This PR was merged into the 2.7 branch.
Discussion
----------
[DebugBundle] Reword an outdated comment about var dumper wiring
| Q | A
| ------------- | ---
| Branch? | 2.7 <!-- see comment below -->
| Bug fix? | no
| New feature? | no <!-- don't forget updating src/**/CHANGELOG.md files -->
| BC breaks? | no
| Deprecations? | no <!-- don't forget updating UPGRADE-*.md files -->
| Tests pass? | no
| Fixed tickets | N/A <!-- #-prefixed issue number(s), if any -->
| License | MIT
| Doc PR | N/A
This comment is outdated since #19647, as the default config is now the one used all the way through in HTTP mode, while it's overridden in CLI mode by the `DumpListener` on `console.command` event.
Commits
-------
f876fd9 [DebugBundle] Reword an outdated comment about var dumper wiring
This PR was merged into the 2.7 branch.
Discussion
----------
Ignore memcached missing key error on session destroy
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #18574
| License | MIT
| Doc PR | NA
Since PHP 7 session_regenerate_id triggers a warning when the session is not started.
This PR, changes the behaviours of session_destroy in the `MemcachedSessionHandler` by returning true when the user try to delete a non-existing session.
Other handler:
- LegacyPdoSessionHandler => don't check if key exists
- MongoDbSessionHandler => don't check if key exists
- NullSessionHandler => always true
- PdoSessionHandler => don't check if key exists
Commits
-------
29538b621c Ignore memcached missing key error on dession destroy
This PR was merged into the 2.7 branch.
Discussion
----------
Github template: Remove EOM 3.2 from branch suggestion
| Q | A
| ------------- | ---
| Branch? | 2.7 <!-- see comment below -->
| Bug fix? | no
| New feature? | no <!-- don't forget updating src/**/CHANGELOG.md files -->
| BC breaks? | no
| Deprecations? | no <!-- don't forget updating UPGRADE-*.md files -->
| Tests pass? | yes
| Fixed tickets | N/A <!-- #-prefixed issue number(s), if any -->
| License | MIT
| Doc PR | N/A
As 3.2 is EOM since the 31 July (appart for security fixes of course)
Commits
-------
30eed99 Github template: Remove EOM 3.2 from branch suggestion
This PR was merged into the 2.7 branch.
Discussion
----------
[Security] Fix security.interactive_login event const doc block
| Q | A
| ------------- | ---
| Branch? | 2.7 <!-- see comment below -->
| Bug fix? | no
| New feature? | no <!-- don't forget updating src/**/CHANGELOG.md files -->
| BC breaks? | no
| Deprecations? | no <!-- don't forget updating UPGRADE-*.md files -->
| Tests pass? | yes
| Fixed tickets | N/A <!-- #-prefixed issue number(s), if any -->
| License | MIT
| Doc PR | N/A
I'd suggest to reuse the explanation we give about this event [on the docs](http://symfony.com/doc/2.7/components/security/authentication.html#security-events) because the current one in the code is misleading: this event is not triggered for http basic/digest authentication for instance.
Commits
-------
f6c83cf [Security] Fix security.interactive_login event const doc block
This PR was merged into the 2.7 branch.
Discussion
----------
[HttpFoundation] Generate safe fallback filename for wrongly encoded filename
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
This handles the case where the encoding of a random string cannot be detected. Until now this causes a PHP Warning `mb_strlen(): Unknown encoding ""`.
Commits
-------
8fd5569 [HttpFoundation] Generate safe fallback filename for wrongly encoded filename
This PR was merged into the 2.7 branch.
Discussion
----------
Avoid infinite loops when profiler data is malformed
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #22963
| License | MIT
| Doc PR | -
Thanks to the bug reproducer provided by @Kyoushu, I could reproduce this error:
```
PHP 7.1.4 Development Server started at Thu Aug 3 22:13:26 2017
Listening on http://127.0.0.1:8000
Document root is projects/symfony-fileprofilerstorage-bug/web
Press Ctrl-C to quit.
[Thu Aug 3 22:13:26 2017] PHP Fatal error:
Allowed memory size of 2147483648 bytes exhausted (tried to allocate 282624 bytes) in
projects/symfony-fileprofilerstorage-bug/vendor/symfony/symfony/src/Symfony/Component/
HttpKernel/Profiler/FileProfilerStorage.php on line 124
```
After the changes proposed in this PR, the browser no longer exhausts the memory and you can see the exception page explaining the error. The web debug toolbar doesn't load, but it doesn't crash anything:
Commits
-------
e5ef9fb Avoid infinite loops when profiler data is malformed
This PR was merged into the 2.7 branch.
Discussion
----------
[Bridge\ProxyManager] Dont call __destruct() on non-instantiated services
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
While working on making #23678 green, I discovered that if a lazy service implements `__destruct`, then that service is not lazy anymore: it is created at destruct time.
That behavior is documented at https://github.com/Ocramius/ProxyManager/issues/258 (+related issues).
While I may understand why this behavior is the default for ProxyManager, it does not fit our "lazy-services" use case to me. Typically, nobody wants a database connection to be created to destruct the uninitialized lazy-proxy.
Blocks #23678
Commits
-------
2d79ffa0ca [Bridge\ProxyManager] Dont call __destruct() on non-instantiated services
This PR was merged into the 2.7 branch.
Discussion
----------
[Console] Fix passing options with defaultCommand
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
Seems like overwriting input for the default command is not needed (anymore?). I don't know where the removed comment comes from originally.
Use case: i want to call default command and use options at the same time:
app/console --abc=true
Commits
-------
761de99552 Fix passing options with defaultCommand
This PR was merged into the 2.7 branch.
Discussion
----------
Remove unused constant
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | N/A
| License | MIT
| Doc PR | N/A
Just a micro clean-up PR, to assimilate the Symfony PR process.
Hope the next one will be more useful 🤔
Commits
-------
7168d89 Remove unused constant
This PR was submitted for the 2.8 branch but it was merged into the 2.7 branch instead (closes#23613).
Discussion
----------
[DI] Remove unused props from the PhpDumper
| Q | A
| ------------- | ---
| Branch? | 2.8
| Bug fix? | no
| New feature? | no <!-- don't forget updating src/**/CHANGELOG.md files -->
| BC breaks? | no
| Deprecations? | no <!-- don't forget updating UPGRADE-*.md files -->
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
Commits
-------
f1aa45c [DI] Remove unused props from the PhpDumper
This PR was merged into the 2.7 branch.
Discussion
----------
[ProxyManager] Cleanup fixtures
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
Just noticed that these fixture files are not maintainable. And we don't need them at all in fact, let's drop them.
Commits
-------
31843d6f98 [ProxyManager] Cleanup fixtures
This PR was merged into the 2.7 branch.
Discussion
----------
[Form] Add some phpdocs for IDE autocompletion and better SCA
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
@ogizanagi I've tryed add single phpdoc `@method FormInterface[] getIterator()` to `FormInterface` but it not works correctly in PHPStorm. Have you any ideas?
<!--
- Bug fixes must be submitted against the lowest branch where they apply
(lowest branches are regularly merged to upper ones so they get the fixes too).
- Features and deprecations must be submitted against the 3.4,
legacy code removals go to the master branch.
- Please fill in this template according to the PR you're about to submit.
- Replace this comment by a description of what your PR is solving.
-->
Commits
-------
d30c751781 Add some phpdocs for IDE autocompletion and better SCA
This PR was merged into the 2.7 branch.
Discussion
----------
[Debug] Missing escape in debug output
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
When pretty-printing an exception, the debug handler does not properly escape array keys.
The problem only occurs when debug output is enabled, so this is not considered a [security issue](http://symfony.com/doc/current/contributing/code/security.html) (according to @fabpot), because the debug tools [should not be used in production](https://symfony.com/doc/current/components/debug.html#usage).
A test for this is included in my patch for #18722.
Commits
-------
636777d [Debug] HTML-escape array key
This PR was merged into the 2.7 branch.
Discussion
----------
[DI] Make dumped docblocks less verbose
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
When I open a dumped container, I always find there are too much noise in docblocs.
As a bonus side effect, this will reduce the memory requirement in dev :)
Commits
-------
1ade5d8658 [DI] Make dumped docblocks less verbose
This PR was merged into the 2.7 branch.
Discussion
----------
[DI] use assertStringEqualsFile when possible
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
To make failure reporting more accurate, and maintaining tests easier (assertStringEqualsFile is already heavily used in the same file.)
Commits
-------
eebae7e [DI] use assertStringEqualsFile when possible
This PR was merged into the 2.7 branch.
Discussion
----------
[VarDumper] Adapt to php 7.2 changes
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
As required by this change on PHP 7.2:
https://wiki.php.net/rfc/convert_numeric_keys_in_object_array_casts
Tests pass locally (until we add 7.2 to Travis)
Commits
-------
3c2f5f7 [VarDumper] Adapt to php 7.2 changes
This PR was squashed before being merged into the 2.7 branch (closes#23649).
Discussion
----------
[Form][TwigBridge] Don't render _method in form_rest() for a child form
The hidden `_method` must only be generated if the form is the top most form.
Always generating the hidden `_method` breaks forms using the POST method when they have children using the PUT method. If `_method` is generated for such a child form, it overrides the parent method and the form fails to validate.
See issue #23254
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #14261
| License | MIT
| Doc PR |
Commits
-------
973b2d3 [Form][TwigBridge] Don't render _method in form_rest() for a child form
This PR was submitted for the master branch but it was merged into the 2.7 branch instead (closes#23619).
Discussion
----------
[Validator] Fix IbanValidator for ukrainian IBANs
The ukrainian bank identifier consists of six digits and not letters.
Also fixes the broken links to the current SWIFT IBAN registry pdf.
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
Commits
-------
1ba95738fb [Validator] Fix IbanValidator for ukrainian IBANs
This PR was merged into the 2.7 branch.
Discussion
----------
use Precise on Travis to keep PHP LDAP support
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
Travis CI [started to roll out Ubuntu Trusty](https://blog.travis-ci.com/2017-07-11-trusty-as-default-linux-is-coming) as the default distribution. However, it seems that the PHP LDAP extension is missing on Trusty (see travis-ci/travis-ci#7067) starting to make our builds fail. Thus, I suggest to keep using Precise until the linked issue has been fixed.
Commits
-------
5441b1a use Precise on Travis to keep PHP LDAP support
This PR was submitted for the 2.8 branch but it was merged into the 2.7 branch instead (closes#23238).
Discussion
----------
[Security] ensure the 'route' index is set before attempting to use it
| Q | A
| ------------- | ---
| Branch? | 2.8
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
```
// matching a request is more powerful than matching a URL path + context, so try that first
if ($this->urlMatcher instanceof RequestMatcherInterface) {
$parameters = $this->urlMatcher->matchRequest($request);
} else {
$parameters = $this->urlMatcher->match($request->getPathInfo());
}
return $path === $parameters['_route'];
```
Hi the issue here is the code is assuming a `_route` has been returned from the `match()` method.. however there is nothing to suggest that is always the case. For example if I just want to return a controller that is perhaps not added as an actual route I can & it works.. Although this will generate a notice warning.
**In terms of what happens if the `_route` is not defined should it return `false?` or actually perform a similar condition as `return $path === rawurldecode($request->getPathInfo());` **
I have an implementation of a router that is just returning a controller path and its arguments without a `_route` which works aside from this notice.
Commits
-------
7ae578cc1a fix(security): ensure the 'route' index is set before attempting to use it
This PR was squashed before being merged into the 2.7 branch (closes#23580).
Discussion
----------
Fix login redirect when referer contains a query string
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #19026, #23027, #23061, #23411, #23551
| License | MIT
| Doc PR | n/a
In 3.3, #19026 was merged to fix a bug that should have been fixed in 2.7. The fix was wrong anyway, so this PR fixes it the proper way.
The first two commits refactors test (using mocks for data objects is a bad idea and using too many mocks actually makes tests test nothing).
The actual fix is in the third commit.
Commits
-------
022ac0be09 [Security] added more tests
9c7a1406cb [Security] fixed default target path when referer contains a query string
b1f1ae26b4 [Security] simplified tests
3387612451 [Security] refactored tests
Nicolas Grekas
Maxime Steinhausser
Fabien Potencier
Robin Chalas
Jérémy Derussé
Javier Eguiluz
Fabien Potencier
AbdElKader Bouadjadja
Alexander Schwenn
Kévin Dunglas
Christian Schmidt
Maxime Steinhausser
fmarchalemisys
Konstantin.Myakshin
Christopher Parotat
Christian Flothmann
Gavin Staniforth
