This PR was merged into the 5.1 branch.
Discussion
----------
[Security] Fixed PUBLIC_ACCESS in authenticated sessions
| Q | A
| ------------- | ---
| Branch? | 5.1
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | -
Found while testing https://github.com/scheb/2fa/pull/8, sorry for not spotting it before the stable release 😞
Currently, authenticated users are denied access for pages that have `PUBLIC_ACCESS` set, as this attribute is only checked when no token was set. It should be checked for both cases.
Commits
-------
0ac530f460 Also check PUBLIC_ACCESS for authenticated tokens
This PR was merged into the 5.1 branch.
Discussion
----------
[FrameworkBundle] Fix enabled_locales behavior
| Q | A
| ------------- | ---
| Branch? | 5.1
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | -
I was experimenting with enabled_locales on my application and I noticed the cache didn't actually change. It seems the generated service definition was invalid: the file `var/cache/dev/ContainerFEQLy1x/App_KernelDevDebugContainer.php` defined `getTranslator_DefaultService` by calling `new Translator` with 7 arguments instead of 6.
It seems to be due to the fact that the DI extension does not replace the right argument. With the following fix applied the behavior works as expected.
However, reading the comment of Javier in https://github.com/symfony/symfony/pull/32433, it seems he tested it against Demo and it worked with the previous code. I'm not sure why, @javiereguiluz I'd be interested in knowing if I'm missing something here :) .
Commits
-------
e2ce7f5030 Fix enabled_locales behavior
This PR was merged into the 4.4 branch.
Discussion
----------
[VarExporter] tfix: s/markAsSkipped/markTestSkipped/
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets |
| License | MIT
| Doc PR |
Just fixes a typo causing the testsuite to fail at least on PHP 7.4.5
Commits
-------
393c9d920a [VarExporter] tfix: s/markAsSkipped/markTestSkipped/
This PR was merged into the 5.1 branch.
Discussion
----------
[Validator] use "allowedVariables" to configure the ExpressionLanguageSyntax constraint
| Q | A
| ------------- | ---
| Branch? | 5.1
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| Tickets | Fixsymfony/symfony-docs#13669
| License | MIT
| Doc PR |
Commits
-------
4807dab305 [Validator] use "allowedVariables" to configure the ExpressionLanguageSyntax constraint
This PR was squashed before being merged into the 4.4 branch.
Discussion
----------
[Security] Fixed AbstractToken::hasUserChanged()
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | Fix#36989
| License | MIT
| Doc PR | -
This PR completely reverts #35944.
That PR tried to fix a BC break (ref #35941, #35509) introduced by #31177. However, this broke many authentications (ref #36989), as the User is serialized in the session (as hinted by @stof). Many applications don't include the `roles` property in the serialization (at least, the MakerBundle doesn't include it).
In 5.2, we should probably deprecate having different roles in token and user, which fixes the BC breaks all together.
Commits
-------
f297beb42c [Security] Fixed AbstractToken::hasUserChanged()
* 5.0:
Fix abstract method name in PHP doc block
Various cleanups
[HttpClient] fix issues in tests
Fixes sprintf(): Too few arguments in form transformer
[Console] Fix QuestionHelper::disableStty()
[Validator] Use Mime component to determine mime type for file validator
validate subforms in all validation groups
Update Hungarian translations
Add meaningful message when Process is not installed (ProcessHelper)
[PropertyAccess] Fix TypeError parsing again.
[TwigBridge] fix fallback html-to-txt body converter
[Security/Http] fix merge
[ErrorHandler] fix setting $trace to null in FatalError
[Form] add missing Czech validators translation
[Validator] add missing Czech translations
never directly validate Existence (Required/Optional) constraints
* 4.4:
Fix abstract method name in PHP doc block
Various cleanups
[HttpClient] fix issues in tests
Fixes sprintf(): Too few arguments in form transformer
[Console] Fix QuestionHelper::disableStty()
[Validator] Use Mime component to determine mime type for file validator
validate subforms in all validation groups
Update Hungarian translations
Add meaningful message when Process is not installed (ProcessHelper)
[PropertyAccess] Fix TypeError parsing again.
[TwigBridge] fix fallback html-to-txt body converter
[Form] add missing Czech validators translation
[Validator] add missing Czech translations
never directly validate Existence (Required/Optional) constraints
This PR was merged into the 3.4 branch.
Discussion
----------
Fix abstract method name in PHP doc block
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| Tickets |
| License | MIT
| Doc PR |
Commits
-------
d6966c3147 Fix abstract method name in PHP doc block
* 3.4:
Fixes sprintf(): Too few arguments in form transformer
[Console] Fix QuestionHelper::disableStty()
validate subforms in all validation groups
Update Hungarian translations
Add meaningful message when Process is not installed (ProcessHelper)
[PropertyAccess] Fix TypeError parsing again.
[Form] add missing Czech validators translation
[Validator] add missing Czech translations
never directly validate Existence (Required/Optional) constraints
This PR was merged into the 3.4 branch.
Discussion
----------
[Validator] never directly validate Existence (Required/Optional) constraints
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | Fix#36637#36723
| License | MIT
| Doc PR |
Using `Optional` or `Required` like "regular" constraints does not make any sense, but doing so didn't break before #36365. I suggest to ignore them for now and deprecate using them outside the `Collection` constraint in 5.2.
Commits
-------
d333aae187 never directly validate Existence (Required/Optional) constraints
This PR was merged into the 3.4 branch.
Discussion
----------
[Console] Fix QuestionHelper::disableStty()
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no>
| Tickets | -
| License | MIT
| Doc PR | -
We broke it when adding `Terminal::hasSttyAvailable()`.
Let's fix it on 3.4 and move it to terminal on master, as suggested in #36977
Commits
-------
5d93b61278 [Console] Fix QuestionHelper::disableStty()
This PR was merged into the 3.4 branch.
Discussion
----------
[PropertyAccess] Fix TypeError parsing again
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | #36872
| License | MIT
| Doc PR | N/A
Apparently, the format of `TypeError`s has changed again in php8. While investigating, I noticed our error message parsing is not handling anonymous classes well, so I've added some test cases for them.
I chose a fuzzier regular expression to parse the expected return type from the error message. Additionally, I'm checking the stack trace if the caught `TypeError` is really caused by the accessor call.
Commits
-------
03b4e98630 [PropertyAccess] Fix TypeError parsing again.