* 5.0:
[PhpUnitBridge] fix PHP 5.3 compat
[PhpUnitBridge] Mark parent class also covered in CoverageListener
prevent notice for invalid octal numbers on PHP 7.4
* 4.4:
[PhpUnitBridge] fix PHP 5.3 compat
[PhpUnitBridge] Mark parent class also covered in CoverageListener
prevent notice for invalid octal numbers on PHP 7.4
* 3.4:
[PhpUnitBridge] fix PHP 5.3 compat
[PhpUnitBridge] Mark parent class also covered in CoverageListener
prevent notice for invalid octal numbers on PHP 7.4
This PR was merged into the 5.1-dev branch.
Discussion
----------
[FrameworkBundle] use the router context by default for assets
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | -
Follows #36651 and #21027
This means assets are going to be configured automatically most of the time. The only case where `asset.request_context.base_path` is useful is when the webserver still keeps a `/index.php/` in URLs. (I'm not sure if the doc should tell ppl to use the parameter, or if we should tell ppl to improve the config of their server...)
Commits
-------
1ac5f68810 [FrameworkBundle] use the router context by default for assets
This PR was merged into the 5.1-dev branch.
Discussion
----------
[String] allow passing a string of custom characters to ByteString::fromRandom
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes/
| Deprecations? | no
| License | MIT
| Doc PR | symfony/symfony-docs#... <!-- required for new features -->
Commits
-------
5d15c0be60 [String] allow passing a string of custom characters to ByteString::fromRandom
This PR was merged into the 5.1-dev branch.
Discussion
----------
[Inflector][String] Move Inflector in String
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| Deprecations? | yes
| Tickets | https://github.com/orgs/symfony/projects/1#card-30499514
| License | MIT
| Doc PR | -
Needs https://github.com/symfony/symfony/pull/35091.
Should we have a standalone inflector (like the Slugger) or 2 new methods (pluralize and singularize) on the AbstractString class? I implemented both but since we only handle English I finally preferred the first one.
TODO (after the "move" is OK):
- [x] Deprecate the Inflector component
- [x] Use the String inflector in Symfony's code
Commits
-------
9c6a5c0093 [String] Move Inflector in String
This PR was merged into the 5.1-dev branch.
Discussion
----------
[Form] Add the html5 option to ColorType to validate the input
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| Deprecations? | no
| Tickets | no
| License | MIT
| Doc PR | TODO
Continuation of https://github.com/symfony/symfony/pull/35626.
I'm resubmitting the initial implementation, this time in the Form component.
This `Color` constraint is dedicated to the HTML5 input type="color".
Commits
-------
454b6ff48b [Form] Add the html5 option to ColorType to validate the input
This PR was squashed before being merged into the 5.1-dev branch.
Discussion
----------
Automatically provide Messenger Doctrine schema to "diff"
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| Deprecations? | no
| Tickets | Alternative to #36629
| License | MIT
| Doc PR | TODO - WILL be needed
This follows this conversation: https://github.com/symfony/symfony/pull/36629#issuecomment-621745821 - it automatically adds SQL to Doctrine's migration/diff system when features are added the require a database table:
The new feature works for:
### A) Messenger Doctrine transport
**FULL support**
Works perfectly: configure a doctrine transport and run `make:migration`
**Note**: There is no current way to disable this. So if you have `auto_setup` ON and you
run `make:migration` before trying Messenger, it will generate the table SQL. Adding a
flag to disable it might be very complicated, because we need to know (in DoctrineBundle, at compile time) whether or not this feature is enabled/disabled so that we can decide *not* to add `messenger_messages` to the `schema_filter`.
### B) `PdoAdapter` from Cache
**FULL support**
Works perfectly: configure a doctrine transport and run `make:migration`
### C) `PdoStore` from Lock
**PARTIAL support**
I added `PdoStore::configureSchema()` but did NOT add a listener. While `PdoStore` *does* accept a DBAL `Connection`, I don't think it's possible via the `framework.lock` config to create a `PdoStore` that is passed a `Connection`. In other words: if we added a listener that called `PdoStore::configureSchema` if the user configured a `pdo` lock, that service will *never* have a `Connection` object... so it's kind of worthless.
**NEED**: A proper way to inject a DBAL `Connection` into `PdoStore` via `framework.lock` config.
### D) `PdoSessionHandler`
**NO support**
This class doesn't accept a DBAL `Connection` object. And so, we can't reliably create a listener to add the schema because (if there are multiple connections) we wouldn't know which Connection to use.
We could compare (`===`) the `PDO` instance inside `PdoSessionHandler` to the wrapped `PDO` connection in Doctrine. That would only work if the user has configured their `PdoSessionHandler` to re-use the Doctrine PDO connection.
The `PdoSessionHandler` *already* has a `createTable()` method on it to help with manual migration. But... it's not easy to call from a migration because you would need to fetch the `PdoSessionHandler` service from the container. Adding something
**NEED**: Either:
A) A way for `PdoSessionHandler` to use a DBAL Connection
or
B) We try to hack this feature by comparing the `PDO` instances in the event subscriber
or
C) We add an easier way to access the `createTable()` method from inside a migration.
TODOs
* [X] Determine service injection XML needed for getting all PdoAdapter pools
* [ ] Finish DoctrineBundle PR: https://github.com/doctrine/DoctrineBundle/pull/1163
Commits
-------
2dd9c3c3c8 Automatically provide Messenger Doctrine schema to "diff"
This PR was squashed before being merged into the 5.1-dev branch.
Discussion
----------
[ExpressionLanguage] Added expression language syntax validator
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| Deprecations? | no
| Tickets | #35700
| License | MIT
| Doc PR | N/A <!-- required for new features -->
Proposal implementation #35700
The current solution is a compromise between support complexity and cleanliness.
I tried different solutions to the issue. A beautiful solution was obtained only with full duplication of the parser code. That is unacceptable because parser complexity is quite high.
The main problem in this solution is that nodes instances are created which are then not used. I do not think that linter can be a bottleneck and will greatly affect performance. If this is corrected, the parser code becomes a bunch of if's.
JFI: I did not added parsing without variable names, because this breaks caching and potential location for vulnerabilities.
Commits
-------
a5cd965494 [ExpressionLanguage] Added expression language syntax validator
This PR was merged into the 5.1-dev branch.
Discussion
----------
[Security/Core] Add CustomUserMessageAccountStatusException
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| Deprecations? | no
| License | MIT
| Doc PR | Not really needed
When implementing the `UserCheckerInterface`, we can throw `AccountStatusException`. Similar to `CustomUserMessageAuthenticationException`, this exception allow to throw an `AccountStatusException` with a custom message.
Commits
-------
9233efbe06 Add CustomUserMessageAccountStatusException
This PR was merged into the 3.4 branch.
Discussion
----------
[PhpUnitBridge] Mark parent class also covered in CoverageListener
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| Deprecations? | no
| Tickets |
| License | MIT
| Doc PR |
Commits
-------
dcb5653728 [PhpUnitBridge] Mark parent class also covered in CoverageListener
This PR was squashed before being merged into the 5.1-dev branch.
Discussion
----------
[Messenger] Add support for RecoverableException
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| Deprecations? | no
| Tickets | N/A
| License | MIT
| Doc PR | N/A
The messenger supports the `UnrecoverableException` preventing the messenger retry mechanism
when the Handler will never be able to process the Message.
This PR adds the opposite behavior to always retry the message.
UseCase:
- High concurency Consumers use non-blocking lock
- 503/429 errors from 3rd party API
Commits
-------
e7c31675f7 [Messenger] Add support for RecoverableException
* 5.0: (26 commits)
[Filesystem] Handle paths on different drives
[WebProfiler] Do not add src-elem CSP directives if they do not exist
[Yaml] fix parse error when unindented collections contain a comment
Execute docker dependent tests with github actions
Update exception.html.php
[3.4][Inflector] Improve testSingularize() argument name
[Inflector] Fix testPluralize() arguments names
[PhpUnitBridge] fix PHP 5.3 compat again
Skip validation when email is an empty object
fix sr_Latn translation
[Validator] fix lazy property usage.
Fix annotation
[Debug][ErrorHandler] cleanup phpunit.xml.dist files
[Translation] Fix for translation:update command updating ICU messages
[PhpUnitBridge] fix compat with PHP 5.3
bumped Symfony version to 5.0.9
updated VERSION for 5.0.8
updated CHANGELOG for 5.0.8
bumped Symfony version to 4.4.9
updated VERSION for 4.4.8
...
* 4.4: (23 commits)
[Filesystem] Handle paths on different drives
[WebProfiler] Do not add src-elem CSP directives if they do not exist
[Yaml] fix parse error when unindented collections contain a comment
Execute docker dependent tests with github actions
Update exception.html.php
[3.4][Inflector] Improve testSingularize() argument name
[Inflector] Fix testPluralize() arguments names
[PhpUnitBridge] fix PHP 5.3 compat again
Skip validation when email is an empty object
fix sr_Latn translation
[Validator] fix lazy property usage.
Fix annotation
[Debug][ErrorHandler] cleanup phpunit.xml.dist files
[Translation] Fix for translation:update command updating ICU messages
[PhpUnitBridge] fix compat with PHP 5.3
bumped Symfony version to 4.4.9
updated VERSION for 4.4.8
updated CHANGELOG for 4.4.8
provide a useful message when extension types don't match
[Cache] Fixed not supported Redis eviction policies
...
* 3.4:
[Filesystem] Handle paths on different drives
[WebProfiler] Do not add src-elem CSP directives if they do not exist
[Yaml] fix parse error when unindented collections contain a comment
[3.4][Inflector] Improve testSingularize() argument name
[PhpUnitBridge] fix PHP 5.3 compat again
Skip validation when email is an empty object
fix sr_Latn translation
[Validator] fix lazy property usage.
Fix annotation
[PhpUnitBridge] fix compat with PHP 5.3
[DX] Show the ParseException message in YAML file loaders
This PR was merged into the 4.4 branch.
Discussion
----------
[Console] Default hidden question to 1 attempt for non-tty session
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | Fix#36565
| License | MIT
| Doc PR |
### Problem 1
`validateAttempts()` method repeats validation forever by default, until exception extending `RuntimeException` isn't thrown. This currently happens disregarding if user is in tty session where they can actually type input, or non-tty session. This presents a problem when user code throws custom exceptions for hidden questions -> loop doesn't stop. As far as I can tell this issue is in all Symfony versions, but it was uncovered only after we stopped marking interactive flag to false automatically ourselves. Actually, all 3 problems were already existing problems, just hidden until now.
### Problem 2
Infinite loop problem is related to hidden questions, but this one isn't. If validation fails, another attempt to read & validate happens. This means user will get two prompts: 2x same question with 2 different error messages. One error message coming from validator, second error message about inability to read input (because this loop repeats until this kind of error happens, so last output will always be this error). As an example, output in practice would look like following
```
What do you want to do:
>
[ERROR] Action must not be empty.
What do you want to do:
>
Aborted.
```
So even if loop stops, output is more than expected.
### Problem 3
This is purely cosmetic issue, but currently user gets `stty: stdin isn't a terminal` printed additionally when question helper tries to ask a hidden question without having tty. I have fixed this in same fashion as was already done for [getShell() method](ee7fc5544e/src/Symfony/Component/Console/Helper/QuestionHelper.php (L500)).
### More details
Well root of the first problem is that `\Symfony\Component\Console\Helper\QuestionHelper::getHiddenResponse` is inconsistent. In some cases it does throw `MissingInputException` (which extends `RuntimeException`), in others doesn't. This is because in others, `shell_exec` is used, which won't return `false` even in non-tty sessions. Initially I attempted to fix this and make them consistent by checking for empty result + `isTty` call, but during my testing I found that at least last, `bash -c` method returns `\n` as output both when passing empty input and when passing newline as input. This means we cannot differentiate with this technique when input is really empty, or at least I can't currently tell how, maybe someone does. I had also idea to use proc_open and check if `STDERR` cotains message about stdin not being a terminal, but I realized these functions might not be available. In future we should modernize this method to use less hacky techniques. Other solutions, eg. Inquirer.js or [hoa/console](https://github.com/hoaproject/Console/blob/master/Source/Readline/Readline.php) have much more elegant solutions. Anyway, since I encountered this issue and additionally this doesn't solve Problem 2, I stopped trying to fix this on this level.
### Alternative solution
Alternative solution to problem 1 and 3 would be to fallback to default in case of hidden questions when tty is missing. But this still doesn't solve problem 2 and I can't think about solution right now which would fix problem 2 separately. We also didn't really reach consensus if reading passwords via stdin is desired. I tried this in `Inquirer.js` and this library *does read password from stdin*
Commits
-------
ee7fc5544e [Console] Default hidden question to 1 attempt for non-tty session
This PR was squashed before being merged into the 3.4 branch.
Discussion
----------
[Filesystem] Handle paths on different drives
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| License | MIT
`makePathRelative` strips and ignores the drive letters given Windows paths on different drives, resulting in a relative path which does not resolve to the desired target.
This PR makes `makePathRelative` notice paths on different drives, and return the full (absolute) target path in case instead.
Commits
-------
00e727ae4e [Filesystem] Handle paths on different drives
This PR was merged into the 3.4 branch.
Discussion
----------
[WebProfiler] Do not add src-elem CSP directives if they do not exist
| Q | A
| ------------- | ---
| Branch? | 3.4, 4.4, 5.0
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | Fix#36643
| License | MIT
| Doc PR | n/a
In the latest 3.4.*, 4.4.* and 5.0.* branches the `script-src-elem` and `style-src-elem` directives are added to the Content-Security-Policy header if they don't exist by copying the `default-src`. This causes browsers to ignore the `script-src` and `style-src` directives which likely contain scripts and styles the developer wanted to allow.
As mentioned in the fixed ticket, we shouldn't be adding these directives if they don't exist because the browser will automatically fallback to `script-src` and `style-src` which we have already added `unsafe-inlen` and the `nonce-*` to.
This will need to be merged into 3.4, 4.4 and 5.0, but I was unsure which branch I am meant to base it off to start with. I've put it on 4.4 but can move it to another if required.
Commits
-------
d9c47087c9 [WebProfiler] Do not add src-elem CSP directives if they do not exist
This PR was merged into the 3.4 branch.
Discussion
----------
[DX] Show the ParseException message in all YAML file loaders
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | -
This PR synchronizes the exception message in the Routing, Validator and Translation YAML file loaders with the DependencyInjection YAML file loader behavior. Adding the ParseException message is a big DX gain because it highlights the problem directly instead of having to scroll down 7 previous exceptions.
I'm targetting 3.4 because DX can be considered as a bug fix AFAIK.
Commits
-------
fc6cf3d3c6 [DX] Show the ParseException message in YAML file loaders
This PR was merged into the 4.4 branch.
Discussion
----------
Execute docker dependent tests with github actions
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| Tickets | Fixes#36427
| License | MIT
| Doc PR | -
* redis, memcached, rabbitmq and vulcain dependent tests moved to the github action
* run on PHP 7.1 and 7.4 only
* use the `integration` group for all tests that depend on docker services
* do not exclude the `integration` group on Travis, but make sure tests that depend on docker services are skipped properly
[<img width="1222" alt="image" src="https://user-images.githubusercontent.com/190447/80806323-48339100-8bb2-11ea-95cd-5ce773c74ce6.png">](https://github.com/jakzal/symfony/runs/636461875?check_suite_focus=true)
Commits
-------
d710c1b654 Execute docker dependent tests with github actions
This PR was merged into the 3.4 branch.
Discussion
----------
[Validator] Skip validation when email is an empty object
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no <!-- please update src/**/CHANGELOG.md files -->
| Deprecations? | no <!-- please update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| Tickets | <!-- prefix each issue number with "Fix #", if any -->
| License | MIT
| Doc PR | <!-- required for new features -->
When the value passed to the email validator is an empty object the validator is still called and will mark the value as invalid. The object should be skipped in this case, as it is also done in the `UrlValidator`
bfdbb244fe/src/Symfony/Component/Validator/Constraints/UrlValidator.php (L59-L62)
<!--
Replace this notice by a short README for your feature/bugfix. This will help people
understand your PR and can be used as a start for the documentation.
Additionally (see https://symfony.com/releases):
- Always add tests and ensure they pass.
- Never break backward compatibility (see https://symfony.com/bc).
- Bug fixes must be submitted against the lowest maintained branch where they apply
(lowest branches are regularly merged to upper ones so they get the fixes too.)
- Features and deprecations must be submitted against branch master.
-->
Commits
-------
de5d68ef2a Skip validation when email is an empty object
This PR was merged into the 5.1-dev branch.
Discussion
----------
[FrameworkBundle] Allow configuring the default base URI with a DSN
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| Deprecations? | no
| Tickets | Fixes#35121, replaces #35580, partially reverts #35281
| License | MIT
| Doc PR | -
Instead of defining 3-4 parameters, this PR enables using a single DSN to configure the default URL context (for commands mainly):
```
framework:
router:
base_uri: 'https://my.host:8443/base-path/'
```
When using parameters directly, one can now set the same absolute URI in the `router.request_context.base_url` parameter, this will provide the same benefit.
Commits
-------
250fa7e979 [FrameworkBundle] Allow configuring the default base URI with a DSN
This PR was merged into the 5.1-dev branch.
Discussion
----------
[Security] Added LDAP support to Authenticator system
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | -
The last missing authenticator in the new system 🎉
I have no experience with LDAP at all and I didn't succeed in setting up a server locally. So I can't test whether this works, but the unit test works (and also tested in a real app, while adding a `dd()` call in the listener).
---
I want to share with you the current state of Security LDAP, how this PR implements it and a possible other solution (which I think I would prefer most). Is there anyone who can share their opinions on this? (hopefully @weaverryan and @csarrazi can share their opinion, as they have most experience on this topic)
1. **Current Solution: An LDAP authentication provider + duplicated `SecurityFactory` classes**
LDAP is done in one centralized authentication provider. This provider is configured by security factories for each core factory (e.g. `form_login` becomes `form_login_ldap`, `http_basic` becomes `http_basic_ldap`).
2. **Implementation in this PR: A listener is executed before the default `VerifyCredentialsListener`, to verify `PasswordCredentials`**
This listener must be configured for each specific authenticator wanting to use LDAP. This is a technique similar to (1). It's a bit difficult to use this for your own authenticator (you need to configure a custom listener service) and still needs the duplicated factory classes
3. **Proposal: Introduce a `LdapCredentials` class and always register a listener**
If an authentictor returns `LdapCredentials`, it'll be checked using the LDAP verification listener. This is the easiest for custom authenticators and would remove the duplicated factories, I can imagine `form_login` getting a new `ldap` sub option to configure the settings.
The main disadvantage (I think) is that we would need to make `LdapCredentials` configure all options: ldap service, dnString, searchDn, searchPassword & queryString. Especially passing around the ldap service seems a bit weird. The main questions here are: Is it weird to pass all these things in the `LdapCredentials`? And, do we really need to support having multiple LDAP configuration sets for different authenticators? Or can we e.g. add a global `security.ldap` configuration, that registers the listener for all authenticators returning `LdapCredentials`?
Commits
-------
20962e604a [Security] Added LDAP support to Authenticator system
This PR was squashed before being merged into the 5.1-dev branch.
Discussion
----------
[Translations] Throw exception if xFileLoader dependencies don't exist.
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| Deprecations? | no
| Tickets | Fix#36658
| License | MIT
| Doc PR |
`XliffFileLoader` & `QtFileLoader` both require `XmlUtils::class` from the `Config` component. This PR throws a friendly exception is the `Config` component does not exist.
Original idea by @xabbuh was to throw the exception from the __constructor. This PR throws the exception from the `load()` method to be consistent with the `YamlFileLoader::class`. But that can easily be changed.
Commits
-------
627e476eb4 [Translations] Throw exception if xFileLoader dependencies don't exist.
This PR was squashed before being merged into the 5.1-dev branch.
Discussion
----------
[AmazonSqsMessenger] Use AsyncAws to handle SQS communication
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| Deprecations? | no
| Tickets | /
| License | MIT
| Doc PR | /
Similar to #35992 this PR use AsyncAws to handle Sqs messages sent/receive
It move complexity of authentication/streaming outside Symfony while keeping HttpClient integration.
Commits
-------
7c4888eed1 [AmazonSqsMessenger] Use AsyncAws to handle SQS communication
This PR was merged into the 5.1-dev branch.
Discussion
----------
[Messenger] Fix messenger:failed:remove can not remove single message
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | Fix#36659
| License | MIT
| Doc PR | -
Fix this error:
```
count(): Parameter must be an array or an object that implements Countable
```
When calling `messenger:failed:remove` command from other code with single id
Commits
-------
e66cd97ec3 [Messenger] Fix messenger:failed:remove can not remove single message
This PR was merged into the 5.1-dev branch.
Discussion
----------
Add support of PHP8 static return type for withers
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| Deprecations? | no
| Tickets | https://github.com/orgs/symfony/projects/1#card-35852557
| License | MIT
| Doc PR |
Commits
-------
04fdf05cff Add support of PHP8 static return type for withers
This PR was merged into the 5.1-dev branch.
Discussion
----------
[DI] allow loading and dumping tags with an attribute named "name"
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | -
This is a minor feature added for consistency: using PHP, we can already define tags with an attribute named `"name"`. But then, we cannot dump such definitions in YAML nor XML since we don't have a syntax to declare such tags in these formats.
I spotted this while looking at a dumped container: we already use an attribute named `"name"` on two tags: `cache.pool` and `workflow.definition`. Currently, the dumped XML is wrong because of this.
This PR enables the following new syntaxes (the current style still works as usual):
- in YAML, consistently with the new syntax for method calls:
```yaml
tags:
- cache.pool: { name: my_cache_pool }
```
- in XML:
```xml
<tag name="my_cache_pool">cache.pool</tag>
```
Commits
-------
b023e4cac3 [DI] allow loading and dumping tags with an attribute named "name"
This PR was merged into the 5.1-dev branch.
Discussion
----------
[HttpKernel] make kernels implementing `WarmableInterface` be part of the cache warmup stage
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | -
This allows your kernel to return extra classes to preload also (which was my main motivation for creating this PR actually.)
```php
// ...
use Symfony\Component\HttpKernel\CacheWarmer\WarmableInterface;
// ...
class Kernel ... implements ..., WarmableInterface
{
// ...
public function warmUp(string $cacheDir): array
{
// ...
return [
SomeClassToPreload::class,
AnotherClassClassToPreload::class,
$cacheDir.'/some-file-to-preload.php',
// ...
];
}
// ...
}
```
Commits
-------
649e530356 [HttpKernel] make kernels implementing `WarmableInterface` be part of the cache warmup stage
This PR was merged into the 5.1-dev branch.
Discussion
----------
[Form] deprecate not using a rounding mode
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | yes
| New feature? | no
| Deprecations? | yes
| Tickets |
| License | MIT
| Doc PR |
Commits
-------
25ba1a241d deprecate not using a rounding mode
This PR was squashed before being merged into the 5.1-dev branch.
Discussion
----------
[Mailer] Use AsyncAws to handle SES requests
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| Deprecations? | no
| Tickets | #33183, #35468 and #35037
| License | MIT
| Doc PR | TODO
alternative to #33326
This PR replace the native code to call AWS SES by the new [AsyncAws](https://github.com/async-aws/aws) project maintained by @Nyholm and me.
This removes complexity of signing request, and adds new features likes:
- authentication via .aws/config.ini, Instance profile, WebIdentity (K8S service account)
- usesignature V4 (the one recommanded by the Official SDK )
- fully compatible with API (uses the official AWS SDK interface contract to generate classes)
Because it's based on `symfony/http-client`, it's fully integrable with Symfony application.
Commits
-------
21243874bc [Mailer] Use AsyncAws to handle SES requests
This PR was merged into the 4.4 branch.
Discussion
----------
[Translation] Fix for translation:update command updating ICU messages
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | Fix#36459
| License | MIT
If `translation:update` command executed with option `--domain=messages` – it ignore `messages-intl-icu` file and just create new `messages`
Method `TranslationUpdateCommand::filterCatalogue()` on `MessageCatalogue::all()` method to get all messages for domain
But `MessageCatalogue::all()` method disredard `intl-icu` domains and simply merge all.
[Translation] added $strict parameter for MessageCatalogueInterface::all() to be able to get only defined domain messages
[FrameworkBundle] modified translation:update command to respect intl-icu domain
Commits
-------
567cee5f02 [Translation] Fix for translation:update command updating ICU messages
* Anonymous users are actual to unauthenticated users, both are now represented by no token
* Added a PUBLIC_ACCESS Security attribute to be used in access_control
* Deprecated "anonymous: lazy" in favor of "lazy: true"
This PR was squashed before being merged into the 5.1-dev branch.
Discussion
----------
[SecurityBundle] Fixed entry point service ID resolving and multiple guard entry points
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | n/a
@fabpot I am not able to reproduce [the error you reported](https://github.com/symfony/symfony/pull/36575#issuecomment-622272051) in any of my demo applications or in the tests introduced in this PR. The error indicates that no entry point is configured in your application, can you maybe try out this patch (given it now makes a hard error when more than one guard is used)? If it still doesn't work, can you maybe share your firewall configuration?
---
_build failures are unrelated_
Commits
-------
c75659350e Do not make AbstractFactory internal and revert method rename
6870a18803 Fixed entry point resolving and guard entry point configuration
This PR was squashed before being merged into the 3.4 branch (closes#36627).
Discussion
----------
[Validator] fix lazy property usage.
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | Fix#36343
| License | MIT
| Doc PR |
This attempts to fix a large regression introduced in #36343, which broke recursing values returned from `getter` Constraints, because they are now wrapped in in a `LazyProperty`. The `LazyProperty` needs to be evaluated because some checks are done on the type of `$value`, i.e `is_array` etc... in `validateGenericNode`.
I'm concerned that the original PR didn't really add sufficient test coverage for the introduction of `LazyProperty`, and I'm not 100% sure that I've caught all the cases where the `instanceof` check are needed in this PR.
For the tests, I added the `@dataProvider getConstraintMethods` to every test that hit the problem area of code.
~~The only issue is that my fixed has broken the test introduced in #36343, `testGroupedMethodConstraintValidateInSequence`.~~
~~I think I need @HeahDude to help me work through this. Maybe there is a more simple solution, one that doesn't require doing `instanceof LazyPropery` checks in multiple places, because this feels very brittle.~~
EDIT: fixed that test.
Commits
-------
281861e788 [Validator] fix lazy property usage.
This PR was merged into the 4.4 branch.
Discussion
----------
[Form] provide a useful message when extension types don't match
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| Tickets | Fix#36610
| License | MIT
| Doc PR |
Commits
-------
88d836643a provide a useful message when extension types don't match
This PR was merged into the 4.4 branch.
Discussion
----------
[Serializer] do not transform empty \Traversable to Array
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | no <!-- please update src/**/CHANGELOG.md files -->
| Deprecations? | no <!-- please update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| Tickets | na
| License | MIT
| Doc PR | na
Today, using `PRESERVE_EMPTY_OBJECTS` ([introduced in 4.0](f28e826627)), the JSON serialization of:
```php
<?php
$object = [];
$object['foo'] = new \ArrayObject();
$object['bar'] = new \ArrayObject(['notempty']);
$object['baz'] = new \ArrayObject(['nested' => new \ArrayObject()]);
```
Outputs:
```json
{"foo":[],"bar":["notempty"],"baz":{"nested":[]}}
```
Instead of the expected:
```json
{"foo":{},"bar":["notempty"],"baz":{"nested":{}}}
```
This issue comes from the Serializer that transforms `Traversable` to an Array [here](11a707200d/src/Symfony/Component/Serializer/Serializer.php (L159)). Also, the `AbstractObjectNormalizer` [doesn't support Traversable](11a707200d/src/Symfony/Component/Serializer/Normalizer/AbstractObjectNormalizer.php (L134)), but he allows to preserve empty objects.
I propose this patch where the fix doesn't transform a `Traversable` to an Array. I see another way to patch this in which we could allow empty Traversable in the `AbstractObjectNormalizer` (not sure it's better though). See attached [other-fix.patch](https://github.com/symfony/symfony/files/4539865/other-fix.log) to see the alternative patch.
Commits
-------
e5c20293fa Fix serializer do not transform empty \Traversable to Array
This PR was merged into the 5.1-dev branch.
Discussion
----------
Add missing port SQS Host Header request
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | /
| License | MIT
| Doc PR | /
When user provides a custom endpoint, the port is missing from the `Host` headers, leading to wrong URL when calling `getQueueUrl`
Commits
-------
41165beb48 Add missing port SQS Host Header request
This PR was merged into the 4.4 branch.
Discussion
----------
[Cache] Fixed not supported Redis eviction policies
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | no
| License | MIT
| Doc PR | no
**Steps to reproduce:**
1. Define the following redis service on SymfonyCloud:
```
rediscache:
type: redis:5.0
size: S
configuration:
maxmemory_policy: allkeys-lru
```
2. Deploy the change
**Expected result:**
No redis cache will be populated
**Actual result:**
Following exception is thrown:
```
[2020-04-28T05:35:58.440403-04:00] php.CRITICAL: Uncaught Error: Return value of Symfony\Component\Cache\Adapter\RedisTagAwareAdapter::doSave() must be of the type array, bool returned {"exception":"[object] (TypeError(code: 0): Return value of Symfony\\Component\\Cache\\Adapter\\RedisTagAwareAdapter::doSave() must be of the type array, bool returned at /app/vendor/symfony/cache/Adapter/RedisTagAwareAdapter.php:100)"} []
```
Commits
-------
3d6e942da5 [Cache] Fixed not supported Redis eviction policies
This PR was merged into the 5.1-dev branch.
Discussion
----------
[FrameworkBundle][CacheWarmupCommand] Append files to preload
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | -
Files returned by the warmUp() method must be added to the preload file.
I also added checks to avoid empty preload calls in the preload file like this:
```
$classes = [];
Preloader::preload($classes);
```
Commits
-------
a82c7ab4c0 [FrameworkBundle][CacheWarmupCommand] Append files to preload
This PR was merged into the 5.1-dev branch.
Discussion
----------
[HttpFoundation][HttpKernel] Add more preload always-needed symbols
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| Deprecations? | no
| Tickets | Part of https://github.com/orgs/symfony/projects/1#card-37082675
| License | MIT
| Doc PR | -
`ConfigCache` is in the hot path because it is used for every request in the kernel boot (initializeContainer() method). I guess we can consider that every kernel is going to be booted so it should always be used.
`InputBag` should be added too - it is used in the Request initialization so it will likely be hit on every request as well - but maybe it wasn't added in the first place for a reason since other bags are already there?
Commits
-------
636a8bdf12 [HttpFoundation][HttpKernel] Add more preload always-needed symbols
This PR was squashed before being merged into the 5.1-dev branch.
Discussion
----------
[Security] Require entry_point to be configured with multiple authenticators
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | tbd
See @weaverryan's comment at https://github.com/symfony/symfony/pull/33558#discussion_r403740402:
> I have it on my list to look at the entrypoint stuff more closely. But my gut reaction is this: let's fix them (or try to... or maybe in a PR after this) :). What I mean is this:
>
> - It's always been confusing that your firewall may have multiple auth mechanisms that have their own "entry point"... and one is chosen seemingly at random :). I know it's not random, but why does the entrypoint from `form_login` "win" over `http_basic` if I have both defined under my firewall?
>
> - Since we're moving to a new system, why not throw an exception the _moment_ that a firewall has multiple entrypoints available to it. Then we _force_ the user to choose the _one_ entrypoint that should be used.
---
**Before** (one authenticator)
```yaml
security:
enable_authenticator_manager: true
firewalls:
main:
form_login: ...
# form login is your entry point
```
**After**
Same as before
---
**Before** (multiple authenticators)
```yaml
security:
enable_authenticator_manager: true
firewalls:
main:
http_basic: ...
form_login: ...
# for some reason, FormLogin is now your entry point! (config order doesn't matter)
```
**After**
```yaml
security:
enable_authenticator_manager: true
firewalls:
main:
http_basic: ...
form_login: ...
entry_point: form_login
```
---
**Before** (custom entry point service)
```yaml
security:
enable_authenticator_manager: true
firewalls:
main:
http_basic: ...
form_login: ...
entry_point: App\Security\CustomEntryPoint
```
**After**
Same as before
Commits
-------
7e861698e7 [Security] Require entry_point to be configured with multiple authenticators
* 5.0:
updated VERSION for 3.4.40
update CONTRIBUTORS for 3.4.40
updated CHANGELOG for 3.4.40
[WebProfilerBundle] changed label of peak memory usage in the time & memory panels (MB into MiB)
add tests for the ConstraintViolationBuilder class
Improve dirname usage
[PhpUnitBridge] Use COMPOSER_BINARY env var if available
Allow invalidateTags calls to be traced by data collector
[YAML] escape DEL(\x7f)
fix compatibility with phpunit 9
[Cache] skip APCu in chains when the backend is disabled
[Mailer] Add a comment to avoid more wrong PRs on this piece of code
[Form] apply automatically step=1 for datetime-local input
remove getContainer overwrites in tests
Fixing a bug where class_alias would cause incorrect items in debug:autowiring
[DependencyInjection][ServiceSubscriber] Support late aliases
Fix profiler nullable string type
* 4.4:
updated VERSION for 3.4.40
update CONTRIBUTORS for 3.4.40
updated CHANGELOG for 3.4.40
[WebProfilerBundle] changed label of peak memory usage in the time & memory panels (MB into MiB)
add tests for the ConstraintViolationBuilder class
Improve dirname usage
[PhpUnitBridge] Use COMPOSER_BINARY env var if available
Allow invalidateTags calls to be traced by data collector
[YAML] escape DEL(\x7f)
fix compatibility with phpunit 9
[Cache] skip APCu in chains when the backend is disabled
[Mailer] Add a comment to avoid more wrong PRs on this piece of code
[Form] apply automatically step=1 for datetime-local input
Fixing a bug where class_alias would cause incorrect items in debug:autowiring
[DependencyInjection][ServiceSubscriber] Support late aliases
* 3.4:
updated VERSION for 3.4.40
update CONTRIBUTORS for 3.4.40
updated CHANGELOG for 3.4.40
[WebProfilerBundle] changed label of peak memory usage in the time & memory panels (MB into MiB)
add tests for the ConstraintViolationBuilder class
Improve dirname usage
[PhpUnitBridge] Use COMPOSER_BINARY env var if available
[YAML] escape DEL(\x7f)
fix compatibility with phpunit 9
[Cache] skip APCu in chains when the backend is disabled
[Form] apply automatically step=1 for datetime-local input
This PR was merged into the 4.4 branch.
Discussion
----------
[Cache] Allow invalidateTags calls to be traced by data collector
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | #34810
| License | MIT
| Doc PR |
`TraceableTagAwareAdapter` is not used in the fullstack framework since tag aware pools don't have the `cache.pool` tag (it's the decorated adapter that has it). This PR aims to use `TraceableTagAwareAdapter` when a pool is configured with `tags: true`
Commits
-------
28fdb3a879 Allow invalidateTags calls to be traced by data collector
This PR was squashed before being merged into the 3.4 branch.
Discussion
----------
[WebProfilerBundle] changed label of peak memory usage in the time & memory panels (MB into MiB)
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | Fix#36533
| License | MIT
| Doc PR | none
<!--
Replace this notice by a short README for your feature/bugfix. This will help people
understand your PR and can be used as a start for the documentation.
Additionally (see https://symfony.com/releases):
- Always add tests and ensure they pass.
- Never break backward compatibility (see https://symfony.com/bc).
- Bug fixes must be submitted against the lowest maintained branch where they apply
(lowest branches are regularly merged to upper ones so they get the fixes too.)
- Features and deprecations must be submitted against branch master.
-->
This PR changes the label of the peak memory usage from `MB` into `MiB` in the time and memory panels of the web profiler, as discussed in #36533.
The changed file `Resources/views/Collector/time.html.twig` is completely updated by commit c9433b0090 for v4.3. So for correctly displaying the label in 4.4 (& 5.0), the file `Resources/views/Collector/time.js` needs to be updated.
Commits
-------
89fb0799cd [WebProfilerBundle] changed label of peak memory usage in the time & memory panels (MB into MiB)
This PR was merged into the 3.4 branch.
Discussion
----------
[PhpUnitBridge] Use COMPOSER_BINARY env var if available
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | https://github.com/symfony/symfony/issues/36401
| License | MIT
| Doc PR | -
Commits
-------
6dce90d47b [PhpUnitBridge] Use COMPOSER_BINARY env var if available
This PR was merged into the 5.1-dev branch.
Discussion
----------
[DI] add syntax to stack decorators
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| Deprecations? | no
| Tickets | Fix#30599
| License | MIT
| Doc PR | -
Declare this:
```yaml
services:
my_stack_of_decorators:
stack:
- class: App\ExternalDecorator
- class: App\InternalDecorator
- class: App\DecoratoredClass
```
And get this:
![image](https://user-images.githubusercontent.com/243674/78615803-b8c8e580-7872-11ea-95c2-22cb78f88ca8.png)
The PR is now ready with support for Yaml, XML and the PHP-DSL. It needs #36388, #36392 and #36389 to pass, and relates to #36390 to be DX-friendly.
The new syntax now supports composable stacks - i.e stack you can reuse in the middle of another stack.
RIP middleware, simple decorators FTW :)
From the test cases:
```yaml
services:
reusable_stack:
stack:
- class: stdClass
properties:
label: A
inner: '@.inner'
- class: stdClass
properties:
label: B
inner: '@.inner'
concrete_stack:
stack:
- parent: reusable_stack
- class: stdClass
properties:
label: C
```
This will create a service similar to:
```php
(object) [
'label' => 'A',
'inner' => (object) [
'label' => 'B',
'inner' => (object) [
'label' => 'C',
]
],
];
```
When used together with autowiring, this is enough to declare a stack of decorators:
```yaml
services:
my_processing_stack:
stack:
- App\ExternalDecorator: ~
- App\InternalDecorator: ~
- App\TheDecoratedClass: ~
```
See fixtures for the other configuration formats.
See also https://twitter.com/nicolasgrekas/status/1248198573998604288
Todo:
- [x] rebase on top of #36388, #36392 and #36389 once they are merged
- [x] test declaring deeper nested stacks
Commits
-------
98eeeae3d1 [DI] add syntax to stack decorators
This PR was merged into the 5.1-dev branch.
Discussion
----------
[DI] fix definition and usage of AbstractArgument
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | -
Reading https://symfony.com/blog/new-in-symfony-5-1-abstract-service-arguments and the comments there made me realize that the current implementation is not generic enough. Abstract arguments can be found anywhere, not only as service arguments. Also, `AbstractArgument` instances should not convey the key/id since that makes them harder to use in the PHP-DSL.
Commits
-------
abb463c749 [DI] fix definition and usage of AbstractArgument
This PR was squashed before being merged into the 5.1-dev branch.
Discussion
----------
[Serializer] Add an @Ignore annotation
| Q | A
| ------------- | ---
| Branch? | master
Bug fix? | no
| New feature? | yes <!-- don't forget to update src/**/CHANGELOG.md files -->
| BC breaks? | no <!-- see https://symfony.com/bc -->
| Deprecations? | no <!-- don't forget to update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| Tests pass? | yes <!-- please add some, will be required by reviewers -->
| Fixed tickets | #24071
| License | MIT
| Doc PR | n/a
Add an `@Ignore` annotation to configure [ignored attributes](https://symfony.com/doc/current/components/serializer.html#ignoring-attributes) in a convenient way, as well as the related XML and YAML loaders.
TODO:
* [x] Add tests
Commits
-------
8526d7c050 [Serializer] Add an @Ignore annotation
This PR was merged into the 5.1-dev branch.
Discussion
----------
[String] Add locale-sensitive map for slugging symbols
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| Deprecations? | no
| Tickets | Fix#36383
| License | MIT
By default chars '@' and '&' are respectively replaced by 'at' and 'and' (so limited by enlgish language).
I had an $options arguments to 'slug' method to replace chars with your own logic.
Commits
-------
1331584fa1 [String] Add locale-sensitive map for slugging symbols
This PR was merged into the 3.4 branch.
Discussion
----------
[Cache] skip APCu in chains when the backend is disabled
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | Fix#34962
| License | MIT
| Doc PR | -
I think this should do it.
Commits
-------
5a7208481d [Cache] skip APCu in chains when the backend is disabled
This PR was merged into the 5.1-dev branch.
Discussion
----------
[DI] skip preloading dependencies of non-preloaded services
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | -
Suggested by @stof on Slack: this improves preloading by propagating the `container.no_preload` tag to services that are referenced only by not-preloaded services.
The benefit is double:
1. this fixes potential over-preloading
2. this requires less work from the community: no need to add the tag anymore most of the time
As a corollary, listeners of console events are tagged with `container.no_preload` automatically now.
Commits
-------
add867020a [DI] skip preloading dependencies of non-preloaded services
This PR was merged into the 4.4 branch.
Discussion
----------
[FrameworkBundle] debug:autowiring: Fix wrong display when using class_alias
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | None
| License | MIT
| Doc PR | not needed
Imagine that `FooInterface` is an alias, but it is deprecated and so has a `class_alias` to `BarInterface`. Currently, `debug:autowiring` will actually print that's the autowiring alias is `BarInterface`, despite there being no such id in the container.
@nicolas-grekas originally (on purpose) made the 2nd argument to `Descriptor::getClassDescription()` be passed by reference *for* this exact feature - 56aab09b01 - but I can't figure out why. This change (which effectively removes the by-reference modifying) made no existing tests fail.
Discovered this because the whole deprecated`Doctrine\Common\Persistence\ManagerRegistry` vs newer `Doctrine\Persistence\ManagerRegistry` causes the issue.
Thanks!
Commits
-------
d34b437ce0 Fixing a bug where class_alias would cause incorrect items in debug:autowiring
This PR was squashed before being merged into the 5.1-dev branch (closes#36525).
Discussion
----------
Improve SQS interoperability
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| Deprecations? | no
| Tickets | NA
| License | MIT
| Doc PR | NA
The Symfony Messenger component provides a SerializerInterface to encode/decode the `Envelope`, this can be used to improve the Interoperability (see [article from jolicode](https://jolicode.com/blog/symfony-messenger-et-linteroperabilite) (french))
Sadly, the current implementation of SQS adapter json_encode the elements of the `Envelope` (`string body` + `string[] headers`) and store everything in the SQS message `Body`. That partially defect the interoperability: 3rd party have to also wrap (unwrap) message form json_encoded Body.
This PR leverage the AWS SQS `Body` and `MessageAttribute` properties to store message information:
```yaml
# before
SQS Message:
Body: {"body": "hello world", "headers": {"foo": "bar"}}
MessageAttributes: {}
# after
SQS Message:
Body: hello world
MessageAttributes:
foor: bar
```
Commits
-------
00d84c125e Improve SQS interoperability
This PR was merged into the 4.4 branch.
Discussion
----------
[DependencyInjection][ServiceSubscriber] Support late aliases
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | -
A service subscriber that references a service that is aliased after optimization passes (after ResolveReferencesToAliasesPass technically) end up being dumped with the real service and not the alias.
I would consider it a bug but @nicolas-grekas told me it's a feature for him, this is why I'm submitting this on master.
@nicolas-grekas, feel free to close this one and open with your solution since you definitely know the subject better.
Commits
-------
24150370c3 [DependencyInjection][ServiceSubscriber] Support late aliases
This PR was merged into the 5.1-dev branch.
Discussion
----------
[OptionsResolver] remove not needed BC layer
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| Tickets |
| License | MIT
| Doc PR |
Commits
-------
1452619a52 remove not needed BC layer
This PR was merged into the 5.0 branch.
Discussion
----------
[Profiler] Fix profiler nullable string type
| Q | A
| ------------- | ---
| Branch? | 5.0
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | n/a
| License | MIT
| Doc PR | -
This PR fixes nullable string types in setter for the Profile class.
The detected issue comes from [the Profiler class](https://github.com/symfony/symfony/blob/master/src/Symfony/Component/HttpKernel/Profiler/Profiler.php#L149) :
```php
$profile->setIp($request->getClientIp()); // string or null
```
The corresponding return types for the Profile getters are allready good:
```php
/**
* Returns the IP.
*
* @return string|null The IP
*/
public function getIp()
{
return $this->ip;
}
```
Commits
-------
b5d406117d Fix profiler nullable string type
* 5.0:
[FrameworkBundle] Fix session.attribute_bag service definition
[Routing] Remove unused properties from the Route annotation
[Routing] Add missing _locale requirements
Update LdapBindAuthenticationProvider.php
Add reproducer to for hit after update expire cacheItem
[Cache] fix FilesystemTagAwareAdapter failing when a tag link preexists
* 4.4:
[FrameworkBundle] Fix session.attribute_bag service definition
[Routing] Remove unused properties from the Route annotation
[Routing] Add missing _locale requirements
Update LdapBindAuthenticationProvider.php
Add reproducer to for hit after update expire cacheItem
[Cache] fix FilesystemTagAwareAdapter failing when a tag link preexists
This PR was merged into the 3.4 branch.
Discussion
----------
[Security/Core] fix escape for username in LdapBindAuthenticationProvider.php
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| License | MIT
I think that when we call `ldap_search()` as definitely it will do the `$this->ldap->query()` call, the proper filter applied should be `LdapInterface::ESCAPE_FILTER` as documented in
https://www.php.net/manual/en/function.ldap-escape.php while `LdapInterface::ESCAPE_DN` should be used for `dn` only
This simple change should fix, I'm sorry if I'm wrong.
Commits
-------
4bda68a9a2 Update LdapBindAuthenticationProvider.php
This PR was merged into the 5.1-dev branch.
Discussion
----------
[Notifier] Throw an exception when the Slack DSN is not valid
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | yes-ish
| New feature? | yes-ish <!-- please update src/**/CHANGELOG.md files -->
| Deprecations? | no <!-- please update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| Tickets | n/a <!-- prefix each issue number with "Fix #", if any -->
| License | MIT
| Doc PR | n/a
Improved errors in case of a DSN issue.
+ proper error for the Slack DSN when path is empty (will help catch when people haven't updated their Slack DSN for 5.1).
Commits
-------
6b1a64a642 [Notifier] Throw an exception when the Slack DSN is not valid
This PR was squashed before being merged into the 5.1-dev branch.
Discussion
----------
[Security] AuthenticatorManager to make "authenticators" first-class security
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | tbd
The tl;dr
---
The old authentication listener + authentication provider system was replaced by a new "authenticator" system (similar to Guard authentication). All existing "auth systems" (e.g. `form_login` are now written as an "authenticator" in core).
Instead of each "authentication system" registering its own listener in the `Firewall`, there is now only one listener: `AuthenticatorManagerListener`
* `Firewall` -> executes `AuthenticatorManagerListener`
* `AuthenticatorManagerListener` -> calls `AuthenticatorManager`
* `AuthenticatorManager` -> calls each authenticator
This PR contains *no deprecations* and the "new system" is *marked as experimental*. This allows to continue to develop the new Security system during the 5.x release cycle without disturbing Symfony users. In 5.4, we can deprecate "old" Security and remove it completely in 6.0.
Important Decisions
---
* A) **The new authentication manager - `AuthenticatorManager` - now dispatches 3 important "hook" events**:
* `VerifyAuthenticatorCredentialsEvent`: occurs at the point when a "password" needs to be checked. Allows us to centralize password checking, CSRF validation, password upgrading and the "user checker" logic.
* `LoginSuccessEvent`: Dispatched after a successful authentication. E.g. used by remember me listener.
* `LoginFailedEvent`: Dispatched after an unsuccessful authentication. Also used by remember me (and in theory could be used for login throttling).
* B) **`getCredentials()`, `getUser()` and `checkCredentials()` methods from old Guard are gone: their logic is centralized**.
Authenticators now have an `authenticate(Request $request): PassportInterface` method. A passport contains the user object, the credentials and any other add-in Security badges (e.g. CSRF):
```php
public function authenticate(Request $request): PassportInterface
{
return new Passport(
$user,
new PasswordCredentials($request->get('_password')),
[
new CsrfBadge($request->get('_token'))
]
);
}
```
All badges (including the credentials) need to be resolved by listeners to `VerifyAuthenticatorCredentialsEvent`. There is build-in core support for the following badges/credentials:
* `PasswordCredentials`: validated using the password encoder factory
* `CustomCredentials`: allows a closure to do credentials checking
* `CsrfTokenBadge`: automatic CSRF token verification
* `PasswordUpgradeBadge`: enables password migration
* `RememberMeBadge`: enables remember-me support for this authenticator
* C) **`AuthenticatorManager` contains all logic to authenticate**
As authenticators always relate to HTTP, the `AuthenticatorManager` contains all logic to authenticate. It has three methods, the most important two are:
* `authenticateRequest(Request $request): TokenInterface`: Doing what is previously done by a listener and an authentication provider;
* `authenticateUser(UserInterface $user, AuthenticatorInterface $authenticator, Request $request, array $badges = [])` for manual login in e.g. a controller.
* D) **One AuthenticatorManager per firewall**
In the old system, there was 1 authentication manager containing all providers and each firewall had a specific firewall listener. In the new system, each firewall has a specific authentication manager.
* E) **Pre-authentication tokens are dropped.**
As everything is now handled inside `AuthenticatorManager` and everything is stored in the Security `Passport`, there was no need for a token anymore (removing lots of confusion about what information is inside the token).
This change deprecates 2 authentication calls: one in `AuthorizationChecker#isGranted()` and one in `AccessListener`. These seem now to be mis-used to reload users (e.g. re-authenticate the user after you change their roles). This (some "way" to change a user's roles *without* logging them out) needs to be "fixed"/added in another PR.
* F) **The remember me service now uses *all* user providers**
Previously, only user providers of authentication providers listening on that firewall were used. This change is due to practical reasons and we don't think it is common to have 2 user providers supporting the same user instance. In any case, you can always explicitly configure the user provider under `remember_me`.
* G) **Auth Providers No Longer Clear the Token on Auth Failure**
Previously, authentication providers did `$this->tokenStorage->setToken(null)` upon authentication failure. This is not yet implemented: our reasoning is that if you've authenticated successfully using e.g. the login form, why should you be logged out if you visit the same login form and enter wrong credentials?
The pre-authenticated authenticators are an exception here, they do reset the token upon authentication failure, just like the old system.
* H) **CSRF Generator Service ID No Longer Configurable**
The old Form login authentication provider allowed you to configure the CSRF generator service ID. This is no longer possible with the automated CSRF listener. This feature was introduced in the first CSRF commit and didn't get any updates ever since, so we don't think this feature is required. This could also be accomplished by checking CSRF manually in your authenticator, instead of using the automated check.
Future Considerations
---
* Remove Security sub-components: Move CSRF to `Symfony\Component\Csrf` (just like mime); Deprecated Guard; Put HTTP + Core as `symfony/security`. This means moving the new classes to `Symfony\Component\Security`
* Convert LDAP to the new system
* This is fixed (and merged) by #36243 <s>There is a need for some listeners to listen for events on one firewall, but not another (e.g. `RememberMeListener`). This is now fixed by checking the `$providerKey`. We thought it might be nice to introduce a feature to the event dispatcher:</s>
* <s>Create one event dispatcher per firewall;</s>
* <s>Extend the `kernel.event_subscriber` tag, so that you can optionally specify the dispatcher service ID (to allow listening on events for a specific dispatcher);</s>
* <s>Add a listener that always also triggers the events on the main event dispatcher, in case you want a listener that is listening on all firewalls.</s>
* Drop the `AnonymousToken` and `AnonymousAuthenticator`: Anonymous authentication has never made much sense and complicates things (e.g. the user can be a string). For access control, an anonymous user has the same meaning as an un-authenticated one (`null`). This require changes in the `AccessListener` and `AuthorizationChecker` and probably also a new Security attribute (to replace `IS_AUTHENTICATED_ANONYMOUSLY`). Related issues: #34909, #30609
> **How to test**
> 1. Install the Symfony demo application (or any Symfony application)
> 2. Clone my Symfony fork (`git clone git@github.com:wouterj/symfony`) and checkout my branch (`git checkout security/deprecate-providers-listeners`)
> 3. Use the link utility to link my fork to the Symfony application: `/path/to/symfony-fork/link /path/to/project`
> 4. Enable the new system by setting `security.enable_authenticator_manager` to `true`
Commits
-------
b1e040f311 Rename providerKey to firewallName for more consistent naming
50224aa285 Introduce Passport & Badges to extend authenticators
9ea32c4ed3 Also use authentication failure/success handlers in FormLoginAuthenticator
0fe5083a3e Added JSON login authenticator
7ef6a7ab03 Use the firewall event dispatcher
95edc806a1 Added pre-authenticated authenticators (X.509 & REMOTE_USER)
f5e11e5f32 Reverted changes to the Guard component
ba3754a80f Differentiate between interactive and non-interactive authenticators
6b9d78d5e0 Added tests
59f49b20ca Rename AuthenticatingListener
60d396f2d1 Added automatically CSRF protected authenticators
bf1a452e94 Merge AuthenticatorManager and AuthenticatorHandler
44cc76fec2 Use one AuthenticatorManager per firewall
09bed16d3d Only load old manager if new system is disabled
ddf430fc1e Added remember me functionality
1c810d5d2a Added support for lazy firewalls
7859977324 Removed all mentions of 'guard' in the new system
999ec2795f Refactor to an event based authentication approach
b14a5e8c52 Moved new authenticator to the HTTP namespace
b923e4c4f6 Enabled remember me for the GuardManagerListener
873b949cf9 Mark new core authenticators as experimental
4c06236933 Fixes after testing in Demo application
fa4b3ec213 Implemented password migration for the new authenticators
5efa892395 Create a new core AuthenticatorInterface
50132587a1 Add provider key in PreAuthenticationGuardToken
526f75608b Added GuardManagerListener
a172bacaa6 Added FormLogin and Anonymous authenticators
9b7fddd10c Integrated GuardAuthenticationManager in the SecurityBundle
a6890dbcf0 Created HttpBasicAuthenticator and some Guard traits
c321f4d73a Created GuardAuthenticationManager to make Guard first-class Security
The AuthenticatorManager now performs the whole authentication process. This
allows for manual authentication without duplicating or publicly exposing parts
of the process.
This to remove confusion between the new system and Guard. When using the new
system, guard should not be installed. Guard did however influence the idea
behind the new system. Thus keeping the mentions of "guard" makes it confusing
to use the new system.
This allows more flexibility for the authentication manager (to e.g. implement
login throttling, easier remember me, etc). It is also a known design pattern
in Symfony HttpKernel.
This removes the introduced dependency on Guard from core. It also allows an
easier migration path, as the complete Guard subcomponent can now be deprecated
later in the 5.x life.
This is an iteration on the AuthenticatorInterface of the Guard, to allow more
flexibility so it can be used as a real replaced of the authentication
providers and listeners.
This PR was merged into the 4.4 branch.
Discussion
----------
[Cache] CacheItem with tag is never a hit after expired
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes/no
| New feature? | no
| Deprecations? | no
| Tickets | Fix#36458
| License | MIT
| Doc PR | symfony/symfony-docs#... <!-- required for new features -->
It seems like a tag cacheItem is never a hit again. Not sure how fix this but the cache component is really hard to debug 🙈 .
It need to be somewhere generally as all TagAware caches are effected:
```
1) Symfony\Component\Cache\Tests\Adapter\FilesystemTagAwareAdapterTest::testRefreshAfterExpires
Failed asserting that false is true.
/home/travis/build/symfony/symfony/src/Symfony/Component/Cache/Tests/Traits/TagAwareTestTrait.php:194
2) Symfony\Component\Cache\Tests\Adapter\PredisTagAwareClusterAdapterTest::testRefreshAfterExpires
Failed asserting that true is false.
/home/travis/build/symfony/symfony/src/Symfony/Component/Cache/Tests/Traits/TagAwareTestTrait.php:183
3) Symfony\Component\Cache\Tests\Adapter\RedisTagAwareAdapterTest::testRefreshAfterExpires
Failed asserting that true is false.
/home/travis/build/symfony/symfony/src/Symfony/Component/Cache/Tests/Traits/TagAwareTestTrait.php:183
4) Symfony\Component\Cache\Tests\Adapter\RedisTagAwareClusterAdapterTest::testRefreshAfterExpires
Failed asserting that true is false.
/home/travis/build/symfony/symfony/src/Symfony/Component/Cache/Tests/Traits/TagAwareTestTrait.php:183
```
Commits
-------
d082eca7dd Add reproducer to for hit after update expire cacheItem
f815b011c3 [Cache] fix FilesystemTagAwareAdapter failing when a tag link preexists
* 4.4:
[HttpFoundation] workaround PHP bug in the session module
[SecurityBundle] fix accepting env vars in remember-me configurations
[Form] Fixed handling groups sequence validation
[Cache] Avoid memory leak in TraceableAdapter::reset()
This PR was merged into the 3.4 branch.
Discussion
----------
[SecurityBundle] fix accepting env vars in remember-me configurations
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | Fix#36271
| License | MIT
| Doc PR | -
As @wouterj explained we cannot use env variables after #35910 merged.
> Hmm, so I'm guessing this is what happens:
>
> * `lifetime` is now an `integerNode()`
> * For the Config component (which IIRC doesn't know anything about env variables), you're passing a string: `"%env(int:REMEMBER_ME_COOKIE_LIFETIME)%"`
> * This throws an error, although if it wouldn't, the DI component would sucessfully process the string into a integer before it's used by any PHP class.
>
> So we either make Config aware of environment variables (that's probably a huge feature) or we revert the `integerNode()` changes (as you suggested).
>
> @HeahDude am I mislooking something, or would reverting these 2 lines not result in much harm? (only a little less strict config processor)
Commits
-------
46c278316c [SecurityBundle] fix accepting env vars in remember-me configurations
This PR was merged into the 3.4 branch.
Discussion
----------
[Form] Fixed handling groups sequence validation
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | FIx https://github.com/symfony/symfony/issues/9939#issuecomment-607459505, Fix#35556
| License | MIT
| Doc PR | ~
This is not the same as the original issue fixed by #36245, that was reported in https://github.com/symfony/symfony/issues/9939#issuecomment-607459505.
The form also fails to cascade sequence validation properly because each nested field is validated against the sequence, and one can fail at a step independently from another which could failed in another step. I've added a lot of tests to ensure this is working properly and tested in a website skeleton too.
This PR aims to close#35556 which tries to fix the same issue but afterwards in its implementation as said in https://github.com/symfony/symfony/pull/35556#discussion_r379289230.
Commits
-------
dfb61c204c [Form] Fixed handling groups sequence validation
This PR was merged into the 5.1-dev branch.
Discussion
----------
[RedisMessengerBridge] Add a delete_after_ack option
This allows Messenger to clean up processed messages from memory, avoiding a mem "leak" in redis
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| Deprecations? | no
| Tickets | https://github.com/symfony/symfony/issues/33715
| License | MIT
| Doc PR | symfony/symfony-docs#... TODO - will pile it on to https://github.com/symfony/symfony-docs/pull/11869 as it kinda binds together and a bigger refactor of the docs here is much needed to avoid all these gotchas
Right now by default a redis transport for messenger will leak memory as all messages stay in redis forever. You can configure `stream_max_entries` to automatically trim to a max of X entries, but that means if you have big peaks in messages you might start losing messages which have not been processed.
This PR provides an alternative to that, by deleting message as they are processed. This is ideal as it avoids having to find the right number for `stream_max_entries` (do you want to risk losing data or use more memory than needed on average?). The only catch is that if you have multiple groups consuming the same stream, the first one processing a message will delete it, so other groups will not see it. For that reason `setup()` attempts to detect this and fails hard if it is misconfigured to prevent data loss.
Commits
-------
7c416a7173 [RedisMessengerBridge] Add a delete_after_ack option to automatically clean up processed messages from memory
This PR was squashed before being merged into the 5.1-dev branch.
Discussion
----------
[Messenger] Add FIFO support to the SQS transport
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| Deprecations? | no
| Tickets | no
| License | MIT
| Doc PR | --
https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/FIFO-queues.html
Commits
-------
37601753f1 [Messenger] Add FIFO support to the SQS transport
This PR was squashed before being merged into the 5.1-dev branch.
Discussion
----------
[Cache] Added context to log messages
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| Deprecations? | no
| Tickets |
| License | MIT
| Doc PR | n/a
In my application logs, I've got many entries like:
> Failed to save key "foobar" of type string.
I know it is related to the cache, But I dont know from what adapter. I use a chain of Array, Apcu and Redis. This PR adds some context to that log entry so I know which one of my cache adapter that fails.
Commits
-------
a4d9e0fc94 [Cache] Added context to log messages
This PR was merged into the 5.1-dev branch.
Discussion
----------
Use ExpectDeprecationTrait
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | -
Commits
-------
08febef500 Use ExpectDeprecationTrait
This PR was merged into the 3.4 branch.
Discussion
----------
[Cache] Avoid memory leak in TraceableAdapter::reset()
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets |
| License | MIT
| Doc PR |
When we call `ServicesResetter::reset()`, we want to reset the
application to its initial states. We don't want a memory leak :p
Commits
-------
15a8610c0c [Cache] Avoid memory leak in TraceableAdapter::reset()
* 5.0:
[PhpUnitBridge] add PolyfillTestCaseTrait::expectExceptionMessageMatches to provide FC with recent phpunit versions
[Messenger] Make sure redis transports are initialized correctly
Remove return type for Twig function workflow_metadata()
[DI] fix typo
* 4.4:
[PhpUnitBridge] add PolyfillTestCaseTrait::expectExceptionMessageMatches to provide FC with recent phpunit versions
[Messenger] Make sure redis transports are initialized correctly
Remove return type for Twig function workflow_metadata()
[DI] fix typo
This PR was squashed before being merged into the 4.4 branch.
Discussion
----------
[PhpUnitBridge] add PolyfillTestCaseTrait::expectExceptionMessageMatches to provide FC with recent phpunit versions
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | no <!-- please update src/**/CHANGELOG.md files -->
| Deprecations? | no <!-- please update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| Tickets | na
| License | MIT
| Doc PR | na
expectExceptionMessageRegExp is deprecated coming phpunit 8.5.3 see https://github.com/sebastianbergmann/phpunit/issues/4133
Not sure if I need to add something else lmk.
Commits
-------
cfd5a29eaf [PhpUnitBridge] add PolyfillTestCaseTrait::expectExceptionMessageMatches to provide FC with recent phpunit versions
This PR was merged into the 4.4 branch.
Discussion
----------
Remove return type for Twig function workflow_metadata()
Technically it is allowed to have metadata other than string, even data that does not cast to string, like an array.
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | Fix#36391
| License | MIT
| Doc PR | n/a
The workflow metadata store can contain not only strings, but setting nested metadata results in an error when workflow_metadata() is used in Twig.
Also see #36391
Commits
-------
55664c5a17 Remove return type for Twig function workflow_metadata()
This PR was merged into the 5.1-dev branch.
Discussion
----------
[HttpFoundation] Add InputBag
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| Deprecations? | yes
| License | MIT
When ppl read a request attribute, they never check if an array is returned
This means many apps just fail with a 500 when adding `[]` in the query string.
This PR turns them to 400 basically (with a deprecation for now)
Commits
-------
0a2ef70c04 [HttpFoundation] add InputBag
This PR was merged into the 5.1-dev branch.
Discussion
----------
[Mailer][Messenger] add return statement for MessageHandler
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| Deprecations? | no <!-- please update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| Tickets |
| License | MIT
| Doc PR |
By returning the result of the transporter in `MessageHandler` we can get hold of `SentMessage` from `HandledStamp::getResult()`.
![image](https://user-images.githubusercontent.com/4582866/79046122-3bed9100-7c0f-11ea-878f-65a6eb610758.png)
Commits
-------
7854cb488e [Mailer][Messenger] add return statement for MessageHandler
This PR was merged into the 3.4 branch.
Discussion
----------
[Form] RepeatedType should always have inner types mapped
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Doc PR| https://github.com/symfony/symfony-docs/pull/13519 |
| Tickets | Fix#36410
| License | MIT
Always set mapped=true to override inner type mapped setting.
Throw an exception if inner types of RepeatedType has mapped=false
Commits
-------
728cd66a13 RepeatedType should always have inner types mapped
This PR was merged into the 5.1-dev branch.
Discussion
----------
[Form] Deprecated unused old `ServerParams` util
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | no
| Deprecations? | yes
| Tickets | ~
| License | MIT
| Doc PR | ~
A left over after https://github.com/symfony/symfony/pull/11924#issuecomment-56511557, this class is unused since Symfony 2.3 ^^'. I've noticed it before but never took the time to submit a PR because this is very minor IMHO. But since this deprecation should not impact anyone, let's keep the codebase clean and remove it in 6.0.
Commits
-------
e05e924c5a [Form] Deprecated unused old `ServerParams` util
This PR was squashed before being merged into the 5.1-dev branch.
Discussion
----------
[Console] cursor tweaks
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| Deprecations? | no <!-- please update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| Tickets | Refs #27444
| License | MIT
| Doc PR | n/a
While playing with the new cursor class, I realized that I would like to make some changes. Mainly having a fluent interface: `$cursor->moveUp(10)->clearOutput()` for instance.
I have also separater the `clearLine()` method in two method to avoid the bool arg.
/cc @pierredup
Commits
-------
5a7b3146f5 Make the Cursor class final
b0e7eb66e0 Make Cursor fluent
55fef914cc Split a method
d00b5b5e08 Remove default value
This PR was merged into the 5.1-dev branch.
Discussion
----------
[Notifier][Slack] Send messages using Incoming Webhooks
| Q | A
| ------------- | ---
| Branch? | master <!-- see below -->
| Bug fix? | no
| New feature? | yes <!-- please update src/**/CHANGELOG.md files -->
| Deprecations? | no <!-- please update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| Tickets | <!-- prefix each issue number with "Fix #", if any -->
| License | MIT
| Doc PR | <!-- required for new features -->
> Legacy tokens are a deprecated method of generating tokens for testing and development.
As tokens will became deprecated on May 5th, 2020 we should use Incoming Webhooks app for using this bundle.
**Usage:**
_`slack://hooks.slack.com/services/xxx/xxx/xxx`_
Commits
-------
4b0807bd1a [Notifier] Tweak Slack support
e242cc35e9 Git rebase form master
* 5.0:
[travis] fix CI (ter)
Revert "[travis][appveyor] don't cache .phpunit"
silence E_NOTICE triggered since PHP 7.4
[Form] Removed legacy check in `ValidationListener`
[HttpClient] fix HTTP/2 support on non-SSL connections - CurlHttpClient only
Force ping after transport Exception
do not merge constraints within interfaces
[Validator] Fixed default group for nested composite constraints
* 4.4:
[travis] fix CI (ter)
Revert "[travis][appveyor] don't cache .phpunit"
silence E_NOTICE triggered since PHP 7.4
[Form] Removed legacy check in `ValidationListener`
[HttpClient] fix HTTP/2 support on non-SSL connections - CurlHttpClient only
Force ping after transport Exception
do not merge constraints within interfaces
[Validator] Fixed default group for nested composite constraints
* 3.4:
Revert "[travis][appveyor] don't cache .phpunit"
silence E_NOTICE triggered since PHP 7.4
[Form] Removed legacy check in `ValidationListener`
do not merge constraints within interfaces
[Validator] Fixed default group for nested composite constraints
This PR was merged into the 3.4 branch.
Discussion
----------
[Validator] Fixed default group for nested composite constraints
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | Fix#33986
| License | MIT
| Doc PR | ~
Take a breath: when composite constraints are nested in a parent composite constraint without having non composite nested constraints (i.e empty), then the default group is not added, making the validator failing to validate in any group (including default), because there is no group at all, which should never happen.
Commits
-------
117ee34698 [Validator] Fixed default group for nested composite constraints
This PR was merged into the 4.4 branch.
Discussion
----------
[HttpClient] fix HTTP/2 support on non-SSL connections - CurlHttpClient only
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | Fix#36419
| License | MIT
| Doc PR | -
Commits
-------
a5b884cd94 [HttpClient] fix HTTP/2 support on non-SSL connections - CurlHttpClient only
This PR was merged into the 4.4 branch.
Discussion
----------
Force ping after transport exception
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | Fix#36301
| License | MIT
| Doc PR |
SMTP transport fails for long running processes after tranport exception, if stream is closed all messages will throw a transport exception until $lastMessageTime exceds $pingThreshold.
With this PR, after transport expception the transport will ping the server to check if the connection is still alive.
Commits
-------
7ccbef62f6 Force ping after transport Exception
This PR was merged into the 3.4 branch.
Discussion
----------
[Validator] do not merge constraints within interfaces
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | Fix#22538
| License | MIT
| Doc PR |
This fix disables merge constraints within interfaces.
There is no reason to merge constraints from one interface to another because each class merges the constraints of all its interfaces. Only one check is needed is to eliminate all interfaces that comes from parent class to avoid duplication.
Commits
-------
67f336b808 do not merge constraints within interfaces
This PR was merged into the 3.4 branch.
Discussion
----------
[Form] Removed legacy check in `ValidationListener`
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| Tickets | ~
| License | MIT
| Doc PR | ~
A left over of #13198, should have been removed in 3.0. The tests don't use `null` anymore, no update needed here, this is just about removing dead code.
Commits
-------
e479e51f7c [Form] Removed legacy check in `ValidationListener`
This PR was merged into the 5.1-dev branch.
Discussion
----------
[Serializer] UnwrappingDenormalizer
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
UnwrappingDenormalizer, registered with very high priority. Unwrapping the data if UNWRAP_PATH is provided.
Very often some APIs give nested responses in which we need only the child object. With UnwrappingDenormalizer we can get the needed object without creating unnecessary Model class that we don't really need.
Regarding to https://github.com/symfony/symfony/pull/28887 and https://github.com/symfony/symfony/pull/30894
Usage:
`$serialiser->deserialize('{"baz": {"foo": "bar", "inner": {"title": "value", "numbers": [5,3]}}}', Object::class, ['UnwrappingDenormalizer::UNWRAP_PATH' => '[baz][inner]'])`
Commits
-------
00d103d5f7 UnwrappingDenormalizer
This PR was merged into the 5.1-dev branch.
Discussion
----------
[ErrorHandler] Remove trigger_deprecation frame from trace
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | -
This accounts for the new `trigger_deprecation` function from [symfony/deprecation-contracts](https://github.com/symfony/deprecation-contracts).
Replaces #36329
Commits
-------
d4eb4a4bd7 [ErrorHandler] Remove trigger_deprecation frame from trace (add tests)
c293aee9ab [ErrorHandler] Remove trigger_deprecation frame from trace
This PR was merged into the 5.1-dev branch.
Discussion
----------
[DI] deprecate the `inline()` function from the PHP-DSL in favor of `service()`
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | no
| Deprecations? | yes
| Tickets | -
| License | MIT
| Doc PR | -
In the PHP-DSL, the `inline()` function helps declaring ... inline services.
I'm proposing to rename it to `service()`, for consistency with yaml tags. All other helpers but this one have the same name as the yaml tag.
Let's do this while "nobody" uses this format yet :)
Commits
-------
647d971ae4 [DI] deprecate the `inline()` function from the PHP-DSL in favor of `service()`
This PR was merged into the 5.1-dev branch.
Discussion
----------
[DI] allow decorators to reference their decorated service using the special `.inner` id
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | -
Right now, when one wants to decorate a service, one needs to reference the decorated service using `foo.inner`, where `foo` is the id of the decorating service.
There are two issues with this IMHO:
- it's weird to have to repeat the name of declaring service inside of it;
- it doesn't play well with child definitions.
In this PR, I propose to use `.inner` to fix both issues.
Before:
```yaml
services:
decorating_service:
arguments: [@decorating_service.inner]
decorates: decorated_service
```
After:
```yaml
services:
decorating_service:
arguments: [@.inner]
decorates: decorated_service
```
Commits
-------
7b6f767fbe [DI] allow decorators to reference their decorated service using the special `.inner` id
* 5.0:
[appveyor] bump cache
[Twig][Mime] Removed extra quotes in missing package exception message
[DI] µfix
Allowing empty secrets to be set
[DI] add missing property declarations in InlineServiceConfigurator
[DI] fix detecting short service syntax in yaml
Supress error from fread when reading a unix pipe
[HttpClient] Fix scoped client without query option configuration
[Workflow] Use a strict comparison when retrieving raw marking in MarkingStore
[Workflow] Use a strict comparison when retrieving raw markin in MarkingStore
* 4.4:
[appveyor] bump cache
[Twig][Mime] Removed extra quotes in missing package exception message
[DI] µfix
Allowing empty secrets to be set
[DI] add missing property declarations in InlineServiceConfigurator
[DI] fix detecting short service syntax in yaml
Supress error from fread when reading a unix pipe
[HttpClient] Fix scoped client without query option configuration
[Workflow] Use a strict comparison when retrieving raw marking in MarkingStore
[Workflow] Use a strict comparison when retrieving raw markin in MarkingStore
This PR was merged into the 4.4 branch.
Discussion
----------
[HttpClient] Fix scoped client without query option configuration
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets |
| License | MIT
| Doc PR |
The `query` key default value is an [empty array](https://github.com/symfony/symfony/blob/v4.4.7/src/Symfony/Component/Config/Definition/PrototypedArrayNode.php#L30) and because of that it is always set. Processing a configuration for a scoped HTTP client (which has a `scope` and does not have a `base_uri`) results in the configuration being invalid. The error message says that query parameters cannot be aplied to the base URI since it is not defined (which doesn't make sense since the query parameters don't exist because they are empty).
Commits
-------
a07578dba3 [HttpClient] Fix scoped client without query option configuration
This PR was merged into the 4.4 branch.
Discussion
----------
[DI] fix detecting short service syntax in yaml
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | -
We do allow interfaces/classes as keys in arguments, yet the short syntax fails to know about those.
This fixes it, allowing one to use:
```
services:
App\Foo:
App\BarInterface: '@App\BarClass'
```
As a reminder, by-name is also allowed:
```
services:
App\Foo: {
$bar: '@App\BarClass'
}
```
Commits
-------
bf17165fb1 [DI] fix detecting short service syntax in yaml
This PR was merged into the 4.4 branch.
Discussion
----------
[DI] add missing property declarations in InlineServiceConfigurator
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | -
These are accessed by the traits used by the class.
Commits
-------
a6a4442cd9 [DI] add missing property declarations in InlineServiceConfigurator
This PR was merged into the 4.4 branch.
Discussion
----------
Allowing empty secrets to be set
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | None
| License | MIT
| Doc PR | Not needed
Setting secrets to an empty string is a valid value - you can already do this by consuming from an empty file or `stdin` with no input. But it's *not* currently possible to use the interactive prompt to set a secret to an empty string. This fixes that.
Commits
-------
c9bf0c8683 Allowing empty secrets to be set
This PR was merged into the 4.4 branch.
Discussion
----------
[Process] Fixed input/output error on PHP 7.4
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | Fix#34945
| License | MIT
| Doc PR |
This PR aims to fix the error from #34945, but i'm unsure if this is the best solution. The issue is that on PHP 7.4 the input/output error may come up.
php.net/manual/en/migration74.incompatible.php#migration74.incompatible.core.fread-fwrite
> fread() and fwrite() will now return FALSE if the operation failed. Previously an empty string or 0 was returned. EAGAIN/EWOULDBLOCK are not considered failures. These functions now also raise a notice on failure, such as when trying to write to a read only file resource.
Commits
-------
b98abde65a Supress error from fread when reading a unix pipe
This PR was squashed before being merged into the 5.1-dev branch.
Discussion
----------
Update Connection.php
Get `region` from `host` to prevent error "Credential should be scoped to a valid region, not '...'" and make it easier to setup DSN
| Q | A
| ------------- | ---
| Branch? | master for features / 3.4, 4.4 or 5.0 for bug fixes <!-- see below -->
| Bug fix? | yes/no
| New feature? | yes/no <!-- please update src/**/CHANGELOG.md files -->
| Deprecations? | no <!-- please update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| Tickets | Fix #... <!-- prefix each issue number with "Fix #", if any -->
| License | MIT
| Doc PR | symfony/symfony-docs#... <!-- required for new features -->
<!--
Replace this notice by a short README for your feature/bugfix. This will help people
understand your PR and can be used as a start for the documentation.
Additionally (see https://symfony.com/releases):
- Always add tests and ensure they pass.
- Never break backward compatibility (see https://symfony.com/bc).
- Bug fixes must be submitted against the lowest maintained branch where they apply
(lowest branches are regularly merged to upper ones so they get the fixes too.)
- Features and deprecations must be submitted against branch master.
-->
Commits
-------
af6804828b Update Connection.php
This PR was merged into the 5.1-dev branch.
Discussion
----------
[OptionsResolver] Improve the deprecation feature by handling package and version
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? |no
| New feature? | yes
| Deprecations? | yes
| Tickets |
| License | MIT
| Doc PR | TODO
Commits
-------
c3f5e2c1c8 [OptionsResolver] Improve the deprecation feature by handling package + version
* 5.0:
[PropertyAccess] fix tests
[WebProfilerBundle] fix test
remove assertions that can never be reached
[PropertyAccess] Improve message of unitialized property in php 7.4
[HttpFoundation] Fixed session migration with custom cookie lifetime
[HttpKernel][FrameworkBundle] fix compat with Debug component
[Serializer] Remove unused variable
Allow URL-encoded special characters in basic auth part of URLs
[Serializer] Fix unitialized properties (from PHP 7.4.2) when serializing context for the cache key
[Validator] Add missing Ukrainian and Russian translations
Track session usage when setting the token
[4.4][MonologBridge] Fix $level type
[5.0][MonologBridge] Fix $level type
No need to reconnect the bags to the session
Support for Content Security Policy style-src-elem and script-src-elem in WebProfiler
[PropertyInfo][ReflectionExtractor] Check the array mutator prefixes last when the property is singular
[Security][Http][SwitchUserListener] Ignore all non existent username protection errors
Add installation and minimal example to README
* 4.4:
[PropertyAccess] fix tests
[WebProfilerBundle] fix test
remove assertions that can never be reached
[PropertyAccess] Improve message of unitialized property in php 7.4
[HttpFoundation] Fixed session migration with custom cookie lifetime
[HttpKernel][FrameworkBundle] fix compat with Debug component
[Serializer] Remove unused variable
Allow URL-encoded special characters in basic auth part of URLs
[Serializer] Fix unitialized properties (from PHP 7.4.2) when serializing context for the cache key
[Validator] Add missing Ukrainian and Russian translations
Track session usage when setting the token
[4.4][MonologBridge] Fix $level type
No need to reconnect the bags to the session
Support for Content Security Policy style-src-elem and script-src-elem in WebProfiler
[PropertyInfo][ReflectionExtractor] Check the array mutator prefixes last when the property is singular
[Security][Http][SwitchUserListener] Ignore all non existent username protection errors
Add installation and minimal example to README
* 3.4:
[PropertyAccess] fix tests
[WebProfilerBundle] fix test
remove assertions that can never be reached
[PropertyAccess] Improve message of unitialized property in php 7.4
[HttpFoundation] Fixed session migration with custom cookie lifetime
[Serializer] Remove unused variable
Allow URL-encoded special characters in basic auth part of URLs
[Serializer] Fix unitialized properties (from PHP 7.4.2) when serializing context for the cache key
[Validator] Add missing Ukrainian and Russian translations
No need to reconnect the bags to the session
Support for Content Security Policy style-src-elem and script-src-elem in WebProfiler
[PropertyInfo][ReflectionExtractor] Check the array mutator prefixes last when the property is singular
This PR was merged into the 3.4 branch.
Discussion
----------
[PropertyInfo][ReflectionExtractor] Check the array mutator prefixes last when the property is singular
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | https://github.com/symfony/symfony/issues/36079
| License | MIT
| Doc PR | -
Check the related tickets that have a very descriptive example.
If the property is singular, we should prioritize non array mutator prefixes and do the opposite for plural property. It relies on some guessing but it actually fixes real world scenarios.
Commits
-------
b4df2b9dff [PropertyInfo][ReflectionExtractor] Check the array mutator prefixes last when the property is singular
This PR was squashed before being merged into the 3.4 branch.
Discussion
----------
[PropertyAccess] Improve message of unitialized property in php 7.4
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| Tickets | Fix#36277
| License | MIT
Improve message of unitialized property in php 7.4 ;
Before
You should either initialize it or make it nullable using "?string" instead.
After
You should either initialize it or make it nullable using "?string $var = null" instead.
Commits
-------
3c8bf2d29d [PropertyAccess] Improve message of unitialized property in php 7.4
This PR was merged into the 5.1-dev branch.
Discussion
----------
[HttpFoundation] Add support for all core response http control directives
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| Deprecations? | no
| Tickets | Fix#35720
| License | MIT
| Doc PR | N/A
Add support for all core cache-control directives
see : https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Cache-Control
Commits
-------
011cd38974 [HttpFoundation] Add support for all core http control directives
This PR was squashed before being merged into the 3.4 branch.
Discussion
----------
[HttpFoundation] Fixed session migration with custom cookie lifetime
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | Fix#28577
| License | MIT
| Doc PR |
This PR adds the fix proposed in https://github.com/symfony/symfony/issues/28577#issuecomment-578052397
Commits
-------
3e824de385 [HttpFoundation] Fixed session migration with custom cookie lifetime
This PR was merged into the 5.1-dev branch.
Discussion
----------
[HttpKernel] allow cache warmers to add to the list of preloaded classes and files
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| Deprecations? | yes
| Tickets | -
| License | MIT
| Doc PR | -
This PR makes cache warmers responsible for returning a list of classes or files to preload. It does so by adding the following to `WarmableInterface::warmUp()`:
`@return string[] A list of classes or files to preload on PHP 7.4+`
Of course, this return value is properly implemented so that we can see what this provides in practice. Here are the benchmarks on a simple Hello World rendered with Twig:
- without preloading: 360 req/s
- with preloading in master: 560 req/s (+55%)
- with preloading and this PR: 630 req/s (+75%)
Commits
-------
8ab75d99d4 [HttpKernel] allow cache warmers to add to the list of preloaded classes and files
This PR was merged into the 5.1-dev branch.
Discussion
----------
[Mime] strengthen is_resource() checks
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | -
Improves seekable checks by using
`stream_get_meta_data($h)['seekable'] && 0 === fseek($h, 0, SEEK_CUR)`
instead of just
`stream_get_meta_data($h)['seekable']`
which is better when using userland stream wrappers.
Commits
-------
be9c675710 [Mime] strengthen is_resource() checks
This PR was squashed before being merged into the 5.1-dev branch.
Discussion
----------
[Security] Refactor logout listener to dispatch an event instead
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | yes (sort of...)
| New feature? | yes
| Deprecations? | yes
| Tickets | Fix#25212, Fix#22473
| License | MIT
| Doc PR | tbd
The current `LogoutListener` has some extension points, but they are not really DX-friendly (ref #25212). It requires hacking a `addMethodCall('addHandler')` in the container builder to register a custom logout handler.
Also, it is impossible to overwrite the default logout functionality from a bundle (ref #22473).
This PR introduces a `LogoutEvent` that replaces both the `LogoutSuccessHandlerInterface` and `LogoutHandlerInterface`. This provides a DX-friendly extension point and also cleans up the authentication factories (no more `addMethodCall()`'s).
In order to allow different logout handlers for different firewalls, I created a specific event dispatcher for each firewall (as also shortly discussed in #33558). The `dispatcher` tag attribute allows you to specify which dispatcher it should be registered to (defaulting to the global dispatcher). The `EventBubblingLogoutListener` also dispatches logout events on the global dispatcher, to be used for listeners that should run on all firewalls.
_@weaverryan and I discussed this feature while working on #33558, but figured it was unrelated and could be done while preservering BC. So that's why a separate PR is created._
Commits
-------
a9f096eb1f [Security] Refactor logout listener to dispatch an event instead
This PR was merged into the 4.4 branch.
Discussion
----------
[Routing] Add installation and minimal example to README
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| Tickets | n/a
| License | MIT
| Doc PR | symfony/symfony-docs#13431
Similair to what I did in #35552, this PR updates the README of the Routing component to include a minimal example and installation command.
Commits
-------
be6612060c Add installation and minimal example to README
This PR was merged into the 3.4 branch.
Discussion
----------
[WebProfilerBundle] Support for Content Security Policy style-src-elem and script-src-elem in WebProfiler
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no <!-- please update src/**/CHANGELOG.md files -->
| Deprecations? | no <!-- please update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| License | MIT
If a `style-src-elem` or `script-src-elem` Content Security Policy exist, the WebProfiler Styles or Scripts will be rejected as the nonce is missing.
Commits
-------
7f33f1fa3a Support for Content Security Policy style-src-elem and script-src-elem in WebProfiler
This PR was squashed before being merged into the 5.1-dev branch.
Discussion
----------
[Messenger] Add a \Throwable argument in RetryStrategyInterface methods
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| Deprecations? | no
| Tickets | Fix#36182
| License | MIT
This allows to define new retry strategies based on the exceptions thrown during the last handling.
Commits
-------
5fa9d68e8b [Messenger] Add a \Throwable argument in RetryStrategyInterface methods
This PR was merged into the 3.4 branch.
Discussion
----------
[HttpFoundation] No need to reconnect the bags to the session after session_regenerate_id
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | -
Bug https://bugs.php.net/70013 was fixed before the release of PHP v7.0
https://3v4l.org/A8YmY
Related to https://github.com/symfony/symfony/pull/15243
Commits
-------
923c24f438 No need to reconnect the bags to the session
This PR was merged into the 4.4 branch.
Discussion
----------
[Security] Track session usage whenever a new token is set
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | Fix#36208
| License | MIT
| Doc PR | -
When using `anonymous: lazy`, the programatic login using the guard handler is broken. As the `setToken()` does not track usage, the index remains equal.
I tried fixing this more properly in e.g. the `SessionStrategy::onAuthentication` class, but I couldn't get it working (as `$request->hasPreviousSession()` returns false, the session strategy isn't called). `setToken()` can also not be made usage tracking afaics, because it would directly break (`setToken(null)` is called in `ContextListener`).
The current fix does however look really ugly, but I can't find anything better with my minor knowledge of this session usage tracking feature. I'm open for all ideas :)
Commits
-------
8d96dbd08b Track session usage when setting the token
This PR was squashed before being merged into the 3.4 branch.
Discussion
----------
[Serializer] Fix unitialized properties (from PHP 7.4.2) when serializing context for the cache key
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | Fix https://github.com/symfony/symfony/issues/35574https://github.com/doctrine/orm/issues/8030
| License | MIT
| Doc PR | N/A
This bug only happens on the following conditions:
- A Doctrine entity (`Book`) having a relation with another entity (`Author`) is used;
- The `Author` entity uses typed properties (PHP 7.4) not initialized;
- The `Serializer` is used with the `Book` in the `OBJECT_TO_POPULATE` key in the context.
For instance:
```php
<?php
declare(strict_types=1);
namespace App\Entity;
use Doctrine\ORM\Mapping as ORM;
/** @ORM\Entity */
class Book
{
/**
* @ORM\ManyToOne(targetEntity="Author")
*/
public Author $author;
public ?string $isbn;
}
```
```php
<?php
declare(strict_types=1);
namespace App\Entity;
use Doctrine\ORM\Mapping as ORM;
/** @ORM\Entity */
class Author
{
public ?string $name;
}
```
Or even:
```php
<?php
declare(strict_types=1);
namespace App\Entity;
use Doctrine\ORM\Mapping as ORM;
/** @ORM\Entity */
class Author
{
private string $name;
public function __construct()
{
$this->name = 'Leo';
}
}
```
If the following is done (it's the case for instance in API Platform when a `PUT` is made):
```php
$serializer->deserialize('{"isbn":"2038717141"}', Book::class, 'json', ['object_to_populate' => $book]);
```
Then there will be the following error:
> Fatal error: Typed property Proxies\__CG__\App\Entity\Author::$ must not be accessed before initialization (in __sleep)
It's because of these lines in the `getCacheKey` method of the `AbstractObjectNormalizer`:
5da141b8d0/src/Symfony/Component/Serializer/Normalizer/AbstractObjectNormalizer.php (L405-L409)
Since the lazy proxyfied relation has a `__sleep` with unitialized properties, the `serialize` method will throw (since https://bugs.php.net/bug.php?id=79002: 846b647953).
I propose to fix this issue by unsetting the `OBJECT_TO_POPULATE` key in the context because I don't think it's useful for determining the attributes of the object.
For the next versions of Symfony, the fix should probably be elsewhere, in the default context.
For instance in Symfony 4.4, instead of:
15edfd39d4/src/Symfony/Component/Serializer/Normalizer/AbstractObjectNormalizer.php (L118)
It should be:
```php
$this->defaultContext[self::EXCLUDE_FROM_CACHE_KEY] = [self::CIRCULAR_REFERENCE_LIMIT_COUNTERS, self::OBJECT_TO_POPULATE];
```
But I'm not sure how it should be merged (another PR maybe?).
Commits
-------
1fafff7c10 [Serializer] Fix unitialized properties (from PHP 7.4.2) when serializing context for the cache key
This PR was squashed before being merged into the 3.4 branch.
Discussion
----------
[Validator] Add missing Ukrainian and Russian translations
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| Tickets | none
| License | MIT
Commits
-------
d43ef4ec92 [Validator] Add missing Ukrainian and Russian translations
This PR was merged into the 5.1-dev branch.
Discussion
----------
[Config] Improve the deprecation features by handling package and version
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| Deprecations? | yes
| Tickets | https://github.com/orgs/symfony/projects/1#card-32681032
| License | MIT
| Doc PR | TODO
Commits
-------
f4de76dba0 [Config] Improve the deprecation features by handling package and version
This PR was merged into the 5.1-dev branch.
Discussion
----------
[DependencyInjection] Fix alias deprecations with package and version
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | -
Firstly, this PR fixes the alias dump by the XmlDumper to be consistent with stof comment in the inital PR (the message is the node content) - it is the case for deprecated services. Otherwise, we need to add the "message" attribute in the XSD.
Secondly, it fixes the arguments when the deprecation is actually triggered as well as two related tests.
Commits
-------
5ee5654171 [DependencyInjection] Fix alias deprecations with package and version
* 5.0:
Fix wrong namespaces
Fix wrong namespaces
Fix the reporting of deprecations in twig:lint
forward multiple attributes voting flag
bumped Symfony version to 5.0.8
updated VERSION for 5.0.7
updated CHANGELOG for 5.0.7
bumped Symfony version to 4.4.8
updated VERSION for 4.4.7
updated CHANGELOG for 4.4.7
[Validator] Fixed calling getters before resolving groups
[HttpKernel][LoggerDataCollector] Prevent keys collisions in the sanitized logs processing
* 4.4:
Fix wrong namespaces
Fix wrong namespaces
Fix the reporting of deprecations in twig:lint
forward multiple attributes voting flag
bumped Symfony version to 4.4.8
updated VERSION for 4.4.7
updated CHANGELOG for 4.4.7
[Validator] Fixed calling getters before resolving groups
[HttpKernel][LoggerDataCollector] Prevent keys collisions in the sanitized logs processing
This PR was merged into the 5.1-dev branch.
Discussion
----------
[HttpFoundation][HttpKernel][Security] Improve UnexpectedSessionUsageException backtrace
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes <!-- please update src/**/CHANGELOG.md files -->
| Deprecations? | no <!-- please update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| Tickets |
| License | MIT
| Doc PR |
Improve `UnexceptedSessionUsageException` backtrace so that it leads to the place in the userland where it was told to use session.
Commits
-------
1e1d332c7c Improve UnexcpectedSessionUsageException backtrace
This PR was squashed before being merged into the 5.1-dev branch.
Discussion
----------
[FrameworkBundle] Dump kernel extension configuration
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| Deprecations? | no
| Tickets | #34756
| License | MIT
If the kernel is a container extension and defines a configuration, the `config:dump-reference` will now be able to dump it.
Commits
-------
2ccafb1eb3 [FrameworkBundle] Dump kernel extension configuration
This PR was merged into the 5.1-dev branch.
Discussion
----------
[DI] dump factory files as classes
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | -
This PR is a performance improvement when using `bin/console` on the command line.
Once upon a time, we advised setting `container.dumper.inline_factories` to `false` so that the container could be chunked into many files. More recently, we turned this setting back to `true` in order to optimize for preloading. But this made `bin/console` back to slow: since the CLI cannot have opcache, PHP has to parse this potentially big file all the time. Previous data already showed this can grow big.
This PR fixes the issue by generating many files again. But instead of generating the inline code within each file, we now wrap this code inside a class. Then we list this class for preloading.
This way, we have the best of both worlds: a `bin/console` that scales no matter the size of the app and top perf when using preloading (I benched a small hello world before/after the patch with preloading enabled, there is no measurable difference.)
This should also fix a memory leak that happens when factory files contain closures.
Commits
-------
cedb5cd429 [DI] dump factory files as classes
This PR was merged into the 3.4 branch.
Discussion
----------
[HttpKernel][LoggerDataCollector] Prevent keys collisions in the sanitized logs processing
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | https://github.com/symfony/symfony/issues/36159
| License | MIT
| Doc PR | -
`$sanitizedLogs` is used with numeric and "associative" keys. To prevent collisions when the message is a number, we can simply prepend all messages with a random letter (so we avoid a behavior refactor). It doesn't matter since they key is only used for the processing, it is dropped at the end.
Commits
-------
79fe888072 [HttpKernel][LoggerDataCollector] Prevent keys collisions in the sanitized logs processing
This PR was merged into the 4.4 branch.
Discussion
----------
Fix the reporting of deprecations in twig:lint
| Q | A
| ------------- | ---
| Branch? | 4.4 (the `--show-deprecations` option does not exist in 3.4)
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | n/a
| License | MIT
| Doc PR | n/a
- ensure that the message is rendered when the line detection fails and we end up with 0 as line number (the implementation also deals with -1 which is sometimes used by Twig for errors when it does not know the line, even though this should not happen for compile-time errors).
- fix the detection of the line number when the number is at the end of the sentence, which happens for the deprecation of filters for instance.
Commits
-------
c329ca7e01 Fix the reporting of deprecations in twig:lint
- ensure that the message is rendered when the line detection fails and
we end up with 0 as line number (the implementation also deals with -1
which is sometimes used by Twig for errors when it does not know the
line, even though this should not happen for compile-time errors).
- fix the detection of the line number when the number is at the end of
the sentence, which happens for the deprecation of filters for
instance.
This PR was squashed before being merged into the 5.1-dev branch.
Discussion
----------
[Uid] Improve the code
Improve the reuse of code, programing for extension and not for modification, create a Trait with similar behavior for getTime method in uuid types. Eliminate duplicate code in Uuid
| Q | A
| ------------- | ---
| Branch? | 5.1
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| Tickets | Fix #...
| License | MIT
| Doc PR | symfony/symfony-docs#...
Keep the same functionality, just improve a little the code, eliminating duplications and reusing some lines.
Commits
-------
106c733bce [Uid] Improve the code
* 5.0:
[HttpFoundation] Do not set the default Content-Type based on the Accept header
[Security] Fix access_control behavior with unanimous decision strategy
* 4.4:
[HttpFoundation] Do not set the default Content-Type based on the Accept header
[Security] Fix access_control behavior with unanimous decision strategy
* 5.0: (27 commits)
Fix versions
[Security/Http] Allow setting cookie security settings for delete_cookies
[DI] fix generating TypedReference from PriorityTaggedServiceTrait
[FrameworkBundle] revert to legacy wiring of the session when circular refs are detected
bumped Symfony version to 3.4.40
updated VERSION for 3.4.39
update CONTRIBUTORS for 3.4.39
updated CHANGELOG for 3.4.39
[DomCrawler] Fix BC break in assertions breaking Panther
[BrowserKit] fixed missing post request parameters in file uploads
update Italian translation
[Validator] Add missing Hungarian translations
[Validator] Add the missing translations for the Arabic (ar) locale
[Validator] Add missing vietnamese translations
[Console] Fix OutputStream for PHP 7.4
add missing gitattributes for phpunit-bridge
add German translations
Bump Symfony version to 5.0.7
Update VERSION for 5.0.6
Update CHANGELOG for 5.0.6
...
* 4.4:
Fix versions
[Security/Http] Allow setting cookie security settings for delete_cookies
[DI] fix generating TypedReference from PriorityTaggedServiceTrait
[FrameworkBundle] revert to legacy wiring of the session when circular refs are detected
bumped Symfony version to 3.4.40
updated VERSION for 3.4.39
update CONTRIBUTORS for 3.4.39
updated CHANGELOG for 3.4.39
[DomCrawler] Fix BC break in assertions breaking Panther
[BrowserKit] fixed missing post request parameters in file uploads
update Italian translation
[Validator] Add missing Hungarian translations
[Validator] Add the missing translations for the Arabic (ar) locale
[Validator] Add missing vietnamese translations
[Console] Fix OutputStream for PHP 7.4
add German translations
bug #36157 [Validator] Assert Valid with many groups
[Validator] Add missing Lithuanian translations
Fixed some typos
Add french "at least" constraint translations
* 3.4:
Fix versions
[Security/Http] Allow setting cookie security settings for delete_cookies
[FrameworkBundle] revert to legacy wiring of the session when circular refs are detected
bumped Symfony version to 3.4.40
updated VERSION for 3.4.39
update CONTRIBUTORS for 3.4.39
updated CHANGELOG for 3.4.39
update Italian translation
[Validator] Add missing Hungarian translations
[Validator] Add the missing translations for the Arabic (ar) locale
[Validator] Add missing vietnamese translations
[Console] Fix OutputStream for PHP 7.4
add German translations
bug #36157 [Validator] Assert Valid with many groups
[Validator] Add missing Lithuanian translations
Fixed some typos
Add french "at least" constraint translations
This PR was merged into the 3.4 branch.
Discussion
----------
[Security/Http] Allow setting cookie security settings for delete_cookies
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | Fix https://github.com/symfony/symfony/pull/36243#discussion_r399646893
| License | MIT
| Doc PR | tbd
Similar to #36173 and #36175. This is needed for Chrome 80 compatibility.
My only question is whether we should introduce these specific settings, or somehow fetch them from `framework.session`?
Commits
-------
a696d1f3af [Security/Http] Allow setting cookie security settings for delete_cookies
This PR was merged into the 3.4 branch.
Discussion
----------
[Validator] Assert Valid with many groups
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | Fix https://github.com/symfony/symfony/issues/36157
| License | MIT
Make a reference object get validated by each group when using the Valid constraint with many groups
Commits
-------
c9aa3a849a bug #36157 [Validator] Assert Valid with many groups
This PR was merged into the 3.4 branch.
Discussion
----------
[Validator] Add missing vietnamese translations
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | no <!-- please update src/**/CHANGELOG.md files -->
| Deprecations? | no <!-- please update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| Tickets | - <!-- prefix each issue number with "Fix #", if any -->
| License | MIT
| Doc PR | - <!-- required for new features -->
<!--
Replace this notice by a short README for your feature/bugfix. This will help people
understand your PR and can be used as a start for the documentation.
Additionally (see https://symfony.com/releases):
- Always add tests and ensure they pass.
- Never break backward compatibility (see https://symfony.com/bc).
- Bug fixes must be submitted against the lowest maintained branch where they apply
(lowest branches are regularly merged to upper ones so they get the fixes too.)
- Features and deprecations must be submitted against branch master.
-->
Commits
-------
25fdc8e580 [Validator] Add missing vietnamese translations
This PR was squashed before being merged into the 3.4 branch.
Discussion
----------
[Console] Fix OutputStream for PHP 7.4
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | Fix#36166
| License | MIT
From PHP 7.4, `fwrite` function now returns false for any failure: https://www.php.net/manual/en/migration74.incompatible.php#migration74.incompatible.core.fread-fwrite
Actually, the note in the PHP documentation is not exact: for PHP 7.3 and lower, `fwrite` function did return false when arguments passed in to the function were invalid, and 0 for other failures. From PHP 7.4, it returns false for any failure.
We can see it in the source code: for PHP 7.3: a1a8d14485/ext/standard/file.c (L1140)
Compare to PHP 7.4: https://github.com/php/php-src/blob/master/ext/standard/file.c#L1136
I update `OutputStream::doWrite()` to keep the same behavior as before.
Commits
-------
b375f93ed7 [Console] Fix OutputStream for PHP 7.4
This PR was squashed before being merged into the 4.4 branch.
Discussion
----------
add missing gitattributes for phpunit-bridge
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | no
| New feature? | no <!-- please update src/**/CHANGELOG.md files -->
| Deprecations? | no <!-- please update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| Tickets |
| License | MIT
| Doc PR |
Seems like the phpunit bridge has been forgotten in https://github.com/symfony/symfony/pull/33579
Commits
-------
d4c052a2fa add missing gitattributes for phpunit-bridge
When using allow_extra_fields feature (and set to false) with an extra_fields_message, this message may now support pluralization regarding count of extra fields (extra data). e.g. "extra field found|extra fields found"
* 5.0:
[Http Foundation] Fix clear cookie samesite
[Security] Check if firewall is stateless before checking for session/previous session
[Form] Support customized intl php.ini settings
[Security] Remember me: allow to set the samesite cookie flag
[Debug] fix for PHP 7.3.16+/7.4.4+
[Validator] Backport translations
[Mailer] Use %d instead of %s for error code in error messages
[HttpKernel] fix locking for PHP 7.4+
[Security] Fixed hardcoded value of SODIUM_CRYPTO_PWHASH_MEMLIMIT_INTERACTIVE
Prevent warning in proc_open()
[FrameworkBundle] Fix Router Cache
Fix deprecation messages
* 4.4:
[Http Foundation] Fix clear cookie samesite
[Security] Check if firewall is stateless before checking for session/previous session
[Form] Support customized intl php.ini settings
[Security] Remember me: allow to set the samesite cookie flag
[Debug] fix for PHP 7.3.16+/7.4.4+
[Validator] Backport translations
[Mailer] Use %d instead of %s for error code in error messages
[HttpKernel] fix locking for PHP 7.4+
[Security] Fixed hardcoded value of SODIUM_CRYPTO_PWHASH_MEMLIMIT_INTERACTIVE
Prevent warning in proc_open()
[FrameworkBundle] Fix Router Cache
Fix deprecation messages
* 3.4:
[Http Foundation] Fix clear cookie samesite
[Security] Check if firewall is stateless before checking for session/previous session
[Form] Support customized intl php.ini settings
[Security] Remember me: allow to set the samesite cookie flag
[Debug] fix for PHP 7.3.16+/7.4.4+
[Validator] Backport translations
Prevent warning in proc_open()
This PR was merged into the 3.4 branch.
Discussion
----------
[Security/Http] Remember me: allow to set the samesite cookie flag
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | -
Similar to #35605, since Chrome 80 is going to require the `samesite` attribute.
This is a cherry-pick of #27976
Commits
-------
f0ceb73397 [Security] Remember me: allow to set the samesite cookie flag
This PR was squashed before being merged into the 3.4 branch.
Discussion
----------
[Http Foundation] Fix clear cookie samesite
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | Fix#36107
| License | MIT
With Chrome Update 80, Cookies are required to be `secure` and `samesite=none` for cross site requests. However they are defaulted to `samesite=lax` if the samesite attribute is not set. In other words: developer has to explicitely opt-in for `samesite=none` in the case of a cross site request.
More details: https://chromestatus.com/feature/5088147346030592
We add the `samesite` argument to `clearCookie` method to allow developer to explicitely set this value.
Commits
-------
4bdea1f2e7 [Http Foundation] Fix clear cookie samesite
`IntlDateParser->parse()` behaves differently when `intl.error_level` and/or `intl.use_exceptions` are not 0.
This change makes sure `\IntlException` is caught when `intl.use_exceptions` is 1 and warnings thrown when `intl.error_level` is not 0 are ignored.
This PR was merged into the 5.1-dev branch.
Discussion
----------
[HttpClient] Issue notice when NativeHttpClient is used
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | -
Simple PR to issue a notice to notify the user that `ext-curl` or `amphp/http-client` should be installed to use an HTTP/2 capable HTTP client. Not sure on the notice wording.
Commits
-------
874c1e6ab0 [HttpClient] Issue notice when NativeHttpClient is used
This PR was merged into the 5.1-dev branch.
Discussion
----------
[Notifier][Slack] Add fields on Slack Section block
| Q | A
| ------------- | ---
| Branch? | master <!-- see below -->
| Bug fix? | no
| New feature? | yes <!-- please update src/**/CHANGELOG.md files -->
| Deprecations? | no <!-- please update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| Tickets | <!-- prefix each issue number with "Fix #", if any -->
| License | MIT
| Doc PR | <!-- required for new features -->
<!--
Replace this notice by a short README for your feature/bugfix. This will help people
understand your PR and can be used as a start for the documentation.
Additionally (see https://symfony.com/releases):
- Always add tests and ensure they pass.
- Never break backward compatibility (see https://symfony.com/bc).
- Bug fixes must be submitted against the lowest maintained branch where they apply
(lowest branches are regularly merged to upper ones so they get the fixes too.)
- Features and deprecations must be submitted against branch master.
-->
Added `fields` field on section block.
> An array of text objects. Any text objects included with fields will be rendered in a compact format that allows for 2 columns of side-by-side text. Maximum number of items is 10. Maximum length for the text in each item is 2000 characters.
Example of use:
```
$slackOptions = (new SlackOptions())
->block((new SlackSectionBlock())->text('My message'))
->block(new SlackDividerBlock())
->block(
(new SlackSectionBlock())
->field('*Max Rating*')
->field('5.0')
->field('*Min Rating*')
->field('1.0')
);
```
Expected output:
<img width="677" alt="Screen Shot 2020-03-21 at 09 57 36" src="https://user-images.githubusercontent.com/65848/77222314-b8360c80-6b5a-11ea-874c-2cfb1829f839.png">
Commits
-------
faad197e85 Added fields on Slack Section block
This PR was squashed before being merged into the 5.1-dev branch.
Discussion
----------
[Mailer][Mailgun] Support more headers
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| Deprecations? | yes
| Tickets | Fix#35776
| License | MIT
| Doc PR |
Im not sure if this should be classified as a bug since "setting headers are broken". Ie, you cannot use some Mailgun API features.
Or, this may be a feature because now you may specify any supported custom header you want.
Commits
-------
537c8b8aa6 [Mailer][Mailgun] Support more headers
This PR was merged into the 5.1-dev branch.
Discussion
----------
[FrameworkBundle][Routing] Add link to source to router:match
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| Deprecations? | no
| Tickets | https://github.com/orgs/symfony/projects/1#card-30505860
| License | MIT
| Doc PR |
Add link to source on `debug:router`/`router:match` when `framework.ide` is configured
Commits
-------
a96690cce5 [FrameworkBundle][Routing] Add link to source to router:match
This PR was merged into the 5.1-dev branch.
Discussion
----------
[Form][CheckboxType] Remove _false_is_empty flag
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | -
Cleanup of https://github.com/symfony/symfony/pull/35938.
Commits
-------
6fac6d4086 [Form][CheckboxType] Remove _false_is_empty flag
This PR was merged into the 4.4 branch.
Discussion
----------
[FrameworkBundle] Fix deprecation message for booting a kernel twice
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | no
| New feature? | no <!-- please update src/**/CHANGELOG.md files -->
| Deprecations? | no <!-- please update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| Tickets | - <!-- prefix each issue number with "Fix #", if any -->
| License | MIT
| Doc PR | - <!-- required for new features -->
<!--
Replace this notice by a short README for your feature/bugfix. This will help people
understand your PR and can be used as a start for the documentation.
Additionally (see https://symfony.com/releases):
- Always add tests and ensure they pass.
- Never break backward compatibility (see https://symfony.com/bc).
- Bug fixes must be submitted against the lowest maintained branch where they apply
(lowest branches are regularly merged to upper ones so they get the fixes too.)
- Features and deprecations must be submitted against branch master.
-->
Commits
-------
a0a6243a21 Fix deprecation messages
* 5.0:
[DI] Fix CheckTypeDeclarationPass
[Security/Http] don't require the session to be started when tracking its id
[DI] fix preloading script generation
* 4.4:
[DI] Fix CheckTypeDeclarationPass
[Security/Http] don't require the session to be started when tracking its id
[DI] fix preloading script generation
This PR was merged into the 4.4 branch.
Discussion
----------
[DI] fix preloading script generation
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | -
(fabbot failure is a false positive)
On master, we should work on being able to preload more classes (esp. all cache-warmup artifacts).
But for 4.4, this is good enough. Submitted as a bug fix because 1. the current code that deals with preloading kinda-works, but only on "dev" mode... and 2. fixing it provides a nice boost!
Small bench on a hello world:
- before: 380 req/s
- after: 580 req/s
That's +50%!
Pro-tip: adding a few `class_exists()` as done in this PR for the classes that are always used in the implementations (e.g. `new Foo()` in the constructor) will help the preload-script generator to work optimally. Without them, it will discover the symbols to preload only if they're found on methods.
Some of those `class_exists()` are mandatory, in relation to anonymous classes and https://bugs.php.net/79349
Commits
-------
a10fc4da5d [DI] fix preloading script generation
This PR was merged into the 5.1-dev branch.
Discussion
----------
[PropertyAccess][DX] Added an `UninitializedPropertyException`
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| Deprecations? | no
| Tickets | ~
| License | MIT
| Doc PR | TODO
Feature version of #36073 for master. Again, better be reviewed without whitespace changes, thanks!
Commits
-------
2b2fd12b0d [PropertyAccess] Added an `UninitializedPropertyException`
This PR was merged into the 5.1-dev branch.
Discussion
----------
[FrameworkBundle][PropertyAccess] Use injection for info extractors
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| Deprecations? | no
| Tickets | ~
| License | MIT
| Doc PR | ~
Follows #30704.
Commits
-------
693d4c0a2d [FrameworkBundle][PropertyAccess] Use injection for info extractors
This PR was merged into the 5.1-dev branch.
Discussion
----------
[PropertyAccess] Added missing new args in `PropertyAccessorBuilder`
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| Deprecations? | no
| Tickets | ~
| License | MIT
| Doc PR | ~
Following #30704.
Commits
-------
e1be8cd61b [PropertyAccess] Added missing new args in PropertyAccessorBuilder
This PR was merged into the 4.4 branch.
Discussion
----------
[Security/Http] don't require the session to be started when tracking its id
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | -
`$session->getId()` returns the empty string when the session is not yet started.
When this happens, the session tracking logic wrongly detects that a new session was created and thus disables HTTP caching.
This fixes the issue by looking at the value of the session cookie instead.
(the case for `true` is when using `MockArraySessionStorage` as done in tests)
Commits
-------
c39188a7cc [Security/Http] don't require the session to be started when tracking its id
This PR was squashed before being merged into the 4.4 branch.
Discussion
----------
[DI] Fix CheckTypeDeclarationPass
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | Fix#35863 and #35972
| License | MIT
| Doc PR |
Bug 1: The lint container threw an error if a class buit with a factory was declared as callable while this factory method returne a callabe (#35863)
Bug 2: Sodium Exception was not caught in the CheckTypeDeclarationsPass. We have extended the exception caught to \Exception, instead of EnvNotFoundException and RuntimeException only.
Commits
-------
cbf4dfd10f [DI] Fix CheckTypeDeclarationPass
* 5.0:
fix merge
Fix more quotes in exception messages
Fix more quotes in exception messages
Fix more quotes in exception messages
[3.4] Minor fixes
[PropertyAccess] Improved errors when reading uninitialized properties
This PR was merged into the 5.1-dev branch.
Discussion
----------
Leverage PHP8's get_debug_type()
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | -
See https://github.com/symfony/polyfill/pull/226 for background.
We might have to port part of the patch to 4.4 when we'll work on having it support PHP 8, but that's not needed for now.
Commits
-------
daf1c6605e Leverage PHP8's get_debug_type()
* 4.4:
Fix more quotes in exception messages
Fix more quotes in exception messages
[3.4] Minor fixes
[PropertyAccess] Improved errors when reading uninitialized properties
This PR was merged into the 5.1-dev branch.
Discussion
----------
[String] Add AbstractString::containsAny()
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | -
We decided to not have a `contains()` method because we didn't know how to handle the case where several needles are passed. But https://wiki.php.net/rfc/str_contains made me reconsider this idea and I think `containsAny()` works great. WDYT?
Commits
-------
de79ae7f35 [String] Add AbstractString::containsAny()
This PR was merged into the 3.4 branch.
Discussion
----------
[PropertyAccess][DX] Improved errors when reading uninitialized properties
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | kinda
| New feature? | no
| Deprecations? | no
| Tickets | Fix#36051
| License | MIT
| Doc PR | ~
An attempt to fix#36051 by providing better error messages when trying to read uninitialized properties either via calling a return-type-hinted method from PHP 7.0 or by accessing public-typed properties from PHP 7.4.
It would be nice to have a proper exception class in master.
Commits
-------
a71023ba65 [PropertyAccess] Improved errors when reading uninitialized properties
This PR was merged into the 5.0 branch.
Discussion
----------
[Notifier] Add unit tests
| Q | A
| ------------- | ---
| Branch? | 5.0
| Bug fix? | no
| New feature? | no <!-- please update src/**/CHANGELOG.md files -->
| Deprecations? | no <!-- please update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| Tickets | - <!-- prefix each issue number with "Fix #", if any -->
| License | MIT
| Doc PR | - <!-- required for new features -->
- [x] `AbstractChannel`
- [x] `ChannelPolicy`
- [x] `RecipientTest` (done in PR #35773)
- [x] `EmailRecipientTest` (done in PR #35773)
- [x] `SmsRecipientTest` (done in PR #35773)
- [x] `Transports` (see PR #35834)
Commits
-------
022c1707e2 [Notifier] Add tests for AbstractChannel and ChannelPolicy
* 5.0:
[FrameworkBundle] start session on flashbag injection
[Validator] Remove commas in translations
[Console] Fallback to default answers when unable to read input
* 4.4:
[FrameworkBundle] start session on flashbag injection
[Validator] Remove commas in translations
[Console] Fallback to default answers when unable to read input
This PR was squashed before being merged into the 3.4 branch.
Discussion
----------
[FrameworkBundle] start session on flashbag injection
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | Fix [#33084](https://github.com/symfony/symfony/issues/33084)
| License | MIT
This PR addresses an issue whereby if the FlashBag is injected into the application using the default service configuration, we cannot rely that the session has been started. This behaviour is in contradiction to [the docs](https://symfony.com/doc/current/session.html#avoid-starting-sessions-for-anonymous-users):
> Sessions are automatically started whenever you read, write or even check for the existence of data in the session.
This is because symfony ensures the session has been started on calls to getFlashBag() which is normally how the flashbag will be accessed but this is not called if you inject the FlashBag directly into the container.
I have addressed this issue by changing the way the Flashbag service is built so that it uses Session as a factory service and getFlashBag as a factory method. This means that anywhere in symfony where FlashBag is injected can now rely on the fact the session is started.
I have also added a new functional test to verify this behaviour.
Commits
-------
e8b4d35616 [FrameworkBundle] start session on flashbag injection
This PR was squashed before being merged into the 5.1-dev branch.
Discussion
----------
[Validator] Add AtLeastOne constraint and validator
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| Deprecations? | no
| License | MIT
| Doc PR | TODO
This constraint allows you to apply a collection of constraints to a value, and it will be considered valid, if it satisfies at least one of the constraints from the collection.
Some examples:
```php
/**
* @Assert\AtLeastOne({
* @Assert\Length(min=5),
* @Assert\EqualTo("bar")
* })
*/
public $name = 'foo';
/**
* @Assert\AtLeastOne({
* @Assert\All({@Assert\GreaterThanOrEqual(10)}),
* @Assert\Count(20)
* })
*/
public $numbers = ['3', '5'];
/**
* @Assert\All({
* @Assert\AtLeastOne({
* @Assert\GreaterThanOrEqual(5),
* @Assert\LessThanOrEqual(3)
* })
* })
*/
public $otherNumbers = ['4', '5'];
```
The respective default messages would be:
`name: This value should satisfy at least one of the following constraints: [1] This value is too short. It should have 5 characters or more. [2] This value should be equal to "bar".`
`numbers: This value should satisfy at least one of the following constraints: [1] Each element of this collection should satisfy its own set of constraints. [2] This collection should contain exactly 20 elements.`
`otherNumbers[0]: This value should satisfy at least one of the following constraints: [1] This value should be greater than or equal to 5. [2] This value should be less than or equal to 3.`
But of course you could also create a simple custom message like `None of the constraints are satisfied`.
Commits
-------
e6209a697c [Validator] Add AtLeastOne constraint and validator
This PR was squashed before being merged into the 5.1-dev branch.
Discussion
----------
[Form] Correctly round model with PercentType and add a rounding_mode option
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | yes
| New feature? | yes
| Deprecations? | no
| Tickets | Fix#35296
| License | MIT
| Doc PR | symfony/symfony-docs#13138
Commits
-------
d97565dcee [Form] Correctly round model with PercentType and add a rounding_mode option
This PR was merged into the 5.1-dev branch.
Discussion
----------
[Form] Added a "choice_filter" option to ChoiceType
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| Deprecations? | yes
| Tickets | Fix#32657
| License | MIT
| Doc PR | symfony/symfony-docs#13223
Finally opening this PR for a very old branch, based on both #34550 (merged) and #30994 (merged).
~Until #30994 is merged, this PR should better be reviewed by commits. Thanks!~
Commits
-------
ed2c312609 [Form] Added a "choice_filter" option to ChoiceType
This PR was squashed before being merged into the 5.1-dev branch.
Discussion
----------
[ErrorHandler][FrameworkBundle] better error messages in failing tests
| Q | A
| ------------- | ---
| Branch? | master for features
| Bug fix? | no
| New feature? | yes
| Deprecations? | no
| Tickets | Fix#32752
| License | MIT
| Doc PR |
Purpose of this PR is to enhance tests by giving a way to report an exception that occured during the processing of the request.
The ErrorHandler will add an X-Debug-Exception, and the assertThat() method of WebTestCase will throw an exception if this header exists and status code is 5xx.
In practice, this adds the "Caused by" section in this example:
```
Time: 374 ms, Memory: 20.00 MB
There was 1 failure:
1) App\Tests\Controller\HomeControllerTest::testC
Failed asserting that the Response has header "Content-Type" with value "application/json".
/srv/symfony/src/Symfony/Bundle/FrameworkBundle/Test/BrowserKitAssertionsTrait.php:132
/srv/symfony/src/Symfony/Bundle/FrameworkBundle/Test/BrowserKitAssertionsTrait.php:66
/srv/blog/tests/Controller/HomeControllerTest.php:29
Caused by
Exception: This a test exception. in /the/file.php:139
Stack trace:
[...]
```
Commits
-------
0da9469ee2 [ErrorHandler][FrameworkBundle] better error messages in failing tests
This PR was merged into the 4.4 branch.
Discussion
----------
[Console] Fallback to default answers when unable to read input
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | Fix#36027, Fix#35988
| License | MIT
| Doc PR |
Alternative to https://github.com/symfony/symfony/pull/36027.
This fixes linked issues without having to revert fix for #30726. Successfully tested with composer script, `docker run` and `docker run -it`.
Commits
-------
8ddaa20b29 [Console] Fallback to default answers when unable to read input
This PR was squashed before being merged into the 5.1-dev branch.
Discussion
----------
[PhpUnitBridge] Deprecate @expectedDeprecation annotation
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | no <!-- please update src/**/CHANGELOG.md files -->
| Deprecations? | yes<!-- please update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| Tickets | N/A
| License | MIT
| Doc PR | N/A
Addresses https://github.com/orgs/symfony/projects/1#card-32934769 as a follow-up to #35192.
Deprecating `@expectedDeprecation` annotation on tests in favour of the `expectDeprecation()` method similar to other PHPUnit deprecations of annotations in favour of methods.
Commits
-------
36a57cc7c2 [PhpUnitBridge] Deprecate @expectedDeprecation annotation
This PR was merged into the 5.1-dev branch.
Discussion
----------
[HttpClient] make `HttpClient::create()` return an `AmpHttpClient` when `amphp/http-client` is found but curl is not or too old
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | -
Follows #35115
Let's use `amphp/http-client` by default, after `curl` and before `fopen()`.
Commits
-------
7991685e04 [HttpClient] made `HttpClient::create()` return an `AmpHttpClient` when `amphp/http-client` is found but curl is not or too old
This PR was squashed before being merged into the 3.4 branch.
Discussion
----------
[Validator] Remove commas in translations
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| License | MIT
These translations were originally modified in #21335.
Commits
-------
5688f97bad [Validator] Remove commas in translations
* 5.0:
Add missing dots at the end of exception messages
Add missing dots at the end of exception messages
[DI][Form] Fixed test suite (TimeType changes & unresolved merge conflict)
Fix bad merge
Add missing dots at the end of exception messages
* 4.4:
Add missing dots at the end of exception messages
[DI][Form] Fixed test suite (TimeType changes & unresolved merge conflict)
Fix bad merge
Add missing dots at the end of exception messages
This PR was merged into the 5.1-dev branch.
Discussion
----------
[Framework-Bundle] fixed kernel.secret not being overridden when loaded from extension using MicroKernelTrait
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets |
| License | MIT
| Doc PR |
Previously, when extending `Kernel::class` and using the `MicroKernelTrait::class` setting the `secret` like
```
protected function configureContainer(ContainerBuilder $container, LoaderInterface $loader)
{
$container->loadFromExtension('framework', [ 'secret' => 'foo',]);
```
would not replace the `kernel.secret` parameter set by `$container->setParameter('kernel.secret', '%env(APP_SECRET)%');` in the `MicroKernelTrait`.
Initiating a service with a secret argument without a `APP_ENV` value set in `.env` would throw:
`Symfony\Component\DependencyInjection\Exception\EnvNotFoundException : Environment variable not found: "APP_SECRET".`
This PR allows the `kernel.secret` set in the `MicroKernelTrait::registerContainerConfiguration()` to be overridden in a class extending `Kernel` while using the trait.
Thanks @nicolas-grekas for the help on this one.
Commits
-------
76d398851f fixed kernel.secret not being overridden when loaded from extension
This PR was merged into the 5.1-dev branch.
Discussion
----------
[SecurityBundle] Added XSD for the extension configuration
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| Deprecations? | no
| Tickets | Fix#28141
| License | MIT
| Doc PR | TODO
Commits
-------
66ac3f7f5d [SecurityBundle] Added XSD for the extension configuration
This PR was merged into the 5.1-dev branch.
Discussion
----------
[Uid] Add support for UUIDv6
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | -
See https://github.com/uuid6/uuid6-ietf-draft/blob/master/draft-peabody-dispatch-new-uuid-format-00.txt
A v6 UUID is a lexicographically-sortable-v1.
This makes it db-index friendly (same as ULIDs).
For reference:
- v1 has no benefits over v6 except being in the current official RFC
- v6 is order-friendly and leaks time data + stable entropy (potentially bound to a MAC address or equivalent)
- ULID is also order-friendly and leaks time data, with high entropy (crypto random source)
- v4 is pure crypto random source, aka no order and no leak of anything.
Commits
-------
b705ee1b4b [Uid] Add support for UUIDv6
This PR was squashed before being merged into the 4.4 branch.
Discussion
----------
[Mime] Fix boundary header
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | Fix#35443 (fixes the second problem described in this ticket)
| License | MIT
The boundary value of Content-Type header was enclosed in quotes, cause of the "=" symbol.
Commits
-------
453078ff37 [Mime] Fix boundary header
This PR was merged into the 5.1-dev branch.
Discussion
----------
[Uid] add support for Ulid
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | -
ULIDs are useful alternatives to UUIDs.
From https://github.com/ulid/spec:
UUID can be suboptimal for many use-cases because:
- It isn't the most character efficient way of encoding 128 bits of randomness
- UUID v1/v2 is impractical in many environments, as it requires access to a unique, stable MAC address
- UUID v3/v5 requires a unique seed and produces randomly distributed IDs, which can cause fragmentation in many data structures
- UUID v4 provides no other information than randomness which can cause fragmentation in many data structures
Instead, herein is proposed ULID:
- 128-bit compatibility with UUID
- 1.21e+24 unique ULIDs per millisecond
- Lexicographically sortable!
- Canonically encoded as a 26 character string, as opposed to the 36 character UUID
- Uses Crockford's base32 for better efficiency and readability (5 bits per character)
- Case insensitive
- No special characters (URL safe)
- Monotonic sort order (correctly detects and handles the same millisecond)
Commits
-------
59044f914b [Uid] add support for Ulid
This PR was merged into the 5.1-dev branch.
Discussion
----------
[Uid] make `Uuid::equals` method accept any types of argument for more flexibility
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| Tickets | ~
| License | MIT
| Doc PR | ~
I suggest to weaken the `Uuid:equals` method argument type to accept any types of value to compare against. This makes one able to compare the `Uuid` instance with any values.
Commits
-------
46721c19f9 [Uid] make `Uuid::equals()` accept any types of argument for more flexibility
This PR was merged into the 5.1-dev branch.
Discussion
----------
[Uid] make Uuid::getTime() return subseconds info
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | -
A UUID timestamp contains 60bit of data, but a timestamp barely contains 31bit.
Let's return a float instead.
Commits
-------
5a170b80ed [Uid] make Uuid::getTime() return subseconds info
This PR was merged into the 5.1-dev branch.
Discussion
----------
[FrameworkBundle] add --deprecations on debug:container command
| Q | A
| ------------- | ---
| Branch? | master (5.1)
| Bug fix? | no
| New feature? | yes <!-- please update src/**/CHANGELOG.md files -->
| Deprecations? | no <!-- please update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| Tickets | #30089 <!-- prefix each issue number with "Fix #", if any -->
| License | MIT
| Doc PR | todo
_I apologize in advance, I am not fluent in English_
Continuity of @Simperfit work from his PR https://github.com/symfony/symfony/pull/32584
I added support for XML, JSON and markdown formats as well as unit tests for all formats.
## XML format
```xml
<?xml version="1.0" encoding="UTF-8"?>
<deprecations remainingCount="5">
<deprecation count="3">
<message>Some deprecation message.</message>
<file>/path/to/some/file.php</file>
<line>39</line>
</deprecation>
<deprecation count="2">
<message>An other deprecation message.</message>
<file>/path/to/an/other/file.php</file>
<line>25</line>
</deprecation>
</deprecations>
```
## JSON format
```json
{
"remainingCount": 5,
"deprecations": [
{
"message": "Some deprecation message.",
"file": "\/path\/to\/some\/file.php",
"line": 39,
"count": 3
},
{
"message": "An other deprecation message.",
"file": "\/path\/to\/an\/other\/file.php",
"line": 25,
"count": 2
}
]
}
```
## Markdown format
## Remaining deprecations (5)
- 3x: "Some deprecation message." in /path/to/some/file.php:39
- 2x: "An other deprecation message." in /path/to/an/other/file.php:25
I added a new commit on top of @Simperfit 's one, but I don't know how you would like to have the git history writed.
Commits
-------
ee6391eb29 [FrameworkBundle] add all formats support for debug:container --deprecations command
161f659146 [FrameworkBundle] add --deprecations on debug:container command
* 5.0:
[Config] fix test
[HttpClient] disable debug log with curl 7.64.0
[Intl][3.4] Bump ICU 66.1
fix import from config file using type: glob
[DoctrineBridge][DoctrineExtractor] Fix wrong guessed type for "json" type
* 4.4:
[Config] fix test
[HttpClient] disable debug log with curl 7.64.0
[Intl][3.4] Bump ICU 66.1
fix import from config file using type: glob
[DoctrineBridge][DoctrineExtractor] Fix wrong guessed type for "json" type
* 3.4:
[Config] fix test
[Intl][3.4] Bump ICU 66.1
fix import from config file using type: glob
[DoctrineBridge][DoctrineExtractor] Fix wrong guessed type for "json" type
This PR was merged into the 3.4 branch.
Discussion
----------
fix import from config file using type: glob
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no <!-- please update src/**/CHANGELOG.md files -->
| Deprecations? | no <!-- please update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| Tickets |
| License | MIT
| Doc PR |
If you try to import configs with glob using
```
imports:
- { resource: '../dev/*.{php,xml,yaml,yml}', type: 'glob' }
```
it didn't work because the FileLoader resolves the glob pattern but forwards the glob type. This meant the resolver then choses the GlobFilerLoader again for each already resolved file which does not find the files. So in the end the glob was resolved but the files never imported.
The workaround is to remove the `type: glob` from the import above. But the real fix should be to not forward the glob type when it's already resolved.
Commits
-------
6b70511bc6 fix import from config file using type: glob
This PR was merged into the 3.4 branch.
Discussion
----------
[DoctrineBridge][DoctrineExtractor] Fix wrong guessed type for "json" type
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | https://github.com/symfony/symfony/issues/35968
| License | MIT
| Doc PR | -
After checking the code, it appears that `json` have a different behavior than `json_array`.
> In json_array doctrine was converting null or empty value to array, but json type doesn't do that
@norkunas is right about this. Consequently, we cannot safely guess a built in type for the `json` Doctrine type.
Commits
-------
f9f5f8df3e [DoctrineBridge][DoctrineExtractor] Fix wrong guessed type for "json" type
This PR was merged into the 3.4 branch.
Discussion
----------
[Intl][3.4] Bump ICU 66.1
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| Tickets | Fix #... <!-- prefix each issue number with "Fix #", if any -->
| License | MIT
| Doc PR | symfony/symfony-docs#... <!-- required for new features -->
<!--
Replace this notice by a short README for your feature/bugfix. This will help people
understand your PR and can be used as a start for the documentation.
Additionally (see https://symfony.com/releases):
- Always add tests and ensure they pass.
- Never break backward compatibility (see https://symfony.com/bc).
- Bug fixes must be submitted against the lowest maintained branch where they apply
(lowest branches are regularly merged to upper ones so they get the fixes too.)
- Features and deprecations must be submitted against branch master.
-->
See https://github.com/unicode-org/icu/releases/tag/release-66-1 (no data changes for us)
Commits
-------
2275689cf8 [Intl][3.4] Bump ICU 66.1
This PR was squashed before being merged into the 5.1-dev branch.
Discussion
----------
[Form] Add label_html attribute
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| License | MIT
| Doc PR | symfony/symfony-docs#13316
I propose to add a new attribute to `BaseType` class so it is easy to include html tags in labels for, both, buttons and other elements that inherit from `FormType` class. This gives you an ability to add, e.g. a glyphicon to a button, or a link to a checkbox, simply inside the `FormBuilder`, which means you can just do
```twig
{{ form(form) }}
```
inside a template.
**Sidenotes**
1. I have started working on this two days ago and it the meantime @alexander-schranz made a similar proposition in #31358. If necessary, I can close my PR and @alexander-schranz can include my suggestions inside his PR.
1. I have just read in #29861 that @mpiot wanted to include this idea in his PR. With respect to @xabbuh's comments from that PR, I hope that my PR will be at least a good place to discuss, if the proposed feature is a good solution.
Commits
-------
239fe04ff9 [Form] Add label_html attribute
* 5.0: (36 commits)
Add test for tagged iterator with numeric index
Fix container lint command when a synthetic service is used in combination with the expression language
Fix Travis script
[Validator][Range] Fix typos
[SecurityBundle] Minor fix in LDAP config tree builder
[HttpClient] fix requests to hosts that idn_to_ascii() cannot handle
Revert "minor #35559 [FrameworkBundle] remove mention of the old Controller class (nicolas-grekas)"
[FrameworkBundle] remove redundant PHPDoc in console Descriptor and subclass
[Mime] remove phpdoc mentioning Utf8AddressEncoder
Add missing phpdoc
Remove int return type from FlattenException::getCode
[Yaml] fix dumping strings containing CRs
[DI] Fix XmlFileLoader bad error message
[Form] Handle false as empty value on expanded choices
[Messenger] Add ext-redis min version req to tests
Tweak message
improve PlaintextPasswordEncoder docBlock summary
[Validator] Add two missing translations for the Arabic (ar) locale
Use some PHP 5.4 constants unconditionally
Add new packages on the link script
...
* 4.4: (34 commits)
Add test for tagged iterator with numeric index
Fix container lint command when a synthetic service is used in combination with the expression language
[Validator][Range] Fix typos
[SecurityBundle] Minor fix in LDAP config tree builder
[HttpClient] fix requests to hosts that idn_to_ascii() cannot handle
[FrameworkBundle] remove redundant PHPDoc in console Descriptor and subclass
[Mime] remove phpdoc mentioning Utf8AddressEncoder
Add missing phpdoc
Remove int return type from FlattenException::getCode
[Yaml] fix dumping strings containing CRs
[DI] Fix XmlFileLoader bad error message
[Form] Handle false as empty value on expanded choices
[Messenger] Add ext-redis min version req to tests
Tweak message
improve PlaintextPasswordEncoder docBlock summary
[Validator] Add two missing translations for the Arabic (ar) locale
Use some PHP 5.4 constants unconditionally
Add new packages on the link script
[DI] fix dumping errored definitions
[DI] ignore extra tags added by autoconfiguration in PriorityTaggedServiceTrait
...
This PR was merged into the 4.4 branch.
Discussion
----------
[DI] Fix container lint command when a synthetic service is used in an expression
Fix container lint command when a synthetic service is used in combination with the expression language.
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | Fix#35691
| License | MIT
| Doc PR | -
Commits
-------
e7fa73a32b Fix container lint command when a synthetic service is used in combination with the expression language
This PR was merged into the 3.4 branch.
Discussion
----------
[Form] Handle false as empty value on expanded choices
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | https://github.com/symfony/symfony/issues/31572
| License | MIT
| Doc PR | -
This is the 3.4 version of https://github.com/symfony/symfony/pull/32747. The tests are the same. The added code has to be removed from master (if accepted).
Commits
-------
1a366bc378 [Form] Handle false as empty value on expanded choices
This PR was merged into the 3.4 branch.
Discussion
----------
[FrameworkBundle] remove redundant PHPDoc in console Descriptor
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | no <!-- please update src/**/CHANGELOG.md files -->
| Deprecations? | no <!-- please update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| Tickets | None <!-- prefix each issue number with "Fix #", if any -->
| License | MIT
| Doc PR | N/A
The PHPDoc for some `describeXXX` methods in the abstract `Symfony\Bundle\FrameworkBundle\Console\Descriptor\Descriptor` was inaccurate or redundant.
I remove the PHPDoc in the superclass and the `{@inheritdoc}` in the child class as suggested by @chalasr in this PR comment https://github.com/symfony/symfony/pull/35995#discussion_r389846487
I keep the PHPDoc when it adds some explanation about the method or its params.
For exemple :
### inaccurate:
```php
/**
* Describes an InputArgument instance.
*/
abstract protected function describeRouteCollection(RouteCollection $routes, array $options = []);
/**
* Describes an InputOption instance.
*/
abstract protected function describeRoute(Route $route, array $options = []);
```
### redundant
```php
/**
* Describes container parameters.
*/
abstract protected function describeContainerParameters(ParameterBag $parameters, array $options = []);
/**
* Describes container tags.
*/
abstract protected function describeContainerTags(ContainerBuilder $builder, array $options = []);
```
### kept
```php
/**
* Describes event dispatcher listeners.
*
* Common options are:
* * name: name of listened event
*/
abstract protected function describeEventDispatcherListeners(EventDispatcherInterface $eventDispatcher, array $options = []);
/**
* Describes a callable.
*
* @param mixed $callable
*/
abstract protected function describeCallable($callable, array $options = []);
```
<!--
Replace this notice by a short README for your feature/bugfix. This will help people
understand your PR and can be used as a start for the documentation.
Additionally (see https://symfony.com/releases):
- Always add tests and ensure they pass.
- Never break backward compatibility (see https://symfony.com/bc).
- Bug fixes must be submitted against the lowest maintained branch where they apply
(lowest branches are regularly merged to upper ones so they get the fixes too.)
- Features and deprecations must be submitted against branch master.
-->
Commits
-------
e535e7d2ff [FrameworkBundle] remove redundant PHPDoc in console Descriptor and subclass
This PR was merged into the 4.4 branch.
Discussion
----------
[SecurityBundle] Minor fix in LDAP config tree builder
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | ~
| License | MIT
| Doc PR | ~
Continuation of #35910 for 4.4.
Commits
-------
468a201d34 [SecurityBundle] Minor fix in LDAP config tree builder
* 3.4:
[Yaml] fix dumping strings containing CRs
[DI] Fix XmlFileLoader bad error message
Tweak message
improve PlaintextPasswordEncoder docBlock summary
[Validator] Add two missing translations for the Arabic (ar) locale
Use some PHP 5.4 constants unconditionally
Revert "bug symfony#28179 [DomCrawler] Skip disabled fields processing in Form"
Add Spanish translation
Fix typo
[Validator] add Japanese translation
Fix typo
Add Polish translation
[SecurityBundle] Minor fixes in configuration tree builder
bumped Symfony version to 3.4.39
updated VERSION for 3.4.38
update CONTRIBUTORS for 3.4.38
updated CHANGELOG for 3.4.38
This PR was merged into the 5.1-dev branch.
Discussion
----------
[DX][Testing] Added a loginUser() method to test protected resources
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| Deprecations? | no
| Tickets | Fix#26839
| License | MIT
| Doc PR | tbd
This finishes https://github.com/symfony/symfony/pull/32850 original description:
> I know this won't work for 100% of our users ... but the goal is to make life easier to *most* of them. Thanks!
A custom `ConcreteToken` test-object is created as suggested by @linaori, to not bind this token to any specific implementation (as other implementations aren't fully compatible with eachother).
Commits
-------
2980a680d4 Added special test token and implemented 'real' functional tests
f516829d99 [DX][Testing] Added a loginUser() method to test protected resources
This PR was merged into the 5.1-dev branch.
Discussion
----------
[Messenger] Show message & handler(s) class description in debug:messenger
| Q | A
| ------------- | ---
| Branch? | master<!-- see below -->
| Bug fix? | no
| New feature? | yes <!-- please update src/**/CHANGELOG.md files -->
| Deprecations? | no <!-- please update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| Tickets | N/A <!-- prefix each issue number with "Fix #", if any -->
| License | MIT
| Doc PR | N/A
Similar to the `debug:autowiring` command, add the messages & handlers class description to the `debug:messenger` command.
Messenger is a central piece in CQRS applications. Exposing the messages & handlers descriptions in this command is a great way to have a global vision of the covered use-cases (especially if there is a newcomer to the project).
Commits
-------
079efdff08 [Messenger] Show message & handler(s) class description in debug:messenger
This PR was merged into the 5.1-dev branch.
Discussion
----------
[VarDumper] DumpServer: log whenever a payload is received
| Q | A
| ------------- | ---
| Branch? | master <!-- see below -->
| Bug fix? | no
| New feature? | yes <!-- please update src/**/CHANGELOG.md files -->
| Deprecations? | no <!-- please update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| Tickets | N/A <!-- prefix each issue number with "Fix #", if any -->
| License | MIT
| Doc PR | N/A <!-- required for new features -->
Small improvement so you can get a feedback in the console when a dump was received by using `-vv`:
![Capture d’écran 2020-03-05 à 12 02 34](https://user-images.githubusercontent.com/2211145/75975709-4d899d80-5ed9-11ea-942f-e76a62d82218.png)
Commits
-------
7cfc3ced9d [VarDumper] DumpServer: log whenever a payload is received