April 16, 2015 Javier Eguiluz

In addition to high impact changes and big features, the new Symfony versions always add tweaks and minor improvements across its codebase. In this article you'll learn about three small security-related changes that will improve your day-to-day productivity as developer.

Added a string representation for core users¶ Contributed by

Tobias Sjösten

in #9782. Some developers add a magic __toString() PHP method to their user entities to define their string representation. This allows to use type casting such as (string) $user in the PHP application and {{ user }} in the Twig templates. However, in functional tests is common to use in-memory users to simplify tests. The problem is that the core User class defined by Symfony doesn't include the _toString() method and all those type casts fail. In Symfony 2.7 we decided to add a new method to the core User class in order to define its string representation. The code of this method is as simple as: 1 2 3 4 5 6 // src/Symfony/Component/Security/Core/User/User.php public function __toString () { return $this -> getUsername (); }

Improved the logout Twig extension¶ Contributed by

Joshua Thijssen

in #13342. Symfony adds custom Twig extensions on top of Twig to integrate some components into the templates. You probably know and use lots of these functions, filters and tags, such as render() , |trans and {% form_theme %} . One of the least known and used extensions are the logout_path and logout_url functions, which generate the appropriate relative or absolute URL to logout from the given firewall: 1 <a href=" {{ logout_path ( 'firewall_name' ) }} ">Close session</a> In Symfony 2.7, the firewall name is optional. If you don't provide it, Symfony will automatically use the current firewall, whichever it is: 1 <a href=" {{ logout_path () }} ">Close session</a> This minor change also allows to use this function in templates where you don't know the firewall name; for example in the templates of public third-party bundles.