They are not needed anymore since we use a auto loader

This commit adds a grunt task (named `php`) that will run phpcs with the PSR-2 standard.

Note that you have to install php_codesniffer which has been added as a require-dev lib.

Doing `composer install` will mess up Symphony's auto loader, so please `git checkout vendor` after the composer call

This commit introduce a new jQuery plugin called Default Value, which
gives a input a source element to value its value from, when a specified
event occurs on this source element.

This behaviour is switched to off when the users focuses on the input
field and then blurs out, leaving a value in the input.

This commit also hooks this behaviours on the Data Source name input and
on the Event name input.

Closes symphonycms#2511

This function should be checking new value for emptiness, but it was checking
the database value instead. Additionally, at this point, the database value
would always be `NULL`. Changed to use the correct variable.

When there is no data written to the database, return `true` instead of `false`.
Logically, the operation is successful.

See: http://php.net/manual/en/sessionhandlerinterface.write.php

When no data has been read, the read method should return an emtpy string, but
it was returning NULL instead.

See: http://php.net/manual/en/sessionhandlerinterface.read.php

This way, developer can change the sorting order, which is Symphony's order by default

This change is primarly to make sure we do not have to url encode the xsrf token.

Also, the default value for the method is now 30 instead of 20. (the magic 20 number was undocumented). The magic number used in the for loop for the fallback is also replace by the length parameter value: the sorter the nonce, the more iteration we have to make to shuffle things more.

Finally the method will now throw an Exception if the length is smaller than 1.

Fixes symphonycms#2567

Added support for PHP 7 random_bytes() and the mcrypt package.

Re symphonycms#2567

The two SQL statements where mostly the same so they got refactored out.

Also, this will provide another extension point for extension developers that inherits from the file upload.

This fixes a fatal error on the install page when the extension folder does not exists

First of all there's a big 'error' on the namespace which never matched as there was a typo.

Second if a hash exists; the namespace query is run for no reason as data is overwritten by the if statement underneath.

Fix Namespace Cache Typo & remove useless query

This is a port of
symphonycms@5e3bf4f#diff-19f01796e1be3eb30628a9acd35514d5L204

cc @brendo

Url seems to be case sensitive now.

Closes symphonycms#2580

…onycms#2530)

* Set "Sections Index" as default area of default (first) author

Because not having a default area isn’t considered in the UI.

* Set "/blueprints/sections/" as default area fallback for developers

symphonycms#2529

* Fix Whitespace

A very small formatting fix.

PHP 7 cares.

In MySQL 5.7 a datetime field cannot have a default value of "0000-00-00" for the date, the minimum value is "1000-01-01".

Fixes symphonycms#2454

This thing really complicates things and should have been removed
earlier

This change is to protect our users against a poorly setup server. PHP
can allow pretty scary things security-wise, so it's best to make sure
things that can only have one valid setting should be enforced.

Thanks to @hyp3rlinx for this.

This change makes it possible to have non-url safe characters in the
base path

This is a precaution calls what makes sure the SAPI module used by the
hosting company chdir's the user at the right place

This is what constant are for

This commits reuse the code from the edit action in order to validate if
the current user can delete the author.

Even if the Delete button is not present on the page, a request can be
crafted in order for an author to delete another.

This change also validates that the password of the current author is
checked before doing any un-undoable things.

Rebase of 8b20b8f

This changes uses the array returned by $section->fetchVisibleColumns() in order to create the element names array to pass to the entry manager. This yeilds a nice performance update when a section contains many (hundreads) of fields but only a few of them are needed for the publish table view.

Rebase of 34bd49f

That's for uniformity only.

Cherry picked version of 5476e2f

Rebased version of 05693e0

Closes symphonycms#2520

EntryPreCheckPostFieldData

* Publish Filtering : Increase flexibility of comparison modes 6e764d1

The current markup of the „comparison mode“-selectboxes in the publish
filtering interface doesn’t allow for multiple modes that don’t have a
filter prefix (like „regexp:“, „greater than:“, etc.) as it uses the
prefix as unique identifier (option value).

The default comparison mode „is“ is expected as the only mode without a
filter prefix. But filter modes like „between“ („$x to $y“) as included
in Number Field (and possibly date fields too) don’t have a prefix
either and therefore won’t work with the current code.

This PR changes that behavior by shifting to the filter title as unique
identifier and adding the filter prefix as optional data-attribute
that’s only used for building the actual filtering-url-parameters.

Old Behavior:
- Filter title is used as option title
- Filter prefix is used as value-attribute

New Behavior:
- Filter title is used as option title
- Filter title is used as value-attribute
- Filter prefix is included as data-attribute

* Fix code indenting 4a7db7a

* Improve construction of comparison array ccc5e9e

* Fix code indenting e56bdde

* Use „data-comparison“ as unique identifier of the chosen comparison mode 	d37e0b8

Use the „data-comparison“-attribute as unique identifier for the chosen
comparison mode of a filtering instance - both in the selectbox and the
list of context help texts.

The „value“-attribute of the comparison mode selectbox now again is
used for serving the actual filter prefix used to construct the
filtering-parameters in the url.

* Remove leading whitespace from filter value input field ac61c11

When editing an entry, Symphony will iterate over all fields, delete existing data first, then insert a new row for the field's data. So there will always be a time slot without field data. If multiple processes edit the same entry, this means a race condition that may lead to data being corrupted in several ways (also depending on the field type). Locking the table solves the issue.

Fixes symphonycms#2472

$_SERVER must hold the content we are looking for, while getenv does not
have to. Most server SAPI implementation will look into the same array
for those values, but some does not.

Fixes symphonycms#2569

As discussed in symphonycms#2569, this commit adds a new function, server_safe,
which could potentially server as a safe way to get $_SERVER values.

Right now, the only storage used is $_SERVER, but that could change in
the future.

This should make is easier to use it.

Re: symphonycms#2591

No need to edit the DIRROOT anymore: it will always end with /

Re: symphonycms#2591

This value is safe to use in templates: it will reflect the path to the
workspace according to the DIRROOT.

Fixes symphonycms#2591

This will prevent the system from getting the same values across
multiple places

Calling rawurlencode is not enought, since it will encode / as %2F.

Slashes needs to be respected, but any non url-friendly value must be
encoded.

This extraction creates a new constant, HTTP_PROTO, whill which will
either hold http: or https:

The URL constant value will remain unchanged.

Re: 2591

After much debate in symphonycms#2591 we want to keep the current interface as much
as previous version.

This commit makes it so the only changes from 2.6.7 is the addition of
the `workspace-path` parameter.

Here's a list of the affected commits

b35eba8 The `root-dir` parameter has
been removed
b6d9edb as been reverted and restored
to the original 9f1147d value
2148a32 has been reverted
34aeff3 has been modified to
accomodate potential empty value

This will hopefully close symphonycms#2591

MySQL::delete() already adds ticks around the table name.
No need to do it twice

This fix continues what 72801b4
started.

See https://wiki.php.net/rfc/mcrypt-viking-funeral

Also rewrote the logic a bit to fix when a valid source fails to produce
an output

Re 5a61bf
cc @siimsoni

This prevents nasty crashes

$_REQUEST holds a copy of the data, so we need to add it too!

cc @brendo @michael-e

This issue has been discovered by @hyp3rlinx

Script and html injection was possible, when the user was authenticated

This prevents XSS from error message, which can be remote messages

Exceptions can come from remote servers (like MySQL or SMTP) and can
contain invalid xml data.

User exceptions can also break this rule. As a safety precaution, we
will wrap message just before ouput.

Also, it's worthy to say that multiple calls to
General::General::wrapInCDATA() is safe.

Fixes symphonycms#2518

It does not have any purpose now since we do not even have a
with-selected dropdown anymore on the index page.

Fixes symphonycms#2573

This will prevent overwriting the previous values

Not visible element should be made readonly, since the user can't edit
them anyways.

This fixes a problem where Chrome would auto-fill hidden input and the
value would be saved without the user ever seeing it.

We already tried to fix the problem usign a standard solution
(auto-complete="off", symphonycms#1843 and symphonycms#1841) but it does not work. We also tried a non-standard
solution (symphonycms#2258) which was rejected.

This change only uses standard solution, even thought it relies on
javascript to make things works (it should not be a problem since the
backend now heavily relies on javascript)

This is re 301d2b7

Also added a grunt task to get the current commit id we have building on

* Accept an array of tags 189b387

While the tag list field always returned string (parameter pool) and array values (XML) in the output, it did only accept a string of tags on post. This commit extends the field to accept an array of tags as well which is helpful, if you are building a tag list widget on the front-end and would like to post back to the system.

This change is supposed to be backwards compatible (it doesn't change the behaviour for posted string values).

* Fix whitespace 49a5200

The SQL generated by the code introduce in
786d1cc contained errors:

1. A superflous ' was present arount the $bit part twice
2. A opening parenthesis ( was missing at the start of the WHERE clause

Re symphonycms#2602

Found when reviewing 7e9c94e

Removing code duplication

Re symphonycms#2602

Fixes symphonycms#2603

It's redundant and totally not needed.
Reduces possible reuse.

chmod can fail for numerous reason, like when the user running php does
not have proper rights on the filesystem.

0777 is a dangerous settings and should try to be avoided as a default
value.

Re: symphonycms/jit_image_manipulation#131