Merge branch '4.0'

* 4.0: (32 commits)
  [#8928] Fixing a few more bad XML routes
  Added Symfony\Component\Security\Guard\Authenticator\AbstractFormLoginAuthenticator
  Reworded the note about supressing form validation
  [PropertyInfo] Fixed doc about PhpDocExtractor
  use ValidatorInterface
  Update file_permissions.rst
  Update setup.rst
  How to use the route in xml
  adding install details about annotations in the routing chapter
  Removed an unneeded note in the Lock docs
  Fixed a grammar error
  Update web_server_configuration.rst
  Replaced class per id in service definition in XML
  Update http_foundation.rst
  bundles.rst: Conflict resolving clean up
  fix typo the_architecture.rst
  Update the_big_picture.rst
  add validator dependency
  Update flex_recipes.rst
  Minor reword.
  ...

Author: weaverryan

_build/redirection_map

@@ -124,7 +124,7 @@
 /cookbook/console/style /console/style
 /cookbook/console/usage /console
 /console/usage /console
-/cookbook/controller/csrf_token_validation /controller/csrf_token_validation
+/cookbook/controller/csrf_token_validation /security/csrf
 /cookbook/controller/error_pages /controller/error_pages
 /cookbook/controller/forwarding /controller/forwarding
 /cookbook/controller/index /controller
@@ -221,7 +221,7 @@
 /cookbook/security/acl /security/acl
 /cookbook/security/acl_advanced /security/acl_advanced
 /cookbook/security/api_key_authentication /security/api_key_authentication
-/cookbook/security/csrf_in_login_form /security/csrf_in_login_form
+/cookbook/security/csrf_in_login_form /security/csrf
 /cookbook/security/custom_authentication_provider /security/custom_authentication_provider
 /cookbook/security/custom_password_authenticator /security/custom_password_authenticator
 /cookbook/security/custom_provider /security/custom_provider
@@ -361,7 +361,9 @@
 /components/yaml/introduction /components/yaml
 /components/yaml/index /components/yaml
 /console/logging /console
+/controller/csrf_token_validation /security/csrf
 /deployment/tools /deployment
+/form/csrf_protection /security/csrf
 /install/bundles /setup/bundles
 /email/gmail /email
 /email/cloud /email
@@ -376,6 +378,7 @@
 /frontend/assetic/yuicompressor /frontend/assetic
 /reference/configuration/assetic /frontend/assetic
 /security/target_path /security
+/security/csrf_in_login_form /security/csrf
 /service_container/third_party /service_container
 /templating/templating_service /templates
 /testing/simulating_authentication /testing/http_authentication

bundles.rst

@@ -151,7 +151,6 @@ As you move through the guides, you'll learn how to persist objects to a
 database, create and validate forms, create translations for your application,
 write tests and much more. Each of these has their own place and role within
 the bundle.
->>>>>>> 3.4
 
 Learn more
 ----------

components/lock.rst

@@ -8,9 +8,6 @@ The Lock Component
     The Lock Component creates and manages `locks`_, a mechanism to provide
     exclusive access to a shared resource.
 
-.. versionadded:: 3.4
-    The Lock component was introduced in Symfony 3.4.
-
 Installation
 ------------
 

components/process.rst

@@ -258,38 +258,6 @@ instead::
     );
     $process->run();
 
-To make your code work better on all platforms, you might want to use the
-:class:`Symfony\\Component\\Process\\ProcessBuilder` class instead::
-
-    use Symfony\Component\Process\ProcessBuilder;
-
-    $builder = new ProcessBuilder(array('ls', '-lsa'));
-    $builder->getProcess()->run();
-
-In case you are building a binary driver, you can use the
-:method:`Symfony\\Component\\Process\\ProcessBuilder::setPrefix` method to prefix all
-the generated process commands.
-
-The following example will generate two process commands for a tar binary
-adapter::
-
-    use Symfony\Component\Process\ProcessBuilder;
-
-    $builder = new ProcessBuilder();
-    $builder->setPrefix('/usr/bin/tar');
-
-    // '/usr/bin/tar' '--list' '--file=archive.tar.gz'
-    echo $builder
-        ->setArguments(array('--list', '--file=archive.tar.gz'))
-        ->getProcess()
-        ->getCommandLine();
-
-    // '/usr/bin/tar' '-xzf' 'archive.tar.gz'
-    echo $builder
-        ->setArguments(array('-xzf', 'archive.tar.gz'))
-        ->getProcess()
-        ->getCommandLine();
-
 Process Timeout
 ---------------
 

components/property_info.rst

@@ -379,7 +379,7 @@ PhpDocExtractor
 
 .. note::
 
-    This extractor depends on the `phpdocumentor/reflection`_ library.
+    This extractor depends on the `phpdocumentor/reflection-docblock`_ library.
 
 Using `phpDocumentor Reflection`_ to parse property and method annotations,
 the :class:`Symfony\\Component\\PropertyInfo\\Extractor\\PhpDocExtractor`
@@ -481,8 +481,8 @@ service by defining it as a service with one or more of the following
 * ``property_info.access_extractor`` if it provides access information.
 
 .. _Packagist: https://packagist.org/packages/symfony/property-info
-.. _`phpDocumentor Reflection`: https://github.com/phpDocumentor/Reflection
-.. _`phpdocumentor/reflection`: https://packagist.org/packages/phpdocumentor/reflection
+.. _`phpDocumentor Reflection`: https://github.com/phpDocumentor/ReflectionDocBlock
+.. _`phpdocumentor/reflection-docblock`: https://packagist.org/packages/phpdocumentor/reflection-docblock
 .. _`Doctrine ORM`: http://www.doctrine-project.org/projects/orm.html
 .. _`symfony/serializer`: https://packagist.org/packages/symfony/serializer
 .. _`symfony/doctrine-bridge`: https://packagist.org/packages/symfony/doctrine-bridge

components/var_dumper.rst

@@ -79,9 +79,8 @@ current PHP SAPI:
 DebugBundle and Twig Integration
 --------------------------------
 
-The DebugBundle allows greater integration of the component into the Symfony
-full-stack framework. It is enabled by default in the *dev* and *test*
-environment of the Symfony Standard Edition.
+The DebugBundle allows greater integration of this component into Symfony
+applications. 
 
 Since generating (even debug) output in the controller or in the model
 of your application may just break it by e.g. sending HTTP headers or

configuration/external_parameters.rst

@@ -29,7 +29,7 @@ put in a ``DATABASE_URL`` environment variable:
     DATABASE_URL="mysql://db_user:db_password@127.0.0.1:3306/db_name"
 
 This variable is referenced in the service container configuration using
-``%env(DATABASE_HOST)%``:
+``%env(DATABASE_URL)%``:
 
 .. configuration-block::
 

configuration/multiple_kernels.rst

@@ -6,7 +6,7 @@ How To Create Symfony Applications with Multiple Kernels
 
 .. caution::
 
-    Creating aplications with multiple kernels is no longer recommended by
+    Creating applications with multiple kernels is no longer recommended by
     Symfony. Consider creating multiple small applications instead.
 
 In most Symfony applications, incoming requests are processed by the

controller/csrf_token_validation.rst

@@ -285,15 +285,15 @@ the wheel.
 
 I've almost forgot to talk about one added benefit: using the HttpFoundation
 component is the start of better interoperability between all frameworks and
-applications using it (like `Symfony`_, `Drupal 8`_, `phpBB 4`_, `ezPublish
+applications using it (like `Symfony`_, `Drupal 8`_, `phpBB 3`_, `ezPublish
 5`_, `Laravel`_, `Silex`_ and `more`_).
 
 .. _`Twig`: http://twig.sensiolabs.org/
 .. _`HTTP specification`: http://tools.ietf.org/wg/httpbis/
 .. _`audited`: https://symfony.com/blog/symfony2-security-audit
 .. _`Symfony`: https://symfony.com/
 .. _`Drupal 8`: https://drupal.org/
-.. _`phpBB 4`: https://www.phpbb.com/
+.. _`phpBB 3`: https://www.phpbb.com/
 .. _`ezPublish 5`: http://ez.no/
 .. _`Laravel`: http://laravel.com/
 .. _`Silex`: http://silex.sensiolabs.org/

create_framework/http_foundation.rst

@@ -14,7 +14,7 @@ First, make sure you have all the dependencies you need installed:
 
 .. code-block:: terminal
 
-    $ composer require doctrine form security
+    $ composer require doctrine form security validator
 
 .. tip::
 

doctrine/registration_form.rst

@@ -620,30 +620,5 @@ code from above to generate the submitted form can be reused.
 Suppressing Form Validation
 ---------------------------
 
-To suppress form validation you can use the ``POST_SUBMIT`` event and prevent
-the :class:`Symfony\\Component\\Form\\Extension\\Validator\\EventListener\\ValidationListener`
-from being called.
-
-The reason for needing to do this is that even if you set ``validation_groups``
-to ``false`` there  are still some integrity checks executed. For example
-an uploaded file will still be checked to see if it is too large and the form
-will still check to see if non-existing fields were submitted. To disable
-all of this, use a listener::
-
-    use Symfony\Component\Form\FormBuilderInterface;
-    use Symfony\Component\Form\FormEvents;
-    use Symfony\Component\Form\FormEvent;
-
-    public function buildForm(FormBuilderInterface $builder, array $options)
-    {
-        $builder->addEventListener(FormEvents::POST_SUBMIT, function (FormEvent $event) {
-            $event->stopPropagation();
-        }, 900); // Always set a higher priority than ValidationListener
-
-        // ...
-    }
-
-.. caution::
-
-    By doing this, you may accidentally disable something more than just form
-    validation, since the ``POST_SUBMIT`` event may have other listeners.
+To suppress form validation, set ``validation_groups`` to ``false`` or an empty
+array.

form/csrf_protection.rst

@@ -188,7 +188,7 @@ That's it! Just three lines are needed to render the complete form:
     Renders the end tag of the form and any fields that have not
     yet been rendered, in case you rendered each field yourself. This is useful
     for rendering hidden fields and taking advantage of the automatic
-    :doc:`CSRF Protection </form/csrf_protection>`.
+    :doc:`CSRF Protection </security/csrf>`.
 
 .. seealso::
 

form/dynamic_form_modification.rst

@@ -8,7 +8,7 @@ CSRF tokens are meant to be different for every user. This is why you
 need to be cautious if you try to cache pages with forms including them.
 
 For more information about how CSRF protection works in Symfony, please
-check :doc:`CSRF Protection </form/csrf_protection>`.
+check :doc:`CSRF Protection </security/csrf>`.
 
 Why Caching Pages with a CSRF token is Problematic
 --------------------------------------------------

forms.rst

@@ -62,7 +62,7 @@ If you know for sure that the backend never uses sessions or basic
 authentication, have Varnish remove the corresponding header from requests to
 prevent clients from bypassing the cache. In practice, you will need sessions
 at least for some parts of the site, e.g. when using forms with
-:doc:`CSRF Protection </form/csrf_protection>`. In this situation, make sure to
+:doc:`CSRF Protection </security/csrf>`. In this situation, make sure to
 :doc:`only start a session when actually needed </session/avoid_session_start>`
 and clear the session when it is no longer needed. Alternatively, you can look
 into :doc:`/http_cache/form_csrf_caching`.

http_cache/form_csrf_caching.rst

@@ -17,14 +17,43 @@ Creating a custom data collector is as simple as implementing the
     interface DataCollectorInterface
     {
         function collect(Request $request, Response $response, \Exception $exception = null);
+        public function reset();
         function getName();
     }
 
-The
-:method:`Symfony\\Component\\HttpKernel\\DataCollector\\DataCollectorInterface::getName`
-method returns the name of the data collector and must be unique in the
-application. This value is also used to access the information later on (see
-:doc:`/testing/profiling` for instance).
+The :method:`Symfony\\Component\\HttpKernel\\DataCollector\\DataCollectorInterface::getName`
+method returns the collector identifier, which must be unique in the
+application. You can choose any arbitrary name, but it's recommended to return
+a string which is short, lowercased and without white spaces, because this value
+is used later to access the collector information (see :doc:`/testing/profiling`
+for instance).
+
+The :method:`Symfony\\Component\\HttpKernel\\DataCollector\\DataCollectorInterface::reset`
+method is called between requests to reset the state of the profiler. Use it to
+remove all the information collected with the ``collect()`` method::
+
+    // src/DataCollector/RequestCollector.php
+    namespace App\DataCollector;
+
+    use Symfony\Component\HttpKernel\DataCollector\DataCollector;
+    use Symfony\Component\HttpFoundation\Request;
+    use Symfony\Component\HttpFoundation\Response;
+
+    class RequestCollector extends DataCollector
+    {
+        public function collect(Request $request, Response $response, \Exception $exception = null)
+        {
+            // this method saves some information in $this->data
+            // ...
+        }
+
+        public function reset()
+        {
+            // if the data collector is more complex, here you can call other
+            // services to reset their states or data
+            $this->data = array();
+        }
+    }
 
 The
 :method:`Symfony\\Component\\HttpKernel\\DataCollector\\DataCollectorInterface::collect`

http_cache/varnish.rst

@@ -179,6 +179,7 @@ rich API for a ``product`` table? Create a ``Product`` entity and give it the
     // ...
 
     use ApiPlatform\Core\Annotation\ApiResource;
+    use Doctrine\ORM\Mapping as ORM;
 
     /**
      * @ORM\Entity()

profiler/data_collector.rst

@@ -135,7 +135,7 @@ Twig Extension & Autoconfiguration
 ----------------------------------
 
 Thanks to Symfony's service handling, you can *extend* Symfony in many ways, like
-by creating an event subscriber or or a security voter for complex authorization
+by creating an event subscriber or a security voter for complex authorization
 rules. Let's add a new filter to Twig called ``greet``. How? Just create a class
 that extends ``AbstractExtension``::
 

quick_tour/flex_recipes.rst

@@ -47,7 +47,7 @@ Install and run it with:
 
 .. code-block:: terminal
 
-    $ composer require server
+    $ composer require server --dev
     $ php bin/console server:start
 
 Try your new app by going to ``http://localhost:8000`` in a browser!