Merge branch '2.8' into 3.4

javiereguiluz · javiereguiluz · commit 7ac5f7be4982 · 2018-06-20T09:26:14.000+02:00
* 2.8:
  Removed an extra blank line
  Reword and added a note
  Link to proxy configuration docs from the routing scheme page
  Fixed security expression testing user
  Mentioned Debian explicitly
diff --git a/components/http_foundation/session_configuration.rst b/components/http_foundation/session_configuration.rst
@@ -139,8 +139,8 @@ the ``php.ini`` directive ``session.gc_maxlifetime``. The meaning in this contex
 that any stored session that was saved more than ``gc_maxlifetime`` ago should be
 deleted. This allows one to expire records based on idle time.
 
-However, some operating systems do their own session handling and set the
-``session.gc_probability`` variable to ``0`` to stop PHP doing garbage
+However, some operating systems (e.g. Debian) do their own session handling and set
+the ``session.gc_probability`` variable to ``0`` to stop PHP doing garbage
 collection. That's why Symfony now overwrites this value to ``1``.
 
 If you wish to use the original value set in your ``php.ini``, add the following
diff --git a/security.rst b/security.rst
@@ -947,15 +947,15 @@ You can also use expressions inside your templates:
     .. code-block:: html+jinja
 
         {% if is_granted(expression(
-            '"ROLE_ADMIN" in roles or (user and user.isSuperAdmin())'
+            '"ROLE_ADMIN" in roles or (not is_anonymous() and user.isSuperAdmin())'
         )) %}
             <a href="...">Delete</a>
         {% endif %}
 
     .. code-block:: html+php
 
         <?php if ($view['security']->isGranted(new Expression(
-            '"ROLE_ADMIN" in roles or (user and user.isSuperAdmin())'
+            '"ROLE_ADMIN" in roles or (not is_anonymous() and user.isSuperAdmin())'
         ))): ?>
             <a href="...">Delete</a>
         <?php endif; ?>
diff --git a/security/expressions.rst b/security/expressions.rst
@@ -18,7 +18,7 @@ accepts an :class:`Symfony\\Component\\ExpressionLanguage\\Expression` object::
     public function indexAction()
     {
         $this->denyAccessUnlessGranted(new Expression(
-            '"ROLE_ADMIN" in roles or (user and user.isSuperAdmin())'
+            '"ROLE_ADMIN" in roles or (not is_anonymous() and user.isSuperAdmin())'
         ));
 
         // ...
diff --git a/security/force_https.rst b/security/force_https.rst
@@ -105,3 +105,9 @@ role:
 
 It is also possible to specify using HTTPS in the routing configuration,
 see :doc:`/routing/scheme` for more details.
+
+.. note::
+
+    Forcing HTTPS while using a reverse proxy or load balancer requires a proper
+    configuration to avoid infinite redirect loops; see :doc:`/deployment/proxies`
+    for more details.

Original file line number	Diff line number	Diff line change
@@ -18,7 +18,7 @@ accepts an :class:`Symfony\\Component\\ExpressionLanguage\\Expression` object::
`18`	`18`	`public function indexAction()`
`19`	`19`	`{`
`20`	`20`	`$this->denyAccessUnlessGranted(new Expression(`
`21`		`- '"ROLE_ADMIN" in roles or (user and user.isSuperAdmin())'`
	`21`	`+ '"ROLE_ADMIN" in roles or (not is_anonymous() and user.isSuperAdmin())'`
`22`	`22`	`));`
`23`	`23`
`24`	`24`	`// ...`