Merge branch '2.8' into 3.4

* 2.8:
  Fix mismatched list items
  preUpdate Event Listener On Uploaded Imagery
  [PHPUnitBridge] Explain how to show stack traces
  Fix docs on trusted hosts
  opcode optimizations

Author: javiereguiluz

components/phpunit_bridge.rst

@@ -248,6 +248,24 @@ times (order matters)::
         @trigger_error('The second argument of the "Bar" method is deprecated.', E_USER_DEPRECATED);
     }
 
+Display the Full Stack Trace
+----------------------------
+
+By default, the PHPUnit Bridge displays only deprecation messages.
+To show the full stack trace related to a deprecation, set the value of ``SYMFONY_DEPRECATIONS_HELPER``
+to a regular expression matching the deprecation message.
+
+For example, if the following deprecation notice is thrown::
+
+    1x: Doctrine\Common\ClassLoader is deprecated.
+      1x in EntityTypeTest::setUp from Symfony\Bridge\Doctrine\Tests\Form\Type
+
+Running the following command will display the full stack trace:
+
+.. code-block:: terminal
+
+    $ SYMFONY_DEPRECATIONS_HELPER='/Doctrine\\Common\\ClassLoader is deprecated\./' ./vendor/bin/simple-phpunit
+
 Time-sensitive Tests
 --------------------
 

controller/upload_file.rst

@@ -311,6 +311,7 @@ automatically upload the file when persisting the entity::
     namespace AppBundle\EventListener;
 
     use Symfony\Component\HttpFoundation\File\UploadedFile;
+    use Symfony\Component\HttpFoundation\File\File;
     use Doctrine\ORM\Event\LifecycleEventArgs;
     use Doctrine\ORM\Event\PreUpdateEventArgs;
     use AppBundle\Entity\Product;
@@ -352,6 +353,10 @@ automatically upload the file when persisting the entity::
             if ($file instanceof UploadedFile) {
                 $fileName = $this->uploader->upload($file);
                 $entity->setBrochure($fileName);
+            } elseif ($file instanceof File) {
+                // prevents the full file path being saved on updates
+                // as the path is set on the postLoad listener
+                $entity->setBrochure($file->getFilename());
             }
         }
     }

reference/configuration/framework.rst

@@ -390,16 +390,16 @@ method might be vulnerable to some of these attacks because it depends on
 the configuration of your web server. One simple solution to avoid these
 attacks is to whitelist the hosts that your Symfony application can respond
 to. That's the purpose of this ``trusted_hosts`` option. If the incoming
-request's hostname doesn't match one in this list, the application won't
-respond and the user will receive a 400 response.
+request's hostname doesn't match one of the regular expressions in this list,
+the application won't respond and the user will receive a 400 response.
 
 .. configuration-block::
 
     .. code-block:: yaml
 
         # app/config/config.yml
         framework:
-            trusted_hosts:  ['example.com', 'example.org']
+            trusted_hosts:  ['^example\.com$', '^example\.org$']
 
     .. code-block:: xml
 
@@ -413,8 +413,8 @@ respond and the user will receive a 400 response.
                 http://symfony.com/schema/dic/symfony http://symfony.com/schema/dic/symfony/symfony-1.0.xsd">
 
             <framework:config>
-                <framework:trusted-host>example.com</framework:trusted-host>
-                <framework:trusted-host>example.org</framework:trusted-host>
+                <framework:trusted-host>^example\.com$</framework:trusted-host>
+                <framework:trusted-host>^example\.org$</framework:trusted-host>
                 <!-- ... -->
             </framework:config>
         </container>
@@ -423,17 +423,17 @@ respond and the user will receive a 400 response.
 
         // app/config/config.php
         $container->loadFromExtension('framework', array(
-            'trusted_hosts' => array('example.com', 'example.org'),
+            'trusted_hosts' => array('^example\.com$', '^example\.org$'),
         ));
 
-Hosts can also be configured using regular expressions (e.g.  ``^(.+\.)?example.com$``),
-which make it easier to respond to any subdomain.
+Hosts can also be configured to respond to any subdomain, via
+``^(.+\.)?example\.com$`` for instance.
 
 In addition, you can also set the trusted hosts in the front controller
 using the ``Request::setTrustedHosts()`` method::
 
     // web/app.php
-    Request::setTrustedHosts(array('^(.+\.)?example.com$', '^(.+\.)?example.org$'));
+    Request::setTrustedHosts(array('^(.+\.)?example\.com$', '^(.+\.)?example\.org$'));
 
 The default value for this option is an empty array, meaning that the application
 can respond to any given host.

reference/forms/twig_reference.rst

@@ -209,7 +209,7 @@ This test will check if the current ``form`` does not have a parent form view.
 .. code-block:: twig
 
     {# DON'T DO THIS: this simple check can't differentiate between a form having
-       a parent form view and a form defining a normal form field called 'parent' #}
+       a parent form view and a form defining a nested form field called 'parent' #}
 
     {% if form.parent is null %}
         {{ form_errors(form) }}

reference/twig_reference.rst

@@ -734,6 +734,8 @@ rootform
 .. code-block:: twig
 
     {% if form is rootform %}
+        {# ... #}
+    {% endif %}
 
 ``form``
     **type**: ``FormView``

security/guard_authentication.rst

@@ -568,10 +568,10 @@ The problem occurs when your browser-based authenticator tries to authenticate
 the user on *every* request - like in the IP address-based example above. There
 are two possible fixes:
 
-1) If you do *not* need authentication to be stored in the session, set ``stateless: true``
-under your firewall.
-
-2) Update your authenticator to avoid authentication if the user is already authenticated:
+1. If you do *not* need authentication to be stored in the session, set
+   ``stateless: true`` under your firewall.
+2. Update your authenticator to avoid authentication if the user is already
+   authenticated:
 
 .. code-block:: diff
 

validation/custom_constraint.rst

@@ -45,7 +45,7 @@ includes some simple default logic::
     // in the base Symfony\Component\Validator\Constraint class
     public function validatedBy()
     {
-        return get_class($this).'Validator';
+        return \get_class($this).'Validator';
     }
 
 In other words, if you create a custom ``Constraint`` (e.g. ``MyConstraint``),