Skip to content

Commit

Permalink
Merge branch '2.8' into 3.0
Browse files Browse the repository at this point in the history
Conflicts:
	cookbook/security/_ircmaxwell_password-compat.rst.inc
  • Loading branch information
wouterj committed Dec 21, 2015
2 parents 786096e + e67deaa commit ec5671d
Show file tree
Hide file tree
Showing 17 changed files with 369 additions and 258 deletions.
2 changes: 1 addition & 1 deletion book/forms.rst
Original file line number Diff line number Diff line change
Expand Up @@ -1235,7 +1235,7 @@ Define your form type as a service.
.. code-block:: php
// src/AppBundle/Resources/config/services.php
use ;
use Symfony\Component\DependencyInjection\Reference;
$container->register('app.form.type.task', 'AppBundle\Form\Type\TaskType')
->addArgument(new Reference('app.my_service'))
Expand Down
75 changes: 28 additions & 47 deletions book/from_flat_php_to_symfony2.rst
Original file line number Diff line number Diff line change
Expand Up @@ -29,10 +29,9 @@ persisted to the database. Writing in flat PHP is quick and dirty:

<?php
// index.php
$link = mysql_connect('localhost', 'myuser', 'mypassword');
mysql_select_db('blog_db', $link);
$link = new PDO("mysql:host=localhost;dbname=blog_db", 'myuser', 'mypassword');

$result = mysql_query('SELECT id, title FROM post', $link);
$result = $link->query('SELECT id, title FROM post');
?>

<!DOCTYPE html>
Expand All @@ -43,7 +42,7 @@ persisted to the database. Writing in flat PHP is quick and dirty:
<body>
<h1>List of Posts</h1>
<ul>
<?php while ($row = mysql_fetch_assoc($result)): ?>
<?php while ($row = $result->fetch(PDO::FETCH_ASSOC)): ?>
<li>
<a href="/show.php?id=<?php echo $row['id'] ?>">
<?php echo $row['title'] ?>
Expand All @@ -55,7 +54,7 @@ persisted to the database. Writing in flat PHP is quick and dirty:
</html>

<?php
mysql_close($link);
$link = null;
?>

That's quick to write, fast to execute, and, as your app grows, impossible
Expand All @@ -81,26 +80,24 @@ Isolating the Presentation
~~~~~~~~~~~~~~~~~~~~~~~~~~

The code can immediately gain from separating the application "logic" from
the code that prepares the HTML "presentation":

.. code-block:: html+php
the code that prepares the HTML "presentation"::

// index.php
$link = mysql_connect('localhost', 'myuser', 'mypassword');
mysql_select_db('blog_db', $link);
$link = new PDO("mysql:host=localhost;dbname=blog_db", 'myuser', 'mypassword');

$result = mysql_query('SELECT id, title FROM post', $link);
$result = $link->query('SELECT id, title FROM post');

$posts = array();
while ($row = mysql_fetch_assoc($result)) {
while ($row = $result->fetch(PDO::FETCH_ASSOC)) {
$posts[] = $row;
}

mysql_close($link);
$link = null;

// include the HTML presentation code
require 'templates/list.php';


The HTML code is now stored in a separate file (``templates/list.php``), which
is primarily an HTML file that uses a template-like PHP syntax:

Expand Down Expand Up @@ -141,31 +138,29 @@ Isolating the Application (Domain) Logic
So far the application contains only one page. But what if a second page
needed to use the same database connection, or even the same array of blog
posts? Refactor the code so that the core behavior and data-access functions
of the application are isolated in a new file called ``model.php``:

.. code-block:: html+php
of the application are isolated in a new file called ``model.php``::

// model.php
function open_database_connection()
{
$link = mysql_connect('localhost', 'myuser', 'mypassword');
mysql_select_db('blog_db', $link);
$link = new PDO("mysql:host=localhost;dbname=blog_db", 'myuser', 'mypassword');

return $link;
}

function close_database_connection($link)
{
mysql_close($link);
$link = null;
}

function get_all_posts()
{
$link = open_database_connection();

$result = mysql_query('SELECT id, title FROM post', $link);
$result = $link->query('SELECT id, title FROM post');

$posts = array();
while ($row = mysql_fetch_assoc($result)) {
while ($row = $result->fetch(PDO::FETCH_ASSOC)) {
$posts[] = $row;
}
close_database_connection($link);
Expand All @@ -182,9 +177,7 @@ of the application are isolated in a new file called ``model.php``:
in this example, only a portion (or none) of the model is actually concerned
with accessing a database.

The controller (``index.php``) is now very simple:

.. code-block:: html+php
The controller (``index.php``) is now very simple::

require_once 'model.php';

Expand Down Expand Up @@ -261,21 +254,17 @@ an individual blog result based on a given id::
function get_post_by_id($id)
{
$link = open_database_connection();

$id = intval($id);
$query = 'SELECT created_at, title, body FROM post WHERE id = '.$id;
$result = mysql_query($query);
$row = mysql_fetch_assoc($result);
$result = $link->query('SELECT created_at, title, body FROM post WHERE id = '.$id);
$row = $result->fetch(PDO::FETCH_ASSOC);

close_database_connection($link);

return $row;
}

Next, create a new file called ``show.php`` - the controller for this new
page:

.. code-block:: html+php
page::

require_once 'model.php';

Expand Down Expand Up @@ -353,9 +342,7 @@ You're about to take a **big** step with the application. With one file handling
all requests, you can centralize things such as security handling, configuration
loading, and routing. In this application, ``index.php`` must now be smart
enough to render the blog post list page *or* the blog post show page based
on the requested URI:

.. code-block:: html+php
on the requested URI::

// index.php

Expand All @@ -365,19 +352,17 @@ on the requested URI:

// route the request internally
$uri = parse_url($_SERVER['REQUEST_URI'], PHP_URL_PATH);
if ('/index.php' == $uri) {
if ('/index.php' === $uri) {
list_action();
} elseif ('/index.php/show' == $uri && isset($_GET['id'])) {
} elseif ('/index.php/show' === $uri && isset($_GET['id'])) {
show_action($_GET['id']);
} else {
header('Status: 404 Not Found');
echo '<html><body><h1>Page Not Found</h1></body></html>';
}

For organization, both controllers (formerly ``index.php`` and ``show.php``)
are now PHP functions and each has been moved into a separate file, ``controllers.php``:

.. code-block:: php
are now PHP functions and each has been moved into a separate file, ``controllers.php``::

function list_action()
{
Expand Down Expand Up @@ -455,9 +440,7 @@ to interpret each request and return a response. To this end, Symfony provides
both a :class:`Symfony\\Component\\HttpFoundation\\Request` and a
:class:`Symfony\\Component\\HttpFoundation\\Response` class. These classes are
object-oriented representations of the raw HTTP request being processed and
the HTTP response being returned. Use them to improve the blog:

.. code-block:: html+php
the HTTP response being returned. Use them to improve the blog::

// index.php
require_once 'vendor/autoload.php';
Expand All @@ -468,9 +451,9 @@ the HTTP response being returned. Use them to improve the blog:
$request = Request::createFromGlobals();

$uri = $request->getPathInfo();
if ('/' == $uri) {
if ('/' === $uri) {
$response = list_action();
} elseif ('/show' == $uri && $request->query->has('id')) {
} elseif ('/show' === $uri && $request->query->has('id')) {
$response = show_action($request->query->get('id'));
} else {
$html = '<html><body><h1>Page Not Found</h1></body></html>';
Expand All @@ -482,9 +465,7 @@ the HTTP response being returned. Use them to improve the blog:

The controllers are now responsible for returning a ``Response`` object.
To make this easier, you can add a new ``render_template()`` function, which,
incidentally, acts quite a bit like the Symfony templating engine:

.. code-block:: php
incidentally, acts quite a bit like the Symfony templating engine::

// controllers.php
use Symfony\Component\HttpFoundation\Response;
Expand Down
22 changes: 2 additions & 20 deletions components/security/secure_tools.rst
Original file line number Diff line number Diff line change
@@ -1,26 +1,10 @@
Securely Comparing Strings and Generating Random Numbers
========================================================
Securely Generating Random Numbers
==================================

The Symfony Security component comes with a collection of nice utilities
related to security. These utilities are used by Symfony, but you should
also use them if you want to solve the problem they address.

Comparing Strings
~~~~~~~~~~~~~~~~~

The time it takes to compare two strings depends on their differences. This
can be used by an attacker when the two strings represent a password for
instance; it is known as a `Timing attack`_.

Internally, when comparing two passwords, Symfony uses a constant-time
algorithm; you can use the same strategy in your own code thanks to the
:class:`Symfony\\Component\\Security\\Core\\Util\\StringUtils` class::

use Symfony\Component\Security\Core\Util\StringUtils;

// is some known string (e.g. password) equal to some user input?
$bool = StringUtils::equals($knownString, $userInput);

Generating a Secure random Number
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Expand Down Expand Up @@ -61,5 +45,3 @@ to work correctly. Just pass a file name to enable it::
as storing this value in a database or including it as part of the URL. The
solution is to hash the value returned by ``nextBytes()`` (to do that, you
can use a simple ``md5()`` PHP function).

.. _`Timing attack`: https://en.wikipedia.org/wiki/Timing_attack
52 changes: 36 additions & 16 deletions cookbook/assetic/apply_to_option.rst
Original file line number Diff line number Diff line change
Expand Up @@ -29,14 +29,24 @@ An example configuration might look like this:
.. code-block:: xml
<!-- app/config/config.xml -->
<assetic:config>
<assetic:filter
name="coffee"
bin="/usr/bin/coffee/"
node="/usr/bin/node/">
<assetic:node-path>/usr/lib/node_modules/</assetic:node-path>
</assetic:filter>
</assetic:config>
<?xml version="1.0" encoding="UTF-8"?>
<container xmlns="http://symfony.com/schema/dic/services"
xmlns:assetic="http://symfony.com/schema/dic/assetic"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://symfony.com/schema/dic/services
http://symfony.com/schema/dic/services/services-1.0.xsd
http://symfony.com/schema/dic/assetic
http://symfony.com/schema/dic/assetic/assetic-1.0.xsd">
<assetic:config>
<assetic:filter
name="coffee"
bin="/usr/bin/coffee/"
node="/usr/bin/node/">
<assetic:node-path>/usr/lib/node_modules/</assetic:node-path>
</assetic:filter>
</assetic:config>
</container>
.. code-block:: php
Expand Down Expand Up @@ -139,14 +149,24 @@ In this case you can specify that the ``coffee`` filter is applied to all
.. code-block:: xml
<!-- app/config/config.xml -->
<assetic:config>
<assetic:filter
name="coffee"
bin="/usr/bin/coffee"
node="/usr/bin/node"
apply_to="\.coffee$" />
<assetic:node-paths>/usr/lib/node_modules/</assetic:node-path>
</assetic:config>
<?xml version="1.0" encoding="UTF-8"?>
<container xmlns="http://symfony.com/schema/dic/services"
xmlns:assetic="http://symfony.com/schema/dic/assetic"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://symfony.com/schema/dic/services
http://symfony.com/schema/dic/services/services-1.0.xsd
http://symfony.com/schema/dic/assetic
http://symfony.com/schema/dic/assetic/assetic-1.0.xsd">
<assetic:config>
<assetic:filter
name="coffee"
bin="/usr/bin/coffee"
node="/usr/bin/node"
apply_to="\.coffee$" />
<assetic:node-paths>/usr/lib/node_modules/</assetic:node-path>
</assetic:config>
</container>
.. code-block:: php
Expand Down
39 changes: 32 additions & 7 deletions cookbook/assetic/asset_management.rst
Original file line number Diff line number Diff line change
Expand Up @@ -384,7 +384,12 @@ configuration under the ``assetic`` section. Read more in the
<!-- app/config/config.xml -->
<?xml version="1.0" encoding="UTF-8"?>
<container xmlns="http://symfony.com/schema/dic/services"
xmlns:assetic="http://symfony.com/schema/dic/assetic">
xmlns:assetic="http://symfony.com/schema/dic/assetic"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://symfony.com/schema/dic/services
http://symfony.com/schema/dic/services/services-1.0.xsd
http://symfony.com/schema/dic/assetic
http://symfony.com/schema/dic/assetic/assetic-1.0.xsd">
<assetic:config>
<assetic:asset name="jquery_and_ui">
Expand Down Expand Up @@ -471,11 +476,21 @@ should be defined:
.. code-block:: xml
<!-- app/config/config.xml -->
<assetic:config>
<assetic:filter
name="uglifyjs2"
bin="/usr/local/bin/uglifyjs" />
</assetic:config>
<?xml version="1.0" encoding="UTF-8"?>
<container xmlns="http://symfony.com/schema/dic/services"
xmlns:assetic="http://symfony.com/schema/dic/assetic"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://symfony.com/schema/dic/services
http://symfony.com/schema/dic/services/services-1.0.xsd
http://symfony.com/schema/dic/assetic
http://symfony.com/schema/dic/assetic/assetic-1.0.xsd">
<assetic:config>
<assetic:filter
name="uglifyjs2"
bin="/usr/local/bin/uglifyjs" />
</assetic:config>
</container>
.. code-block:: php
Expand Down Expand Up @@ -611,7 +626,17 @@ the following change in your ``config_dev.yml`` file:
.. code-block:: xml
<!-- app/config/config_dev.xml -->
<assetic:config use-controller="false" />
<?xml version="1.0" encoding="UTF-8"?>
<container xmlns="http://symfony.com/schema/dic/services"
xmlns:assetic="http://symfony.com/schema/dic/assetic"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://symfony.com/schema/dic/services
http://symfony.com/schema/dic/services/services-1.0.xsd
http://symfony.com/schema/dic/assetic
http://symfony.com/schema/dic/assetic/assetic-1.0.xsd">
<assetic:config use-controller="false" />
</container>
.. code-block:: php
Expand Down
Loading

0 comments on commit ec5671d

Please sign in to comment.