This PR was merged into the 3.3-dev branch.
Discussion
----------
[HttpKernel] Refactored SessionValueResolver
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | ~
| License | MIT
| Doc PR | ~
I thought the comment has been addressed in #21164, but it may have been unintentionally lost while rebasing?
Commits
-------
f0e832a [HttpKernel] Refactored SessionValueResolver
This PR was merged into the 3.3-dev branch.
Discussion
----------
[DI] Remove experimental status from service-locator argument type
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | https://github.com/symfony/symfony/pull/21625#issuecomment-282483374, https://github.com/symfony/symfony/pull/21625#discussion_r102232221, #21710
| License | MIT
The `service-locator` argument type is not controversial to me. We know its scope, nothing really surprising, just a map of services to be lazily loaded like `iterator` is (which is not experimental) but keyed.
About its api, it's just PSR-11 restricted to objects, nothing that can't be changed safely in the future.
As stated in https://github.com/symfony/symfony/pull/21625#issuecomment-282483374, it proven its usefulness already. I think what we were looking for by flagging it experimental is just to see it in action, we've 3 opened PRs for that (#21625, #21690, #21730).
This allows introducing deprecations for making use of the feature in the core, thus unlocks #21625 and #21690.
Commits
-------
46dc47af11 [DI] Remove experimental status from service-locator argument type
This PR was merged into the 3.3-dev branch.
Discussion
----------
[HttpKernel] Added the SessionValueResolver
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #21159
| License | MIT
| Doc PR | (soon)
This feature adds the `SessionValueResolver`. That means that you no longer have to rely on injecting a `SessionInterface` implementation via the constructor or getting this implementation from the `Request`. Regardless of method, it does not know about the `getFlashBag()`.
By adding the `Session` to the action arguments, you can now type-hint against the implementation rather than interface, which contains the `getFlashBag()`, making it accessible rather than using duck-typing.
_It should also feel less like injecting a service into the constructor which has a state or getting a service from the request._
**Old Situation**
```php
class Controller
{
public function __construct(SessionInterface $session) { /* ... */ }
public function fooAction(Request $request)
{
$this->get('session')->get(...);
$request->getSession()->get(...);
$this->session->get(...)
// duck-typing
$this->get('session')->getFlashBag();
$request->getSession()->getFlashBag();
$this->session->getFlashBag();
$this->addFlash(...);
}
}
```
**New Situation** _- The controller shortcut for flashbag could in theory be removed now_
```php
class Controller
{
public function fooAction(Session $session)
{
$session->get(...);
$session->getFlashBag();
}
}
```
Commits
-------
b4464dcea1 Added the SessionValueResolver
This PR was merged into the 2.7 branch.
Discussion
----------
[Yaml] Stop replacing NULLs when merging
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
This introduces slight change of behaviour. Whereas previous code is overwriting already processed NULL values, this code is not. I think this is more expected behaviour, though?
Commits
-------
d967440 [Yaml] Stop replacing NULLs when merging
This PR was merged into the 2.8 branch.
Discussion
----------
[WebServerBundle] fixed html attribute escape
| Q | A
| ------------- | ---
| Branch? | 2.8
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
In the Web Debug Toolbar, when a toolbar item has extra attributes, they are not properly escaped.
(If you put your mouse over the right toolbar item with sf version, you will see a tooltip with `""`)
Currently:
```html
title=""
```
After:
```html
title=""
```
Commits
-------
1337cdb [WebServerBundle] fixed html attribute escape
* 3.2:
Revamped the README file
Fix missing namespace in AddConstraintValidatorPassTest
[SecurityBundle] simplified code
[ExpressionLanguage] Registering functions after calling evaluate(), compile() or parse() is not supported
* 2.8:
Revamped the README file
Fix missing namespace in AddConstraintValidatorPassTest
[ExpressionLanguage] Registering functions after calling evaluate(), compile() or parse() is not supported
* 2.7:
Revamped the README file
Fix missing namespace in AddConstraintValidatorPassTest
[ExpressionLanguage] Registering functions after calling evaluate(), compile() or parse() is not supported
This PR was squashed before being merged into the 2.7 branch (closes#21744).
Discussion
----------
Revamped the README file
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #21235
| License | MIT
| Doc PR |
Here is a before/after comparison image:
![before-after-readme](https://cloud.githubusercontent.com/assets/73419/23294444/cb001e9a-fa6b-11e6-88f2-a8449470fb4e.png)
Commits
-------
c7d30ca486 Revamped the README file
This PR was merged into the 2.7 branch.
Discussion
----------
Fix missing namespace in test
| Q | A
| ------------- | ---
| Branch? | 2.7
| Tests pass? | yes
Commits
-------
1e9ca7b Fix missing namespace in AddConstraintValidatorPassTest
This marks the X-Status-Code header method of setting a custom response
status code in exception listeners as deprecated. Instead there is now
a new method on the GetResponseForExceptionEvent that allows successful
status codes in the response sent to the client.
This PR was merged into the 3.3-dev branch.
Discussion
----------
[Config] fixed glob file loader when there is an exception
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
Fixes a typo. When importing a glob, we definitely want to have errors like syntax errors in a YAML file.
Commits
-------
d1b6601612 [Config] fixed glob file loader when there is an exception
This PR was merged into the 3.3-dev branch.
Discussion
----------
[SecurityBundle] Don't normalize username of in-memory users
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| BC breaks? | yes
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
It's common to have e.g. emails as keys in `security.providers.in_memory.users` since keys are username. Actually they are normalized so `foo-bar@gmail.com` becomes `foo_bar@gmail.com` and authentication fails unexpectedly.
Commits
-------
8d03332726 [SecurityBundle] Don't normalize keys of in-memory users
This PR was squashed before being merged into the 2.7 branch (closes#21722).
Discussion
----------
[ExpressionLanguage] Registering functions after calling evaluate(), compile() or parse() is not supported
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
If we add expr. function after first eval/compile like this:
```php
$el = new ExpressionLanguage();
$el->evaluate('1 + 1');
$el->addFunction(new ExpressionFunction('fn', function () {}, function () {}));
$el->evaluate('fn()');
```
A ``SyntaxError`` is thrown that says ``The function "fn" does not exist around position 1.``. It's the same bug with ``$el->compile('fn()')``.
This PR fixes this (duplicate of #21098 that was closed).
Commits
-------
e305369f98 [ExpressionLanguage] Registering functions after calling evaluate(), compile() or parse() is not supported
This PR was merged into the 2.7 branch.
Discussion
----------
[SecurityBundle] fix priority ordering of security voters
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #21660
| License | MIT
| Doc PR |
Could be updated in the `3.2` branch to make use of the `PriorityTaggedServiceTrait `.
Commits
-------
dcd19f3cf9 fix priority ordering of security voters
A new mode is introduced, in which deprecations coming from the vendors
are not taken into account when deciding to exit with an error code. In
this mode, deprecations coming from the vendors are segregated from
other deprecations.