This PR was merged into the 2.2 branch.

Commits
-------

54d7d25 [HttpKernel] hinclude fragment renderer must escape URIs properly to return valid html

Discussion
----------

[HttpKernel] hinclude fragment renderer must escape URIs properly to return valid html

| Q             | A
| ------------- | ---
| Bug fix?      | [yes]
| New feature?  | [no]
| BC breaks?    | [no]
| Deprecations? | [no]
| Tests pass?   | [yes]
| Fixed tickets | [-]
| License       | MIT
| Doc PR        | [-]

Since rendering of hinclude fragments returns html/xml, it is marked as safe. So it's not auto-escaped of course. But that means it must properly escape it's input (the URI) when outputting in html context.
Btw, this does not need to be done for esi because esi tags are processed in middleware which do not go to the client/browser.

---------------------------------------------------------------------------

by Koc at 2013-02-15T22:59:05Z

Will it works correct when `arg_separator.output="&"`?

---------------------------------------------------------------------------

by stof at 2013-02-15T23:04:01Z

if your url comes form the routing, yes. It [does not rely on the default separator](https://github.com/symfony/Routing/blob/master/Generator/UrlGenerator.php#L265) to avoid issues when the separator is configured to ``&`` as it would have been escaped again in Twig templates for instance.

---------------------------------------------------------------------------

by fabpot at 2013-02-16T07:26:19Z

Can you include the proper PR header in the description? Thanks.

---------------------------------------------------------------------------

by Tobion at 2013-02-16T12:28:18Z

Added.

* 2.1:
  Defined stable version point of Doctrine.
  [HttpFoundation] Remove Cache-Control when using https download via IE<9 (fixes symfony#6750)
  Update composer.json
  [Form] Fixed TimeType not to render a "size" attribute in select tags
  [Form] Added test for "label" option to accept the value "0"
  Expanded fault-tolerance for unusual cookie dates
  Fix docblock type
  [Form] Fixed "label" option to accept the value "0"
  merged branch jfcixmedia/2.1 (PR symfony#5838)
  [DomCrawler] lowered parsed protocol string (fixes symfony#6986)

Conflicts:
	composer.json
	src/Symfony/Bridge/Twig/Resources/views/Form/form_div_layout.html.twig
	src/Symfony/Bundle/FrameworkBundle/Resources/views/Form/time_widget.html.php
	src/Symfony/Bundle/FrameworkBundle/composer.json
	src/Symfony/Component/Form/Tests/Extension/Csrf/EventListener/CsrfValidationListenerTest.php
	src/Symfony/Component/Routing/composer.json
	src/Symfony/Component/Security/composer.json
	src/Symfony/Component/Validator/composer.json

This PR was submitted for the master branch but it was merged into the 2.2 branch instead (closes symfony#7180).

Commits
-------

6a33bc2 [HttpKernel] Fixes AppCache + ESI + Stopwatch problem

Discussion
----------

[HttpKernel] Fixes AppCache + ESI + Stopwatch problem

There is a very special case when using builtin AppCache class as kernel wrapper, in the case of an ESI request leading to a `stale` response [B]  inside a `fresh` cached response [A]. In this case, `$token` contains the [B] debug token, but the  open `stopwatch` section ID is equal to the [A] debug token. Trying to reopen section with the [B] token throws an exception which must be caught.

| Q             | A
| ------------- | ---
| Bug fix?      | yes
| Bug mask?     | no, does @vicb agree?
| New feature?  | no
| BC breaks?    | no
| Deprecations? | no
| Tests pass?   | yes
| Fixed tickets | symfony#6227, symfony#6230

I tried to find a better solution than just wrapping thrown exceptions with `try/catch`, but IMHO the symfony#6230 solution from @lsmith77 was in fine the best one. I just added some comments in the code to avoid the WTF reactions while reading it.

---------------------------------------------------------------------------

by vicb at 2013-02-25T16:51:51Z

@vicb never agrees :)

I don't have time to check this deeply now but I would like to see a UT.

Could your use case be expressed as "on nested terminate events" ?

---------------------------------------------------------------------------

by jfsimon at 2013-02-25T16:58:49Z

@vicb If I had an idea on how to write a conclusive test for that, I swear, it would be provided in this PR.

This PR was squashed before being merged into the 2.2 branch (closes symfony#7189).

Commits
-------

850bd5a [HttpFoundation] Fixed messed up headers

Discussion
----------

[HttpFoundation] Fixed messed up headers

| Q             | A
| ------------- | ---
| Bug fix?      | yes
| New feature?  | no
| BC breaks?    | no
| Deprecations? | no
| Tests pass?   | yes
| Fixed tickets | n/a
| License       | MIT
| Doc PR        | n/a

I ran into this when somewhere in our code the Response object was cast into a string. After that, when send()'ing the Response, the headers would be all mixed up. This is because the __toString in HeaderBag ksorts the headers, while the __toString in ResponseHeaderBag doesn't ksort the corresponding headerNames. This patch ksorts that one as well.

allPreserveCase() is new to 2.2, so this bug doesn't seem to affect earlier versions.

To be exact, this is where it got introduced: symfony@63a228c45613bb

---------------------------------------------------------------------------

by Burgov at 2013-02-26T09:27:20Z

B.t.w. another option was to ksort a copy of the headers array in the ResponseBag and leaving the actual thing as-is. Not sure which one would be the best option?

This PR was submitted for the master branch but it was merged into the 2.2 branch instead (closes symfony#7190).

Commits
-------

b2e9bdb [Finder] Adds expandable globs support to shell adapters

Discussion
----------

[Finder] Adds expandable globs support to shell adapters

As expandable globs, i mean glob following `*.{a,b}` syntax.

| Q             | A
| ------------- | ---
| Bug fix?      | yes
| New feature?  | no
| BC breaks?    | no
| Deprecations? | no
| Tests pass?   | yes
| Fixed tickets | symfony#6586

This PR was submitted for the master branch but it was merged into the 2.2 branch instead (closes symfony#7188).

Commits
-------

3b2cb79 [Finder] fixed paths/notPaths regex for shell adapters
45b84c5 [Finder] fix issue 4911

Discussion
----------

[Finder] Fixes paths/notPaths issue with shell adapters

This PR is built upon symfony#5128 from @gajdaw.
It fixes wrong handling of regex in `paths` and `notPaths` criteria by shell adapters.

| Q             | A
| ------------- | ---
| Bug fix?      | yes
| New feature?  | no
| BC breaks?    | no
| Deprecations? | no
| Tests pass?   | yes
| Fixed tickets | symfony#4911, symfony#5128

This PR was squashed before being merged into the 2.2 branch (closes symfony#7212).

Commits
-------

f40adbc [Finder] adds adapter selection/unselection capabilities

Discussion
----------

[Finder] adds adapter selection/unselection capabilities

As we have many issues with the native finder adapter, it would be good to:
*  permit selection of a particular adapter which will be choosed over the others until its unselection
*  permit unselection of adapters to get the finder select trhe best on (by priority)
*  have `PhpAdapter` selected by default

This PR adds 2 methods to the `Finder`:
*  `setAdapter($adapter)`: selects an adapter by its name
*  `useBestAdapter()`: tells the finder to select best adapter by their priority

| Q             | A
| ------------- | ---
| Bug fix?      | no
| New feature?  | yes
| BC breaks?    | no
| Deprecations? | no
| Tests pass?   | yes

---------------------------------------------------------------------------

by jfsimon at 2013-02-28T14:05:25Z

@fabpot I just applied all your good advices, there was no bad one :)

This PR was merged into the 2.2 branch.

Commits
-------

da22926 [Validator] gracefully handle transChoice errors

Discussion
----------

[Validator] gracefully handle transChoice errors

This validator annotation was throwing an error for me:

```
/** @Assert\Length(min=6, minMessage="Must be 6 characters") */
```

To avoid this error in the current code I would need to provide a message template that accommodates the minimum length being 1, even though that's not the case.

| Q             | A
| ------------- | ---
| Bug fix?      | yes
| New feature?  | no
| BC breaks?    | no
| Deprecations? | no
| Tests pass?   | yes
| Fixed tickets | ~
| License       | MIT
| Doc PR        | ~

---------------------------------------------------------------------------

by kriswallsmith at 2013-02-25T19:41:51Z

ping @fabpot

Any thoughts on this change? Having to provide a transChoice template when you know what the pluralization is going to be is a pain in the neck.

---------------------------------------------------------------------------

by kriswallsmith at 2013-02-25T19:42:11Z

ping @bschussek too :)

---------------------------------------------------------------------------

by fabpot at 2013-02-25T19:57:08Z

I'm +1 for this change. What do you think @bschussek?

---------------------------------------------------------------------------

by vicb at 2013-02-26T10:44:33Z

Would this be a common enough use case to be pushed to the translator ?

This PR was submitted for the master branch but it was merged into the 2.2 branch instead (closes symfony#6482).

Commits
-------

f3e227a Mask PHP_AUTH_PW header in profiler

Discussion
----------

Mask PHP_AUTH_PW header in profiler

---------------------------------------------------------------------------

by fabpot at 2012-12-27T17:39:26Z

Not sure about this one. Having public access to the web profiler in the production environment is really bad anyway. There is a ton of information that could help an attacker. So, just hiding this specific bit of information won't make it better.

---------------------------------------------------------------------------

by lmcd at 2012-12-27T18:04:45Z

A few scenarios are suggested here where a developer might want the profiler switched on in production: http://symfony.com/doc/current/book/internals.html

I'm talking specifically about someone gaining malicious access to the filesystem. Ripping database tables are somewhat ineffective at stealing user credentials, considering passwords are usually securely hashed nowadays. But the profiler database would have usernames/passwords just sitting there in plaintext.

I know there is lots of information there to aid an attacker, but so is there in most databases (IP addresses, useragents, names, email addresses etc) - but passwords are widely accepted as the *one* thing that should *never* just be stored in plaintext.

* 2.1:
  Options small typo
  [Console] fixed unparsed StringInput tokens
  [TwigBridge] fixed trans twig extractor
  [DomCrawler] fix handling of schemes by Link::getUri()
  [Console] Fixed comment
  [TwigBridge] fixed the translator extractor that were not trimming the text in trans tags (closes symfony#7056)
  Fixed handling absent href attribute in base tag
  added a DebuClassLoader::findFile() method to make the wrapping less invasive
  fixed CHANGELOG
  bumped Symfony version to 2.1.9-DEV
  updated VERSION for 2.1.8
  updated CHANGELOG for 2.1.8
  StringInput resets the given options.

Conflicts:
	src/Symfony/Component/HttpKernel/Kernel.php

This PR was submitted for the master branch but it was merged into the 2.2 branch instead (closes symfony#7226).

Commits
-------

80aa012 Add persian translation to Components/Security

Discussion
----------

Add Persian (farsi) Translation to Component/Security

| Q             | A
| ------------- | ---
| Bug fix?      | no
| New feature?  | somehow :)
| BC breaks?    | no
| Tests pass?   | yes
| License       | MIT

Just add farsi translation to Component/Security

This reverts commit f52120b, reversing
changes made to 66c2be3.

This PR was submitted for the master branch but it was merged into the 2.2 branch instead (closes symfony#8227).

Discussion
----------

[Process] fix issue where $_ENV contains array vals

There are cases where $env or $_ENV can contain a value that is an array
This will cause Process to throw an Array to String conversion exception
Initially I submitted a patch of Process.php, however Fabien indicated
that it shouldn't be fixed there (see below pull request).

Before recently, a simple work around would be in php.ini to set:

  register_argc_argv = On

However with recent changes, this seems to no longer work.

Original pull request: symfony#7354

See ticket symfony#7196

```
| Q             | A
| ------------- | ---
| Bug fix?      | yes
| New feature?  | no
| BC breaks?    | no
| Deprecations? | no
| Tests pass?   | yes
| Fixed tickets | 7196
| License       | MIT
| Doc PR        | none
```

Commits
-------

2c6af95 [Process] fix issue where $_ENV contains array vals

This PR was submitted for the master branch but it was merged into the 2.2 branch instead (closes symfony#8242).

Discussion
----------

[FrameworkBundle] do not re-register commands each time a Console\Application is run

| Q             | A
| ------------- | ---
| Bug fix?      | yes
| New feature?  | no
| BC breaks?    | no
| Deprecations? | no
| Tests pass?   | yes
| Fixed tickets |
| License       | MIT
| Doc PR        |

I have been experimenting with using the Symfony console application inside of a React event loop which works quite well.

In this scenario, I re-use an instances of a Console\Application to run multiple tasks. This works well apart from unnecessarily reloading the command classes from all included bundles each time doRun() is called (https://github.com/symfony/symfony/blob/master/src/Symfony/Bundle/FrameworkBundle/Console/Application.php#L68). This can also lead to running out of file descriptors under heavy load as bootstrap.php.cache uses a RecursiveDirectoryIterator to load the command.

Commits
-------

1983fc3 [FrameworkBundle] do not re-register commands each time a Console\Application is run

This PR was submitted for the 2.1 branch but it was merged into the 2.2 branch instead (closes symfony#8198).

Discussion
----------

[Form] fixed date type format pattern regex

| Q             | A
| ------------- | ---
| Bug fix?      | [yes]
| New feature?  | [no]
| BC breaks?    | [no]
| Deprecations? | [no]
| Tests pass?   | [yes]
| License       | MIT

I don't understand what is the rationale behind the current regex, why is there mandatory in-between characters?

The current regex passes with the format option set to ```dMyyyy``` while it doesn't with ```dMy```, on the linked icu documentation it is stated that ```y``` is equivalent to ```yyyy```.

So when setting this format option to dMy, fields are rendered in a wrong order because of the fallback (year, month, day).

Commits
-------

6a91bbb [Form] fixed date type format pattern regex

This PR was submitted for the master branch but it was merged into the 2.2 branch instead (closes symfony#8199).

Discussion
----------

[Console] Throw exception if value is passed to VALUE_NONE input optin, long syntax

| Q             | A
| ------------- | ---
| Bug fix?      | yes
| New feature?  | no
| BC breaks?    | yes
| Deprecations? | no
| Tests pass?   | yes
| Fixed tickets | symfony#8135
| License       | MIT

Input options with InputOption::VALUE_NONE accept values in both short and long syntaxes:
- When using the long syntax, no exception is thrown;
- When using short, a "The %s option does not exist" exception is thrown.

This PR only addresses the long syntax case. The short syntax case would require considerable refactoring of the parse code, which I believe should be discussed.

I included a test that illustrates the above mentioned problem for the long syntax scenario.

Commits
-------

32ea77f Throw exception if value is passed to VALUE_NONE input, long syntax

This PR was merged into the 2.2 branch.

Discussion
----------

[WebProfilerBundle] force the Content-Type to html in the web profiler controllers

| Q             | A
| ------------- | ---
| Bug fix?      | yes
| New feature?  | no
| BC breaks?    | no
| Deprecations? | no
| Tests pass?   | [![Build Status](https://travis-ci.org/lsmith77/symfony.png?branch=force_content_type)](https://travis-ci.org/lsmith77/symfony)
| Fixed tickets | -
| License       | MIT
| Doc PR        | -

This just forces the Content-Type to match what will be returned, otherwise if the request format happens to be something else than HTML (which can be the case when building an app that only does JSON/XML with FOSRestBundle) it can happen that the Response class automatically sets a different Content-Type.

The approach taken here matches https://github.com/nelmio/NelmioApiDocBundle/blob/master/Controller/ApiDocController.php#L24

Commits
-------

6d2135b force the Content-Type to html in the web profiler controllers

…ny#7380)

This PR was merged into the 2.2 branch.

Discussion
----------

[HttpFoundation] fixed issue with session_regenerate_id (closes symfony#7380)

| Q             | A
| ------------- | ---
| Bug fix?      | yes
| New feature?  | no
| BC breaks?    | no
| Deprecations? | no
| Tests pass?   | yes
| Fixed tickets | symfony#7380
| License       | MIT
| Doc PR        | n/a

Commits
-------

77f2aa8 [HttpFoundation] fixed issue with session_regenerate_id (closes symfony#7380)

This PR was merged into the 2.2 branch.

Discussion
----------

[2.2][Process] Disable exception on stream_select timeout

| Q             | A
| ------------- | ---
| Bug fix?      | yes
| New feature?  | no
| BC breaks?    | no
| Deprecations? | no
| Tests pass?   | yes
| Fixed tickets | symfony#8231
| License       | MIT

Commits
-------

c0da3ae [Process] Disable exception on stream_select timeout

* 2.1:
  [Console] fixed regression when calling a command foo:bar if there is another one like foo:bar:baz (closes symfony#8245)

This PR was submitted for the master branch but it was merged into the 2.2 branch instead (closes symfony#8337).

Discussion
----------

Fix grammar

Commits
-------

4163f71 Fix grammar

…#8246)

This PR was submitted for the 2.3 branch but it was merged into the 2.2 branch instead (closes symfony#8310).

Discussion
----------

[FrameworkBundle] Fixed variable name used in translation cache

This simply fixes the `$catalogueXXX` variable name used in the translation cache files in case the user use locales such as `en-US`, the generated variable's name was `$catalogueEn-Us`, with this fix it will be `$catalogueEnUs`.

| Q             | A
| ------------- | ---
| Bug fix?      | yes
| New feature?  | no
| BC breaks?    | no
| Deprecations? | no
| Tests pass?   | yes
| Fixed tickets | symfony#7824
| License       | MIT
| Doc PR        | -

Commits
-------

e50399c [FrameworkBundle] Fixed variable name used in translation cache

This PR was submitted for the master branch but it was merged into the 2.2 branch instead (closes symfony#8363).

Discussion
----------

typo first->second

Commits
-------

2d9a84b typo first->second