This PR was merged into the 5.1-dev branch.
Discussion
----------
[FrameworkBundle] Add missing items in the unused tag pass whitelist
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | yes
| New feature? | no <!-- please update src/**/CHANGELOG.md files -->
| Deprecations? | no <!-- please update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| Tickets | n/a <!-- prefix each issue number with "Fix #", if any -->
| License | MIT
| Doc PR | n/a
We have some missing tags in the whitelist. I've added a script that adds the missing ones, and added a test to avoid forgetting about updating the whitelist.
Commits
-------
d1bcc0fc5e [FrameworkBundle] Add a script that checks for missing items in the unused tag whitelist
* 3.4:
fix unix root dir issue
sync validator translation files with master
fix anchor
fix links to releases page (formerly known as "roadmap")
[Console] Don't load same-namespace alternatives on exact match found
* 3.4:
[FrameworkBundle] fix "samesite" in XSD
Update UserPasswordEncoderCommand.php
[HttpFoundation][FrameworkBundle] fix support for samesite in session cookies
[DoctrineBridge] Fixed submitting ids with query limit or offset
This PR was merged into the 3.4 branch.
Discussion
----------
[HttpFoundation][FrameworkBundle] fix support for samesite in session cookies
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | Fix#35520
| License | MIT
| Doc PR | -
This PR cherry-picks #28168 on 3.4, with a rationale given by @ConneXNL in https://github.com/symfony/symfony/issues/35520#issuecomment-582296847:
> I hope I am wrong but I see the impact of not making any changes to Symfony 3.4 will have a tons of sites break if we cannot set the cookie's samesite setting (in the framework session and remember me) before Chrome pushes this update.
>
> Very soon all existing cookies are no longer going to work with cross-domains if you do not specify 'None' for the cookie_samesite. All external APIs that use cookies and are running SF 3.4 will break and devs will have no quick solution to fix their auth process.
>
> If you are using PHP 7.4, yes you can most likely use ini_set to workaround this issue.
>
> However, ini_set('cookie_samesite') does not work in PHP Version <= 7.2.
I am not even sure PHP 7.3 supports the value 'None' as php.watch/articles/PHP-Samesite-cookies says it has support for 'Lax' and 'Scrict'.
>
> This effectively means SF 3.4 on PHP 7.2 (or PHP 7.3) is no longer supported for cross domain APIs with cookies. People would have to either update PHP to 7.4 (if they even can?) or go to Symfony 4 (with a dead live site is going to be a complete disaster).
>
> Since the impact of the change that chrome is about to roll out is so fundamentally changing our way to set cookies, I consider configuring samesite configuration in the framework an absolute requirement, not a feature, especially since SF 3.4 is still supported.
>
> What am i missing?
>
> Note: SF3 HTTPFoundation already supports the new cookie settings, it's just the framework that doesn't support it.
Our BC policy embeds the promise that one should be able to keep the same app on a newest infrastructure (eg that's why supporting a PHP version is a bug fix). I think we can consider this for browsers here also. WDYT?
Commits
-------
f46e6cb8a0 [HttpFoundation][FrameworkBundle] fix support for samesite in session cookies
This PR was merged into the 4.4 branch.
Discussion
----------
Fix HTTP client config handling
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | -
Defining a `key` parameter in the `query` option of a scoped HTTP client triggers an error:
```
Undefined index: value
```
This PR fixes this issue but an edge case still remains with YAML and PHP config. If one wants to define parameters `key=foo`, `value=bar` and nothing else, the query will actually be `foo=bar` instead of `key=foo&value=bar`. Not sure how to fix this case without breaking the tests I added here.
Commits
-------
963d0cce86 Fix HTTP client config handling
* 3.4:
[Phpunit] Fix running skipped tests expecting only deprecations
[DependencyInjection] #35505 Fix typo in test name
[Yaml][Inline] Fail properly on empty object tag and empty const tag
Check non-null type for numeric type
Check value isset to avoid PHP notice
bug symfony#28179 [DomCrawler] Skip disabled fields processing in Form
This PR was merged into the 3.4 branch.
Discussion
----------
[FrameworkBundle] Check non-null type for numeric type
$maxAge and $sharedAge can both be zero
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | no <!-- please update src/**/CHANGELOG.md files -->
| Deprecations? | no <!-- please update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| License | MIT
Commits
-------
2797867ae9 Check non-null type for numeric type
This PR was squashed before being merged into the 4.4 branch (closes#35486).
Discussion
----------
[Translator] Default value for 'sort' option in translation:update should be 'asc'
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets |
| License | MIT
| Doc PR |
The value for 'sort' option for `bin/console translation:update --sort` is optional, but no default value is defined. So the list isn't sorted if no value is explicitly defined.
This MR brings a default value "asc" if no value is defined, so the list is correctly sorted.
Commits
-------
fdb13c8ab8 [Translator] Default value for 'sort' option in translation:update should be 'asc'
This PR was merged into the 4.4 branch.
Discussion
----------
Fixes a runtime error when accessing the cache panel
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | Fix#35419
| License | MIT
| Doc PR | symfony/symfony-docs#... <!-- required for new features -->
Fixes a runtime error (_Impossible to access an attribute ("value") on a double variable..._) when accessing the cache panel on 4.4.3
Commits
-------
4740b10132 Fixes a runtime error (Impossible to access an attribute ("value") on a double variable...) when accessing the cache panel (@see #35419)
This PR was merged into the 4.4 branch.
Discussion
----------
[FrameworkBundle] Add --show-arguments example to debug:container command help text
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | no
| New feature? | no <!-- please update src/**/CHANGELOG.md files -->
| Deprecations? | no <!-- please update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| Tickets | - <!-- prefix each issue number with "Fix #", if any -->
| License | MIT
| Doc PR | - <!-- required for new features -->
I like this option a lot and I think it deserves to be mentioned in the command help text :-)
Commits
-------
f703a58215 [FrameworkBundle] Add --show-arguments example to debug:container command help text
This PR was squashed before being merged into the 4.4 branch.
Discussion
----------
Revert #34797 "Fixed translations file dumper behavior" and fix#34713
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | Fix#35264
| License | MIT
| Doc PR | -
Revert https://github.com/symfony/symfony/pull/34797
See also https://github.com/symfony/symfony/issues/35328
It's very likely that the new way will be completely different from this one that is being reverted. That's why I'm reverting rather than fixing it.
Commits
-------
9ca872054bFixed#34713 Move new messages to intl domain when possible
56e79fefa1 Revert "Fixed translations file dumper behavior"
This PR was merged into the 4.4 branch.
Discussion
----------
[FrameworkBundle] Fix small typo in output comment
| Q | A
| ------------- | ---
| Branch? | 4.4 <!-- see below -->
| Bug fix? | no
| New feature? | no <!-- please update src/**/CHANGELOG.md files -->
| Deprecations? | no <!-- please update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| Tickets | - <!-- prefix each issue number with "Fix #", if any -->
| License | MIT
| Doc PR | - <!-- required for new features -->
<!--
Replace this notice by a short README for your feature/bugfix. This will help people
understand your PR and can be used as a start for the documentation.
Additionally (see https://symfony.com/roadmap):
- Always add tests and ensure they pass.
- Never break backward compatibility (see https://symfony.com/bc).
- Bug fixes must be submitted against the lowest maintained branch where they apply
(lowest branches are regularly merged to upper ones so they get the fixes too.)
- Features and deprecations must be submitted against branch master.
-->
Commits
-------
d18f5ed851 [FrameworkBundle] Fix small typo in output comment
* 4.3:
[FrameworkBundle] remove messenger cache if not enabled
[HttpClient] Fix strict parsing of response status codes
[DI] Suggest typed argument when binding fails with untyped argument
* 4.3:
Avoid stale-if-error if kernel.debug = true, because it hides errors
[Console] Fix SymfonyQuestionHelper tests sometimes failing on AppVeyor
[Workflow] Fix configuration node reference for "initial_marking"
expand listener in place
[DI] deferred exceptions in ResolveParameterPlaceHoldersPass
* 3.4:
Avoid stale-if-error if kernel.debug = true, because it hides errors
[Console] Fix SymfonyQuestionHelper tests sometimes failing on AppVeyor
[DI] deferred exceptions in ResolveParameterPlaceHoldersPass
This PR was merged into the 4.4 branch.
Discussion
----------
[FrameworkBundle] Do not throw exception on value generate key
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | N/A
| License | MIT
| Doc PR | N/A
When using env variable instead of key files and creating a new Secret, the check in `generateKeys` (called by the command `SecretsSetCommand`) prevents generating a secret.
reproducer:
```
$ rm config/secrets/prod/prod.decrypt.private.php
$ export SYMFONY_DECRYPTION_SECRET=XXX
$ ./bin/console secret:set FOO
In SodiumVault.php line 50:
Cannot generate keys when a decryption key has been provided while instantiating the vault.
```
This PR converts the exception in a warning message.
Commits
-------
2f608b4dfa Do not throw exception on valut generate key
* 4.3:
[Debug] fix ClassNotFoundFatalErrorHandler
[Routing] Fix using a custom matcher & generator dumper class
[Dotenv] Fixed infinite loop with missing quote followed by quoted value
[HttpClient] Added missing sprintf
[TwigBridge] button_widget now has its title attr translated even if its label = null or false
[PhpUnitBridge] When using phpenv + phpenv-composer plugin, composer executable is wrapped into a bash script
[Messenger] Added check if json_encode succeeded
[Security] Prevent canceled remember-me cookie from being accepted
[FrameworkBundle][TranslationUpdateCommand] Do not output positive feedback on stderr
[Security\Guard] Fix missing typehints
* 3.4:
[Debug] fix ClassNotFoundFatalErrorHandler
[Dotenv] Fixed infinite loop with missing quote followed by quoted value
[TwigBridge] button_widget now has its title attr translated even if its label = null or false
[PhpUnitBridge] When using phpenv + phpenv-composer plugin, composer executable is wrapped into a bash script
[Security] Prevent canceled remember-me cookie from being accepted
[FrameworkBundle][TranslationUpdateCommand] Do not output positive feedback on stderr
This PR was merged into the 3.4 branch.
Discussion
----------
[Security\Http] Prevent canceled remember-me cookie from being accepted
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | Fix#35198
| License | MIT
| Doc PR | -
`RememberMeServices::autoLogin()` only checks that the cookie exists in `$request->cookies` while `loginFail()` only alter `$request->attributes` (which allows child implementations to read the canceled cookie for e.g. removing a persistent one).
This makes `autoLogin()` checks for `request->attributes` first, which fixes the linked issue.
Failure expected on deps=high build.
Commits
-------
9b711b87fe [Security] Prevent canceled remember-me cookie from being accepted
This PR was merged into the 4.4 branch.
Discussion
----------
[SecurityBundle] fix version when "anonymous: lazy" was introduced
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| Tickets |
| License | MIT
| Doc PR |
Commits
-------
c280a01724 fix version when "anonymous: lazy" was introduced
* 4.3:
[Mailer] Remove line breaks in email attachment content
Update links to documentation
[Validator] Add the missing translations for the Arabic (ar) locale
ensure to expect no validation for the right reasons
[PhpUnitBridge] Add test case for @expectedDeprecation annotation
[PhpUnitBridge][SymfonyTestsListenerTrait] Remove $testsWithWarnings stack
[Mailer][MailchimpBridge] Fix missing attachments when sending via Mandrill API
[Mailer][MailchimpBridge] Fix incorrect sender address when sender has name
[HttpClient] fix capturing SSL certificates with NativeHttpClient
[TwigBridge][Form] Added missing help messages in form themes
Update year in license files
Update year in license files
[HttpClient] fix typo
[Console][FormatterHelper] Use helper strlen statically and remove duplicated code
[Routing] Fix i18n routing when the url contains the locale
Fix BC issue in phpDoc Reflection library
[Translator] Performance improvement in MessageCatalogue and catalogue operations.
* 3.4:
Update links to documentation
[Validator] Add the missing translations for the Arabic (ar) locale
ensure to expect no validation for the right reasons
[PhpUnitBridge] Add test case for @expectedDeprecation annotation
Update year in license files
[Console][FormatterHelper] Use helper strlen statically and remove duplicated code
Fix BC issue in phpDoc Reflection library
[Translator] Performance improvement in MessageCatalogue and catalogue operations.
* 4.3:
Fixed#35084
Add missing use statement
[HttpClient] fix scheduling pending NativeResponse
do not overwrite variable value
[Profiler] wording
Use spaces correctly to display options in DebugCommand
X-Accel Nginx URL updated
ticket-30197 [Validator] Add the missing translations for the Chinese (Taiwan) ("zh_TW") locale
Fixed test added in #35022
Use locale_parse for computing fallback locales
[Console] Fix filtering out identical alternatives when there is a command loader
* 3.4:
Add missing use statement
[Profiler] wording
X-Accel Nginx URL updated
ticket-30197 [Validator] Add the missing translations for the Chinese (Taiwan) ("zh_TW") locale
Fixed test added in #35022
Use locale_parse for computing fallback locales
[Console] Fix filtering out identical alternatives when there is a command loader
* 4.3:
fix merge
CS
[Serializer] Skip uninitialized (PHP 7.4) properties in PropertyNormalizer and ObjectNormalizer
stop using deprecated Doctrine persistence classes
[Cache] Fix wrong classname in deprecation message
Fix regex lookahead syntax in ApplicationTest
Fixed syntax in comment
[SecurityBundle][FirewallMap] Remove unused property
[Messenger][AMQP] Use delivery_mode=2 by default
[DI] Improve performance of processDefinition
Fix invalid Windows path normalization
[Validator][ConstraintValidator] Safe fail on invalid timezones
[DoctrineBridge] Fixed submitting invalid ids when using queries with limit
[FrameworkBundle] Add info & example to auto_mapping config
fix comparisons with null values at property paths
This PR was merged into the 4.3 branch.
Discussion
----------
[FrameworkBundle] Add info & example to auto_mapping config
| Q | A
| ------------- | ---
| Branch? | 4.3 <!-- see below -->
| Bug fix? | no
| New feature? | no <!-- please update src/**/CHANGELOG.md files -->
| Deprecations? | no <!-- please update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| Tickets | N/A <!-- prefix each issue number with "Fix #", if any -->
| License | MIT
| Doc PR | N/A
Backport part of #34707 and add example.
Commits
-------
8eb29a7b73 [FrameworkBundle] Add info & example to auto_mapping config
This PR was merged into the 3.4 branch.
Discussion
----------
[FrameworkBundle] Fix invalid Windows path normalization in TemplateNameParser
| Q | A
| ------------- | ---
| Branch? | 3.4 - <5.0
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | no
| License | MIT
| Doc PR | Fix invalid Windows path normalization
All versions of Symfony until 5.0 (which does no longer do extra file path normalization) normalize Windows paths wrongly.
See https://github.com/PrestaShop/PrestaShop/issues/16736 and https://bugs.php.net/bug.php?id=78939
Currently this issue can be observed when Symfony is run by NTS PHP only, but once the PHP issue will be fixed, this issue will probably affects all Windows users when absolute template name is passed to Symfony templating.
Commits
-------
130df8ca8c Fix invalid Windows path normalization
This PR was merged into the 4.4 branch.
Discussion
----------
[FrameworkBundle][DependencyInjection] Skip removed ids in the lint container command and its associated pass
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | https://github.com/symfony/symfony/issues/34858
| License | MIT
| Doc PR | -
We remove the "removing" passes again and to avoid what https://github.com/symfony/symfony/pull/34502 fixed, we skip validating the "live" container removed ids in the pass (the "live" container is supposed to have the same definitions than the "debug container" one).
Logically, an errored service cannot pass the "live" container compilation without being removed. Consequently, it also skips the errored services that ended up being removed in the "live" container.
Commits
-------
a0f581ba9d [FrameworkBundle][DependencyInjection] Skip removed ids in the lint container command and its associated pass
This PR was squashed before being merged into the 4.4 branch.
Discussion
----------
[FrameworkBundle][Secrets] Hook configured local dotenv file
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | https://github.com/symfony/symfony/issues/34905
| License | MIT
| Doc PR | -
Configured local_dotenv_file does not currently substitute the secrets.vault service definition first argument value, rendering this configuration option useless + we don't need to set defaults in secrets.xml since everything is overriden in FrameworkExtension with the same default values (from the configuration).
Commits
-------
56f542c36b [FrameworkBundle][Secrets] Hook configured local dotenv file
* 4.3:
Fix merge
[DoctrineBridge] try to fix deprecations from doctrine/persistence
[DI] Add support for immutable setters in CallTrait
[Cache] Propagate expiry when syncing items in ChainAdapter
[Routing] fix memoryleak when loading compiled routes
[Translation] fix memoryleak in PhpFileLoader
Twig3 FilesystemLoader::findTemplate() should return `string|null`
instead of Twig2 `string|null|false`: see
<https://github.com/twigphp/Twig/blob/3.x/src/Loader/FilesystemLoader.php#L167>
Returning `null` fixes `exists()` of Twig 3 FilesystemLoader without
breaking Twig 2 (which expected `null` or `false` for not found
templates).
Change the test to assert `null` instead of `false`.
This PR was merged into the 4.4 branch.
Discussion
----------
[FrameworkBundle][ContainerLintCommand] Reinitialize bundles when the container is reprepared
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | -
Some bundles extensions are "instances dependents", eg they cache service registrations (eg: 70dec3c8a3/src/Symfony/Bundle/SecurityBundle/DependencyInjection/SecurityExtension.php (L743)).
Launching the lint command loads all bundles a first time, just to be able to run the command.
Then, when we build the container again for the lint command, it loads all bundles a second time. But since it's the same bundles instances, some services are not registered, leading to missing services in `CheckExceptionOnInvalidReferenceBehaviorPass`.
Commits
-------
31975e4981 [FrameworkBundle][ContainerLintCommand] Reinitialize bundles when the container is reprepared
* 4.3:
[Cache] fix memory leak when using PhpFilesAdapter
[Yaml] Implement multiline string as scalar block for tagged values
[HttpFoundation] Use `Cache-Control: must-revalidate` only if explicit lifetime has been given
[FrameworkBundle] Use UserInterface to @return in getUser method
[CI] Replace php7.4snapshot with php7.4 in Travis configuration
[ExpressionLanguage][Node][BinaryNode] Process division by zero
forward caught exception
[Validator][ConstraintValidator] Stop passing unnecessary timezone argument to \DateTime
add tags before processing them
[MonologBridge] Fix debug processor datetime type
