made it clear that the profiler is for dev only

fabpot · fabpot · commit fd853635b080 · 2018-09-24T08:27:30.000+02:00
diff --git a/src/Symfony/Bundle/WebProfilerBundle/README.md b/src/Symfony/Bundle/WebProfilerBundle/README.md
@@ -1,6 +1,12 @@
 WebProfilerBundle
 =================
 
+The Web profiler bundle is a **development tool** that gives detailed
+information about the execution of any request.
+
+**Never** enable it in production environments as it will lead to major security
+vulnerabilities in your project.
+
 Resources
 ---------
 
diff --git a/src/Symfony/Bundle/WebProfilerBundle/WebProfilerBundle.php b/src/Symfony/Bundle/WebProfilerBundle/WebProfilerBundle.php
@@ -14,10 +14,14 @@
 use Symfony\Component\HttpKernel\Bundle\Bundle;
 
 /**
- * Bundle.
- *
  * @author Fabien Potencier <fabien@symfony.com>
  */
 class WebProfilerBundle extends Bundle
 {
+    public function boot()
+    {
+        if ('prod' === $this->container->getParameter('kernel.environment')) {
+            @trigger_error('Using WebProfilerBundle in production is not supported and put your project at risk, disable it.', E_USER_DEPRECATED);
+        }
+    }
 }
diff --git a/src/Symfony/Component/HttpKernel/Profiler/ProfilerStorageInterface.php b/src/Symfony/Component/HttpKernel/Profiler/ProfilerStorageInterface.php
@@ -14,6 +14,14 @@
 /**
  * ProfilerStorageInterface.
  *
+ * This interface exists for historical reasons. The only supported implementation
+ * is FileProfilerStorage.
+ *
+ * As the profiler must only be used in non-production environments, the file storage
+ * is more than enough and no other implementations will ever be supported.
+ *
+ * @internal
+ *
  * @author Fabien Potencier <fabien@symfony.com>
  */
 interface ProfilerStorageInterface
