This PR was merged into the 2.7 branch.
Discussion
----------
[Security] do not mock the session in token storage tests
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
Commits
-------
919f93d do not mock the session in token storage tests
This PR was merged into the 2.7 branch.
Discussion
----------
[Form] Fix precision of MoneyToLocalizedStringTransformer's divisions on transform()
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | no
| License | MIT
| Doc PR |
Related issue https://github.com/symfony/symfony/issues/21026.
Previous PR https://github.com/symfony/symfony/pull/24036.
Similar fix for `transform()` method.
Commits
-------
f94b7aadd3 fix rounding from string
This PR was submitted for the master branch but it was merged into the 2.7 branch instead (closes#27286).
Discussion
----------
[Translation] Add Occitan plural rule
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
Enable correct plural on Occitan translations. Could be safely merged in versions branches.
Commits
-------
0de3a61cfc Add Occitan plural rule
This PR was merged into the 2.7 branch.
Discussion
----------
Disallow invalid characters in session.name
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #27023
| License | MIT
| Doc PR |
PHP saves cookie with correct name, but upon deserialization to
`$_COOKIE`, it replaces "." characters with "_".
This is probably also reason why \SessionHandler is not able to find
a session.
https://harrybailey.com/2009/04/dots-arent-allowed-in-php-cookie-names/https://bugs.php.net/bug.php?id=75883
Commits
-------
16ebb43bd4 Disallow illegal characters like "." in session.name
This PR was squashed before being merged into the 2.7 branch (closes#24805).
Discussion
----------
[Security] Fix logout
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | no
| Fixed tickets | #6751, #7104
| License | MIT
Commits
-------
9e88eb5aa9 [Security] Fix logout
This PR was merged into the 2.7 branch.
Discussion
----------
[Process] Suppress warnings when open_basedir is non-empty
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
If PHP is configured *with a non-empty open_basedir* value that does not permit access to the target location, these calls to is_executable() throw warnings.
While Symfony may not raise exceptions for warnings in production environments, other frameworks (such as Laravel) do, in which case any of these checks causes a show-stopping 500 error.
We fixed a similar issue in the ExecutableFinder class via symfony/symfony#16182 .
This has always been an issue, but 709e15e7a3 made it more likely that a warning is triggered.
Commits
-------
34f136e01b Suppress warnings when open_basedir is non-empty
This PR was merged into the 2.7 branch.
Discussion
----------
[Debug] Fix populating error_get_last() for handled silent errors
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
When a userland error handler doesn't return `false`, `error_get_last()` is not updated, so we cannot see the real last error, but the previous one.
See https://3v4l.org/Smmt7
Commits
-------
d7e612d2ac [Debug] Fix populating error_get_last() for handled silent errors
This PR was merged into the 2.7 branch.
Discussion
----------
[Filesystem] Fix usages of error_get_last()
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
Same as #27232 for 2.7.
When a userland error handler doesn't return `false`, `error_get_last()` is not updated, so we cannot see the real last error, but the previous one.
See https://3v4l.org/Smmt7
Commits
-------
9d015c7c50 [Filesystem] Fix usages of error_get_last()
This PR was submitted for the master branch but it was merged into the 2.7 branch instead (closes#27183).
Discussion
----------
Fixed return type
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | yes
| New feature? | no <!-- don't forget to update src/**/CHANGELOG.md files -->
| BC breaks? | no <!-- see https://symfony.com/bc -->
| Deprecations? | no <!-- don't forget to update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| Tests pass? | no <!-- please add some, will be required by reviewers -->
| Fixed tickets | <!-- #-prefixed issue number(s), if any -->
| License | MIT
| Doc PR | symfony/symfony-docs#... <!-- required for new features -->
<!--
Write a short README entry for your feature/bugfix here (replace this comment block.)
This will help people understand your PR and can be used as a start of the Doc PR.
Additionally:
- Bug fixes must be submitted against the lowest branch where they apply
(lowest branches are regularly merged to upper ones so they get the fixes too).
- Features and deprecations must be submitted against the master branch.
-->
Note that tests that are failing are not related to this component.
Commits
-------
5539f9d6c8 Fixed return type
If PHP is configured *with a non-empty open_basedir* value that does not permit access to the target location, these calls to is_executable() throw warnings.
While Symfony may not raise exceptions for warnings in production environments, other frameworks (such as Laravel) do, in which case any of these checks causes a show-stopping 500 error.
We fixed a similar issue in the ExecutableFinder class via symfony/symfony#16182 .
This has always been an issue, but 709e15e7a37cb7ed6199548dc70dc33168e6cb2d made it more likely that a warning is triggered.
This PR was merged into the 2.7 branch.
Discussion
----------
[Validator] make phpdoc of ObjectInitializerInterface interface more accurate
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | ~
| License | MIT
| Doc PR | ~
Commits
-------
30970c7a9b [Validator] make phpdoc of ObjectInitializerInterface interface more accurate
This PR was merged into the 2.7 branch.
Discussion
----------
Use symfony/polyfill-ctype
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
Related to: #24168
Although it does not fix this issue, it does remove the dependency on the `ctype` extension.
Commits
-------
afc09cc8a7 Use symfony/polyfill-ctype
This PR was merged into the 2.7 branch.
Discussion
----------
[Form] fixes instance variable phpdoc in FormRegistry class
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | ~
| License | MIT
| Doc PR | ~
<!--
Write a short README entry for your feature/bugfix here (replace this comment block.)
This will help people understand your PR and can be used as a start of the Doc PR.
Additionally:
- Bug fixes must be submitted against the lowest branch where they apply
(lowest branches are regularly merged to upper ones so they get the fixes too).
- Features and deprecations must be submitted against the master branch.
-->
Commits
-------
27fddf5927 [Form] fixes instance variable phpdoc in FormRegistry class
