This PR was merged into the 2.7 branch.
Discussion
----------
[Form][TwigBridge] render hidden _method field in form_rest()
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #14261
| License | MIT
| Doc PR |
Commits
-------
0ee3f57533 render hidden _method field in form_rest()
This PR was merged into the 2.7 branch.
Discussion
----------
[Security] fix switch user _exit without having current token
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #22729
| License | MIT
| Doc PR | -
Attempting to `_exit` from a switched user caused an error when not having any token in the storage (for example happens when not logged in + disallowing anonymous users on that firewall):
`[1] Symfony\Component\Debug\Exception\FatalThrowableError: Type error: Argument 1 passed to Symfony\Component\Security\Http\Firewall\SwitchUserListener::getOriginalToken()
must be an instance of Symfony\Component\Security\Core\Authentication\Token\TokenInterface, null given, called in
symfony/symfony/src/Symfony/Component/Security/Http/Firewall/SwitchUserListener.php on line 164`
Commits
-------
16da6861be [Security] fix switch user _exit without having current token
This PR was merged into the 2.7 branch.
Discussion
----------
[Routing] Fix XmlFileLoader exception message
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| License | MIT
When an `XmlFileLoader` encounters an unknown tag it throws an exception with message like `Unknown tag "foo" used in file "bar". Expected "default", "requirement" or "option".`. A proper message should be `Unknown tag "foo" used in file "bar". Expected "default", "requirement", "option" or "condition".`
Commits
-------
f6a94cb56f [Routing] Fix XmlFileLoader exception message
This PR was merged into the 2.7 branch.
Discussion
----------
[FrameworkBundle] Sessions: configurable "use_strict_mode" option for NativeSessionStorage
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| License | MIT
It is currently not possible to configure the `use_strict_mode` option for `NativeSessionStorage` in a proper manner.
The reason of this PR: https://github.com/symfony/symfony/pull/22352#issuecomment-302113533
It could be considered a new feature, but I wish it wouldn't, as I don't want to do any ugly hacking to get it working.
What else could be done?
* implement more options from `NativeSessionStorage` in the config?
* get rid of duplication somehow (maybe a static method in `NativeSessionStorage` that would return the option list and could be used in `FrameworkExtension`?)
* update `FrameworkExtensionTest`?
* update `ConfigurationTest`?
* update [the docs](https://symfony.com/doc/current/reference/configuration/framework.html#session)?
I'm willing to do those if decided.
Commits
-------
90e192e824 Sessions: configurable "use_strict_mode" option for NativeSessionStorage
This PR was squashed before being merged into the 2.7 branch (closes#23195).
Discussion
----------
[FrameworkBundle] [Command] Clean bundle directory, fixes#23177
| Q | A
| ------------- | ---
| Branch? | 2.7 <!-- see comment below -->
| Bug fix? | yes
| New feature? | no <!-- don't forget updating src/**/CHANGELOG.md files -->
| BC breaks? | no
| Deprecations? | no <!-- don't forget updating UPGRADE-*.md files -->
| Tests pass? | no
| Fixed tickets | #23177
| License | MIT
This PR fix#23177
when running an assets:install, it will remove directorys who do not have anymore a valid Bundle
Commits
-------
180f178f43 [FrameworkBundle] [Command] Clean bundle directory, fixes#23177
This PR was merged into the 2.7 branch.
Discussion
----------
[TwigBundle] Add Content-Type header for exception response
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
This PR comes after I was looking to customize the way exceptions are served for a JSON API (grabbed the info at http://symfony.com/doc/current/controller/error_pages.html#overriding-the-default-exceptioncontroller).
I noticed that even when changing the request format to 'json' so that the right json.twig template is served:
```php
// in my override of the ExceptionController
public function showAction(Request $request, FlattenException $exception, DebugLoggerInterface $logger = null)
{
$request->setRequestFormat('json');
return parent::showAction($request, $exception, $logger);
}
```
the response Content-Type header was still 'text/html'.
By now, the response Content-Type should be corresponding to the given request format.
I also feel there's some room for improvement with the general "displaying error for a JSON API" chapter as it feels strange that there's no configuration option to just say "serve me anything as json", but that's another issue.
Commits
-------
9e2b408f25 add content-type header on exception response
This PR was merged into the 2.7 branch.
Discussion
----------
Reset redirectCount when throwing exception
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #23197
| License | MIT
When catching the exception throw when exceeding the redirect limit, all new request which results in a redirect fail. By resetting the redirectCount we can still use the same client instance.
Commits
-------
83fd578f96 Reset redirectCount when throwing exception
This PR was merged into the 2.7 branch.
Discussion
----------
Keep s-maxage when expiry and validation are used in combination
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
(Symfony) docs say that [expiration wins over validation](https://symfony.com/doc/current/http_cache/validation.html). So,
a) when both the master and embedded response are public with an s-maxage, the result should be public as well and use the lower s-maxage of both, *also* in the case that the embedded response carries validation headers. (The cache may use those for revalidating the embedded response once it has become stale, but that does not impact expiration-based caching of the combined response.)
b) when both the master and embedded response are public with an s-maxage, the result should be public as well and use the lower s-maxage of both, *also* in the case that the master response carries validation headers. However, those *must not* be passed on to the client: They do not apply to the combined response, but may only be used by the cache itself to revalidate the (raw) master response.
Commits
-------
09bcbc70e7 Embedding a response that combines expiration and validation, that should not defeat expiration on the combined response
This PR was squashed before being merged into the 2.7 branch (closes#23129).
Discussion
----------
Fix two edge cases in ResponseCacheStrategy
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
While reviewing how `ResponseCacheStrategy` calculates the caching-related headers for responses that embed subrequests, I came across two cases that I think are currently implemented incorrectly.
a) When the main response is public and cacheable with an expiration time, but it embeds (via ESI) a controller that does not set any caching-related headers, this embedded response is more constrained. So, the resulting (combined) response must not be cacheable, especially it may not keep the s-maxage.
b) When the main response is public and cacheable with an expiration time, but it embeds (via ESI) a controller that explicitly creates a "private" response, the resulting (combined) response must be private as well.
Commits
-------
c6e8c07e4d Fix two edge cases in ResponseCacheStrategy
This PR was squashed before being merged into the 2.7 branch (closes#23057).
Discussion
----------
[Translation][FrameworkBundle] Fix resource loading order inconsistency reported in #23034
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #23034
| License | MIT
| Doc PR |
Fixes the bug reported in #23034:
When mixing `addResource()` calls and providing the `resource_files` option, the order in which resources are loaded depends on the `kernel.debug` setting and whether a cache is used.
In particular, when several loaders provide translations for the same message, the one that "wins" may change between development and production mode.
Commits
-------
2a9e65dea9 [Translation][FrameworkBundle] Fix resource loading order inconsistency reported in #23034
This PR was squashed before being merged into the 2.7 branch (closes#23092).
Discussion
----------
[Filesystem] added workaround in Filesystem::rename for PHP bug
[Filesystem] added workaround in Filesystem::rename for https://bugs.php.net/bug.php?id=54097
Standard PHP rename() of dirs across devices/mounted filesystems produces confusing copy error & throws IOException in Filesystem::rename. I got it during console cache:clear in the Docker environment. This PR possible fixes https://github.com/symfony/symfony/issues/19851 and other environment related issues.
Workaround is on \rename() fails try to Filesystem::mirror & Filesystem::remove if $origin is directory
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
Commits
-------
3ccbc479da [Filesystem] added workaround in Filesystem::rename for PHP bug
This PR was squashed before being merged into the 2.7 branch (closes#23123).
Discussion
----------
Add tests for ResponseCacheStrategy to document some more edge cases
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
Adds some test cases for possible combinations of master/subrequest responses to better document behaviour in edge cases. Should now cover the entire `ResponseCacheStrategy`.
I hope 2.7 is the right target branch because having more tests for all releases should be a good thing™️.
Commits
-------
69e84633dd Add tests for ResponseCacheStrategy to document some more edge cases
This PR was merged into the 2.7 branch.
Discussion
----------
[HttpFoundation] fix for Support for new 7.1 session options
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #21606
| License | MIT
| Doc PR | n/a
Commits
-------
71c1b6f5bffixes#21606
This PR was merged into the 2.7 branch.
Discussion
----------
[VarDumper] fixes
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #23115 and #23151 (hopefully)
| License | MIT
| Doc PR | -
it looks like stream_context_get_params can return false (looking at php-src and #23151)
and doing a foreach on SplObjectStorage changes its internal iterator state.
Commits
-------
d7238c9d96 [VarDumper] fixes
This PR was merged into the 2.7 branch.
Discussion
----------
[FormBuilderInterface] Fixed PHPdoc return references
| Q | A
| ------------- | ---
| Branch? | 2.7 and higher
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | N/A (phpdoc)
| License | MIT
In a case where the method `createFormBuilder()` was used where the methods `add()` and `getForm()` were chained onto it, the final resulting object was no longer a FormBuilder object as the `add()` and `remove()` methods was using a return variable that didn't work.
Should reference `self` as interfaces do not have a `$this` object.
Commits
-------
2f350d1d38 Fixed PHPdoc return references in FormBuilderInterface
This PR was squashed before being merged into the 2.7 branch (closes#22931).
Discussion
----------
SCA with Php Inspections (EA Extended): 2.7
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
Static Code Analysis with Php Inspections (EA Extended): dead code and control flow tweaks.
Commits
-------
598ae56cc9 SCA with Php Inspections (EA Extended): 2.7
This PR was squashed before being merged into the 2.7 branch (closes#23120).
Discussion
----------
Remove deprecated each function
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | N/A
| License | MIT
| Doc PR |
Replace the `each()` function which is deprecated in PHP 7.2 (https://wiki.php.net/rfc/deprecations_php_7_2#each)
Commits
-------
232caad876 Remove deprecated each function
This PR was merged into the 2.7 branch.
Discussion
----------
[FrameworkBundle] Fix perf issue in CacheClearCommand::warmup()
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
On slow file systems (eg on Windows), I noticed that writing files without doing any changes just kills perf.
Limiting the depth also helps when the symfony/cache component is used (because it can store thousands of files in its cache pool directory structure, and iterating there is also a waste of *fs* time).
I choose the max depth by looking at where existing apps put their files and added one level more just in case.
Commits
-------
b58f060fda [FrameworkBundle] Fix perf issue in CacheClearCommand::warmup()
This PR was merged into the 2.7 branch.
Discussion
----------
Cache ipCheck (2.7)
In our app we use trusted proxies. Using Blackfire we found `IpUtils::checkIp` was being called 454 times taking 3.15ms.
Caching the result saves those 3ms.
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
Commits
-------
bcb80569cb Cache ipCheck