Merge branch '2.8' into 3.0

book/forms.rst

@@ -1810,7 +1810,7 @@ The CSRF token can be customized on a form-by-form basis. For example::
                 'csrf_protection' => true,
                 'csrf_field_name' => '_token',
                 // a unique key to help generate the secret token
-                'intention'       => 'task_item',
+                'csrf_token_id'   => 'task_item',
             ));
         }
 
@@ -1826,8 +1826,12 @@ section.
 
 .. note::
 
-    The ``intention`` option is optional but greatly enhances the security of
-    the generated token by making it different for each form.
+    The ``csrf_token_id`` option is optional but greatly enhances the security
+    of the generated token by making it different for each form.
+
+.. versionadded:: 2.4
+    The ``csrf_token_id`` option was introduced in Symfony 2.4. Prior, you
+    had to use the ``intention`` option.
 
 .. caution::
 

components/dependency_injection/advanced.rst

@@ -219,6 +219,79 @@ You can change the inner service name if you want to:
             ->setPublic(false)
             ->setDecoratedService('foo', 'bar.wooz');
 
+.. versionadded:: 2.8
+    The ability to define the decoration priority was introduced in Symfony 2.8.
+    Prior to Symfony 2.8, the priority depends on the order in
+    which definitions are found.
+
+If you want to apply more than one decorator to a service, you can control their
+order by configuring the priority of decoration, this can be any integer number
+(decorators with higher priorities will be applied first).
+
+.. configuration-block::
+
+    .. code-block:: yaml
+
+        foo:
+            class: Foo
+
+        bar:
+            class: Bar
+            public: false
+            decorates: foo
+            decoration_priority: 5
+            arguments: ['@bar.inner']
+
+        baz:
+            class: Baz
+            public: false
+            decorates: foo
+            decoration_priority: 1
+            arguments: ['@baz.inner']
+
+    .. code-block:: xml
+
+        <?xml version="1.0" encoding="UTF-8" ?>
+
+        <container xmlns="http://symfony.com/schema/dic/services"
+            xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+            xsi:schemaLocation="http://symfony.com/schema/dic/services http://symfony.com/schema/dic/services/services-1.0.xsd">
+
+            <services>
+                <service id="foo" class="Foo" />
+
+                <service id="bar" class="Bar" decorates="foo" decoration-priority="5" public="false">
+                    <argument type="service" id="bar.inner" />
+                </service>
+
+                <service id="baz" class="Baz" decorates="foo" decoration-priority="1" public="false">
+                    <argument type="service" id="baz.inner" />
+                </service>
+            </services>
+        </container>
+
+    .. code-block:: php
+
+        use Symfony\Component\DependencyInjection\Reference;
+
+        $container->register('foo', 'Foo')
+
+        $container->register('bar', 'Bar')
+            ->addArgument(new Reference('bar.inner'))
+            ->setPublic(false)
+            ->setDecoratedService('foo', null, 5);
+
+        $container->register('baz', 'Baz')
+            ->addArgument(new Reference('baz.inner'))
+            ->setPublic(false)
+            ->setDecoratedService('foo', null, 1);
+
+The generated code will be the following:
+
+.. code-block:: php
+
+    $this->services['foo'] = new Baz(new Bar(new Foo())));
+
 Deprecating Services
 --------------------
 

components/expression_language/index.rst

@@ -1,5 +1,5 @@
-Expression Language
-===================
+ExpressionLanguage
+==================
 
 .. toctree::
     :maxdepth: 2

components/form/introduction.rst

@@ -452,6 +452,7 @@ builder:
 
     .. code-block:: php-standalone
 
+        use Symfony\Component\Form\Extension\Core\Type\FormType;
         use Symfony\Component\Form\Extension\Core\Type\TextType;
         use Symfony\Component\Form\Extension\Core\Type\DateType;
 
@@ -461,7 +462,7 @@ builder:
             'dueDate' => new \DateTime('tomorrow'),
         );
 
-        $form = $formFactory->createBuilder('form', $defaults)
+        $form = $formFactory->createBuilder(FormType::class, $defaults)
             ->add('task', TextType::class)
             ->add('dueDate', DateType::class)
             ->getForm();

components/http_foundation/introduction.rst

@@ -151,22 +151,15 @@ exist::
 
 When PHP imports the request query, it handles request parameters like
 ``foo[bar]=bar`` in a special way as it creates an array. So you can get the
-``foo`` parameter and you will get back an array with a ``bar`` element. But
-sometimes, you might want to get the value for the "original" parameter name:
-``foo[bar]``. This is possible with all the ``ParameterBag`` getters like
-:method:`Symfony\\Component\\HttpFoundation\\Request::get` via the third
-argument::
+``foo`` parameter and you will get back an array with a ``bar`` element::
 
     // the query string is '?foo[bar]=bar'
 
     $request->query->get('foo');
     // returns array('bar' => 'bar')
 
     $request->query->get('foo[bar]');
-    // returns null
-
-    $request->query->get('foo[bar]', null, true);
-    // returns 'bar'
+    // returns null   
 
 .. _component-foundation-attributes:
 

cookbook/configuration/override_dir_structure.rst

@@ -36,7 +36,7 @@ Override the ``cache`` Directory
 --------------------------------
 
 You can change the default cache directory by overriding the ``getCacheDir`` method
-in the ``AppKernel`` class of you application::
+in the ``AppKernel`` class of your application::
 
     // app/AppKernel.php
 

cookbook/controller/upload_file.rst

@@ -76,11 +76,6 @@ Then, add a new ``brochure`` field to the form that manages the ``Product`` enti
                 'data_class' => 'AppBundle\Entity\Product',
             ));
         }
-
-        public function getName()
-        {
-            return 'product';
-        }
     }
 
 Now, update the template that renders the form to display the new ``brochure``

cookbook/form/create_form_type_extension.rst

@@ -73,8 +73,8 @@ by your extension.
 .. tip::
 
     The value you return in the ``getExtendedType`` method corresponds
-    to the value returned by the ``getName`` method in the form type class
-    you wish to extend.
+    to the fully qualified class name of the form type class you wish to
+    extend.
 
 In addition to the ``getExtendedType`` function, you will probably want
 to override one of the following methods:

cookbook/form/dynamic_form_modification.rst

@@ -57,11 +57,6 @@ a bare form class looks like::
                 'data_class' => 'AppBundle\Entity\Product'
             ));
         }
-
-        public function getName()
-        {
-            return 'product';
-        }
     }
 
 .. note::

cookbook/form/form_customization.rst

@@ -774,8 +774,8 @@ will be able to change the widget for each task as follows:
 
         {% block _tasks_entry_widget %}
             <tr>
-                <td>{{ form_widget(task.task) }}</td>
-                <td>{{ form_widget(task.dueDate) }}</td>
+                <td>{{ form_widget(form.task) }}</td>
+                <td>{{ form_widget(form.dueDate) }}</td>
             </tr>
         {% endblock %}
 

cookbook/profiler/data_collector.rst

@@ -160,7 +160,7 @@ block and set the value of two variables called ``icon`` and ``text``:
         {% endset %}
 
         {# the 'link' value set to 'false' means that this panel doesn't
-           show a section in the web profiler (default is 'true'). #}
+           show a section in the web profiler #}
         {{ include('@WebProfiler/Profiler/toolbar_item.html.twig', { link: false }) }}
     {% endblock %}
 
@@ -203,7 +203,7 @@ must also define additional blocks:
             </div>
         {% endset %}
 
-        {{ include('@WebProfiler/Profiler/toolbar_item.html.twig') }}
+        {{ include('@WebProfiler/Profiler/toolbar_item.html.twig', { 'link': true }) }}
     {% endblock %}
 
     {% block head %}

cookbook/security/acl_advanced.rst

@@ -45,6 +45,14 @@ Security Identities
 This is analog to the object identity, but represents a user, or a role in
 your application. Each role, or user has its own security identity.
 
+.. caution::
+
+    For users, the security identity is based on the username. This means that,
+    if for any reason, a user's username was to change, you must ensure its
+    security identity is updated too. The
+    :method:`MutableAclProvider::updateUserSecurityIdentity() <Symfony\\Component\\Security\\Acl\\Dbal\\MutableAclProvider::updateUserSecurityIdentity>`
+    method is there to handle the update.
+
 Database Table Structure
 ------------------------
 

cookbook/security/csrf_in_login_form.rst

@@ -33,7 +33,7 @@ provider available in the Security component:
                     # ...
                     form_login:
                         # ...
-                        csrf_provider: security.csrf.token_manager
+                        csrf_token_generator: security.csrf.token_manager
 
     .. code-block:: xml
 
@@ -50,7 +50,7 @@ provider available in the Security component:
 
                 <firewall name="secured_area">
                     <!-- ... -->
-                    <form-login csrf-provider="security.csrf.token_manager" />
+                    <form-login csrf-token-generator="security.csrf.token_manager" />
                 </firewall>
             </config>
         </srv:container>
@@ -66,12 +66,16 @@ provider available in the Security component:
                     // ...
                     'form_login' => array(
                         // ...
-                        'csrf_provider' => 'security.csrf.token_manager',
+                        'csrf_token_generator' => 'security.csrf.token_manager',
                     ),
                 ),
             ),
         ));
 
+.. versionadded:: 2.4
+    The ``csrf_token_generator`` option was introduced in Symfony 2.4. Prior,
+    you had to use the ``csrf_provider`` option.
+
 The Security component can be configured further, but this is all information
 it needs to be able to use CSRF in the login form.
 
@@ -124,7 +128,7 @@ After this, you have protected your login form against CSRF attacks.
 .. tip::
 
     You can change the name of the field by setting ``csrf_parameter`` and change
-    the token ID by setting ``intention`` in your configuration:
+    the token ID by setting  ``csrf_token_id`` in your configuration:
 
     .. configuration-block::
 
@@ -140,7 +144,7 @@ After this, you have protected your login form against CSRF attacks.
                         form_login:
                             # ...
                             csrf_parameter: _csrf_security_token
-                            intention: a_private_string
+                            csrf_token_id: a_private_string
 
         .. code-block:: xml
 
@@ -158,7 +162,7 @@ After this, you have protected your login form against CSRF attacks.
                     <firewall name="secured_area">
                         <!-- ... -->
                         <form-login csrf-parameter="_csrf_security_token"
-                            intention="a_private_string"
+                            csrf-token-id="a_private_string"
                         />
                     </firewall>
                 </config>
@@ -176,11 +180,15 @@ After this, you have protected your login form against CSRF attacks.
                         'form_login' => array(
                             // ...
                             'csrf_parameter' => '_csrf_security_token',
-                            'intention'      => 'a_private_string',
+                            'csrf_token_id'     => 'a_private_string'
                         ),
                     ),
                 ),
             ));
 
+.. versionadded:: 2.4
+    The ``csrf_token_id`` option was introduced in Symfony 2.4. Prior, you
+    had to use the ``intention`` option.
+
 .. _`Cross-site request forgery`: https://en.wikipedia.org/wiki/Cross-site_request_forgery
 .. _`Forging Login Requests`: https://en.wikipedia.org/wiki/Cross-site_request_forgery#Forging_login_requests

cookbook/security/guard-authentication.rst

@@ -418,7 +418,7 @@ Each authenticator needs the following methods:
     object that should be sent to the client. The ``$exception`` will tell you
     *what* went wrong during authentication.
 
-**start**
+**start(Request $request, AuthenticationException $authException = null)**
     This is called if the client accesses a URI/resource that requires authentication,
     but no authentication details were sent (i.e. you returned ``null`` from
     ``getCredentials()``). Your job is to return a

reference/configuration/security.rst

@@ -161,9 +161,9 @@ Each part will be explained in the next section.
                         password_parameter: _password
 
                         # csrf token options
-                        csrf_parameter: _csrf_token
-                        intention:      authenticate
-                        csrf_provider:  my.csrf_provider.id
+                        csrf_parameter:       _csrf_token
+                        csrf_token_id:        authenticate
+                        csrf_token_generator: my.csrf_token_generator.id
 
                         # by default, the login form *must* be a POST, not a GET
                         post_only:      true
@@ -209,8 +209,8 @@ Each part will be explained in the next section.
                     context:              ~
                     logout:
                         csrf_parameter:       _csrf_token
-                        csrf_provider:        ~
-                        intention:            logout
+                        csrf_token_generator: ~
+                        csrf_token_id:        logout
                         path:                 /logout
                         target:               /
                         success_handler:      ~