Merge branch '2.5'

* 2.5:
  A few small improvements to the EventDispatcher Component docs
  Fixes thanks to @xabbuh
  [#4295] Tweaking notes language
  Updated docblock for config in DEV environment.
  * Replaced IF statement by "internal" directive. * Splitted config for PROD and DEV environments.
  For Nginx in PROD env, this makes more difficult to know that app is running Symfony. app.php is widely known as our default front controller. It is a small effort by security through obscurity. For Apache, this 301 must be replaced by 404: https://github.com/symfony/symfony-standard/blob/77ee2a83c085169e0bd221510b5693dca504f682/web/.htaccess#L37
  [Best Practices] removed unused link in business-logic
  Add missing space in code
  [Config] Complete security encoder in full default configuration
  [reference][configuration][security]Added key_length for pbkdf2 encoder
  Fixed typo
  Reworded a misleading Doctrine explanation

Author: weaverryan

best_practices/business-logic.rst

@@ -333,9 +333,6 @@ a command-line utility that can fix the coding standards of an entire codebase
 in a matter of seconds.
 
 .. _`full definition`: http://en.wikipedia.org/wiki/Business_logic
-.. _`Toran Proxy`: https://toranproxy.com/
-.. _`Composer`: https://getcomposer.org/
-.. _`MVC architecture`: http://en.wikipedia.org/wiki/Model%E2%80%93view%E2%80%93controller
 .. _`Doctrine project`: http://www.doctrine-project.org/
 .. _`fixture class`: http://symfony.com/doc/master/bundles/DoctrineFixturesBundle/index.html#writing-simple-fixtures
 .. _`PSR-1`: http://www.php-fig.org/psr/psr-1/

book/doctrine.rst

@@ -544,13 +544,12 @@ Take a look at the previous example in more detail:
 
 .. note::
 
-  In fact, since Doctrine is aware of all your managed entities, when you
-  call the ``flush()`` method, it calculates an overall changeset and executes
-  the most efficient query/queries possible. For example, if you persist a
-  total of 100 ``Product`` objects and then subsequently call ``flush()``,
-  Doctrine will create a *single* prepared statement and re-use it for each
-  insert. This pattern is called *Unit of Work*, and it's used because it's
-  fast and efficient.
+  In fact, since Doctrine is aware of all your managed entities, when you call
+  the ``flush()`` method, it calculates an overall changeset and executes
+  the queries in the correct order. It utilizes cached prepared statement to
+  slightly improve the performance. For example, if you persist a total of 100
+  ``Product`` objects and then subsequently call ``flush()``, Doctrine will
+  execute 100 ``INSERT`` queries using a single prepared statement object.
 
 When creating or updating objects, the workflow is always the same. In the
 next section, you'll see how Doctrine is smart enough to automatically issue

components/dependency_injection/tags.rst

@@ -211,7 +211,7 @@ To begin with, change the ``TransportChain`` class::
         public function getTransport($alias)
         {
             if (array_key_exists($alias, $this->transports)) {
-               return $this->transports[$alias];
+                return $this->transports[$alias];
             }
         }
     }

components/event_dispatcher/introduction.rst

@@ -134,7 +134,7 @@ Connecting Listeners
 
 To take advantage of an existing event, you need to connect a listener to the
 dispatcher so that it can be notified when the event is dispatched. A call to
-the dispatcher ``addListener()`` method associates any valid PHP callable to
+the dispatcher's ``addListener()`` method associates any valid PHP callable to
 an event::
 
     $listener = new AcmeListener();
@@ -158,7 +158,7 @@ The ``addListener()`` method takes up to three arguments:
     A `PHP callable`_ is a PHP variable that can be used by the
     ``call_user_func()`` function and returns ``true`` when passed to the
     ``is_callable()`` function. It can be a ``\Closure`` instance, an object
-    implementing an __invoke method (which is what closures are in fact),
+    implementing an ``__invoke`` method (which is what closures are in fact),
     a string representing a function, or an array representing an object
     method or a class method.
 
@@ -591,7 +591,7 @@ Dispatcher Shortcuts
 
 The :method:`EventDispatcher::dispatch <Symfony\\Component\\EventDispatcher\\EventDispatcher::dispatch>`
 method always returns an :class:`Symfony\\Component\\EventDispatcher\\Event`
-object. This allows for various shortcuts. For example if one does not need
+object. This allows for various shortcuts. For example, if one does not need
 a custom event object, one can simply rely on a plain
 :class:`Symfony\\Component\\EventDispatcher\\Event` object. You do not even need
 to pass this to the dispatcher as it will create one by default unless you

cookbook/configuration/web_server_configuration.rst

@@ -206,13 +206,27 @@ are:
             # try to serve file directly, fallback to app.php
             try_files $uri /app.php$is_args$args;
         }
-
-        location ~ ^/(app|app_dev|config)\.php(/|$) {
+        # DEV
+        # This rule should only be placed on your development environment
+        # In production, don't include this and don't deploy app_dev.php or config.php
+        location ~ ^/(app_dev|config)\.php(/|$) {
+            fastcgi_pass unix:/var/run/php5-fpm.sock;
+            fastcgi_split_path_info ^(.+\.php)(/.*)$;
+            include fastcgi_params;
+            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+            fastcgi_param HTTPS off;
+        }
+        # PROD
+        location ~ ^/app\.php(/|$) {
             fastcgi_pass unix:/var/run/php5-fpm.sock;
             fastcgi_split_path_info ^(.+\.php)(/.*)$;
             include fastcgi_params;
             fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
             fastcgi_param HTTPS off;
+            # Prevents URIs that include the front controller. This will 404:
+            # http://domain.tld/app.php/some-path
+            # Remove the internal directive to allow URIs like this
+            internal;
         }
 
         error_log /var/log/nginx/project_error.log;

reference/configuration/security.rst

@@ -70,11 +70,24 @@ Each part will be explained in the next section.
                     hash_algorithm:       sha512
                     encode_as_base64:     true
                     iterations:           1000
+                    key_length:           40
 
                 # Example options/values for what a custom encoder might look like
                 Acme\DemoBundle\Entity\User3:
                     id:                   my.encoder.id
 
+                # BCrypt encoder
+                # see the note about bcrypt below for details on specific dependencies
+                Acme\DemoBundle\Entity\User4:
+                    algorithm:            bcrypt
+                    cost:                 13
+
+                # Plaintext encoder
+                # it does not do any encoding
+                Acme\DemoBundle\Entity\User5:
+                    algorithm:            plaintext
+                    ignore_case:          false
+
             providers:            # Required
                 # Examples:
                 my_in_memory_provider: