8000 Merge branch '2.8' into 3.2 · symfony/symfony-docs@c673835 · GitHub
[go: up one dir, main page]

Skip to content

Commit c673835

Browse files
committed
Merge branch '2.8' into 3.2
* 2.8: added CVE 2017-11365 added URL where to ask for a CVE identifier add missing choices_as_values options
2 parents 412f112 + 5b486d9 commit c673835

File tree

3 files changed

+12
-6
lines changed

3 files changed

+12
-6
lines changed

contributing/code/security.rst

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -21,7 +21,7 @@ confirmed, the core-team works on a solution following these steps:
2121

2222
#. Send an acknowledgement to the reporter;
2323
#. Work on a patch;
24-
#. Get a CVE identifier from mitre.org;
24+
#. Get a CVE identifier from `mitre.org`_;
2525
#. Write a security announcement for the official Symfony `blog`_ about the
2626
vulnerability. This post should contain the following information:
2727

@@ -103,6 +103,7 @@ Security Advisories
103103
This section indexes security vulnerabilities that were fixed in Symfony
104104
releases, starting from Symfony 1.0.0:
105105

106+
* Jul 17, 2017, `CVE-2017-11365: Empty passwords validation issue <https://symfony.com/blog/cve-2017-11365-empty-passwords-validation-issue>`_ (2.7.30, 2.7.31, 2.8.23, 2.8.24, 3.2.10, 3.2.11, 3.3.3, and 3.3.4)
106107
* May 9, 2016: `CVE-2016-2403: Unauthorized access on a misconfigured Ldap server when using an empty password <https://symfony.com/blog/cve-2016-2403-unauthorized-access-on-a-misconfigured-ldap-server-when-using-an-empty-password>`_ (2.8.0-2.8.5, 3.0.0-3.0.5)
107108
* May 9, 2016: `CVE-2016-4423: Large username storage in session <https://symfony.com/blog/cve-2016-4423-large-username-storage-in-session>`_ (2.3.0-2.3.40, 2.7.0-2.7.12, 2.8.0-2.8.5, 3.0.0-3.0.5)
108109
* January 18, 2016: `CVE-2016-1902: SecureRandom's fallback not secure when OpenSSL fails <https://symfony.com/blog/cve-2016-1902-securerandom-s-fallback-not-secure-when-openssl-fails>`_ (2.3.0-2.3.36, 2.6.0-2.6.12, 2.7.0-2.7.8)
@@ -142,3 +143,4 @@ releases, starting from Symfony 1.0.0:
142143
.. _blog: https://symfony.com/blog/
143144
.. _Security Advisories: https://symfony.com/blog/category/security-advisories
144145
.. _`security advisories database`: https://github.com/FriendsOfPHP/security-advisories
146+
.. _`mitre.org`: https://cveform.mitre.org/

form/create_custom_field_type.rst

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -36,7 +36,8 @@ for form fields, which is ``<BundleName>\Form\Type``. Make sure the field extend
3636
'Standard Shipping' => 'standard',
3737
'Expedited Shipping' => 'expedited',
3838
'Priority Shipping' => 'priority',
39-
)
39+
),
40+
'choices_as_values' => true,
4041
));
4142
}
4243

@@ -391,6 +392,7 @@ shipping configuration::
391392
{
392393
$resolver->setDefaults(array(
393394
'choices' => array_flip($this->shippingOptions),
395+
'choices_as_values' => true,
394396
));
395397
}
396398

form/dynamic_form_modification.rst

Lines changed: 6 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -446,9 +446,10 @@ sport like this::
446446
$positions = null === $sport ? array() : $sport->getAvailablePositions();
447447

448448
$form->add('position', EntityType::class, array(
449-
'class' => 'AppBundle:Position',
449+
'class' => 'AppBundle:Position',
450450
'placeholder' => '',
451-
'choices' => $positions,
451+
'choices' => $positions,
452+
'choices_as_values' => true,
452453
));
453454
}
454455
);
@@ -502,9 +503,10 @@ The type would now look like::
502503
$positions = null === $sport ? array() : $sport->getAvailablePositions();
503504

504505
$form->add('position', EntityType::class, array(
505-
'class' => 'AppBundle:Position',
506+
'class' => 'AppBundle:Position',
506507
'placeholder' => '',
507-
'choices' => $positions,
508+
'choices' => $positions,
509+
'choices_as_values' => true,
508510
));
509511
};
510512

0 commit comments

Comments
 (0)
0