* 2.7:
[Security] Fixed auth provider authenticate() cannot return void
declare argument type
streamed response should return $this
content can be a resource
This PR was merged into the 2.7 branch.
Discussion
----------
[Security] Fixed auth provider authenticate() cannot return void
| Q | A
| ------------- | ---
| Branch? | 2.7 and up
| Bug fix? | yes
| New feature? | no
| BC breaks? | no (arguably)
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
The `AuthenticationManagerInterface` [requires](https://github.com/symfony/symfony/blob/2.7/src/Symfony/Component/Security/Core/Authentication/AuthenticationManagerInterface.php#L30) that `authenticate()` must return a TokenInterface, never null. Several authentication providers are violating this. Changed to throw exception instead.
See discussion in earlier PR https://github.com/symfony/symfony/pull/24585 which was changing the docblock rather than the implementations.
Commits
-------
6e18b56b77 [Security] Fixed auth provider authenticate() cannot return void
This PR was merged into the 2.7 branch.
Discussion
----------
declare type AcceptHeaderItem for array_map
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
In `array_filter` , argument type is declared.
https://github.com/symfony/symfony/blob/2.7/src/Symfony/Component/HttpFoundation/AcceptHeader.php#L133
So It's natural to do so in `array_map` too.
Commits
-------
ab8f5be40c declare argument type
This PR was squashed before being merged into the 2.8 branch (closes#24642).
Discussion
----------
[Routing] Fix resource miss
| Q | A
| ------------- | ---
| Branch? | 2.8
| Bug fix? | yes
| New feature? | no <!-- don't forget to update src/**/CHANGELOG.md files -->
| BC breaks? | no
| Deprecations? | no <!-- don't forget to update UPGRADE-*.md files -->
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
Some routing resources are not watched. To reproduce:
1. Install Symfony 4
2. Change something in `config/routes.yaml`
The change is not taken into account.
This PR fixes this bug.
Commits
-------
6610c25cd6 [Routing] Fix resource miss
The AuthenticationManagerInterface requires that authenticate() must return a TokenInterface, never null.
Several authentication providers are violating this. Changed to throw exception instead.
This PR was merged into the 2.7 branch.
Discussion
----------
content can be a resource
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes (bug in a comment)
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
Commits
-------
c63742daef content can be a resource
This PR was merged into the 2.8 branch.
Discussion
----------
Adding the Form default theme files to be warmed up in Twig's cache
| Q | A
| ------------- | ---
| Branch? | 2.8
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | none
| License | MIT
| Doc PR | not needed
Hiya guys!
So..... during a Symfony Live workshop, we found out that the form theme Twig templates are *not* included in the Twig cache warmup process. This fixes that. I believe this is the only "weird" case where we use a Twig template that is not in a bundle and also not added to Twig as a proper namespaces.
I tested this on a 2.8 project. Before the patch, the form theme templates were not warmed up. After, they are warmed up. Booya.
Cheers!
Commits
-------
2ef619f9bb Adding the Form default theme files to be warmed up in Twig's cache
This PR was squashed before being merged into the 2.7 branch (closes#24626).
Discussion
----------
streamed response should return $this
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | may be yes?
| Deprecations? | no
| Tests pass? | yes
| License | MIT
---
`sendHeaders()` and `sendContent()` should return $this, as in the parent class.
related PRs:
https://github.com/symfony/symfony/pull/2935https://github.com/symfony/symfony/pull/20289
Commits
-------
058fb84 streamed response should return $this
* 2.7:
Username and password in basic auth are allowed to contain '.'
Remove obsolete PHPDoc from UriSigner
[Serializer] ObjectNormalizer: throw if PropertyAccess isn't installed
pdo session fix
Fixed unsetting from loosely equal keys OrderedHashMap
[Debug] Fix same vendor detection in class loader
Updated the source text and translation
reject remember-me token if user check fails
This PR was merged into the 2.7 branch.
Discussion
----------
Username and password in basic auth are allowed to contain '.'
Initially reported by Fede Isas in https://github.com/beberlei/assert/pull/234
| Q | A
| ------------- | ---
| Branch? | 2.3
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
Commits
-------
e5d57dd050 Username and password in basic auth are allowed to contain '.'
This PR was merged into the 2.7 branch.
Discussion
----------
[HttpKernel] Remove obsolete PHPDoc from UriSigner
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | N/A
| License | MIT
| Doc PR | N/A
`_hash` query param does not have to be at the end of the URL ever since https://github.com/symfony/symfony/pull/12574 so this PHPDoc is confusing. I've actually lost couple of hours of work rewriting my URLs to place it at the end before I realized that `UriSigner` doesn't really care.
Commits
-------
45ac192200 Remove obsolete PHPDoc from UriSigner
This PR was merged into the 2.7 branch.
Discussion
----------
[Debug] Fix same vendor detection in class loader
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
Fix about same vendor detection in ClassLoader. Actually, detected namespace for `Doctrine\ORM\Configuration` is `Doctrine\ORM` instead of `Doctrine\`. So deprecations are triggered for classes in same namespace.
Commits
-------
d2ab0d8019 [Debug] Fix same vendor detection in class loader
This PR was squashed before being merged into the 2.8 branch (closes#24571).
Discussion
----------
[PropertyInfo] Add support for the iterable type
| Q | A
| ------------- | ---
| Branch? | 2.8
| Bug fix? | yes
| New feature? | no <!-- don't forget to update src/**/CHANGELOG.md files -->
| BC breaks? | no
| Deprecations? | no <!-- don't forget to update UPGRADE-*.md files -->
| Tests pass? | yes
| Fixed tickets | reported on Slack
| License | MIT
| Doc PR | n/a
Add support for the `iterable` pseudo-type introduced in PHP 7.1.
Commits
-------
a73249db31 [PropertyInfo] Add support for the iterable type
This PR was merged into the 2.7 branch.
Discussion
----------
[Form] Updated the source text and translation
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
I noticed that the source text had changed. See the [English version](https://github.com/symfony/symfony/blob/master/src/Symfony/Component/Form/Resources/translations/validators.en.xlf)
Ping @magnusnordlander or @vinkla, Is this translation okey?
Commits
-------
7da052f18f Updated the source text and translation
This PR was merged into the 2.7 branch.
Discussion
----------
[Security] Reject remember-me token if UserCheckerInterface::checkPostAuth() fails
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #24525
| License | MIT
| Doc PR | -
I think this is a security hole - a user can remain logged in with a remember me cookie even though they can no longer pass `UserCheckInterface::checkPostAuth()` (could be disabled).
This is a small BC break but shouldn't be an issue as I think it is a bug. I don't think this requires a BC layer but if so, I can add.
Commits
-------
fe190b6ee9 reject remember-me token if user check fails
* 2.7:
[Validator] added magic method __isset() to File Constraint class
[DI] Fix possible incorrect php-code when dumped strings contains newlines
[Translation] minor: remove unused variable in test
never match invalid IP addresses
This PR was submitted for the 3.4 branch but it was merged into the 2.7 branch instead (closes#24519).
Discussion
----------
[Validator] [Twig] added magic method __isset() to File Constraint class
| Q | A
| ------------- | ---
| Branch? | 3.4 or master / 2.7, 2.8 or 3.3 <!-- see comment below -->
| Bug fix? | no
| New feature? | yes <!-- don't forget to update src/**/CHANGELOG.md files -->
| BC breaks? | no
| Deprecations? | no <!-- don't forget to update UPGRADE-*.md files -->
| Tests pass? | yes
| Fixed tickets | #24512 <!-- #-prefixed issue number(s), if any -->
| License | MIT
| Doc PR | symfony/symfony-docs#... <!--highly recommended for new features-->
In my project I get assert constraints from one of my entity and I use this value in my front end via Twig.
I faced a problem with the property $maxSize of the File Constraint.
As this property is protected I cannot access it via Twig because the magic method __isset is missing, as I read in twig documentation.
<!--
- Bug fixes must be submitted against the lowest branch where they apply
(lowest branches are regularly merged to upper ones so they get the fixes too).
- Features and deprecations must be submitted against the 3.4,
legacy code removals go to the master branch.
- Please fill in this template according to the PR you're about to submit.
- Replace this comment by a description of what your PR is solving.
-->
Commits
-------
9efb76572a [Validator] added magic method __isset() to File Constraint class
This PR was squashed before being merged into the 2.7 branch (closes#24532).
Discussion
----------
[DI] Fix possible incorrect php-code when dumped strings contains newlines
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no <!-- don't forget to update src/**/CHANGELOG.md files -->
| BC breaks? | no
| Deprecations? | no <!-- don't forget to update UPGRADE-*.md files -->
| Tests pass? | yes
| Fixed tickets | ?
| License | MIT
| Doc PR | no
See discussion #24517
<!--
- Bug fixes must be submitted against the lowest branch where they apply
(lowest branches are regularly merged to upper ones so they get the fixes too).
- Features and deprecations must be submitted against the 3.4,
legacy code removals go to the master branch.
- Please fill in this template according to the PR you're about to submit.
- Replace this comment by a description of what your PR is solving.
-->
Commits
-------
345f2fc [DI] Fix possible incorrect php-code when dumped strings contains newlines
This PR was merged into the 2.7 branch.
Discussion
----------
[Translation] minor: remove unused variable in test
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | no
| New feature? | no <!-- don't forget to update src/**/CHANGELOG.md files -->
| BC breaks? | no
| Deprecations? | no <!-- don't forget to update UPGRADE-*.md files -->
| Tests pass? | yes
| Fixed tickets | #... <!-- #-prefixed issue number(s), if any -->
| License | MIT
| Doc PR | n/a
Commits
-------
c6ed0e4 [Translation] minor: remove unused variable in test
This PR was merged into the 2.7 branch.
Discussion
----------
[HttpFoundation] never match invalid IP addresses
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #24424
| License | MIT
| Doc PR |
Commits
-------
8ad32f0ef5 never match invalid IP addresses
* 2.7:
Fix 7.2 compat layer
Fix PHP 7.2 support
[HttpFoundation] Add missing session.lazy_write config option
[HttpFoundation] Combine Cache-Control headers
[Form] fix parsing invalid floating point numbers
Escape command usage when displaying it in the text descriptor
Use for=ID on radio/checkbox label.
This PR was merged into the 2.7 branch.
Discussion
----------
[HttpFoundation] Combine Cache-Control headers
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
If multiple `Cache-Control` headers are added to a `ResponseHeaderBag`, only the first is returned by `$bag->get('Cache-Control')`.
Commits
-------
1f76a70b6f [HttpFoundation] Combine Cache-Control headers