Merge branch '6.2' into 6.3

javiereguiluz · javiereguiluz · commit d1607178ef8f · 2023-02-20T13:07:18.000+01:00
* 6.2:
  [Security] `its` =&gt; `their`
  [Security] Removing "Most applications will only need one firewall"
  Adding needsRehash()
  Replace orm-pack with orm
  Tweaks
  Changing "white spaces" =&gt; "whitespace"
diff --git a/components/string.rst b/components/string.rst
@@ -165,8 +165,10 @@ There is also a method to get the bytes stored at some position::
     b('नमस्ते')->bytesAt(1);   // [164]
     u('नमस्ते')->bytesAt(1);   // [224, 164, 174]
 
-Methods Related to Length and White Spaces
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.. _methods-related-to-length-and-white-spaces:
+
+Methods Related to Length and Whitespace Characters
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 ::
 
@@ -190,14 +192,14 @@ Methods Related to Length and White Spaces
     END";
     u($text)->width(); // 14
 
-    // only returns TRUE if the string is exactly an empty string (not even white spaces)
+    // only returns TRUE if the string is exactly an empty string (not even whitespace)
     u('hello world')->isEmpty();  // false
     u('     ')->isEmpty();        // false
     u('')->isEmpty();             // true
 
-    // removes all white spaces from the start and end of the string and replaces two
-    // or more consecutive white spaces inside contents by a single white space
-    u("  \n\n   hello        world \n    \n")->collapseWhitespace(); // 'hello world'
+    // removes all whitespace (' \n\r\t\x0C') from the start and end of the string and
+    // replaces two or more consecutive whitespace characters with a single space (' ') character
+    u("  \n\n   hello \t   \n\r   world \n    \n")->collapseWhitespace(); // 'hello world'
 
 Methods to Change Case
 ~~~~~~~~~~~~~~~~~~~~~~
@@ -286,7 +288,7 @@ Methods to Pad and Trim
     // repeats the given string the number of times passed as argument
     u('_.')->repeat(10); // '_._._._._._._._._._.'
 
-    // removes the given characters (by default, white spaces) from the string
+    // removes the given characters (default: whitespace characters) from the beginning and end of a string
     u('   Lorem Ipsum   ')->trim(); // 'Lorem Ipsum'
     u('Lorem Ipsum   ')->trim('m'); // 'Lorem Ipsum   '
     u('Lorem Ipsum')->trim('m');    // 'Lorem Ipsu'
diff --git a/reference/configuration/security.rst b/reference/configuration/security.rst
@@ -816,8 +816,7 @@ The name of the ``$_SERVER`` parameter holding the user identifier.
 Firewall Context
 ~~~~~~~~~~~~~~~~
 
-Most applications will only need one :ref:`firewall <firewalls-authentication>`.
-But if your application *does* use multiple firewalls, you'll notice that
+If your application uses multiple :ref:`firewalls <firewalls-authentication>`, you'll notice that
 if you're authenticated in one firewall, you're not automatically authenticated
 in another. In other words, the systems don't share a common "context":
 each firewall acts like a separate security system.
diff --git a/security.rst b/security.rst
@@ -824,8 +824,8 @@ Finally, create or update the template:
 
 .. caution::
 
-    The ``error`` variable passed into the template is an instance of
-    :class:`Symfony\\Component\\Security\\Core\\Exception\\AuthenticationException`.
+    The ``error`` variable passed into the template is an instance
+    of :class:`Symfony\\Component\\Security\\Core\\Exception\\AuthenticationException`.
     It may contain sensitive information about the authentication failure.
     *Never* use ``error.message``: use the ``messageKey`` property instead,
     as shown in the example. This message is always safe to display.
@@ -1659,7 +1659,7 @@ You can log in a user programmatically using the `login()` method of the
             // you can also log in on a different firewall
             $security->login($user, 'form_login', 'other_firewall');
 
-            // ... redirect the user to its account page for instance
+            // ... redirect the user, e.g. to their account page
         }
     }
 
diff --git a/security/passwords.rst b/security/passwords.rst
@@ -827,6 +827,12 @@ If you need to create your own, it needs to follow these rules:
 
             return $passwordIsValid;
         }
+
+        public function needsRehash(string $hashedPassword): bool
+        {
+            // Check if a password hash would benefit from rehashing
+            return $needsRehash;
+        }
     }
 
 Now, define a password hasher using the ``id`` setting:
diff --git a/setup/flex.rst b/setup/flex.rst
@@ -74,7 +74,7 @@ manual steps:
 
    .. code-block:: terminal
 
-       $ composer require annotations asset orm-pack twig \
+       $ composer require annotations asset orm twig \
          logger mailer form security translation validator
        $ composer require --dev dotenv maker-bundle orm-fixtures profiler
 

Original file line number	Diff line number	Diff line change
`@@ -827,6 +827,12 @@ If you need to create your own, it needs to follow these rules:`
`827`	`827`
`828`	`828`	`return $passwordIsValid;`
`829`	`829`	`}`
	`830`	`+`
	`831`	`+ public function needsRehash(string $hashedPassword): bool`
	`832`	`+ {`
	`833`	`+ // Check if a password hash would benefit from rehashing`
	`834`	`+ return $needsRehash;`
	`835`	`+ }`
`830`	`836`	`}`
`831`	`837`
`832`	`838`	Now, define a password hasher using the ``id`` setting: