symfony
diff --git a/‎_images/components/messenger/overview.png
-21.9 KB b/‎_images/components/messenger/overview.png
-21.9 KB
diff --git a/‎_images/components/messenger/overview.svg
Lines changed: 1 addition & 0 deletions b/‎_images/components/messenger/overview.svg
Lines changed: 1 addition & 0 deletions
diff --git a/‎_images/components/serializer/serializer_workflow.png
-37 KB b/‎_images/components/serializer/serializer_workflow.png
-37 KB
diff --git a/‎_images/components/serializer/serializer_workflow.svg
Lines changed: 1 addition & 0 deletions b/‎_images/components/serializer/serializer_workflow.svg
Lines changed: 1 addition & 0 deletions
diff --git a/‎_images/http/request-flow.png
-75.3 KB b/‎_images/http/request-flow.png
-75.3 KB
diff --git a/‎_images/http/request-flow.svg
Lines changed: 1 addition & 0 deletions b/‎_images/http/request-flow.svg
Lines changed: 1 addition & 0 deletions
diff --git a/‎_images/security/authentication-guard-methods.svg
Lines changed: 1 addition & 1 deletion b/‎_images/security/authentication-guard-methods.svg
Lines changed: 1 addition & 1 deletion
diff --git a/‎_images/sources/components/messenger/overview.dia
2.29 KB b/‎_images/sources/components/messenger/overview.dia
2.29 KB
diff --git a/‎_images/sources/components/serializer/serializer_workflow.dia
1.73 KB b/‎_images/sources/components/serializer/serializer_workflow.dia
1.73 KB
diff --git a/‎_images/sources/http/request-flow.dia
2.93 KB b/‎_images/sources/http/request-flow.dia
2.93 KB
diff --git a/‎_images/sources/security/authentication-guard-methods.dia
163 Bytes b/‎_images/sources/security/authentication-guard-methods.dia
163 Bytes
diff --git a/‎components/console/events.rst
Lines changed: 0 additions & 11 deletions b/‎components/console/events.rst
Lines changed: 0 additions & 11 deletions
diff --git a/‎components/messenger.rst
Lines changed: 3 additions & 1 deletion b/‎components/messenger.rst
Lines changed: 3 additions & 1 deletion
diff --git a/‎components/serializer.rst
Lines changed: 4 additions & 2 deletions b/‎components/serializer.rst
Lines changed: 4 additions & 2 deletions
diff --git a/‎configuration.rst
Lines changed: 1 addition & 2 deletions b/‎configuration.rst
Lines changed: 1 addition & 2 deletions
diff --git a/‎configuration/dot-env-changes.rst
Lines changed: 7 additions & 5 deletions b/‎configuration/dot-env-changes.rst
Lines changed: 7 additions & 5 deletions
diff --git a/‎contributing/code/security.rst
Lines changed: 72 additions & 0 deletions b/‎contributing/code/security.rst
Lines changed: 72 additions & 0 deletions
diff --git a/‎controller.rst
Lines changed: 1 addition & 1 deletion b/‎controller.rst
Lines changed: 1 addition & 1 deletion
diff --git a/‎doctrine/pdo_session_storage.rst
Lines changed: 4 additions & 4 deletions b/‎doctrine/pdo_session_storage.rst
Lines changed: 4 additions & 4 deletions
diff --git a/‎doctrine/registration_form.rst
Lines changed: 1 addition & 1 deletion b/‎doctrine/registration_form.rst
Lines changed: 1 addition & 1 deletion
diff --git a/‎doctrine/reverse_engineering.rst
Lines changed: 17 additions & 0 deletions b/‎doctrine/reverse_engineering.rst
Lines changed: 17 additions & 0 deletions
diff --git a/‎frontend/encore/copy-files.rst
Lines changed: 5 additions & 2 deletions b/‎frontend/encore/copy-files.rst
Lines changed: 5 additions & 2 deletions
diff --git a/‎introduction/from_flat_php_to_symfony2.rst
Lines changed: 6 additions & 6 deletions b/‎introduction/from_flat_php_to_symfony2.rst
Lines changed: 6 additions & 6 deletions
diff --git a/‎introduction/http_fundamentals.rst
Lines changed: 5 additions & 5 deletions b/‎introduction/http_fundamentals.rst
Lines changed: 5 additions & 5 deletions
diff --git a/‎profiler/wdt_follow_ajax.rst
Lines changed: 4 additions & 0 deletions b/‎profiler/wdt_follow_ajax.rst
Lines changed: 4 additions & 0 deletions
diff --git a/‎quick_tour/the_architecture.rst
Lines changed: 2 additions & 3 deletions b/‎quick_tour/the_architecture.rst
Lines changed: 2 additions & 3 deletions
diff --git a/‎reference/constraints/IdenticalTo.rst
Lines changed: 10 additions & 1 deletion b/‎reference/constraints/IdenticalTo.rst
Lines changed: 10 additions & 1 deletion
@@ -94,17 +94,6 @@ event listeners, the ``ConsoleEvents::ERROR`` event is dispatched. A listener
 can wrap or change the exception or do anything useful before the exception is
 thrown by the application.
 
-The ``ConsoleEvents::ERROR`` Event
-----------------------------------
-
-**Typical Purposes**: Handle exceptions thrown during the execution of a
-command.
-
 Whenever an exception is thrown by a command, including those triggered from
-event listeners, the ``ConsoleEvents::ERROR`` event is dispatched. A listener
-can wrap or change the exception or do anything useful before the exception is
-thrown by the application.
-
 Listeners receive a
 :class:`Symfony\\Component\\Console\\Event\\ConsoleErrorEvent` event::
 
 
@@ -31,7 +31,9 @@ Alternatively, you can clone the `<https://github.com/symfony/messenger>`_ repos
 Concepts
 --------
 
-.. image:: /_images/components/messenger/overview.png
+.. raw:: html
+
+    <object data="../_images/components/messenger/overview.svg" type="image/svg+xml"></object>
 
 **Sender**:
    Responsible for serializing and sending messages to *something*. This
 
@@ -10,7 +10,9 @@ The Serializer Component
 
 In order to do so, the Serializer component follows the following schema.
 
-.. image:: /_images/components/serializer/serializer_workflow.png
+.. raw:: html
+
+    <object data="../_images/components/serializer/serializer_workflow.svg" type="image/svg+xml"></object>
 
 As you can see in the picture above, an array is used as an intermediary between
 objects and serialized contents. This way, encoders will only deal with turning
@@ -714,7 +716,7 @@ The ``XmlEncoder`` will encode this object like that::
 Be aware that this encoder will consider keys beginning with ``@`` as attributes::
 
     $encoder = new XmlEncoder();
-    $encoder->encode(array('foo' => array('@bar' => 'value')));
+    $encoder->encode(array('foo' => array('@bar' => 'value')), 'xml');
     // will return:
     // <?xml version="1.0"?>
     // <response>
 
@@ -269,8 +269,7 @@ You can also create a few other ``.env`` files that will be loaded:
   ``prod`` environment but will *not* be committed to your repository.
 
 If you decide to set real environment variables on production, the ``.env`` files
-will *not* be loaded if Symfony detects that a real ``APP_ENV`` environment variable
-exists and is set to ``prod``.
+*are* still loaded, but your real environment variables will override those values.
 
 Environments & the Other Config Files
 -------------------------------------
 
@@ -30,9 +30,10 @@ important changes:
   other environments. You can also create a ``.env.test`` file for test-environment
   overrides.
 
-* E) If you pass the ``--env=`` flag when running ``bin/console``, this value will
-  override your ``APP_ENV`` environment variable (if set). And so, if you pass
-  ``--env=prod``, the DotEnv component *will* try to load your ``.env*`` files.
+* E) `One further change to the recipe in January 2019`_ means that your ``.env``
+  files are *always* loaded, even if you set an ``APP_ENV=prod`` environment
+  variable. The purpose is for the ``.env`` files to define default values that
+  you can override if you want to with real environment values.
 
 There are a few other improvements, but these are the most important. To take advantage
 of these, you *will* need to modify a few files in your existing app.
@@ -52,7 +53,7 @@ changes can be made to any Symfony 3.4 or higher app:
    file. If you've customized this file, make sure to keep those changes (but use
    the rest of the changes).
 
-#. Update your `bin/console`_ (`bin/console diff`_) file to load the new ``config/bootstrap.php`` file.
+#. Update your `bin/console`_ file to load the new ``config/bootstrap.php`` file.
 
 #. Update ``.gitignore``:
 
@@ -64,6 +65,7 @@ changes can be made to any Symfony 3.4 or higher app:
        ###> symfony/framework-bundle ###
        - /.env
        + /.env.local
+       + /.env.local.php
        + /.env.*.local
     
        # ...
@@ -90,7 +92,7 @@ changes can be made to any Symfony 3.4 or higher app:
 .. _`public/index.php`: https://github.com/symfony/recipes/blob/master/symfony/framework-bundle/3.3/public/index.php
 .. _`index.php diff`: https://github.com/symfony/recipes/compare/8a4e5555e30d5dff64275e2788a901f31a214e79...f54d6a468405d0d8d27b0e790dc09a01e337777a#diff-473fca613b5bda15d87731036cb31586
 .. _`bin/console`: https://github.com/symfony/recipes/blob/master/symfony/console/3.3/bin/console
-.. _`bin/console diff`: https://github.com/symfony/recipes/compare/8a4e5555e30d5dff64275e2788a901f31a214e79...f54d6a468405d0d8d27b0e790dc09a01e337777a#diff-2af50efd729ff8e61dcbd936cf2b114b
 .. _`comment on the top of .env`: https://github.com/symfony/recipes/blob/master/symfony/flex/1.0/.env
 .. _`create a new .env.test`: https://github.com/symfony/recipes/blob/master/symfony/phpunit-bridge/3.3/.env.test
 .. _`phpunit.xml.dist file`: https://github.com/symfony/recipes/blob/master/symfony/phpunit-bridge/3.3/phpunit.xml.dist
+.. _`One further change to the recipe in January 2019`: https://github.com/symfony/recipes/pull/501
@@ -91,6 +91,78 @@ of the downstream projects included in this process:
 * Drupal (releases typically happen on Wednesdays)
 * eZPublish
 
+Issue Severity
+--------------
+
+In order to determine the severity of a security issue we take into account
+the complexity of any potential attack, the impact of the vulnerability and
+also how many projects it is likely to affect. This score out of 15 is then
+converted into a level of: Low, Medium, High, Critical, or Exceptional.
+
+Attack Complexity
+~~~~~~~~~~~~~~~~~
+
+*Score of between 1 and 5 depending on how complex it is to exploit the
+vulnerability*
+
+* 4 - 5 Basic: attacker must follow a set of simple steps
+* 2 - 3 Complex: attacker must follow non-intuitive steps with a high level
+  of dependencies
+* 1 - 2 High: A successful attack depends on conditions beyond the attacker's
+  control. That is, a successful attack cannot be accomplished at will, but
+  requires the attacker to invest in some measurable amount of effort in
+  preparation or execution against the vulnerable component before a successful
+  attack can be expected.
+
+Impact
+~~~~~~
+
+*Scores from the following areas are added together to produce a score. The
+score for Impact is capped at 6. Each area is scored between 0 and 4.*
+
+* Integrity: Does this vulnerability cause non-public data to be accessible?
+  If so, does the attacker have control over the data disclosed? (0-4)
+* Disclosure: Can this exploit allow system data (or data handled by the
+  system) to be compromised? If so, does the attacker have control over
+  modification? (0-4)
+* Code Execution: Does the vulnerability allow arbitrary code to be executed
+  on an end-users system, or the server that it runs on? (0-4)
+* Availability: Is the availability of a service or application affected? Is
+  it reduced availability or total loss of availability of a service /
+  application? Availability includes networked services (e.g., databases) or
+  resources such as consumption of network bandwidth, processor cycles, or
+  disk space. (0-4)
+
+Affected Projects
+~~~~~~~~~~~~~~~~~
+
+*Scores from the following areas are added together to produce a score. The
+score for Affected Projects is capped at 4.*
+
+* Will it affect some or all using a component? (1-2)
+* Is the usage of the component that would cause such a thing already
+  considered bad practice? (0-1)
+* How common/popular is the component (e.g. Console vs HttpFoundation vs
+  Lock)? (0-2)
+* Are a number of well-known open source projects using Symfony affected
+  that requires coordinated releases? (0-1)
+
+Score Totals
+~~~~~~~~~~~~
+
+* Attack Complexity: 1 - 4
+* Impact: 1 - 6
+* Affected Projects: 1 - 4
+
+Severity levels
+~~~~~~~~~~~~~~~
+
+* Low: 1 - 5
+* Medium: 6 - 10
+* High: 11 - 12
+* Critical: 13 - 14
+* Exceptional: 15
+
 Security Advisories
 -------------------
 
 
@@ -148,7 +148,7 @@ and ``redirect()`` methods::
         // redirect to a route with parameters
         return $this->redirectToRoute('app_lucky_number', array('max' => 10));
 
-        // redirects to a route and mantains the original query string parameters
+        // redirects to a route and maintains the original query string parameters
         return $this->redirectToRoute('blog_show', $request->query->all());
 
         // redirects externally
 
@@ -23,7 +23,7 @@ To use it, first register a new handler service:
 
             Symfony\Component\HttpFoundation\Session\Storage\Handler\PdoSessionHandler:
                 arguments:
-                    - 'mysql:dbname=mydatabase, host=myhost'
+                    - 'mysql:dbname=mydatabase; host=myhost; port=myport'
                     - { db_username: myuser, db_password: mypassword }
 
                     # If you're using Doctrine & want to re-use that connection, then:
@@ -61,7 +61,7 @@ To use it, first register a new handler service:
 
         $storageDefinition = $container->autowire(PdoSessionHandler::class)
             ->setArguments(array(
-                'mysql:dbname=mydatabase, host=myhost',
+                'mysql:dbname=mydatabase; host=myhost; port=myport',
                 array('db_username' => 'myuser', 'db_password' => 'mypassword'),
             ))
         ;
@@ -123,7 +123,7 @@ a second array argument to ``PdoSessionHandler``:
 
             Symfony\Component\HttpFoundation\Session\Storage\Handler\PdoSessionHandler:
                 arguments:
-                    - 'mysql:dbname=mydatabase, host=myhost'
+                    - 'mysql:dbname=mydatabase; host=myhost; port=myport'
                     - { db_table: 'sessions', db_username: 'myuser', db_password: 'mypassword' }
 
     .. code-block:: xml
@@ -156,7 +156,7 @@ a second array argument to ``PdoSessionHandler``:
 
         $container->autowire(PdoSessionHandler::class)
             ->setArguments(array(
-                'mysql:dbname=mydatabase, host=myhost',
+                'mysql:dbname=mydatabase; host=myhost; port=myport',
                 array('db_table' => 'sessions', 'db_username' => 'myuser', 'db_password' => 'mypassword')
             ))
         ;
 
@@ -152,7 +152,7 @@ saves the user::
         public function register(Request $request, UserPasswordEncoderInterface $passwordEncoder): Response
         {
             $user = new User();
-            $form = $this->createForm(RegistrationFormType::class);
+            $form = $this->createForm(RegistrationFormType::class, $user);
             $form->handleRequest($request);
 
             if ($form->isSubmitted() && $form->isValid()) {
 
@@ -70,6 +70,23 @@ files: ``BlogPost.php`` and ``BlogComment.php``.
 
         $ php bin/console doctrine:mapping:import 'App\Entity' xml --path=config/doctrine
 
+    In this case, make sure to adapt your mapping configuration accordingly:
+
+    .. code-block:: yaml
+
+        # config/packages/doctrine.yaml
+        doctrine:
+            # ...
+            orm:
+                # ...
+                mappings:
+                    App:
+                        is_bundle: false
+                        type: yml # Set to xml in case of XML mapping
+                        dir: '%kernel.project_dir%/config/doctrine'
+                        prefix: 'App\Entity'
+                        alias: App
+
 Generating the Getters & Setters or PHP Classes
 -----------------------------------------------
 
 
@@ -44,6 +44,9 @@ files into your final output directory.
     +         // optional target path, relative to the output dir
     +         //to: 'images/[path][name].[ext]',
     +
+    +         // if versioning is enabled, add the file hash too
+    +         //to: 'images/[path][name].[hash:8].[ext]',
+    +
     +         // only copy files matching this pattern
     +         //pattern: /\.(png|jpg|jpeg)$/
     +     })
@@ -57,10 +60,10 @@ To render inside Twig, use the ``asset()`` function:
 .. code-block:: html+twig
 
     {# assets/images/logo.png was copied to public/build/logo.png #}
-    <img src="{{ asset('build/logo.png') }}"
+    <img src="{{ asset('build/logo.png') }}">
 
     {# assets/images/subdir/logo.png was copied to public/build/subdir/logo.png #}
-    <img src="{{ asset('build/subdir/logo.png') }}"
+    <img src="{{ asset('build/subdir/logo.png') }}">
 
 Make sure you've enabled the :ref:`json_manifest_path <load-manifest-files>` option,
 which tells the ``asset()`` function to read the final paths from the ``manifest.json``
 
@@ -181,7 +181,7 @@ of the application are isolated in a new file called ``model.php``::
     in this example, only a portion (or none) of the model is actually concerned
     with accessing a database.
 
-The controller (``index.php``) is now is just a few lines of code::
+The controller (``index.php``) is now just a few lines of code::
 
     // index.php
     require_once 'model.php';
@@ -262,7 +262,7 @@ an individual blog result based on a given id::
     {
         $connection = open_database_connection();
 
-        $query = 'SELECT created_at, title, body FROM post WHERE  id=:id';
+        $query = 'SELECT created_at, title, body FROM post WHERE id=:id';
         $statement = $connection->prepare($query);
         $statement->bindValue(':id', $id, PDO::PARAM_INT);
         $statement->execute();
@@ -533,7 +533,7 @@ a simple application. Along the way, you've made a simple routing
 system and a method using ``ob_start()`` and ``ob_get_clean()`` to render
 templates. If, for some reason, you needed to continue building this "framework"
 from scratch, you could at least use Symfony's standalone
-:doc:`Routing </components/routing>` and component and :doc:`Twig </templating>`,
+:doc:`Routing </components/routing>` component and :doc:`Twig </templating>`,
 which already solve these problems.
 
 Instead of re-solving common problems, you can let Symfony take care of
@@ -664,9 +664,9 @@ object are sent back to the client.
 
 It's a beautiful thing.
 
-.. figure:: /_images/http/request-flow.png
-   :align: center
-   :alt: Symfony request flow
+.. raw:: html
+
+    <object data="../_images/http/request-flow.svg" type="image/svg+xml"></object>
 
 Where Symfony Delivers
 ----------------------
 
@@ -361,12 +361,12 @@ to do:
 
 .. _request-flow-figure:
 
-.. figure:: /_images/http/request-flow.png
-   :align: center
-   :alt: Symfony request flow
+.. raw:: html
+
+    <object data="../_images/http/request-flow.svg" type="image/svg+xml"></object>
 
-   Incoming requests are interpreted by the :doc:`Routing component </routing>` and
-   passed to PHP functions that return ``Response`` objects.
+Incoming requests are interpreted by the :doc:`Routing component </routing>` and
+passed to PHP functions that return ``Response`` objects.
 
 This may not make sense yet, but as you keep reading, you'll learn about :doc:`routes </routing>`
 and :doc:`controllers </controller>`: the two fundamental parts to creating a page.
 
@@ -21,6 +21,10 @@ Ideally this header should only be set during development and not for
 production. This can be accomplished by setting the header in a
 :ref:`kernel.response <component-http-kernel-kernel-response>` event listener::
 
+    use Symfony\Component\HttpKernel\Event\FilterResponseEvent;
+
+    // ...
+
     public function onKernelResponse(FilterResponseEvent $event)
     {
         $response = $event->getResponse();
 
@@ -288,9 +288,8 @@ as *environment* variables. This means that Symfony works *perfectly* with
 Platform as a Service (PaaS) deployment systems as well as Docker.
 
 But setting environment variables while developing can be a pain. That's why your
-app automatically loads a ``.env`` file, if the ``APP_ENV`` environment variable
-isn't set in the environment. The keys in this file then become environment variables
-and are read by your app:
+app automatically loads a ``.env`` file. The keys in this file then become environment
+variables and are read by your app:
 
 .. code-block:: bash
 
 
@@ -30,7 +30,7 @@ Basic Usage
 The following constraints ensure that:
 
 * ``firstName`` of ``Person`` class is equal to ``Mary`` *and* is a string
-* ``age`` is equal to``20`` *and* is of type integer
+* ``age`` is equal to ``20`` *and* is of type integer
 
 .. configuration-block::
 
@@ -61,6 +61,8 @@ The following constraints ensure that:
         # config/validator/validation.yaml
         App\Entity\Person:
             properties:
+                firstName:
+                    - IdenticalTo: Mary
                 age:
                     - IdenticalTo:
                         value: 20
@@ -74,6 +76,11 @@ The following constraints ensure that:
             xsi:schemaLocation="http://symfony.com/schema/dic/constraint-mapping http://symfony.com/schema/dic/constraint-mapping/constraint-mapping-1.0.xsd">
 
             <class name="App\Entity\Person">
+                <property name="firstName">
+                    <constraint name="IdenticalTo">
+                        <value>Mary</value>
+                    </constraint>
+                </property>
                 <property name="age">
                     <constraint name="IdenticalTo">
                         <option name="value">20</option>
@@ -94,6 +101,8 @@ The following constraints ensure that:
         {
             public static function loadValidatorMetadata(ClassMetadata $metadata)
             {
+                $metadata->addPropertyConstraint('firstName', new Assert\IdenticalTo('Mary'));
+
                 $metadata->addPropertyConstraint('age', new Assert\IdenticalTo(array(
                     'value' => 20,
                 )));
Original file line number	Diff line number	Diff line change
`@@ -152,7 +152,7 @@ saves the user::`
`152`	`152`	`public function register(Request $request, UserPasswordEncoderInterface $passwordEncoder): Response`
`153`	`153`	`{`
`154`	`154`	`$user = new User();`
`155`		`- $form = $this->createForm(RegistrationFormType::class);`
	`155`	`+ $form = $this->createForm(RegistrationFormType::class, $user);`
`156`	`156`	`$form->handleRequest($request);`
`157`	`157`
`158`	`158`	`if ($form->isSubmitted() && $form->isValid()) {`