* 3.2:
do not depend on a fixed date in layout tests
[Console] Escape default value when dumping help
[Console] OS X Can't call cli_set_process_title php without superuser
Fixed @return when returning this or static #bis
fixed @return when returning this or static
Polish translation improvement in Validator component
[Console] Descriptors should use Helper::strlen
[Config] Improve PHPdoc / IDE autocomplete
[Debug] Wrap call to ->log in a try catch block
[Debug] UndefinedMethodFatalErrorHandler - Handle anonymous classes
fix merge
[cache] Bump RedisAdapter timeout to 5s
fixed @return when returning this or static
[SecurityBundle] Made collection of user provider unique when injecting them to the RemberMeService
remove is_writable check on filesystem cache
* 3.1:
do not depend on a fixed date in layout tests
[Console] Escape default value when dumping help
[Console] OS X Can't call cli_set_process_title php without superuser
Fixed @return when returning this or static #bis
fixed @return when returning this or static
Polish translation improvement in Validator component
[Console] Descriptors should use Helper::strlen
[Config] Improve PHPdoc / IDE autocomplete
[Debug] Wrap call to ->log in a try catch block
[Debug] UndefinedMethodFatalErrorHandler - Handle anonymous classes
fix merge
[cache] Bump RedisAdapter timeout to 5s
fixed @return when returning this or static
[SecurityBundle] Made collection of user provider unique when injecting them to the RemberMeService
remove is_writable check on filesystem cache
* 2.8:
do not depend on a fixed date in layout tests
[Console] Escape default value when dumping help
[Console] OS X Can't call cli_set_process_title php without superuser
Fixed @return when returning this or static #bis
Polish translation improvement in Validator component
[Console] Descriptors should use Helper::strlen
[Config] Improve PHPdoc / IDE autocomplete
[Debug] Wrap call to ->log in a try catch block
[Debug] UndefinedMethodFatalErrorHandler - Handle anonymous classes
[SecurityBundle] Made collection of user provider unique when injecting them to the RemberMeService
* 2.7:
do not depend on a fixed date in layout tests
[Console] Escape default value when dumping help
[Console] OS X Can't call cli_set_process_title php without superuser
Polish translation improvement in Validator component
[Console] Descriptors should use Helper::strlen
[Config] Improve PHPdoc / IDE autocomplete
[Debug] Wrap call to ->log in a try catch block
[Debug] UndefinedMethodFatalErrorHandler - Handle anonymous classes
[SecurityBundle] Made collection of user provider unique when injecting them to the RemberMeService
By default, the `DateType` as well as the `DateTimeType` set the choices
being available for the year to a range starting five years in the past.
After some time, this will make tests fail when the year of the fixed
date being used as the initial data is before the first year being part
of the choices.
The DefinitionDecorator class does not deal with decorated services. It
reflects a parent-child-relationship between definitions instead. To
avoid confusion, this commit deprecates the existing DefinitionDecorator
class and introduces a new ChildDefinition class as replacement.
This PR was merged into the 3.2-dev branch.
Discussion
----------
[FrameworkBundle] removed the Security Core and Security CSRF component dependencies on FrameworkBundle
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| BC breaks? | no (except for people using FrameworkBundle without requiring symfony/symfony which should be pretty rare; and fixing this is easy by adding symfony/security-core and symfony/security-csrf explicitly)
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #15748 partially
| License | MIT
| Doc PR | n/a
Another PR to reduce the number of required dependencies on FrameworkBundle. This PR removes the Security Core and CSRF components from the list.
Commits
-------
d703784 [FrameworkBundle] removed the Security Core and Security CSRF component dependencies on FrameworkBundle
This PR was merged into the 3.2-dev branch.
Discussion
----------
[FrameworkBundle] removed the Templating component dependency on FrameworkBundle
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| BC breaks? | no (except for people using FrameworkBundle without requiring symfony/symfony which should be pretty rare; and fixing this is easy by adding symfony/templating explicitly)
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #15748 partially
| License | MIT
| Doc PR | n/a
Another PR to reduce the number of required dependencies on FrameworkBundle. This PR removes the Templating component from the list.
I made most of the work in previous version, so this change is really just about adding a good error message when templating is not enabled. For the record, this is also in the path of making possible to use Symfony with Twig without using the Templating component indirection (I think that this is in fact the last step).
Commits
-------
b3de62f [FrameworkBundle] removed the Templating component dependency on FrameworkBundle
This PR was merged into the 3.2-dev branch.
Discussion
----------
[FrameworkBundle] Introduce a cache warmer for Validator based on PhpArrayAdapter
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | yes
| Tests pass? | -
| Fixed tickets | -
| License | MIT
| Doc PR | -
Following the cache warmer for annotations PR (https://github.com/symfony/symfony/pull/18533), this PR introduces a cache warmer for YAML and XML Validator configuration.
Based on the PhpArrayAdapter, it uses the naming conventions (`Resources/config/validation`) to find the files and compile them into a single PHP file stored in the cache directory. This file uses shared memory on PHP 7.
The benefit of this PR are the same than the ones of the annotations PR:
- validation configuration can be warmed up offline
- on PHP 7, there is no need for user extension to get maximum performances (ie. if you use this PR and the other one, you probably won't need to enable APCu to have great performances)
- on PHP 7 again, we are not sensitive to APCu memory fragmentation
- last but not least, global performance is slightly better (I get 30us per class gain in Blackfire)
This PR also deprecates the framework.validator.cache key in favor of the cache pool introduced in https://github.com/symfony/symfony/pull/18544.
Commits
-------
6bdaf0b [FrameworkBundle] Introduce a cache warmer for Validator based on PhpArrayAdapter
This PR was merged into the 3.2-dev branch.
Discussion
----------
[Security] Expose the required roles in AccessDeniedException
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| License | MIT
Nowadays it is more and more common to protect some sensitive actions and part of a website using 2FA or some re-authentication mechanism (per example, on Github you have to enter your password again when you add an ssh key). But currently, in Symfony, it is really hard to implement without having to duplicate the logic, provide an explicit list of URLs to protect or hack into the security component.
A good way to achieve that would be to add a special role (like IS_AUTHENTICATED_FULLY) and use it in the access map. But it requires us to be able to have a custom logic in an ExceptionListener depending on the roles behind an AccessDeniedException.
With this patch we could write an ExceptionListener of this kind (a similar logic could also be used in an AccessDeniedHandler):
```php
public function onKernelException(GetResponseForExceptionEvent $event)
{
$exception = $event->getException();
do {
if ($exception instanceof AccessDeniedException) {
foreach ($exception->getAttributes() as $role) {
if ($role === 'IS_AUTHENTICATED_2FA' && !$this->accessDecisionManager->decide($this->tokenStorage->getToken(), $role, $exception->getObject())) {
// Start 2FA
}
}
}
} while (null !== $exception = $exception->getPrevious());
}
```
Replaces #18661
Commits
-------
6618c18 [Security] Expose the required roles in AccessDeniedException
* 3.1:
Fixed BC Layer in DoctrineChoiceLoader
[HttpKernel] Add listener that checks when request has both Forwarded and X-Forwarded-For
[HttpKernel] Move conflicting origin IPs handling to catch block
[travis] Fix deps=low/high patching
Fixed some issues of the AccessDecisionManager profiler
[DoctrineBridge] fixed default parameter value in UniqueEntityValidator
* 3.0:
[HttpKernel] Add listener that checks when request has both Forwarded and X-Forwarded-For
[HttpKernel] Move conflicting origin IPs handling to catch block
[travis] Fix deps=low/high patching
* 2.8:
[HttpKernel] Add listener that checks when request has both Forwarded and X-Forwarded-For
[HttpKernel] Move conflicting origin IPs handling to catch block
[travis] Fix deps=low/high patching
* 2.7:
[HttpKernel] Add listener that checks when request has both Forwarded and X-Forwarded-For
[HttpKernel] Move conflicting origin IPs handling to catch block
[travis] Fix deps=low/high patching
Add tests
Fix tests & YamlLintCommand help formatting
fabbot fixes
Use Generator to iterate over the filesystem
Move STDIN related code in a method
Use RecursiveIteratorIterator::LEAVES_ONLY rather than SELF_FIRST
Stop using the Finder component when available (Make findFiles() private)
Re-add FrameworkBundle YamlLintCommandTest
Use CommandTester::getStatusCode() rather than assign execute()
Re-add feature for bundle directories, Test it
* 3.0: (22 commits)
Fix backport
[travis] Upgrade phpunit wrapper & hirak/prestissimo
[Bridge\PhpUnit] Workaround old phpunit bug, no colors in weak mode, add tests
[PropertyAccess] Fix isPropertyWritable not using the reflection cache
[PropertyAccess] Backport fixes from 2.7
[FrameworkBundle][2.8] Add tests for the Controller class
[DependencyInjection] Update changelog
Added WebProfiler toolbar ajax panel table layout css.
[Validator] use correct term for a property in docblock (not "option")
[Routing] small refactoring for scheme requirement
[PropertyAccess] Remove most ref mismatches to improve perf
[PropertyInfo] Support Doctrine custom mapping type in DoctrineExtractor
[Validator] EmailValidator cannot extract hostname if email contains multiple @ symbols
[NumberFormatter] Fix invalid numeric literal on PHP 7
[Process] fix docblock syntax
use the clock mock for progress indicator tests
Use XML_ELEMENT_NODE in nodeType check
[PropertyAccess] Reduce overhead of UnexpectedTypeException tracking
[PropertyAccess] Throw an UnexpectedTypeException when the type do not match
[FrameworkBundle] Add tests for the Controller class
...
Conflicts:
src/Symfony/Bridge/PhpUnit/SymfonyTestsListener.php
src/Symfony/Bundle/FrameworkBundle/Tests/Controller/ControllerTest.php
src/Symfony/Bundle/FrameworkBundle/composer.json
src/Symfony/Component/PropertyAccess/PropertyAccessor.php
src/Symfony/Component/PropertyAccess/PropertyAccessorInterface.php
src/Symfony/Component/PropertyAccess/Tests/PropertyAccessorTest.php
* 2.8: (22 commits)
Fix backport
[travis] Upgrade phpunit wrapper & hirak/prestissimo
[Bridge\PhpUnit] Workaround old phpunit bug, no colors in weak mode, add tests
[PropertyAccess] Fix isPropertyWritable not using the reflection cache
[PropertyAccess] Backport fixes from 2.7
[FrameworkBundle][2.8] Add tests for the Controller class
[DependencyInjection] Update changelog
Added WebProfiler toolbar ajax panel table layout css.
[Validator] use correct term for a property in docblock (not "option")
[Routing] small refactoring for scheme requirement
[PropertyAccess] Remove most ref mismatches to improve perf
[PropertyInfo] Support Doctrine custom mapping type in DoctrineExtractor
[Validator] EmailValidator cannot extract hostname if email contains multiple @ symbols
[NumberFormatter] Fix invalid numeric literal on PHP 7
[Process] fix docblock syntax
use the clock mock for progress indicator tests
Use XML_ELEMENT_NODE in nodeType check
[PropertyAccess] Reduce overhead of UnexpectedTypeException tracking
[PropertyAccess] Throw an UnexpectedTypeException when the type do not match
[FrameworkBundle] Add tests for the Controller class
...
Conflicts:
.travis.yml
composer.json
src/Symfony/Bridge/PhpUnit/DeprecationErrorHandler.php
src/Symfony/Bundle/FrameworkBundle/composer.json
src/Symfony/Component/Intl/NumberFormatter/NumberFormatter.php