Merge remote-tracking branch 'upstream/1.4' into 1.4

rdavaillaud · Jan 4, 2013 · 07b3161 · 07b3161
2 parents 627225f + 75d9b19
commit 07b3161
Show file tree

Hide file tree

Showing 145 changed files with 1,763 additions and 871 deletions.
diff --git a/CHANGELOG b/CHANGELOG
@@ -1,6 +1,23 @@
 CHANGELOG
 =========
 
+11/25/12: Versions 1.4.20
+-------------------------
+
+ * [33598] fixed the possibility to fake a file upload
+ * [33545] fixed sfPDOSessionStorage for Oracle (closes #10022)
+ * [33544] fixed sfWebRequest::splitHttpAcceptHeader incorrect result order (closes #10069, patch by Keri Henare)
+ * [33539] fixed exception format when using the PHP 5.4 built-in server (closes #10067, based on a patch from jgskin)
+ * [33486] fixed sfPDODatabase::call() method (closes #10044)
+
+10/09/12: Versions 1.4.19
+-------------------------
+
+ * [33545] fixed sfPDOSessionStorage for Oracle (closes #10022)
+ * [33544] fixed sfWebRequest::splitHttpAcceptHeader incorrect result order (closes #10069, patch by Keri Henare)
+ * [33539] fixed exception format when using the PHP 5.4 built-in server (closes #10067, based on a patch from jgskin)
+ * [33486] fixed sfPDODatabase::call() method (closes #10044)
+
 05/30/12: Versions 1.4.18
 -------------------------
 

diff --git a/lib/autoload/sfAutoloadAgain.class.php b/lib/autoload/sfAutoloadAgain.class.php
@@ -14,7 +14,7 @@
  * @package    symfony
  * @subpackage autoload
  * @author     Kris Wallsmith <kris.wallsmith@symfony-project.com>
- * @version    SVN: $Id: sfAutoloadAgain.class.php 22248 2009-09-22 17:15:16Z fabien $
+ * @version    SVN: $Id: sfAutoloadAgain.class.php 33561 2012-10-18 11:42:28Z fabien $
  */
 class sfAutoloadAgain
 {
@@ -69,7 +69,7 @@ public function autoload($class)
     {
       foreach ($autoloads as $position => $autoload)
       {
-        if ($this === $autoload[0])
+        if (is_array($autoload) && $this === $autoload[0])
         {
           break;
         }

diff --git a/lib/autoload/sfCoreAutoload.class.php b/lib/autoload/sfCoreAutoload.class.php
@@ -11,7 +11,7 @@
 /**
  * The current symfony version.
  */
-define('SYMFONY_VERSION', '1.4.18');
+define('SYMFONY_VERSION', '1.4.20');
 
 /**
  * sfCoreAutoload class.

diff --git a/lib/controller/sfController.class.php b/lib/controller/sfController.class.php
@@ -16,7 +16,7 @@
  * @subpackage controller
  * @author     Fabien Potencier <fabien.potencier@symfony-project.com>
  * @author     Sean Kerr <sean@code-box.org>
- * @version    SVN: $Id: sfController.class.php 30912 2010-09-15 11:10:46Z fabien $
+ * @version    SVN: $Id: sfController.class.php 33539 2012-09-19 05:36:02Z fabien $
  */
 abstract class sfController
 {
@@ -489,7 +489,7 @@ public function setRenderMode($mode)
    */
   public function inCLI()
   {
-    return 0 == strncasecmp(PHP_SAPI, 'cli', 3);
+    return 'cli' == PHP_SAPI;
   }
 
   /**

diff --git a/lib/database/sfPDODatabase.class.php b/lib/database/sfPDODatabase.class.php
@@ -18,7 +18,7 @@
  * @author     Fabien Potencier <fabien.potencier@symfony-project.com>
  * @author     Sean Kerr <sean@code-box.org>
  * @author     Dustin Whittle <dustin.whittle@symfony-project.com>
- * @version    SVN: $Id: sfPDODatabase.class.php 23810 2009-11-12 11:07:44Z Kris.Wallsmith $
+ * @version    SVN: $Id: sfPDODatabase.class.php 33486 2012-07-09 08:57:29Z fabien $
  */
 class sfPDODatabase extends sfDatabase
 {
@@ -109,6 +109,6 @@ public function shutdown()
    */
   public function __call($method, $arguments)
   {
-    return $this->getConnection()->$method($arguments);
+    return call_user_func_array(array($this->getConnection(), $method), $arguments);
   }
 }
diff --git a/lib/debug/sfTimerManager.class.php b/lib/debug/sfTimerManager.class.php
@@ -14,7 +14,7 @@
  * @package    symfony
  * @subpackage util
  * @author     Fabien Potencier <fabien.potencier@symfony-project.com>
- * @version    SVN: $Id: sfTimerManager.class.php 13339 2008-11-25 14:58:05Z fabien $
+ * @version    SVN: $Id: sfTimerManager.class.php 33570 2012-10-25 09:44:55Z fabien $
  */
 class sfTimerManager
 {
@@ -29,14 +29,16 @@ class sfTimerManager
    *
    * @return sfTimer The timer instance
    */
-  public static function getTimer($name)
+  public static function getTimer($name,$reset=true)
   {
     if (!isset(self::$timers[$name]))
     {
       self::$timers[$name] = new sfTimer($name);
     }
 
-    self::$timers[$name]->startTimer();
+    if($reset){
+       self::$timers[$name]->startTimer();
+    }
 
     return self::$timers[$name];
   }

diff --git a/lib/exception/sfException.class.php b/lib/exception/sfException.class.php
@@ -18,7 +18,7 @@
  * @subpackage exception
  * @author     Fabien Potencier <fabien.potencier@symfony-project.com>
  * @author     Sean Kerr <sean@code-box.org>
- * @version    SVN: $Id: sfException.class.php 33214 2011-11-19 13:47:24Z fabien $
+ * @version    SVN: $Id: sfException.class.php 33539 2012-09-19 05:36:02Z fabien $
  */
 class sfException extends Exception
 {
@@ -195,8 +195,9 @@ static protected function outputStackTrace(Exception $exception)
       }
     }
 
-    // when using CLI, we force the format to be TXT
-    if (0 == strncasecmp(PHP_SAPI, 'cli', 3))
+    // when using CLI, we force the format to be TXT. Compare exactly to 
+    // the string 'cli' because the php 5.4 server is identified by 'cli-server'
+    if ('cli' == PHP_SAPI)
     {
       $format = 'txt';
     }

diff --git a/lib/form/sfForm.class.php b/lib/form/sfForm.class.php
@@ -23,7 +23,7 @@
  * @package    symfony
  * @subpackage form
  * @author     Fabien Potencier <fabien.potencier@symfony-project.com>
- * @version    SVN: $Id: sfForm.class.php 29678 2010-05-30 14:38:42Z Kris.Wallsmith $
+ * @version    SVN: $Id: sfForm.class.php 33598 2012-11-25 09:57:29Z fabien $
  */
 class sfForm implements ArrayAccess, Iterator, Countable
 {
@@ -222,6 +222,8 @@ public function bind(array $taintedValues = null, array $taintedFiles = null)
       $this->taintedFiles = array();
     }
 
+    $this->checkTaintedValues($this->taintedValues);
+
     try
     {
       $this->doBind(self::deepArrayUnion($this->taintedValues, self::convertFileInformation($this->taintedFiles)));
@@ -1336,4 +1338,24 @@ static protected function deepArrayUnion($array1, $array2)
 
     return $array1;
   }
+
+  /**
+   * Checks that the $_POST values do not contain something that
+   * looks like a file upload (coming from $_FILE).
+   */
+  protected function checkTaintedValues($values)
+  {
+    foreach ($values as $name => $value)
+    {
+      if (!is_array($value)) {
+        continue;
+      }
+
+      if (isset($value['tmp_name'])) {
+        throw new InvalidArgumentException('Do not try to fake a file upload.');
+      }
+
+      $this->checkTaintedValues($value);
+    }
+  }
 }
diff --git a/lib/plugins/sfDoctrinePlugin/lib/database/sfDoctrineConnectionProfiler.class.php b/lib/plugins/sfDoctrinePlugin/lib/database/sfDoctrineConnectionProfiler.class.php
@@ -6,7 +6,7 @@
  * @package    sfDoctrinePlugin
  * @subpackage database
  * @author     Kris Wallsmith <kris.wallsmith@symfony-project.com>
- * @version    SVN: $Id: sfDoctrineConnectionProfiler.class.php 20157 2009-07-13 17:00:12Z Kris.Wallsmith $
+ * @version    SVN: $Id: sfDoctrineConnectionProfiler.class.php 33570 2012-10-25 09:44:55Z fabien $
  */
 class sfDoctrineConnectionProfiler extends Doctrine_Connection_Profiler
 {
@@ -82,7 +82,7 @@ public function preQuery(Doctrine_Event $event)
    */
   public function postQuery(Doctrine_Event $event)
   {
-    sfTimerManager::getTimer('Database (Doctrine)')->addTime();
+    sfTimerManager::getTimer('Database (Doctrine)',false)->addTime();
 
     $args = func_get_args();
     $this->__call(__FUNCTION__, $args);
@@ -118,7 +118,7 @@ public function preExec(Doctrine_Event $event)
    */
   public function postExec(Doctrine_Event $event)
   {
-    sfTimerManager::getTimer('Database (Doctrine)')->addTime();
+    sfTimerManager::getTimer('Database (Doctrine)',false)->addTime();
 
     $args = func_get_args();
     $this->__call(__FUNCTION__, $args);
@@ -154,7 +154,7 @@ public function preStmtExecute(Doctrine_Event $event)
    */
   public function postStmtExecute(Doctrine_Event $event)
   {
-    sfTimerManager::getTimer('Database (Doctrine)')->addTime();
+    sfTimerManager::getTimer('Database (Doctrine)',false)->addTime();
 
     $args = func_get_args();
     $this->__call(__FUNCTION__, $args);

diff --git a/lib/request/sfWebRequest.class.php b/lib/request/sfWebRequest.class.php
@@ -18,7 +18,7 @@
  * @subpackage request
  * @author     Fabien Potencier <fabien.potencier@symfony-project.com>
  * @author     Sean Kerr <sean@code-box.org>
- * @version    SVN: $Id: sfWebRequest.class.php 32729 2011-07-05 15:23:04Z www-data $
+ * @version    SVN: $Id: sfWebRequest.class.php 33544 2012-10-05 10:42:42Z fabien $
  */
 class sfWebRequest extends sfRequest
 {
@@ -633,28 +633,34 @@ public function setRelativeUrlRoot($value)
   public function splitHttpAcceptHeader($header)
   {
     $values = array();
+    $groups = array();
     foreach (array_filter(explode(',', $header)) as $value)
     {
       // Cut off any q-value that might come after a semi-colon
       if ($pos = strpos($value, ';'))
       {
-        $q     = (float) trim(substr($value, strpos($value, '=') + 1));
+        $q     = trim(substr($value, strpos($value, '=') + 1));
         $value = substr($value, 0, $pos);
       }
       else
       {
         $q = 1;
       }
 
-      if (0 < $q)
-      {
-        $values[trim($value)] = $q;
-      }
+      $groups[$q][] = $value;
     }
 
-    arsort($values);
+    krsort($groups);
+
+    foreach ($groups as $q => $items) {
+      if (0 < $q) {
+        foreach ($items as $value) {
+          $values[] = trim($value);
+        }
+      }
+    }
 
-    return array_keys($values);
+    return $values;
   }
 
   /**

diff --git a/lib/storage/sfPDOSessionStorage.class.php b/lib/storage/sfPDOSessionStorage.class.php
@@ -19,7 +19,7 @@
  * @author     Mathew Toth <developer@poetryleague.com>
  * @author     Fabien Potencier <fabien.potencier@symfony-project.com>
  * @author     Sean Kerr <sean@code-box.org>
- * @version    SVN: $Id: sfPDOSessionStorage.class.php 13143 2008-11-18 22:22:01Z FabianLange $
+ * @version    SVN: $Id: sfPDOSessionStorage.class.php 33545 2012-10-05 10:49:45Z fabien $
  */
 class sfPDOSessionStorage extends sfDatabaseSessionStorage
 {
@@ -115,7 +115,7 @@ public function sessionRead($id)
       $sessionRows = $stmt->fetchAll(PDO::FETCH_NUM);
       if (count($sessionRows) == 1)
       {
-        return $sessionRows[0][0];
+        return is_resource($sessionRows[0][0]) ? stream_get_contents($sessionRows[0][0]) : $sessionRows[0][0];
       }
       else
       {

diff --git a/lib/vendor/swiftmailer/classes/Swift.php b/lib/vendor/swiftmailer/classes/Swift.php
@@ -18,8 +18,11 @@
 abstract class Swift
 {
 
+  static $initialized = false;
+  static $initPath;
+
   /** Swift Mailer Version number generated during dist release process */
-  const VERSION = '4.1.0-DEV';
+  const VERSION = '4.1.8';
 
   /**
    * Internal autoloader for spl_autoload_register().
@@ -29,28 +32,37 @@ abstract class Swift
   public static function autoload($class)
   {
     //Don't interfere with other autoloaders
-    if (0 !== strpos($class, 'Swift'))
+    if (0 !== strpos($class, 'Swift_'))
     {
-      return false;
+      return;
     }
 
     $path = dirname(__FILE__).'/'.str_replace('_', '/', $class).'.php';
 
     if (!file_exists($path))
     {
-      return false;
+      return;
+    }
+
+    if (self::$initPath && !self::$initialized)
+    {
+      self::$initialized = true;
+      require self::$initPath;
     }
 
-    require_once $path;
+    require $path;
   }
 
   /**
    * Configure autoloading using Swift Mailer.
    * 
    * This is designed to play nicely with other autoloaders.
+   *
+   * @param string $initPath The init script to load when autoloading the first Swift class
    */
-  public static function registerAutoload()
+  public static function registerAutoload($initPath = null)
   {
+    self::$initPath = $initPath;
     spl_autoload_register(array('Swift', 'autoload'));
   }
 

diff --git a/lib/vendor/swiftmailer/classes/Swift/Attachment.php b/lib/vendor/swiftmailer/classes/Swift/Attachment.php
@@ -8,9 +8,6 @@
  * file that was distributed with this source code.
  */
 
-//@require 'Swift/Mime/Attachment.php';
-//@require 'Swift/ByteStream/FileByteStream.php';
-//@require 'Swift/DependencyContainer.php';
 
 /**
  * Attachment class for attaching files to a {@link Swift_Mime_Message}.

diff --git a/lib/vendor/swiftmailer/classes/Swift/ByteStream/AbstractFilterableInputStream.php b/lib/vendor/swiftmailer/classes/Swift/ByteStream/AbstractFilterableInputStream.php
@@ -8,9 +8,6 @@
  * file that was distributed with this source code.
  */
 
-//@require 'Swift/InputByteStream.php';
-//@require 'Swift/Filterable.php';
-//@require 'Swift/StreamFilter.php';
 
 /**
  * Provides the base functionality for an InputStream supporting filters.
@@ -23,7 +20,7 @@ abstract class Swift_ByteStream_AbstractFilterableInputStream
 {
 
   /** Write sequence */
-  private $_sequence = 0;
+  protected $_sequence = 0;
 
   /** StreamFilters */
   private $_filters = array();

diff --git a/lib/vendor/swiftmailer/classes/Swift/ByteStream/ArrayByteStream.php b/lib/vendor/swiftmailer/classes/Swift/ByteStream/ArrayByteStream.php
@@ -8,8 +8,6 @@
  * file that was distributed with this source code.
  */
 
-//@require 'Swift/InputByteStream.php';
-//@require 'Swift/OutputByteStream.php';
 
 /**
  * Allows reading and writing of bytes to and from an array.