This PR was merged into the 3.4 branch.
Discussion
----------
[Validator][ConstraintValidator] Stop passing unnecessary timezone argument to \DateTime
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | -
Since we format the \DateTimeImmutable with the "e" character, it uses this timezone identifier and do not consider the passed one. See https://www.php.net/manual/en/datetime.construct.php:
> The $timezone parameter and the current timezone are ignored when the $time parameter either is a UNIX timestamp (e.g. @946684800) or specifies a timezone (e.g. 2010-01-28T15:00:00+02:00).
Commits
-------
03dbcf8794 [Validator][ConstraintValidator] Stop passing unnecessary timezone argument to \DateTime
This PR was merged into the 4.4 branch.
Discussion
----------
Fixing bad order of operations with null coalescing operator
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | None
| License | MIT
| Doc PR | not needed
Hi!
Reported by a user on SymfonyCasts :). Apparently without the parentheses, the order of operations is incorrect: https://3v4l.org/UZ7GU
Thanks!
Commits
-------
6291264 Fixing bad order of operations with null coalescing operator
This PR was merged into the 3.4 branch.
Discussion
----------
[TwigBundle] add tags before processing them
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | Fix#34815
| License | MIT
| Doc PR |
Commits
-------
e1145a78b5 add tags before processing them
* 5.0: (38 commits)
[Security] Check UserInterface::getPassword is not null before calling needsRehash
gracefully handle missing event dispatchers
Fix TokenStorage::reset not called in stateless firewall
[DotEnv] Remove `usePutEnv` property default value
[HttpFoundation] get currently session.gc_maxlifetime if ttl doesnt exists
Set up typo fix
[DependencyInjection] Handle env var placeholders in CheckTypeDeclarationsPass
[Cache] fix memory leak when using PhpArrayAdapter
[Validator] Allow underscore character "_" in URL username and password
[TwigBridge] Update bootstrap_4_layout.html.twig
[DoctrineBridge] Removed QueryBuilder type hint in getLoader()
[FrameworkBundle][SodiumVault] Create secrets directory only when needed
fix parsing negative octal numbers
[String] implement __sleep()/__wakeup() on strings
Fixed translations file dumper behavior
[Routing][ObjectLoader] Remove forgotten deprecation after merge
[SecurityBundle] Passwords are not encoded when algorithm set to \"true\"
[DependencyInjection] Resolve expressions in CheckTypeDeclarationsPass
[SecurityBundle] Properly escape regex in AddSessionDomainConstraintPass
do not validate passwords when the hash is null
...
* 4.4: (30 commits)
[Security] Check UserInterface::getPassword is not null before calling needsRehash
gracefully handle missing event dispatchers
Fix TokenStorage::reset not called in stateless firewall
[DotEnv] Remove `usePutEnv` property default value
[HttpFoundation] get currently session.gc_maxlifetime if ttl doesnt exists
Set up typo fix
[DependencyInjection] Handle env var placeholders in CheckTypeDeclarationsPass
[Cache] fix memory leak when using PhpArrayAdapter
[Validator] Allow underscore character "_" in URL username and password
[TwigBridge] Update bootstrap_4_layout.html.twig
[FrameworkBundle][SodiumVault] Create secrets directory only when needed
fix parsing negative octal numbers
[SecurityBundle] Passwords are not encoded when algorithm set to \"true\"
[DependencyInjection] Resolve expressions in CheckTypeDeclarationsPass
[SecurityBundle] Properly escape regex in AddSessionDomainConstraintPass
do not validate passwords when the hash is null
[DI] fix resolving bindings for named TypedReference
[Config] never try loading failed classes twice with ClassExistenceResource
[Mailer] Fix SMTP Authentication when using STARTTLS
[DI] Fix making the container path-independent when the app is in /app
...
This PR was merged into the 4.4 branch.
Discussion
----------
[Mailer] Fix SMTP Authentication when using STARTTLS
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | Fix#34522
| License | MIT
When the mail server uses STARTTLS, the SMTP Authentication is not performed because the AUTH capabilities are not send during the first EHLO call, but during the second one.
Example of problematic exchange solved by this PR:
```
< 220 mydomain.tld ESMTP Postcow
> EHLO [127.0.0.1]
< 250-mydomain.tld
< 250-PIPELINING
< 250-SIZE 104857600
< 250-ETRN
< 250-STARTTLS
< 250-ENHANCEDSTATUSCODES
< 250-8BITMIME
< 250-DSN
< 250 CHUNKING
> STARTTLS
< 220 2.0.0 Ready to start TLS
> EHLO [127.0.0.1]
< 250-mydomain.tld
< 250-PIPELINING
< 250-SIZE 104857600
< 250-ETRN
< 250-AUTH PLAIN LOGIN
< 250-AUTH=PLAIN LOGIN
< 250-ENHANCEDSTATUSCODES
< 250-8BITMIME
< 250-DSN
< 250 CHUNKING
> MAIL FROM:<noreply@XXX>
< 250 2.1.0 Ok
> RCPT TO:<XXX>
< 554 5.7.1 <XXX>: Client host rejected: Access denied
```
Commits
-------
75b54542ab [Mailer] Fix SMTP Authentication when using STARTTLS
This PR was merged into the 5.1-dev branch.
Discussion
----------
[DependencyInjection] Autowire public typed properties
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| Deprecations? | no
| License | MIT
### Description
This PR adds the Autowiring of **public typed properties** in PHP 7.4.
It is only on "public" properties.
It could let people think that services are better injected in "public".
I don't know what to think about it, you?
### How about "private" properties - further thinking
Even if I think that it would be awesome to be able to inject in "private" properties, we discussed it with @nicolas-grekas, and I agree Symfony should not break any standard logic. If the property is private then it is private the DI cannot touch it.
But that could/would remove a lot of boilerplate, and if it is declarative, that might still be something to do.
Maybe we could introduce a new annotation for injection in "private": `@requiredPrivated` ?
Commits
-------
cad7fbb9f7 [DI] Autowire public typed properties
This PR was merged into the 4.4 branch.
Discussion
----------
[DependencyInjection] Handle env var placeholders in CheckTypeDeclarationsPass
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | -
A case we forgot to handle.
Commits
-------
c3574858b5 [DependencyInjection] Handle env var placeholders in CheckTypeDeclarationsPass
This PR was merged into the 3.4 branch.
Discussion
----------
[Cache] fix memory leak when using PhpArrayAdapter
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | Fix#34687
| License | MIT
| Doc PR | -
Thanks to @adrienfr, I've been able to understand what causes this massive memory leak when using `PhpArrayAdapter`:
When tests run, a new kernel is booted for each test case. This means a new instance of `PhpArrayAdapter` is created, which means it loads its state again and again using `include` for e.g. `annotations.php` in this example.
The first obvious thing is that we see this doing `compile::*`: this means PHP is parsing the same file again and again. But shouldn't opcache prevent this? Well, it's disabled by default because `opcache.enable_cli=0`. To prove the point, here is a comparison with the same tests run with `php -dopcache.enable_cli=1`. The comparison is swapped, but you'll get it:
But that's not over: because of https://bugs.php.net/76982 (see #32236 also), we still have a memory leak when the included file contains closures. And this one does.
This PR fixes the issue by storing the return value of the include statement into a static property. This fits the caching model of `PhpArrayAdapter`: it's a read-only storage for system caches - i.e. its content is immutable.
Commits
-------
4194c4c56d [Cache] fix memory leak when using PhpArrayAdapter
This PR was merged into the 5.0 branch.
Discussion
----------
[String] implement __sleep()/__wakeup() on strings
| Q | A
| ------------- | ---
| Branch? | 5.0
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | -
This resets the transient ignoreCase state on unserialized instances.
Commits
-------
416e40d943 [String] implement __sleep()/__wakeup() on strings
This PR was merged into the 5.0 branch.
Discussion
----------
[String] inline Latin-ASCII rules
| Q | A
| ------------- | ---
| Branch? | 5.0
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | Fix#34751
| License | MIT
| Doc PR | -
Makes the component a bit more portable.
Commits
-------
976a938736 [String] inline Latin-ASCII rules
This PR was merged into the 5.1-dev branch.
Discussion
----------
[Validator] mark the Composite constraint as internal
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| Tickets | Fix#34830
| License | MIT
| Doc PR |
Commits
-------
de0df4637d mark the Composite constraint as internal
This PR was squashed before being merged into the 4.4 branch (closes#34802).
Discussion
----------
[Security] Check UserInterface::getPassword is not null before calling needsRehash
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | -
`Symfony\Component\Security\Core\Encoder\PasswordEncoderInterface::needsRehash()` expects a string as the input argument. In some cases `Symfony\Component\Security\Core\User\UserInterface::getPassword()` is used as the input argument, but this function can return `null` resulting in a potential type error.
Commits
-------
8e4cf497cd [Security] Check UserInterface::getPassword is not null before calling needsRehash
This PR was merged into the 3.4 branch.
Discussion
----------
[SecurityBundle] Properly escape regex in AddSessionDomainConstraintPass
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | https://github.com/symfony/symfony/issues/34774
| License | MIT
| Doc PR | -
`%s` should be escaped, so it is dumped as `%%s` (it ends up being properly unescaped at load time, so the passed value to the service is the same).
Commits
-------
de03cee846 [SecurityBundle] Properly escape regex in AddSessionDomainConstraintPass
This PR was merged into the 4.4 branch.
Discussion
----------
[SecurityBundle] Fix TokenStorage::reset not called in stateless firewall
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | NA
| License | MIT
| Doc PR | NA
By default, the service `security.token_storage` is resetable. https://github.com/symfony/symfony/blob/master/src/Symfony/Bundle/SecurityBundle/Resources/config/security.xml#L22-L24
But when using a stateless application without session, the `RegisterTokenUsageTrackingPass` replace the service `security.token_storage` by an alias to `security.untracked_token_storage` (which is not tagged as resetable.
Commits
-------
616c30f185 Fix TokenStorage::reset not called in stateless firewall
* 4.3:
[DotEnv] Remove `usePutEnv` property default value
Set up typo fix
[Validator] Allow underscore character "_" in URL username and password
[SecurityBundle] Passwords are not encoded when algorithm set to \"true\"
do not validate passwords when the hash is null
[DI] fix resolving bindings for named TypedReference
[DI] Fix making the container path-independent when the app is in /app
Allow copy instead of symlink for ./link script
[FrameworkBundle] resolve service locators in `debug:*` commands
bumped Symfony version to 4.3.10
updated VERSION for 4.3.9
updated CHANGELOG for 4.3.9
bumped Symfony version to 3.4.37
updated VERSION for 3.4.36
update CONTRIBUTORS for 3.4.36
updated CHANGELOG for 3.4.36
Add test on ServerLogHandler
* 3.4:
[Validator] Allow underscore character "_" in URL username and password
[SecurityBundle] Passwords are not encoded when algorithm set to \"true\"
do not validate passwords when the hash is null
[DI] Fix making the container path-independent when the app is in /app
Allow copy instead of symlink for ./link script
[FrameworkBundle] resolve service locators in `debug:*` commands
bumped Symfony version to 3.4.37
updated VERSION for 3.4.36
update CONTRIBUTORS for 3.4.36
updated CHANGELOG for 3.4.36
This PR was merged into the 4.3 branch.
Discussion
----------
[DotEnv] Remove `usePutEnv` property default value
| Q | A
| ------------- | ---
| Branch? | 4.3
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| Tickets | n/a
| License | MIT
| Doc PR | n/a
The default value is already set in the constructor (and changes in 5.0, see https://github.com/symfony/symfony/pull/31957/files#diff-3dc82e6e990428b0c71cf2112d02269fR44) and the class is final.
Commits
-------
362c339fa6 [DotEnv] Remove `usePutEnv` property default value
This PR was submitted for the master branch but it was squashed and merged into the 4.4 branch instead.
Discussion
----------
[HttpFoundation] get currently session.gc_maxlifetime if ttl doesnt exists
| Q | A
| ------------- | ---
| Branch? | master / 4.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | Fix#34659
| License | MIT
If option `ttl` was not defined in RedisSessionHandler, this got the default `session.gc_maxlifetime`. With this fixed, RedisSessionHandler get the currently `session.gc_maxlifetime`.
Commits
-------
b6253e2336 [HttpFoundation] get currently session.gc_maxlifetime if ttl doesnt exists
This PR was submitted for the 4.4 branch but it was merged into the 4.3 branch instead.
Discussion
----------
[Messenger] "set up" typo fix
| Q | A
| ------------- | ---
| Branch? | master for features / 3.4, 4.3, 4.4 or 5.0 for bug fixes <!-- see below -->
| Bug fix? | no
| New feature? | no <!-- please update src/**/CHANGELOG.md files -->
| Deprecations? | no <!-- please update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| License | MIT
There's a typo, `setup` is a noun, but it should be a verb `set up`.
Commits
-------
b0daf020de Set up typo fix
This PR was merged into the 5.1-dev branch.
Discussion
----------
[Security] Make remember-me user providers lazy
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | -
As everywhere else
Commits
-------
bea74560e1 [Security} Make remember-me user providers lazy
This PR was merged into the 3.4 branch.
Discussion
----------
[FrameworkBundle] resolve service locators in `debug:*` commands
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | Fix#34470
| License | MIT
| Doc PR | -
Because of the way ServiceClosureArgument are dumped, we need to resolve locators after loading the xml dump of the container:
https://github.com/symfony/symfony/blob/3.4/src/Symfony/Component/DependencyInjection/Dumper/XmlDumper.php#L273
Commits
-------
820da66346 [FrameworkBundle] resolve service locators in `debug:*` commands
This PR was merged into the 3.4 branch.
Discussion
----------
[3.4][Validator] Allow underscore character "_" in URL username and password
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| License | MIT
Hello!
It's been a long time since my last push on Symfony :)
Here's a bug fix. I think URL usernames and password may contain an underscore. Let me know!
Commits
-------
869518bc7e [Validator] Allow underscore character "_" in URL username and password
This PR was merged into the 5.0 branch.
Discussion
----------
[DoctrineBridge] Removed QueryBuilder type hint in getLoader()
| Q | A
| ------------- | ---
| Branch? | 5.0 <!-- see below -->
| Bug fix? | yes
| New feature? | no <!-- please update src/**/CHANGELOG.md files -->
| Deprecations? | no <!-- please update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| Tickets | ~
| License | MIT
| Doc PR | ~
<!--
Replace this notice by a short README for your feature/bugfix. This will help people
understand your PR and can be used as a start for the documentation.
Additionally (see https://symfony.com/roadmap):
- Always add tests and ensure they pass.
- Never break backward compatibility (see https://symfony.com/bc).
- Bug fixes must be submitted against the lowest maintained branch where they apply
(lowest branches are regularly merged to upper ones so they get the fixes too.)
- Features and deprecations must be submitted against branch master.
-->
Follows #34600.
Commits
-------
8621852396 [DoctrineBridge] Removed QueryBuilder type hint in getLoader()
This PR was submitted for the master branch but it was merged into the 4.4 branch instead (closes#34811).
Discussion
----------
[TwigBridge] Update bootstrap_4_layout.html.twig missing switch-custom label
| Q | A
| ------------- | ---
| Branch? | 5.0
| Bug fix? | yes
| New feature? | no
| License | MIT
Missing .custom-control-label for bootstrap custom-switch when using .switch-custom class in label_attr
Commits
-------
9347b2ea2f [TwigBridge] Update bootstrap_4_layout.html.twig
