Merge branch '4.4' into 5.1

* 4.4:
  Adding `path`
  Fixing bad path for class PdoSessionHandler
  Fix typos: DNS -> DSN
  Fix term
  Fix logout on form login setup
  Change char to varchar type
  Use redirectToRoute
  [#13980] add annotation config example
  [Validator] Made the code sample more explicit with accepted values
  Update voters.rst
  Update voters.rst
  Update voters.rst
  Update security/voters.rst
  Update voters.rst
  [#13554] Slightly reworded the tip
  Update voters.rst
  Explaining controllers as viable alternative

Author: xabbuh

components/http_foundation.rst

@@ -639,7 +639,7 @@ or change its ``Content-Disposition``::
         'filename.txt'
     );
 
-It is possible to delete the file after the request is sent with the
+It is possible to delete the file after the response is sent with the
 :method:`Symfony\\Component\\HttpFoundation\\BinaryFileResponse::deleteFileAfterSend` method.
 Please note that this will not work when the ``X-Sendfile`` header is set.
 

controller/upload_file.rst

@@ -171,7 +171,7 @@ Finally, you need to update the code of the controller that handles the form::
 
                 // ... persist the $product variable or any other work
 
-                return $this->redirect($this->generateUrl('app_product_list'));
+                return $this->redirectToRoute('app_product_list');
             }
 
             return $this->render('product/new.html.twig', [

mailer.rst

@@ -19,7 +19,7 @@ Transport Setup
 ---------------
 
 Emails are delivered via a "transport". Out of the box, you can deliver emails
-over SMTP by configuring the DNS in your ``.env`` file (the ``user``,
+over SMTP by configuring the DSN in your ``.env`` file (the ``user``,
 ``pass`` and ``port`` parameters are optional):
 
 .. code-block:: env
@@ -83,7 +83,7 @@ transport, but you can force to use one:
     # force to use SMTP instead of HTTP (which is the default)
     MAILER_DSN=sendgrid+smtp://$SENDGRID_KEY@default
 
-This table shows the full list of available DNS formats for each third
+This table shows the full list of available DSN formats for each third
 party provider:
 
 ==================== ========================================== =========================================== ========================================

reference/configuration/security.rst

@@ -540,6 +540,14 @@ the current firewall and not the other ones.
 
 .. _reference-security-logout-success-handler:
 
+``path``
+~~~~~~~~
+
+**type**: ``string`` **default**: ``/logout``
+
+The path which triggers logout. If you change it from the default value ``/logout``,
+you need to set up a route with a matching path.
+
 success_handler
 ~~~~~~~~~~~~~~~
 

reference/constraints/Collection.rst

@@ -209,7 +209,7 @@ you can do the following:
              *     }
              * )
              */
-            protected $profileData = ['personal_email'];
+            protected $profileData = ['personal_email' => '[email protected]'];
         }
 
     .. code-block:: yaml

security/form_login_setup.rst

@@ -99,12 +99,13 @@ Edit the ``security.yaml`` file in order to declare the ``/logout`` path:
         security:
             # ...
 
-            providers:
-                # ...
-                logout:
-                    path: app_logout
-                    # where to redirect after logout
-                    # target: app_any_route
+            firewalls:
+                main:
+                    # ...
+                    logout:
+                        path: app_logout
+                        # where to redirect after logout
+                        # target: app_any_route
 
     .. code-block:: xml
 
@@ -119,8 +120,11 @@ Edit the ``security.yaml`` file in order to declare the ``/logout`` path:
                 https://symfony.com/schema/dic/security/security-1.0.xsd">
 
             <config>
-                <rule path="^/login$" role="IS_AUTHENTICATED_ANONYMOUSLY"/>
                 <!-- ... -->
+                <firewall name="main">
+                    <!-- ... -->
+                    <logout path="app_logout"/>
+                </firewall>
             </config>
         </srv:container>
 
@@ -129,12 +133,15 @@ Edit the ``security.yaml`` file in order to declare the ``/logout`` path:
         // config/packages/security.php
         $container->loadFromExtension('security', [
             // ...
-            'access_control' => [
-                [
-                    'path' => '^/login',
-                    'roles' => 'IS_AUTHENTICATED_ANONYMOUSLY',
+            'firewalls' => [
+                'main' => [
+                    // ...
+                    'logout' => [
+                        'path' => 'app_logout',
+                        // where to redirect after logout
+                        'target' => 'app_any_route'
+                    ],
                 ],
-                // ...
             ],
         ]);
 

security/remember_me.rst

@@ -261,7 +261,7 @@ so ``DoctrineTokenProvider`` can store the tokens:
 
     CREATE TABLE `rememberme_token` (
         `series`   char(88)     UNIQUE PRIMARY KEY NOT NULL,
-        `value`    char(88)     NOT NULL,
+        `value`    varchar(88)  NOT NULL,
         `lastUsed` datetime     NOT NULL,
         `class`    varchar(100) NOT NULL,
         `username` varchar(200) NOT NULL

security/voters.rst

@@ -6,19 +6,30 @@
 How to Use Voters to Check User Permissions
 ===========================================
 
-Security voters are the most granular way of checking permissions (e.g. "can this
-specific user edit the given item?"). This article explains voters in detail.
+Voters are Symfony's most powerful way of managing permissions. They allow you
+to centralize all permission logic, then reuse them in many places.
+
+However, if you don't reuse permissions or your rules are basic, you can always
+put that logic directly into your controller instead. Here's an example how
+this could look like, if you want to make a route accessible to the "owner" only::
+
+    // src/AppBundle/Controller/PostController.php
+    // ...
+
+    if ($post->getOwner() !== $this->getUser()) {
+        throw $this->createAccessDeniedException();
+    }
+
+In that sense, the following example used throughout this page is a minimal
+example for voters.
 
 .. tip::
 
     Take a look at the
     :doc:`authorization </components/security/authorization>`
     article for an even deeper understanding on voters.
 
-How Symfony Uses Voters
------------------------
-
-In order to use voters, you have to understand how Symfony works with them.
+Here's how Symfony works with voters:
 All voters are called each time you use the ``isGranted()`` method on Symfony's
 authorization checker or call ``denyAccessUnlessGranted()`` in a controller (which
 uses the authorization checker), or by

session/database.rst

@@ -358,7 +358,7 @@ Preparing the Database to Store Sessions
 
 Before storing sessions in the database, you must create the table that stores
 the information. The session handler provides a method called
-:method:`Symfony\\Component\\HttpFoundation\\Session\\Storage\\PdoSessionHandler::createTable`
+:method:`Symfony\\Component\\HttpFoundation\\Session\\Storage\\Handler\\PdoSessionHandler::createTable`
 to set up this table for you according to the database engine used::
 
     try {