This PR was merged into the 2.8 branch.
Discussion
----------
[WebServerBundle] fixed html attribute escape
| Q | A
| ------------- | ---
| Branch? | 2.8
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
In the Web Debug Toolbar, when a toolbar item has extra attributes, they are not properly escaped.
(If you put your mouse over the right toolbar item with sf version, you will see a tooltip with `""`)
Currently:
```html
title=""
```
After:
```html
title=""
```
Commits
-------
1337cdb [WebServerBundle] fixed html attribute escape
* 3.2:
Revamped the README file
Fix missing namespace in AddConstraintValidatorPassTest
[SecurityBundle] simplified code
[ExpressionLanguage] Registering functions after calling evaluate(), compile() or parse() is not supported
* 2.8:
Revamped the README file
Fix missing namespace in AddConstraintValidatorPassTest
[ExpressionLanguage] Registering functions after calling evaluate(), compile() or parse() is not supported
* 2.7:
Revamped the README file
Fix missing namespace in AddConstraintValidatorPassTest
[ExpressionLanguage] Registering functions after calling evaluate(), compile() or parse() is not supported
This PR was squashed before being merged into the 2.7 branch (closes#21744).
Discussion
----------
Revamped the README file
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #21235
| License | MIT
| Doc PR |
Here is a before/after comparison image:
![before-after-readme](https://cloud.githubusercontent.com/assets/73419/23294444/cb001e9a-fa6b-11e6-88f2-a8449470fb4e.png)
Commits
-------
c7d30ca486 Revamped the README file
This PR was merged into the 2.7 branch.
Discussion
----------
Fix missing namespace in test
| Q | A
| ------------- | ---
| Branch? | 2.7
| Tests pass? | yes
Commits
-------
1e9ca7b Fix missing namespace in AddConstraintValidatorPassTest
This marks the X-Status-Code header method of setting a custom response
status code in exception listeners as deprecated. Instead there is now
a new method on the GetResponseForExceptionEvent that allows successful
status codes in the response sent to the client.
This PR was merged into the 3.3-dev branch.
Discussion
----------
[Config] fixed glob file loader when there is an exception
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
Fixes a typo. When importing a glob, we definitely want to have errors like syntax errors in a YAML file.
Commits
-------
d1b6601612 [Config] fixed glob file loader when there is an exception
This PR was merged into the 3.3-dev branch.
Discussion
----------
[SecurityBundle] Don't normalize username of in-memory users
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| BC breaks? | yes
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
It's common to have e.g. emails as keys in `security.providers.in_memory.users` since keys are username. Actually they are normalized so `foo-bar@gmail.com` becomes `foo_bar@gmail.com` and authentication fails unexpectedly.
Commits
-------
8d03332726 [SecurityBundle] Don't normalize keys of in-memory users
This PR was squashed before being merged into the 2.7 branch (closes#21722).
Discussion
----------
[ExpressionLanguage] Registering functions after calling evaluate(), compile() or parse() is not supported
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
If we add expr. function after first eval/compile like this:
```php
$el = new ExpressionLanguage();
$el->evaluate('1 + 1');
$el->addFunction(new ExpressionFunction('fn', function () {}, function () {}));
$el->evaluate('fn()');
```
A ``SyntaxError`` is thrown that says ``The function "fn" does not exist around position 1.``. It's the same bug with ``$el->compile('fn()')``.
This PR fixes this (duplicate of #21098 that was closed).
Commits
-------
e305369f98 [ExpressionLanguage] Registering functions after calling evaluate(), compile() or parse() is not supported
This PR was merged into the 2.7 branch.
Discussion
----------
[SecurityBundle] fix priority ordering of security voters
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #21660
| License | MIT
| Doc PR |
Could be updated in the `3.2` branch to make use of the `PriorityTaggedServiceTrait `.
Commits
-------
dcd19f3cf9 fix priority ordering of security voters
A new mode is introduced, in which deprecations coming from the vendors
are not taken into account when deciding to exit with an error code. In
this mode, deprecations coming from the vendors are segregated from
other deprecations.
This PR was merged into the 3.2 branch.
Discussion
----------
[DoctrineBridge] Fixed validating custom doctrine type columns
| Q | A
| ------------- | ---
| Branch? | 3.1
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #21619
| License | MIT
| Doc PR | -
This fixes#21619 by not assuming the invalid `$value` is a Doctrine entity if its an object
Commits
-------
ad59370241 [DoctrineBridge] Fixed validating custom doctrine type columns
This PR was merged into the 2.7 branch.
Discussion
----------
Use PHPUnit 6.0 on PHP 7.* test lines
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | need #21694 first
| Fixed tickets | -
| License | MIT
| Doc PR | -
Commits
-------
96ecd3c Use PHPUnit 6.0 on PHP 7.* test lines