This PR was merged into the 3.4 branch.
Discussion
----------
Remove some unused methods parameters
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | -
This PR removes some useless private method parameters.
Commits
-------
026730e913 Remove some unused methods parameters
This PR was merged into the 4.3 branch.
Discussion
----------
[Security] SwitchUser is broken when the User Provider always returns a valid user
| Q | A
| ------------- | ---
| Branch? | 4.3
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | n/a
| License | MIT
| Doc PR | n/a
Since bcfc282d42, if a UserProvider always returns a valid User object (which can happen in some OAuth workflow), switching user is not possible anymore as we hit the `LogicException`.
This patch should be safe as the timing-attack prevention is kept.
Commits
-------
2bf6cd2eea [Security] Fix SwitchUser is broken when the User Provider always returns a valid user
This PR was squashed before being merged into the 3.4 branch (closes#34385).
Discussion
----------
Avoid empty "If-Modified-Since" header in validation request
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets |
| License | MIT
| Doc PR |
Just noticed that when a response has been cached that is `public` and has an `maxAge` but does _not_ provide `Last-Modified`, the validation subrequest will have an empty `If-Modified-Since` header value.
Commits
-------
960faef66f Avoid empty \"If-Modified-Since\" header in validation request
This PR was merged into the 4.3 branch.
Discussion
----------
Fix error message according to the new regex
Complete https://github.com/symfony/symfony/pull/34448 from @xabbuh
| Q | A
| ------------- | ---
| Branch? | 4.3 <!-- see below -->
| Bug fix? | no
| New feature? | no <!-- please update src/**/CHANGELOG.md files -->
| Deprecations? | no <!-- please update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| Tickets | <!-- prefix each issue number with "Fix #", if any -->
| License | MIT
| Doc PR | <!-- required for new features -->
<!--
Replace this notice by a short README for your feature/bugfix. This will help people
understand your PR and can be used as a start for the documentation.
Additionally (see https://symfony.com/roadmap):
- Always add tests and ensure they pass.
- Never break backward compatibility (see https://symfony.com/bc).
- Bug fixes must be submitted against the lowest maintained branch where they apply
(lowest branches are regularly merged to upper ones so they get the fixes too.)
- Features and deprecations must be submitted against branch master.
-->
Commits
-------
7425d2c69d Fix error message according to the new regex
This PR was merged into the 3.4 branch.
Discussion
----------
[Validator] ConstraintValidatorTestCase: add missing return value to mocked validate method calls
| Q | A
| ------------- | ---
| Branch? | 3.4 <!-- see below -->
| Bug fix? | yes
| New feature? | no <!-- please update src/**/CHANGELOG.md files -->
| Deprecations? | no <!-- please update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| Tickets | N/A <!-- prefix each issue number with "Fix #", if any -->
| License | MIT
| Doc PR | N/A
Spotted while working on https://github.com/symfony/symfony/pull/34456.
Not sure it should really qualify as a bugfix, but the `ContextualValidatorInterface::validate` method is expected to return the instance. If [chaining in a validator](https://github.com/symfony/symfony/pull/34456/files#diff-0e6e3106aa637d750d47e86a14cef8d4R43), trying to use this test methods would throw an error, trying to call a method on `null`.
Commits
-------
8d1f32613b [Validator] ConstraintValidatorTestCase: add missing return value to mocked validate method calls
This PR was merged into the 4.3 branch.
Discussion
----------
[DependencyInjection] Fix dumping multiple deprecated aliases
| Q | A
| ------------- | ---
| Branch? | 4.3
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets |
| License | MIT
| Doc PR |
Only the last deprecated alias wins, cause the content will not appended
Commits
-------
60b0dae174 [DependencyInjection] Fix dumping multiple deprecated aliases
This PR was merged into the 4.3 branch.
Discussion
----------
[Form] allow button names to start with uppercase letter
| Q | A
| ------------- | ---
| Branch? | 4.3
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets |
| License | MIT
| Doc PR |
Commits
-------
d811b0e9b5 allow button names to start with uppercase letter
This PR was submitted for the master branch but it was merged into the 3.4 branch instead.
Discussion
----------
[Finder] Fixed docs
minor docblock fix
Commits
-------
e7d0787a4d [Finder] Fixed docs
This PR was merged into the 3.4 branch.
Discussion
----------
Adjust pull request template for 5.1
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| Tickets | N/A
| License | MIT
| Doc PR | N/A
Now that 5.0-RC1 has been released (btw: 🎉👏🍾 ), I assume that new features should go to master again.
Commits
-------
c194fffaef Adjust pull request template for 5.0 branchout
This PR was squashed before being merged into the 3.4 branch (closes#34422).
Discussion
----------
Update HttpKernel.php
phpstan-symfony (0.11.6) level 5
Parameter #2 $values of method Symfony\Component\HttpFoundation\HeaderBag::set() expects array|string, int given.
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | Fix #... <!-- prefix each issue number with "Fix #", if any -->
| License | MIT
| Doc PR |
Commits
-------
7b7f966711 Update HttpKernel.php
This PR was merged into the 3.4 branch.
Discussion
----------
Add conflict rule for Monolog 2
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #27857, symfony/monolog-bundle#300
| License | MIT
| Doc PR | N/A
Depending on the monorepo has been best practice in Symfony 3 and is discouraged but still possible in Symfony 4. If the Symfony Standard Edition was used to bootstrap the application, Monolog is installed as dependency of the MonologBundle. Thus, if we released a MonologBundle that indicates compatibility with Monolog 2, those application would be bumped to Version 2 although MonologBridge 3.4 is not ready for it. The goal is to prevent this from happening.
This PR adds a conflict rule for Monolog 2 to the 3.4 branch. Assuming this gets merged before the next Symfony releases (3.4.30, 4.2.11, 4.3.3), my plan would be to bump MonologBundle's dependencies like this:
```diff
"require": {
- "monolog/monolog": "~1.22",
- "symfony/monolog-bridge": "~3.4|~4.0"
+ "monolog/monolog": "~1.22|~2.0",
+ "symfony/monolog-bridge": "^3.4.30|~4.2.11|^4.3.3|^5.0"
}
```
If I'm not mistaken, this should remove any possible combination of Symfony 3/4 and Monolog 2.
Projects depending on individual packages instead of the monorepo should be safe already because MonologBridge 3.x/4.x locks Monolog at version 1.
Commits
-------
d53b91a45a Add conflict rule for Monolog 2.
This PR was merged into the 3.4 branch.
Discussion
----------
[HttpFoundation] Allow redirecting to URLs that contain a semicolon
| Q | A
| ------------- | ---
| Branch? | 4.3
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| License | MIT
URLs that contain a semicolon cannot be redirected to at least in MS Edge and IE10.
Take the following example...
```
# https://ad.doubleclick.net/ddm/clk/450721234;254801234;l
// After redirect...
# https://ad.doubleclick.net/ddm/clk/450721234
```
Wrapping the URL in single quotes fixes the issue ([related reading](https://www.w3.org/TR/WCAG20-TECHS/H76.html))
Commits
-------
bd0637ebe4 [HttpFoundation] Allow redirecting to URLs that contain a semicolon
This PR was merged into the 4.3 branch.
Discussion
----------
[FrameworkBundle] Remove project dir from Translator cache vary scanned directories
| Q | A
| ------------- | ---
| Branch? | 4.3
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | Closes#34395
| License | MIT
| Doc PR | -
Weird cases such as having different paths for directories found through reflection (cf 8522a88185/src/Symfony/Bundle/FrameworkBundle/DependencyInjection/FrameworkExtension.php (L1105)) or using different values on warmup and run for another parameter than `kernel.project_dir` are still unconvered. Unfortunately there is nothing we can do, do we care? If yes, then we might just wanna enable https://github.com/symfony/symfony/pull/34129 when the `debug` option is on.
Commits
-------
e75e01dda4 [FrameworkBundle] Remove project dir from Translator cache vary scanned directories
This PR was merged into the 4.3 branch.
Discussion
----------
[Cache] catch exceptions when using PDO directly
| Q | A
| ------------- | ---
| Branch? | 4.3
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | Fixsymfony/symfony-docs#12632
| License | MIT
| Doc PR |
Commits
-------
5c1f5594f5 catch exceptions when using PDO directly
This PR was submitted for the 4.4 branch but it was merged into the 3.4 branch instead.
Discussion
----------
[HttpFoundation] Fix MySQL column type definition.
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? |no
| Deprecations? | no
| Tickets | Fix#34409
| License | MIT
| Doc PR | symfony/symfony-docs#12641
Fix wrong MySQL column type definition causing Numeric value out of range exception.
Commits
-------
51c5f69274 Fix MySQL column type definition.
* 3.4:
Link the right file depending on the new version
[Finder] Allow ssh2 stream wrapper for sftp
[WebProfilerBundle] Require symfony/twig-bundle
bumped Symfony version to 3.4.36
updated VERSION for 3.4.35
updated CHANGELOG for 3.4.35
This PR was submitted for the 4.4 branch but it was merged into the 3.4 branch instead.
Discussion
----------
Link the right file depending on the new version
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| Tickets | Fix url doc upgrading to 4.x
| License | MIT
Link the right file depending on the new version
Commits
-------
7e38d83ad0 Link the right file depending on the new version
This PR was merged into the 4.3 branch.
Discussion
----------
[Config] fix id-generation for GlobResource
| Q | A
| ------------- | ---
| Branch? | 4.3
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | -
I never encountered any issues related to this but still, it's a fix.
Commits
-------
6adbfa2ae7 [Config] fix id-generation for GlobResource
This PR was merged into the 3.4 branch.
Discussion
----------
[Finder] Allow ssh2 stream wrapper for sftp
Same fix as #28604 but for the ssh2.sftp wrapper.
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no <!-- please update src/**/CHANGELOG.md files -->
| Deprecations? | no <!-- please update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| Tickets | Fix#28604 maybe
| License | MIT
| Doc PR |
Without this patch, we can't use the finder with ssh2.sftp connections.
```php
$connection = \ssh2_connect('host', 22);
\ssh2_auth_password($connection, 'user', 'pass');
$sftp = \ssh2_sftp($connection);
$path = "ssh2.sftp://".intval($sftp)."/";
$finder = new Finder();
foreach ($finder->in($path)->files() as $directory) {
dump(file_get_contents($directory));
}
```
Without the patch:
> RecursiveDirectoryIterator::__construct(ssh2.sftp://838): failed to open dir: operation failed
Commits
-------
e6c9d77b63 [Finder] Allow ssh2 stream wrapper for sftp