Merge remote-tracking branch 'origin/3.3' into 3.3

weaverryan · weaverryan · commit c4e4dc81c12a · 2017-07-20T22:00:29.000-04:00
* origin/3.3: [#8195] fix requirement checker binary Simplified the requirements article [#6030] Simplifying and showing code Clearify behaviour of Blank and NotBlank validator [#5838] Tweaking comment - the phpdoc policy is not concrete Update standards to match actual practices Updated the requirements article for Smyfony 3.3 Updated the Requirements article for Symfony 3.2 Updated the Requirements article for Symfony 2.8 removed Charles Updated the Core Team information added CVE 2017-11365 added URL where to ask for a CVE identifier add missing choices_as_values options Update usage.rst
diff --git a/contributing/code/core_team.rst b/contributing/code/core_team.rst
@@ -49,10 +49,6 @@ Active Core Members
 
 * **Mergers** (``@symfony/mergers`` on GitHub):
 
-  * **Bernhard Schussek** (`webmozart`_) can merge into the Form_,
-    Validator_, Icu_, Intl_, Locale_, OptionsResolver_ and PropertyAccess_
-    components;
-
   * **Tobias Schultze** (`Tobion`_) can merge into the Routing_,
     OptionsResolver_ and PropertyAccess_ components;
 
@@ -69,23 +65,37 @@ Active Core Members
   * **Kévin Dunglas** (`dunglas`_) can merge into the PropertyInfo_ and the Serializer_
     component;
 
-  * **Abdellatif AitBoudad** (`aitboudad`_) can merge into the Translation_
-    component;
-
-  * **Jakub Zalas** (`jakzal`_) can merge into the DomCrawler_ component;
+  * **Jakub Zalas** (`jakzal`_) can merge into the DomCrawler_ and Intl_
+    components;
 
   * **Christian Flothmann** (`xabbuh`_) can merge into the Yaml_ component;
 
-  * **Javier Eguiluz** (`javiereguiluz`_) can merge into the WebProfilerBundle_
-    bundle.
+  * **Javier Eguiluz** (`javiereguiluz`_) can merge into the WebProfilerBundle_;
+
+  * **Grégoire Pineau** (`lyrixx`_) can merge into the Workflow_ component;
+
+  * **Ryan Weaver** (`weaverryan`_) can merge into the Security_ component and
+    the SecurityBundle_;
 
-  * **Grégoire Pineau** (`lyrixx`_) can merge into the Workflow_ component.
+  * **Robin Chalas** (`chalasr`_) can merge into the Console_ and Security_
+    components and the SecurityBundle_;
+
+  * **Maxime Steinhausser** (`ogizanagi`_) can merge into Config_, Console_,
+    Form_, Serializer_, DependencyInjection_, and HttpKernel_ components.
 
 * **Deciders** (``@symfony/deciders`` on GitHub):
 
   * **Jordi Boggiano** (`seldaek`_);
-  * **Lukas Kahwe Smith** (`lsmith77`_);
-  * **Ryan Weaver** (`weaverryan`_).
+  * **Lukas Kahwe Smith** (`lsmith77`_).
+
+Former Core Members
+~~~~~~~~~~~~~~~~~~~
+
+They are no longer part of the Core Team, but we are very grateful for all their
+Symfony contributions:
+
+  * **Bernhard Schussek** (`webmozart`_);
+  * **Abdellatif AitBoudad** (`aitboudad`_).
 
 Core Membership Application
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~
@@ -158,7 +168,6 @@ Symfony Core Rules and Protocol Amendments
 The rules described in this document may be amended at anytime at the
 discretion of the **Project Leader**.
 
-
 .. [1] Minor changes comprise typos, DocBlock fixes, code standards
        violations, and minor CSS, JavaScript and HTML modifications.
 
@@ -178,6 +187,7 @@ discretion of the **Project Leader**.
 .. _HttpKernel: https://github.com/symfony/http-kernel
 .. _Icu: https://github.com/symfony/icu
 .. _Intl: https://github.com/symfony/intl
+.. _LDAP: https://github.com/symfony/ldap
 .. _Locale: https://github.com/symfony/locale
 .. _MonologBridge: https://github.com/symfony/monolog-bridge
 .. _OptionsResolver: https://github.com/symfony/options-resolver
@@ -187,6 +197,8 @@ discretion of the **Project Leader**.
 .. _Routing: https://github.com/symfony/routing
 .. _Serializer: https://github.com/symfony/serializer
 .. _Translation: https://github.com/symfony/translation
+.. _Security: https://github.com/symfony/security
+.. _SecurityBundle: https://github.com/symfony/security-bundle
 .. _Stopwatch: https://github.com/symfony/stopwatch
 .. _TwigBridge: https://github.com/symfony/twig-bridge
 .. _Validator: https://github.com/symfony/validator
@@ -209,3 +221,6 @@ discretion of the **Project Leader**.
 .. _`xabbuh`: https://github.com/xabbuh/
 .. _`javiereguiluz`: https://github.com/javiereguiluz/
 .. _`lyrixx`: https://github.com/lyrixx/
+.. _`chalasr`: https://github.com/chalasr/
+.. _`ogizanagi`: https://github.com/ogizanagi/
+.. _`csarrazi`: https://github.com/csarrazi/
diff --git a/contributing/code/security.rst b/contributing/code/security.rst
@@ -21,7 +21,7 @@ confirmed, the core-team works on a solution following these steps:
 
 #. Send an acknowledgement to the reporter;
 #. Work on a patch;
-#. Get a CVE identifier from mitre.org;
+#. Get a CVE identifier from `mitre.org`_;
 #. Write a security announcement for the official Symfony `blog`_ about the
    vulnerability. This post should contain the following information:
 
@@ -103,6 +103,7 @@ Security Advisories
 This section indexes security vulnerabilities that were fixed in Symfony
 releases, starting from Symfony 1.0.0:
 
+* Jul 17, 2017, `CVE-2017-11365: Empty passwords validation issue <https://symfony.com/blog/cve-2017-11365-empty-passwords-validation-issue>`_ (2.7.30, 2.7.31, 2.8.23, 2.8.24, 3.2.10, 3.2.11, 3.3.3, and 3.3.4)
 * May 9, 2016: `CVE-2016-2403: Unauthorized access on a misconfigured Ldap server when using an empty password <https://symfony.com/blog/cve-2016-2403-unauthorized-access-on-a-misconfigured-ldap-server-when-using-an-empty-password>`_ (2.8.0-2.8.5, 3.0.0-3.0.5)
 * May 9, 2016: `CVE-2016-4423: Large username storage in session <https://symfony.com/blog/cve-2016-4423-large-username-storage-in-session>`_ (2.3.0-2.3.40, 2.7.0-2.7.12, 2.8.0-2.8.5, 3.0.0-3.0.5)
 * January 18, 2016: `CVE-2016-1902: SecureRandom's fallback not secure when OpenSSL fails <https://symfony.com/blog/cve-2016-1902-securerandom-s-fallback-not-secure-when-openssl-fails>`_ (2.3.0-2.3.36, 2.6.0-2.6.12, 2.7.0-2.7.8)
@@ -142,3 +143,4 @@ releases, starting from Symfony 1.0.0:
 .. _blog: https://symfony.com/blog/
 .. _Security Advisories: https://symfony.com/blog/category/security-advisories
 .. _`security advisories database`: https://github.com/FriendsOfPHP/security-advisories
+.. _`mitre.org`: https://cveform.mitre.org/
diff --git a/contributing/code/standards.rst b/contributing/code/standards.rst
@@ -226,8 +226,8 @@ Service Naming Conventions
 Documentation
 -------------
 
-* Add PHPDoc blocks for all classes, methods, and functions, except when the
-  comments are trivial (e.g. basic getter and setter methods);
+* Add PHPDoc blocks for all classes, methods, and functions (though you may
+  be asked to remove PHPDoc that do not add value);
 
 * Group annotations together so that annotations of the same type immediately
   follow each other, and annotations of a different type are separated by a
diff --git a/form/create_custom_field_type.rst b/form/create_custom_field_type.rst
@@ -36,7 +36,8 @@ for form fields, which is ``<BundleName>\Form\Type``. Make sure the field extend
                     'Standard Shipping' => 'standard',
                     'Expedited Shipping' => 'expedited',
                     'Priority Shipping' => 'priority',
-                )
+                ),
+                'choices_as_values' => true,
             ));
         }
 
diff --git a/form/dynamic_form_modification.rst b/form/dynamic_form_modification.rst
@@ -409,9 +409,10 @@ sport like this::
                     $positions = null === $sport ? array() : $sport->getAvailablePositions();
 
                     $form->add('position', EntityType::class, array(
-                        'class'       => 'AppBundle:Position',
+                        'class' => 'AppBundle:Position',
                         'placeholder' => '',
-                        'choices'     => $positions,
+                        'choices' => $positions,
+                        'choices_as_values' => true,
                     ));
                 }
             );
@@ -465,9 +466,10 @@ The type would now look like::
                 $positions = null === $sport ? array() : $sport->getAvailablePositions();
 
                 $form->add('position', EntityType::class, array(
-                    'class'       => 'AppBundle:Position',
+                    'class' => 'AppBundle:Position',
                     'placeholder' => '',
-                    'choices'     => $positions,
+                    'choices' => $positions,
+                    'choices_as_values' => true,
                 ));
             };
 
diff --git a/reference/constraints/Blank.rst b/reference/constraints/Blank.rst
@@ -1,10 +1,18 @@
 Blank
 =====
 
-Validates that a value is blank, defined as equal to a blank string or equal
-to ``null``. To force that a value strictly be equal to ``null``, see the
-:doc:`/reference/constraints/IsNull` constraint. To force that a value is
-*not* blank, see :doc:`/reference/constraints/NotBlank`.
+Validates that a value is blank - meaning equal to an empty string or ``null``::
+
+    if ('' !== $value && null !== $value) {
+        // validation will fail
+    }
+
+To force that a value strictly be equal to ``null``, see the
+:doc:`/reference/constraints/IsNull` constraint.
+
+
+To force that a value is *not* blank, see :doc:`/reference/constraints/NotBlank`.
+But be careful as ``NotBlank`` is *not* strictly the opposite of ``Blank``.
 
 +----------------+---------------------------------------------------------------------+
 | Applies to     | :ref:`property or method <validation-property-target>`              |
diff --git a/reference/constraints/NotBlank.rst b/reference/constraints/NotBlank.rst
@@ -1,9 +1,14 @@
 NotBlank
 ========
 
-Validates that a value is not blank, defined as not strictly ``false``,
-not equal to a blank string and also not equal to ``null``. To force that
-a value is simply not equal to ``null``, see the
+Validates that a value is not blank - meaning not equal to a blank string,
+a blank array or ``null``::
+
+    if (false === $value || (empty($value) && '0' != $value)) {
+        // validation will fail
+    }
+
+To force that a value is simply not equal to ``null``, see the
 :doc:`/reference/constraints/NotNull` constraint.
 
 +----------------+------------------------------------------------------------------------+
diff --git a/reference/requirements.rst b/reference/requirements.rst
@@ -6,50 +6,29 @@
 Requirements for Running Symfony
 ================================
 
-To run Symfony, your system needs to adhere to a list of requirements. You
-can easily see if your system passes all requirements by running the
-``web/config.php`` in your Symfony distribution. Since the CLI often uses
-a different ``php.ini`` configuration file, it's also a good idea to check
-your requirements from the command line via:
+Symfony 3.3 requires **PHP 5.5.9** or higher to run, in addition to other minor
+requirements. To make things simple, Symfony provides a tool to quickly check if
+your system meets all those requirements.
 
-.. code-block:: terminal
-
-    $ php bin/symfony_requirements
-
-Below is the list of required and optional requirements.
+Beware that PHP can define a different configuration for the command console and
+the web server, so you need to check requirements in both environments.
 
-Required
---------
+Checking Requirements for the Web Server
+----------------------------------------
 
-* PHP needs to be a minimum version of PHP 5.5.9
-* `JSON extension`_ needs to be enabled
-* `ctype extension`_ needs to be enabled
-* Your ``php.ini`` needs to have the ``date.timezone`` setting
+Symfony includes a ``config.php`` file in the ``web/`` directory of your project.
+Open that file with your browser to check the requirements.
 
-Optional
---------
+Once you've fixed all the reported issues, delete the ``web/config.php`` file
+to avoid leaking internal information about your application to visitors.
 
-* You need to have the PHP-XML module installed
-* You need to have at least version 2.6.21 of libxml
-* PHP tokenizer needs to be enabled
-* mbstring functions need to be enabled
-* iconv needs to be enabled
-* POSIX needs to be enabled (only on \*nix)
-* Intl needs to be installed with ICU 4+
-* APC 3.0.17+ (or another opcode cache needs to be installed)
-* ``php.ini`` recommended settings
+Checking Requirements for the Command Console
+---------------------------------------------
 
-  * ``short_open_tag = Off``
-  * ``magic_quotes_gpc = Off``
-  * ``register_globals = Off``
-  * ``session.auto_start = Off``
+Open your console or terminal, enter in your project directory, execute this
+command and fix the reported issues:
 
-Doctrine
---------
-
-If you want to use Doctrine, you will need to have PDO installed. Additionally,
-you need to have the PDO driver installed for the database server you want
-to use.
+.. code-block:: terminal
 
-.. _`JSON extension`: https://php.net/manual/book.json.php
-.. _`ctype extension`: https://php.net/manual/book.ctype.php
+    $ cd my-project/
+    $ php bin/symfony_requirements
diff --git a/workflow/usage.rst b/workflow/usage.rst
@@ -229,7 +229,7 @@ order:
     * ``workflow.[workflow name].enter``
     * ``workflow.[workflow name].enter.[place name]``
 
-``work.flow.entered``
+``workflow.entered``
 
     Similar to ``workflow.enter``, except the marking store is updated before this
     event (making it a good place to flush data in Doctrine). 

Original file line number	Diff line number	Diff line change
@@ -36,7 +36,8 @@ for form fields, which is ``<BundleName>\Form\Type``. Make sure the field extend
`36`	`36`	`'Standard Shipping' => 'standard',`
`37`	`37`	`'Expedited Shipping' => 'expedited',`
`38`	`38`	`'Priority Shipping' => 'priority',`
`39`		`- )`
	`39`	`+ ),`
	`40`	`+ 'choices_as_values' => true,`
`40`	`41`	`));`
`41`	`42`	`}`
`42`	`43`