Merge branch '2.4' into 2.5

* 2.4: (39 commits)
  [Form] Fix PHPDoc for builder setData methods The underlying data variable is typed as mixed whereas the methods paramers where typed as array.
  fixed CS
  [Intl] Improved bundle reader implementations
  [Console] guarded against invalid aliases
  switch before_script to before_install and script to install
  fixed typo
  [HttpFoundation] Request - URI - comment improvements
  [Validator] The ratio of the ImageValidator is rounded to two decimals now
  [Security] Added more tests
  remove `service` parameter type from XSD
  [Intl] Added exception handler to command line scripts
  [Intl] Fixed a few bugs in TextBundleWriter
  [Intl] Updated icu.ini up to ICU 53
  [Intl] Removed non-working $fallback argument from ArrayAccessibleResourceBundle
  Use separated function to resolve command and related arguments
  [SwiftmailerBridge] Bump allowed versions of swiftmailer
  [FrameworkBundle] Remove invalid markup
  [Intl] Added "internal" tag to all classes under Symfony\Component\Intl\ResourceBundle
  Remove routes for removed WebProfiler actions
  [Security] Fix usage of unexistent method in DoctrineAclCache.
  ...

Conflicts:
	.travis.yml
	src/Symfony/Bundle/FrameworkBundle/Command/ServerRunCommand.php
	src/Symfony/Component/HttpKernel/Kernel.php
	src/Symfony/Component/Process/PhpExecutableFinder.php

Author: fabpot

Acl/Domain/DoctrineAclCache.php

@@ -12,6 +12,7 @@
 namespace Symfony\Component\Security\Acl\Domain;
 
 use Doctrine\Common\Cache\Cache;
+use Doctrine\Common\Cache\CacheProvider;
 use Symfony\Component\Security\Acl\Model\AclCacheInterface;
 use Symfony\Component\Security\Acl\Model\AclInterface;
 use Symfony\Component\Security\Acl\Model\ObjectIdentityInterface;
@@ -55,7 +56,9 @@ public function __construct(Cache $cache, PermissionGrantingStrategyInterface $p
      */
     public function clearCache()
     {
-        $this->cache->deleteByPrefix($this->prefix);
+        if ($this->cache instanceof CacheProvider) {
+            $this->cache->deleteAll();
+        }
     }
 
     /**

Core/Tests/Authorization/AccessDecisionManagerTest.php

@@ -73,6 +73,48 @@ public function testStrategies($strategy, $voters, $allowIfAllAbstainDecisions,
         $this->assertSame($expected, $manager->decide($token, array('ROLE_FOO')));
     }
 
+    /**
+     * @dataProvider getStrategiesWith2RolesTests
+     */
+    public function testStrategiesWith2Roles($token, $strategy, $voter, $expected)
+    {
+        $manager = new AccessDecisionManager(array($voter), $strategy);
+
+        $this->assertSame($expected, $manager->decide($token, array('ROLE_FOO', 'ROLE_BAR')));
+    }
+
+    public function getStrategiesWith2RolesTests()
+    {
+        $token = $this->getMock('Symfony\Component\Security\Core\Authentication\Token\TokenInterface');
+
+        return array(
+            array($token, 'affirmative', $this->getVoter(VoterInterface::ACCESS_DENIED), false),
+            array($token, 'affirmative', $this->getVoter(VoterInterface::ACCESS_GRANTED), true),
+
+            array($token, 'consensus', $this->getVoter(VoterInterface::ACCESS_DENIED), false),
+            array($token, 'consensus', $this->getVoter(VoterInterface::ACCESS_GRANTED), true),
+ 
+            array($token, 'unanimous', $this->getVoterFor2Roles($token, VoterInterface::ACCESS_DENIED, VoterInterface::ACCESS_DENIED), false),
+            array($token, 'unanimous', $this->getVoterFor2Roles($token, VoterInterface::ACCESS_DENIED, VoterInterface::ACCESS_GRANTED), false),
+            array($token, 'unanimous', $this->getVoterFor2Roles($token, VoterInterface::ACCESS_GRANTED, VoterInterface::ACCESS_DENIED), false),
+            array($token, 'unanimous', $this->getVoterFor2Roles($token, VoterInterface::ACCESS_GRANTED, VoterInterface::ACCESS_GRANTED), true),
+        );
+    }
+
+    protected function getVoterFor2Roles($token, $vote1, $vote2)
+    {
+        $voter = $this->getMock('Symfony\Component\Security\Core\Authorization\Voter\VoterInterface');
+        $voter->expects($this->exactly(2))
+              ->method('vote')
+              ->will($this->returnValueMap(array(
+                  array($token, null, array("ROLE_FOO"),$vote1),
+                  array($token, null, array("ROLE_BAR"),$vote2),
+              )))
+        ;
+
+        return $voter;
+    }
+
     public function getStrategyTests()
     {
         return array(

Core/Tests/Util/StringUtilsTest.php

@@ -13,11 +13,49 @@
 
 use Symfony\Component\Security\Core\Util\StringUtils;
 
+/**
+ * Data from PHP.net's hash_equals tests
+ */
 class StringUtilsTest extends \PHPUnit_Framework_TestCase
 {
-    public function testEquals()
+    public function dataProviderTrue()
+    {
+        return array(
+            array('same', 'same'),
+            array('', ''),
+            array(123, 123),
+            array(null, ''),
+            array(null, null),
+        );
+    }
+
+    public function dataProviderFalse()
+    {
+        return array(
+            array('not1same', 'not2same'),
+            array('short', 'longer'),
+            array('longer', 'short'),
+            array('', 'notempty'),
+            array('notempty', ''),
+            array(123, 'NaN'),
+            array('NaN', 123),
+            array(null, 123),
+        );
+    }
+
+    /**
+     * @dataProvider dataProviderTrue
+     */
+    public function testEqualsTrue($known, $user)
+    {
+        $this->assertTrue(StringUtils::equals($known, $user));
+    }
+
+    /**
+     * @dataProvider dataProviderFalse
+     */
+    public function testEqualsFalse($known, $user)
     {
-        $this->assertTrue(StringUtils::equals('password', 'password'));
-        $this->assertFalse(StringUtils::equals('password', 'foo'));
+        $this->assertFalse(StringUtils::equals($known, $user));
     }
 }

Core/Util/StringUtils.php

@@ -27,6 +27,7 @@ private function __construct() {}
      * Compares two strings.
      *
      * This method implements a constant-time algorithm to compare strings.
+     * Regardless of the used implementation, it will leak length information.
      *
      * @param string $knownString The string of known length to compare against
      * @param string $userInput   The string that the user can control
@@ -35,6 +36,13 @@ private function __construct() {}
      */
     public static function equals($knownString, $userInput)
     {
+        $knownString = (string) $knownString;
+        $userInput = (string) $userInput;
+
+        if (function_exists('hash_equals')) {
+            return hash_equals($knownString, $userInput);
+        }
+
         $knownLen = strlen($knownString);
         $userLen = strlen($userInput);
 
@@ -45,7 +53,7 @@ public static function equals($knownString, $userInput)
         $result = $knownLen - $userLen;
 
         // Note that we ALWAYS iterate over the user-supplied length
-        // This is to prevent leaking length information
+        // This is to mitigate leaking length information
         for ($i = 0; $i < $userLen; $i++) {
             $result |= (ord($knownString[$i]) ^ ord($userInput[$i]));
         }