Merge branch '2.7' into 2.8

* 2.7:
  [#5472] Minor tweak and adding code example
  [#5453] Minor tweaks - mostly thanks to Javier
  Reword
  Fix caching
  Fix build
  Added a tip about hashing the result of nextBytes()
  rework the quick tour's big picture
  fix for Symfony 2.7
  Fix after install URL and new photo since AcmeDemoBundle is not part of 2.7
  Improve travis build speed

.travis.yml

@@ -1,16 +1,18 @@
 language: python
 
-python:
-    - "2.7"
+python: "2.7"
 
 sudo: false
 
-install: 
-    - "pip install -q -r requirements.txt --use-mirrors"
+cache:
+    directories:
+        - $HOME/.cache/pip
+        - _build
+
+install: pip install sphinx==1.1.3
 
 script: sphinx-build -nW -b html -d _build/doctrees . _build/html
 
 branches:
   except:
     - github-comments
-

book/security.rst

@@ -994,7 +994,7 @@ other users. Also, as the admin user, you yourself want to be able to edit
 
 To accomplish this you have 2 options:
 
-* :doc:`Voters </cookbook/security/voters>` allow you to use business logic
+* :doc:`Voters </cookbook/security/voters>` allow you to write own business logic
   (e.g. the user can edit this post because they were the creator) to determine
   access. You'll probably want this option - it's flexible enough to solve the
   above situation.

components/security/secure_tools.rst

@@ -50,11 +50,21 @@ to work correctly. Just pass a file name to enable it::
     use Symfony\Component\Security\Core\Util\SecureRandom;
 
     $generator = new SecureRandom('/some/path/to/store/the/seed.txt');
+
     $random = $generator->nextBytes(10);
+    $hashedRandom = md5($random); // see tip below
 
 .. note::
 
-    If you're using the Symfony Framework, you can access a secure random
-    instance directly from the container: its name is ``security.secure_random``.
+    If you're using the Symfony Framework, you can get a secure random number
+    generator via the ``security.secure_random`` service.
+
+.. tip::
+
+    The ``nextBytes()`` method returns a binary string which may contain the
+    ``\0`` character. This can cause trouble in several common scenarios, such
+    as storing this value in a database or including it as part of the URL. The
+    solution is to hash the value returned by ``nextBytes()`` (to do that, you
+    can use a simple ``md5()`` PHP function).
 
 .. _`Timing attack`: http://en.wikipedia.org/wiki/Timing_attack

cookbook/security/voters.rst

@@ -28,8 +28,9 @@ All voters are called each time you use the ``isGranted()`` method on Symfony's
 authorization checker (i.e. the ``security.authorization_checker`` service). Each
 one decides if the current user should have access to some resource.
 
-Ultimately, Symfony uses one of three different approaches on what to do
-with the feedback from all voters: affirmative, consensus and unanimous.
+Ultimately, Symfony takes the responses from all voters and makes the final
+decission (to allow or deny access to the resource) according to the strategy defined
+in the application, which can be: affirmative, consensus or unanimous.
 
 For more information take a look at
 :ref:`the section about access decision managers <components-security-access-decision-manager>`.

quick_tour/the_big_picture.rst

@@ -106,20 +106,16 @@ Congratulations! Your first Symfony project is up and running!
     them are explained in the
     :ref:`Setting up Permissions <book-installation-permissions>` section
     of the official book.
-    
+
     If the welcome page does not seem to be rendering CSS or image assets,
     install them first:
-    
+
     .. code-block:: bash
-    
+
         $ php app/console assets:install
 
 When you are finished working on your Symfony application, you can stop
-the server with the ``server:stop`` command:
-
-.. code-block:: bash
-
-    $ php app/console server:stop
+the server by pressing Ctrl and C.
 
 .. tip::
 
@@ -135,15 +131,15 @@ of database calls, HTML tags and other PHP code in the same script. To achieve
 this goal with Symfony, you'll first need to learn a few fundamental concepts.
 
 When developing a Symfony application, your responsibility as a developer
-is to write the code that maps the user's *request* (e.g.  ``http://localhost:8000/``)
-to the *resource* associated with it (the ``Welcome to Symfony!`` HTML page).
+is to write the code that maps the user's *request* (e.g.  ``http://localhost:8000/app/example``)
+to the *resource* associated with it (the ``Homepage`` HTML page).
 
 The code to execute is defined in **actions** and **controllers**. The mapping
 between user's requests and that code is defined via the **routing** configuration.
 And the contents displayed in the browser are usually rendered using **templates**.
 
-When you browsed ``http://localhost:8000/`` earlier, Symfony executed the
-controller defined in the ``src/AppBundle/Controller/DefaultController.php``
+When you browsed ``http://localhost:8000/app/example`` earlier, Symfony executed
+the controller defined in the ``src/AppBundle/Controller/DefaultController.php``
 file and rendered the ``app/Resources/views/default/index.html.twig`` template.
 In the following sections you'll learn in detail the inner workings of Symfony
 controllers, routes and templates.
@@ -186,7 +182,7 @@ information and then they render a template to show the results to the user.
 
 In this example, the ``index`` action is practically empty because it doesn't
 need to call any other method. The action just renders a template with the
-*Welcome to Symfony!* content.
+*Homepage.* content.
 
 Routing
 ~~~~~~~
@@ -221,8 +217,8 @@ start with ``/**``, whereas regular PHP comments start with ``/*``.
 The first value of ``@Route()`` defines the URL that will trigger the execution
 of the action. As you don't have to add the host of your application to
 the URL (e.g. ```http://example.com``), these URLs are always relative and
-they are usually called *paths*. In this case, the ``/`` path refers to
-the application homepage. The second value of ``@Route()`` (e.g.
+they are usually called *paths*. In this case, the ``/app/example`` path
+refers to the application homepage. The second value of ``@Route()`` (e.g.
 ``name="homepage"``) is optional and sets the name of this route. For now
 this name is not needed, but later it'll be useful for linking pages.