[Validator][translation][japanese]fixed japanese translation to more practical one
[Validator][translation][japanese]fixed message ordering to be consistent with other languages
[Validator][translation][japanese]added new validation messages in japanese translation
This PR was submitted for the master branch but it was merged into the 2.2 branch instead (closes#7436).
Discussion
----------
Bugs when RememberMe use token_provider
When token_provider is used for remember_me in security.yml, it produces an Exception :
Catchable Fatal Error: Argument 5 passed to Symfony\Component\Security\Http\RememberMe\PersistentTokenBasedRememberMeServices::__construct() must be an instance of Symfony\Component\Security\Http\RememberMe\LoggerInterface, instance of Symfony\Bridge\Monolog\Logger given, called in /home/overblog/public_html/OverblogUser/app/cache/dev/appDevDebugProjectContainer.php on line 2358 and defined in /home/overblog/public_html/OverblogUser/vendor/symfony/symfony/src/Symfony/Component/Security/Http/RememberMe/PersistentTokenBasedRememberMeServices.php line 46
The problem comes from missing use in PersistentTokenBasedRememberMeServices and wrong inheritance in security_rememberme.xml.
Commits
-------
a7784e5 Remove already defined arguments
c3b0ec4 Add missing use
This PR was merged into the master branch.
Discussion
----------
Improve bytes conversion method
This PR improves bytes conversion `regex` method introduced in #7413 (thanks to @vicb's comments).
* Adds support of `+` prefix.
* Adds support of blank chars between `+`, number and unit.
* Adds support of octal/hexa bases.
Notice that this can not be unit tested for `ServerParams` and `UploadedFile` classes because `ini_set()` function does not work with `post_max_size` and `upload_max_filesize` settings.
For information, this convertion is located in 3 classes:
* `Symfony\Component\Form\Extension\Validator\Util\ServerParams`
* `Symfony\Component\HttpFoundation\File\UploadedFile`
* `Symfony\Component\HttpKernel\DataCollector\MemoryDataCollector`
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #7413
Commits
-------
21291ca improved bytes conversion method
This PR was merged into the master branch.
Discussion
----------
Console dispatcher
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #3889, #6124
| License | MIT
| Doc PR | symfony/symfony-docs#2352
refs #1884, #1929
This is an alternative implementation for adding events to console applications.
This implementation has the following features:
* Available for anyone using the Console component and it is not tied to
FrameworkBundle (this is important as one thing we are trying to solve is
email sending from a command, and frameworks like Silex using the Console
component needs a solution too);
* Non-intrusive as the current code has not been changed (except for renaming
an internal variable that was wrongly named -- so that's not strictly needed
for this PR)
* The new DispatchableApplication class also works without a dispatcher,
falling back to the regular behavior. That makes easy to create applications
that can benefit from a dispatcher when available, but can still work
otherwise.
* Besides the *before* and *after* events, there is also an *exception* event
that is dispatched whenever an exception is thrown.
* Each event is quite powerful and can manipulate the input, the output, but
also the command to be executed.
Commits
-------
4f9a55a refactored the implementation of how a console application can handle events
4edf29d added helperSet to console event objects
f224102 Added events for CLI commands
The getClientIp now returns ip of the earliest server in a proxy chain when all the servers in the chain are trusted proxies. Before this patch the getClientIp used to return null at such condition.
Some appropriate tests are added.
This PR was merged into the master branch.
Discussion
----------
[Console] added a way to normalize a command display when using the tester
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
Commits
-------
afd7d05 [Console] added a way to normalize a command display when using the tester
This adds an init and terminate event for commands. They are
dispatched from ContainerAwareCommand.
The cache:clear command can't implement this (cf. #3889 on Github).
This PR was merged into the 2.1 branch.
Discussion
----------
[FrameworkBundle] Reuse definition variable in FormPass
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
Commits
-------
f52320d [FrameworkBundle] Reuse definition variable in FormPass
This PR was merged into the master branch.
Discussion
----------
[2.3] [FrameworkBundle] [Serializer] Loads the Serializer component as a service in the Framework Bundle
This PR is the same as
https://github.com/symfony/symfony/pull/5347
but since I am struggling to squash all the commits I better create a new one. Sorry for the inconveniences, :)
Commits
-------
b4e4844 Add the serializer service
This PR was merged into the master branch.
Discussion
----------
[CssSelector] fully rewritted component
The `CssSelector` component is a port of the Python https://github.com/SimonSapin/cssselect library. Previous implementation was a port of the `v0.1` tag, this implementation is a port of the `v0.7.1` tag. As Python and PHP have different philosophies, this is not a simple language-to-language translation, I needed to re-architecture the lib.
**Note about BC:** This new version introduces some changes making fail legacy tests.
New XPath should be equivalents, these changes are:
- When having a condition on an class, legacy condition is prefixed with a test of class existence. Example: `[contains(@class, 'foo')]` is transformed to `[@class and contains(@class, 'foo')]`.
- When having conditions on descendants, `/descendant::*` is transformed to `/descendant-or-self::*/*`.
I updated legacy tests (stored in `CssSelectorTest` class) accordingly.
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | yes
| BC breaks? | see above
| Deprecations? | no
| Tests pass? | yes
Should fix#3615 and #4271
Commits
-------
c6f87d0 [CssSelector] fully rewritted component
This PR was merged into the master branch.
Discussion
----------
[Security] Return 401 when using use_forward for form authentication
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | yes
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
- [x] document the BC breaks in UPDATE and CHANGELOG
Currently, unauthenticated requests gets handled as exceptions and forwarded to the FormAuthenticationEntryPoint::start. When using use_forward = true, this method does not modify the status code, which means that final response to the end user will use a 500 status code. This is not right, as there is not a server problem, the problem is that the user is not authenticated. The status code should be 401.
This PR checks if the sub request to the form view is successful, and sets an X-Status-Code header if it is.This might break applications that rely on the 500 error code being returned for unauthenticated requests.
Commits
-------
b5597e8 [Security] Return 401 when using use_forward for form authentication
This PR was submitted for the 2.2 branch but it was merged into the master branch instead (closes#6950).
Discussion
----------
[2.3] [FrameworkBundle] added route debug information when path matches url
the result of the command `app/console router:match /demo/hello/foo` would be:
instead of just:
Route "_demo_hello" matches
Commits
-------
36098e1 [FrameworkBundle] added route debug information when path matches url
This PR was merged into the master branch.
Discussion
----------
[2.3] [FrameworkBundle] [Templating] added Stopwatch support to the PHP engine
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| License | MIT
I did not include tests nor documentation because there weren't any for TimedTwigEngine (I took it as an example). If I'm mistaken and they are needed, I'll gladly write them.
Commits
-------
3c3d34d [FrameworkBundle] [Templating] added Stopwatch support to the PHP engine
This PR was merged into the master branch.
Discussion
----------
[2.2] [Security] Add an option to disable the hasPreviousSession() check in AbstractAuthenticationListener
Bug fix: no
Feature addition: yes
Backwards compatibility break: no
Symfony2 tests pass: [](http://travis-ci.org/adrienbrault/symfony)
Fixes the following tickets: #3703
Todo: Add this option to the symfony doc security configuration reference
License of the code: MIT
Documentation PR: N/A
As stated in #3703, all authentication listeners that inherit from AbstractAuthenticationListener, only work when a previous session has been created.
This PR allows to change the default behavior in the security.yml file.
Example:
```yml
security:
firewalls:
secured_area:
pattern: ^/demo/secured/
form_login:
check_path: /demo/secured/login_check
login_path: /demo/secured/login
require_previous_session: false # The default value is true
logout:
path: /demo/secured/logout
target: /demo/
#anonymous: ~
#http_basic:
# realm: "Secured Demo Area"
```
PS: While removing my old commit, it closed the #4774 PR ...
Commits
-------
0562463 [Security] Add an option to disable the hasPreviousSession() check in AbstractAuthenticationListener
This PR was merged into the master branch.
Discussion
----------
[2.3] [WIP] Synchronized services...
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #5300, #6756
| License | MIT
| Doc PR | symfony/symfony-docs#2343
Todo:
- [x] update documentation
- [x] find a better name than contagious (synchronized)?
refs #6932, refs #5012
This PR is a proof of concept that tries to find a solution for some problems we have with scopes and services depending on scoped services (mostly the request service in Symfony).
Basically, whenever you want to inject the Request into a service, you have two possibilities:
* put your own service into the request scope (a new service will be created whenever a sub-request is run, and the service is not available outside the request scope);
* set the request service reference as non-strict (your service is always available but the request you have depends on when the service is created the first time).
This PR addresses this issue by allowing to use the second option but you service still always has the right Request service (see below for a longer explanation on how it works).
There is another issue that this PR fixes: edge cases and weird behaviors. There are several bug reports about some weird behaviors, and most of the time, this is related to the sub-requests. That's because the Request is injected into several Symfony objects without being updated correctly when leaving the request scope. Let me explain that: when a listener for instance needs the Request object, it can listen to the `kernel.request` event and store the request somewhere. So, whenever you enter a sub-request, the listener will get the new one. But when the sub-request ends, the listener has no way to know that it needs to reset the request to the master one. In practice, that's not really an issue, but let me show you an example of this issue in practice:
* You have a controller that is called with the English locale;
* The controller (probably via a template) renders a sub-request that uses the French locale;
* After the rendering, and from the controller, you try to generate a URL. Which locale the router will use? Yes, the French locale, which is wrong.
To fix these issues, this PR introduces a new notion in the DIC: synchronized services. When a service is marked as synchronized, all method calls involving this service will be called each time this service is set. When in a scope, methods are also called to restore the previous version of the service when the scope leaves.
If you have a look at the router or the locale listener, you will see that there is now a `setRequest` method that will called whenever the request service changes (because the `Container::set()` method is called or because the service is changed by a scope change).
Commits
-------
17269e1 [DependencyInjection] fixed management of scoped services with an invalid behavior set to null
bb83b3e [HttpKernel] added a safeguard for when a fragment is rendered outside the context of a master request
5d7b835 [FrameworkBundle] added some functional tests
ff9d688 fixed Request management for FragmentHandler
1b98ad3 fixed Request management for LocaleListener
a7b2b7e fixed Request management for RequestListener
0892135 [HttpKernel] ensured that the Request is null when outside of the Request scope
2ffcfb9 [FrameworkBundle] made the Request service synchronized
ec1e7ca [DependencyInjection] added a way to automatically update scoped services
This PR was merged into the master branch.
Discussion
----------
moved the request scope creation to the ContainerAwareHttpKernel class
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | symfony/symfony-docs#2343
While updating the scope documentation, I realized that the request scope was created in the FrameworkBundle while the HttpKernel that manages it was in the HttpKernel component. So, this PR makes things more consistent.
Commits
-------
cec98c1 [DependencyInjection] fixed PHP notice when the scope is not defined
550df5a moved the request scope creation to the ContainerAwareHttpKernel class
This PR was merged into the 2.2 branch.
Discussion
----------
Reverts behavior change to UrlGenerator
I do not want to talk much about the behavior change and whether it makes sense or not because I think it does not matter in this situation anyway.
The ``generate`` method is tagged with ``@api``, there is no security issue that was fixed. According to the rules set forth at http://symfony.com/doc/current/book/stable_api.html, the semantics of such a method must not be changed.
There is some more discussion in #6814 and the commit changing the behavior is this one: c66d1f9de3 (diff-0)
Commits
-------
a765375 reverts some behavior changes made in c66d1f9de30fd1b6a86cca10dd79d12c9ba9ff25
