This PR was merged into the 2.8 branch.
Discussion
----------
Fixed issue with blank password with Ldap
| Q | A
| ------------- | ---
| Branch? | 1.8
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
Commits
-------
c7d9c62 Fixed issue with blank password with Ldap
The bind operation of LDAP, as described in RFC 4513, provides a method
which allows for authentication of users. For the Simple Authentication
Method a user may use the anonymous authentication mechanism, the
unauthenticated authentication mechanism, or the name/password
authentication mechanism. The unauthenticated authentication mechanism
is used when a client who desires to establish an anonymous
authorization state passes a non-zero length distinguished name and a
zero length password. Most LDAP servers either can be configured to
allow this mechanism or allow it by default.
_Web-based applications which perform the simple bind operation with the
client's credentials are at risk when an anonymous authorization state is
established. This can occur when the web-based application passes a
distinguished name and a zero length password to the LDAP server._
Thus, misconfiguring a server with simple bind can trick Symfony into
thinking the username/password tuple as valid, potentially leading to
unauthorized access.
This PR was merged into the 2.3 branch.
Discussion
----------
limited the maximum length of a submitted username
| Q | A
| ------------- | ---
| Branch? | 2.3
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
Commits
-------
f8dc28a limited the maximum length of a submitted username
* 2.8:
[2.3][Component/Security] Fixed phpdoc in AnonymousToken constructor for user param
prevent calling get() for service_container service
call get() after the container was compiled
Fixed readme of OptionsResolver
top-level anonymous services must be public
[DependencyInjection] Suggest ExpressionLanguage in composer.json
added a conflict between Monolog bridge 2.8 and HTTP Kernel 3.0+
* 2.7:
[2.3][Component/Security] Fixed phpdoc in AnonymousToken constructor for user param
prevent calling get() for service_container service
call get() after the container was compiled
Fixed readme of OptionsResolver
[DependencyInjection] Suggest ExpressionLanguage in composer.json
* 2.3:
[2.3][Component/Security] Fixed phpdoc in AnonymousToken constructor for user param
call get() after the container was compiled
Fixed readme of OptionsResolver
This PR was merged into the 2.7 branch.
Discussion
----------
[FrameworkBundle] prevent calling get() for service_container service
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
This change will simply fix the tests once #18728 gets merged. An alternative approach would be to compile the container so that the code would still work even for services that have been set directly using `set()`. However, compiling the container in a descriptor imo is an unexpected side effect which I tried to avoid here.
Commits
-------
2d46bd4 prevent calling get() for service_container service
This PR was merged into the 2.3 branch.
Discussion
----------
call get() after the container was compiled
| Q | A
| ------------- | ---
| Branch? | 2.3
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
This will prevent future issues when calling `ContainerBuilder::get()` before compiling the container will be deprecated (see #18728).
Commits
-------
954126b call get() after the container was compiled
This PR was merged into the 2.7 branch.
Discussion
----------
[DependencyInjection] Suggest ExpressionLanguage in composer.json
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
As the DependencyInjection component has lots of classes containing uses of the ExpressionLanguage component, I propose to add it to the composer.json suggests.
Commits
-------
d6c9073 [DependencyInjection] Suggest ExpressionLanguage in composer.json
This PR was squashed before being merged into the 2.3 branch (closes#18727).
Discussion
----------
[2.3][Component/Security] Fixed phpdoc in AnonymousToken constructor for user param
| Q | A
| ------------- | ---
| Branch? | 2.3
| Bug fix? | yes, phpdoc one
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
Updated phpdoc of AnonymousToken $user param from string to string|object since an object is allowed to in the parent AbstractToken: https://github.com/symfony/symfony/blob/2.3/src/Symfony/Component/Security/Core/Authentication/Token/AbstractToken.php#L91
Commits
-------
b1c60b4 [2.3][Component/Security] Fixed phpdoc in AnonymousToken constructor for user param
This PR was merged into the 2.3 branch.
Discussion
----------
[OptionsResolver] Fixed readme
| Q | A
| ------------- | ---
| Branch? | 2.3
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
This PR fix bad markdown syntax in readme file of OptionsResolver component.
Commits
-------
beecc6c Fixed readme of OptionsResolver
This PR was merged into the 2.8 branch.
Discussion
----------
added a conflict between Monolog bridge 2.8 and HTTP Kernel 3.0+
| Q | A
| ------------- | ---
| Branch? | 2.8
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | no
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
Monolog Bridge 2.8 cannot be used with HTTP Kernel 3.0 as the LoggerInterface is not defined anymore. That's a problem for the Silex Skeleton for instance.
Commits
-------
59ffd04 added a conflict between Monolog bridge 2.8 and HTTP Kernel 3.0+
This PR was merged into the 2.3 branch.
Discussion
----------
[DependencyInjection] top-level anonymous services must be public
| Q | A
| ------------- | ---
| Branch? | 2.3
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #18703
| License | MIT
| Doc PR |
Commits
-------
13a47c3 top-level anonymous services must be public
This PR was merged into the 3.0 branch.
Discussion
----------
[EventDispatcher] fix tests
| Q | A
| ------------- | ---
| Branch? | 3.0
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
The `getListenerPriority()` method was added to the event dispatcher
interface in Symfony 3.0. Thus, it no longer makes sense to have a test
that expects the method not to exist (the corresponding code in the
`TraceableEventDispatcher` was already removed in 576a55c.
Commits
-------
636401b [EventDispatcher] fix tests
The `getListenerPriority()` method was added to the event dispatcher
interface in Symfony 3.0. Thus, it no longer makes sense to have a test
that expects the method not to exist (the corresponding code in the
`TraceableEventDispatcher` was already removed in 576a55c.
* 2.8:
[EventDispatcher] check for method to exist
[DependencyInjection] Fixed the priority of service decoration on service with parent
Make failed autowiring error messages more explicit
This PR was merged into the 2.8 branch.
Discussion
----------
[EventDispatcher] check for method to exist
| Q | A
| ------------- | ---
| Branch? | 2.8
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | https://github.com/symfony/symfony/pull/16301#issuecomment-193150055
| License | MIT
| Doc PR |
This change must be reverted after being merged into the `3.0` branch (the `getListenerPriority()` method was added to the interface in Symfony 3.0).
Commits
-------
78ae2ad [EventDispatcher] check for method to exist
This PR was merged into the 2.8 branch.
Discussion
----------
[DX][DI] Make failed autowiring error messages more explicit
| Q | A
| ------------- | ---
| Branch? | 2.8
| Bug fix? | no (better DX integration)
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #18658
| License | MIT
| Doc PR | N/A
This is the PR improving the auto wiring error messages.
Two errors messages have augmented:
If a type-hint does not match any existing type and a service for this type cannot be automatically created, the error message now says so, instead of simply saying the type cannot be autowired.
If a type-hint matches multiple services and none of them provides an autowiringType for it, the error message now says so and list the candidate services, instead of simply saying the type cannot be autowired.
Commits
-------
2ac81f9 Make failed autowiring error messages more explicit
This PR was merged into the 2.8 branch.
Discussion
----------
[DependencyInjection] Use the priority of service decoration on service with parent
| Q | A
| ------------- | ---
| Branch? | 2.8
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
Commits
-------
d1ad43c [DependencyInjection] Fixed the priority of service decoration on service with parent