Merge branch '2.7' into 2.8

Conflicts:
	reference/configuration/security.rst

book/forms.rst

@@ -1812,7 +1812,7 @@ The CSRF token can be customized on a form-by-form basis. For example::
                 'csrf_protection' => true,
                 'csrf_field_name' => '_token',
                 // a unique key to help generate the secret token
-                'intention'       => 'task_item',
+                'csrf_token_id'   => 'task_item',
             ));
         }
 
@@ -1828,8 +1828,12 @@ section.
 
 .. note::
 
-    The ``intention`` option is optional but greatly enhances the security of
-    the generated token by making it different for each form.
+    The ``csrf_token_id`` option is optional but greatly enhances the security
+    of the generated token by making it different for each form.
+
+.. versionadded:: 2.4
+    The ``csrf_token_id`` option was introduced in Symfony 2.4. Prior, you
+    had to use the ``intention`` option.
 
 .. caution::
 

components/expression_language/index.rst

@@ -1,5 +1,5 @@
-Expression Language
-===================
+ExpressionLanguage
+==================
 
 .. toctree::
     :maxdepth: 2

cookbook/configuration/override_dir_structure.rst

@@ -30,7 +30,7 @@ Override the ``cache`` Directory
 --------------------------------
 
 You can change the default cache directory by overriding the ``getCacheDir`` method
-in the ``AppKernel`` class of you application::
+in the ``AppKernel`` class of your application::
 
     // app/AppKernel.php
 

cookbook/form/form_customization.rst

@@ -774,8 +774,8 @@ will be able to change the widget for each task as follows:
 
         {% block _tasks_entry_widget %}
             <tr>
-                <td>{{ form_widget(task.task) }}</td>
-                <td>{{ form_widget(task.dueDate) }}</td>
+                <td>{{ form_widget(form.task) }}</td>
+                <td>{{ form_widget(form.dueDate) }}</td>
             </tr>
         {% endblock %}
 

cookbook/profiler/data_collector.rst

@@ -160,7 +160,7 @@ block and set the value of two variables called ``icon`` and ``text``:
         {% endset %}
 
         {# the 'link' value set to 'false' means that this panel doesn't
-           show a section in the web profiler (default is 'true'). #}
+           show a section in the web profiler #}
         {{ include('@WebProfiler/Profiler/toolbar_item.html.twig', { link: false }) }}
     {% endblock %}
 
@@ -203,7 +203,7 @@ must also define additional blocks:
             </div>
         {% endset %}
 
-        {{ include('@WebProfiler/Profiler/toolbar_item.html.twig') }}
+        {{ include('@WebProfiler/Profiler/toolbar_item.html.twig', { 'link': true }) }}
     {% endblock %}
 
     {% block head %}

cookbook/security/acl_advanced.rst

@@ -45,6 +45,14 @@ Security Identities
 This is analog to the object identity, but represents a user, or a role in
 your application. Each role, or user has its own security identity.
 
+.. caution::
+
+    For users, the security identity is based on the username. This means that,
+    if for any reason, a user's username was to change, you must ensure its
+    security identity is updated too. The
+    :method:`MutableAclProvider::updateUserSecurityIdentity() <Symfony\\Component\\Security\\Acl\\Dbal\\MutableAclProvider::updateUserSecurityIdentity>`
+    method is there to handle the update.
+
 Database Table Structure
 ------------------------
 

cookbook/security/csrf_in_login_form.rst

@@ -33,7 +33,7 @@ provider available in the Security component:
                     # ...
                     form_login:
                         # ...
-                        csrf_provider: security.csrf.token_manager
+                        csrf_token_generator: security.csrf.token_manager
 
     .. code-block:: xml
 
@@ -50,7 +50,7 @@ provider available in the Security component:
 
                 <firewall name="secured_area">
                     <!-- ... -->
-                    <form-login csrf-provider="security.csrf.token_manager" />
+                    <form-login csrf-token-generator="security.csrf.token_manager" />
                 </firewall>
             </config>
         </srv:container>
@@ -66,12 +66,16 @@ provider available in the Security component:
                     // ...
                     'form_login' => array(
                         // ...
-                        'csrf_provider' => 'security.csrf.token_manager',
+                        'csrf_token_generator' => 'security.csrf.token_manager',
                     ),
                 ),
             ),
         ));
 
+.. versionadded:: 2.4
+    The ``csrf_token_generator`` option was introduced in Symfony 2.4. Prior,
+    you had to use the ``csrf_provider`` option.
+
 The Security component can be configured further, but this is all information
 it needs to be able to use CSRF in the login form.
 
@@ -124,7 +128,7 @@ After this, you have protected your login form against CSRF attacks.
 .. tip::
 
     You can change the name of the field by setting ``csrf_parameter`` and change
-    the token ID by setting ``intention`` in your configuration:
+    the token ID by setting  ``csrf_token_id`` in your configuration:
 
     .. configuration-block::
 
@@ -140,7 +144,7 @@ After this, you have protected your login form against CSRF attacks.
                         form_login:
                             # ...
                             csrf_parameter: _csrf_security_token
-                            intention: a_private_string
+                            csrf_token_id: a_private_string
 
         .. code-block:: xml
 
@@ -158,7 +162,7 @@ After this, you have protected your login form against CSRF attacks.
                     <firewall name="secured_area">
                         <!-- ... -->
                         <form-login csrf-parameter="_csrf_security_token"
-                            intention="a_private_string"
+                            csrf-token-id="a_private_string"
                         />
                     </firewall>
                 </config>
@@ -176,11 +180,15 @@ After this, you have protected your login form against CSRF attacks.
                         'form_login' => array(
                             // ...
                             'csrf_parameter' => '_csrf_security_token',
-                            'intention'      => 'a_private_string',
+                            'csrf_token_id'     => 'a_private_string'
                         ),
                     ),
                 ),
             ));
 
+.. versionadded:: 2.4
+    The ``csrf_token_id`` option was introduced in Symfony 2.4. Prior, you
+    had to use the ``intention`` option.
+
 .. _`Cross-site request forgery`: https://en.wikipedia.org/wiki/Cross-site_request_forgery
 .. _`Forging Login Requests`: https://en.wikipedia.org/wiki/Cross-site_request_forgery#Forging_login_requests

reference/configuration/security.rst

@@ -161,9 +161,9 @@ Each part will be explained in the next section.
                         password_parameter: _password
 
                         # csrf token options
-                        csrf_parameter: _csrf_token
-                        intention:      authenticate
-                        csrf_provider:  my.csrf_provider.id
+                        csrf_parameter:       _csrf_token
+                        csrf_token_id:        authenticate
+                        csrf_token_generator: my.csrf_token_generator.id
 
                         # by default, the login form *must* be a POST, not a GET
                         post_only:      true
@@ -209,8 +209,8 @@ Each part will be explained in the next section.
                     context:              ~
                     logout:
                         csrf_parameter:       _csrf_token
-                        csrf_provider:        ~
-                        intention:            logout
+                        csrf_token_generator: ~
+                        csrf_token_id:        logout
                         path:                 /logout
                         target:               /
                         success_handler:      ~