This PR was squashed before being merged into the 2.3 branch (closes#14890).
Discussion
----------
[2.3] Static Code Analysis for Components
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
Static Code Analysis with Php Inspections (EA Extended):
- not optimal regular expressions usage
- strlen miss-use
- not optimal conditional statements in Process and Filesystem
- unsafe uniquid usage
PS: re-creating to no spam history log with reverts
Commits
-------
4a4fea7 [2.3] Static Code Analysis for Components
This PR was merged into the 2.3 branch.
Discussion
----------
[Form] Support DateTimeImmutable in transform()
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
When passing a DateTimeImmutable instance to DateTimeToLocalizedStringTransformer::transform($dateTime), it throws an exception, `TransformationFailedException('Expected a \DateTime.')`.
The method just converts a date-time object into a string, so there is no reason that it should not support all DateTimeInterface implementations.
DateTimeInterface was added in PHP 5.5, so in order to support earlier versions, we need to do instanceof checks for both DateTime and DateTimeInterface. When Symfony requires PHP 5.5 or larger, we can remove the DateTime check and only check for DateTimeInterface.
This was originally submitted as a PR against the 2.7 branch in #14676.
Commits
-------
17346c5 [Form] Support DateTimeImmutable in transform()
ResolvedFormType#getTypeExtensions() was calling method
AbstractType#getExtensions() which has been removed in
commit b3081e85a0
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
This PR was squashed before being merged into the 2.3 branch (closes#14738).
Discussion
----------
[HttpFoundation] Get response content as resource several times for PHP >= 5.6
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
Since PHP 5.6, `php://input` can be opened several times.
Commits
-------
9f9b0f7 [HttpFoundation] Get response content as resource several times for PHP >= 5.6
This PR was merged into the 2.3 branch.
Discussion
----------
[Config] Improved duplicated code in FileLocator
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| License | MIT
This PR improves a duplicate check prepending the current path (if exists) to the list of paths.
Commits
-------
30aa4e9 Improved duplicated code in FileLocator
This PR was merged into the 2.3 branch.
Discussion
----------
[BrowserKit] Fix bug when uri starts with http.
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
Commits
-------
6d3ec63 [BrowserKit] Fix bug when uri starts with http.
This PR was merged into the 2.3 branch.
Discussion
----------
[2.3] Static Code Analysis for Components
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
Static Code Analysis with Php Inspections (EA Extended), no functional changes:
- resolved possible PHP Fatal in \Symfony\Component\BrowserKit\Cookie::__toString
- resolved callable name case mismatches
Commits
-------
9eb2b14 Php Inspections (EA Extended): - resolved possible PHP Fatal in \Symfony\Component\BrowserKit\Cookie::__toString -resolved implicit magic methods calls -resolved callable name case mismatches
- resolved possible PHP Fatal in \Symfony\Component\BrowserKit\Cookie::__toString
-resolved implicit magic methods calls
-resolved callable name case mismatches
This PR was merged into the 2.3 branch.
Discussion
----------
[Validators] Correct translation key and content [nl]
The nl file is not up to date. Correct changed translation key.
Commits
-------
5bc4085 [Validators] Correct translation key and content [nl]
This PR was merged into the 2.3 branch.
Discussion
----------
n/a
n/a
Commits
-------
d320d27 [HttpKernel] Do not call the FragmentListener if _controller is already defined
This PR was merged into the 2.3 branch.
Discussion
----------
[Form] Check instance of FormBuilderInterface instead of FormBuilder
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #14714
| License | MIT
| Doc PR | -
Commits
-------
44469d0 Check instance of FormBuilderInterface instead of FormBuilder
This PR was squashed before being merged into the 2.3 branch (closes#14670).
Discussion
----------
[Security] TokenBasedRememberMeServices test to show why encoding username is required
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #14577
| License | MIT
| Doc PR | no
241538d shows that it's not actually tested, 257b796 reimplements it with test.
I can remove the POC commit if it's not needed.
Commits
-------
63a9736 [Security] TokenBasedRememberMeServices test to show why encoding username is required
This PR was squashed before being merged into the 2.3 branch (closes#14678).
Discussion
----------
[Security] AbstractRememberMeServices::encodeCookie() validates cookie parts
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #14577
| License | MIT
| Doc PR | no
`AbstractRememberMeServices::encodeCookie()` guards against `COOKIE_DELIMITER` in `$cookieParts`.
* it would make `AbstractRememberMeServices::cookieDecode()` broken
* all current extending classes do it anyway (see #14670 )
* added tests – it's not a public method, but it is expected to be used by user implementations – as such, it's good to know that it works properly
Commits
-------
464c39a [Security] AbstractRememberMeServices::encodeCookie() validates cookie parts
This PR was merged into the 2.3 branch.
Discussion
----------
[HttpKernel] Handle an array vary header in the http cache store
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #12118
| License | MIT
| Doc PR | -
Commits
-------
5930800 [HttpKernel] Handle an array vary header in the http cache store
This PR was squashed before being merged into the 2.3 branch (closes#14335).
Discussion
----------
[HttpFoundation] Fix baseUrl when script filename is contained in pathInfo
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #13617
| License | MIT
| Doc PR |
When the script filename is just /index.php, dirname() returns '/' for it. In Request::prepareBaseUrl() we append '/' to it (as introduced in #13039), which is wrong in this scenario as the resulting string is '//'.
When we rtrim('/') the output of dirname() then '/' would be constructed in this case, and in all other cases it makes no difference as dirname() already trims the right forward slash if there are path segments.
The test-cases should clarify the exact scenario.
Commits
-------
f24a6dd [HttpFoundation] Fix baseUrl when script filename is contained in pathInfo
This PR was merged into the 2.3 branch.
Discussion
----------
[DomCrawler] Throw an exception if a form field path is incomplete
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #11807
| License | MIT
| Doc PR | -
Commits
-------
991e65c [DomCrawler] Throw an exception if a form field path is incomplete.
This PR was merged into the 2.3 branch.
Discussion
----------
[Console] Delete duplicate test in CommandTest
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| License | MIT
The __get method is not implemented in the Command class, and the deleted test was duplicated with the preceding one.
Commits
-------
4a4eda9 [Console] Delete duplicate test in CommandTest
This PR was merged into the 2.3 branch.
Discussion
----------
[2.3] Fix HTML escaping of to-source links
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
Commits
-------
385a6b7 Fix HTML escaping of to-source links
This PR was merged into the 2.3 branch.
Discussion
----------
[ServerBag] Handled bearer authorization header in REDIRECT_ form
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
Apache rewrite module renames client request
header (`HTTP_`) by prepending `REDIRECT_` to
it. http basic authentication and http digest
authentication are properly processed in
REDIRECT_ form, while bearer is processed in
HTTP_ form, but dropped in REDIRECT_ form.
Example:
The following auth headers are handled in ServerBag,
```
HTTP_AUTHORIZATION => Basic aGVsbG86d29ybGQ=
REDIREDCT_HTTP_AUTHOIZATION => Basic aGVsbG86d29ybGQ=
HTTP_AUTHORIZATION => Digest blah
REDIRECT_HTTP_AUTHORIZATION => Digest blah
HTTP_AUTHORIZATION => Bearer mF_9.B5f-4.1JqM
```
while
```
REDIRECT_HTTP_AUTHORIZATION => Bearer mF_9.B5f-4.1JqM
```
is dropped.
Commits
-------
7b2e2df Handled bearer authorization header in REDIRECT_ form
This PR was merged into the 2.3 branch.
Discussion
----------
[Framework] added test for router commands.
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Fixed tickets | ~
| Tests pass? | yes
| License | MIT
- [x] router:debug
- [x] router:match
Commits
-------
6d403a7 [Framework] added test for Router commands.
This PR was merged into the 2.3 branch.
Discussion
----------
[Security][Translation] fixes#14584
| Q | A
| ------------- | ---
| Fixed tickets | #14584
| License | MIT
Some french translations are wrong in the security component.
As #14587 has been closed here's my fix.
Commits
-------
34c780f [Security][Translation] fixes#14584
This PR was merged into the 2.3 branch.
Discussion
----------
CS: Pre incrementation/decrementation should be used if possible
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
Fixes provided by new fixer: https://github.com/FriendsOfPHP/PHP-CS-Fixer/pull/1113
If this pr is merged I would change the level of the fixer to `symfony`.
Commits
-------
c5123d6 CS: Pre incrementation/decrementation should be used if possible
This PR was merged into the 2.3 branch.
Discussion
----------
[Security] Fix tests in HHVM
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| License | MIT
This PR fixes the tests in the Security components when run in HHVM. The failing tests are related to sebastianbergmann/phpunit-mock-objects#207
Commits
-------
139bae7 Fix tests in HHVM
This PR was merged into the 2.3 branch.
Discussion
----------
Add PHP7 compatible versions for the Null/True/False constraints as they are reserved words in PHP7
| Q | A
| ------------- | ---
| Bug fix? | PHP7 compatibility
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | N/A
| Fixed tickets | N/A - helps towards https://github.com/symfony/symfony/issues/14086
| License | MIT
Null, True and False are reserved words in PHP7:
https://wiki.php.net/rfc/reserve_more_types_in_php_7
Commits
-------
44edbdf Fixed compatibility with PHP7 and up by introducing new constraints (IsNull, IsTrue, IsFalse) and related validators (IsNullValidator, IsTrueValidator, IsFalseValidator)
This PR was merged into the 2.3 branch.
Discussion
----------
[2.3][EventDispatcher] make listeners removable from an executed listener
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #13972
| License | MIT
| Doc PR |
This fixes#13972 for Symfony 2.3. On Symfony 2.6 and higher, this has already been fixed with #14355.
Commits
-------
54bb399 [EventDispatcher] make listeners removable from an executed listener
This PR was merged into the 2.3 branch.
Discussion
----------
[SecurityBundle] Use Enum Nodes Instead Of Scalar
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | ~
| License | MIT
| Doc PR | ~
Commits
-------
ce7fb04 [SecurityBundle] Use Enum Nodes Instead Of Scalar
This PR was merged into the 2.3 branch.
Discussion
----------
[HttpKernel] Check if "symfony/proxy-manager-bridge" package is installed
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
Commits
-------
43cc877 [HttpKernel] Check if "symfony/proxy-manager-bridge" package is installed
This PR was merged into the 2.3 branch.
Discussion
----------
[2.3] link to https://symfony.com where possible
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
Commits
-------
bf8a1ce link to https://symfony.com where possible
This PR was merged into the 2.3 branch.
Discussion
----------
Use https://symfony.com/search for search form
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | none
| License | MIT
| Doc PR | none
Using https for symfony.com/search stops chrome (and eventually firefox)
from warning us about "Mixed Content" when developing sites that use SSL
for the entire site.
Here is the warning text:
```
Mixed Content: The page at 'https://example.org/' was loaded over a secure connection, but contains a form which targets an insecure endpoint 'http://symfony.com/search'. This endpoint should be made available over a secure connection.
```
Commits
-------
74983d7 Use https://symfony.com/search for searching
This PR was merged into the 2.3 branch.
Discussion
----------
[SecurityBundle][WebProfiler] check authenticated user by tokenClass instead of username.
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Fixed tickets | #13628
| Tests pass? | yes
| License | MIT
Commits
-------
79e005b [profiler][security] check authenticated user by tokenClass instead of username.