* 2.7:
[Intl] Update ICU data to 60.1
[Validator] Fix Costa Rica IBAN format
[Bridge/ProxyManager] Remove direct reference to value holder property
[Validator] Add Belarus IBAN format
[FrameworkBundle] Specifically inject the debug dispatcher in the collector
update the pull request template
[Stopwatch] minor fix
This PR was merged into the 2.7 branch.
Discussion
----------
[FrameworkBundle] Specifically inject the debug dispatcher in the collector
| Q | A
| ------------- | ---
| Branch? | 2.7 <!-- see comment below -->
| Bug fix? | yes
| New feature? | no <!-- don't forget to update src/**/CHANGELOG.md files -->
| BC breaks? | no
| Deprecations? | no <!-- don't forget to update UPGRADE-*.md files -->
| Tests pass? | yes
| Fixed tickets | N/A <!-- #-prefixed issue number(s), if any -->
| License | MIT
| Doc PR | N/A
This ensures we always collect data about events, even when the `event_dispatcher` service is decorated, no matter the decoration order.
Commits
-------
7b3a641acc [FrameworkBundle] Specifically inject the debug dispatcher in the collector
This PR was squashed before being merged into the 2.7 branch (closes#24909).
Discussion
----------
[Intl] Update ICU data to 60.1
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
http://site.icu-project.org/download/60
All tests are passing, including those from the intl-data group.
Commits
-------
cf04e7cefe [Intl] Update ICU data to 60.1
This PR was merged into the 2.7 branch.
Discussion
----------
[Bridge/ProxyManager] Remove direct reference to value holder property
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #23110
| License | MIT
| Doc PR | -
This fixes https://github.com/Ocramius/ProxyManager/issues/394 on Symfony's side, because proxy-manager v1 is not maintained anymore, but is the only one that works on PHP 5.3/5.5, which we still support.
Cannot be tested easily (but code is run by the existing test suite.)
Commits
-------
af9d6446ea [Bridge/ProxyManager] Remove direct reference to value holder property
This PR was squashed before being merged into the 2.7 branch (closes#24900).
Discussion
----------
[Validator] Fix Costa Rica IBAN format
| Q | A
| ------------- | ---
| Branch? | 2.8
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | no
| License | MIT
| Doc PR | no
Fix Costa Rica IBAN format: https://bank.codes/iban/structure/costa-rica/
Commits
-------
b9b5e18f8b [Validator] Fix Costa Rica IBAN format
This PR was merged into the 2.8 branch.
Discussion
----------
Fix dump panel hidden when closing a dump
| Q | A
| ------------- | ---
| Branch? | 2.8
| Bug fix? | yes-ish
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
In the dump panel of the debug bar, when closing a dump the panel sometimes get hidden:
This is because when the size of the panel is reduced, if the mouse is not over it anymore, the `:hover` pseudo-class does not apply anymore.
I "fixed" it by setting a min-height on the panel when closing a dump. The min-height is removed when leaving the panel _on purpose_:
For now I only tested it on Firefox 56 on Arch Linux.
Commits
-------
2e0b263d9c Fix dump panel hidden when closing a dump
This PR was squashed before being merged into the 2.7 branch (closes#24666).
Discussion
----------
[WebProfilerBundle] add missing tests
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | none
| License | MIT
This PR fixes one test in WebDebugToolbarListenerTest and adds one that was missing (more detailed description is available in the commits description)
Commits
-------
363d3a8cf2 [WebProfilerBundle] add missing tests
This PR was merged into the 2.7 branch.
Discussion
----------
[FrameworkBundle][Routing] Remove unused logger argument
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | no
| New feature? | no <!-- don't forget to update src/**/CHANGELOG.md files -->
| BC breaks? | no
| Deprecations? | no <!-- don't forget to update UPGRADE-*.md files -->
| Tests pass? | yes
| Fixed tickets | N/A <!-- #-prefixed issue number(s), if any -->
| License | MIT
| Doc PR | N/A
This argument was never used as far as the FrameworkBundle Router was.
But actually don't we want to add the `$logger` argument to this class? It's used by the `UrlGenerator` when `router.strict_requirements` is `false` for instance:
<img width="1064" alt="screenshot 2017-10-29 a 09 57 31" src="https://user-images.githubusercontent.com/2211145/32142080-482bc64e-bc90-11e7-8382-b78b507bae48.PNG">
Commits
-------
dc9492eb6f [FrameworkBundle][Routing] Remove unused logger argument
This PR was merged into the 2.7 branch.
Discussion
----------
[Form] Nullable FormInterface::getPropertyPath()
| Q | A
| ------------- | ---
| Branch? | 4.0
| Bug fix? | yes
| New feature? | no
| BC breaks? | yes
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #24560
| License | MIT
| Doc PR |
`Symfony\Component\Form\Form::getPropertyPath()` returns `null` when the form has an empty name. It allows for unprefixed children.
```php
<?php
namespace App\Controller;
use Sensio\Bundle\FrameworkExtraBundle\Configuration\Route;
use Sensio\Bundle\FrameworkExtraBundle\Configuration\Template;
use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
use Symfony\Component\Form\Extension\Core\Type\TextType;
class IndexController extends AbstractController
{
/**
* @Route(name="index")
* @Template()
*/
public function indexAction()
{
$form = $this->get('form.factory')
->createNamedBuilder('')
->add('text', TextType::class)
->getForm();
return [
'form' => $form->createView(),
];
}
}
```
```html
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<title>Welcome!</title>
</head>
<body>
<form name="" method="post">
<label for="text">Text</label>
<input type="text" id="text" name="text">
</form>
</body>
</html>
```
But the return type of the `Symfony\Component\Form\FormInterface::getPropertyPath()` is not nullable.
We cannot change the behaviour, obviously. At least it's useful in API controllers.
So I decided to change the doc block of the interface.
Commits
-------
d56632a45f FormInterface::getPropertyPath(): PropertyPathInterface|null
This PR was squashed before being merged into the 2.7 branch (closes#24814).
Discussion
----------
[Intl] Make intl-data tests pass and save language aliases again
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
Due to changes in ICU 5.5 aliases were not being saved since that version.
Commits
-------
661a4b6 [Intl] Make intl-data tests pass and save language aliases again
This PR was squashed before being merged into the 2.7 branch (closes#24605).
Discussion
----------
[FrameworkBundle] Do not load property_access.xml if the component isn't installed
| Q | A
| ------------- | ---
| Branch? | 2.7 <!-- see comment below -->
| Bug fix? | yes
| New feature? | no <!-- don't forget to update src/**/CHANGELOG.md files -->
| BC breaks? | no
| Deprecations? | no <!-- don't forget to update UPGRADE-*.md files -->
| Tests pass? | yes
| Fixed tickets | https://github.com/symfony/symfony/pull/24563#issuecomment-337549147 <!-- #-prefixed issue number(s), if any -->
| License | MIT
| Doc PR | N/A
This PR actually aims to fix https://github.com/symfony/symfony/pull/24563#issuecomment-337549147 as the exception introduced in the PR can't be reached anyway when using the FrameworkBundle without the property access component as you'll get:
> Uncaught Symfony\Component\Debug\Exception\ClassNotFoundException: Attempted to load class "PropertyAccessor" from namespace "Symfony\Component\PropertyAccess".
With this fix, you properly get:
> The ObjectNormalizer class requires the "PropertyAccess" component. Install "symfony/property-access" to use it.
Not sure this change really belongs to a patch release, but the original PR was accepted in the 2.7 branch.
Also, I'd rather remove the ObjectNormalizer definition if the component isn't available, as suggested by @xabbuh (https://github.com/symfony/symfony/pull/24563#issuecomment-336795644). But in 2.7, this is the only normalizer registered by default and the [`SerializerPass` throws an exception if no normalizer is registered.](https://github.com/symfony/symfony/blob/2.7/src/Symfony/Bundle/FrameworkBundle/DependencyInjection/Compiler/SerializerPass.php#L46)
To sum up, either:
1. we completly prevent using the FrameworkBundle and the serializer without the property access component, even if you don't really care about the ObjectNormalizer because you only use your owns specific ones. (and you'll get the exception hinting to install the property access component)
2. we allow using the FrameworkBundle and the serializer without the property access component, so we remove the ObjectNormalizer definition, but the user'll get a `You must tag at least one service as "serializer.normalizer" to use the Serializer service` exception until he configures a normalizer (and we don't get the hint about installing the property access component to enable the ObjectNormalizer. We already have a suggest entry in the composer.json file, though).
To me option 2 looks better. WDYT?
Commits
-------
d297e27600 [FrameworkBundle] Do not load property_access.xml if the component isn't installed
* 2.7:
[HttpFoundation] Fix FileBag issue with associative arrays
fix the phpdoc that is not really inherited from response
Minor docblock cleanup
Remove redundant sprintf arguments.
This PR was merged into the 2.7 branch.
Discussion
----------
[DI] minor docblock fixes
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
As found in #24611
Commits
-------
0c9edaf [DI] minor docblock fixes
Fixessymfony/symfony#24652
Trailing backslash, being unescaped, used to escape closing formatting
tag and, thus, formatting tag appeared in autocompletion
* 2.7:
[Security] Fixed auth provider authenticate() cannot return void
declare argument type
streamed response should return $this
content can be a resource
This PR was merged into the 2.7 branch.
Discussion
----------
[Security] Fixed auth provider authenticate() cannot return void
| Q | A
| ------------- | ---
| Branch? | 2.7 and up
| Bug fix? | yes
| New feature? | no
| BC breaks? | no (arguably)
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
The `AuthenticationManagerInterface` [requires](https://github.com/symfony/symfony/blob/2.7/src/Symfony/Component/Security/Core/Authentication/AuthenticationManagerInterface.php#L30) that `authenticate()` must return a TokenInterface, never null. Several authentication providers are violating this. Changed to throw exception instead.
See discussion in earlier PR https://github.com/symfony/symfony/pull/24585 which was changing the docblock rather than the implementations.
Commits
-------
6e18b56b77 [Security] Fixed auth provider authenticate() cannot return void
This PR was merged into the 2.7 branch.
Discussion
----------
declare type AcceptHeaderItem for array_map
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
In `array_filter` , argument type is declared.
https://github.com/symfony/symfony/blob/2.7/src/Symfony/Component/HttpFoundation/AcceptHeader.php#L133
So It's natural to do so in `array_map` too.
Commits
-------
ab8f5be40c declare argument type
The AuthenticationManagerInterface requires that authenticate() must return a TokenInterface, never null.
Several authentication providers are violating this. Changed to throw exception instead.
This PR was merged into the 2.7 branch.
Discussion
----------
content can be a resource
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes (bug in a comment)
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
Commits
-------
c63742daef content can be a resource
This PR was merged into the 2.8 branch.
Discussion
----------
Adding the Form default theme files to be warmed up in Twig's cache
| Q | A
| ------------- | ---
| Branch? | 2.8
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | none
| License | MIT
| Doc PR | not needed
Hiya guys!
So..... during a Symfony Live workshop, we found out that the form theme Twig templates are *not* included in the Twig cache warmup process. This fixes that. I believe this is the only "weird" case where we use a Twig template that is not in a bundle and also not added to Twig as a proper namespaces.
I tested this on a 2.8 project. Before the patch, the form theme templates were not warmed up. After, they are warmed up. Booya.
Cheers!
Commits
-------
2ef619f9bb Adding the Form default theme files to be warmed up in Twig's cache
* 2.7:
Username and password in basic auth are allowed to contain '.'
Remove obsolete PHPDoc from UriSigner
[Serializer] ObjectNormalizer: throw if PropertyAccess isn't installed
pdo session fix
Fixed unsetting from loosely equal keys OrderedHashMap
[Debug] Fix same vendor detection in class loader
Updated the source text and translation
reject remember-me token if user check fails
This PR was merged into the 2.7 branch.
Discussion
----------
Username and password in basic auth are allowed to contain '.'
Initially reported by Fede Isas in https://github.com/beberlei/assert/pull/234
| Q | A
| ------------- | ---
| Branch? | 2.3
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
Commits
-------
e5d57dd050 Username and password in basic auth are allowed to contain '.'
This PR was merged into the 2.7 branch.
Discussion
----------
[Debug] Fix same vendor detection in class loader
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
Fix about same vendor detection in ClassLoader. Actually, detected namespace for `Doctrine\ORM\Configuration` is `Doctrine\ORM` instead of `Doctrine\`. So deprecations are triggered for classes in same namespace.
Commits
-------
d2ab0d8019 [Debug] Fix same vendor detection in class loader
This PR was merged into the 2.7 branch.
Discussion
----------
[Security] Reject remember-me token if UserCheckerInterface::checkPostAuth() fails
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #24525
| License | MIT
| Doc PR | -
I think this is a security hole - a user can remain logged in with a remember me cookie even though they can no longer pass `UserCheckInterface::checkPostAuth()` (could be disabled).
This is a small BC break but shouldn't be an issue as I think it is a bug. I don't think this requires a BC layer but if so, I can add.
Commits
-------
fe190b6ee9 reject remember-me token if user check fails
* 2.7:
[Validator] added magic method __isset() to File Constraint class
[DI] Fix possible incorrect php-code when dumped strings contains newlines
[Translation] minor: remove unused variable in test
never match invalid IP addresses
This PR was merged into the 2.7 branch.
Discussion
----------
[HttpFoundation] never match invalid IP addresses
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #24424
| License | MIT
| Doc PR |
Commits
-------
8ad32f0ef5 never match invalid IP addresses
* 2.7:
Fix 7.2 compat layer
Fix PHP 7.2 support
[HttpFoundation] Add missing session.lazy_write config option
[HttpFoundation] Combine Cache-Control headers
[Form] fix parsing invalid floating point numbers
Escape command usage when displaying it in the text descriptor
Use for=ID on radio/checkbox label.
This PR was merged into the 2.7 branch.
Discussion
----------
[HttpFoundation] Combine Cache-Control headers
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
If multiple `Cache-Control` headers are added to a `ResponseHeaderBag`, only the first is returned by `$bag->get('Cache-Control')`.
Commits
-------
1f76a70b6f [HttpFoundation] Combine Cache-Control headers
This PR was merged into the 2.7 branch.
Discussion
----------
Fix support for PHP 7.2
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | no
| Fixed tickets | #23671
| License | MIT
| Doc PR | -
There are still the deprecation problem with phpunit since it use `each()`.
There are 3 tests linked to session that I don't know how to fix / what to do, do you have any idea @nicolas-grekas ?
Commits
-------
fdf285b5c9 Fix 7.2 compat layer
e229dd0302 Fix PHP 7.2 support
