* 2.7:
[Security] Fix wrong term in UserProviderInterface
[HttpFoundation] Set meta refresh time to 0 in RedirectResponse content
[Security] validate empty passwords again
[DI] Remove irrelevant comment from container
[TwigBridge] cleaner implementation of the TwigRenderer
This PR was merged into the 2.7 branch.
Discussion
----------
[Security] validate empty passwords again
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | https://github.com/symfony/symfony/pull/23341#issuecomment-315341226
| License | MIT
| Doc PR |
It looks like this part of #23341 causes serious security issues for some users who rely on the validator to also compare the empty string with their user's password (see for example https://github.com/symfony/symfony/pull/23341#issuecomment-315341226). Thus I suggest to revert this part of #23341.
Commits
-------
878198cefa [Security] validate empty passwords again
This PR was submitted for the master branch but it was merged into the 2.7 branch instead (closes#23487).
Discussion
----------
[Security] Fix wrong term in UserProviderInterface
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | no <!-- don't forget updating src/**/CHANGELOG.md files -->
| BC breaks? | no
| Deprecations? | no <!-- don't forget updating UPGRADE-*.md files -->
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
The term "account" is the just remnant from the days of AccountInterface, isn't it?
Commits
-------
b5b8c15831 [Security] Fix wrong term in UserProviderInterface
This PR was merged into the 2.7 branch.
Discussion
----------
[DI] Remove irrelevant comment from container
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes-ish
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #... <!-- #-prefixed issue number(s), if any -->
| License | MIT
| Doc PR | symfony/symfony-docs#... <!--highly recommended for new features-->
Spotted in #22811
Commits
-------
595a225a0f [DI] Remove irrelevant comment from container
This PR was submitted for the master branch but it was merged into the 2.7 branch instead (closes#23526).
Discussion
----------
[HttpFoundation] Set meta refresh time to 0 in RedirectResponse content
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #23524
| License | MIT
Set meta refresh time to 0 in RedirectResponse content
Commits
-------
5508a00e74 [HttpFoundation] Set meta refresh time to 0 in RedirectResponse content
This PR was merged into the 2.8 branch.
Discussion
----------
Disable inlining deprecated services
| Q | A
| ------------- | ---
| Branch? | 2.8
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #23536
| License | MIT
Deprecation errors are not triggered for inlined services.
Disabling inlining for those services will fix this issue.
Commits
-------
6ab8ca0d36 disable inlining deprecated services
This PR was merged into the 2.7 branch.
Discussion
----------
[TwigBridge] cleaner implementation of the TwigRenderer
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | no
| New feature? | no <!-- don't forget updating src/**/CHANGELOG.md files -->
| BC breaks? | no
| Deprecations? | no <!-- don't forget updating UPGRADE-*.md files -->
| Tests pass? | yes
| Fixed tickets | https://github.com/symfony/symfony/pull/23432#discussion_r125880092
| License | MIT
| Doc PR |
<!--
- Bug fixes must be submitted against the lowest branch where they apply
(lowest branches are regularly merged to upper ones so they get the fixes too).
- Features and deprecations must be submitted against the 3.4,
legacy code removals go to the master branch.
- Please fill in this template according to the PR you're about to submit.
- Replace this comment by a description of what your PR is solving.
-->
Commits
-------
c7c5ba8 [TwigBridge] cleaner implementation of the TwigRenderer
* 2.7:
[DI] Handle root namespace in service definitions
Use rawurlencode() to transform the Cookie into a string
[Security] Fix authentication.failure event not dispatched on AccountStatusException
This PR was squashed before being merged into the 2.7 branch (closes#23468).
Discussion
----------
[DI] Handle root namespace in service definitions
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #... <!-- #-prefixed issue number(s), if any -->
| License | MIT
| Doc PR | symfony/symfony-docs#... <!--highly recommended for new features-->
Fixes
```
Cannot dump definition because of invalid class name ('\\stdClass')
```
for
```yaml
services:
foo: {class: '\stdClass' }
```
`ContainerBuilder` allows it, so `PhpDumper` should as well.
Commits
-------
05170c8 [DI] Handle root namespace in service definitions
This PR was merged into the 2.7 branch.
Discussion
----------
[Security] Fix authentication.failure event not dispatched on AccountStatusException
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | https://github.com/symfony/symfony/issues/18807
| License | MIT
| Doc PR | n/a
Authentication fails if the user exists but its account is disabled/expired/locked, the failure event should be dispatched in this case, so that you can hook into as for any authentication exception.
Commits
-------
64c2efd [Security] Fix authentication.failure event not dispatched on AccountStatusException
This PR was squashed before being merged into the 2.7 branch (closes#23461).
Discussion
----------
Use rawurlencode() to transform the Cookie into a string
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #23255
| License | MIT
| Doc PR | -
Commits
-------
025dfff Use rawurlencode() to transform the Cookie into a string
* 2.7:
allow to configure custom formats in XML configs
require the XML PHP extension
Fixed absolute url generation for query strings and hash urls
bumped Symfony version to 2.7.32
[Filesystem] Dont copy perms when origin is remote
updated VERSION for 2.7.31
update CONTRIBUTORS for 2.7.31
updated CHANGELOG for 2.7.31
This PR was merged into the 2.7 branch.
Discussion
----------
[TwigBundle] allow to configure custom formats in XML configs
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #13554
| License | MIT
| Doc PR |
Commits
-------
5a3a24b allow to configure custom formats in XML configs
This PR was squashed before being merged into the 2.8 branch (closes#23460).
Discussion
----------
Don't display the Symfony debug toolbar when printing the page
| Q | A
| ------------- | ---
| Branch? | 2.8
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #23303
| License | MIT
| Doc PR | -
Commits
-------
ca3ff88 Don't display the Symfony debug toolbar when printing the page
This PR was merged into the 2.7 branch.
Discussion
----------
require the XML PHP extension
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | https://github.com/symfony/symfony/pull/22676#issuecomment-300434331, symfony/symfony-standard#1099
| License | MIT
| Doc PR |
I suggest to either revert #22676 or to be consistent and require the XML extension in all bundles as well as in the `symfony/symfony` package.
Commits
-------
032e654acb require the XML PHP extension
This PR was squashed before being merged into the 2.7 branch (closes#23261).
Discussion
----------
Fixed absolute url generation for query strings and hash urls
| Q | A
| ------------- | ---
| Branch? | 2.7, ...
| Bug fix? | yes
| New feature? |no
| BC breaks? | yes? absolute_url will change its output but the old was incorrect
| Deprecations? |no
| Tests pass? | yes?
| Fixed tickets | fixes#23260
| License | MIT
Fixed absolute url generation for query strings
Commits
-------
89ad27d544 Fixed absolute url generation for query strings and hash urls
This PR was merged into the 2.7 branch.
Discussion
----------
[Filesystem] Dont copy perms when origin is remote
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #23312
| License | MIT
| Doc PR | -
Commits
-------
7b442211dc [Filesystem] Dont copy perms when origin is remote
* 2.7:
[FrameworkBundle] Do not remove files from assets dir
bumped Symfony version to 2.7.31
updated VERSION for 2.7.30
update CONTRIBUTORS for 2.7.30
updated CHANGELOG for 2.7.30