This PR was squashed before being merged into the 5.1-dev branch.
Discussion
----------
[Security] Refactor logout listener to dispatch an event instead
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | yes (sort of...)
| New feature? | yes
| Deprecations? | yes
| Tickets | Fix#25212, Fix#22473
| License | MIT
| Doc PR | tbd
The current `LogoutListener` has some extension points, but they are not really DX-friendly (ref #25212). It requires hacking a `addMethodCall('addHandler')` in the container builder to register a custom logout handler.
Also, it is impossible to overwrite the default logout functionality from a bundle (ref #22473).
This PR introduces a `LogoutEvent` that replaces both the `LogoutSuccessHandlerInterface` and `LogoutHandlerInterface`. This provides a DX-friendly extension point and also cleans up the authentication factories (no more `addMethodCall()`'s).
In order to allow different logout handlers for different firewalls, I created a specific event dispatcher for each firewall (as also shortly discussed in #33558). The `dispatcher` tag attribute allows you to specify which dispatcher it should be registered to (defaulting to the global dispatcher). The `EventBubblingLogoutListener` also dispatches logout events on the global dispatcher, to be used for listeners that should run on all firewalls.
_@weaverryan and I discussed this feature while working on #33558, but figured it was unrelated and could be done while preservering BC. So that's why a separate PR is created._
Commits
-------
a9f096eb1f [Security] Refactor logout listener to dispatch an event instead
This PR was squashed before being merged into the 5.1-dev branch.
Discussion
----------
[Messenger] Add a \Throwable argument in RetryStrategyInterface methods
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| Deprecations? | no
| Tickets | Fix#36182
| License | MIT
This allows to define new retry strategies based on the exceptions thrown during the last handling.
Commits
-------
5fa9d68e8b [Messenger] Add a \Throwable argument in RetryStrategyInterface methods
This PR was submitted for the 5.0 branch but it was merged into the 5.1-dev branch instead.
Discussion
----------
[Form] action allows only strings
| Q | A
| ------------- | ---
| Branch? | 5.0
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| Tickets | ...
| License | MIT
| Doc PR | ...
On updating an old project that had actions to null it's caused me a type-hint error. With that, we can quickly identify where the problem is
Commits
-------
e861500ce8 [Form] action allows only strings
This PR was merged into the 5.1-dev branch.
Discussion
----------
[MonologBridge] Fix $level type
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets |
| License | MIT
Monolog accepts both level names like 'info' or int constants. The parent constructor will normalize it to an int. https://github.com/Seldaek/monolog/blob/master/src/Monolog/Handler/AbstractHandler.php#L53
Note that this may need to be applied on more handlers here I did not check, if someone feels like going over them all please feel free.
Commits
-------
c2a1781eb4 Fix $level type
This PR was merged into the 5.1-dev branch.
Discussion
----------
[Config] Improve the deprecation features by handling package and version
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| Deprecations? | yes
| Tickets | https://github.com/orgs/symfony/projects/1#card-32681032
| License | MIT
| Doc PR | TODO
Commits
-------
f4de76dba0 [Config] Improve the deprecation features by handling package and version
This PR was merged into the 5.1-dev branch.
Discussion
----------
[DependencyInjection] Deprecate ContainerInterface aliases
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | no
| Deprecations? | yes
| Tickets | -
| License | MIT
| Doc PR | -
Defining those aliases makes it harder to detect problems when you use `!tagged_locator` or any service locator with autowiring since the global service container is always injected. Moreover, should we encourage passing the global service container easily? Shouldn't it be more "explicit"? I think that by default, those aliases should not exist.
However, that means we will have to reintroduce code to hook the global service container in our own code base since some part rely on it (~~eg: FWB AbstractController::setContainer~~). WDYT? 🤷♂
Commits
-------
6162ca8e40 [DependencyInjection] Deprecate ContainerInterface aliases
This PR was merged into the 5.1-dev branch.
Discussion
----------
[DependencyInjection] Fix alias deprecations with package and version
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | -
Firstly, this PR fixes the alias dump by the XmlDumper to be consistent with stof comment in the inital PR (the message is the node content) - it is the case for deprecated services. Otherwise, we need to add the "message" attribute in the XSD.
Secondly, it fixes the arguments when the deprecation is actually triggered as well as two related tests.
Commits
-------
5ee5654171 [DependencyInjection] Fix alias deprecations with package and version
* 5.0:
Fix wrong namespaces
Fix wrong namespaces
Fix the reporting of deprecations in twig:lint
forward multiple attributes voting flag
bumped Symfony version to 5.0.8
updated VERSION for 5.0.7
updated CHANGELOG for 5.0.7
bumped Symfony version to 4.4.8
updated VERSION for 4.4.7
updated CHANGELOG for 4.4.7
[Validator] Fixed calling getters before resolving groups
[HttpKernel][LoggerDataCollector] Prevent keys collisions in the sanitized logs processing
* 4.4:
Fix wrong namespaces
Fix wrong namespaces
Fix the reporting of deprecations in twig:lint
forward multiple attributes voting flag
bumped Symfony version to 4.4.8
updated VERSION for 4.4.7
updated CHANGELOG for 4.4.7
[Validator] Fixed calling getters before resolving groups
[HttpKernel][LoggerDataCollector] Prevent keys collisions in the sanitized logs processing
This PR was squashed before being merged into the 5.1-dev branch.
Discussion
----------
[FrameworkBundle] Deprecate flashbag and attributebag services
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | no
| Deprecations? | yes
| Tickets | Related to [#10557](https://github.com/symfony/symfony/issues/10557)
| Related to PR | #36063
| License | MIT
FlashBag and AttributeBag are data objects and so should not be available via the service container. The preferred method for accessing these objects is via
`$session->getFlashBag()` or `$session->getAttributeBag()`
Commits
-------
f9b52fe55e [FrameworkBundle] Deprecate flashbag and attributebag services
This PR was merged into the 5.1-dev branch.
Discussion
----------
[DI] Improve the deprecation features by handling package and version
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| Deprecations? | yes
| Tickets |
| License | MIT
| Doc PR | TODO
Improve the deprecation feature of the Dependency Injection component, by handling the `package` + `since_version`
Before
```yaml
services:
LegacyService:
deprecated: 'The %service_id% is deprecated, use NewService instead'
```
now:
```yaml
services:
LegacyService:
deprecated:
message: 'The %service_id% is deprecated, use NewService instead'
package: 'my/package'
since_version: '1.2'
```
TODO:
- [x] update UPGRADE
Commits
-------
f10413cf34 [DependencyInjection] improve the deprecation features by handling package+version info
This PR was merged into the 5.1-dev branch.
Discussion
----------
[HttpFoundation][HttpKernel][Security] Improve UnexpectedSessionUsageException backtrace
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes <!-- please update src/**/CHANGELOG.md files -->
| Deprecations? | no <!-- please update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| Tickets |
| License | MIT
| Doc PR |
Improve `UnexceptedSessionUsageException` backtrace so that it leads to the place in the userland where it was told to use session.
Commits
-------
1e1d332c7c Improve UnexcpectedSessionUsageException backtrace
This PR was squashed before being merged into the 5.1-dev branch.
Discussion
----------
[FrameworkBundle] Dump kernel extension configuration
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| Deprecations? | no
| Tickets | #34756
| License | MIT
If the kernel is a container extension and defines a configuration, the `config:dump-reference` will now be able to dump it.
Commits
-------
2ccafb1eb3 [FrameworkBundle] Dump kernel extension configuration
This PR was merged into the 5.1-dev branch.
Discussion
----------
[DI] dump factory files as classes
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | -
This PR is a performance improvement when using `bin/console` on the command line.
Once upon a time, we advised setting `container.dumper.inline_factories` to `false` so that the container could be chunked into many files. More recently, we turned this setting back to `true` in order to optimize for preloading. But this made `bin/console` back to slow: since the CLI cannot have opcache, PHP has to parse this potentially big file all the time. Previous data already showed this can grow big.
This PR fixes the issue by generating many files again. But instead of generating the inline code within each file, we now wrap this code inside a class. Then we list this class for preloading.
This way, we have the best of both worlds: a `bin/console` that scales no matter the size of the app and top perf when using preloading (I benched a small hello world before/after the patch with preloading enabled, there is no measurable difference.)
This should also fix a memory leak that happens when factory files contain closures.
Commits
-------
cedb5cd429 [DI] dump factory files as classes
This PR was merged into the 3.4 branch.
Discussion
----------
[HttpKernel][LoggerDataCollector] Prevent keys collisions in the sanitized logs processing
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | https://github.com/symfony/symfony/issues/36159
| License | MIT
| Doc PR | -
`$sanitizedLogs` is used with numeric and "associative" keys. To prevent collisions when the message is a number, we can simply prepend all messages with a random letter (so we avoid a behavior refactor). It doesn't matter since they key is only used for the processing, it is dropped at the end.
Commits
-------
79fe888072 [HttpKernel][LoggerDataCollector] Prevent keys collisions in the sanitized logs processing
This PR was merged into the 4.4 branch.
Discussion
----------
Fix the reporting of deprecations in twig:lint
| Q | A
| ------------- | ---
| Branch? | 4.4 (the `--show-deprecations` option does not exist in 3.4)
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | n/a
| License | MIT
| Doc PR | n/a
- ensure that the message is rendered when the line detection fails and we end up with 0 as line number (the implementation also deals with -1 which is sometimes used by Twig for errors when it does not know the line, even though this should not happen for compile-time errors).
- fix the detection of the line number when the number is at the end of the sentence, which happens for the deprecation of filters for instance.
Commits
-------
c329ca7e01 Fix the reporting of deprecations in twig:lint
- ensure that the message is rendered when the line detection fails and
we end up with 0 as line number (the implementation also deals with -1
which is sometimes used by Twig for errors when it does not know the
line, even though this should not happen for compile-time errors).
- fix the detection of the line number when the number is at the end of
the sentence, which happens for the deprecation of filters for
instance.
This PR was squashed before being merged into the 5.1-dev branch.
Discussion
----------
[Uid] Improve the code
Improve the reuse of code, programing for extension and not for modification, create a Trait with similar behavior for getTime method in uuid types. Eliminate duplicate code in Uuid
| Q | A
| ------------- | ---
| Branch? | 5.1
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| Tickets | Fix #...
| License | MIT
| Doc PR | symfony/symfony-docs#...
Keep the same functionality, just improve a little the code, eliminating duplications and reusing some lines.
Commits
-------
106c733bce [Uid] Improve the code
* 5.0:
[HttpFoundation] Do not set the default Content-Type based on the Accept header
[Security] Fix access_control behavior with unanimous decision strategy
* 4.4:
[HttpFoundation] Do not set the default Content-Type based on the Accept header
[Security] Fix access_control behavior with unanimous decision strategy