This PR was squashed before being merged into the 4.3-dev branch (closes#31280).
Discussion
----------
[WebServerBundle] Change the default pidfile location to cache directory
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no <!-- don't forget to update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| Tests pass? | yes <!-- please add some, will be required by reviewers -->
| Fixed tickets | #29160 <!-- #-prefixed issue number(s), if any -->
| License | MIT
| Doc PR | tbd.
<!--
Write a short README entry for your feature/bugfix here (replace this comment block.)
This will help people understand your PR and can be used as a start of the Doc PR.
Additionally:
- Bug fixes must be submitted against the lowest branch where they apply
(lowest branches are regularly merged to upper ones so they get the fixes too).
- Features and deprecations must be submitted against the master branch.
-->
Commits
-------
2e14b6e891 [WebServerBundle] Change the default pidfile location to cache directory
* 4.2:
[TwigBridge] Require twig ^1.40|^2.9
[Serializer] Fix tests
Use the apply tag instead of the filter tag
Updated some translation files
[Translator] Preserve default domain when extracting strings from php files
* 3.4:
[TwigBridge] Require twig ^1.40|^2.9
[Serializer] Fix tests
Use the apply tag instead of the filter tag
Updated some translation files
[Translator] Preserve default domain when extracting strings from php files
This PR was merged into the 4.3-dev branch.
Discussion
----------
[Messenger] Add a redis stream transport
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | Yes
| Fixed tickets | #28681
| License | MIT
| Doc PR | https://github.com/symfony/symfony-docs/pull/11341
As discussed in #28681 this will refractor @soyuka implementation of redis using the redis stream features so we don't need to handle parking the messages ourself and redis is doing it for us.
Some interesting links about streams:
- https://redis.io/topics/streams-intro
- https://brandur.org/redis-streams
```
+-----------R
| GET | -> XREADGROUP
+-----------+
|
| handleMessage
V
+-----------+ No
| failed? |---------------------------+
+-----------+ |
| |
| Yes |
V |
+-----------+ No |
| retry? |---------------------------+
+-----------+ |
| |
| Yes |
V V
+-----------R +-----------R
| REJECT | -> XDEL | ACK | -> XACK
+-----------+ +-----------+
```
**GET**: Will use `XREADGROUP` to read the one message from the stream
**REJECT**: Reject will just remove the message with `XDEL` from the stream as adding it back to the stream is handled by symfony worker itself
**ACK**: Will use the `XACK` Method to ack the message for the specific group
The sender will still be simple by calling the `XADD` redis function.
#EU-FOSSA
Commits
-------
ff0b8554ea Refractor redis transport using redis streams
7162d2ec1d Implement redis transport
* 4.2:
Fix url matcher edge cases with trailing slash
[Form] Fix author tag + exception messages
[TwigBridge] Fix deprecation on twig 2.9
Fix left-associative ternary deprecation warnings for PHP 7.4
[Validator] Fixed imprecise translations
[Validator] Add Dutch translations
[Security] Cleanup "Digest nonce has expired." translation
Intercept redirections only for HTML format
[PhpUnitBridge] fix reading phpunit.xml on bootstrap
resolve class name parameters
Fix name and phpdoc of ContainerBuilder::removeBindings
[Intl] Update the ICU data to 64.2
* 3.4:
[Form] Fix author tag + exception messages
[TwigBridge] Fix deprecation on twig 2.9
[Validator] Fixed imprecise translations
[Validator] Add Dutch translations
Intercept redirections only for HTML format
Fix name and phpdoc of ContainerBuilder::removeBindings
[Intl] Update the ICU data to 64.2
This PR was squashed before being merged into the 4.2 branch (closes#31023).
Discussion
----------
[Routing] Fix route URL generation in CLI context
| Q | A
| ------------- | ---
| Branch? | 4.2
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #30996
| License | MIT
| Doc PR | -
This fixes#30996 and makes URL generation in the CLI context behave the same as it does in the web context where the `LocaleListener` sets the default locale (to the router context).
The Travis CI failure is related to the fact that the constraint for `symfony/routing` should be bumped to `^4.2.6` in the composer.json of the FrameworkBundle (when it gets tagged).
Commits
-------
4a1ad4a5d6 [Routing] Fix route URL generation in CLI context
* 4.2:
[HttpFoundation] fix tests
[Routing] fix trailing slash matching with empty-matching trailing vars
[Routing] fix matching trailing vars with defaults
[Validator] fix LegacyTranslatorProxy
call method with Translator component only
bumped Symfony version to 4.2.8
updated VERSION for 4.2.7
updated CHANGELOG for 4.2.7
bumped Symfony version to 3.4.27
updated VERSION for 3.4.26
updated CHANGELOG for 3.4.26
This PR was merged into the 4.3-dev branch.
Discussion
----------
[Security] Add NativePasswordEncoder
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
This PR adds a new `NativePasswordEncoder` that defaults to the best available hashing algo to `password_hash()`. Best is determined by "us" or "php", the goal being that this will change in the future as new algos are published.
This provides a native encoder that we should recommend using by default.
Commits
-------
28f7961c55 [Security] Add NativePasswordEncoder
* 4.2:
Revert "bug #30423 [Security] Rework firewall's access denied rule (dimabory)"
[FrameworkBundle] minor: remove a typo from changelog
[VarDumper] fix tests with ICU 64.1
[VarDumper][Ldap] relax some locally failing tests
[Validator] #30192 Added the missing translations for the Tagalog ("tl") locale.
Make MimeTypeExtensionGuesser case insensitive
Fix get session when the request stack is empty
[Routing] fix trailing slash redirection with non-greedy trailing vars
[FrameworkBundle] decorate the ValidatorBuilder's translator with LegacyTranslatorProxy
This PR was merged into the 4.2 branch.
Discussion
----------
[FrameworkBundle] decorate the ValidatorBuilder's translator with LegacyTranslatorProxy
| Q | A
| ------------- | ---
| Branch? | 4.2
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #31092, #31025
| License | MIT
| Doc PR | -
This allows defining a translator that implements only the new interface and use it with ValidatorBuilder.
ping @dvdknaap, @snebes since you were affected.
Commits
-------
a12656eaad [FrameworkBundle] decorate the ValidatorBuilder's translator with LegacyTranslatorProxy
* 3.4:
Revert "bug #30423 [Security] Rework firewall's access denied rule (dimabory)"
[FrameworkBundle] minor: remove a typo from changelog
[VarDumper][Ldap] relax some locally failing tests
[Validator] #30192 Added the missing translations for the Tagalog ("tl") locale.
Make MimeTypeExtensionGuesser case insensitive
This PR was merged into the 3.4 branch.
Discussion
----------
[FrameworkBundle][Form] Fix XSS issues in the form theme of the PHP templating engine
Based on #88
Commits
-------
ab4d05358c Fix XSS issues in the form theme of the PHP templating engine
This PR was merged into the 4.3-dev branch.
Discussion
----------
[Serializer] Use name converter when normalizing constraint violation list
| Q | A
| ------------- | ---
| Branch? | master <!-- see below -->
| Bug fix? | no
| New feature? | yes <!-- don't forget to update src/**/CHANGELOG.md files -->
| BC breaks? | no <!-- see https://symfony.com/bc -->
| Deprecations? | no <!-- don't forget to update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| Tests pass? | yes <!-- please add some, will be required by reviewers -->
| Fixed tickets | #... <!-- #-prefixed issue number(s), if any -->
| License | MIT
| Doc PR | symfony/symfony-docs#... <!-- required for new features -->
When using name converter with serializer and the default ConstraintViolationListNormalizer, returned propertyPaths was not converted to the same format.
<!--
Write a short README entry for your feature/bugfix here (replace this comment block.)
This will help people understand your PR and can be used as a start of the Doc PR.
Additionally:
- Bug fixes must be submitted against the lowest branch where they apply
(lowest branches are regularly merged to upper ones so they get the fixes too).
- Features and deprecations must be submitted against the master branch.
-->
Commits
-------
dd93b707cc Use name converter when normalizing constraint violation list
This PR was merged into the 4.2 branch.
Discussion
----------
[FrameworkBundle] Fix for Controller DEPRECATED when using composer --optimized
| Q | A |
| --- | --- |
| Branch? | 4.2 |
| Bug fix? | Yes |
| New feature? | No |
| BC breaks? | No |
| Deprecations? | No |
| Tests pass? | Yes |
| Fixed tickets | --- |
| License | MIT |
Using `composer --optimize-autoload` causes `console cache:clear` (without warmup) to give DEPRECATED error, that stays in profiler.
I moved `@trigger_error` from beggining of the file to Controller __consctruct method.
Commits
-------
2ae2fd800d [FrameworkBundle] Fix Controller deprecated when using composer --optimized
* 4.2:
Catch empty deprecation.log silently (fixes#31050)
minor: the meaning of the data breach was not correct
Optimize SVGs
property normalizer should also pass format and context to isAllowedAttribute
* 3.4:
minor: the meaning of the data breach was not correct
Optimize SVGs
property normalizer should also pass format and context to isAllowedAttribute
This PR was squashed before being merged into the 4.3-dev branch (closes#31073).
Discussion
----------
#30998 Fix deprecated setCircularReferenceHandler call
| Q | A
| ------------- | ---
| Branch? | 4.2
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #30998
| License | MIT
Instead of calling the `setCircularReferenceHandler()` method, it puts the handler in the default context.
Commits
-------
3a680402ce#30998 Fix deprecated setCircularReferenceHandler call
* 4.2:
fixed bad merge
Show more accurate message in profiler when missing stopwatch
CS Fixes: Not double split with one array argument
[Serializer] Add default object class resolver
Remove redundant animation prefixes
Remove redundant `box-sizing` prefixes
[VarExporter] support PHP7.4 __serialize & __unserialize
Rework firewall access denied rule
MetadataAwareNameConverter: Do not assume that property names are strings
[VarExporter] fix exporting classes with private constructors
fixed CS
Fix missing $extraDirs when open_basedir returns
* 3.4:
Show more accurate message in profiler when missing stopwatch
CS Fixes: Not double split with one array argument
Remove redundant animation prefixes
Remove redundant `box-sizing` prefixes
Rework firewall access denied rule
fixed CS
Fix missing $extraDirs when open_basedir returns
This PR was merged into the 3.4 branch.
Discussion
----------
CS Fixes: Not double split with one array argument
| Q | A
| ------------- | ---
| Branch? | 3.4 (master from #31063)
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | None
| License | MIT
| Doc PR | None
Keep to use the same CS in all the Symfony code base.
Use:
```php
$resolver->setDefaults([
'compound' => false
]);
```
Instead of:
```php
$resolver->setDefaults(
[
'compound' => false,
]
);
```
Keep the double split when the method has two or more arguments.
I miss a PSR with this rule.
Commits
-------
a56bf552ad CS Fixes: Not double split with one array argument
This PR was squashed before being merged into the 3.4 branch (closes#31059).
Discussion
----------
Show more accurate message in profiler when missing stopwatch
| Q | A
| ------------- | ---
| Branch? | 3.4+
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #31056
| License | MIT
| Doc PR | ~
This adds a message to the profiler if the stopwatch component is not installed, instead of suggesting to check if debug is enabled (even if it is enabled).
I had to add a method in the collector to expose the value collected, which in theory adds a feature. Is there perhaps a way to expose this collected data _without_ a "BC break"? I don't think it breaks anything, though it does make the dependencies on the http-kernel a bit strict. The other solution is to ignore if it's null and only act if it's a boolean (feature detection).
Commits
-------
326aa86d6a Show more accurate message in profiler when missing stopwatch