RELEASE_1_4_20 => v1.4.20 commit

Author: pylebecq

CHANGELOG

@@ -1,6 +1,15 @@
 CHANGELOG
 =========
 
+11/25/12: Versions 1.4.20
+-------------------------
+
+ * [33598] fixed the possibility to fake a file upload
+ * [33545] fixed sfPDOSessionStorage for Oracle (closes #10022)
+ * [33544] fixed sfWebRequest::splitHttpAcceptHeader incorrect result order (closes #10069, patch by Keri Henare)
+ * [33539] fixed exception format when using the PHP 5.4 built-in server (closes #10067, based on a patch from jgskin)
+ * [33486] fixed sfPDODatabase::call() method (closes #10044)
+
 10/09/12: Versions 1.4.19
 -------------------------
 

lib/autoload/sfAutoloadAgain.class.php

@@ -14,7 +14,7 @@
  * @package    symfony
  * @subpackage autoload
  * @author     Kris Wallsmith <kris.wallsmith@symfony-project.com>
- * @version    SVN: $Id: sfAutoloadAgain.class.php 22248 2009-09-22 17:15:16Z fabien $
+ * @version    SVN: $Id: sfAutoloadAgain.class.php 33561 2012-10-18 11:42:28Z fabien $
  */
 class sfAutoloadAgain
 {
@@ -69,7 +69,7 @@ public function autoload($class)
     {
       foreach ($autoloads as $position => $autoload)
       {
-        if ($this === $autoload[0])
+        if (is_array($autoload) && $this === $autoload[0])
         {
           break;
         }

lib/autoload/sfCoreAutoload.class.php

@@ -11,7 +11,7 @@
 /**
  * The current symfony version.
  */
-define('SYMFONY_VERSION', '1.4.19');
+define('SYMFONY_VERSION', '1.4.20');
 
 /**
  * sfCoreAutoload class.

lib/debug/sfTimerManager.class.php

@@ -14,7 +14,7 @@
  * @package    symfony
  * @subpackage util
  * @author     Fabien Potencier <fabien.potencier@symfony-project.com>
- * @version    SVN: $Id: sfTimerManager.class.php 13339 2008-11-25 14:58:05Z fabien $
+ * @version    SVN: $Id: sfTimerManager.class.php 33570 2012-10-25 09:44:55Z fabien $
  */
 class sfTimerManager
 {
@@ -29,14 +29,16 @@ class sfTimerManager
    *
    * @return sfTimer The timer instance
    */
-  public static function getTimer($name)
+  public static function getTimer($name,$reset=true)
   {
     if (!isset(self::$timers[$name]))
     {
       self::$timers[$name] = new sfTimer($name);
     }
 
-    self::$timers[$name]->startTimer();
+    if($reset){
+       self::$timers[$name]->startTimer();
+    }
 
     return self::$timers[$name];
   }

lib/form/sfForm.class.php

@@ -23,7 +23,7 @@
  * @package    symfony
  * @subpackage form
  * @author     Fabien Potencier <fabien.potencier@symfony-project.com>
- * @version    SVN: $Id: sfForm.class.php 29678 2010-05-30 14:38:42Z Kris.Wallsmith $
+ * @version    SVN: $Id: sfForm.class.php 33598 2012-11-25 09:57:29Z fabien $
  */
 class sfForm implements ArrayAccess, Iterator, Countable
 {
@@ -222,6 +222,8 @@ public function bind(array $taintedValues = null, array $taintedFiles = null)
       $this->taintedFiles = array();
     }
 
+    $this->checkTaintedValues($this->taintedValues);
+
     try
     {
       $this->doBind(self::deepArrayUnion($this->taintedValues, self::convertFileInformation($this->taintedFiles)));
@@ -1336,4 +1338,24 @@ static protected function deepArrayUnion($array1, $array2)
 
     return $array1;
   }
+
+  /**
+   * Checks that the $_POST values do not contain something that
+   * looks like a file upload (coming from $_FILE).
+   */
+  protected function checkTaintedValues($values)
+  {
+    foreach ($values as $name => $value)
+    {
+      if (!is_array($value)) {
+        continue;
+      }
+
+      if (isset($value['tmp_name'])) {
+        throw new InvalidArgumentException('Do not try to fake a file upload.');
+      }
+
+      $this->checkTaintedValues($value);
+    }
+  }
 }

lib/plugins/sfDoctrinePlugin/lib/database/sfDoctrineConnectionProfiler.class.php

@@ -6,7 +6,7 @@
  * @package    sfDoctrinePlugin
  * @subpackage database
  * @author     Kris Wallsmith <kris.wallsmith@symfony-project.com>
- * @version    SVN: $Id: sfDoctrineConnectionProfiler.class.php 20157 2009-07-13 17:00:12Z Kris.Wallsmith $
+ * @version    SVN: $Id: sfDoctrineConnectionProfiler.class.php 33570 2012-10-25 09:44:55Z fabien $
  */
 class sfDoctrineConnectionProfiler extends Doctrine_Connection_Profiler
 {
@@ -82,7 +82,7 @@ public function preQuery(Doctrine_Event $event)
    */
   public function postQuery(Doctrine_Event $event)
   {
-    sfTimerManager::getTimer('Database (Doctrine)')->addTime();
+    sfTimerManager::getTimer('Database (Doctrine)',false)->addTime();
 
     $args = func_get_args();
     $this->__call(__FUNCTION__, $args);
@@ -118,7 +118,7 @@ public function preExec(Doctrine_Event $event)
    */
   public function postExec(Doctrine_Event $event)
   {
-    sfTimerManager::getTimer('Database (Doctrine)')->addTime();
+    sfTimerManager::getTimer('Database (Doctrine)',false)->addTime();
 
     $args = func_get_args();
     $this->__call(__FUNCTION__, $args);
@@ -154,7 +154,7 @@ public function preStmtExecute(Doctrine_Event $event)
    */
   public function postStmtExecute(Doctrine_Event $event)
   {
-    sfTimerManager::getTimer('Database (Doctrine)')->addTime();
+    sfTimerManager::getTimer('Database (Doctrine)',false)->addTime();
 
     $args = func_get_args();
     $this->__call(__FUNCTION__, $args);

lib/vendor/swiftmailer/classes/Swift.php

@@ -18,8 +18,11 @@
 abstract class Swift
 {
 
+  static $initialized = false;
+  static $initPath;
+  
   /** Swift Mailer Version number generated during dist release process */
-  const VERSION = '4.1.0-DEV';
+  const VERSION = '4.1.8';
 
   /**
    * Internal autoloader for spl_autoload_register().
@@ -29,28 +32,37 @@ abstract class Swift
   public static function autoload($class)
   {
     //Don't interfere with other autoloaders
-    if (0 !== strpos($class, 'Swift'))
+    if (0 !== strpos($class, 'Swift_'))
     {
-      return false;
+      return;
     }
 
     $path = dirname(__FILE__).'/'.str_replace('_', '/', $class).'.php';
 
     if (!file_exists($path))
     {
-      return false;
+      return;
+    }
+
+    if (self::$initPath && !self::$initialized)
+    {
+      self::$initialized = true;
+      require self::$initPath;
     }
 
-    require_once $path;
+    require $path;
   }
 
   /**
    * Configure autoloading using Swift Mailer.
    * 
    * This is designed to play nicely with other autoloaders.
+   *
+   * @param string $initPath The init script to load when autoloading the first Swift class
    */
-  public static function registerAutoload()
+  public static function registerAutoload($initPath = null)
   {
+    self::$initPath = $initPath;
     spl_autoload_register(array('Swift', 'autoload'));
   }
 

lib/vendor/swiftmailer/classes/Swift/Attachment.php

@@ -8,9 +8,6 @@
  * file that was distributed with this source code.
  */
 
-//@require 'Swift/Mime/Attachment.php';
-//@require 'Swift/ByteStream/FileByteStream.php';
-//@require 'Swift/DependencyContainer.php';
 
 /**
  * Attachment class for attaching files to a {@link Swift_Mime_Message}.

lib/vendor/swiftmailer/classes/Swift/ByteStream/AbstractFilterableInputStream.php

@@ -8,9 +8,6 @@
  * file that was distributed with this source code.
  */
 
-//@require 'Swift/InputByteStream.php';
-//@require 'Swift/Filterable.php';
-//@require 'Swift/StreamFilter.php';
 
 /**
  * Provides the base functionality for an InputStream supporting filters.
@@ -23,7 +20,7 @@ abstract class Swift_ByteStream_AbstractFilterableInputStream
 {
 
   /** Write sequence */
-  private $_sequence = 0;
+  protected $_sequence = 0;
 
   /** StreamFilters */
   private $_filters = array();

lib/vendor/swiftmailer/classes/Swift/ByteStream/ArrayByteStream.php

@@ -8,8 +8,6 @@
  * file that was distributed with this source code.
  */
 
-//@require 'Swift/InputByteStream.php';
-//@require 'Swift/OutputByteStream.php';
 
 /**
  * Allows reading and writing of bytes to and from an array.