContainerBuilder $container) $extension->addUserProviderFactory(new InMemoryFactory()); $container->addCompilerPass(new AddSecurityVotersPass()); $container->addCompilerPass(new AddSessionDomainConstraintPass(), PassConfig::TYPE_AFTER_REMOVING); + $container->addCompilerPass(new RegisterCsrfTokenClearingLogoutHandlerPass()); } } diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/LogoutTest.php b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/LogoutTest.php index 7eeb7c21171ce..d3c3b77fd5d61 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/LogoutTest.php +++ b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/LogoutTest.php @@ -31,4 +31,22 @@ public function testSessionLessRememberMeLogout() $this->assertNull($cookieJar->get('REMEMBERME')); } + + public function testCsrfTokensAreClearedOnLogout() + { + $client = $this->createClient(array('test_case' => 'LogoutWithoutSessionInvalidation', 'root_config' => 'config.yml')); + $client->getContainer()->get('security.csrf.token_storage')->setToken('foo', 'bar'); + + $client->request('POST', '/login', array( + '_username' => 'johannes', + '_password' => 'test', + )); + + $this->assertTrue($client->getContainer()->get('security.csrf.token_storage')->hasToken('foo')); + $this->assertSame('bar', $client->getContainer()->get('security.csrf.token_storage')->getToken('foo')); + + $client->request('GET', '/logout'); + + $this->assertFalse($client->getContainer()->get('security.csrf.token_storage')->hasToken('foo')); + } } diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/LogoutWithoutSessionInvalidation/bundles.php b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/LogoutWithoutSessionInvalidation/bundles.php new file mode 100644 index 0000000000000..d90f774abde2b --- /dev/null +++ b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/LogoutWithoutSessionInvalidation/bundles.php @@ -0,0 +1,18 @@ + + * + * For the full copyright and license information, please view the LICENSE + * file that was distributed with this source code. + */ + +use Symfony\Bundle\SecurityBundle\SecurityBundle; +use Symfony\Bundle\FrameworkBundle\FrameworkBundle; + +return array( + new FrameworkBundle(), + new SecurityBundle(), +); diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/LogoutWithoutSessionInvalidation/config.yml b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/LogoutWithoutSessionInvalidation/config.yml new file mode 100644 index 0000000000000..d3fd8d0339e86 --- /dev/null +++ b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/LogoutWithoutSessionInvalidation/config.yml @@ -0,0 +1,26 @@ +imports: + - { resource: ./../config/framework.yml } + +security: + encoders: + Symfony\Component\Security\Core\User\User: plaintext + + providers: + in_memory: + memory: + users: + johannes: { password: test, roles: [ROLE_USER] } + + firewalls: + default: + form_login: + check_path: login + remember_me: true + require_previous_session: false + remember_me: + always_remember_me: true + key: key + logout: + invalidate_session: false + anonymous: ~ + stateless: true diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/LogoutWithoutSessionInvalidation/routing.yml b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/LogoutWithoutSessionInvalidation/routing.yml new file mode 100644 index 0000000000000..1dddfca2f8154 --- /dev/null +++ b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/LogoutWithoutSessionInvalidation/routing.yml @@ -0,0 +1,5 @@ +login: + path: /login + +logout: + path: /logout diff --git a/src/Symfony/Bundle/SecurityBundle/composer.json b/src/Symfony/Bundle/SecurityBundle/composer.json index 90edcf6e38cee..1536a1d5a89fb 100644 --- a/src/Symfony/Bundle/SecurityBundle/composer.json +++ b/src/Symfony/Bundle/SecurityBundle/composer.json @@ -18,7 +18,7 @@ "require": { "php": ">=5.3.9", "ext-xml": "*", - "symfony/security": "~2.7.47|~2.8.40", + "symfony/security": "~2.7.48|~2.8.41", "symfony/security-acl": "~2.7", "symfony/http-kernel": "~2.7" }, diff --git a/src/Symfony/Component/Security/Csrf/Tests/TokenStorage/NativeSessionTokenStorageTest.php b/src/Symfony/Component/Security/Csrf/Tests/TokenStorage/NativeSessionTokenStorageTest.php index d7931c09b2099..89086e5c565c3 100644 --- a/src/Symfony/Component/Security/Csrf/Tests/TokenStorage/NativeSessionTokenStorageTest.php +++ b/src/Symfony/Component/Security/Csrf/Tests/TokenStorage/NativeSessionTokenStorageTest.php @@ -116,4 +116,32 @@ public function testRemoveExistingToken() $this->assertSame('TOKEN', $this->storage->removeToken('token_id')); $this->assertFalse($this->storage->hasToken('token_id')); } + + public function testClearRemovesAllTokensFromTheConfiguredNamespace() + { + $this->storage->setToken('foo', 'bar'); + $this->storage->clear(); + + $this->assertFalse($this->storage->hasToken('foo')); + $this->assertArrayNotHasKey(self::SESSION_NAMESPACE, $_SESSION); + } + + public function testClearDoesNotRemoveSessionValuesFromOtherNamespaces() + { + $_SESSION['foo']['bar'] = 'baz'; + $this->storage->clear(); + + $this->assertArrayHasKey('foo', $_SESSION); + $this->assertArrayHasKey('bar', $_SESSION['foo']); + $this->assertSame('baz', $_SESSION['foo']['bar']); + } + + public function testClearDoesNotRemoveNonNamespacedSessionValues() + { + $_SESSION['foo'] = 'baz'; + $this->storage->clear(); + + $this->assertArrayHasKey('foo', $_SESSION); + $this->assertSame('baz', $_SESSION['foo']); + } } diff --git a/src/Symfony/Component/Security/Csrf/Tests/TokenStorage/SessionTokenStorageTest.php b/src/Symfony/Component/Security/Csrf/Tests/TokenStorage/SessionTokenStorageTest.php index 306e19ad91bb9..7539852f13f3f 100644 --- a/src/Symfony/Component/Security/Csrf/Tests/TokenStorage/SessionTokenStorageTest.php +++ b/src/Symfony/Component/Security/Csrf/Tests/TokenStorage/SessionTokenStorageTest.php @@ -129,4 +129,31 @@ public function testRemoveExistingTokenFromActiveSession() $this->assertSame('TOKEN', $this->storage->removeToken('token_id')); } + + public function testClearRemovesAllTokensFromTheConfiguredNamespace() + { + $this->storage->setToken('foo', 'bar'); + $this->storage->clear(); + + $this->assertFalse($this->storage->hasToken('foo')); + $this->assertFalse($this->session->has(self::SESSION_NAMESPACE.'/foo')); + } + + public function testClearDoesNotRemoveSessionValuesFromOtherNamespaces() + { + $this->session->set('foo/bar', 'baz'); + $this->storage->clear(); + + $this->assertTrue($this->session->has('foo/bar')); + $this->assertSame('baz', $this->session->get('foo/bar')); + } + + public function testClearDoesNotRemoveNonNamespacedSessionValues() + { + $this->session->set('foo', 'baz'); + $this->storage->clear(); + + $this->assertTrue($this->session->has('foo')); + $this->assertSame('baz', $this->session->get('foo')); + } } diff --git a/src/Symfony/Component/Security/Csrf/TokenStorage/ClearableTokenStorageInterface.php b/src/Symfony/Component/Security/Csrf/TokenStorage/ClearableTokenStorageInterface.php new file mode 100644 index 0000000000000..0d6f16b68d0b6 --- /dev/null +++ b/src/Symfony/Component/Security/Csrf/TokenStorage/ClearableTokenStorageInterface.php @@ -0,0 +1,23 @@ + + * + * For the full copyright and license information, please view the LICENSE + * file that was distributed with this source code. + */ + +namespace Symfony\Component\Security\Csrf\TokenStorage; + +/** + * @author Christian Flothmann + */ +interface ClearableTokenStorageInterface extends TokenStorageInterface +{ + /** + * Removes all CSRF tokens. + */ + public function clear(); +} diff --git a/src/Symfony/Component/Security/Csrf/TokenStorage/NativeSessionTokenStorage.php b/src/Symfony/Component/Security/Csrf/TokenStorage/NativeSessionTokenStorage.php index e817fdb902af8..e57e98d542433 100644 --- a/src/Symfony/Component/Security/Csrf/TokenStorage/NativeSessionTokenStorage.php +++ b/src/Symfony/Component/Security/Csrf/TokenStorage/NativeSessionTokenStorage.php @@ -18,7 +18,7 @@ * * @author Bernhard Schussek */ -class NativeSessionTokenStorage implements TokenStorageInterface +class NativeSessionTokenStorage implements ClearableTokenStorageInterface { /** * The namespace used to store values in the session. @@ -96,6 +96,14 @@ public function removeToken($tokenId) return $token; } + /** + * {@inheritdoc} + */ + public function clear() + { + unset($_SESSION[$this->namespace]); + } + private function startSession() { if (\PHP_VERSION_ID >= 50400) { diff --git a/src/Symfony/Component/Security/Csrf/TokenStorage/SessionTokenStorage.php b/src/Symfony/Component/Security/Csrf/TokenStorage/SessionTokenStorage.php index 7b00e3231b45a..d22b83e8d51de 100644 --- a/src/Symfony/Component/Security/Csrf/TokenStorage/SessionTokenStorage.php +++ b/src/Symfony/Component/Security/Csrf/TokenStorage/SessionTokenStorage.php @@ -19,7 +19,7 @@ * * @author Bernhard Schussek */ -class SessionTokenStorage implements TokenStorageInterface +class SessionTokenStorage implements ClearableTokenStorageInterface { /** * The namespace used to store values in the session. @@ -92,4 +92,16 @@ public function removeToken($tokenId) return $this->session->remove($this->namespace.'/'.$tokenId); } + + /** + * {@inheritdoc} + */ + public function clear() + { + foreach (array_keys($this->session->all()) as $key) { + if (0 === strpos($key, $this->namespace.'/')) { + $this->session->remove($key); + } + } + } } diff --git a/src/Symfony/Component/Security/Http/Logout/CsrfTokenClearingLogoutHandler.php b/src/Symfony/Component/Security/Http/Logout/CsrfTokenClearingLogoutHandler.php new file mode 100644 index 0000000000000..ad6b888aad562 --- /dev/null +++ b/src/Symfony/Component/Security/Http/Logout/CsrfTokenClearingLogoutHandler.php @@ -0,0 +1,35 @@ + + * + * For the full copyright and license information, please view the LICENSE + * file that was distributed with this source code. + */ + +namespace Symfony\Component\Security\Http\Logout; + +use Symfony\Component\HttpFoundation\Request; +use Symfony\Component\HttpFoundation\Response; +use Symfony\Component\Security\Core\Authentication\Token\TokenInterface; +use Symfony\Component\Security\Csrf\TokenStorage\ClearableTokenStorageInterface; + +/** + * @author Christian Flothmann + */ +class CsrfTokenClearingLogoutHandler implements LogoutHandlerInterface +{ + private $csrfTokenStorage; + + public function __construct(ClearableTokenStorageInterface $csrfTokenStorage) + { + $this->csrfTokenStorage = $csrfTokenStorage; + } + + public function logout(Request $request, Response $response, TokenInterface $token) + { + $this->csrfTokenStorage->clear(); + } +} diff --git a/src/Symfony/Component/Security/Http/Tests/Logout/CsrfTokenClearingLogoutHandlerTest.php b/src/Symfony/Component/Security/Http/Tests/Logout/CsrfTokenClearingLogoutHandlerTest.php new file mode 100644 index 0000000000000..fe34eaa6e5da3 --- /dev/null +++ b/src/Symfony/Component/Security/Http/Tests/Logout/CsrfTokenClearingLogoutHandlerTest.php @@ -0,0 +1,76 @@ + + * + * For the full copyright and license information, please view the LICENSE + * file that was distributed with this source code. + */ + +namespace Symfony\Component\Security\Http\Tests\Logout; + +use PHPUnit\Framework\TestCase; +use Symfony\Component\HttpFoundation\Request; +use Symfony\Component\HttpFoundation\Response; +use Symfony\Component\HttpFoundation\Session\Session; +use Symfony\Component\HttpFoundation\Session\Storage\MockArraySessionStorage; +use Symfony\Component\Security\Csrf\TokenStorage\SessionTokenStorage; +use Symfony\Component\Security\Http\Logout\CsrfTokenClearingLogoutHandler; + +class CsrfTokenClearingLogoutHandlerTest extends TestCase +{ + private $session; + private $csrfTokenStorage; + private $csrfTokenClearingLogoutHandler; + + protected function setUp() + { + $this->session = new Session(new MockArraySessionStorage()); + $this->csrfTokenStorage = new SessionTokenStorage($this->session, 'foo'); + $this->csrfTokenStorage->setToken('foo', 'bar'); + $this->csrfTokenStorage->setToken('foobar', 'baz'); + $this->csrfTokenClearingLogoutHandler = new CsrfTokenClearingLogoutHandler($this->csrfTokenStorage); + } + + public function testCsrfTokenCookieWithSameNamespaceIsRemoved() + { + $this->assertSame('bar', $this->session->get('foo/foo')); + $this->assertSame('baz', $this->session->get('foo/foobar')); + + $this->csrfTokenClearingLogoutHandler->logout(new Request(), new Response(), $this->getMockBuilder('Symfony\Component\Security\Core\Authentication\Token\TokenInterface')->getMock()); + + $this->assertFalse($this->csrfTokenStorage->hasToken('foo')); + $this->assertFalse($this->csrfTokenStorage->hasToken('foobar')); + + $this->assertFalse($this->session->has('foo/foo')); + $this->assertFalse($this->session->has('foo/foobar')); + } + + public function testCsrfTokenCookieWithDifferentNamespaceIsNotRemoved() + { + $barNamespaceCsrfSessionStorage = new SessionTokenStorage($this->session, 'bar'); + $barNamespaceCsrfSessionStorage->setToken('foo', 'bar'); + $barNamespaceCsrfSessionStorage->setToken('foobar', 'baz'); + + $this->assertSame('bar', $this->session->get('foo/foo')); + $this->assertSame('baz', $this->session->get('foo/foobar')); + $this->assertSame('bar', $this->session->get('bar/foo')); + $this->assertSame('baz', $this->session->get('bar/foobar')); + + $this->csrfTokenClearingLogoutHandler->logout(new Request(), new Response(), $this->getMockBuilder('Symfony\Component\Security\Core\Authentication\Token\TokenInterface')->getMock()); + + $this->assertTrue($barNamespaceCsrfSessionStorage->hasToken('foo')); + $this->assertTrue($barNamespaceCsrfSessionStorage->hasToken('foobar')); + $this->assertSame('bar', $barNamespaceCsrfSessionStorage->getToken('foo')); + $this->assertSame('baz', $barNamespaceCsrfSessionStorage->getToken('foobar')); + $this->assertFalse($this->csrfTokenStorage->hasToken('foo')); + $this->assertFalse($this->csrfTokenStorage->hasToken('foobar')); + + $this->assertFalse($this->session->has('foo/foo')); + $this->assertFalse($this->session->has('foo/foobar')); + $this->assertSame('bar', $this->session->get('bar/foo')); + $this->assertSame('baz', $this->session->get('bar/foobar')); + } +} diff --git a/src/Symfony/Component/Security/Http/composer.json b/src/Symfony/Component/Security/Http/composer.json index 6e289031921d9..f04958bf431b8 100644 --- a/src/Symfony/Component/Security/Http/composer.json +++ b/src/Symfony/Component/Security/Http/composer.json @@ -24,9 +24,12 @@ }, "require-dev": { "symfony/routing": "~2.2", - "symfony/security-csrf": "~2.4", + "symfony/security-csrf": "~2.7.48 || ~2.8.41", "psr/log": "~1.0" }, + "conflict": { + "symfony/security-csrf": "<2.7.48 || >=2.8.0,<2.8.41 || >=3.0.0" + }, "suggest": { "symfony/security-csrf": "For using tokens to protect authentication/logout attempts", "symfony/routing": "For using the HttpUtils class to create sub-requests, redirect the user, and match URLs" From c003b7a247296e7fdcfb20c2eb175cfb7aaf3c4e Mon Sep 17 00:00:00 2001 From: Nicolas Grekas Date: Thu, 11 Jan 2018 10:05:15 +0100 Subject: [PATCH 35/74] [SecurityBundle] Fail if security.http_utils cannot be configured --- .../Compiler/AddSessionDomainConstraintPass.php | 3 ++- .../Bundle/SecurityBundle/SecurityBundle.php | 2 +- .../Compiler/AddSessionDomainConstraintPassTest.php | 13 +++++++++++++ 3 files changed, 16 insertions(+), 2 deletions(-) diff --git a/src/Symfony/Bundle/SecurityBundle/DependencyInjection/Compiler/AddSessionDomainConstraintPass.php b/src/Symfony/Bundle/SecurityBundle/DependencyInjection/Compiler/AddSessionDomainConstraintPass.php index 3dd18944de9f3..ba523382b66ba 100644 --- a/src/Symfony/Bundle/SecurityBundle/DependencyInjection/Compiler/AddSessionDomainConstraintPass.php +++ b/src/Symfony/Bundle/SecurityBundle/DependencyInjection/Compiler/AddSessionDomainConstraintPass.php @@ -26,7 +26,7 @@ class AddSessionDomainConstraintPass implements CompilerPassInterface */ public function process(ContainerBuilder $container) { - if (!$container->hasParameter('session.storage.options') || !$container->has('security.http_utils')) { + if (!$container->hasParameter('session.storage.options')) { return; } @@ -34,6 +34,7 @@ public function process(ContainerBuilder $container) $domainRegexp = empty($sessionOptions['cookie_domain']) ? '%s' : sprintf('(?:%%s|(?:.+\.)?%s)', preg_quote(trim($sessionOptions['cookie_domain'], '.'))); $domainRegexp = (empty($sessionOptions['cookie_secure']) ? 'https?://' : 'https://').$domainRegexp; + // if the service doesn't exist, an exception must be thrown - ignoring would put security at risk $container->findDefinition('security.http_utils')->addArgument(sprintf('{^%s$}i', $domainRegexp)); } } diff --git a/src/Symfony/Bundle/SecurityBundle/SecurityBundle.php b/src/Symfony/Bundle/SecurityBundle/SecurityBundle.php index 80ccb554ed73e..137558569bc2d 100644 --- a/src/Symfony/Bundle/SecurityBundle/SecurityBundle.php +++ b/src/Symfony/Bundle/SecurityBundle/SecurityBundle.php @@ -50,7 +50,7 @@ public function build(ContainerBuilder $container) $extension->addUserProviderFactory(new InMemoryFactory()); $container->addCompilerPass(new AddSecurityVotersPass()); - $container->addCompilerPass(new AddSessionDomainConstraintPass(), PassConfig::TYPE_AFTER_REMOVING); + $container->addCompilerPass(new AddSessionDomainConstraintPass(), PassConfig::TYPE_BEFORE_REMOVING); $container->addCompilerPass(new RegisterCsrfTokenClearingLogoutHandlerPass()); } } diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Compiler/AddSessionDomainConstraintPassTest.php b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Compiler/AddSessionDomainConstraintPassTest.php index 7d49ad3dd4ec6..e12f3a64f31fe 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Compiler/AddSessionDomainConstraintPassTest.php +++ b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Compiler/AddSessionDomainConstraintPassTest.php @@ -96,6 +96,19 @@ public function testNoSession() $this->assertTrue($utils->createRedirectResponse($request, 'http://pirate.com/foo')->isRedirect('http://pirate.com/foo')); } + /** + * @expectedException \Symfony\Component\DependencyInjection\Exception\ServiceNotFoundException + * @expectedExceptionMessage You have requested a non-existent service "security.http_utils". + */ + public function testNoHttpUtils() + { + $container = new ContainerBuilder(); + $container->setParameter('session.storage.options', array()); + + $pass = new AddSessionDomainConstraintPass(); + $pass->process($container); + } + private function createContainer($sessionStorageOptions) { $container = new ContainerBuilder(); From d8cbec00ad56d15866dadf4adc9b18a6ea147a33 Mon Sep 17 00:00:00 2001 From: Nicolas Grekas Date: Thu, 24 May 2018 16:57:45 +0200 Subject: [PATCH 36/74] [FrameworkBundle] cleanup generated test container --- .../Compiler/TestServiceContainerRealRefPass.php | 12 ++++++++++-- .../Compiler/TestServiceContainerWeakRefPass.php | 4 ++-- .../Tests/Functional/TestServiceContainerTest.php | 2 +- 3 files changed, 13 insertions(+), 5 deletions(-) diff --git a/src/Symfony/Bundle/FrameworkBundle/DependencyInjection/Compiler/TestServiceContainerRealRefPass.php b/src/Symfony/Bundle/FrameworkBundle/DependencyInjection/Compiler/TestServiceContainerRealRefPass.php index 9e36a80d00ce6..19b36e3d2c843 100644 --- a/src/Symfony/Bundle/FrameworkBundle/DependencyInjection/Compiler/TestServiceContainerRealRefPass.php +++ b/src/Symfony/Bundle/FrameworkBundle/DependencyInjection/Compiler/TestServiceContainerRealRefPass.php @@ -27,13 +27,21 @@ public function process(ContainerBuilder $container) } $testContainer = $container->getDefinition('test.service_container'); - $privateContainer = $container->getDefinition((string) $testContainer->getArgument(2)); + $privateContainer = $testContainer->getArgument(2); + if ($privateContainer instanceof Reference) { + $privateContainer = $container->getDefinition((string) $privateContainer); + } $definitions = $container->getDefinitions(); + $privateServices = $privateContainer->getArgument(0); - foreach ($privateContainer->getArgument(0) as $id => $argument) { + foreach ($privateServices as $id => $argument) { if (isset($definitions[$target = (string) $argument->getValues()[0]])) { $argument->setValues(array(new Reference($target))); + } else { + unset($privateServices[$id]); } } + + $privateContainer->replaceArgument(0, $privateServices); } } diff --git a/src/Symfony/Bundle/FrameworkBundle/DependencyInjection/Compiler/TestServiceContainerWeakRefPass.php b/src/Symfony/Bundle/FrameworkBundle/DependencyInjection/Compiler/TestServiceContainerWeakRefPass.php index 62f17d64f1449..51fe553e19b2b 100644 --- a/src/Symfony/Bundle/FrameworkBundle/DependencyInjection/Compiler/TestServiceContainerWeakRefPass.php +++ b/src/Symfony/Bundle/FrameworkBundle/DependencyInjection/Compiler/TestServiceContainerWeakRefPass.php @@ -31,7 +31,7 @@ public function process(ContainerBuilder $container) $definitions = $container->getDefinitions(); foreach ($definitions as $id => $definition) { - if ((!$definition->isPublic() || $definition->isPrivate()) && !$definition->getErrors() && !$definition->isAbstract()) { + if ($id && '.' !== $id[0] && (!$definition->isPublic() || $definition->isPrivate()) && !$definition->getErrors() && !$definition->isAbstract()) { $privateServices[$id] = new ServiceClosureArgument(new Reference($id, ContainerBuilder::IGNORE_ON_UNINITIALIZED_REFERENCE)); } } @@ -39,7 +39,7 @@ public function process(ContainerBuilder $container) $aliases = $container->getAliases(); foreach ($aliases as $id => $alias) { - if (!$alias->isPublic() || $alias->isPrivate()) { + if ($id && '.' !== $id[0] && (!$alias->isPublic() || $alias->isPrivate())) { while (isset($aliases[$target = (string) $alias])) { $alias = $aliases[$target]; } diff --git a/src/Symfony/Bundle/FrameworkBundle/Tests/Functional/TestServiceContainerTest.php b/src/Symfony/Bundle/FrameworkBundle/Tests/Functional/TestServiceContainerTest.php index 88d3b4cf29a31..b50c3e1f0b715 100644 --- a/src/Symfony/Bundle/FrameworkBundle/Tests/Functional/TestServiceContainerTest.php +++ b/src/Symfony/Bundle/FrameworkBundle/Tests/Functional/TestServiceContainerTest.php @@ -42,6 +42,6 @@ public function testThatPrivateServicesAreAvailableIfTestConfigIsEnabled() $this->assertTrue(static::$container->has(NonPublicService::class)); $this->assertTrue(static::$container->has(PrivateService::class)); $this->assertTrue(static::$container->has('private_service')); - $this->assertTrue(static::$container->has(UnusedPrivateService::class)); + $this->assertFalse(static::$container->has(UnusedPrivateService::class)); } } From 91c25689d26e897c4de24ff9bee324cb07c69138 Mon Sep 17 00:00:00 2001 From: Fabien Potencier Date: Thu, 24 May 2018 17:52:07 +0200 Subject: [PATCH 37/74] simplified code --- .../Component/Security/Guard/GuardAuthenticatorHandler.php | 6 +----- .../Http/Firewall/AbstractPreAuthenticatedListener.php | 6 +----- .../Security/Http/Firewall/BasicAuthenticationListener.php | 6 +----- .../Security/Http/Firewall/DigestAuthenticationListener.php | 6 +----- .../Http/Firewall/SimplePreAuthenticationListener.php | 6 +----- .../Firewall/UsernamePasswordJsonAuthenticationListener.php | 5 +---- .../Security/Http/Session/SessionAuthenticationStrategy.php | 6 +----- 7 files changed, 7 insertions(+), 34 deletions(-) diff --git a/src/Symfony/Component/Security/Guard/GuardAuthenticatorHandler.php b/src/Symfony/Component/Security/Guard/GuardAuthenticatorHandler.php index 3ff9cd51e1b75..1af407d236039 100644 --- a/src/Symfony/Component/Security/Guard/GuardAuthenticatorHandler.php +++ b/src/Symfony/Component/Security/Guard/GuardAuthenticatorHandler.php @@ -136,10 +136,6 @@ private function migrateSession(Request $request) if (!$request->hasSession() || !$request->hasPreviousSession()) { return; } - - // Destroying the old session is broken in php 5.4.0 - 5.4.10 - // See https://bugs.php.net/63379 - $destroy = \PHP_VERSION_ID < 50400 || \PHP_VERSION_ID >= 50411; - $request->getSession()->migrate($destroy); + $request->getSession()->migrate(true); } } diff --git a/src/Symfony/Component/Security/Http/Firewall/AbstractPreAuthenticatedListener.php b/src/Symfony/Component/Security/Http/Firewall/AbstractPreAuthenticatedListener.php index 2054c4aa0774e..6286b6cf87cd6 100644 --- a/src/Symfony/Component/Security/Http/Firewall/AbstractPreAuthenticatedListener.php +++ b/src/Symfony/Component/Security/Http/Firewall/AbstractPreAuthenticatedListener.php @@ -123,10 +123,6 @@ private function migrateSession(Request $request) if (!$request->hasSession() || !$request->hasPreviousSession()) { return; } - - // Destroying the old session is broken in php 5.4.0 - 5.4.10 - // See https://bugs.php.net/63379 - $destroy = \PHP_VERSION_ID < 50400 || \PHP_VERSION_ID >= 50411; - $request->getSession()->migrate($destroy); + $request->getSession()->migrate(true); } } diff --git a/src/Symfony/Component/Security/Http/Firewall/BasicAuthenticationListener.php b/src/Symfony/Component/Security/Http/Firewall/BasicAuthenticationListener.php index 63bd013c64e31..0d32f9a3d2bac 100644 --- a/src/Symfony/Component/Security/Http/Firewall/BasicAuthenticationListener.php +++ b/src/Symfony/Component/Security/Http/Firewall/BasicAuthenticationListener.php @@ -98,10 +98,6 @@ private function migrateSession(Request $request) if (!$request->hasSession() || !$request->hasPreviousSession()) { return; } - - // Destroying the old session is broken in php 5.4.0 - 5.4.10 - // See https://bugs.php.net/63379 - $destroy = \PHP_VERSION_ID < 50400 || \PHP_VERSION_ID >= 50411; - $request->getSession()->migrate($destroy); + $request->getSession()->migrate(true); } } diff --git a/src/Symfony/Component/Security/Http/Firewall/DigestAuthenticationListener.php b/src/Symfony/Component/Security/Http/Firewall/DigestAuthenticationListener.php index 88e9dc6312f2b..bcdd0d168ece2 100644 --- a/src/Symfony/Component/Security/Http/Firewall/DigestAuthenticationListener.php +++ b/src/Symfony/Component/Security/Http/Firewall/DigestAuthenticationListener.php @@ -145,11 +145,7 @@ private function migrateSession(Request $request) if (!$request->hasSession() || !$request->hasPreviousSession()) { return; } - - // Destroying the old session is broken in php 5.4.0 - 5.4.10 - // See https://bugs.php.net/63379 - $destroy = \PHP_VERSION_ID < 50400 || \PHP_VERSION_ID >= 50411; - $request->getSession()->migrate($destroy); + $request->getSession()->migrate(true); } } diff --git a/src/Symfony/Component/Security/Http/Firewall/SimplePreAuthenticationListener.php b/src/Symfony/Component/Security/Http/Firewall/SimplePreAuthenticationListener.php index cd70097d3a9c0..7325658c8d902 100644 --- a/src/Symfony/Component/Security/Http/Firewall/SimplePreAuthenticationListener.php +++ b/src/Symfony/Component/Security/Http/Firewall/SimplePreAuthenticationListener.php @@ -129,10 +129,6 @@ private function migrateSession(Request $request) if (!$request->hasSession() || !$request->hasPreviousSession()) { return; } - - // Destroying the old session is broken in php 5.4.0 - 5.4.10 - // See https://bugs.php.net/63379 - $destroy = \PHP_VERSION_ID < 50400 || \PHP_VERSION_ID >= 50411; - $request->getSession()->migrate($destroy); + $request->getSession()->migrate(true); } } diff --git a/src/Symfony/Component/Security/Http/Firewall/UsernamePasswordJsonAuthenticationListener.php b/src/Symfony/Component/Security/Http/Firewall/UsernamePasswordJsonAuthenticationListener.php index 748ba07ad81ee..8bde1e00151e8 100644 --- a/src/Symfony/Component/Security/Http/Firewall/UsernamePasswordJsonAuthenticationListener.php +++ b/src/Symfony/Component/Security/Http/Firewall/UsernamePasswordJsonAuthenticationListener.php @@ -190,9 +190,6 @@ private function migrateSession(Request $request) if (!$request->hasSession() || !$request->hasPreviousSession()) { return; } - // Destroying the old session is broken in php 5.4.0 - 5.4.10 - // See https://bugs.php.net/63379 - $destroy = \PHP_VERSION_ID < 50400 || \PHP_VERSION_ID >= 50411; - $request->getSession()->migrate($destroy); + $request->getSession()->migrate(true); } } diff --git a/src/Symfony/Component/Security/Http/Session/SessionAuthenticationStrategy.php b/src/Symfony/Component/Security/Http/Session/SessionAuthenticationStrategy.php index 15e9b24bb9771..9c1faa922c010 100644 --- a/src/Symfony/Component/Security/Http/Session/SessionAuthenticationStrategy.php +++ b/src/Symfony/Component/Security/Http/Session/SessionAuthenticationStrategy.php @@ -49,11 +49,7 @@ public function onAuthentication(Request $request, TokenInterface $token) case self::MIGRATE: // Note: this logic is duplicated in several authentication listeners // until Symfony 5.0 due to a security fix with BC compat - - // Destroying the old session is broken in php 5.4.0 - 5.4.10 - // See https://bugs.php.net/63379 - $destroy = \PHP_VERSION_ID < 50400 || \PHP_VERSION_ID >= 50411; - $request->getSession()->migrate($destroy); + $request->getSession()->migrate(true); return; From 777727829d865da8aa8357ccf26766b541298496 Mon Sep 17 00:00:00 2001 From: Fabien Potencier Date: Thu, 24 May 2018 20:20:58 +0200 Subject: [PATCH 38/74] added missing constraint --- src/Symfony/Component/Security/Http/composer.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/Symfony/Component/Security/Http/composer.json b/src/Symfony/Component/Security/Http/composer.json index 8e216cb6cbadf..74c0e77e7614d 100644 --- a/src/Symfony/Component/Security/Http/composer.json +++ b/src/Symfony/Component/Security/Http/composer.json @@ -27,7 +27,7 @@ }, "require-dev": { "symfony/routing": "~2.8|~3.0|~4.0", - "symfony/security-csrf": "^2.8.41|^3.3.17|^4.0.11", + "symfony/security-csrf": "^2.8.41|^3.3.17|^3.4.11|^4.0.11", "psr/log": "~1.0" }, "conflict": { From 32c73a71a746b51c09ffced1f6017bd39289eb5d Mon Sep 17 00:00:00 2001 From: Christian Flothmann Date: Thu, 24 May 2018 20:54:44 +0200 Subject: [PATCH 39/74] fixtures config fix --- .../Functional/app/LogoutWithoutSessionInvalidation/config.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/LogoutWithoutSessionInvalidation/config.yml b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/LogoutWithoutSessionInvalidation/config.yml index d3fd8d0339e86..9e5563fea5197 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/LogoutWithoutSessionInvalidation/config.yml +++ b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/LogoutWithoutSessionInvalidation/config.yml @@ -19,7 +19,7 @@ security: require_previous_session: false remember_me: always_remember_me: true - key: key + secret: secret logout: invalidate_session: false anonymous: ~ From 47f0e732d92f9c52277909978f1c734e276193fd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Gabriel=20Ostroluck=C3=BD?= Date: Thu, 24 May 2018 22:59:06 +0200 Subject: [PATCH 40/74] [HttpFoundation] Fix cookie test with xdebug Here's the failure without this patch: ``` Testing Symfony\Component\HttpFoundation\Tests\ResponseFunctionalTest F..... 6 / 6 (100%) Time: 1.07 seconds, Memory: 4.00MB There was 1 failure: 1) Symfony\Component\HttpFoundation\Tests\ResponseFunctionalTest::testCookie with data set #0 ('cookie_max_age') Failed asserting that string matches format description. --- Expected +++ Actual @@ @@ Warning: Expiry date cannot have a year greater than 9999 in /home/gadelat/PhpstormProjects/symfony/src/Symfony/Component/HttpFoundation/Tests/Fixtures/response-functional/cookie_max_age.php on line 10 +Call Stack: + 0.0004 390392 1. {main}() /home/gadelat/PhpstormProjects/symfony/src/Symfony/Component/HttpFoundation/Tests/Fixtures/response-functional/cookie_max_age.php:0 + 0.0178 500960 2. setcookie() /home/gadelat/PhpstormProjects/symfony/src/Symfony/Component/HttpFoundation/Tests/Fixtures/response-functional/cookie_max_age.php:10 + + Array ( [0] => Content-Type: text/plain; charset=utf-8 [1] => Cache-Control: no-cache, private [2] => Date: Sat, 12 Nov 1955 20:04:00 GMT - [3] => Set-Cookie: foo=bar; expires=Sat, 01-Jan-10000 02:46:40 GMT; Max-Age=%d; path=/ + [3] => Set-Cookie: foo=bar; expires=Sat, 01-Jan-10000 02:46:40 GMT; Max-Age=251875115405; path=/ ) shutdown /home/gadelat/PhpstormProjects/symfony/src/Symfony/Component/HttpFoundation/Tests/ResponseFunctionalTest.php:49 ``` --- .../Tests/Fixtures/response-functional/common.inc | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/src/Symfony/Component/HttpFoundation/Tests/Fixtures/response-functional/common.inc b/src/Symfony/Component/HttpFoundation/Tests/Fixtures/response-functional/common.inc index ba101d357852d..f9c40a9a3c5e1 100644 --- a/src/Symfony/Component/HttpFoundation/Tests/Fixtures/response-functional/common.inc +++ b/src/Symfony/Component/HttpFoundation/Tests/Fixtures/response-functional/common.inc @@ -22,6 +22,10 @@ error_reporting(-1); ini_set('html_errors', 0); ini_set('display_errors', 1); +if (ini_get('xdebug.default_enable')) { + xdebug_disable(); +} + header_remove('X-Powered-By'); header('Content-Type: text/plain; charset=utf-8'); From 0e74f73af5da5cee2cb3c728d175f92a3ba14cf4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Gabriel=20Ostroluck=C3=BD?= Date: Thu, 24 May 2018 23:41:30 +0200 Subject: [PATCH 41/74] Tweak Argon2 test config Memory cost 8 seems to be lowest value accepted on my machine ``` Testing Symfony\Component\Security\Core\Tests\Encoder\Argon2iPasswordEncoderTest E.... 5 / 5 (100%) Time: 114 ms, Memory: 4.00MB There was 1 error: 1) Symfony\Component\Security\Core\Tests\Encoder\Argon2iPasswordEncoderTest::testValidationWithConfig password_hash(): Memory cost is outside of allowed memory range /home/gadelat/PhpstormProjects/symfony/src/Symfony/Component/Security/Core/Encoder/Argon2iPasswordEncoder.php:105 /home/gadelat/PhpstormProjects/symfony/src/Symfony/Component/Security/Core/Encoder/Argon2iPasswordEncoder.php:67 /home/gadelat/PhpstormProjects/symfony/src/Symfony/Component/Security/Core/Tests/Encoder/Argon2iPasswordEncoderTest.php:34 ``` --- .../Security/Core/Tests/Encoder/Argon2iPasswordEncoderTest.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/Symfony/Component/Security/Core/Tests/Encoder/Argon2iPasswordEncoderTest.php b/src/Symfony/Component/Security/Core/Tests/Encoder/Argon2iPasswordEncoderTest.php index cdb4f8767a3ad..1b033cfacc685 100644 --- a/src/Symfony/Component/Security/Core/Tests/Encoder/Argon2iPasswordEncoderTest.php +++ b/src/Symfony/Component/Security/Core/Tests/Encoder/Argon2iPasswordEncoderTest.php @@ -30,7 +30,7 @@ protected function setUp() public function testValidationWithConfig() { - $encoder = new Argon2iPasswordEncoder(4, 4, 1); + $encoder = new Argon2iPasswordEncoder(8, 4, 1); $result = $encoder->encodePassword(self::PASSWORD, null); $this->assertTrue($encoder->isPasswordValid($result, self::PASSWORD, null)); $this->assertFalse($encoder->isPasswordValid($result, 'anotherPassword', null)); From 87153549f63c8cf4e6e0c60e77b15ebcb8161658 Mon Sep 17 00:00:00 2001 From: Fabien Potencier Date: Fri, 25 May 2018 07:45:02 +0200 Subject: [PATCH 42/74] bumped dep --- src/Symfony/Bundle/SecurityBundle/composer.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/Symfony/Bundle/SecurityBundle/composer.json b/src/Symfony/Bundle/SecurityBundle/composer.json index 1536a1d5a89fb..054472a0939a4 100644 --- a/src/Symfony/Bundle/SecurityBundle/composer.json +++ b/src/Symfony/Bundle/SecurityBundle/composer.json @@ -26,7 +26,7 @@ "symfony/browser-kit": "~2.7", "symfony/console": "~2.7", "symfony/css-selector": "^2.7", - "symfony/dependency-injection": "^2.7.1", + "symfony/dependency-injection": "^2.7.48", "symfony/dom-crawler": "^2.7", "symfony/form": "~2.7.15|^2.8.8", "symfony/framework-bundle": "~2.7.25|^2.8.18", From 1151ab28c0c8c551dda91c37a9d4a9d715c17eae Mon Sep 17 00:00:00 2001 From: Fabien Potencier Date: Fri, 25 May 2018 08:20:37 +0200 Subject: [PATCH 43/74] bumped dep --- src/Symfony/Bundle/SecurityBundle/composer.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/Symfony/Bundle/SecurityBundle/composer.json b/src/Symfony/Bundle/SecurityBundle/composer.json index 054472a0939a4..0e8fc6c425334 100644 --- a/src/Symfony/Bundle/SecurityBundle/composer.json +++ b/src/Symfony/Bundle/SecurityBundle/composer.json @@ -26,7 +26,7 @@ "symfony/browser-kit": "~2.7", "symfony/console": "~2.7", "symfony/css-selector": "^2.7", - "symfony/dependency-injection": "^2.7.48", + "symfony/dependency-injection": "^2.7.48|^2.8.41", "symfony/dom-crawler": "^2.7", "symfony/form": "~2.7.15|^2.8.8", "symfony/framework-bundle": "~2.7.25|^2.8.18", From 2f34263a1ac0dd48684a7a5506fde6c7410aca3c Mon Sep 17 00:00:00 2001 From: Fabien Potencier Date: Fri, 25 May 2018 08:35:17 +0200 Subject: [PATCH 44/74] fixed constraints --- src/Symfony/Bundle/SecurityBundle/composer.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/Symfony/Bundle/SecurityBundle/composer.json b/src/Symfony/Bundle/SecurityBundle/composer.json index 0e8fc6c425334..68b2c907cbf18 100644 --- a/src/Symfony/Bundle/SecurityBundle/composer.json +++ b/src/Symfony/Bundle/SecurityBundle/composer.json @@ -26,7 +26,7 @@ "symfony/browser-kit": "~2.7", "symfony/console": "~2.7", "symfony/css-selector": "^2.7", - "symfony/dependency-injection": "^2.7.48|^2.8.41", + "symfony/dependency-injection": "~2.7.48|^2.8.41", "symfony/dom-crawler": "^2.7", "symfony/form": "~2.7.15|^2.8.8", "symfony/framework-bundle": "~2.7.25|^2.8.18", From 2ed0cedb19d4bd5897101a79f2856632b66eeb8d Mon Sep 17 00:00:00 2001 From: Fabien Potencier Date: Fri, 25 May 2018 08:54:15 +0200 Subject: [PATCH 45/74] fixed constraints --- src/Symfony/Bundle/FrameworkBundle/composer.json | 2 +- src/Symfony/Bundle/SecurityBundle/composer.json | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/src/Symfony/Bundle/FrameworkBundle/composer.json b/src/Symfony/Bundle/FrameworkBundle/composer.json index 3e7b75ba127e2..06bd65eae4746 100644 --- a/src/Symfony/Bundle/FrameworkBundle/composer.json +++ b/src/Symfony/Bundle/FrameworkBundle/composer.json @@ -20,7 +20,7 @@ "ext-xml": "*", "symfony/asset": "~2.7|~3.0.0", "symfony/class-loader": "~2.1|~3.0.0", - "symfony/dependency-injection": "~2.8", + "symfony/dependency-injection": "~2.8.41", "symfony/config": "~2.8", "symfony/event-dispatcher": "~2.8|~3.0.0", "symfony/finder": "^2.0.5|~3.0.0", diff --git a/src/Symfony/Bundle/SecurityBundle/composer.json b/src/Symfony/Bundle/SecurityBundle/composer.json index ed45ffafd1e1a..f588b04888161 100644 --- a/src/Symfony/Bundle/SecurityBundle/composer.json +++ b/src/Symfony/Bundle/SecurityBundle/composer.json @@ -27,6 +27,7 @@ "symfony/browser-kit": "~2.7|~3.0.0", "symfony/console": "~2.7|~3.0.0", "symfony/css-selector": "^2.7|~3.0.0", + "symfony/dependency-injection": "~2.8.41", "symfony/dom-crawler": "^2.7|~3.0.0", "symfony/form": "^2.8.18", "symfony/framework-bundle": "^2.8.18", From ffd72c8deed4e4d39baced1b3faaccb47f25d997 Mon Sep 17 00:00:00 2001 From: Christian Flothmann Date: Fri, 25 May 2018 09:45:06 +0200 Subject: [PATCH 46/74] fix tests --- .../Bundle/SecurityBundle/Tests/Functional/LogoutTest.php | 8 ++++---- .../app/LogoutWithoutSessionInvalidation/config.yml | 5 +++++ 2 files changed, 9 insertions(+), 4 deletions(-) diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/LogoutTest.php b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/LogoutTest.php index d3c3b77fd5d61..4d5522a4f008a 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/LogoutTest.php +++ b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/LogoutTest.php @@ -35,18 +35,18 @@ public function testSessionLessRememberMeLogout() public function testCsrfTokensAreClearedOnLogout() { $client = $this->createClient(array('test_case' => 'LogoutWithoutSessionInvalidation', 'root_config' => 'config.yml')); - $client->getContainer()->get('security.csrf.token_storage')->setToken('foo', 'bar'); + $client->getContainer()->get('test.security.csrf.token_storage')->setToken('foo', 'bar'); $client->request('POST', '/login', array( '_username' => 'johannes', '_password' => 'test', )); - $this->assertTrue($client->getContainer()->get('security.csrf.token_storage')->hasToken('foo')); - $this->assertSame('bar', $client->getContainer()->get('security.csrf.token_storage')->getToken('foo')); + $this->assertTrue($client->getContainer()->get('test.security.csrf.token_storage')->hasToken('foo')); + $this->assertSame('bar', $client->getContainer()->get('test.security.csrf.token_storage')->getToken('foo')); $client->request('GET', '/logout'); - $this->assertFalse($client->getContainer()->get('security.csrf.token_storage')->hasToken('foo')); + $this->assertFalse($client->getContainer()->get('test.security.csrf.token_storage')->hasToken('foo')); } } diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/LogoutWithoutSessionInvalidation/config.yml b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/LogoutWithoutSessionInvalidation/config.yml index 9e5563fea5197..1a4ade82b9d4c 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/LogoutWithoutSessionInvalidation/config.yml +++ b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/LogoutWithoutSessionInvalidation/config.yml @@ -1,6 +1,11 @@ imports: - { resource: ./../config/framework.yml } +services: + test.security.csrf.token_storage: + alias: security.csrf.token_storage + public: true + security: encoders: Symfony\Component\Security\Core\User\User: plaintext From e65a122d171262a62d0e3d0918723d9332cdd902 Mon Sep 17 00:00:00 2001 From: Christian Flothmann Date: Fri, 25 May 2018 09:45:06 +0200 Subject: [PATCH 47/74] fix tests --- .../Bundle/SecurityBundle/Tests/Functional/LogoutTest.php | 8 ++++---- .../app/LogoutWithoutSessionInvalidation/config.yml | 5 +++++ 2 files changed, 9 insertions(+), 4 deletions(-) diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/LogoutTest.php b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/LogoutTest.php index d3c3b77fd5d61..4d5522a4f008a 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/LogoutTest.php +++ b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/LogoutTest.php @@ -35,18 +35,18 @@ public function testSessionLessRememberMeLogout() public function testCsrfTokensAreClearedOnLogout() { $client = $this->createClient(array('test_case' => 'LogoutWithoutSessionInvalidation', 'root_config' => 'config.yml')); - $client->getContainer()->get('security.csrf.token_storage')->setToken('foo', 'bar'); + $client->getContainer()->get('test.security.csrf.token_storage')->setToken('foo', 'bar'); $client->request('POST', '/login', array( '_username' => 'johannes', '_password' => 'test', )); - $this->assertTrue($client->getContainer()->get('security.csrf.token_storage')->hasToken('foo')); - $this->assertSame('bar', $client->getContainer()->get('security.csrf.token_storage')->getToken('foo')); + $this->assertTrue($client->getContainer()->get('test.security.csrf.token_storage')->hasToken('foo')); + $this->assertSame('bar', $client->getContainer()->get('test.security.csrf.token_storage')->getToken('foo')); $client->request('GET', '/logout'); - $this->assertFalse($client->getContainer()->get('security.csrf.token_storage')->hasToken('foo')); + $this->assertFalse($client->getContainer()->get('test.security.csrf.token_storage')->hasToken('foo')); } } diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/LogoutWithoutSessionInvalidation/config.yml b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/LogoutWithoutSessionInvalidation/config.yml index 9e5563fea5197..1a4ade82b9d4c 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/LogoutWithoutSessionInvalidation/config.yml +++ b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/LogoutWithoutSessionInvalidation/config.yml @@ -1,6 +1,11 @@ imports: - { resource: ./../config/framework.yml } +services: + test.security.csrf.token_storage: + alias: security.csrf.token_storage + public: true + security: encoders: Symfony\Component\Security\Core\User\User: plaintext From a1166b5527ae66446534d22198cb222c4d85c51f Mon Sep 17 00:00:00 2001 From: Christian Flothmann Date: Fri, 25 May 2018 10:37:07 +0200 Subject: [PATCH 48/74] fix class existence --- .../Compiler/AddSecurityVotersPassTest.php | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Compiler/AddSecurityVotersPassTest.php b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Compiler/AddSecurityVotersPassTest.php index 5cce32ea9377a..5eae4388dc2f8 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Compiler/AddSecurityVotersPassTest.php +++ b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Compiler/AddSecurityVotersPassTest.php @@ -18,7 +18,6 @@ use Symfony\Component\DependencyInjection\Reference; use Symfony\Component\Security\Core\Authorization\AccessDecisionManager; use Symfony\Component\Security\Core\Authorization\Voter\Voter; -use Symfony\Component\Security\Core\Tests\Authorization\Stub\VoterWithoutInterface; class AddSecurityVotersPassTest extends TestCase { @@ -122,3 +121,10 @@ public function testVoterMissingInterfaceAndMethod() $compilerPass->process($container); } } + +class VoterWithoutInterface +{ + public function vote() + { + } +} From 531fcacd5fdfd280b7e7d38be638d35490c3d72e Mon Sep 17 00:00:00 2001 From: Nicolas Grekas Date: Fri, 25 May 2018 11:04:35 +0200 Subject: [PATCH 49/74] [SecurityBundle] update conflict rule --- src/Symfony/Bundle/SecurityBundle/composer.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/Symfony/Bundle/SecurityBundle/composer.json b/src/Symfony/Bundle/SecurityBundle/composer.json index 4bd2f2c2254d0..8e4bb9d0a2f7f 100644 --- a/src/Symfony/Bundle/SecurityBundle/composer.json +++ b/src/Symfony/Bundle/SecurityBundle/composer.json @@ -46,7 +46,7 @@ "twig/twig": "~1.34|~2.4" }, "conflict": { - "symfony/security": "4.1.0-beta1", + "symfony/security": "4.1.0-beta1,4.1.0-beta2", "symfony/var-dumper": "<3.3", "symfony/event-dispatcher": "<3.4", "symfony/framework-bundle": "<3.4", From 26f3318dd46eb69211bb317fa9907a3d11692c54 Mon Sep 17 00:00:00 2001 From: Nicolas Grekas Date: Fri, 25 May 2018 12:58:40 +0200 Subject: [PATCH 50/74] [SecurityBundle] fix test --- .../Bundle/SecurityBundle/Tests/Functional/LogoutTest.php | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/LogoutTest.php b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/LogoutTest.php index 4d5522a4f008a..ddea9dc1742fe 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/LogoutTest.php +++ b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/LogoutTest.php @@ -35,18 +35,18 @@ public function testSessionLessRememberMeLogout() public function testCsrfTokensAreClearedOnLogout() { $client = $this->createClient(array('test_case' => 'LogoutWithoutSessionInvalidation', 'root_config' => 'config.yml')); - $client->getContainer()->get('test.security.csrf.token_storage')->setToken('foo', 'bar'); + static::$kernel->getContainer()->get('test.security.csrf.token_storage')->setToken('foo', 'bar'); $client->request('POST', '/login', array( '_username' => 'johannes', '_password' => 'test', )); - $this->assertTrue($client->getContainer()->get('test.security.csrf.token_storage')->hasToken('foo')); - $this->assertSame('bar', $client->getContainer()->get('test.security.csrf.token_storage')->getToken('foo')); + $this->assertTrue(static::$kernel->getContainer()->get('test.security.csrf.token_storage')->hasToken('foo')); + $this->assertSame('bar', static::$kernel->getContainer()->get('test.security.csrf.token_storage')->getToken('foo')); $client->request('GET', '/logout'); - $this->assertFalse($client->getContainer()->get('test.security.csrf.token_storage')->hasToken('foo')); + $this->assertFalse(static::$kernel->getContainer()->get('test.security.csrf.token_storage')->hasToken('foo')); } } From ec303662095214ac043047d6774827afc66621ae Mon Sep 17 00:00:00 2001 From: Nicolas Grekas Date: Fri, 25 May 2018 12:58:40 +0200 Subject: [PATCH 51/74] [SecurityBundle] fix test --- .../Bundle/SecurityBundle/Tests/Functional/LogoutTest.php | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/LogoutTest.php b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/LogoutTest.php index 4d5522a4f008a..ddea9dc1742fe 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/LogoutTest.php +++ b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/LogoutTest.php @@ -35,18 +35,18 @@ public function testSessionLessRememberMeLogout() public function testCsrfTokensAreClearedOnLogout() { $client = $this->createClient(array('test_case' => 'LogoutWithoutSessionInvalidation', 'root_config' => 'config.yml')); - $client->getContainer()->get('test.security.csrf.token_storage')->setToken('foo', 'bar'); + static::$kernel->getContainer()->get('test.security.csrf.token_storage')->setToken('foo', 'bar'); $client->request('POST', '/login', array( '_username' => 'johannes', '_password' => 'test', )); - $this->assertTrue($client->getContainer()->get('test.security.csrf.token_storage')->hasToken('foo')); - $this->assertSame('bar', $client->getContainer()->get('test.security.csrf.token_storage')->getToken('foo')); + $this->assertTrue(static::$kernel->getContainer()->get('test.security.csrf.token_storage')->hasToken('foo')); + $this->assertSame('bar', static::$kernel->getContainer()->get('test.security.csrf.token_storage')->getToken('foo')); $client->request('GET', '/logout'); - $this->assertFalse($client->getContainer()->get('test.security.csrf.token_storage')->hasToken('foo')); + $this->assertFalse(static::$kernel->getContainer()->get('test.security.csrf.token_storage')->hasToken('foo')); } } From f14cd770b6cf421a302ae53c7c46294ead57ef20 Mon Sep 17 00:00:00 2001 From: Nicolas Grekas Date: Fri, 25 May 2018 13:50:55 +0200 Subject: [PATCH 52/74] [Security/Http] Fix deps conflict --- src/Symfony/Component/Security/Http/composer.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/Symfony/Component/Security/Http/composer.json b/src/Symfony/Component/Security/Http/composer.json index 74c0e77e7614d..f6758b6372021 100644 --- a/src/Symfony/Component/Security/Http/composer.json +++ b/src/Symfony/Component/Security/Http/composer.json @@ -31,7 +31,7 @@ "psr/log": "~1.0" }, "conflict": { - "symfony/security-csrf": ">=2.8.0,<2.8.41 || >=3.0.0,<3.3.17 || >=3.4.0,<3.4.11 || >=4.0.0,<4.0.11" + "symfony/security-csrf": "<2.8.41|~3.0,<3.3.17|~3.4,<3.4.11|~4.0,<4.0.11|~4.1,<=4.1.0-beta2" }, "suggest": { "symfony/security-csrf": "For using tokens to protect authentication/logout attempts", From 5eb17e55d2c3eb5736c35cc26d95189ac2d41f14 Mon Sep 17 00:00:00 2001 From: Nicolas Grekas Date: Fri, 25 May 2018 13:57:15 +0200 Subject: [PATCH 53/74] [DI] fix undefined offset in InlineServiceDefinitionsPass --- .../Compiler/InlineServiceDefinitionsPass.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/Symfony/Component/DependencyInjection/Compiler/InlineServiceDefinitionsPass.php b/src/Symfony/Component/DependencyInjection/Compiler/InlineServiceDefinitionsPass.php index a79e78b6b2a46..69fca11bd2e07 100644 --- a/src/Symfony/Component/DependencyInjection/Compiler/InlineServiceDefinitionsPass.php +++ b/src/Symfony/Component/DependencyInjection/Compiler/InlineServiceDefinitionsPass.php @@ -138,6 +138,6 @@ private function isInlineableDefinition($id, Definition $definition, ServiceRefe return false; } - return $this->container->getDefinition($ids[0])->isShared(); + return !$ids || $this->container->getDefinition($ids[0])->isShared(); } } From ef0b5004f80af699d8991498783f70cb80aa3e71 Mon Sep 17 00:00:00 2001 From: Fabien Potencier Date: Fri, 25 May 2018 14:02:41 +0200 Subject: [PATCH 54/74] updated CHANGELOG for 2.8.41 --- CHANGELOG-2.8.md | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/CHANGELOG-2.8.md b/CHANGELOG-2.8.md index 9f76090b789b7..522a83664793c 100644 --- a/CHANGELOG-2.8.md +++ b/CHANGELOG-2.8.md @@ -7,6 +7,15 @@ in 2.8 minor versions. To get the diff for a specific change, go to https://github.com/symfony/symfony/commit/XXX where XXX is the change hash To get the diff between two versions, go to https://github.com/symfony/symfony/compare/v2.8.0...v2.8.1 +* 2.8.41 (2018-05-25) + + * bug #27359 [HttpFoundation] Fix perf issue during MimeTypeGuesser intialization (nicolas-grekas) + * security #cve-2018-11408 [SecurityBundle] Fail if security.http_utils cannot be configured + * security #cve-2018-11406 clear CSRF tokens when the user is logged out + * security #cve-2018-11385 Adding session authentication strategy to Guard to avoid session fixation + * security #cve-2018-11385 Adding session strategy to ALL listeners to avoid *any* possible fixation + * security #cve-2018-11386 [HttpFoundation] Break infinite loop in PdoSessionHandler when MySQL is in loose mode + * 2.8.40 (2018-05-21) * bug #26781 [Form] Fix precision of MoneyToLocalizedStringTransformer's divisions on transform() (syastrebov) From 786970f17d1a1c9c12bbf07ec0ac16c2cfd3360d Mon Sep 17 00:00:00 2001 From: Fabien Potencier Date: Fri, 25 May 2018 14:02:50 +0200 Subject: [PATCH 55/74] updated VERSION for 2.8.41 --- src/Symfony/Component/HttpKernel/Kernel.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/Symfony/Component/HttpKernel/Kernel.php b/src/Symfony/Component/HttpKernel/Kernel.php index 70038526fac48..d7ac3985b4457 100644 --- a/src/Symfony/Component/HttpKernel/Kernel.php +++ b/src/Symfony/Component/HttpKernel/Kernel.php @@ -59,12 +59,12 @@ abstract class Kernel implements KernelInterface, TerminableInterface protected $startTime; protected $loadClassCache; - const VERSION = '2.8.41-DEV'; + const VERSION = '2.8.41'; const VERSION_ID = 20841; const MAJOR_VERSION = 2; const MINOR_VERSION = 8; const RELEASE_VERSION = 41; - const EXTRA_VERSION = 'DEV'; + const EXTRA_VERSION = ''; const END_OF_MAINTENANCE = '11/2018'; const END_OF_LIFE = '11/2019'; From 37846d453a9ff12a2de1f46defb954a6bf14ac72 Mon Sep 17 00:00:00 2001 From: Fabien Potencier Date: Fri, 25 May 2018 14:30:40 +0200 Subject: [PATCH 56/74] bumped Symfony version to 2.8.42 --- src/Symfony/Component/HttpKernel/Kernel.php | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/src/Symfony/Component/HttpKernel/Kernel.php b/src/Symfony/Component/HttpKernel/Kernel.php index d7ac3985b4457..0e298381b9b7f 100644 --- a/src/Symfony/Component/HttpKernel/Kernel.php +++ b/src/Symfony/Component/HttpKernel/Kernel.php @@ -59,12 +59,12 @@ abstract class Kernel implements KernelInterface, TerminableInterface protected $startTime; protected $loadClassCache; - const VERSION = '2.8.41'; - const VERSION_ID = 20841; + const VERSION = '2.8.42-DEV'; + const VERSION_ID = 20842; const MAJOR_VERSION = 2; const MINOR_VERSION = 8; - const RELEASE_VERSION = 41; - const EXTRA_VERSION = ''; + const RELEASE_VERSION = 42; + const EXTRA_VERSION = 'DEV'; const END_OF_MAINTENANCE = '11/2018'; const END_OF_LIFE = '11/2019'; From 99327a6153fda78c36c9a61232cd061edcdb7f7e Mon Sep 17 00:00:00 2001 From: Samuel ROZE Date: Fri, 25 May 2018 13:03:43 +0100 Subject: [PATCH 57/74] [Github] Update the pull-request template --- .github/PULL_REQUEST_TEMPLATE.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/PULL_REQUEST_TEMPLATE.md b/.github/PULL_REQUEST_TEMPLATE.md index 94f0fabcc4676..b6f39741d9dbc 100644 --- a/.github/PULL_REQUEST_TEMPLATE.md +++ b/.github/PULL_REQUEST_TEMPLATE.md @@ -1,6 +1,6 @@ | Q | A | ------------- | --- -| Branch? | master for features / 2.7 up to 4.0 for bug fixes +| Branch? | master for features / 2.8 up to 4.1 for bug fixes | Bug fix? | yes/no | New feature? | yes/no | BC breaks? | no From 37e543329acee80edba3ead5e2ea53e42f2c8b5b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Gabriel=20Ostroluck=C3=BD?= Date: Thu, 24 May 2018 23:24:34 +0200 Subject: [PATCH 58/74] Default testsuite to latest PHPUnit 6.* Necessary to fix each() function deprecation calls introduced in PHP 7.2 --- phpunit | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/phpunit b/phpunit index c0ffe8ddef9e9..f4b80ed064121 100755 --- a/phpunit +++ b/phpunit @@ -8,7 +8,7 @@ if (!file_exists(__DIR__.'/vendor/symfony/phpunit-bridge/bin/simple-phpunit')) { exit(1); } if (\PHP_VERSION_ID >= 70000 && !getenv('SYMFONY_PHPUNIT_VERSION')) { - putenv('SYMFONY_PHPUNIT_VERSION=6.0'); + putenv('SYMFONY_PHPUNIT_VERSION=6.5'); } putenv('SYMFONY_PHPUNIT_DIR='.__DIR__.'/.phpunit'); require __DIR__.'/vendor/symfony/phpunit-bridge/bin/simple-phpunit'; From 0a4a0c0bc95dbbbea443c048dd6c605a723eb5e3 Mon Sep 17 00:00:00 2001 From: Fabien Potencier Date: Fri, 25 May 2018 15:16:19 +0200 Subject: [PATCH 59/74] updated CHANGELOG for 3.4.11 --- CHANGELOG-3.4.md | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/CHANGELOG-3.4.md b/CHANGELOG-3.4.md index 4b307918d34b4..37f4a76efce85 100644 --- a/CHANGELOG-3.4.md +++ b/CHANGELOG-3.4.md @@ -7,6 +7,19 @@ in 3.4 minor versions. To get the diff for a specific change, go to https://github.com/symfony/symfony/commit/XXX where XXX is the change hash To get the diff between two versions, go to https://github.com/symfony/symfony/compare/v3.4.0...v3.4.1 +* 3.4.11 (2018-05-25) + + * bug #27364 [DI] Fix bad exception on uninitialized references to non-shared services (nicolas-grekas) + * bug #27359 [HttpFoundation] Fix perf issue during MimeTypeGuesser intialization (nicolas-grekas) + * security #cve-2018-11408 [SecurityBundle] Fail if security.http_utils cannot be configured + * security #cve-2018-11406 clear CSRF tokens when the user is logged out + * security #cve-2018-11385 migrating session for UsernamePasswordJsonAuthenticationListener + * security #cve-2018-11385 Adding session authentication strategy to Guard to avoid session fixation + * security #cve-2018-11385 Adding session strategy to ALL listeners to avoid *any* possible fixation + * security #cve-2018-11386 [HttpFoundation] Break infinite loop in PdoSessionHandler when MySQL is in loose mode + * bug #27341 [WebProfilerBundle] Fixed validator/dump trace CSS (yceruto) + * bug #27337 [FrameworkBundle] fix typo in CacheClearCommand (emilielorenzo) + * 3.4.10 (2018-05-21) * bug #27264 [Validator] Use strict type in URL validator (mimol91) From 136824a7491d2e41cc5fd1718184bdf61dddf80b Mon Sep 17 00:00:00 2001 From: Fabien Potencier Date: Fri, 25 May 2018 15:16:28 +0200 Subject: [PATCH 60/74] updated VERSION for 3.4.11 --- src/Symfony/Component/HttpKernel/Kernel.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/Symfony/Component/HttpKernel/Kernel.php b/src/Symfony/Component/HttpKernel/Kernel.php index 5e3b9a857827f..ca0f0b95c7a8c 100644 --- a/src/Symfony/Component/HttpKernel/Kernel.php +++ b/src/Symfony/Component/HttpKernel/Kernel.php @@ -67,12 +67,12 @@ abstract class Kernel implements KernelInterface, RebootableInterface, Terminabl private $requestStackSize = 0; private $resetServices = false; - const VERSION = '3.4.11-DEV'; + const VERSION = '3.4.11'; const VERSION_ID = 30411; const MAJOR_VERSION = 3; const MINOR_VERSION = 4; const RELEASE_VERSION = 11; - const EXTRA_VERSION = 'DEV'; + const EXTRA_VERSION = ''; const END_OF_MAINTENANCE = '11/2020'; const END_OF_LIFE = '11/2021'; From f918da98194f08fca2c07f86f6ec1c8b76b7448a Mon Sep 17 00:00:00 2001 From: Fabien Potencier Date: Fri, 25 May 2018 15:32:08 +0200 Subject: [PATCH 61/74] bumped Symfony version to 3.4.12 --- src/Symfony/Component/HttpKernel/Kernel.php | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/src/Symfony/Component/HttpKernel/Kernel.php b/src/Symfony/Component/HttpKernel/Kernel.php index ca0f0b95c7a8c..242016f7c0878 100644 --- a/src/Symfony/Component/HttpKernel/Kernel.php +++ b/src/Symfony/Component/HttpKernel/Kernel.php @@ -67,12 +67,12 @@ abstract class Kernel implements KernelInterface, RebootableInterface, Terminabl private $requestStackSize = 0; private $resetServices = false; - const VERSION = '3.4.11'; - const VERSION_ID = 30411; + const VERSION = '3.4.12-DEV'; + const VERSION_ID = 30412; const MAJOR_VERSION = 3; const MINOR_VERSION = 4; - const RELEASE_VERSION = 11; - const EXTRA_VERSION = ''; + const RELEASE_VERSION = 12; + const EXTRA_VERSION = 'DEV'; const END_OF_MAINTENANCE = '11/2020'; const END_OF_LIFE = '11/2021'; From 905f917e18e0e3066ed590920d07f430029ead08 Mon Sep 17 00:00:00 2001 From: Fabien Potencier Date: Fri, 25 May 2018 15:32:46 +0200 Subject: [PATCH 62/74] updated CHANGELOG for 4.0.11 --- CHANGELOG-4.0.md | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/CHANGELOG-4.0.md b/CHANGELOG-4.0.md index 906a472b9fe36..7131036ba4fa8 100644 --- a/CHANGELOG-4.0.md +++ b/CHANGELOG-4.0.md @@ -7,6 +7,19 @@ in 4.0 minor versions. To get the diff for a specific change, go to https://github.com/symfony/symfony/commit/XXX where XXX is the change hash To get the diff between two versions, go to https://github.com/symfony/symfony/compare/v4.0.0...v4.0.1 +* 4.0.11 (2018-05-25) + + * bug #27364 [DI] Fix bad exception on uninitialized references to non-shared services (nicolas-grekas) + * bug #27359 [HttpFoundation] Fix perf issue during MimeTypeGuesser intialization (nicolas-grekas) + * security #cve-2018-11408 [SecurityBundle] Fail if security.http_utils cannot be configured + * security #cve-2018-11406 clear CSRF tokens when the user is logged out + * security #cve-2018-11385 migrating session for UsernamePasswordJsonAuthenticationListener + * security #cve-2018-11385 Adding session authentication strategy to Guard to avoid session fixation + * security #cve-2018-11385 Adding session strategy to ALL listeners to avoid *any* possible fixation + * security #cve-2018-11386 [HttpFoundation] Break infinite loop in PdoSessionHandler when MySQL is in loose mode + * bug #27341 [WebProfilerBundle] Fixed validator/dump trace CSS (yceruto) + * bug #27337 [FrameworkBundle] fix typo in CacheClearCommand (emilielorenzo) + * 4.0.10 (2018-05-21) * bug #27264 [Validator] Use strict type in URL validator (mimol91) From a9817429316c4936a77efe8ea55cf1af653578f1 Mon Sep 17 00:00:00 2001 From: Fabien Potencier Date: Fri, 25 May 2018 15:32:52 +0200 Subject: [PATCH 63/74] updated VERSION for 4.0.11 --- src/Symfony/Component/HttpKernel/Kernel.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/Symfony/Component/HttpKernel/Kernel.php b/src/Symfony/Component/HttpKernel/Kernel.php index 8004fc81ce514..09a288d6225ba 100644 --- a/src/Symfony/Component/HttpKernel/Kernel.php +++ b/src/Symfony/Component/HttpKernel/Kernel.php @@ -63,12 +63,12 @@ abstract class Kernel implements KernelInterface, RebootableInterface, Terminabl private $requestStackSize = 0; private $resetServices = false; - const VERSION = '4.0.11-DEV'; + const VERSION = '4.0.11'; const VERSION_ID = 40011; const MAJOR_VERSION = 4; const MINOR_VERSION = 0; const RELEASE_VERSION = 11; - const EXTRA_VERSION = 'DEV'; + const EXTRA_VERSION = ''; const END_OF_MAINTENANCE = '07/2018'; const END_OF_LIFE = '01/2019'; From 3b4d7ab56c1e3816f226d10bca72fdabc7170150 Mon Sep 17 00:00:00 2001 From: Nicolas Grekas Date: Thu, 24 May 2018 16:05:16 +0200 Subject: [PATCH 64/74] [DI] never inline lazy services --- .../Compiler/InlineServiceDefinitionsPass.php | 6 +- .../Tests/Dumper/PhpDumperTest.php | 16 +++- .../Tests/Fixtures/includes/classes.php | 6 +- .../Fixtures/php/services_non_shared_lazy.php | 74 +++++++++++++++++++ 4 files changed, 96 insertions(+), 6 deletions(-) create mode 100644 src/Symfony/Component/DependencyInjection/Tests/Fixtures/php/services_non_shared_lazy.php diff --git a/src/Symfony/Component/DependencyInjection/Compiler/InlineServiceDefinitionsPass.php b/src/Symfony/Component/DependencyInjection/Compiler/InlineServiceDefinitionsPass.php index e84a49eb70a2e..d987f950d44d4 100644 --- a/src/Symfony/Component/DependencyInjection/Compiler/InlineServiceDefinitionsPass.php +++ b/src/Symfony/Component/DependencyInjection/Compiler/InlineServiceDefinitionsPass.php @@ -106,11 +106,15 @@ private function inlineArguments(ContainerBuilder $container, array $arguments, */ private function isInlineableDefinition(ContainerBuilder $container, $id, Definition $definition) { + if ($definition->isDeprecated() || $definition->isLazy() || $definition->isSynthetic()) { + return false; + } + if (!$definition->isShared() || ContainerInterface::SCOPE_PROTOTYPE === $definition->getScope(false)) { return true; } - if ($definition->isDeprecated() || $definition->isPublic() || $definition->isLazy()) { + if ($definition->isPublic()) { return false; } diff --git a/src/Symfony/Component/DependencyInjection/Tests/Dumper/PhpDumperTest.php b/src/Symfony/Component/DependencyInjection/Tests/Dumper/PhpDumperTest.php index d59106fc3a4cf..e341a233b1165 100644 --- a/src/Symfony/Component/DependencyInjection/Tests/Dumper/PhpDumperTest.php +++ b/src/Symfony/Component/DependencyInjection/Tests/Dumper/PhpDumperTest.php @@ -11,7 +11,6 @@ namespace Symfony\Component\DependencyInjection\Tests\Dumper; -use DummyProxyDumper; use PHPUnit\Framework\TestCase; use Symfony\Component\DependencyInjection\ContainerBuilder; use Symfony\Component\DependencyInjection\Dumper\PhpDumper; @@ -278,6 +277,19 @@ public function testInlinedDefinitionReferencingServiceContainer() $this->assertStringEqualsFile(self::$fixturesPath.'/php/services13.php', $dumper->dump(), '->dump() dumps inline definitions which reference service_container'); } + public function testNonSharedLazyDefinitionReferences() + { + $container = new ContainerBuilder(); + $container->register('foo', 'stdClass')->setShared(false)->setLazy(true); + $container->register('bar', 'stdClass')->addArgument(new Reference('foo', ContainerBuilder::EXCEPTION_ON_INVALID_REFERENCE, false)); + $container->compile(); + + $dumper = new PhpDumper($container); + $dumper->setProxyDumper(new \DummyProxyDumper()); + + $this->assertStringEqualsFile(self::$fixturesPath.'/php/services_non_shared_lazy.php', $dumper->dump()); + } + public function testInitializePropertiesBeforeMethodCalls() { require_once self::$fixturesPath.'/includes/classes.php'; @@ -343,7 +355,7 @@ public function testCircularReferenceAllowanceForInlinedDefinitionsForLazyServic $dumper = new PhpDumper($container); - $dumper->setProxyDumper(new DummyProxyDumper()); + $dumper->setProxyDumper(new \DummyProxyDumper()); $dumper->dump(); $this->addToAssertionCount(1); diff --git a/src/Symfony/Component/DependencyInjection/Tests/Fixtures/includes/classes.php b/src/Symfony/Component/DependencyInjection/Tests/Fixtures/includes/classes.php index 92db8f3c5ebfb..c805f7d721e66 100644 --- a/src/Symfony/Component/DependencyInjection/Tests/Fixtures/includes/classes.php +++ b/src/Symfony/Component/DependencyInjection/Tests/Fixtures/includes/classes.php @@ -84,16 +84,16 @@ class DummyProxyDumper implements ProxyDumper { public function isProxyCandidate(Definition $definition) { - return false; + return $definition->isLazy(); } public function getProxyFactoryCode(Definition $definition, $id) { - return ''; + return " // lazy factory\n\n"; } public function getProxyCode(Definition $definition) { - return ''; + return "// proxy code\n"; } } diff --git a/src/Symfony/Component/DependencyInjection/Tests/Fixtures/php/services_non_shared_lazy.php b/src/Symfony/Component/DependencyInjection/Tests/Fixtures/php/services_non_shared_lazy.php new file mode 100644 index 0000000000000..f1f8e8409e6f3 --- /dev/null +++ b/src/Symfony/Component/DependencyInjection/Tests/Fixtures/php/services_non_shared_lazy.php @@ -0,0 +1,74 @@ +services = + $this->scopedServices = + $this->scopeStacks = array(); + $this->scopes = array(); + $this->scopeChildren = array(); + $this->methodMap = array( + 'bar' => 'getBarService', + 'foo' => 'getFooService', + ); + + $this->aliases = array(); + } + + /** + * {@inheritdoc} + */ + public function compile() + { + throw new LogicException('You cannot compile a dumped frozen container.'); + } + + /** + * {@inheritdoc} + */ + public function isFrozen() + { + return true; + } + + /** + * Gets the public 'bar' shared service. + * + * @return \stdClass + */ + protected function getBarService() + { + return $this->services['bar'] = new \stdClass($this->get('foo')); + } + + /** + * Gets the public 'foo' service. + * + * @return \stdClass + */ + public function getFooService($lazyLoad = true) + { + // lazy factory + + return new \stdClass(); + } +} + +// proxy code From 169a3b16883e8abe485dbe7b4fe7adf12f56a4f4 Mon Sep 17 00:00:00 2001 From: Nicolas Grekas Date: Fri, 25 May 2018 14:57:01 +0200 Subject: [PATCH 65/74] [FrameworkBundle] Fix using test.service_container when Client is rebooted --- src/Symfony/Bundle/FrameworkBundle/Client.php | 10 ++++++---- .../FrameworkBundle/Resources/config/test.xml | 2 +- .../Tests/Functional/AutowiringTypesTest.php | 18 ++++++------------ .../Functional/CachePoolClearCommandTest.php | 3 +-- .../Tests/Functional/CachePoolsTest.php | 2 +- .../Functional/ContainerDebugCommandTest.php | 4 ++-- .../Tests/Functional/SerializerTest.php | 3 +-- .../Tests/Functional/AutowiringTypesTest.php | 6 ++---- .../Tests/Functional/LogoutTest.php | 8 ++++---- .../config.yml | 5 ----- .../Bundle/SecurityBundle/composer.json | 2 +- 11 files changed, 25 insertions(+), 38 deletions(-) diff --git a/src/Symfony/Bundle/FrameworkBundle/Client.php b/src/Symfony/Bundle/FrameworkBundle/Client.php index 1499d050370aa..a5f6a1500bfbf 100644 --- a/src/Symfony/Bundle/FrameworkBundle/Client.php +++ b/src/Symfony/Bundle/FrameworkBundle/Client.php @@ -30,15 +30,15 @@ class Client extends BaseClient private $hasPerformedRequest = false; private $profiler = false; private $reboot = true; - private $container; + private $testContainerId; /** * {@inheritdoc} */ - public function __construct(KernelInterface $kernel, array $server = array(), History $history = null, CookieJar $cookieJar = null, ContainerInterface $container = null) + public function __construct(KernelInterface $kernel, array $server = array(), History $history = null, CookieJar $cookieJar = null, string $testContainerId = null) { parent::__construct($kernel, $server, $history, $cookieJar); - $this->container = $container; + $this->testContainerId = $testContainerId; } /** @@ -48,7 +48,9 @@ public function __construct(KernelInterface $kernel, array $server = array(), Hi */ public function getContainer() { - return $this->container ?? $this->kernel->getContainer(); + $container = $this->kernel->getContainer(); + + return null !== $this->testContainerId ? $container->get($this->testContainerId) : $container; } /** diff --git a/src/Symfony/Bundle/FrameworkBundle/Resources/config/test.xml b/src/Symfony/Bundle/FrameworkBundle/Resources/config/test.xml index d7aab2e068a58..f159208a41a28 100644 --- a/src/Symfony/Bundle/FrameworkBundle/Resources/config/test.xml +++ b/src/Symfony/Bundle/FrameworkBundle/Resources/config/test.xml @@ -16,7 +16,7 @@ %test.client.parameters% - + test.service_container diff --git a/src/Symfony/Bundle/FrameworkBundle/Tests/Functional/AutowiringTypesTest.php b/src/Symfony/Bundle/FrameworkBundle/Tests/Functional/AutowiringTypesTest.php index 0a7d2391d55e9..d73118a22a5c1 100644 --- a/src/Symfony/Bundle/FrameworkBundle/Tests/Functional/AutowiringTypesTest.php +++ b/src/Symfony/Bundle/FrameworkBundle/Tests/Functional/AutowiringTypesTest.php @@ -24,27 +24,24 @@ class AutowiringTypesTest extends WebTestCase public function testAnnotationReaderAutowiring() { static::bootKernel(array('root_config' => 'no_annotations_cache.yml', 'environment' => 'no_annotations_cache')); - $container = static::$kernel->getContainer(); - $annotationReader = $container->get('test.autowiring_types.autowired_services')->getAnnotationReader(); + $annotationReader = static::$container->get('test.autowiring_types.autowired_services')->getAnnotationReader(); $this->assertInstanceOf(AnnotationReader::class, $annotationReader); } public function testCachedAnnotationReaderAutowiring() { static::bootKernel(); - $container = static::$kernel->getContainer(); - $annotationReader = $container->get('test.autowiring_types.autowired_services')->getAnnotationReader(); + $annotationReader = static::$container->get('test.autowiring_types.autowired_services')->getAnnotationReader(); $this->assertInstanceOf(CachedReader::class, $annotationReader); } public function testTemplatingAutowiring() { static::bootKernel(); - $container = static::$kernel->getContainer(); - $autowiredServices = $container->get('test.autowiring_types.autowired_services'); + $autowiredServices = static::$container->get('test.autowiring_types.autowired_services'); $this->assertInstanceOf(FrameworkBundleEngineInterface::class, $autowiredServices->getFrameworkBundleEngine()); $this->assertInstanceOf(ComponentEngineInterface::class, $autowiredServices->getEngine()); } @@ -52,24 +49,21 @@ public function testTemplatingAutowiring() public function testEventDispatcherAutowiring() { static::bootKernel(array('debug' => false)); - $container = static::$kernel->getContainer(); - $autowiredServices = $container->get('test.autowiring_types.autowired_services'); + $autowiredServices = static::$container->get('test.autowiring_types.autowired_services'); $this->assertInstanceOf(EventDispatcher::class, $autowiredServices->getDispatcher(), 'The event_dispatcher service should be injected if the debug is not enabled'); static::bootKernel(array('debug' => true)); - $container = static::$kernel->getContainer(); - $autowiredServices = $container->get('test.autowiring_types.autowired_services'); + $autowiredServices = static::$container->get('test.autowiring_types.autowired_services'); $this->assertInstanceOf(TraceableEventDispatcher::class, $autowiredServices->getDispatcher(), 'The debug.event_dispatcher service should be injected if the debug is enabled'); } public function testCacheAutowiring() { static::bootKernel(); - $container = static::$kernel->getContainer(); - $autowiredServices = $container->get('test.autowiring_types.autowired_services'); + $autowiredServices = static::$container->get('test.autowiring_types.autowired_services'); $this->assertInstanceOf(FilesystemAdapter::class, $autowiredServices->getCachePool()); } diff --git a/src/Symfony/Bundle/FrameworkBundle/Tests/Functional/CachePoolClearCommandTest.php b/src/Symfony/Bundle/FrameworkBundle/Tests/Functional/CachePoolClearCommandTest.php index 386a43424eae0..3a77541521200 100644 --- a/src/Symfony/Bundle/FrameworkBundle/Tests/Functional/CachePoolClearCommandTest.php +++ b/src/Symfony/Bundle/FrameworkBundle/Tests/Functional/CachePoolClearCommandTest.php @@ -77,9 +77,8 @@ public function testClearUnexistingPool() private function createCommandTester() { - $container = static::$kernel->getContainer(); $application = new Application(static::$kernel); - $application->add(new CachePoolClearCommand($container->get('cache.global_clearer'))); + $application->add(new CachePoolClearCommand(static::$container->get('cache.global_clearer'))); return new CommandTester($application->find('cache:pool:clear')); } diff --git a/src/Symfony/Bundle/FrameworkBundle/Tests/Functional/CachePoolsTest.php b/src/Symfony/Bundle/FrameworkBundle/Tests/Functional/CachePoolsTest.php index eafc798a4838b..9cdb93a493f20 100644 --- a/src/Symfony/Bundle/FrameworkBundle/Tests/Functional/CachePoolsTest.php +++ b/src/Symfony/Bundle/FrameworkBundle/Tests/Functional/CachePoolsTest.php @@ -70,7 +70,7 @@ public function testRedisCustomCachePools() private function doTestCachePools($options, $adapterClass) { static::bootKernel($options); - $container = static::$kernel->getContainer(); + $container = static::$container; $pool1 = $container->get('cache.pool1'); $this->assertInstanceOf($adapterClass, $pool1); diff --git a/src/Symfony/Bundle/FrameworkBundle/Tests/Functional/ContainerDebugCommandTest.php b/src/Symfony/Bundle/FrameworkBundle/Tests/Functional/ContainerDebugCommandTest.php index 4bdf7592b45bc..21d9b1ca3b278 100644 --- a/src/Symfony/Bundle/FrameworkBundle/Tests/Functional/ContainerDebugCommandTest.php +++ b/src/Symfony/Bundle/FrameworkBundle/Tests/Functional/ContainerDebugCommandTest.php @@ -26,12 +26,12 @@ public function testDumpContainerIfNotExists() $application = new Application(static::$kernel); $application->setAutoExit(false); - @unlink(static::$kernel->getContainer()->getParameter('debug.container.dump')); + @unlink(static::$container->getParameter('debug.container.dump')); $tester = new ApplicationTester($application); $tester->run(array('command' => 'debug:container')); - $this->assertFileExists(static::$kernel->getContainer()->getParameter('debug.container.dump')); + $this->assertFileExists(static::$container->getParameter('debug.container.dump')); } public function testNoDebug() diff --git a/src/Symfony/Bundle/FrameworkBundle/Tests/Functional/SerializerTest.php b/src/Symfony/Bundle/FrameworkBundle/Tests/Functional/SerializerTest.php index bc7dc12ebfbca..bdcf462baea22 100644 --- a/src/Symfony/Bundle/FrameworkBundle/Tests/Functional/SerializerTest.php +++ b/src/Symfony/Bundle/FrameworkBundle/Tests/Functional/SerializerTest.php @@ -19,9 +19,8 @@ class SerializerTest extends WebTestCase public function testDeserializeArrayOfObject() { static::bootKernel(array('test_case' => 'Serializer')); - $container = static::$kernel->getContainer(); - $result = $container->get('serializer')->deserialize('{"bars": [{"id": 1}, {"id": 2}]}', Foo::class, 'json'); + $result = static::$container->get('serializer')->deserialize('{"bars": [{"id": 1}, {"id": 2}]}', Foo::class, 'json'); $bar1 = new Bar(); $bar1->id = 1; diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/AutowiringTypesTest.php b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/AutowiringTypesTest.php index a0bee3c01c1ca..25a70577b2c1e 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/AutowiringTypesTest.php +++ b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/AutowiringTypesTest.php @@ -19,15 +19,13 @@ class AutowiringTypesTest extends WebTestCase public function testAccessDecisionManagerAutowiring() { static::bootKernel(array('debug' => false)); - $container = static::$kernel->getContainer(); - $autowiredServices = $container->get('test.autowiring_types.autowired_services'); + $autowiredServices = static::$container->get('test.autowiring_types.autowired_services'); $this->assertInstanceOf(AccessDecisionManager::class, $autowiredServices->getAccessDecisionManager(), 'The security.access.decision_manager service should be injected in debug mode'); static::bootKernel(array('debug' => true)); - $container = static::$kernel->getContainer(); - $autowiredServices = $container->get('test.autowiring_types.autowired_services'); + $autowiredServices = static::$container->get('test.autowiring_types.autowired_services'); $this->assertInstanceOf(TraceableAccessDecisionManager::class, $autowiredServices->getAccessDecisionManager(), 'The debug.security.access.decision_manager service should be injected in non-debug mode'); } diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/LogoutTest.php b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/LogoutTest.php index ddea9dc1742fe..d3c3b77fd5d61 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/LogoutTest.php +++ b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/LogoutTest.php @@ -35,18 +35,18 @@ public function testSessionLessRememberMeLogout() public function testCsrfTokensAreClearedOnLogout() { $client = $this->createClient(array('test_case' => 'LogoutWithoutSessionInvalidation', 'root_config' => 'config.yml')); - static::$kernel->getContainer()->get('test.security.csrf.token_storage')->setToken('foo', 'bar'); + $client->getContainer()->get('security.csrf.token_storage')->setToken('foo', 'bar'); $client->request('POST', '/login', array( '_username' => 'johannes', '_password' => 'test', )); - $this->assertTrue(static::$kernel->getContainer()->get('test.security.csrf.token_storage')->hasToken('foo')); - $this->assertSame('bar', static::$kernel->getContainer()->get('test.security.csrf.token_storage')->getToken('foo')); + $this->assertTrue($client->getContainer()->get('security.csrf.token_storage')->hasToken('foo')); + $this->assertSame('bar', $client->getContainer()->get('security.csrf.token_storage')->getToken('foo')); $client->request('GET', '/logout'); - $this->assertFalse(static::$kernel->getContainer()->get('test.security.csrf.token_storage')->hasToken('foo')); + $this->assertFalse($client->getContainer()->get('security.csrf.token_storage')->hasToken('foo')); } } diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/LogoutWithoutSessionInvalidation/config.yml b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/LogoutWithoutSessionInvalidation/config.yml index 1a4ade82b9d4c..9e5563fea5197 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/LogoutWithoutSessionInvalidation/config.yml +++ b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/LogoutWithoutSessionInvalidation/config.yml @@ -1,11 +1,6 @@ imports: - { resource: ./../config/framework.yml } -services: - test.security.csrf.token_storage: - alias: security.csrf.token_storage - public: true - security: encoders: Symfony\Component\Security\Core\User\User: plaintext diff --git a/src/Symfony/Bundle/SecurityBundle/composer.json b/src/Symfony/Bundle/SecurityBundle/composer.json index 0943db9af7ddf..31ecaeebeb4a3 100644 --- a/src/Symfony/Bundle/SecurityBundle/composer.json +++ b/src/Symfony/Bundle/SecurityBundle/composer.json @@ -47,7 +47,7 @@ "symfony/security": "4.1.0-beta1|4.1.0-beta2", "symfony/var-dumper": "<3.4", "symfony/event-dispatcher": "<3.4", - "symfony/framework-bundle": "<4.1", + "symfony/framework-bundle": "<=4.1-beta2", "symfony/console": "<3.4" }, "autoload": { From 3de52144afd993438e7d82bea2a1f23cf71f73ca Mon Sep 17 00:00:00 2001 From: Fabien Potencier Date: Fri, 25 May 2018 16:06:48 +0200 Subject: [PATCH 66/74] bumped Symfony version to 4.0.12 --- src/Symfony/Component/HttpKernel/Kernel.php | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/src/Symfony/Component/HttpKernel/Kernel.php b/src/Symfony/Component/HttpKernel/Kernel.php index 09a288d6225ba..a2d61965b890d 100644 --- a/src/Symfony/Component/HttpKernel/Kernel.php +++ b/src/Symfony/Component/HttpKernel/Kernel.php @@ -63,12 +63,12 @@ abstract class Kernel implements KernelInterface, RebootableInterface, Terminabl private $requestStackSize = 0; private $resetServices = false; - const VERSION = '4.0.11'; - const VERSION_ID = 40011; + const VERSION = '4.0.12-DEV'; + const VERSION_ID = 40012; const MAJOR_VERSION = 4; const MINOR_VERSION = 0; - const RELEASE_VERSION = 11; - const EXTRA_VERSION = ''; + const RELEASE_VERSION = 12; + const EXTRA_VERSION = 'DEV'; const END_OF_MAINTENANCE = '07/2018'; const END_OF_LIFE = '01/2019'; From 40e59a6415b1b03c77432eb9654a6f6ec09fe2f7 Mon Sep 17 00:00:00 2001 From: Javier Eguiluz Date: Wed, 23 May 2018 15:49:17 +0200 Subject: [PATCH 67/74] Add code of Conduct links in our README --- README.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/README.md b/README.md index 16a7e1b489c4d..b9fc51b3cf964 100644 --- a/README.md +++ b/README.md @@ -30,6 +30,7 @@ Community * [Join the Symfony Community][11] and meet other members at the [Symfony events][12]. * [Get Symfony support][13] on Stack Overflow, Slack, IRC, etc. * Follow us on [GitHub][14], [Twitter][15] and [Facebook][16]. +* Read our [Code of Conduct][24] and meet the [CARE Team][25] Contributing ------------ @@ -72,3 +73,5 @@ Symfony development is sponsored by [SensioLabs][21], led by the [21]: https://sensiolabs.com [22]: https://symfony.com/doc/current/contributing/code/core_team.html [23]: https://github.com/symfony/symfony-demo +[24]: https://symfony.com/coc +[25]: https://symfony.com/doc/current/contributing/code_of_conduct/care_team.html From b7feef00aec39baa2c2c7b2fe7ce054e3ccaa3d8 Mon Sep 17 00:00:00 2001 From: kiler129 Date: Tue, 22 May 2018 22:00:46 -0500 Subject: [PATCH 68/74] [HttpKernel] reset kernel start time on reboot --- src/Symfony/Component/HttpKernel/Kernel.php | 12 ++++-------- .../Component/HttpKernel/Tests/KernelTest.php | 19 +++++++++++++++++-- 2 files changed, 21 insertions(+), 10 deletions(-) diff --git a/src/Symfony/Component/HttpKernel/Kernel.php b/src/Symfony/Component/HttpKernel/Kernel.php index 5e3b9a857827f..9806e240f7965 100644 --- a/src/Symfony/Component/HttpKernel/Kernel.php +++ b/src/Symfony/Component/HttpKernel/Kernel.php @@ -87,18 +87,10 @@ public function __construct($environment, $debug) $this->debug = (bool) $debug; $this->rootDir = $this->getRootDir(); $this->name = $this->getName(); - - if ($this->debug) { - $this->startTime = microtime(true); - } } public function __clone() { - if ($this->debug) { - $this->startTime = microtime(true); - } - $this->booted = false; $this->container = null; $this->requestStackSize = 0; @@ -110,6 +102,10 @@ public function __clone() */ public function boot() { + if ($this->debug) { + $this->startTime = microtime(true); + } + if (true === $this->booted) { if (!$this->requestStackSize && $this->resetServices) { if ($this->container->has('services_resetter')) { diff --git a/src/Symfony/Component/HttpKernel/Tests/KernelTest.php b/src/Symfony/Component/HttpKernel/Tests/KernelTest.php index a16ac37deebce..628be627fd4b4 100644 --- a/src/Symfony/Component/HttpKernel/Tests/KernelTest.php +++ b/src/Symfony/Component/HttpKernel/Tests/KernelTest.php @@ -901,6 +901,21 @@ public function testServicesResetter() $this->assertEquals(1, ResettableService::$counter); } + /** + * @group time-sensitive + */ + public function testKernelStartTimeIsResetWhileBootingAlreadyBootedKernel() + { + $kernel = $this->getKernelForTest(array('initializeBundles'), true); + $kernel->boot(); + $preReBoot = $kernel->getStartTime(); + + sleep(3600); //Intentionally large value to detect if ClockMock ever breaks + $kernel->boot(); + + $this->assertGreaterThan($preReBoot, $kernel->getStartTime()); + } + /** * Returns a mock for the BundleInterface. * @@ -970,10 +985,10 @@ protected function getKernel(array $methods = array(), array $bundles = array()) return $kernel; } - protected function getKernelForTest(array $methods = array()) + protected function getKernelForTest(array $methods = array(), $debug = false) { $kernel = $this->getMockBuilder('Symfony\Component\HttpKernel\Tests\Fixtures\KernelForTest') - ->setConstructorArgs(array('test', false)) + ->setConstructorArgs(array('test', $debug)) ->setMethods($methods) ->getMock(); $p = new \ReflectionProperty($kernel, 'rootDir'); From ab09fcc2497dc254f9df256d039b656bc7b3e507 Mon Sep 17 00:00:00 2001 From: Nicolas Grekas Date: Fri, 25 May 2018 16:46:53 +0200 Subject: [PATCH 69/74] Revert "bug #27312 Supress deprecation notices thrown when getting private servies from container in tests (arderyp)" This reverts commit 70c70e2d9ff7ca81f74b5d5dcd55faf06017e01f, reversing changes made to 7497ad4a6856acd5c84222187339a36426a22010. --- .../PhpUnit/DeprecationErrorHandler.php | 24 ------------------- 1 file changed, 24 deletions(-) diff --git a/src/Symfony/Bridge/PhpUnit/DeprecationErrorHandler.php b/src/Symfony/Bridge/PhpUnit/DeprecationErrorHandler.php index f614ac99001b7..29b1960798b8c 100644 --- a/src/Symfony/Bridge/PhpUnit/DeprecationErrorHandler.php +++ b/src/Symfony/Bridge/PhpUnit/DeprecationErrorHandler.php @@ -109,30 +109,6 @@ public static function register($mode = 0) } $trace = debug_backtrace(true); - - // Silence deprecation warnings about private service accessed - // from the service container if done so from a Test class. - // As of Symfony 4.1, there is a new TestContainer that allows - // fetching of private services within tests, so we no longer - // need to warn about this behavior. - // - // NOTE: the event at the top of the stack $trace (index 0) should - // always be the PhpUnitBridge's DeprecationErrorHandler; the - // second event (index 1) should be the trigger_error() event; - // the third event (index 2) should be the actual source of the - // triggered deprecation notice; and the fourth event (index 3) - // represents the action that called the deprecated code. In the - // scenario that we want to suppress, the 4th event will be an - // object instance of \PHPUnit\Framework\TestCase. - if (isset($trace[3]['object'])) { - $isPrivateServiceNotice = false !== strpos($msg, ' service is private, '); - $isNoticeForContainerGetHasUsage = 'Symfony\Component\DependencyInjection\Container' === $trace[2]['class'] && in_array($trace[2]['function'], array('get', 'has')); - $noticeWasTriggeredByPhpUnitTest = $trace[3]['object'] instanceof \PHPUnit\Framework\TestCase; - if ($isPrivateServiceNotice && $isNoticeForContainerGetHasUsage && $noticeWasTriggeredByPhpUnitTest) { - return false; - } - } - $group = 'other'; $isVendor = DeprecationErrorHandler::MODE_WEAK_VENDORS === $mode && $inVendors($file); From 9de5014b27feef6dc245b631b03911ca17fa40f3 Mon Sep 17 00:00:00 2001 From: Nicolas Grekas Date: Fri, 25 May 2018 17:06:28 +0200 Subject: [PATCH 70/74] [HttpKernel] Dont reset start time when not needed --- src/Symfony/Component/HttpKernel/Kernel.php | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/src/Symfony/Component/HttpKernel/Kernel.php b/src/Symfony/Component/HttpKernel/Kernel.php index 143006e4b1e7a..948c30a49544a 100644 --- a/src/Symfony/Component/HttpKernel/Kernel.php +++ b/src/Symfony/Component/HttpKernel/Kernel.php @@ -102,20 +102,22 @@ public function __clone() */ public function boot() { - if ($this->debug) { - $this->startTime = microtime(true); - } - if (true === $this->booted) { if (!$this->requestStackSize && $this->resetServices) { if ($this->container->has('services_resetter')) { $this->container->get('services_resetter')->reset(); } $this->resetServices = false; + if ($this->debug) { + $this->startTime = microtime(true); + } } return; } + if ($this->debug) { + $this->startTime = microtime(true); + } if ($this->debug && !isset($_ENV['SHELL_VERBOSITY']) && !isset($_SERVER['SHELL_VERBOSITY'])) { putenv('SHELL_VERBOSITY=3'); $_ENV['SHELL_VERBOSITY'] = 3; From 6fc7fdb182834a68987ca3fbea14abb1f4b972d6 Mon Sep 17 00:00:00 2001 From: Nicolas Grekas Date: Fri, 25 May 2018 17:22:00 +0200 Subject: [PATCH 71/74] [HttpKernel] fix test --- src/Symfony/Component/HttpKernel/Tests/KernelTest.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/Symfony/Component/HttpKernel/Tests/KernelTest.php b/src/Symfony/Component/HttpKernel/Tests/KernelTest.php index 628be627fd4b4..7cde2ac5e2ef9 100644 --- a/src/Symfony/Component/HttpKernel/Tests/KernelTest.php +++ b/src/Symfony/Component/HttpKernel/Tests/KernelTest.php @@ -911,7 +911,7 @@ public function testKernelStartTimeIsResetWhileBootingAlreadyBootedKernel() $preReBoot = $kernel->getStartTime(); sleep(3600); //Intentionally large value to detect if ClockMock ever breaks - $kernel->boot(); + $kernel->reboot(null); $this->assertGreaterThan($preReBoot, $kernel->getStartTime()); } From d5a8237b1cc73a7a75505fd3c8d2be6789c24a44 Mon Sep 17 00:00:00 2001 From: Nicolas Grekas Date: Fri, 25 May 2018 18:30:16 +0200 Subject: [PATCH 72/74] [Routing] Account for greediness when merging route patterns --- .../Matcher/Dumper/StaticPrefixCollection.php | 12 +++++ .../Tests/Fixtures/dumper/url_matcher11.php | 54 +++++++++---------- .../Routing/Tests/Matcher/UrlMatcherTest.php | 10 ++++ 3 files changed, 47 insertions(+), 29 deletions(-) diff --git a/src/Symfony/Component/Routing/Matcher/Dumper/StaticPrefixCollection.php b/src/Symfony/Component/Routing/Matcher/Dumper/StaticPrefixCollection.php index 05315defccdfc..cd9e6b4c3e7f3 100644 --- a/src/Symfony/Component/Routing/Matcher/Dumper/StaticPrefixCollection.php +++ b/src/Symfony/Component/Routing/Matcher/Dumper/StaticPrefixCollection.php @@ -151,6 +151,7 @@ private function getCommonPrefix(string $prefix, string $anotherPrefix): array $baseLength = \strlen($this->prefix); $end = min(\strlen($prefix), \strlen($anotherPrefix)); $staticLength = null; + set_error_handler(array(__CLASS__, 'handleError')); for ($i = $baseLength; $i < $end && $prefix[$i] === $anotherPrefix[$i]; ++$i) { if ('(' === $prefix[$i]) { @@ -174,13 +175,24 @@ private function getCommonPrefix(string $prefix, string $anotherPrefix): array if (('?' === ($prefix[$j] ?? '') || '?' === ($anotherPrefix[$j] ?? '')) && ($prefix[$j] ?? '') !== ($anotherPrefix[$j] ?? '')) { break; } + $subPattern = substr($prefix, $i, $j - $i); + if ($prefix !== $anotherPrefix && !preg_match('/^\(\[[^\]]++\]\+\+\)$/', $subPattern) && !preg_match('{(? array(array('_route' => 'a', '_locale' => 'en'), array('_locale'), null, null), 43 => array(array('_route' => 'b', '_locale' => 'en'), array('_locale'), null, null), - 58 => array(array('_route' => 'c', '_locale' => 'en'), array('_locale', 'id'), null, null), - 73 => array(array('_route' => 'd', '_locale' => 'en'), array('_locale', 'id'), null, null), - 86 => array(array('_route' => 'e', '_locale' => 'en'), array('_locale', 'id'), null, null), - 104 => array(array('_route' => 'f', '_locale' => 'en'), array('_locale'), null, null), - 120 => array(array('_route' => 'g', '_locale' => 'en'), array('_locale'), null, null), - 144 => array(array('_route' => 'h', '_locale' => 'en'), array('_locale', 'page'), null, null), - 165 => array(array('_route' => 'i', '_locale' => 'en'), array('_locale', 'page'), null, null), - 192 => array(array('_route' => 'j', '_locale' => 'en'), array('_locale', 'id'), null, null), - 206 => array(array('_route' => 'k', '_locale' => 'en'), array('_locale'), null, null), - 223 => array(array('_route' => 'l', '_locale' => 'en'), array('_locale'), null, null), - 234 => array(array('_route' => 'm', '_locale' => 'en'), array('_locale'), null, null), - 253 => array(array('_route' => 'n', '_locale' => 'en'), array('_locale'), null, null), + 55 => array(array('_route' => 'c', '_locale' => 'en'), array('_locale', 'id'), null, null), + 72 => array(array('_route' => 'd', '_locale' => 'en'), array('_locale', 'id'), null, null), + 91 => array(array('_route' => 'e', '_locale' => 'en'), array('_locale', 'id'), null, null), + 107 => array(array('_route' => 'f', '_locale' => 'en'), array('_locale'), null, null), + 123 => array(array('_route' => 'g', '_locale' => 'en'), array('_locale'), null, null), + 147 => array(array('_route' => 'h', '_locale' => 'en'), array('_locale', 'page'), null, null), + 168 => array(array('_route' => 'i', '_locale' => 'en'), array('_locale', 'page'), null, null), + 195 => array(array('_route' => 'j', '_locale' => 'en'), array('_locale', 'id'), null, null), + 209 => array(array('_route' => 'k', '_locale' => 'en'), array('_locale'), null, null), + 226 => array(array('_route' => 'l', '_locale' => 'en'), array('_locale'), null, null), + 237 => array(array('_route' => 'm', '_locale' => 'en'), array('_locale'), null, null), + 256 => array(array('_route' => 'n', '_locale' => 'en'), array('_locale'), null, null), ); list($ret, $vars, $requiredMethods, $requiredSchemes) = $routes[$m]; @@ -139,7 +135,7 @@ private function doMatch(string $rawPathinfo, array &$allow = array(), array &$a return $ret; } - if (253 === $m) { + if (256 === $m) { break; } $regex = substr_replace($regex, 'F', $m - $offset, 1 + strlen($m)); diff --git a/src/Symfony/Component/Routing/Tests/Matcher/UrlMatcherTest.php b/src/Symfony/Component/Routing/Tests/Matcher/UrlMatcherTest.php index 0ba61c948610f..b3bfd78271bf3 100644 --- a/src/Symfony/Component/Routing/Tests/Matcher/UrlMatcherTest.php +++ b/src/Symfony/Component/Routing/Tests/Matcher/UrlMatcherTest.php @@ -611,6 +611,16 @@ public function testRequirementWithCapturingGroup() $this->assertEquals(array('_route' => 'a', 'a' => 'a', 'b' => 'b'), $matcher->match('/a/b')); } + public function testDotAllWithCatchAll() + { + $coll = new RouteCollection(); + $coll->add('a', new Route('/{id}.html', array(), array('id' => '.+'))); + $coll->add('b', new Route('/{all}', array(), array('all' => '.+'))); + + $matcher = $this->getUrlMatcher($coll); + $this->assertEquals(array('_route' => 'a', 'id' => 'foo/bar'), $matcher->match('/foo/bar.html')); + } + protected function getUrlMatcher(RouteCollection $routes, RequestContext $context = null) { return new UrlMatcher($routes, $context ?: new RequestContext()); From a89a1019a72effa02f7c79ceeaf7ec90a4966236 Mon Sep 17 00:00:00 2001 From: Fabien Potencier Date: Sat, 26 May 2018 17:53:18 +0200 Subject: [PATCH 73/74] updated CHANGELOG for 4.1.0-BETA3 --- CHANGELOG-4.1.md | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) diff --git a/CHANGELOG-4.1.md b/CHANGELOG-4.1.md index 5437c76fd6bad..a042563276456 100644 --- a/CHANGELOG-4.1.md +++ b/CHANGELOG-4.1.md @@ -7,6 +7,30 @@ in 4.1 minor versions. To get the diff for a specific change, go to https://github.com/symfony/symfony/commit/XXX where XXX is the change hash To get the diff between two versions, go to https://github.com/symfony/symfony/compare/v4.1.0...v4.1.1 +* 4.1.0-BETA3 (2018-05-26) + + * bug #27388 [Routing] Account for greediness when merging route patterns (nicolas-grekas) + * bug #27344 [HttpKernel] reset kernel start time on reboot (kiler129) + * bug #27365 [Serializer] Check the value of enable_max_depth if defined (dunglas) + * bug #27358 [PhpUnitBridge] silence some stderr outputs (ostrolucky) + * bug #27366 [DI] never inline lazy services (nicolas-grekas) + * bug #27352 Remove reference to the test container after kernel shutdown (stof) + * bug #27350 [HttpKernel] fix deprecation in AbstractTestSessionListener (alekitto) + * bug #27367 [FrameworkBundle] cleanup generated test container (nicolas-grekas) + * bug #27379 [FrameworkBundle] Fix using test.service_container when Client is rebooted (nicolas-grekas) + * bug #27364 [DI] Fix bad exception on uninitialized references to non-shared services (nicolas-grekas) + * bug #27359 [HttpFoundation] Fix perf issue during MimeTypeGuesser intialization (nicolas-grekas) + * security #cve-2018-11408 [SecurityBundle] Fail if security.http_utils cannot be configured + * security #cve-2018-11406 clear CSRF tokens when the user is logged out + * security #cve-2018-11385 migrating session for UsernamePasswordJsonAuthenticationListener + * security #cve-2018-11385 migrating session for UsernamePasswordJsonAuthenticationListener + * security #cve-2018-11385 Adding session authentication strategy to Guard to avoid session fixation + * security #cve-2018-11385 Adding session strategy to ALL listeners to avoid *any* possible fixation + * security #cve-2018-11386 [HttpFoundation] Break infinite loop in PdoSessionHandler when MySQL is in loose mode + * bug #27341 [WebProfilerBundle] Fixed validator/dump trace CSS (yceruto) + * bug #27337 [FrameworkBundle] fix typo in CacheClearCommand (emilielorenzo) + * bug #27292 [Serializer] Fix and improve constraintViolationListNormalizer's RFC7807 compliance (dunglas) + * 4.1.0-BETA2 (2018-05-21) * bug #27312 Supress deprecation notices thrown when getting private servies from container in tests (arderyp) From ce538ca5590b65d0a98f89859fdf968902c5f98a Mon Sep 17 00:00:00 2001 From: Fabien Potencier Date: Sat, 26 May 2018 17:53:24 +0200 Subject: [PATCH 74/74] updated VERSION for 4.1.0-BETA3 --- src/Symfony/Component/HttpKernel/Kernel.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/Symfony/Component/HttpKernel/Kernel.php b/src/Symfony/Component/HttpKernel/Kernel.php index 051ad7b5a0cb0..4fbabf8d9bfcc 100644 --- a/src/Symfony/Component/HttpKernel/Kernel.php +++ b/src/Symfony/Component/HttpKernel/Kernel.php @@ -63,12 +63,12 @@ abstract class Kernel implements KernelInterface, RebootableInterface, Terminabl private $requestStackSize = 0; private $resetServices = false; - const VERSION = '4.1.0-DEV'; + const VERSION = '4.1.0-BETA3'; const VERSION_ID = 40100; const MAJOR_VERSION = 4; const MINOR_VERSION = 1; const RELEASE_VERSION = 0; - const EXTRA_VERSION = 'DEV'; + const EXTRA_VERSION = 'BETA3'; const END_OF_MAINTENANCE = '01/2019'; const END_OF_LIFE = '07/2019';