Merge branch '2.8' into 3.3

* 2.8:
  [Serializer] Fixed throwing exception with option JSON_PARTIAL_OUTPUT_ON_ERROR
  Tweaked some styles in the profiler tables
  [Security] Fail gracefully if the security token cannot be unserialized from the session
  [Form] AbstractLayoutTest - fix DOMDocument casing
  bumped Symfony version to 2.8.34
  updated VERSION for 2.8.33
  updated CHANGELOG for 2.8.33
  bumped Symfony version to 2.7.41
  updated VERSION for 2.7.40
  update CONTRIBUTORS for 2.7.40
  updated CHANGELOG for 2.7.40

Author: xabbuh

CONTRIBUTORS.md

@@ -74,7 +74,7 @@
             {% endif %}
 
             <tr>
-                <td class="text-right">{{ listener.priority|default('-') }}</td>
+                <td class="text-right nowrap">{{ listener.priority|default('-') }}</td>
                 <td class="font-normal">{{ profiler_dump(listener.stub) }}</td>
             </tr>
 

src/Symfony/Bundle/WebProfilerBundle/Resources/views/Collector/events.html.twig

@@ -168,9 +168,9 @@
         <tbody>
         {% for message in messages %}
             <tr>
-                <td class="font-normal text-small">{{ message.locale }}</td>
+                <td class="font-normal text-small nowrap">{{ message.locale }}</td>
                 <td class="font-normal text-small text-bold nowrap">{{ message.domain }}</td>
-                <td class="font-normal text-small">{{ message.count }}</td>
+                <td class="font-normal text-small nowrap">{{ message.count }}</td>
                 <td>
                     <span class="nowrap">{{ message.id }}</span>
 

src/Symfony/Bundle/WebProfilerBundle/Resources/views/Collector/translation.html.twig

@@ -178,10 +178,6 @@ table tbody td {
     border-width: 1px 0;
 }
 
-table tbody td {
-    {{ mixins.break_long_words|raw }}
-}
-
 table tbody div {
     margin: .25em 0;
 }

src/Symfony/Bundle/WebProfilerBundle/Resources/views/Profiler/profiler.css.twig

@@ -55,8 +55,8 @@
     {% for trace in traces %}
         <tr class="{{ trace.level == 1 ? 'status-warning' : trace.level == 2 ? 'status-success' }}">
             <td class="font-normal text-muted nowrap">{{ loop.index }}</td>
-            <td>{{ trace.name }}</td>
-            <td>{{ trace.path }}</td>
+            <td class="break-long-words">{{ trace.name }}</td>
+            <td class="break-long-words">{{ trace.path }}</td>
             <td class="font-normal">
                 {% if trace.level == 1 %}
                     Path almost matches, but

src/Symfony/Bundle/WebProfilerBundle/Resources/views/Router/panel.html.twig

@@ -58,7 +58,7 @@ protected function assertXpathNodeValue(\DOMElement $element, $expression, $node
 
     protected function assertMatchesXpath($html, $expression, $count = 1)
     {
-        $dom = new \DomDocument('UTF-8');
+        $dom = new \DOMDocument('UTF-8');
         try {
             // Wrap in <root> node so we can load HTML with multiple tags at
             // the top level

src/Symfony/Component/Form/Tests/AbstractLayoutTest.php

@@ -43,6 +43,8 @@ class ContextListener implements ListenerInterface
     private $registered;
     private $trustResolver;
 
+    private static $unserializeExceptionCode = 0x37313bc;
+
     public function __construct(TokenStorageInterface $tokenStorage, array $userProviders, $contextKey, LoggerInterface $logger = null, EventDispatcherInterface $dispatcher = null, AuthenticationTrustResolverInterface $trustResolver = null)
     {
         if (empty($contextKey)) {
@@ -82,7 +84,7 @@ public function handle(GetResponseEvent $event)
             return;
         }
 
-        $token = unserialize($token);
+        $token = $this->safelyUnserialize($token);
 
         if (null !== $this->logger) {
             $this->logger->debug('Read existing security token from the session.', array('key' => $this->sessionKey));
@@ -176,4 +178,43 @@ protected function refreshUser(TokenInterface $token)
 
         throw new \RuntimeException(sprintf('There is no user provider for user "%s".', get_class($user)));
     }
+
+    private function safelyUnserialize($serializedToken)
+    {
+        $e = $token = null;
+        $prevUnserializeHandler = ini_set('unserialize_callback_func', __CLASS__.'::handleUnserializeCallback');
+        $prevErrorHandler = set_error_handler(function ($type, $msg, $file, $line, $context = array()) use (&$prevErrorHandler) {
+            if (__FILE__ === $file) {
+                throw new \UnexpectedValueException($msg, self::$unserializeExceptionCode);
+            }
+
+            return $prevErrorHandler ? $prevErrorHandler($type, $msg, $file, $line, $context) : false;
+        });
+
+        try {
+            $token = unserialize($serializedToken);
+        } catch (\Error $e) {
+        } catch (\Exception $e) {
+        }
+        restore_error_handler();
+        ini_set('unserialize_callback_func', $prevUnserializeHandler);
+        if ($e) {
+            if (!$e instanceof \UnexpectedValueException || self::$unserializeExceptionCode !== $e->getCode()) {
+                throw $e;
+            }
+            if ($this->logger) {
+                $this->logger->warning('Failed to unserialize the security token from the session.', array('key' => $this->sessionKey, 'received' => $serializedToken, 'exception' => $e));
+            }
+        }
+
+        return $token;
+    }
+
+    /**
+     * @internal
+     */
+    public static function handleUnserializeCallback($class)
+    {
+        throw new \UnexpectedValueException('Class not found: '.$class, self::$unserializeExceptionCode);
+    }
 }

src/Symfony/Component/Security/Http/Firewall/ContextListener.php

@@ -177,6 +177,8 @@ public function testInvalidTokenInSession($token)
     public function provideInvalidToken()
     {
         return array(
+            array('foo'),
+            array('O:8:"NotFound":0:{}'),
             array(serialize(new \__PHP_Incomplete_Class())),
             array(serialize(null)),
             array(null),

src/Symfony/Component/Security/Http/Tests/Firewall/ContextListenerTest.php

@@ -38,7 +38,7 @@ public function encode($data, $format, array $context = array())
 
         $encodedJson = json_encode($data, $context['json_encode_options']);
 
-        if (JSON_ERROR_NONE !== json_last_error()) {
+        if (JSON_ERROR_NONE !== json_last_error() && (false === $encodedJson || !($context['json_encode_options'] & JSON_PARTIAL_OUTPUT_ON_ERROR))) {
             throw new UnexpectedValueException(json_last_error_msg());
         }
 

src/Symfony/Component/Serializer/Encoder/JsonEncode.php

@@ -65,6 +65,44 @@ public function testOptions()
         $this->assertEquals($expected, $this->serializer->serialize($arr, 'json'), 'Context should not be persistent');
     }
 
+    /**
+     * @expectedException \Symfony\Component\Serializer\Exception\UnexpectedValueException
+     */
+    public function testEncodeNotUtf8WithoutPartialOnError()
+    {
+        $arr = array(
+            'utf8' => 'Hello World!',
+            'notUtf8' => "\xb0\xd0\xb5\xd0",
+        );
+
+        $this->encoder->encode($arr, 'json');
+    }
+
+    public function testEncodeNotUtf8WithPartialOnError()
+    {
+        $context = array('json_encode_options' => JSON_PARTIAL_OUTPUT_ON_ERROR);
+
+        $arr = array(
+            'utf8' => 'Hello World!',
+            'notUtf8' => "\xb0\xd0\xb5\xd0",
+        );
+
+        $result = $this->encoder->encode($arr, 'json', $context);
+        $jsonLastError = json_last_error();
+
+        $this->assertSame(JSON_ERROR_UTF8, $jsonLastError);
+        $this->assertEquals('{"utf8":"Hello World!","notUtf8":null}', $result);
+
+        $this->assertEquals('0', $this->serializer->serialize(NAN, 'json', $context));
+    }
+
+    public function testDecodeFalseString()
+    {
+        $result = $this->encoder->decode('false', 'json');
+        $this->assertSame(JSON_ERROR_NONE, json_last_error());
+        $this->assertFalse($result);
+    }
+
     protected function getJsonSource()
     {
         return '{"foo":"foo","bar":["a","b"],"baz":{"key":"val","key2":"val","A B":"bar","item":[{"title":"title1"},{"title":"title2"}],"Barry":{"FooBar":{"Baz":"Ed","@id":1}}},"qux":"1"}';