* 3.3:
[FrameworkBundle] Set default public directory on install assets
[Security] Fix wrong term in UserProviderInterface
[HttpFoundation] Set meta refresh time to 0 in RedirectResponse content
disable inlining deprecated services
[Cache] add constructor docblocks for clarity
[WebServerBundle] allowed public/ root directory to be auto-discovered along side web/
[WebServerBundle] remove duplicate code
[SecurityBundle] Clarify deprecation in UserPasswordEncoderCommand::getContainer
[Cache] add constructor docblocks for clarity
[Security] validate empty passwords again
[DI] Remove irrelevant comment from container
[TwigBridge] cleaner implementation of the TwigRenderer
* 3.2:
[Security] Fix wrong term in UserProviderInterface
[HttpFoundation] Set meta refresh time to 0 in RedirectResponse content
disable inlining deprecated services
[Cache] add constructor docblocks for clarity
[Security] validate empty passwords again
[DI] Remove irrelevant comment from container
[TwigBridge] cleaner implementation of the TwigRenderer
* 2.8:
[Security] Fix wrong term in UserProviderInterface
[HttpFoundation] Set meta refresh time to 0 in RedirectResponse content
disable inlining deprecated services
[Security] validate empty passwords again
[DI] Remove irrelevant comment from container
[TwigBridge] cleaner implementation of the TwigRenderer
* 2.7:
[Security] Fix wrong term in UserProviderInterface
[HttpFoundation] Set meta refresh time to 0 in RedirectResponse content
[Security] validate empty passwords again
[DI] Remove irrelevant comment from container
[TwigBridge] cleaner implementation of the TwigRenderer
This PR was merged into the 3.4 branch.
Discussion
----------
[Console] Application is not responsible for setting the name of lazy commands
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
Fixes `all` not calling `get()` for lazy commands and stop setting the command name from Application (the command loader is responsible for returning valid commands).
Commits
-------
f25a8b5c41 Fix lazy commands registration
This PR was merged into the 2.7 branch.
Discussion
----------
[Security] validate empty passwords again
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | https://github.com/symfony/symfony/pull/23341#issuecomment-315341226
| License | MIT
| Doc PR |
It looks like this part of #23341 causes serious security issues for some users who rely on the validator to also compare the empty string with their user's password (see for example https://github.com/symfony/symfony/pull/23341#issuecomment-315341226). Thus I suggest to revert this part of #23341.
Commits
-------
878198cefa [Security] validate empty passwords again
This PR was merged into the 3.4 branch.
Discussion
----------
[Profiler][Validator] ValidatorDataCollector: use new DataCollector::getCasters() method
| Q | A
| ------------- | ---
| Branch? | 3.4 <!-- see comment below -->
| Bug fix? | no
| New feature? | no <!-- don't forget updating src/**/CHANGELOG.md files -->
| BC breaks? | no
| Deprecations? | no <!-- don't forget updating UPGRADE-*.md files -->
| Tests pass? | yes
| Fixed tickets | https://github.com/symfony/symfony/pull/23465#discussion_r126382240 <!-- #-prefixed issue number(s), if any -->
| License | MIT
| Doc PR | N/A
~~First commit targets 3.3; see https://github.com/symfony/symfony/pull/23516.~~
I didn't re-used the `ConstraintViolationInterface` caster used in the form collector, as it's the purpose of the validator collector to show the constraints data.
Commits
-------
c725a700cf [Profiler][Validator] ValidatorDataCollector: use new DataCollector::getCasters() method
This PR was merged into the 3.4 branch.
Discussion
----------
[VarDumper] Added setMinDepth to VarCloner
This new function allows VarCloner users to specify a minimum tree
depth that must be fully explored before we start limiting the number of
cloned items via the existing setMaxItems functionality.
It’s useful for dumping arguments from a backtrace to ensure some
minimum level of detail, while keeping a very low setMaxItems value to
ensure fast performance at the deeper levels.
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | yes <!-- don't forget updating src/**/CHANGELOG.md files -->
| BC breaks? | no
| Deprecations? | no <!-- don't forget updating UPGRADE-*.md files -->
| Tests pass? | yes
| Fixed tickets | none
| License | MIT
| Doc PR | symfony/symfony-docs#8155 <!--highly recommended for new features-->
<!--
- Bug fixes must be submitted against the lowest branch where they apply
(lowest branches are regularly merged to upper ones so they get the fixes too).
- Features and deprecations must be submitted against the 3.4,
legacy code removals go to the master branch.
- Please fill in this template according to the PR you're about to submit.
- Replace this comment by a description of what your PR is solving.
-->
Commits
-------
d6534f5cfc [VarDumper] Added setMinDepth to VarCloner
This PR was merged into the 2.7 branch.
Discussion
----------
[DI] Remove irrelevant comment from container
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes-ish
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #... <!-- #-prefixed issue number(s), if any -->
| License | MIT
| Doc PR | symfony/symfony-docs#... <!--highly recommended for new features-->
Spotted in #22811
Commits
-------
595a225a0f [DI] Remove irrelevant comment from container
* 3.3:
[Profiler] Fix data collector getCasters() call
remove symfony/process suggestion
[DI] Remove unused dynamic property
[Process] Fixed issue between process builder and exec
non-conflicting anonymous service ids across files
This new function allows VarCloner users to specify a minimum tree
depth that must be fully explored before we start limiting the number of
cloned items via the existing setMaxItems functionality.
It’s useful for dumping arguments from a backtrace to ensure some
minimum level of detail, while keeping a very low setMaxItems value to
ensure fast performance.
This PR was merged into the 3.4 branch.
Discussion
----------
[Serializer] AbstractObjectNormalizer: Allow to disable type enforcement
| Q | A
| ------------- | ---
| Branch? | 3.4 <!-- see comment below -->
| Bug fix? | no
| New feature? | yes <!-- don't forget updating src/**/CHANGELOG.md files -->
| BC breaks? | no
| Deprecations? | no <!-- don't forget updating UPGRADE-*.md files -->
| Tests pass? | yes (failure unrelated)
| Fixed tickets | N/A <!-- #-prefixed issue number(s), if any -->
| License | MIT
| Doc PR | N/A
This allows to denormalize simple DTOs with public properties using the property-info component and the `ObjectNormalizer`. The raised exception is not really useful in such cases, as it cannot be easily handled gracefully to build a proper violation response (too generic and no real hint on the complete attribute path for instance).
Instead, I use the validator component to validate my DTOs and the properties' types, get a proper violation list, and build a response from it.
I wasn't really inspired for the `DISABLE_TYPE_ENFORCEMENT` name.
Commits
-------
959ac2a [Serializer] AbstractObjectNormalizer: Allow to disable type enforcement
* 3.3:
[DI] Handle root namespace in service definitions
Use rawurlencode() to transform the Cookie into a string
[Process] Fix parsing args on Windows
[HttpKernel][VarDumper] Truncate profiler data & optim perf
[Security] Fix authentication.failure event not dispatched on AccountStatusException
* 3.2:
[DI] Handle root namespace in service definitions
Use rawurlencode() to transform the Cookie into a string
[Security] Fix authentication.failure event not dispatched on AccountStatusException
* 2.8:
[DI] Handle root namespace in service definitions
Use rawurlencode() to transform the Cookie into a string
[Security] Fix authentication.failure event not dispatched on AccountStatusException
* 2.7:
[DI] Handle root namespace in service definitions
Use rawurlencode() to transform the Cookie into a string
[Security] Fix authentication.failure event not dispatched on AccountStatusException
This PR was merged into the 3.4 branch.
Discussion
----------
[Validator] Allow to use a property path to get value to compare in comparison constraints
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | N/A
| License | MIT
| Doc PR | todo
So we can simply declare something like:
```php
class Activity
{
/**
* @var \DateTime
*
* @Assert\DateTime()
*/
private $startDate;
/**
* @var \DateTime
*
* @Assert\DateTime()
* @Assert\GreaterThan(propertyPath="startDate")
*/
private $endDate;
// [...]
public function getStartDate(): \DateTime
{
return $this->startDate;
}
public function getEndDate(): \DateTime
{
return $this->startDate;
}
}
```
Of course, this is actually already possible by using an `Expression` constraint (or a callable), but it feels more natural to me to use proper comparison constraints for this.
Commits
-------
07c5aa6 [Validator] Allow to use a property path to get value to compare in comparison constraints
This PR was squashed before being merged into the 2.7 branch (closes#23468).
Discussion
----------
[DI] Handle root namespace in service definitions
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #... <!-- #-prefixed issue number(s), if any -->
| License | MIT
| Doc PR | symfony/symfony-docs#... <!--highly recommended for new features-->
Fixes
```
Cannot dump definition because of invalid class name ('\\stdClass')
```
for
```yaml
services:
foo: {class: '\stdClass' }
```
`ContainerBuilder` allows it, so `PhpDumper` should as well.
Commits
-------
05170c8 [DI] Handle root namespace in service definitions
This PR was merged into the 3.3 branch.
Discussion
----------
[Process] Fix parsing args on Windows
| Q | A
| ------------- | ---
| Branch? | 3.3
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #23455
| License | MIT
| Doc PR | -
Commits
-------
8826da1 [Process] Fix parsing args on Windows
This PR was merged into the 2.7 branch.
Discussion
----------
[Security] Fix authentication.failure event not dispatched on AccountStatusException
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | https://github.com/symfony/symfony/issues/18807
| License | MIT
| Doc PR | n/a
Authentication fails if the user exists but its account is disabled/expired/locked, the failure event should be dispatched in this case, so that you can hook into as for any authentication exception.
Commits
-------
64c2efd [Security] Fix authentication.failure event not dispatched on AccountStatusException
This PR was merged into the 3.4 branch.
Discussion
----------
[VarDumper] Test ReflectionCaster excluding verbosity
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | /
| License | MIT
| Doc PR | /
Cover better ``ReflectionCaster`` in tests thanks to ``EXCLUDE_*`` filter which was added in https://github.com/symfony/symfony/pull/22588.
Commits
-------
e535089 Add exculde verbosity test
This PR was merged into the 3.4 branch.
Discussion
----------
[DI] Allow imports in string format for YAML
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #... <!-- #-prefixed issue number(s), if any -->
| License | MIT
| Doc PR | symfony/symfony-docs#... <!--highly recommended for new features-->
I see no real reasons why this shouldnt be allowed..
Before
```yml
imports:
- { resource: config.yml }
```
After
```yml
imports:
- config.yml
```
Commits
-------
632e934cfa [DI] Allow imports in string format for YAML
This PR was merged into the 3.4 branch.
Discussion
----------
[VarDumper] Test ExceptionCaster excluding verbosity
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | /
| License | MIT
| Doc PR | /
Cover better ``ExceptionCaster`` in tests thanks to filter which was added in https://github.com/symfony/symfony/pull/22588.
Commits
-------
85766c9 Add exculde verbosity test
