[2.6] add @group legacy

* 2.3:
  Changed visibility of setUp() and tearDown to protected
  fixed XSS in the exception handler
  Php Inspections (EA Extended) - static code analysis includes:
  [2.3] Remove most refs uses
  Test with local components instead of waiting for the subtree-splitter when possible

Conflicts:
	src/Symfony/Bundle/FrameworkBundle/Command/ContainerDebugCommand.php
	src/Symfony/Component/Config/Util/XmlUtils.php
	src/Symfony/Component/Console/Helper/ProgressHelper.php
	src/Symfony/Component/Debug/ExceptionHandler.php
	src/Symfony/Component/Debug/Tests/ErrorHandlerTest.php
	src/Symfony/Component/Filesystem/Tests/FilesystemTest.php
	src/Symfony/Component/OptionsResolver/Options.php
	src/Symfony/Component/Security/Acl/Dbal/MutableAclProvider.php
	src/Symfony/Component/Yaml/Inline.php

Exception/FatalErrorException.php

@@ -9,9 +9,7 @@
  * file that was distributed with this source code.
  */
 
-namespace Symfony\Component\Debug\Exception;
-
-use Symfony\Component\HttpKernel\Exception\FatalErrorException as LegacyFatalErrorException;
+namespace Symfony\Component\HttpKernel\Exception;
 
 /**
  * Fatal Error Exception.
@@ -19,21 +17,23 @@ use Symfony\Component\HttpKernel\Exception\FatalErrorException as LegacyFatalErr
  * @author Fabien Potencier <fabien@symfony.com>
  * @author Konstanton Myakshin <koc-dp@yandex.ru>
  * @author Nicolas Grekas <p@tchwork.com>
+ *
+ * @deprecated Deprecated in 2.3, to be removed in 3.0. Use the same class from the Debug component instead.
  */
-class FatalErrorException extends LegacyFatalErrorException
+class FatalErrorException extends \ErrorException
 {
 }
 
-namespace Symfony\Component\HttpKernel\Exception;
+namespace Symfony\Component\Debug\Exception;
+
+use Symfony\Component\HttpKernel\Exception\FatalErrorException as LegacyFatalErrorException;
 
 /**
  * Fatal Error Exception.
  *
  * @author Konstanton Myakshin <koc-dp@yandex.ru>
- *
- * @deprecated Deprecated in 2.3, to be removed in 3.0. Use the same class from the Debug component instead.
  */
-class FatalErrorException extends \ErrorException
+class FatalErrorException extends LegacyFatalErrorException
 {
     public function __construct($message, $code, $severity, $filename, $lineno, $traceOffset = null, $traceArgs = true)
     {

Exception/FlattenException.php

@@ -9,6 +9,46 @@
  * file that was distributed with this source code.
  */
 
+namespace Symfony\Component\HttpKernel\Exception;
+
+use Symfony\Component\Debug\Exception\FlattenException as DebugFlattenException;
+
+/**
+ * FlattenException wraps a PHP Exception to be able to serialize it.
+ *
+ * Basically, this class removes all objects from the trace.
+ *
+ * @author Fabien Potencier <fabien@symfony.com>
+ *
+ * @deprecated Deprecated in 2.3, to be removed in 3.0. Use the same class from the Debug component instead.
+ */
+class FlattenException
+{
+    private $handler;
+
+    public static function __callStatic($method, $args)
+    {
+        if (!method_exists('Symfony\Component\Debug\Exception\FlattenException', $method)) {
+            throw new \BadMethodCallException(sprintf('Call to undefined method %s::%s()', get_called_class(), $method));
+        }
+
+        return call_user_func_array(array('Symfony\Component\Debug\Exception\FlattenException', $method), $args);
+    }
+
+    public function __call($method, $args)
+    {
+        if (!isset($this->handler)) {
+            $this->handler = new DebugFlattenException();
+        }
+
+        if (!method_exists($this->handler, $method)) {
+            throw new \BadMethodCallException(sprintf('Call to undefined method %s::%s()', get_class($this), $method));
+        }
+
+        return call_user_func_array(array($this->handler, $method), $args);
+    }
+}
+
 namespace Symfony\Component\Debug\Exception;
 
 use Symfony\Component\HttpKernel\Exception\FlattenException as LegacyFlattenException;
@@ -250,35 +290,3 @@ class FlattenException extends LegacyFlattenException
         return $array['__PHP_Incomplete_Class_Name'];
     }
 }
-
-namespace Symfony\Component\HttpKernel\Exception;
-
-use Symfony\Component\Debug\Exception\FlattenException as DebugFlattenException;
-
-/**
- * FlattenException wraps a PHP Exception to be able to serialize it.
- *
- * Basically, this class removes all objects from the trace.
- *
- * @author Fabien Potencier <fabien@symfony.com>
- *
- * @deprecated Deprecated in 2.3, to be removed in 3.0. Use the same class from the Debug component instead.
- */
-class FlattenException
-{
-    private $handler;
-
-    public static function __callStatic($method, $args)
-    {
-        return forward_static_call_array(array('Symfony\Component\Debug\Exception\FlattenException', $method), $args);
-    }
-
-    public function __call($method, $args)
-    {
-        if (!isset($this->handler)) {
-            $this->handler = new DebugFlattenException();
-        }
-
-        return call_user_func_array(array($this->handler, $method), $args);
-    }
-}

ExceptionHandler.php

@@ -30,27 +30,37 @@ use Symfony\Component\Debug\Exception\OutOfMemoryException;
 class ExceptionHandler
 {
     private $debug;
+    private $charset;
     private $handler;
     private $caughtBuffer;
     private $caughtLength;
     private $fileLinkFormat;
 
-    public function __construct($debug = true, $fileLinkFormat = null)
+    public function __construct($debug = true, $charset = null, $fileLinkFormat = null)
     {
+        if (false !== strpos($charset, '%') xor false === strpos($fileLinkFormat, '%')) {
+            // Swap $charset and $fileLinkFormat for BC reasons
+            $pivot = $fileLinkFormat;
+            $fileLinkFormat = $charset;
+            $charset = $pivot;
+        }
         $this->debug = $debug;
+        $this->charset = $charset ?: ini_get('default_charset') ?: 'UTF-8';
         $this->fileLinkFormat = $fileLinkFormat ?: ini_get('xdebug.file_link_format') ?: get_cfg_var('xdebug.file_link_format');
     }
 
     /**
      * Registers the exception handler.
      *
-     * @param bool $debug
+     * @param bool        $debug          Enable/disable debug mode, where the stack trace is displayed
+     * @param string|null $charset        The charset used by exception messages
+     * @param string|null $fileLinkFormat The IDE link template
      *
      * @return ExceptionHandler The registered exception handler
      */
-    public static function register($debug = true, $fileLinkFormat = null)
+    public static function register($debug = true, $charset = null, $fileLinkFormat = null)
     {
-        $handler = new static($debug, $fileLinkFormat = null);
+        $handler = new static($debug, $charset, $fileLinkFormat);
 
         $prev = set_exception_handler(array($handler, 'handle'));
         if (is_array($prev) && $prev[0] instanceof ErrorHandler) {
@@ -177,6 +187,7 @@ class ExceptionHandler
             foreach ($exception->getHeaders() as $name => $value) {
                 header($name.': '.$value, false);
             }
+            header('Content-Type: text/html; charset='.$this->charset);
         }
 
         echo $this->decorate($this->getContent($exception), $this->getStylesheet($exception));
@@ -195,7 +206,7 @@ class ExceptionHandler
             $exception = FlattenException::create($exception);
         }
 
-        return new Response($this->decorate($this->getContent($exception), $this->getStylesheet($exception)), $exception->getStatusCode(), $exception->getHeaders());
+        return Response::create($this->decorate($this->getContent($exception), $this->getStylesheet($exception)), $exception->getStatusCode(), $exception->getHeaders())->setCharset($this->charset);
     }
 
     /**
@@ -223,7 +234,7 @@ class ExceptionHandler
                 foreach ($exception->toArray() as $position => $e) {
                     $ind = $count - $position + 1;
                     $class = $this->formatClass($e['class']);
-                    $message = nl2br(self::utf8Htmlize($e['message']));
+                    $message = nl2br($this->escapeHtml($e['message']));
                     $content .= sprintf(<<<EOF
                         <h2 class="block_exception clear_fix">
                             <span class="exception_counter">%d/%d</span>
@@ -251,7 +262,7 @@ EOF
             } catch (\Exception $e) {
                 // something nasty happened and we cannot throw an exception anymore
                 if ($this->debug) {
-                    $title = sprintf('Exception thrown when handling an exception (%s: %s)', get_class($e), $e->getMessage());
+                    $title = sprintf('Exception thrown when handling an exception (%s: %s)', get_class($e), $this->escapeHtml($e->getMessage()));
                 } else {
                     $title = 'Whoops, looks like something went wrong.';
                 }
@@ -337,7 +348,7 @@ EOF;
 <!DOCTYPE html>
 <html>
     <head>
-        <meta charset="UTF-8" />
+        <meta charset="{$this->charset}" />
         <meta name="robots" content="noindex,nofollow" />
         <style>
             /* Copyright (c) 2010, Yahoo! Inc. All rights reserved. Code licensed under the BSD License: http://developer.yahoo.com/yui/license.html */
@@ -365,7 +376,7 @@ EOF;
 
     private function formatPath($path, $line)
     {
-        $path = self::utf8Htmlize($path);
+        $path = $this->escapeHtml($path);
         $file = preg_match('#[^/\\\\]*$#', $path, $file) ? $file[0] : $path;
 
         if ($linkFormat = $this->fileLinkFormat) {
@@ -393,7 +404,7 @@ EOF;
             } elseif ('array' === $item[0]) {
                 $formattedValue = sprintf("<em>array</em>(%s)", is_array($item[1]) ? $this->formatArgs($item[1]) : $item[1]);
             } elseif ('string' === $item[0]) {
-                $formattedValue = sprintf("'%s'", self::utf8Htmlize($item[1]));
+                $formattedValue = sprintf("'%s'", $this->escapeHtml($item[1]));
             } elseif ('null' === $item[0]) {
                 $formattedValue = '<em>null</em>';
             } elseif ('boolean' === $item[0]) {
@@ -401,7 +412,7 @@ EOF;
             } elseif ('resource' === $item[0]) {
                 $formattedValue = '<em>resource</em>';
             } else {
-                $formattedValue = str_replace("\n", '', var_export(self::utf8Htmlize((string) $item[1]), true));
+                $formattedValue = str_replace("\n", '', var_export($this->escapeHtml((string) $item[1]), true));
             }
 
             $result[] = is_int($key) ? $formattedValue : sprintf("'%s' => %s", $key, $formattedValue);
@@ -429,6 +440,14 @@ EOF;
         return htmlspecialchars($str, ENT_QUOTES | (PHP_VERSION_ID >= 50400 ? ENT_SUBSTITUTE : 0), 'UTF-8');
     }
 
+    /**
+     * HTML-encodes a string
+     */
+    private function escapeHtml($str)
+    {
+        return htmlspecialchars($str, ENT_QUOTES | (PHP_VERSION_ID >= 50400 ? ENT_SUBSTITUTE : 0), $this->charset);
+    }
+
     /**
      * @internal
      */

README.md

@@ -39,5 +39,5 @@ Resources
 You can run the unit tests with the following command:
 
     $ cd path/to/Symfony/Component/Debug/
-    $ composer.phar install --dev
+    $ composer install
     $ phpunit

Tests/ErrorHandlerTest.php

@@ -359,6 +359,9 @@ class ErrorHandlerTest extends \PHPUnit_Framework_TestCase
         }
     }
 
+    /**
+     * @group legacy
+     */
     public function testLegacyInterface()
     {
         $this->iniSet('error_reporting', -1 & ~E_USER_DEPRECATED);

Tests/FatalErrorHandler/ClassNotFoundFatalErrorHandlerTest.php

@@ -36,6 +36,7 @@ class ClassNotFoundFatalErrorHandlerTest extends \PHPUnit_Framework_TestCase
 
     /**
      * @dataProvider provideLegacyClassNotFoundData
+     * @group legacy
      */
     public function testLegacyHandleClassNotFound($error, $translatedMessage, $autoloader)
     {

composer.json

@@ -19,7 +19,11 @@
         "php": ">=5.3.3",
         "psr/log": "~1.0"
     },
+    "conflict": {
+        "symfony/http-kernel": ">=2.3,<2.3.24|~2.4.0|>=2.5,<2.5.9|>=2.6,<2.6.2"
+    },
     "require-dev": {
+        "symfony/phpunit-bridge": "~2.7",
         "symfony/class-loader": "~2.2",
         "symfony/http-kernel": "~2.3.24|~2.5.9|~2.6,>=2.6.2",
         "symfony/http-foundation": "~2.1"

phpunit.xml.dist

@@ -7,8 +7,7 @@
          bootstrap="vendor/autoload.php"
 >
     <php>
-        <!-- Silence E_USER_DEPRECATED (-16385 == -1 & ~E_USER_DEPRECATED) -->
-        <ini name="error_reporting" value="-16385"/>
+        <ini name="error_reporting" value="-1" />
     </php>
     <testsuites>
         <testsuite name="Symfony Debug Component Test Suite">