* 5.0: (27 commits)
Fix versions
[Security/Http] Allow setting cookie security settings for delete_cookies
[DI] fix generating TypedReference from PriorityTaggedServiceTrait
[FrameworkBundle] revert to legacy wiring of the session when circular refs are detected
bumped Symfony version to 3.4.40
updated VERSION for 3.4.39
update CONTRIBUTORS for 3.4.39
updated CHANGELOG for 3.4.39
[DomCrawler] Fix BC break in assertions breaking Panther
[BrowserKit] fixed missing post request parameters in file uploads
update Italian translation
[Validator] Add missing Hungarian translations
[Validator] Add the missing translations for the Arabic (ar) locale
[Validator] Add missing vietnamese translations
[Console] Fix OutputStream for PHP 7.4
add missing gitattributes for phpunit-bridge
add German translations
Bump Symfony version to 5.0.7
Update VERSION for 5.0.6
Update CHANGELOG for 5.0.6
...
* 4.4:
Fix versions
[Security/Http] Allow setting cookie security settings for delete_cookies
[DI] fix generating TypedReference from PriorityTaggedServiceTrait
[FrameworkBundle] revert to legacy wiring of the session when circular refs are detected
bumped Symfony version to 3.4.40
updated VERSION for 3.4.39
update CONTRIBUTORS for 3.4.39
updated CHANGELOG for 3.4.39
[DomCrawler] Fix BC break in assertions breaking Panther
[BrowserKit] fixed missing post request parameters in file uploads
update Italian translation
[Validator] Add missing Hungarian translations
[Validator] Add the missing translations for the Arabic (ar) locale
[Validator] Add missing vietnamese translations
[Console] Fix OutputStream for PHP 7.4
add German translations
bug #36157 [Validator] Assert Valid with many groups
[Validator] Add missing Lithuanian translations
Fixed some typos
Add french "at least" constraint translations
* 3.4:
Fix versions
[Security/Http] Allow setting cookie security settings for delete_cookies
[FrameworkBundle] revert to legacy wiring of the session when circular refs are detected
bumped Symfony version to 3.4.40
updated VERSION for 3.4.39
update CONTRIBUTORS for 3.4.39
updated CHANGELOG for 3.4.39
update Italian translation
[Validator] Add missing Hungarian translations
[Validator] Add the missing translations for the Arabic (ar) locale
[Validator] Add missing vietnamese translations
[Console] Fix OutputStream for PHP 7.4
add German translations
bug #36157 [Validator] Assert Valid with many groups
[Validator] Add missing Lithuanian translations
Fixed some typos
Add french "at least" constraint translations
* 5.0:
[Http Foundation] Fix clear cookie samesite
[Security] Check if firewall is stateless before checking for session/previous session
[Form] Support customized intl php.ini settings
[Security] Remember me: allow to set the samesite cookie flag
[Debug] fix for PHP 7.3.16+/7.4.4+
[Validator] Backport translations
[Mailer] Use %d instead of %s for error code in error messages
[HttpKernel] fix locking for PHP 7.4+
[Security] Fixed hardcoded value of SODIUM_CRYPTO_PWHASH_MEMLIMIT_INTERACTIVE
Prevent warning in proc_open()
[FrameworkBundle] Fix Router Cache
Fix deprecation messages
* 4.4:
[Http Foundation] Fix clear cookie samesite
[Security] Check if firewall is stateless before checking for session/previous session
[Form] Support customized intl php.ini settings
[Security] Remember me: allow to set the samesite cookie flag
[Debug] fix for PHP 7.3.16+/7.4.4+
[Validator] Backport translations
[Mailer] Use %d instead of %s for error code in error messages
[HttpKernel] fix locking for PHP 7.4+
[Security] Fixed hardcoded value of SODIUM_CRYPTO_PWHASH_MEMLIMIT_INTERACTIVE
Prevent warning in proc_open()
[FrameworkBundle] Fix Router Cache
Fix deprecation messages
* 3.4:
[Http Foundation] Fix clear cookie samesite
[Security] Check if firewall is stateless before checking for session/previous session
[Form] Support customized intl php.ini settings
[Security] Remember me: allow to set the samesite cookie flag
[Debug] fix for PHP 7.3.16+/7.4.4+
[Validator] Backport translations
Prevent warning in proc_open()
This PR was merged into the 3.4 branch.
Discussion
----------
[Security/Http] Remember me: allow to set the samesite cookie flag
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | -
Similar to #35605, since Chrome 80 is going to require the `samesite` attribute.
This is a cherry-pick of #27976
Commits
-------
f0ceb73397 [Security] Remember me: allow to set the samesite cookie flag
This PR was merged into the 4.4 branch.
Discussion
----------
[FrameworkBundle] Fix deprecation message for booting a kernel twice
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | no
| New feature? | no <!-- please update src/**/CHANGELOG.md files -->
| Deprecations? | no <!-- please update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| Tickets | - <!-- prefix each issue number with "Fix #", if any -->
| License | MIT
| Doc PR | - <!-- required for new features -->
<!--
Replace this notice by a short README for your feature/bugfix. This will help people
understand your PR and can be used as a start for the documentation.
Additionally (see https://symfony.com/releases):
- Always add tests and ensure they pass.
- Never break backward compatibility (see https://symfony.com/bc).
- Bug fixes must be submitted against the lowest maintained branch where they apply
(lowest branches are regularly merged to upper ones so they get the fixes too.)
- Features and deprecations must be submitted against branch master.
-->
Commits
-------
a0a6243a21 Fix deprecation messages
* 5.0:
[DI] Fix CheckTypeDeclarationPass
[Security/Http] don't require the session to be started when tracking its id
[DI] fix preloading script generation
* 4.4:
[DI] Fix CheckTypeDeclarationPass
[Security/Http] don't require the session to be started when tracking its id
[DI] fix preloading script generation
This PR was merged into the 4.4 branch.
Discussion
----------
[DI] fix preloading script generation
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | -
(fabbot failure is a false positive)
On master, we should work on being able to preload more classes (esp. all cache-warmup artifacts).
But for 4.4, this is good enough. Submitted as a bug fix because 1. the current code that deals with preloading kinda-works, but only on "dev" mode... and 2. fixing it provides a nice boost!
Small bench on a hello world:
- before: 380 req/s
- after: 580 req/s
That's +50%!
Pro-tip: adding a few `class_exists()` as done in this PR for the classes that are always used in the implementations (e.g. `new Foo()` in the constructor) will help the preload-script generator to work optimally. Without them, it will discover the symbols to preload only if they're found on methods.
Some of those `class_exists()` are mandatory, in relation to anonymous classes and https://bugs.php.net/79349
Commits
-------
a10fc4da5d [DI] fix preloading script generation
* 5.0:
fix merge
Fix more quotes in exception messages
Fix more quotes in exception messages
Fix more quotes in exception messages
[3.4] Minor fixes
[PropertyAccess] Improved errors when reading uninitialized properties
* 4.4:
Fix more quotes in exception messages
Fix more quotes in exception messages
[3.4] Minor fixes
[PropertyAccess] Improved errors when reading uninitialized properties
This PR was squashed before being merged into the 5.1-dev branch.
Discussion
----------
[PhpUnitBridge] Deprecate @expectedDeprecation annotation
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | no <!-- please update src/**/CHANGELOG.md files -->
| Deprecations? | yes<!-- please update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| Tickets | N/A
| License | MIT
| Doc PR | N/A
Addresses https://github.com/orgs/symfony/projects/1#card-32934769 as a follow-up to #35192.
Deprecating `@expectedDeprecation` annotation on tests in favour of the `expectDeprecation()` method similar to other PHPUnit deprecations of annotations in favour of methods.
Commits
-------
36a57cc7c2 [PhpUnitBridge] Deprecate @expectedDeprecation annotation
* 5.0:
Add missing dots at the end of exception messages
Add missing dots at the end of exception messages
[DI][Form] Fixed test suite (TimeType changes & unresolved merge conflict)
Fix bad merge
Add missing dots at the end of exception messages
* 4.4:
Add missing dots at the end of exception messages
[DI][Form] Fixed test suite (TimeType changes & unresolved merge conflict)
Fix bad merge
Add missing dots at the end of exception messages
* 5.0: (36 commits)
Add test for tagged iterator with numeric index
Fix container lint command when a synthetic service is used in combination with the expression language
Fix Travis script
[Validator][Range] Fix typos
[SecurityBundle] Minor fix in LDAP config tree builder
[HttpClient] fix requests to hosts that idn_to_ascii() cannot handle
Revert "minor #35559 [FrameworkBundle] remove mention of the old Controller class (nicolas-grekas)"
[FrameworkBundle] remove redundant PHPDoc in console Descriptor and subclass
[Mime] remove phpdoc mentioning Utf8AddressEncoder
Add missing phpdoc
Remove int return type from FlattenException::getCode
[Yaml] fix dumping strings containing CRs
[DI] Fix XmlFileLoader bad error message
[Form] Handle false as empty value on expanded choices
[Messenger] Add ext-redis min version req to tests
Tweak message
improve PlaintextPasswordEncoder docBlock summary
[Validator] Add two missing translations for the Arabic (ar) locale
Use some PHP 5.4 constants unconditionally
Add new packages on the link script
...
* 4.4: (34 commits)
Add test for tagged iterator with numeric index
Fix container lint command when a synthetic service is used in combination with the expression language
[Validator][Range] Fix typos
[SecurityBundle] Minor fix in LDAP config tree builder
[HttpClient] fix requests to hosts that idn_to_ascii() cannot handle
[FrameworkBundle] remove redundant PHPDoc in console Descriptor and subclass
[Mime] remove phpdoc mentioning Utf8AddressEncoder
Add missing phpdoc
Remove int return type from FlattenException::getCode
[Yaml] fix dumping strings containing CRs
[DI] Fix XmlFileLoader bad error message
[Form] Handle false as empty value on expanded choices
[Messenger] Add ext-redis min version req to tests
Tweak message
improve PlaintextPasswordEncoder docBlock summary
[Validator] Add two missing translations for the Arabic (ar) locale
Use some PHP 5.4 constants unconditionally
Add new packages on the link script
[DI] fix dumping errored definitions
[DI] ignore extra tags added by autoconfiguration in PriorityTaggedServiceTrait
...
* 3.4:
[Yaml] fix dumping strings containing CRs
[DI] Fix XmlFileLoader bad error message
Tweak message
improve PlaintextPasswordEncoder docBlock summary
[Validator] Add two missing translations for the Arabic (ar) locale
Use some PHP 5.4 constants unconditionally
Revert "bug symfony#28179 [DomCrawler] Skip disabled fields processing in Form"
Add Spanish translation
Fix typo
[Validator] add Japanese translation
Fix typo
Add Polish translation
[SecurityBundle] Minor fixes in configuration tree builder
bumped Symfony version to 3.4.39
updated VERSION for 3.4.38
update CONTRIBUTORS for 3.4.38
updated CHANGELOG for 3.4.38
This PR was merged into the 5.1-dev branch.
Discussion
----------
[Security] Deprecated ROLE_PREVIOUS_ADMIN
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | no
| Deprecations? | yes
| Tickets | n/a
| License | MIT
| Doc PR | https://github.com/symfony/symfony-docs/pull/11487
`ROLE_PREVIOUS_ADMIN` is added to the token roles if the session is an impersonation. Since https://github.com/symfony/symfony/pull/31189 we have the `IS_IMPERSONATOR` attribute which can be used for the same reason. I propose to deprecate the `ROLE_PREVIOUS_ADMIN`:
* This is not what roles are for ([resulting in hacking this exception in `AbstractToken`](https://github.com/symfony/symfony/blob/5.0/src/Symfony/Component/Security/Core/Authentication/Token/AbstractToken.php#L275-L277))
* The role isn't very descriptive
* I don't like having 2 ways of doing exactly the same thing
* While every application with impersonation enabled probably needs to be updated, the update is as simple as replacing `ROLE_PREVIOUS_ADMIN` with `IS_IMPERSONATOR`: `find ./ -type f -exec sed -i 's/ROLE_PREVIOUS_ADMIN/IS_IMPERSONATOR/g' {} +`
---
I'm a bit unsure on how to deprecate this role, but I think having it in `RoleVoter` is probably the safest (`isGranted()` and variants + `AccessDecisionManager#decide()` all use this voter to check if the token has this role).
Commits
-------
dce55f352a Deprecated ROLE_PREVIOUS_ADMIN
This PR was merged into the 5.1-dev branch.
Discussion
----------
[Security] Add IS_IMPERSONATOR, IS_ANONYMOUS and IS_REMEMBERED
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | yes
| Tests pass? | yes
| Fixed tickets | https://github.com/symfony/symfony/issues/29848
| License | MIT
| Doc PR | symfony/symfony-docs#11487
This continues work of @HeahDude and finally finishes one of the code PRs I've been working on during the ⭐️ EUFOSSA Hackathon.
Changes
---
The PRs modifies some of the attributes used by the `AuthenticatedVoter`:
* New `IS_IMPERSONATOR`, `IS_ANONYMOUS` and `IS_REMEMBERED` attributes are introduced to indicate the user either impersonated, anonymous or rembered.
* <s>`IS_AUTHENTICATED_ANONYMOUSLY` actually meant "is authenticated, either anonymous or fully". As this is confusing, it is replaced by `IS_AUTHENTICATED`.</s>
* <s>All `is_*()` functions in expressions are deprecated in favor of `is_granted('IS_*')`. It's not worth duplicating the `AuthenticatedVoter` logic in two places now we have shorter `IS_*` attributes</s>
**Before**
```php
if ($authorizationChecker->isGranted('ROLE_PREVIOUS_ADMIN')) {
// ...
}
```
<s>
```yaml
security:
# ...
access_control:
- { path: ^/protected, roles: 'IS_AUTHENTICATED_ANONYMOUSLY' }
```
</s>
**After**
```php
if ($authorizationChecker->isGranted('IS_IMPERSONATOR')) {
// ...
}
```
<s>
```yaml
security:
# ...
access_control:
- { path: ^/protected, roles: 'IS_AUTHENTICATED' }
```
</s>
<s>Discussion
---
The only thing I'm wondering is how we combine this with the `is_authenticated()` expression function:
98929dc292/src/Symfony/Component/Security/Core/Authorization/ExpressionLanguageProvider.php (L33-L37)
As you can see, the `IS_AUTHENTICATED` attribute and `is_authenticated()` expression function do not have the same meaning. Should we somehow deprecate the current behavior of `is_authenticated()` or should we find another name for `IS_AUTHENTICATED` (that would be a shame imo).</s>
Commits
-------
6c522a7d98 Added IS_ANONYMOUS, IS_REMEMBERED, IS_IMPERSONATOR
* 5.0: (28 commits)
[DoctrineBridge] Use new Types::* constants and support new json type
Fix bad merge in README of Nexmo Notifier bridge
[Debug][ErrorHandler] improved deprecation notices for methods new args and return type
[BrowserKit] Nested file array prevents uploading file
[ExpressionLanguage] Fixed collisions of character operators with object properties
remove usage of already deleted Symfony\Component\EventDispatcher\Event
[Notifier] Add correct tags for NullTransportFactory
[Validator] Remove specific check for Valid targets
[PhpUnitBridge] Use trait instead of extending deprecated class
Fix versioned namespace clears
fix remember me
Use strict assertion in asset tests
[DoctrineBridge][DoctrineExtractor] Fix indexBy with custom and some core types
Do not rely on the current locale when dumping a Graphviz object
fix typo
[Ldap] force default network timeout
[Config] don't throw on missing excluded paths
Docs: Typo, grammar
[Validator] Add the missing translations for the Polish ("pl") locale
[PhpUnitBridge] Add compatibility to PHPUnit 9 #35662
...
* 4.4: (25 commits)
[DoctrineBridge] Use new Types::* constants and support new json type
[Debug][ErrorHandler] improved deprecation notices for methods new args and return type
[BrowserKit] Nested file array prevents uploading file
[ExpressionLanguage] Fixed collisions of character operators with object properties
[Validator] Remove specific check for Valid targets
[PhpUnitBridge] Use trait instead of extending deprecated class
Fix versioned namespace clears
fix remember me
Use strict assertion in asset tests
[DoctrineBridge][DoctrineExtractor] Fix indexBy with custom and some core types
Do not rely on the current locale when dumping a Graphviz object
fix typo
[Ldap] force default network timeout
[Config] don't throw on missing excluded paths
Docs: Typo, grammar
[Validator] Add the missing translations for the Polish ("pl") locale
[PhpUnitBridge] Add compatibility to PHPUnit 9 #35662
[Routing] Add locale requirement for localized routes
[Console] Inline exact-match handling with 4.4
Set previous exception when rethrown from controller resolver
...
* 3.4:
[ExpressionLanguage] Fixed collisions of character operators with object properties
[Validator] Remove specific check for Valid targets
[PhpUnitBridge] Use trait instead of extending deprecated class
fix remember me
Use strict assertion in asset tests
[DoctrineBridge][DoctrineExtractor] Fix indexBy with custom and some core types
Do not rely on the current locale when dumping a Graphviz object
fix typo
[Ldap] force default network timeout
[Config] don't throw on missing excluded paths
Docs: Typo, grammar
[Validator] Add the missing translations for the Polish ("pl") locale
[Console] Inline exact-match handling with 4.4
Set previous exception when rethrown from controller resolver
[VarDumper] fixed DateCaster not displaying additional fields
[HttpKernel] fix registering DebugHandlersListener regardless of the PHP_SAPI
* 5.0:
[HttpClient] fix "undefined variable"
[HttpClient] remove useless code in test
[HttpClient] fix getting response content after its destructor throwed an HttpExceptionInterface
[HttpClient] fix HttpClientDataCollector when handling canceled responses
[Security] Fix exception name in doc comments
* 4.4:
[HttpClient] fix "undefined variable"
[HttpClient] remove useless code in test
[HttpClient] fix getting response content after its destructor throwed an HttpExceptionInterface
[HttpClient] fix HttpClientDataCollector when handling canceled responses
[Security] Fix exception name in doc comments
This PR was squashed before being merged into the 3.4 branch (closes#35657).
Discussion
----------
[Security] Fix exception name in doc comments
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | -
Commits
-------
f10098e9f1 [Security] Fix exception name in doc comments
* 5.0:
Add missing use statements
[Translation] Add missing use statement
[Translation] Add missing use statement
[Config][XmlReferenceDumper] Prevent potential \TypeError
[Mailer] Fix broken mandrill http send for recipients with names
[Translation] prefer intl domain when adding messages to catalogue
Fix CS
Fix CS
Fail on empty password verification (without warning on any implementation)
[Translation][Debug] Add installation and minimal example to README
[Validator] try to call __get method if property is uninitialized
Show both missing packages in the same error message
Fix handling of empty_data's \Closure value in Date/Time form types
* 4.4:
Add missing use statements
[Translation] Add missing use statement
[Translation] Add missing use statement
[Config][XmlReferenceDumper] Prevent potential \TypeError
[Mailer] Fix broken mandrill http send for recipients with names
[Translation] prefer intl domain when adding messages to catalogue
Fix CS
Fix CS
Fail on empty password verification (without warning on any implementation)
[Translation][Debug] Add installation and minimal example to README
[Validator] try to call __get method if property is uninitialized
Show both missing packages in the same error message
Fix handling of empty_data's \Closure value in Date/Time form types
* 5.0:
[Validator] fix access to uninitialized property when getting value
[HttpClient] Fix regex bearer
[Translator] Default value for 'sort' option in translation:update should be 'asc'
[HttpKernel] Fix stale-if-error behavior, add tests
[Intl] Provide more locale translations
[Mailer] Fix STARTTLS support for Postmark and Mandrill
[Messenger] Check for all serialization exceptions during message dec…
[Messenger] Fix bug when using single route with XML config
Fix exception message in Doctrine Messenger
[DI] CheckTypeDeclarationsPass now checks if value is type of parameter type
[SecurityBundle] fix security.authentication.provider.ldap_bind arguments
Improved error message when no supported user provider is found
Mysqli doesn't support the named parameters used by PdoAdapter
Added debug argument to decide if debug page should be shown or not
Mysqli doesn't support the named parameters used by PdoStore
Properly handle phpunit arguments for configuration file
[Mailer] add tests for http transports
* 4.4:
[Validator] fix access to uninitialized property when getting value
[HttpClient] Fix regex bearer
[Translator] Default value for 'sort' option in translation:update should be 'asc'
[HttpKernel] Fix stale-if-error behavior, add tests
[Intl] Provide more locale translations
[Mailer] Fix STARTTLS support for Postmark and Mandrill
[Messenger] Check for all serialization exceptions during message dec…
[Messenger] Fix bug when using single route with XML config
Fix exception message in Doctrine Messenger
[DI] CheckTypeDeclarationsPass now checks if value is type of parameter type
[SecurityBundle] fix security.authentication.provider.ldap_bind arguments
Improved error message when no supported user provider is found
Mysqli doesn't support the named parameters used by PdoAdapter
Added debug argument to decide if debug page should be shown or not
Mysqli doesn't support the named parameters used by PdoStore
Properly handle phpunit arguments for configuration file
[Mailer] add tests for http transports
* 4.3:
[Validator] fix access to uninitialized property when getting value
[HttpClient] Fix regex bearer
[HttpKernel] Fix stale-if-error behavior, add tests
Improved error message when no supported user provider is found
Properly handle phpunit arguments for configuration file
* 3.4:
[Validator] fix access to uninitialized property when getting value
[HttpKernel] Fix stale-if-error behavior, add tests
Improved error message when no supported user provider is found
This PR was merged into the 4.4 branch.
Discussion
----------
[Security] suggest a non-deprecated function replacement
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | Fix#35437
| License | MIT
| Doc PR |
Commits
-------
731730fe2f suggest a non-deprecated function replacement
This PR was merged into the 3.4 branch.
Discussion
----------
[Security] Use supportsClass in addition to UnsupportedUserException
| Q | A
| ------------- | ---
| Branch? | 3.4+
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | Fix#35045
| License | MIT
| Doc PR | ~
This PR fixes the issue where user providers rely on just the UnsupportedUserException from `refreshUser()`, causing a flow where users are wrongfully re-authenticated.
There's one issue where `refreshUser()` can do far more sophisticated checks on the user class, which it will never reach if the class is not supported. As far as I know it was never intended to support instances that are rejected by `supportsClass()`, though people could've implemented this (by accident). So the question is more if we should add a BC layer for this; for example:
```php
try {
$refreshedUser = $provider->refreshUser($user);
$newToken = clone $token;
$newToken->setUser($refreshedUser);
if (!$provider->supportsClass($userClass)) {
if ($this->shouldCheckSupportsClass) {
continue;
}
// have to think of a proper deprecation here for 6.0
@trigger_error('Provider %s does not support user class %s via supportsClass() while it does support it via refreshUser .. please set option X and fix %s::supportsUser() ', E_USER_DEPRECATED);
}
```
This would prevent behavior from breaking but also means we can't fix this on anything less than 5.1.
Commits
-------
d3942cbe17 Use supportsClass where possible
* 4.3:
chown and chgrp should also accept int as owner and group
Fix RememberMe with null password
[Validator] Fix plurals for sr_Latn (Serbian language written in latin script) validation messages
[PhpUnitBridge][SymfonyTestsListenerTrait] Remove some unneeded code
fix PHP const mapping keys using the inline notation
Fix that no-cache requires positive validation with the origin, even for fresh responses
* 3.4:
chown and chgrp should also accept int as owner and group
Fix RememberMe with null password
[Validator] Fix plurals for sr_Latn (Serbian language written in latin script) validation messages
[PhpUnitBridge][SymfonyTestsListenerTrait] Remove some unneeded code
fix PHP const mapping keys using the inline notation
Fix that no-cache requires positive validation with the origin, even for fresh responses
* 5.0:
[Debug] fix ClassNotFoundFatalErrorHandler
[FrameworkBundle] Document the router.cache_class_prefix parameter removal
[Routing] Fix using a custom matcher & generator dumper class
[Notifier] Add more specific types at documentation level when php engine can't
[Serializer] Fix cache in MetadataAwareNameConverter
[Dotenv] Fixed infinite loop with missing quote followed by quoted value
[HttpClient] Added missing sprintf
[TwigBridge] button_widget now has its title attr translated even if its label = null or false
[PhpUnitBridge] When using phpenv + phpenv-composer plugin, composer executable is wrapped into a bash script
[Messenger] Added check if json_encode succeeded
[Messenger] Added check if json_encode succeeded
[FrameworkBundle][ContainerLintCommand] Only skip .errored. services
[HttpClient] fix exception in case of PSR17 discovery failure
[DependencyInjection] Handle ServiceClosureArgument for callable in container linting
fix processing chain adapter based cache pool
[HttpKernel] release lock explicitly
[Security] Prevent canceled remember-me cookie from being accepted
[FrameworkBundle][TranslationUpdateCommand] Do not output positive feedback on stderr
[Security\Guard] Fix missing typehints
do not render preferred choices as selected
* 4.4:
[Debug] fix ClassNotFoundFatalErrorHandler
[Routing] Fix using a custom matcher & generator dumper class
[Serializer] Fix cache in MetadataAwareNameConverter
[Dotenv] Fixed infinite loop with missing quote followed by quoted value
[HttpClient] Added missing sprintf
[TwigBridge] button_widget now has its title attr translated even if its label = null or false
[PhpUnitBridge] When using phpenv + phpenv-composer plugin, composer executable is wrapped into a bash script
[Messenger] Added check if json_encode succeeded
[Messenger] Added check if json_encode succeeded
[FrameworkBundle][ContainerLintCommand] Only skip .errored. services
[HttpClient] fix exception in case of PSR17 discovery failure
[DependencyInjection] Handle ServiceClosureArgument for callable in container linting
fix processing chain adapter based cache pool
[HttpKernel] release lock explicitly
[Security] Prevent canceled remember-me cookie from being accepted
[FrameworkBundle][TranslationUpdateCommand] Do not output positive feedback on stderr
[Security\Guard] Fix missing typehints
do not render preferred choices as selected
* 4.3:
[Debug] fix ClassNotFoundFatalErrorHandler
[Routing] Fix using a custom matcher & generator dumper class
[Dotenv] Fixed infinite loop with missing quote followed by quoted value
[HttpClient] Added missing sprintf
[TwigBridge] button_widget now has its title attr translated even if its label = null or false
[PhpUnitBridge] When using phpenv + phpenv-composer plugin, composer executable is wrapped into a bash script
[Messenger] Added check if json_encode succeeded
[Security] Prevent canceled remember-me cookie from being accepted
[FrameworkBundle][TranslationUpdateCommand] Do not output positive feedback on stderr
[Security\Guard] Fix missing typehints
* 3.4:
[Debug] fix ClassNotFoundFatalErrorHandler
[Dotenv] Fixed infinite loop with missing quote followed by quoted value
[TwigBridge] button_widget now has its title attr translated even if its label = null or false
[PhpUnitBridge] When using phpenv + phpenv-composer plugin, composer executable is wrapped into a bash script
[Security] Prevent canceled remember-me cookie from being accepted
[FrameworkBundle][TranslationUpdateCommand] Do not output positive feedback on stderr
* 5.0: (31 commits)
[HttpClient] NativeHttpClient should not send >1.1 protocol version
[HttpClient] fix support for non-blocking resource streams
[Mailer] Make sure you can pass custom headers to Mailgun
[Mailer] Remove line breaks in email attachment content
Update links to documentation
[Validator] Add the missing translations for the Arabic (ar) locale
ensure to expect no validation for the right reasons
[Security-Guard] fixed 35203 missing name tag in param docblock
[HttpClient] fix casting responses to PHP streams
[PhpUnitBridge] Add test case for @expectedDeprecation annotation
[PhpUnitBridge][SymfonyTestsListenerTrait] Remove $testsWithWarnings stack
[FrameworkBundle] Fix getUser() phpdoc in AbstractController
[Mailer] Fix addresses management in Sendgrid API payload
[Mailer][MailchimpBridge] Fix missing attachments when sending via Mandrill API
[Mailer][MailchimpBridge] Fix incorrect sender address when sender has name
[HttpClient] fix capturing SSL certificates with NativeHttpClient
Update year in license files
Update year in license files
[TwigBridge][Form] Added missing help messages in form themes
Update year in license files
...
* 4.4: (26 commits)
[HttpClient] NativeHttpClient should not send >1.1 protocol version
[HttpClient] fix support for non-blocking resource streams
[Mailer] Make sure you can pass custom headers to Mailgun
[Mailer] Remove line breaks in email attachment content
Update links to documentation
[Validator] Add the missing translations for the Arabic (ar) locale
ensure to expect no validation for the right reasons
[Security-Guard] fixed 35203 missing name tag in param docblock
[HttpClient] fix casting responses to PHP streams
[PhpUnitBridge] Add test case for @expectedDeprecation annotation
[PhpUnitBridge][SymfonyTestsListenerTrait] Remove $testsWithWarnings stack
[Mailer] Fix addresses management in Sendgrid API payload
[Mailer][MailchimpBridge] Fix missing attachments when sending via Mandrill API
[Mailer][MailchimpBridge] Fix incorrect sender address when sender has name
[HttpClient] fix capturing SSL certificates with NativeHttpClient
Update year in license files
[TwigBridge][Form] Added missing help messages in form themes
Update year in license files
Update year in license files
fix version when "anonymous: lazy" was introduced
...
* 4.3:
[Mailer] Remove line breaks in email attachment content
Update links to documentation
[Validator] Add the missing translations for the Arabic (ar) locale
ensure to expect no validation for the right reasons
[PhpUnitBridge] Add test case for @expectedDeprecation annotation
[PhpUnitBridge][SymfonyTestsListenerTrait] Remove $testsWithWarnings stack
[Mailer][MailchimpBridge] Fix missing attachments when sending via Mandrill API
[Mailer][MailchimpBridge] Fix incorrect sender address when sender has name
[HttpClient] fix capturing SSL certificates with NativeHttpClient
[TwigBridge][Form] Added missing help messages in form themes
Update year in license files
Update year in license files
[HttpClient] fix typo
[Console][FormatterHelper] Use helper strlen statically and remove duplicated code
[Routing] Fix i18n routing when the url contains the locale
Fix BC issue in phpDoc Reflection library
[Translator] Performance improvement in MessageCatalogue and catalogue operations.
* 3.4:
Update links to documentation
[Validator] Add the missing translations for the Arabic (ar) locale
ensure to expect no validation for the right reasons
[PhpUnitBridge] Add test case for @expectedDeprecation annotation
Update year in license files
[Console][FormatterHelper] Use helper strlen statically and remove duplicated code
Fix BC issue in phpDoc Reflection library
[Translator] Performance improvement in MessageCatalogue and catalogue operations.
* 5.0: (24 commits)
Removing unused variable
Fixed#35084
Add missing use statement
[HttpClient] fix scheduling pending NativeResponse
do not overwrite variable value
[Profiler] wording
Use spaces correctly to display options in DebugCommand
Add supported schemes doc blocks type
X-Accel Nginx URL updated
ticket-30197 [Validator] Add the missing translations for the Chinese (Taiwan) ("zh_TW") locale
Fixed test added in #35022
Use locale_parse for computing fallback locales
[Console] Fix filtering out identical alternatives when there is a command loader
[String][UnicodeString] Remove unneeded flag in chunk regex pattern
add note about HTTP status code change
Migrate server:log command away from WebServerBundle
[DependencyInjection][CheckTypeDeclarationsPass] Handle \Closure for callable
[Security] Fix missing defaults for auto-migrating encoders
bumped Symfony version to 5.0.3
updated VERSION for 5.0.2
...
* 4.4:
Fixed#35084
Add missing use statement
[HttpClient] fix scheduling pending NativeResponse
do not overwrite variable value
[Profiler] wording
Use spaces correctly to display options in DebugCommand
X-Accel Nginx URL updated
ticket-30197 [Validator] Add the missing translations for the Chinese (Taiwan) ("zh_TW") locale
Fixed test added in #35022
Use locale_parse for computing fallback locales
[Console] Fix filtering out identical alternatives when there is a command loader
add note about HTTP status code change
Migrate server:log command away from WebServerBundle
[DependencyInjection][CheckTypeDeclarationsPass] Handle \Closure for callable
[Security] Fix missing defaults for auto-migrating encoders
bumped Symfony version to 4.4.3
updated VERSION for 4.4.2
updated CHANGELOG for 4.4.2
This PR was squashed before being merged into the 5.1-dev branch (closes#34548).
Discussion
----------
Added access decision strategy to respect voter priority
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | _will happily do if this is of interest/to be merged 🙃_
The priority-based access decision strategy will decide based on the first voter that does not abstain from the decision. Security voters can be registered with priority (`PriorityTaggedServiceTrait`), so a voter with higher priority can overrule other voters.
In [Contao CMS](https://github.com/contao/contao), the core system should provide security voters that provide the "default permissions", but extensions/bundles can override almost anything and therefore need to be able to override the core decision. None of the existing strategies allow for something like that.
/ping @chalasr @Toflar @leofeyer @ausi
#SymfonyHackday
Commits
-------
0b8028a0ec Added access decision strategy to respect voter priority
This PR was merged into the 5.1-dev branch.
Discussion
----------
[EventDispatcher] Deprecate LegacyEventDispatcherProxy
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | no
| Deprecations? | yes
| Tickets | Cleanup of #28920
| License | MIT
| Doc PR | N/A
> This class should be deprecated in Symfony 5.1
Well, here you go. 😃
Commits
-------
c7e612d4ad [EventDispatcher] Deprecate LegacyEventDispatcherProxy.
This PR was merged into the 3.4 branch.
Discussion
----------
Use `::class` constants instead of `__NAMESPACE__` when possible
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| Tickets | Related to #34987
| License | MIT
| Doc PR | no
Form component has a lot of built-in form types. Some of them were implemented from the very beginning. In most of them there is a such method
```php
/**
* {@inheritdoc}
*/
public function getParent()
{
return __NAMESPACE__.'\TextType';
}
```
This `getParent()` method was refactored in Symfony 2.8. The upgrade instructions are given here https://github.com/symfony/symfony/blob/2.8/UPGRADE-2.8.md#form
I think the `__NAMESPACE__.'\TextType';` expression was used because Symfony 2.8 was using `"php": ">=5.3.9"`, and the constant `::class` was added only in PHP 5.5
Now this line can be refactored into
```php
/**
* {@inheritdoc}
*/
public function getParent()
{
return TextType::class;
}
```
For example new form types, that were added later, already using the `::class` constant.
https://github.com/symfony/symfony/blob/master/src/Symfony/Component/Form/Extension/Core/Type/ColorType.php#L23https://github.com/symfony/symfony/blob/master/src/Symfony/Component/Form/Extension/Core/Type/TelType.php#L23
So, in this pull request I propose to refactor all old form types to use `::class` constant. It will give a benefit during the future refactoring, because IDE or static analysers will find all usages of parent class. Unlike the `__NAMESPACE__.'\TextType';` line, which doesn't show the real link to the class for IDE or static analysers, and it could complicate finding all usages of parent class.
Commits
-------
32bf50abca Use `::class` constants instead of `__NAMESPACE__` when possible
* 5.0: (21 commits)
fix merge
CS
[FrameworkBundle][ContainerLintCommand] Improve messages when the kernel or the container is not supported
[Serializer] Skip uninitialized (PHP 7.4) properties in PropertyNormalizer and ObjectNormalizer
stop using deprecated Doctrine persistence classes
[Cache] Fix wrong classname in deprecation message
Fix regex lookahead syntax in ApplicationTest
Fixed syntax in comment
[SecurityBundle][FirewallMap] Remove unused property
[Messenger][AMQP] Use delivery_mode=2 by default
[FrameworkBundle][DependencyInjection] Skip removed ids in the lint container command and its associated pass
[SECURITY] Revert "AbstractAuthenticationListener.php error instead info. Rebase of #28462"
[FrameworkBundle][Secrets] Hook configured local dotenv file
[DI] Improve performance of processDefinition
fix redis multi host dsn not recognized
fix constructor argument type declaration
Fix invalid Windows path normalization
[Validator][ConstraintValidator] Safe fail on invalid timezones
[DoctrineBridge] Fixed submitting invalid ids when using queries with limit
[FrameworkBundle] Add info & example to auto_mapping config
...
* 4.4: (21 commits)
fix merge
CS
[FrameworkBundle][ContainerLintCommand] Improve messages when the kernel or the container is not supported
[Serializer] Skip uninitialized (PHP 7.4) properties in PropertyNormalizer and ObjectNormalizer
stop using deprecated Doctrine persistence classes
[Cache] Fix wrong classname in deprecation message
Fix regex lookahead syntax in ApplicationTest
Fixed syntax in comment
[SecurityBundle][FirewallMap] Remove unused property
[Messenger][AMQP] Use delivery_mode=2 by default
[FrameworkBundle][DependencyInjection] Skip removed ids in the lint container command and its associated pass
[SECURITY] Revert "AbstractAuthenticationListener.php error instead info. Rebase of #28462"
[FrameworkBundle][Secrets] Hook configured local dotenv file
[DI] Improve performance of processDefinition
fix redis multi host dsn not recognized
fix constructor argument type declaration
Fix invalid Windows path normalization
[Validator][ConstraintValidator] Safe fail on invalid timezones
[DoctrineBridge] Fixed submitting invalid ids when using queries with limit
[FrameworkBundle] Add info & example to auto_mapping config
...
* 4.3:
fix merge
CS
[Serializer] Skip uninitialized (PHP 7.4) properties in PropertyNormalizer and ObjectNormalizer
stop using deprecated Doctrine persistence classes
[Cache] Fix wrong classname in deprecation message
Fix regex lookahead syntax in ApplicationTest
Fixed syntax in comment
[SecurityBundle][FirewallMap] Remove unused property
[Messenger][AMQP] Use delivery_mode=2 by default
[DI] Improve performance of processDefinition
Fix invalid Windows path normalization
[Validator][ConstraintValidator] Safe fail on invalid timezones
[DoctrineBridge] Fixed submitting invalid ids when using queries with limit
[FrameworkBundle] Add info & example to auto_mapping config
fix comparisons with null values at property paths
This PR was merged into the 3.4 branch.
Discussion
----------
CS for AccessDecisionManager
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| Tickets | #34548
| License | MIT
| Doc PR | -
As discussed in #34548 with @nicolas-grekas here's a CS change for the `AccessDecisionManager`
Commits
-------
b3742ec493 CS
* 5.0: (38 commits)
[Security] Check UserInterface::getPassword is not null before calling needsRehash
gracefully handle missing event dispatchers
Fix TokenStorage::reset not called in stateless firewall
[DotEnv] Remove `usePutEnv` property default value
[HttpFoundation] get currently session.gc_maxlifetime if ttl doesnt exists
Set up typo fix
[DependencyInjection] Handle env var placeholders in CheckTypeDeclarationsPass
[Cache] fix memory leak when using PhpArrayAdapter
[Validator] Allow underscore character "_" in URL username and password
[TwigBridge] Update bootstrap_4_layout.html.twig
[DoctrineBridge] Removed QueryBuilder type hint in getLoader()
[FrameworkBundle][SodiumVault] Create secrets directory only when needed
fix parsing negative octal numbers
[String] implement __sleep()/__wakeup() on strings
Fixed translations file dumper behavior
[Routing][ObjectLoader] Remove forgotten deprecation after merge
[SecurityBundle] Passwords are not encoded when algorithm set to \"true\"
[DependencyInjection] Resolve expressions in CheckTypeDeclarationsPass
[SecurityBundle] Properly escape regex in AddSessionDomainConstraintPass
do not validate passwords when the hash is null
...
* 4.4: (30 commits)
[Security] Check UserInterface::getPassword is not null before calling needsRehash
gracefully handle missing event dispatchers
Fix TokenStorage::reset not called in stateless firewall
[DotEnv] Remove `usePutEnv` property default value
[HttpFoundation] get currently session.gc_maxlifetime if ttl doesnt exists
Set up typo fix
[DependencyInjection] Handle env var placeholders in CheckTypeDeclarationsPass
[Cache] fix memory leak when using PhpArrayAdapter
[Validator] Allow underscore character "_" in URL username and password
[TwigBridge] Update bootstrap_4_layout.html.twig
[FrameworkBundle][SodiumVault] Create secrets directory only when needed
fix parsing negative octal numbers
[SecurityBundle] Passwords are not encoded when algorithm set to \"true\"
[DependencyInjection] Resolve expressions in CheckTypeDeclarationsPass
[SecurityBundle] Properly escape regex in AddSessionDomainConstraintPass
do not validate passwords when the hash is null
[DI] fix resolving bindings for named TypedReference
[Config] never try loading failed classes twice with ClassExistenceResource
[Mailer] Fix SMTP Authentication when using STARTTLS
[DI] Fix making the container path-independent when the app is in /app
...
* 4.3:
[DotEnv] Remove `usePutEnv` property default value
Set up typo fix
[Validator] Allow underscore character "_" in URL username and password
[SecurityBundle] Passwords are not encoded when algorithm set to \"true\"
do not validate passwords when the hash is null
[DI] fix resolving bindings for named TypedReference
[DI] Fix making the container path-independent when the app is in /app
Allow copy instead of symlink for ./link script
[FrameworkBundle] resolve service locators in `debug:*` commands
bumped Symfony version to 4.3.10
updated VERSION for 4.3.9
updated CHANGELOG for 4.3.9
bumped Symfony version to 3.4.37
updated VERSION for 3.4.36
update CONTRIBUTORS for 3.4.36
updated CHANGELOG for 3.4.36
Add test on ServerLogHandler
* 3.4:
[Validator] Allow underscore character "_" in URL username and password
[SecurityBundle] Passwords are not encoded when algorithm set to \"true\"
do not validate passwords when the hash is null
[DI] Fix making the container path-independent when the app is in /app
Allow copy instead of symlink for ./link script
[FrameworkBundle] resolve service locators in `debug:*` commands
bumped Symfony version to 3.4.37
updated VERSION for 3.4.36
update CONTRIBUTORS for 3.4.36
updated CHANGELOG for 3.4.36
