Merge branch '3.2'

xabbuh · xabbuh · commit c45a7f2db0ab · 2017-01-11T21:35:59.000+01:00
* 3.2: (22 commits) Rename "console tasks" to "console commands" [Workflow] Add tip for workflow configuration default values Reflect private to hidden renaming in the file name Reflect renaming from private to hidden Added an article about private console commands Updated the explanation about framework.ide [#7214] fix option's default value strict default option for choice validation Reworded the user checker aliases explanation Remove duplicate use operator [Fix][httpKernel] Wrong links [Fix][Console] Missing autoloading by Composer Revert "Fixed wrong inheritance information" [#7318] Removing unnecessary word Minor fixes Explain what is the Symfony Core team Added the references to security vulnerabilities discovered in 2016 Improve configuration example text indents update year in license template describe should have an 's' on the end ...
diff --git a/components/console/usage.rst b/components/console/usage.rst
@@ -16,6 +16,8 @@ built-in options as well as a couple of built-in commands for the Console compon
         <?php
         // application.php
 
+        require __DIR__.'/vendor/autoload.php';
+
         use Symfony\Component\Console\Application;
 
         $application = new Application();
diff --git a/components/form.rst b/components/form.rst
@@ -194,20 +194,25 @@ to bootstrap or access Twig and add the :class:`Symfony\\Bridge\\Twig\\Extension
         $vendorTwigBridgeDir.'/Resources/views/Form',
     )));
     $formEngine = new TwigRendererEngine(array($defaultFormTheme));
-    $formEngine->setEnvironment($twig);
+    $twig->addRuntimeLoader(new \Twig_FactoryRuntimeLoader(array(
+        TwigRenderer::class => function () use ($formEngine, $csrfManager) {
+            return new TwigRenderer($formEngine, $csrfManager);
+        },
+    )));
 
     // ... (see the previous CSRF Protection section for more information)
 
     // add the FormExtension to Twig
-    $twig->addExtension(
-        new FormExtension(new TwigRenderer($formEngine, $csrfManager))
-    );
+    $twig->addExtension(new FormExtension());
 
     // create your form factory as normal
     $formFactory = Forms::createFormFactoryBuilder()
         // ...
         ->getFormFactory();
 
+.. versionadded:: 1.30
+    The ``Twig_FactoryRuntimeLoader`` was introduced in Twig 1.30.
+
 The exact details of your `Twig Configuration`_ will vary, but the goal is
 always to add the :class:`Symfony\\Bridge\\Twig\\Extension\\FormExtension`
 to Twig, which gives you access to the Twig functions for rendering forms.
diff --git a/components/http_kernel.rst b/components/http_kernel.rst
@@ -124,9 +124,9 @@ For general information on adding listeners to the events below, see
 
 .. caution::
 
-    As of 3.1 the :class:`Symfony\\Component\\Httpkernel\\HttpKernel` accepts a
+    As of 3.1 the :class:`Symfony\\Component\\HttpKernel\\HttpKernel` accepts a
     fourth argument, which must be an instance of
-    :class:`Symfony\\Component\\Httpkernel\\Controller\\ArgumentResolverInterface`.
+    :class:`Symfony\\Component\\HttpKernel\\Controller\\ArgumentResolverInterface`.
     In 4.0 this argument will become mandatory.
 
 .. seealso::
diff --git a/console/hide_commands.rst b/console/hide_commands.rst
@@ -0,0 +1,32 @@
+How to Hide Console Commands
+============================
+
+By default, all console commands are listed when executing the console application
+script without arguments or when using the ``list`` command.
+
+However, sometimes commands are not intended to be executed by end-users; for
+example, commands for the legacy parts of the application, commands exclusively
+executed through scheduled tasks, etc.
+
+In those cases, you can define the command as **hidden** by setting the
+``setHidden()`` method to ``true`` in the command configuration::
+
+    // src/AppBundle/Command/LegacyCommand.php
+    namespace AppBundle\Command;
+
+    use Symfony\Component\Console\Command\Command;
+
+    class LegacyCommand extends Command
+    {
+        protected function configure()
+        {
+            $this
+                ->setName('app:legacy')
+                ->setHidden(true)
+                // ...
+            ;
+        }
+    }
+
+Hidden commands behave the same as normal commands but they are no longer displayed
+in command listings, so end-users are not aware of their existence.
diff --git a/console/input.rst b/console/input.rst
@@ -134,7 +134,7 @@ Next, use this in the command to print the message multiple times::
         $output->writeln($text);
     }
 
-Now, when you run the task, you can optionally specify a ``--iterations``
+Now, when you run the command, you can optionally specify a ``--iterations``
 flag:
 
 .. code-block:: terminal
diff --git a/contributing/code/core_team.rst b/contributing/code/core_team.rst
@@ -1,7 +1,15 @@
 Symfony Core Team
 =================
 
-This document states the rules that govern the Symfony Core group. These rules
+The **Symfony Core** team is the group of developers that determine the
+direction and evolution of the Symfony project. Their votes rule if the
+features and patches proposed by the community are approved or rejected.
+
+All the Symfony Core members are long-time contributors with solid technical
+expertise and they have demonstrated a strong commitment to drive the project
+forward.
+
+This document states the rules that govern the Symfony Core team. These rules
 are effective upon publication of this document and all Symfony Core members
 must adhere to said rules and protocol.
 
diff --git a/contributing/code/license.rst b/contributing/code/license.rst
@@ -16,7 +16,7 @@ According to `Wikipedia`_:
 The License
 -----------
 
-Copyright (c) 2004-2016 Fabien Potencier
+Copyright (c) 2004-2017 Fabien Potencier
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal
diff --git a/contributing/code/security.rst b/contributing/code/security.rst
@@ -103,8 +103,11 @@ Security Advisories
 This section indexes security vulnerabilities that were fixed in Symfony
 releases, starting from Symfony 1.0.0:
 
-* November 23, 2015: `CVE-2015-8125: Potential Remote Timing Attack Vulnerability in Security Remember-Me Service <http://symfony.com/blog/cve-2015-8125-potential-remote-timing-attack-vulnerability-in-security-remember-me-service>`_ (2.3.35, 2.6.12 and 2.7.7)
-* November 23, 2015: `CVE-2015-8124: Session Fixation in the "Remember Me" Login Feature <http://symfony.com/blog/cve-2015-8124-session-fixation-in-the-remember-me-login-feature>`_ (2.3.35, 2.6.12 and 2.7.7)
+* May 9, 2016: `CVE-2016-2403: Unauthorized access on a misconfigured Ldap server when using an empty password <http://symfony.com/blog/cve-2016-2403-unauthorized-access-on-a-misconfigured-ldap-server-when-using-an-empty-password>`_ (2.8.0-2.8.5, 3.0.0-3.0.5)
+* May 9, 2016: `CVE-2016-4423: Large username storage in session <https://symfony.com/blog/cve-2016-4423-large-username-storage-in-session>`_ (2.3.0-2.3.40, 2.7.0-2.7.12, 2.8.0-2.8.5, 3.0.0-3.0.5)
+* January 18, 2016: `CVE-2016-1902: SecureRandom's fallback not secure when OpenSSL fails <https://symfony.com/blog/cve-2016-1902-securerandom-s-fallback-not-secure-when-openssl-fails>`_ (2.3.0-2.3.36, 2.6.0-2.6.12, 2.7.0-2.7.8)
+* November 23, 2015: `CVE-2015-8125: Potential Remote Timing Attack Vulnerability in Security Remember-Me Service <https://symfony.com/blog/cve-2015-8125-potential-remote-timing-attack-vulnerability-in-security-remember-me-service>`_ (2.3.35, 2.6.12 and 2.7.7)
+* November 23, 2015: `CVE-2015-8124: Session Fixation in the "Remember Me" Login Feature <https://symfony.com/blog/cve-2015-8124-session-fixation-in-the-remember-me-login-feature>`_ (2.3.35, 2.6.12 and 2.7.7)
 * May 26, 2015: `CVE-2015-4050: ESI unauthorized access <https://symfony.com/blog/cve-2015-4050-esi-unauthorized-access>`_ (Symfony 2.3.29, 2.5.12 and 2.6.8)
 * April 1, 2015: `CVE-2015-2309: Unsafe methods in the Request class <https://symfony.com/blog/cve-2015-2309-unsafe-methods-in-the-request-class>`_ (Symfony 2.3.27, 2.5.11 and 2.6.6)
 * April 1, 2015: `CVE-2015-2308: Esi Code Injection <https://symfony.com/blog/cve-2015-2308-esi-code-injection>`_ (Symfony 2.3.27, 2.5.11 and 2.6.6)
diff --git a/create_framework/routing.rst b/create_framework/routing.rst
@@ -56,7 +56,7 @@ Instead of an array for the URL map, the Routing component relies on a
 
     $routes = new RouteCollection();
 
-Let's add a route that describe the ``/hello/SOMETHING`` URL and add another
+Let's add a route that describes the ``/hello/SOMETHING`` URL and add another
 one for the simple ``/bye`` one::
 
     use Symfony\Component\Routing\Route;
diff --git a/doctrine.rst b/doctrine.rst
@@ -518,7 +518,7 @@ in your application. To do this, run:
     your entities) with how it *actually* looks, and executes the SQL statements
     needed to *update* the database schema to where it should be. In other
     words, if you add a new property with mapping metadata to ``Product``
-    and run this task, it will execute the "ALTER TABLE" statement needed
+    and run this command, it will execute the "ALTER TABLE" statement needed
     to add that new column to the existing ``product`` table.
 
     An even better way to take advantage of this functionality is via
diff --git a/doctrine/associations.rst b/doctrine/associations.rst
@@ -18,7 +18,7 @@ the class for you.
         --entity="AppBundle:Category" \
         --fields="name:string(255)"
 
-This task generates the ``Category`` entity for you, with an ``id`` field,
+This command generates the ``Category`` entity for you, with an ``id`` field,
 a ``name`` field and the associated getter and setter functions.
 
 Relationship Mapping Metadata
diff --git a/doctrine/console.rst b/doctrine/console.rst
@@ -16,13 +16,13 @@ command:
 A list of available commands will print out. You can find out more information
 about any of these commands (or any Symfony command) by running the ``help``
 command. For example, to get details about the ``doctrine:database:create``
-task, run:
+command, run:
 
 .. code-block:: terminal
 
     $ php bin/console help doctrine:database:create
 
-Some notable or interesting tasks include:
+Some notable or interesting commands include:
 
 * ``doctrine:ensure-production-settings`` - checks to see if the current
   environment is configured efficiently for production. This should always
diff --git a/forms.rst b/forms.rst
@@ -641,7 +641,6 @@ the choice is ultimately up to you.
 
         use AppBundle\Entity\Task;
         use Symfony\Component\OptionsResolver\OptionsResolver;
-        use AppBundle\Entity\Task;
 
         // ...
         public function configureOptions(OptionsResolver $resolver)
diff --git a/reference/configuration/framework.rst b/reference/configuration/framework.rst
@@ -211,25 +211,16 @@ ide
 
 **type**: ``string`` **default**: ``null``
 
-Symfony can turn file paths seen in dumps and exception messages into links
-that will open in your preferred text editor or IDE.
+Symfony turns file paths seen in variable dumps and exception messages into
+links that open those files right inside your browser. If you prefer to open
+those files in your favorite IDE or text editor, set this option to any of the
+following values: ``phpstorm`` (requires `PhpStormProtocol`_), ``sublime``,
+``textmate``, ``macvim`` and ``emacs``.
 
-Since every developer uses a different IDE, the recommended way to enable this
-feature is to configure it on a system level. This can be done by setting the
-``xdebug.file_link_format`` option in your ``php.ini`` configuration file.
-
-.. tip::
-
-    Setting the ``xdebug.file_link_format`` ini option works even if the Xdebug
-    extension is not enabled.
-
-Alternatively, you can use this ``ide`` configuration key.
-
-In both cases, the expected configuration value is a URL template that contains an
-``%f`` where the file path is expected and ``%l`` for the line number. When using
-the ``ide`` configuration key, percentages signs (``%``) must be escaped by
-doubling them. For example, if you use PHPstorm on the Mac OS platform, you will
-do something like:
+If you use another editor, the expected configuration value is a URL template
+that contains an ``%f`` placeholder where the file path is expected and ``%l``
+placeholder for the line number (percentage signs (``%``) must be escaped by
+doubling them to prevent Symfony from interpreting them as container parameters).
 
 .. configuration-block::
 
@@ -259,6 +250,22 @@ do something like:
             'ide' => 'phpstorm://open?file=%%f&line=%%l',
         ));
 
+Since every developer uses a different IDE, the recommended way to enable this
+feature is to configure it on a system level. This can be done by setting the
+``xdebug.file_link_format`` option in your ``php.ini`` configuration file. The
+format to use is the same as for the ``framework.ide`` option, but without the
+need to escape the percent signs (``%``) by doubling them.
+
+.. note::
+
+    If both ``framework.ide`` and ``xdebug.file_link_format`` are defined,
+    Symfony uses the value of the ``framework.ide`` option.
+
+.. tip::
+
+    Setting the ``xdebug.file_link_format`` ini option works even if the Xdebug
+    extension is not enabled.
+
 .. tip::
 
     When running your app in a container or in a virtual machine, you can tell
@@ -274,12 +281,6 @@ do something like:
     .. versionadded:: 3.2
         Guest to host mappings were introduced in Symfony 3.2.
 
-.. tip::
-
-    Symfony contains preconfigured URLs for some popular IDEs, you can set them
-    using the following values: ``phpstorm`` (requires `PhpStormProtocol`_),
-    ``sublime``, ``textmate``, ``macvim`` or ``emacs``.
-
 .. _reference-framework-test:
 
 test
diff --git a/reference/constraints/Choice.rst b/reference/constraints/Choice.rst
@@ -369,8 +369,13 @@ strict
 
 **type**: ``boolean`` **default**: ``false``
 
-If true, the validator will also check the type of the input value. Specifically,
+The validator will also check the type of the input value. Specifically,
 this value is passed to as the third argument to the PHP :phpfunction:`in_array`
 method when checking to see if a value is in the valid choices array.
 
+.. caution::
+
+    Setting the strict option of the Choice Constraint to ``false`` has been
+    deprecated as of Symfony 3.2 and the option will be changed to ``true`` as of 4.0.
+
 .. include:: /reference/constraints/_payload-option.rst.inc
diff --git a/reference/dic_tags.rst b/reference/dic_tags.rst
@@ -500,7 +500,7 @@ kernel.cache_warmer
 process
 
 Cache warming occurs whenever you run the ``cache:warmup`` or ``cache:clear``
-task (unless you pass ``--no-warmup`` to ``cache:clear``). It is also run
+command (unless you pass ``--no-warmup`` to ``cache:clear``). It is also run
 when handling the request, if it wasn't done by one of the commands yet.
 The purpose is to initialize any cache that will be needed by the application
 and prevent the first user from any significant "cache hit" where the cache
diff --git a/security/acl.rst b/security/acl.rst
@@ -91,8 +91,8 @@ First, you need to configure the connection the ACL system is supposed to use:
     domain objects. You can use whatever mapper you like for your objects, be it
     Doctrine ORM, MongoDB ODM, Propel, raw SQL, etc. The choice is yours.
 
-After the connection is configured, you have to import the database structure.
-Fortunately, there is a task for this. Simply run the following command:
+After the connection is configured, you have to import the database structure
+running the following command:
 
 .. code-block:: terminal
 
diff --git a/security/custom_provider.rst b/security/custom_provider.rst
@@ -211,11 +211,6 @@ Now you make the user provider available as a service:
     dependencies or configuration options or other services. Add these as
     arguments in the service definition.
 
-.. note::
-
-    Make sure the services file is being imported. See :ref:`service-container-imports-directive`
-    for details.
-
 Modify ``security.yml``
 -----------------------
 
diff --git a/security/user_checkers.rst b/security/user_checkers.rst
@@ -207,8 +207,3 @@ It's possible to have a different user checker per firewall.
                 ),
             ),
         ));
-
-.. note::
-
-    Internally the user checkers are aliased per firewall. For ``secured_area``
-    the alias ``security.user_checker.secured_area`` would point to ``app.user_checker``.
diff --git a/testing.rst b/testing.rst
@@ -457,7 +457,7 @@ Injection Container::
     $container = $client->getContainer();
 
 For a list of services available in your application, use the ``debug:container``
-console task.
+command.
 
 .. tip::
 
diff --git a/validation/groups.rst b/validation/groups.rst
@@ -166,11 +166,11 @@ the class name or the string ``Default``.
     object that's actually the one being validated.
 
     If you have inheritance (e.g. ``User extends BaseUser``) and you validate
-    with the class name of the subclass (i.e. ``User``), then only constraints
-    in the ``User`` will be validated. To validate the parent constraints as 
-    well you need to provide multiple groups (i.e ``User`` and ``BaseUser``) or
-    ``Default``.
-    
+    with the class name of the subclass (i.e. ``User``), then all constraints
+    in the ``User`` and ``BaseUser`` will be validated. However, if you
+    validate using the base class (i.e. ``BaseUser``), then only the default
+    constraints in the ``BaseUser`` class will be validated.
+
 To tell the validator to use a specific group, pass one or more group names
 as the third argument to the ``validate()`` method::
 
diff --git a/workflow/state-machines.rst b/workflow/state-machines.rst
@@ -32,17 +32,17 @@ Below is the configuration for the pull request state machine.
         framework:
             workflows:
                 pull_request:
-                   type: 'state_machine'
-                   supports:
+                    type: 'state_machine'
+                    supports:
                         - AppBundle\Entity\PullRequest
-                   places:
+                    places:
                         - start
                         - coding
                         - travis
                         - review
                         - merged
                         - closed
-                   transitions:
+                    transitions:
                         submit:
                             from: start
                             to: travis
diff --git a/workflow/usage.rst b/workflow/usage.rst
@@ -148,6 +148,12 @@ like this:
     The marking store type could be "multiple_state" or "single_state".
     A single state marking store does not support a model being on multiple places
     at the same time.
+    
+.. tip::
+
+    The ``type`` (default value ``single_state``) and ``arguments`` (default value ``marking``)
+    attributes of the ``marking_store`` option are optional. If omitted, their default values
+    will be used.
 
 With this workflow named ``blog_publishing``, you can get help to decide
 what actions that are allowed on a blog post. ::

Original file line number	Diff line number	Diff line change
`@@ -134,7 +134,7 @@ Next, use this in the command to print the message multiple times::`
`134`	`134`	`$output->writeln($text);`
`135`	`135`	`}`
`136`	`136`
`137`		-Now, when you run the task, you can optionally specify a ``--iterations``
	`137`	+Now, when you run the command, you can optionally specify a ``--iterations``
`138`	`138`	`flag:`
`139`	`139`
`140`	`140`	`.. code-block:: terminal`