Merge remote branch 'schmittjoh/security'

* schmittjoh/security:
  [HttpFoundation] fixed php doc
  updated UPDATE file
  [Security] use deep flag when retrieving username + password
  [HttpFoundation] added $deep flag to Request::get()
  [HttpFoundation] removed getDeep(), added a boolean flag to get() instead

UPDATE.md

@@ -131,6 +131,9 @@ beta1 to beta2
 * Serializer: The NormalizerInterface's `supports()` method has been split in
   two methods: `supportsNormalization` and `supportsDenormalization`.
 
+* ParameterBag::getDeep() has been removed, and is replaced with a boolean flag
+  on the ParameterBag::get() method.
+
 PR12 to beta1
 -------------
 

src/Symfony/Component/HttpFoundation/ParameterBag.php

@@ -73,24 +73,14 @@ class ParameterBag
     /**
      * Returns a parameter by name.
      *
-     * @param string $key     The key
-     * @param mixed  $default The default value
+     * @param string  $path    The key
+     * @param mixed   $default The default value
+     * @param boolean $deep
      */
-    public function get($key, $default = null)
+    public function get($path, $default = null, $deep = false)
     {
-        return array_key_exists($key, $this->parameters) ? $this->parameters[$key] : $default;
-    }
-
-    /**
-     * Returns a parameter by name allowing to specify a path with arbitrary depth.
-     *
-     * @param string $path   The path, e.g. foo[bar]
-     * @param mixed $default The default value
-     */
-    public function getDeep($path, $default = null)
-    {
-        if (false === $pos = strpos($path, '[')) {
-            return $this->get($path, $default);
+        if (!$deep || false === $pos = strpos($path, '[')) {
+            return array_key_exists($path, $this->parameters) ? $this->parameters[$path] : $default;
         }
 
         $root = substr($path, 0, $pos);
@@ -172,52 +162,56 @@ class ParameterBag
     /**
      * Returns the alphabetic characters of the parameter value.
      *
-     * @param string $key     The parameter key
-     * @param mixed  $default The default value
+     * @param string  $key     The parameter key
+     * @param mixed   $default The default value
+     * @param boolean $deep
      *
      * @return string The filtered value
      */
-    public function getAlpha($key, $default = '')
+    public function getAlpha($key, $default = '', $deep = false)
     {
-        return preg_replace('/[^[:alpha:]]/', '', $this->get($key, $default));
+        return preg_replace('/[^[:alpha:]]/', '', $this->get($key, $default, $deep));
     }
 
     /**
      * Returns the alphabetic characters and digits of the parameter value.
      *
-     * @param string $key     The parameter key
-     * @param mixed  $default The default value
+     * @param string  $key     The parameter key
+     * @param mixed   $default The default value
+     * @param boolean $deep
      *
      * @return string The filtered value
      */
-    public function getAlnum($key, $default = '')
+    public function getAlnum($key, $default = '', $deep = false)
     {
-        return preg_replace('/[^[:alnum:]]/', '', $this->get($key, $default));
+        return preg_replace('/[^[:alnum:]]/', '', $this->get($key, $default, $deep));
     }
 
     /**
      * Returns the digits of the parameter value.
      *
-     * @param string $key     The parameter key
-     * @param mixed  $default The default value
+     * @param string  $key     The parameter key
+     * @param mixed   $default The default value
+     * @param boolean $deep
      *
      * @return string The filtered value
      */
-    public function getDigits($key, $default = '')
+    public function getDigits($key, $default = '', $deep = false)
     {
-        return preg_replace('/[^[:digit:]]/', '', $this->get($key, $default));
+        return preg_replace('/[^[:digit:]]/', '', $this->get($key, $default, $deep));
     }
 
     /**
      * Returns the parameter value converted to integer.
      *
-     * @param string $key     The parameter key
-     * @param mixed  $default The default value
+     * @param string  $key     The parameter key
+     * @param mixed   $default The default value
+     * @param boolean $deep
      *
      * @return string The filtered value
      */
-    public function getInt($key, $default = 0)
+    public function getInt($key, $default = 0, $deep = false)
     {
-        return (int) $this->get($key, $default);
+        return (int) $this->get($key, $default, $deep);
     }
 }

src/Symfony/Component/HttpFoundation/Request.php

@@ -298,9 +298,9 @@ class Request
     //  * slow
     //  * prefer to get from a "named" source
     // This method is mainly useful for libraries that want to provide some flexibility
-    public function get($key, $default = null)
+    public function get($key, $default = null, $deep = false)
     {
-        return $this->query->get($key, $this->attributes->get($key, $this->request->get($key, $default)));
+        return $this->query->get($key, $this->attributes->get($key, $this->request->get($key, $default, $deep), $deep), $deep);
     }
 
     public function getSession()

src/Symfony/Component/Security/Http/Firewall/AbstractAuthenticationListener.php

@@ -246,7 +246,7 @@ abstract class AbstractAuthenticationListener implements ListenerInterface
             return $this->options['default_target_path'];
         }
 
-        if ($targetUrl = $request->get($this->options['target_path_parameter'])) {
+        if ($targetUrl = $request->get($this->options['target_path_parameter'], null, true)) {
             return $targetUrl;
         }
 

src/Symfony/Component/Security/Http/Firewall/UsernamePasswordFormAuthenticationListener.php

@@ -70,8 +70,8 @@ class UsernamePasswordFormAuthenticationListener extends AbstractAuthenticationL
             }
         }
 
-        $username = trim($request->get($this->options['username_parameter']));
-        $password = $request->get($this->options['password_parameter']);
+        $username = trim($request->get($this->options['username_parameter'], null, true));
+        $password = $request->get($this->options['password_parameter'], null, true);
 
         $request->getSession()->set(SecurityContextInterface::LAST_USERNAME, $username);
 

tests/Symfony/Tests/Component/HttpFoundation/ParameterBagTest.php

@@ -56,6 +56,13 @@ class ParameterBagTest extends \PHPUnit_Framework_TestCase
         $this->assertNull($bag->get('null', 'default'), '->get() returns null if null is set');
     }
 
+    public function testGetDoesNotUseDeepByDefault()
+    {
+        $bag = new ParameterBag(array('foo' => array('bar' => 'moo')));
+
+        $this->assertNull($bag->get('foo[bar]'));
+    }
+
     /**
      * @dataProvider getInvalidPaths
      * @expectedException \InvalidArgumentException
@@ -65,7 +72,7 @@ class ParameterBagTest extends \PHPUnit_Framework_TestCase
     {
         $bag = new ParameterBag(array('foo' => array('bar' => 'moo')));
 
-        $bag->getDeep($path);
+        $bag->get($path, null, true);
     }
 
     public function getInvalidPaths()
@@ -85,10 +92,10 @@ class ParameterBagTest extends \PHPUnit_Framework_TestCase
     {
         $bag = new ParameterBag(array('foo' => array('bar' => array('moo' => 'boo'))));
 
-        $this->assertEquals(array('moo' => 'boo'), $bag->getDeep('foo[bar]'));
-        $this->assertEquals('boo', $bag->getDeep('foo[bar][moo]'));
-        $this->assertEquals('default', $bag->getDeep('foo[bar][foo]', 'default'));
-        $this->assertEquals('default', $bag->getDeep('bar[moo][foo]', 'default'));
+        $this->assertEquals(array('moo' => 'boo'), $bag->get('foo[bar]', null, true));
+        $this->assertEquals('boo', $bag->get('foo[bar][moo]', null, true));
+        $this->assertEquals('default', $bag->get('foo[bar][foo]', 'default', true));
+        $this->assertEquals('default', $bag->get('bar[moo][foo]', 'default', true));
     }
 
     /**