This PR was merged into the 2.3 branch.
Discussion
----------
[FrameworkBundle] backport more error information from 2.6 to 2.3
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #11724
| License | MIT
| Doc PR |
Commits
-------
87449e0 backport more error information from 2.6 to 2.3
The commit on master was:
server:run command: provide more error information
The server:run command didn't provide many information when the executed
command exited unexpectedly. Now, the process' exit code is passed through
and an error message is displayed.
This PR was merged into the 2.3 branch.
Discussion
----------
[HttpKernel] Escape ESI url in generated response
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR | NA
If a template with an `<esi>` tag is configured with an URL containing a `'` (in `src` or `alt`) ; the HttpCache will generate invalide php code.
It's not a security issue, given the template and the `<esi>` tag is written by the developper, but, as the character quote is allowed in URL (https://tools.ietf.org/html/rfc3986) it coud be a potential bug.
Commits
-------
b044c45 Escape parameter on generated response
This PR was merged into the 2.3 branch.
Discussion
----------
[Yaml] improve error message when detecting unquoted asterisks
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #11835
| License | MIT
| Doc PR |
Asterisks in unquoted strings are used in YAML to reference variables. Before Symfony 2.3.19, Symfony 2.4.9 and Symfony 2.5.4, unquoted asterisks in inlined YAML code were treated as regular strings. This was fixed for the inline parser in #11677. However, an unquoted * character now led to an error message like this:
```
PHP Warning: array_key_exists(): The first argument should be either a string or an integer in vendor/symfony/symfony/src/Symfony/Component/Yaml/Inline.php on line 409
[Symfony\Component\Yaml\Exception\ParseException]
Reference "" does not exist at line 171 (near "- { foo: * }").
```
Commits
-------
854e07b improve error when detecting unquoted asterisks
The `server:run` command switches the working directory before
starting the built-in web server. Therefore, the path to a custom
router script had to be specified based on the document root path
and not based on the user's working directory.
Asterisks in unquoted strings are used in YAML to reference
variables. Before Symfony 2.3.19, Symfony 2.4.9 and Symfony 2.5.4,
unquoted asterisks in inlined YAML code were treated as regular
strings. This was fixed for the inline parser in #11677. However, an
unquoted * character now led to an error message like this:
```
PHP Warning: array_key_exists(): The first argument should be either a string or an integer in vendor/symfony/symfony/src/Symfony/Component/Yaml/Inline.php on line 409
[Symfony\Component\Yaml\Exception\ParseException]
Reference "" does not exist at line 171 (near "- { foo: * }").
```
This PR was merged into the 2.3 branch.
Discussion
----------
n/a
n/a
Commits
-------
f38536a [WebProfiler] replaced the import/export feature from the web interface to a CLI tool
This PR was merged into the 2.3 branch.
Discussion
----------
n/a
n/a
Commits
-------
9e1bc22 Add tests and more assertions
101a3b7 [FrameworkBundle][Translator] Validate locales.
This PR was merged into the 2.3 branch.
Discussion
----------
n/a
n/a
Commits
-------
3b4046e [HttpFoundation] added some missing tests
cefe237 fix parsing of Authorization header
This PR was merged into the 2.3 branch.
Discussion
----------
n/a
n/a
Commits
-------
1ee96a8 Test examples from Drupal SA-CORE-2014-003
5506ee8 Fix potential DoS when parsing HOST
This PR was merged into the 2.3 branch.
Discussion
----------
[Security] fixing typo in a comment
| Q | A
| ------------- | ---
| Fixed tickets |
| License | MIT
As reported [here](https://github.com/symfony/symfony/pull/11574/files#r16934052).
Commits
-------
faefd66 fixing typo in a comment
This PR was merged into the 2.3 branch.
Discussion
----------
[Security] Made optimization on constant-time algorithm removing modulus operator
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
This fix improves the constant-time algorithm used to compare strings, as it removes the `%` operator inside the loop.
Commits
-------
000bd0d Made optimization deprecating modulus operator
When a line contains only a dash it cannot safely be assumed that
it contains a nested list or an embedded mapping. If the next line
starts with a dash at the same indentation, the current line's item
is to be treated as `null`.
This PR was merged into the 2.3 branch.
Discussion
----------
[Yaml] fixed mapping keys containing a quoted #
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #11700, #11723
| License | MIT
| Doc PR | n/a
Commits
-------
110f999 [Yaml] fixed mapping keys containing a quoted #
8ba3b28 Added fixture to test parsing of hash keys ending with a space and #
This PR was merged into the 2.3 branch.
Discussion
----------
[DoctrineBridge] Abstract Doctrine Subscribers with tags
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | this one
| License | MIT
| Doc PR | N/A
I've hit a problem with some doctrine listeners, built by decorating an abstract definition.
I want the abstract definition to hold the tag, however because the RegisterEventListenersAndSubscribersPass runs before abstract definitions are removed, they get added as method calls to the EventManager definition, which once the abstract service is removed, we end up with a method call that breaks the container.
I don't know if this is the best approach, it might be better not to return abstract services when calling `findTaggedServiceIds` instead?
Commits
-------
cbcf513 Disallow abstract definitions from doctrine event listener registration
This PR was squashed before being merged into the 2.3 branch (closes#11768).
Discussion
----------
[ClassLoader] Add a __call() method to XcacheClassLoader
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #11733
| License | MIT
| Doc PR |
Commits
-------
dd0d6af [ClassLoader] Add a __call() method to XcacheClassLoader
This PR was merged into the 2.3 branch.
Discussion
----------
[YAML] resolve variables in inlined YAML
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #11665
| License | MIT
| Doc PR |
#11569 does not resolve variables in inline YAML.
Commits
-------
45a5863 [YAML] resolve variables in inlined YAML
This PR was merged into the 2.3 branch.
Discussion
----------
[Validator] Fixed wrong translations for Collection constraints
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #11630
| License | MIT
| Doc PR |
The error messages for a missing field and an unexpected field did not match the Constraint class.
Commits
-------
808de2b [Validator] Fixed wrong translation keys/messages for Collection constraint. The error messages for a missing field and an unexpected field did not match the Contraint class
This PR was squashed before being merged into the 2.3 branch (closes#11711).
Discussion
----------
[DoctrineBridge] Fix empty parameter logging in the dbal logger
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #11710
| License | MIT
| Doc PR | -
Commits
-------
ef23f02 [DoctrineBridge] Fix empty parameter logging in the dbal logger
This PR was merged into the 2.3 branch.
Discussion
----------
[DomCrawler] check for the correct field type
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #11689
| License | MIT
| Doc PR |
HTML allow to define different form fields with the same name. Imagine the following form:
```html
<html>
<body>
<form action="/">
<input type="hidden" name="option" value="default">
<input type="radio" name="option" value="A">
<input type="radio" name="option" value="B">
<input type="hidden" name="settings[1]" value="0">
<input type="checkbox" name="settings[1]" value="1" id="setting-1">
<button>klickme</button>
</form>
</body>
</html>
```
Since the `FormFieldRegistry` can only handle one field per name, the hidden field option is registered first before the radio field with the same name is evaluated. Thus, the `FormFieldRegistry` returns an `InputFormField` instance on which the `addChoices()` method can not be called.
Commits
-------
169b397 check for the correct field type
This PR was merged into the 2.3 branch.
Discussion
----------
[Routing] fix handling of nullable XML attributes
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
As @Tobion pointed out in #11394, ``true`` and ``1`` are valid values in boolean XML attributes. The XmlFileLoader didn't handle ``1`` values properly.
Commits
-------
7b4d4b6 fix handling of nullable XML attributes
This PR was merged into the 2.3 branch.
Discussion
----------
[DomCrawler] fix the axes handling in a bc way
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #11503
| License | MIT
| Doc PR |
The previous fix in #11548 for handling XPath axes was not backward compatible. In previous Symfony versions the Crawler handled nodes by holding a "fake root node". This must be taken into account when evaluating (relativizing) XPath expressions.
Commits
-------
d26040f [DomCrawler] fix the axes handling in a bc way
This PR was merged into the 2.3 branch.
Discussion
----------
[Validator] return empty metadata collection if none do exist
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR | [The reference to the documentation PR if any]
Backport of #11614 for Symfony 2.3 and 2.4.
Commits
-------
f5bc18d return empty metadata collection if none do exist
HTML allow to define different form fields with the same name.
Imagine the following form:
<html>
<body>
<form action="/">
<input type="hidden" name="option" value="default">
<input type="radio" name="option" value="A">
<input type="radio" name="option" value="B">
<input type="hidden" name="settings[1]" value="0">
<input type="checkbox" name="settings[1]" value="1" id="setting-1">
<button>klickme</button>
</form>
</body>
</html>
Since the `FormFieldRegistry` can only handle one field per name, the
hidden field option is registered first before the radio field with
the same name is evaluated. Thus, the `FormFieldRegistry` returns an
`InputFormField` instance on which the `addChoices()` method can not
be called.
This PR was merged into the 2.3 branch.
Discussion
----------
[HttpFoundation] revert #11510, moved to 2.6
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | none
| License | MIT
| Doc PR | none
This reverts PR #11510 from 2.3.
Commits
-------
fb120c7 revert #11510, moved to 2.6
This PR was merged into the 2.3 branch.
Discussion
----------
[Validator] Convert objects to string in comparison validators
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
In the [latest merge from 2.3 into 2.4](/symfony/symfony/commit/3bed1b7988e94a897a64c6a2ad3bf70bde9005c1), the changes from 6cf5e0812e in 2.4 got lost. This PR brings back these changes and backports them to 2.3.
The change is BC, because the former value `true` of the `$prettyDateTime` will be cast to `1`, which corresponds to the `PRETTY_DATE` format constant.
Commits
-------
273671e [Validator] Convert objects to string in comparison validators. Reapplies 6cf5e0812e
This PR was squashed before being merged into the 2.3 branch (closes#11510).
Discussion
----------
[HttpFoundation] MongoDbSessionHandler supports auto expiry via configurable expiry_field
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #11508
| License | MIT
| Doc PR | no
ToDo
* [x] Fix Tests
Looking for feedback on this early PR.
This adds a config option that disables the PHP GC method call from doing anything,
It also means that the write method sets up the auto expiring index.
Ref: #11508
Commits
-------
b56b740 [HttpFoundation] MongoDbSessionHandler supports auto expiry via configurable expiry_field
This PR was merged into the 2.3 branch.
Discussion
----------
[Console] fixed style creation when providing an unknown tag option
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
When formatting a string, the console ignore style it cannot parse. But if a string looks like an option (`<setting=value>`) for instance, instead of displaying the text as is, it currently throws an exception.
Commits
-------
8814920 [Console] fixed style creation when providing an unknown tag option
The previous fix in #11548 for handling XPath axes was not backward
compatible. In previous Symfony versions the Crawler handled nodes
by holding a "fake root node". This must be taken into account when
evaluating (relativizing) XPath expressions.
The PropertyMetadataContainerInterface defines that the method
getPropertyMetadata() has to return an empty collection if no
metadata have been configured for the given property. Though, its
implementation in the ClassMetadata class didn't check for
existence of such metadata. This behavior led to unexpected PHP
notices when validating a property or a property value of a property
without any configured constraints (only affects the new 2.5 API).
Additionally, the getMemberMetadatas() didn't check for existing
array keys as well which has also been fixed.
This PR was merged into the 2.3 branch.
Discussion
----------
[Process] Added process synchronization to the incremental output tests
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
The tests currently fail from time to time if the executing machine is under
heavy load. This leads to false negatives on Travis CI.
A side effect of the change is that the tests are much faster now.
Commits
-------
6dd3946 [Process] Added process synchronization to the incremental output tests
The tests currently fail from time to time if the executing machine is under
heavy load. This leads to false negatives on Travis CI.
A side effect of the change is that the tests are much faster now.
This PR was merged into the 2.3 branch.
Discussion
----------
[Bundle][FrameworkBundle] built-in server: exit when docroot does not exist
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #6496
| License | MIT
| Doc PR |
When the server:run command is run with an invalid document root
directory (for example, when being in the app directory and not
changing the document root to ../web/), the command crashes on Windows
with a 267 exit code. On Linux, the server starts but just publishes
internal server errors.
Commits
-------
f143254 built-in server: exit when docroot does not exist
This PR was merged into the 2.3 branch.
Discussion
----------
[Form] fix whitespace in Twig form template
| Q | A
| ------------- | ---
| Bug fix? | kind of (after updating from 2.3.17 to 2.3.18, some of my tests were broken because of this)
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | they should, let's see what Travis has to say...
| Fixed tickets | --
| License | MIT
| Doc PR | --
This fixes some whitespace rendering.
after merging #11386:
```html
<input type="text" id="myfield" name="myfield" value="blah" />
```
before merging #11386 and with this PR again:
```html
<input type="text" id="myfield" name="myfield" value="blah" />
```
Commits
-------
8504d02 fixed whitespace in Twig form template
This PR was merged into the 2.3 branch.
Discussion
----------
[DependencyInjection] Fixed missing 'factory-class' attribute in XmlDumper output
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
Problem: XmlDumper doesn't write 'factory-class' XML attribute for definitions on which setFactoryClass() was called.
Impact: Container[Builder] to throws an exception when the relevant service is being requested/initiated after loading the dumped XML.
`Uncaught Exception Symfony\Component\DependencyInjection\Exception\RuntimeException: "Cannot create service "xxx" from factory method without a factory service or factory class." at /<path>/<to>//DependencyInjection/ContainerBuilder.php`
Solution: Made XmlDumper write the 'factory-class' attribute, and updated the relevant test fixture.
Another related problem, is that XMLFileLoader doesn't complain if the 'factory-class' attribute is missing for a 'service' elements that include 'factory-method' attribute, resulting in an ill-configured Definition object in the ContainerBuilder. I'll post an issue/ticket, and probably send another PR for that.
Commits
-------
18e3e6f [DependencyInjection] fixed missing 'factory-class' attribute in XmlDumper output
Symfony\Component\DependencyInjection\Dumper\XmlDumper didn't write 'factory-class' XML attribute for definitions on which setFactoryClass() was called.
This caused the Container[Builder] to throw an exception when the relevant service is being requested/initiated after loading the dumped XML:
`Uncaught Exception Symfony\Component\DependencyInjection\Exception\RuntimeException: "Cannot create service "xxx" from factory method without a factory service or factory class." at /<path>/<to>/vendor/symfony/dependency-injection/Symfony/Component/DependencyInjection/ContainerBuilder.php`
Fixed the problem, and updated the relevant test fixture.
This PR was merged into the 2.3 branch.
Discussion
----------
[Component][DomCrawler] fix axes handling in Crawler::filterXPath()
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #11503
| License | MIT
| Doc PR |
Due to some limitations in the ``relativize()`` method, it was not possible to use XPath axes other than ``descendant`` or ``descendant-or-self`` in the ``filterXPath()`` method of the ``Crawler`` class. This commit adds support for the ``ancestor``, ``ancestor-or-self``, ``attribute``, ``child``, ``following``, ``following-sibling``, ``parent``, ``preceding``, ``preceding-sibling`` and ``self`` axes.
The only axis missing after this is the ``namespace`` axis. Filtering for namespace nodes returns ``DOMNameSpaceNode`` instances which can't be passed to the ``add()`` method.
Commits
-------
8dc322b fix axes handling in Crawler::filterXPath()
Due to some limitations in the relativize() method, it was not
possible to use XPath axes other than descendant or descendant-or-self
in the filterXPath() method of the Crawler class. This commit adds
support for the ancestor, ancestor-or-self, attribute, child,
following, following-sibling, parent, preceding, preceding-sibling and
self axes.
This PR was merged into the 2.3 branch.
Discussion
----------
fix some docblocks
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
Commits
-------
1775da5 fix some docblocks
When the server:run command is run with an invalid document root
directory (for example, when being in the app directory and not
changing the document root to ../web/), the command crashes on Windows
with a 267 exit code. On Linux, the server starts but just publishes
internal server errors.
This PR was merged into the 2.3 branch.
Discussion
----------
Make builds green again
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
This PR rolls back changes made to the fixture and generated files in e9022adaef (#11512).
Commits
-------
88b4e70 [DependencyInjection] Roll back changes made to generated files.
f89811d [Console] Roll back changes made to fixture files.
This PR was merged into the 2.3 branch.
Discussion
----------
[Serializer] properly handle null data when denormalizing
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #10794
| License | MIT
| Doc PR |
Commits
-------
123fc62 properly handle null data when denormalizing
This PR was merged into the 2.3 branch.
Discussion
----------
[Validator] Fixed string conversion in constraint violations
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #10675
| License | MIT
| Doc PR | -
Commits
-------
32ae95b [Validator] Added more detailed inline documentation
08ea6d3 [Validator] Removed information from the violation output if the value is an array, object or resource
d6a783f [Validator] Renamed valueToString() to formatValue(); added missing formatValue() calls
71897d7 [Validator] Fixed CS
cea4155 [Validator] Fixed date-to-string conversion tests to match ICU 51
5aa7e6d [Validator] Added "{{ value }}" parameters where they were missing
f329552 [Validator] Simplified and explained the LuhnValidator
bff09f2 [Validator] Simplified IssnValidator
224e70f [Validator] Fixed and simplified IsbnValidator
fd58870 [Validator] Simplified IBAN validation algorithm
97243bc [Validator] Fixed value-to-string conversion in constraint violations
75e8815 [Validator] Fix constraint violation message parameterization
This PR was merged into the 2.3 branch.
Discussion
----------
[EventDispatcher] don't count empty listeners
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #11444
| License | MIT
| Doc PR |
When event listeners for certain events are removed from the event
dispatcher, empty arrays are not being removed. Therefore, counting
on empty arrays leads to wrong results of the hasListeners() method.
Thanks to @mlindenb for discovering this an proposing a solution.
Commits
-------
fdbb04a [EventDispatcher] don't count empty listeners
When event listeners for certain events are removed from the event
dispatcher, empty arrays are not being removed. Therefore, counting
on empty arrays leads to wrong results of the hasListeners() method.
wait() throws an exception when the process was terminated by a signal.
This should not happen when the termination was requested by calling
either the stop() or the signal() method (for example, inside a callback
which is passed to wait()).
This PR was merged into the 2.3 branch.
Discussion
----------
[BrowserKit] Fixed server HTTP_HOST port uri conversion
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #11356
| License | MIT
| Doc PR | n/a
See #11356
Commits
-------
103fd88 [BrowserKit] refactor code and fix unquoted regex
f401ab9 Fixed server HTTP_HOST port uri conversion
This PR was merged into the 2.3 branch.
Discussion
----------
Fix issue described in #11421
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #11421
| License | MIT
| Doc PR | NA
This pull request fixes the issue described in #11421. It also adds a test for the issue. The issue is present in 2.0 forward, but I decided to fix it on the 2.3 branch so that I could also write a test for it (2.0 had no tests for the Process component, and 2.1 and 2.2 didn't have tests for the `ExecutableFinder` class).
Commits
-------
4cf50e8 Bring code into standard
9f4313c [Process] Add test to verify fix for issue #1142102eb765 [Process] Fixes issue #11421
This PR was merged into the 2.3 branch.
Discussion
----------
Pass a Scope instance instead of a scope name when cloning a container in the GrahpvizDumper
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #11055
| License | MIT
| Doc PR | -
Commits
-------
6787669 [DependencyInjection] Pass a Scope instance instead of a scope name.
If null is passed to denormalize(), no property values can be set on
the denormalized object. Additionally, this fixes passing values to
the denormalized object's constructor if the incoming data is an object.
This PR was merged into the 2.3 branch.
Discussion
----------
[2.3][Process] Reduce I/O load on Windows platform
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
When using file handles, no `stream_select` call is done.
On linux platforms, `stream_select` introduce a sleep as it has 0.2s timeout, there is no such pause on Windows, producing lot's of disk I/Os when reading file handles
Commits
-------
ff0bb01 [Process] Reduce I/O load on Windows platform
This PR was merged into the 2.3 branch.
Discussion
----------
[2.3][Form] Check if IntlDateFormatter constructor returned a valid object before using it
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
`IntlDateFormatter` constructor [may return false](http://www.php.net/manual/en/intldateformatter.create.php#refsect1-intldateformatter.create-returnvalues). This patches avoids fatal errors in these cases
This PR replaces #11334
Commits
-------
ebf967d [Form] Check if IntlDateFormatter constructor returned a valid object before using it
This PR was merged into the 2.3 branch.
Discussion
----------
[Validator] Backported #11410 to 2.3: Object initializers are called only once per object
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
Before, object initializers were called multiple times if an object was validated in different groups in the same validation run. The initializers, however, are not aware of the current validation group, so calling them more than once does not make sense.
Now, object initializers are called exactly once per validated object.
See #11410
Commits
-------
291cbf9 [Validator] Backported #11410 to 2.3: Object initializers are called only once per object
This PR was merged into the 2.3 branch.
Discussion
----------
[2.3] [Process] Use correct test for empty string in UnixPipes
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
This PR supersedes #11264 : 2.3 compatibility + Windows compatibility + CS fix
Commits
-------
cec0a45 [Process] Adjust PR #11264, make it Windows compatible and fix CS
9e1ea4a [Process] Use correct test for empty string in UnixPipes
This PR was merged into the 2.3 branch.
Discussion
----------
[HttpFoundation] Fix to prevent magic bytes injection in JSONP responses... (CVE-2014-4671)
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no*
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | N/A
| License | MIT
| Doc PR | N/A
| CVE Ticket | [CVE-2014-4671](http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-4671)
| See Also | [Rosetta Flash](http://miki.it/blog/2014/7/8/abusing-jsonp-with-rosetta-flash/)
\* Unless you are parsing the response string manually, which you really shouldn't do anyway
**THIS IS A SECURITY FIX AND SHOULD BE MERGED SHORTLY**
This fix prevents attacks vectors where third-party browser plugins depends on ASCII magic bytes in order to execute a plugin. This is currently exploited with Flash using a carefully crafted JSONP response, allowing the execution of random SWF data from a domain with a vulnerable JSONP endpoint.
This security issue is mitigated by adding an empty comment right before the callback parameter. This does not affect the execution of the JSONP callback.
Commits
-------
6af3d05 [HttpFoundation] Fix to prevent magic bytes injection in JSONP responses (Prevents CVE-2014-4671)
This PR was merged into the 2.3 branch.
Discussion
----------
[2.3] [Validator] Fix UserPassword validator translation
| Q | A
| ------------- | ---
| Fixed tickets | None
| License | MIT
Fixes the UserPassword translation message only for 2.3 as discussed in symfony/symfony#11383.
Commits
-------
73d50ed Fix UserPassword validator translation
This PR was merged into the 2.3 branch.
Discussion
----------
[2.3][HttpFoundation] Fix wrong assertion in Response test
| Q | A
| ------------- | ---
| Bug fix? | kinda
| New feature? | no
| BC breaks? | no
| Tests pass? | yes
| License | MIT
Commits
-------
3d63f80 [HttpFoundation] Fix wrong assertion in Response test
This PR was merged into the 2.3 branch.
Discussion
----------
remove defaults from PHPUnit configuration
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | --
| License | MIT
| Doc PR | --
Follow-up to #11329.
Commits
-------
afc4930 removed defaults from PHPUnit configuration
This PR was squashed before being merged into the 2.3 branch (closes#11194).
Discussion
----------
[DomCrawler] Remove the query string and the anchor of the uri of a link
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | ~
| License | MIT
| Doc PR | ~
Commits
-------
fe5d2d1 [DomCrawler] Remove the query string and the anchor of the uri of a link
The parent constructor will create a new formatter if the $formatter parameter is null
This fix avoids that the formatter becomes 2 different instances in $this and $this->stderr
This PR was squashed before being merged into the 2.3 branch (closes#11179).
Discussion
----------
[Process] Fix ExecutableFinder with open basedir
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
This fixes the `ExecutableFinder` object to properly fetch the `open_basedir` setting, also added a bunch of tests for the `find()` method.
Commits
-------
b8f8c0e [Process] Fix ExecutableFinder with open basedir
This PR was merged into the 2.3 branch.
Discussion
----------
[CssSelector] Refactored the CssSelector to remove the circular object graph
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #10879, replaces #11221
| License | MIT
| Doc PR | n/a
This allows the translator and its extensions to be garbage collected based on the refcount rather than requiring the garbage collector run, making it much more likely to happen at the end of the ``CssSelector::toXPath`` call.
Node translators now receive the Translator as second argument, instead of requiring to inject it in the extension to keep a reference to it. This way, the Translator is referenced nowhere inside it, only by the caller, and so will be destructed at the end of the usage (and extensions will then be destructed after it when not used anymore).
Commits
-------
994f81f Refactored the CssSelector to remove the circular object graph
This allows the translator and its extensions to be garbage collected
based on the refcount rather than requiring the garbage collector run,
making it much more likely to happen at the end of the
CssSelector::toXPath call.
This PR was merged into the 2.3 branch.
Discussion
----------
[DomCrawler] properly handle buttons with single and double quotes insid...
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #11151
| License | MIT
| Doc PR |
Commits
-------
cbbdbe4 [DomCrawler] properly handle buttons with single and double quotes inside the name attribute
This PR was merged into the 2.3 branch.
Discussion
----------
[Tests] don't disable constructor calls to mockups of classes that extend intern...
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
Fixes the tests for the 2.3 branch as reported by @stof in #11176.
Commits
-------
2c726b8 don't disable constructor calls to mockups of classes that extend internal PHP classes
See [PSR-2](http://www.php-fig.org/psr/psr-2/) paragraph 5.2
> There MUST be a comment such as `// no break` when fall-through is intentional in a non-empty case body.
Related to #11181
This PR was merged into the 2.3 branch.
Discussion
----------
[HttpFoundation] Fixed Request::getPort returns incorrect value under IPv6
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
Commits
-------
2a0e8e3 [HttpFoundation] Fixed Request::getPort returns incorrect value under IPv6
This PR was merged into the 2.3 branch.
Discussion
----------
[Filesystem] Fix test suite on OSX
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
Reviewing PR's, I realized the filesystem test suite fails on my setup (OSX, PHP 5.5.13 with posix ext). `posix_getgrgid` returns false, so some tests are failing.
This solves this issue.
Be aware that the patched method has been moved in FilesystemTestCase in recent branches
Commits
-------
e26f08e [Filesystem] Fix test suite on OSX
This PR was squashed before being merged into the 2.3 branch (closes#10966).
Discussion
----------
PHP Fatal error when getContainer method of ContainerAwareCommand has be...
PHP Fatal error when getContainer method of ContainerAwareCommand has been called within the configure method of a Command (application property is not been set yet at that time)
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
Commits
-------
8ea5c4c PHP Fatal error when getContainer method of ContainerAwareCommand has be...
This PR was merged into the 2.3 branch.
Discussion
----------
[HttpFoundation] Fix basic authentication in url with PHP-FPM
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | dispute
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
`getUser()` and `getPassword()` from `Request` are broken when using PHP-FPM because of the lack of `$_SERVER['PHP_AUTH_USER']` and `$_SERVER['PHP_AUTH_PW']`. This PR fixes the issue.
However, now an empty password will return an empty string (which is the expected behavior of `ServerBag`) instead of `NULL`. The test is updated accordingly, but should we consider this as a breakage?
This issue was spotted by using basic auth via the Illuminate component of Laravel and is present from v2.1.0 to master.
Commits
-------
7a75adf [HttpFoundation] Basic auth in url is broken when using PHP CGI/FPM
Request#getUser() and Request#getPassword() introduced in
aecfd0a891 do not handle the lack of
PHP_AUTH_USER and PHP_AUTH_PW in $this->server when using PHP-FPM. Use
$this->headers instead.
Furthermore, the test of empty password now expects an empty string
instead of NULL according to a450d002f2.
If you have a select with attribute name="foo[]", and you submit your form, http_build_query returns empty string as a result. In this case you get a form extra field validation error, because your field "foo" converts to
'' => bool(false)
This PR was merged into the 2.3 branch.
Discussion
----------
[HttpFoundation] smaller fixes for PdoSessionHandler
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #10652
| License | MIT
For both the PdoSessionHandler and DbalSessionHandler
- https://github.com/symfony/symfony/pull/10652#issuecomment-42370425: Transactional DELETE + INSERT does not work as expected
- https://github.com/symfony/symfony/pull/10652#issuecomment-44359784: sqlsrv 2005 does not support the MERGE SQL, and if used it requires an HOLDLOCK
- missing time update for sqlsrv and oracle
Commits
-------
a0e1d4d [Doctrine Bridge] fix DBAL session handler according to PdoSessionHandler
00d707f [HttpFoundation] use different approach for duplicate keys in postgres, fix merge for sqlsrv and oracle
This PR was merged into the 2.3 branch.
Discussion
----------
[Validator] Fix a parameter name in a test
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | none
| License | MIT
| Doc PR | not required
Commits
-------
069e925 Fix a parameter name in a test
At the moment both constraints can only be defined on other annotations (specifically, the Collection annotation). Defining the required or optional annotation directly on a field or method throws a ClassNotFoundException, since the constraint validator factory tries to load the validator (which does not exist).
This PR was squashed before being merged into the 2.3 branch (closes#10983).
Discussion
----------
[DomCrawler] Fixed charset detection in html5 meta charset tag
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | N/A
| License | MIT
It may be minor to folks with ascii-charactered language, but is critical for us Japanese.
Many Japanese websites with SJIS encoding have "Shift_JIS" as their encoding declaration.
Commits
-------
172e752 [DomCrawler] Fixed charset detection in html5 meta charset tag