This PR was merged into the 2.3 branch.
Discussion
----------
[Form] Moved POST_MAX_SIZE validation from FormValidator to request handler
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #11729, #11877
| License | MIT
| Doc PR | -
Commits
-------
759ae1a [Form] Moved POST_MAX_SIZE validation from FormValidator to request handler
4780210 [Form] Add a form error if post_max_size has been reached.
This PR was merged into the 2.6-dev branch.
Discussion
----------
[Form] Renamed the option "empty_value" to "placeholder"
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | yes
| Tests pass? | yes
| Fixed tickets | #5791
| License | MIT
| Doc PR | TODO
This PR is changing the "empty_value" option to the more understandable name "placeholder".
In a subsequent PR, the "placeholder" option should also be added to all types that support the "placeholder" HTML5 attribute.
Commits
-------
2b440f3 [Form] Renamed the option "empty_value" to "placeholder"
This PR was merged into the 2.6-dev branch.
Discussion
----------
VarDumper and DebugBundle
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | none
| License | MIT
| Doc PR | none
From a user land point of view, this PR creates a global `dump()` function that is to be used instead of `var_dump()`. The component can be used standalone in any dev workflow. Please see the [provided README](https://github.com/symfony/symfony/pull/10640/files?short_path=52d526f#diff-52d526f19bc9e3825c80e7694755409c) for details.
When used with the Framework bundle, variables passed to `dump()` are dumped in a new dedicated panel in the web toolbar. The function is also available in twig templates.
Regarding the implementation, I'm pretty sure you'll find a lot to comment. As I'm sure of nothing else, not even the names of things, please do.
I tried to organize this PR in several commits, from the most fundamental algorithm to pure Symfony glue.
I suggest you follow this order while progressing in the review and the discussion around this PR, so that we can together validate commits one after the other.
Don't hesitate to fork the PR and submit PR on it, I'll cherry-pick your patches.
TODO:
- [x] open a doc PR: https://github.com/symfony/symfony-docs/pull/4243
- [x] open a PR on the Standard edition: https://github.com/symfony/symfony-standard/pull/710
- [x] prefix the CSS classes
- [x] tests for the DebugBundle + other Symfony glue classes
- [x] inline css and js for compat with e.g. Silex
- [x] finish and merge nicolas-grekas/Patchwork-Dumper#5 for better UX
- [x] show a dump excerpt on hovering the icon in the toolbar
- [x] verify README and comments
- [x] validate interfaces/names (Caster / Cloner / Dumper)
- [x] validate new VarDumper component + DebugBundle
- [x] validate Resource/ext/ vs independent repos.
- [x] test and define behavior after KernelEvents::RESPONSE
- [x] update dependencies between components/bundles and composer.json files
- [x] no hard dep on iconv
Not for this PR but might be worth later:
- show a light stack trace + timing + memory at debug() calls
- create a "theme" concept for custom colors/UX
Commits
-------
80fd736 [DebugBundle] Enhance some comments
2e167ba [TwigBridge] add Twig dump() function + tests and fixes
0f8d30f [VarDumper] Replace \e with \x1B in CliDumper to support colour in PHP < 5.4
d43ae82 [VarDumper] Add workaround to https://bugs.php.net/65967a8d81e4 [DebugBundle] Inlined assets to avoid installation issues
5f59811 [DebugBundle] Add doc example for Twig usage
e4e00ef [TwigBridge] DumpNode and Token parser
de05cd9 [DebugBundle] enhance dump excerpts
49f13c6 [HttpKernel] add tests for DumpDataCollector
081363c [HttpKernel] tests for DumpListener
0d8a942 [VarDumper] add Stub objects for cutting cleanly and dumping consts
c8746a4 [DebugBundle] add tests for twig and for the bundle
8d5d970 [DebugBundle] adjust after review
eb98c81 [DebugBundle] dump() + better Symfony glue
9dea601 [DebugBundle] global dump() function for daily use
297d373 [VarDumper] README, LICENSE and composer.json
a69e962 [VarDumper] tests for HtmlDumper
5eaa187 [VarDumper] tests for CliDumper
e6dde33 [VarDumper] HTML variant of the CLI dumper
fa81544 [VarDumper] CLI dedicated dumper and related abstract
1d5e3f4 [VarDumper] interface for dumping collected variables
0266072 [VarDumper] casters for DOM objects
c426d8b [VarDumper] casters for Doctrine objects
0a92c08 [VarDumper] casters for PDO related objects
da3e50a [VarDumper] casters for SPL data structures
c91bc83 [VarDumper] casters for exceptions representation
3ddbf4b [VarDumper] add casters for per class/resource custom state extraction
5b7ae28 [VarDumper] symfony_debug ext. fast and memory efficient cloning algo
07135a0 [VarDumper] algo to clone any PHP variable to a breadth-first queue
4bf9300 [Debug] a README for the debug extension
eec5c92 [Debug] Symfony debug extension
This PR was merged into the 2.6-dev branch.
Discussion
----------
[OptionsResolver] Added a light-weight, low-level API for basic option resolving
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #11705
| License | MIT
| Doc PR | symfony/symfony-docs#4159
See [the updated documentation](https://github.com/webmozart/symfony-docs/blob/issue11705/components/options_resolver.rst) for details on the usage of the simple API.
The most important motivation for this change is DX and speed. The basic features of the component should be easily usable in a wide variety of use cases without impacting performance.
For DX reasons, I added the static methods to the `Options` class, which makes the code concise and easy to read and understand:
```php
use Symfony\Component\OptionsResolver\Options;
$options = Options::validateRequired($options, 'format');
$options = Options::validateTypes($options, array(
'format' => array('string', 'int'),
'calendar' => 'int',
));
$options = Options::validateValues($options, array(
'calendar' => array(
\IntlDateFormatter::GREGORIAN,
\IntlDateFormatter::TRADITIONAL,
),
));
$options = Options::resolve($options, array(
'format' => null,
'calendar' => \IntlDateFormatter::GREGORIAN,
));
```
If you need to distribute the option configuration, this PR also extracts the configuration part of the `OptionsResolver` class into a new class `OptionsConfig`, which can be passed around. When the configuration is complete, pass the config object to `Options::resolve()` as second argument:
```php
$config = new OptionsConfig();
$config->setDefaults(array(
'format' => \IntlDateFormatter::MEDIUM,
'calendar' => \IntlDateFormatter::GREGORIAN,
));
$options = Options::resolve($options, $config);
```
Consequently - since `OptionsResolver` extends `OptionsConfig` - the two following statements now become identical:
```php
$options = $resolver->resolve($options);
$options = Options::resolve($options, $resolver);
```
Commits
-------
9066025 [OptionsResolver] Added a light-weight, low-level API for basic option resolving
This PR was squashed before being merged into the 2.6-dev branch (closes#10698).
Discussion
----------
[Security] Added a REMOTE_USER based listener to security firewalls
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | /
| License | MIT
| Doc PR | symfony/symfony-docs#3912
TODO
- [x] submit changes to the documentation
I've seen myself implementing a few times a REMOTE_USER based authentication listener, as a large part of security modules for Apache (Kerberos, CAS, and more) are providing the username via an environment variable.
So I thought this could benefit the whole community if directly included in the framework. It is very similar to the X509AuthenticationListener, and basing the RemoteUserAuthenticationListener on the AbstractPreAuthenticatedListener is relevant and very convenient.
Using the X509AuthenticationListener could be possible, but it is confusing to use it directly when your authentication is not certificate based.
Please let me know if I need to update anything.
Regards
Commits
-------
a2872f2 [Security] Added a REMOTE_USER based listener to security firewalls
This PR was squashed before being merged into the 2.6-dev branch (closes#11183).
Discussion
----------
[Security] add an AbstractVoter implementation
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| License | MIT
| Doc PR | https://github.com/symfony/symfony-docs/pull/4257
The idea is to reduce boilerplate required to create custom Voter, doing most of the work for the developer and guiding him on the path by providing simple requirements via abstract methods that will be called by the AbstractVoter.
P.S. This is meant to be a [DX Initiative](https://github.com/symfony/symfony/issues?labels=DX&state=open) improvement.
Commits
-------
d3bafc6 [Security] add an AbstractVoter implementation
This PR was merged into the 2.6-dev branch.
Discussion
----------
[Form] Add allow_html5 option to date and time FormType to disable HTML5 input type
[Form] added allow_html5 option to date and time FormType to disable HTML5 input type when widget is set to single_text
| Q | A
| --------------------- | ---
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #6927#7123
| License | MIT
| Doc PR |
With this little patch we can have a single text widget without HTML5 date input type which is required when using some javascript date or time picker .
Commits
-------
392d6c7 add allow_html5 option to date and time FormType to disable HTML5 date input when widget is set to single_text
* 2.5:
typo fixed in AbstractProcessTest (getoutput() => getOutput())
Avoid question mark and asterisk in folder names to prevent windows filesystem issues.
[Translation] [Config] Clear libxml errors after parsing XML file
check for the Validator if forms are enabled
Clear json_last_error
Fix JsonSerializable namespace
Catch exceptions to restore the error handler
[HttpFoundation] Silent only JSON errors
* 2.4:
typo fixed in AbstractProcessTest (getoutput() => getOutput())
Avoid question mark and asterisk in folder names to prevent windows filesystem issues.
[Translation] [Config] Clear libxml errors after parsing XML file
* 2.3:
typo fixed in AbstractProcessTest (getoutput() => getOutput())
Avoid question mark and asterisk in folder names to prevent windows filesystem issues.
[Translation] [Config] Clear libxml errors after parsing XML file
Conflicts:
src/Symfony/Component/Config/Util/XmlUtils.php
This PR was merged into the 2.3 branch.
Discussion
----------
[Finder][Urgent] Remove asterisk and question mark from folder name in test to prevent windows file system issues.
Bugfix: Yes
Fixed tickets: #11984 , #11985
Related tickets: #11970
Commit #11970 prevented Symphony from being checked out via windows due to invalid characters in a folder name within the tests.
The issue was reported in #11984 and was attempted to be fixed in #11985 but wasn't due to still including the question mark.
Please accept this ASAP as it entirely breaks any composer that relies on it.
Commits
-------
5fbb278 Avoid question mark and asterisk in folder names to prevent windows filesystem issues.
This PR was merged into the 2.3 branch.
Discussion
----------
[Translation] [Config] Clear libxml errors after parsing xliff file
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
If libxml_use_internal_errors is set to `true` before parsing xliff file, the libxml errors are not cleared correctly. An error `Validation failed: no DTD found !` occurs in libxml errors after parsing and it's available outside the xliff parser (can break other functionality that use `libxml_get_errors` function).
Commits
-------
fab61ef [Translation] [Config] Clear libxml errors after parsing XML file
A previous commit introduced a folder with a question mark and an asterisk which are invalid NTFS folder name characters and prevented checkout on those systems.
This PR was merged into the 2.6-dev branch.
Discussion
----------
[Filesystem] Check number of bytes copied.
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #10838
| License | MIT
| Doc PR | n/a
This only test local files (because of `filesize`), wonder if we should include the remote files using `get_headers` in order to get the Content-length for example. However, it will perform an additional request...
Here's a little benchmark for 500 copy from a remote origin file :
- Standard without check -> Time: 47.34 seconds, Memory: 3.75Mb
- Check with `get_headers` ->Time: 1.32 minutes, Memory: 3.75Mb
Commits
-------
81eca38 [Filesystem] Check number of bytes copied.
This PR was merged into the 2.6-dev branch.
Discussion
----------
[DependencyInjection] Added exception to avoid fatal during compile in a frozen dumped container
Q | A
------------- | ------------- | -----
Bug fix? | yes
New feature? | no
BC breaks? | no
Deprecations? | no
Tests pass? | yes
Fixed tickets | #10428
License | MIT
Doc PR | N/A
Commits
-------
2356eaa [DependencyInjection] Added exception to avoid fatal during compile in a frozen dumped container
* 2.5:
[2.3] Add missing development dependencies
Fix @return docs on HttpCache::restoreResponseBody()
[Finder] Escape location for regex searches
Make sure HttpCache is a trusted proxy
Conflicts:
src/Symfony/Component/Form/composer.json
* 2.4:
[2.3] Add missing development dependencies
Fix @return docs on HttpCache::restoreResponseBody()
[Finder] Escape location for regex searches
Make sure HttpCache is a trusted proxy
* 2.3:
[2.3] Add missing development dependencies
Fix @return docs on HttpCache::restoreResponseBody()
[Finder] Escape location for regex searches
Make sure HttpCache is a trusted proxy
Conflicts:
src/Symfony/Bridge/Doctrine/composer.json
src/Symfony/Bundle/FrameworkBundle/composer.json
src/Symfony/Bundle/SecurityBundle/composer.json
src/Symfony/Component/Form/composer.json
This PR was squashed before being merged into the 2.3 branch (closes#11340).
Discussion
----------
[2.3] Add missing development dependencies
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
I've also added a run of the test suite in every component scope.
Commits
-------
3b02af9 [2.3] Add missing development dependencies
This PR was squashed before being merged into the 2.6-dev branch (closes#11312).
Discussion
----------
Make assets:install smarter with symlinks
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | -
| Fixed tickets | #11297
| License | MIT
| Doc PR | -
Commits
-------
6537333 Make assets:install smarter with symlinks
This PR was merged into the 2.6-dev branch.
Discussion
----------
[Console] add overwrite flag to ProgressBar helper to allow non-decorated output
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | yes
| BC breaks? | yes, but not critical
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #11542, #10011
| License | MIT
| Doc PR | symfony/symfony-docs#4206
By default, the `ProgressBar` helper overwrites the output to give the nice progress bar look. To prevent the output from blowing up in non-decorated environments, the output was hidden in these environments (see #9846).
This PR enables using the `ProgressBar` in non-decorated environments by adding an `overwrite` flag. When `false`, instead of overwriting the bar, it is rendered on a new line. To prevent flooding the output, you can adjust the `redrawFrequency`.
By default, when using the `ProgressBar` in a non-decorated environment, the `overwrite` flag is set to false. If a `max` is set, the `redrawFrequency` is set to a sensible default (10% of the max). If a `max` isn't set, the bar is output for every advance so to prevent flooding, a sensible `redrawFrequency` should be manually set.
The only BC break is that output will now display where it didn't before.
Commits
-------
cdee6f6 add overwrite flag to allow non-decorated output
This PR was merged into the 2.3 branch.
Discussion
----------
[HttpKernel] Make sure HttpCache is a trusted proxy
| Q | A
| ------------- | ---
| Bug fix? | yes (of sorts)
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #9292
| License | MIT
| Doc PR | https://github.com/symfony/symfony-docs/pull/4239Fixes#9292 by adding `127.0.0.1` as a trusted proxy when using `HttpCache` (assuming it hasn't been already).
Commits
-------
ca65362 Make sure HttpCache is a trusted proxy
This PR was squashed before being merged into the 2.3 branch (closes#11970).
Discussion
----------
[Finder] Escape location for regex searches
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
If the location to start searching in contains a regex special char
like + or ? and the path restriction is a regular expresion with a start
limitation. No results will be found wtih at least GnuFindAdapter - e.g.:
```
use Symfony\Component\Finder\Finder;
use Symfony\Component\Finder\Adapter;
mkdir('/tmp/reg+ex/dir/subdir', 0777, true);
$finder = Finder::create()
->removeAdapters()
->addAdapter(new Adapter\GnuFindAdapter());
$finder->in('/tmp/reg+ex')->path('/^dir/');
print count($finder)."\n";
```
Expected result: 2
Actual result is: 0
This pull request consists of:
* a new test checking for this bug (0e81086a49425d0e12cff4f479fabeb97e9ed757)
* the actual fix (6595b6b2b71afc57ef08686b4584713c0e4e48ed)
* changes to comply with the coding standard (7f199c5b53b3c1f38b36dcc286d3b20ae877425b)
## How to reproduce
### Fastest way
1. Move or copy your local symfony clone into a location containing special regex chars:
* `mv symfony symfony+regex`
2. Run tests in there
* `cd symfony+regex && phpunit`
> Result: Some tests in the finder component will fail.
### Alternative: A new clone
1. Clone symfony in a directory containing at least one regex special char
* `git clone https://github.com/symfony/symfony.git /tmp/symfony+regexchar`
2. As usual get composer, install dependencies and get phpunit
* You might simply want to follow [this guide](http://symfony.com/doc/current/contributing/code/tests.html)
3. Run tests in there
* `cd /tmp/symfony+regexchar && phpunit`
> Result: Some tests in the finder component will fail.
### Alternative: Apply the new test
1. Apply commit a29d1207ced2949c918357cf271200523960caef to your symfony clone
2. Run tests
> Result: The new test will fail.
Commits
-------
b63926b [Finder] Escape location for regex searches
This PR was merged into the 2.3 branch.
Discussion
----------
[HttpFoundation] fixed some volatile tests
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | see #11588
| License | MIT
| Doc PR | n/a
Commits
-------
00c1b75 [Process] fixed some volatile tests
974bf01 [HttpKernel] fixed a volatile test
6020c43 [HttpFoundation] fixed some volatile tests
* 2.5:
[Debug] Restoring error handler before assertions
Unit test fixes
Fixed merge conflict in .travis.yml introduced in 687703a75e
Conflicts:
src/Symfony/Component/Debug/Tests/ErrorHandlerTest.php
* 2.5: (43 commits)
[Form] Fix PHPDoc for builder setData methods The underlying data variable is typed as mixed whereas the methods paramers where typed as array.
fixed CS
[Intl] Improved bundle reader implementations
[Console] guarded against invalid aliases
switch before_script to before_install and script to install
fixed typo
[HttpFoundation] Request - URI - comment improvements
[Validator] The ratio of the ImageValidator is rounded to two decimals now
[Security] Added more tests
remove `service` parameter type from XSD
[Intl] Added exception handler to command line scripts
[Intl] Fixed a few bugs in TextBundleWriter
[Intl] Updated icu.ini up to ICU 53
[Intl] Removed non-working $fallback argument from ArrayAccessibleResourceBundle
Use separated function to resolve command and related arguments
[SwiftmailerBridge] Bump allowed versions of swiftmailer
[FrameworkBundle] Remove invalid markup
[Intl] Added "internal" tag to all classes under Symfony\Component\Intl\ResourceBundle
Remove routes for removed WebProfiler actions
[Security] Fix usage of unexistent method in DoctrineAclCache.
...
Conflicts:
src/Symfony/Bundle/FrameworkBundle/Command/ServerRunCommand.php
src/Symfony/Component/HttpKernel/HttpCache/Esi.php
src/Symfony/Component/HttpKernel/Kernel.php
src/Symfony/Component/Translation/Tests/Dumper/XliffFileDumperTest.php
src/Symfony/Component/Yaml/Parser.php
src/Symfony/Component/Yaml/Tests/InlineTest.php
* 2.4: (39 commits)
[Form] Fix PHPDoc for builder setData methods The underlying data variable is typed as mixed whereas the methods paramers where typed as array.
fixed CS
[Intl] Improved bundle reader implementations
[Console] guarded against invalid aliases
switch before_script to before_install and script to install
fixed typo
[HttpFoundation] Request - URI - comment improvements
[Validator] The ratio of the ImageValidator is rounded to two decimals now
[Security] Added more tests
remove `service` parameter type from XSD
[Intl] Added exception handler to command line scripts
[Intl] Fixed a few bugs in TextBundleWriter
[Intl] Updated icu.ini up to ICU 53
[Intl] Removed non-working $fallback argument from ArrayAccessibleResourceBundle
Use separated function to resolve command and related arguments
[SwiftmailerBridge] Bump allowed versions of swiftmailer
[FrameworkBundle] Remove invalid markup
[Intl] Added "internal" tag to all classes under Symfony\Component\Intl\ResourceBundle
Remove routes for removed WebProfiler actions
[Security] Fix usage of unexistent method in DoctrineAclCache.
...
Conflicts:
.travis.yml
src/Symfony/Bundle/FrameworkBundle/Command/ServerRunCommand.php
src/Symfony/Component/HttpKernel/Kernel.php
src/Symfony/Component/Process/PhpExecutableFinder.php
* 2.3: (35 commits)
[Form] Fix PHPDoc for builder setData methods The underlying data variable is typed as mixed whereas the methods paramers where typed as array.
fixed CS
[Intl] Improved bundle reader implementations
[Console] guarded against invalid aliases
switch before_script to before_install and script to install
fixed typo
[HttpFoundation] Request - URI - comment improvements
[Security] Added more tests
remove `service` parameter type from XSD
[Intl] Added exception handler to command line scripts
[Intl] Fixed a few bugs in TextBundleWriter
[Intl] Updated icu.ini up to ICU 53
[Intl] Removed non-working $fallback argument from ArrayAccessibleResourceBundle
Use separated function to resolve command and related arguments
[SwiftmailerBridge] Bump allowed versions of swiftmailer
[FrameworkBundle] Remove invalid markup
[Intl] Added "internal" tag to all classes under Symfony\Component\Intl\ResourceBundle
Remove routes for removed WebProfiler actions
[Security] Fix usage of unexistent method in DoctrineAclCache.
backport more error information from 2.6 to 2.3
...
Conflicts:
.travis.yml
src/Symfony/Component/DependencyInjection/Loader/YamlFileLoader.php
src/Symfony/Component/DependencyInjection/Tests/Loader/XmlFileLoaderTest.php
src/Symfony/Component/HttpKernel/Kernel.php
src/Symfony/Component/Process/PhpExecutableFinder.php
This PR was merged into the 2.3 branch.
Discussion
----------
[Security] Uniform AccessDecisionManager decide behaviour
| Q | A
| --------------------|---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #10170
| License | MIT
| Doc PR | none
This PR uniforms the way the 3 decision policies (affirmative, consensus, unanimous) are handled in the Security\Core\Authoritzation\AccessDecisionManager.php
See #10170
Commits
-------
938ae4b [Security] Added more tests
This PR was merged into the 2.3 branch.
Discussion
----------
[Translation] made XliffFileDumper support CDATA sections.
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | maybe
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #11256
| License | MIT
Commits
-------
9926845 [Translation] made XliffFileDumper support CDATA sections.
This PR was merged into the 2.3 branch.
Discussion
----------
[Intl] Improved bundle reader implementations
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
This PR extracts bundle reader improvements from #9206.
The code is internal and used for resource bundle generation only, so I did not care about BC too much.
Commits
-------
c3cce5c [Intl] Improved bundle reader implementations
This PR was merged into the 2.3 branch.
Discussion
----------
[YAML] fix handling of empty sequence items
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #11798
| License | MIT
| Doc PR |
When a line contains only a dash it cannot safely be assumed that it contains a nested list or an embedded mapping. If the next line starts with a dash at the same indentation, the current line's item is to be treated as `null`.
Commits
-------
fc85435 fix handling of empty sequence items
This PR was merged into the 2.3 branch.
Discussion
----------
[Intl] Fixed a few bugs in TextBundleWriter
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
See the included test cases for more information. This code was extracted from #9206.
Commits
-------
7b4a35a [Intl] Fixed a few bugs in TextBundleWriter
This PR was merged into the 2.3 branch.
Discussion
----------
[Form][Validator] All index items after children are to be considered grand-children when resolving ViolationPath
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | unsure, see note below
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #11458
| License | MIT
| Doc PR | -
#### Possible BC Break
The old behavior had unit test cases specifically testing the case of a grand-children form. However, this behavior is not documented anywhere and the fix seems to have no adverse effects on form validation. `Symfony\Component\Form\FormInterface` implements `ArrayAccess`, therefore, semantically speaking, `children[direct_child].children[grand_children]` and `children[direct_child][grand_children]` are equivalent. `offsetGet` is expected to fetch an element from `children`. I do not see why both were not considered equivalent when resolving the ViolationPath.
This commit will indeed change how some errors are mapped. However since the old mapping is (in my opinion) a bug...
Commits
-------
c64a75f [Form][Validator] All index items after children are to be considered grand-children when resolving ViolationPath (fixes#11458)
This PR was merged into the 2.3 branch.
Discussion
----------
[Form] FormBuilder::getIterator() now deals with resolved children
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
I think FormBuilder::getIterator() should resolve children before makes an iterator because it seems to be used in same purpose with FormBuilder::all().
What do you think?
Commits
-------
0deb505 [Form] FormBuilder::getIterator() now deals with resolved children
This PR was squashed before being merged into the 2.6-dev branch (closes#11917).
Discussion
----------
[Validator] Add ClassMetadata plural methods for convinience
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #4143
| License | MIT
| Doc PR | -
I realised there's no specific place to document this methods, as the code examples always include all the formats. I think it's enough if IDE autocompletes these methods.
Commits
-------
0fd6769 [Validator] Add ClassMetadata plural methods for convinience
This PR was merged into the 2.3 branch.
Discussion
----------
[DependencyInjection] remove `service` parameter type from XSD
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR | symfony/symfony-docs#4222
Referencing a service in a parameter doesn't work and will lead to an error when the configuration is loaded (see symfony/symfony-docs#4211).
Commits
-------
7333c2d remove `service` parameter type from XSD
This PR was merged into the 2.3 branch.
Discussion
----------
[Intl] Updated icu.ini up to ICU 53
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
Extracted from #9206.
Commits
-------
260e2fe [Intl] Updated icu.ini up to ICU 53
This PR was merged into the 2.3 branch.
Discussion
----------
[Intl] Removed non-working $fallback argument from ArrayAccessibleResourceBundle
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
The code in question didn't actually work. This was extracted from #9206.
Commits
-------
5feda5e [Intl] Removed non-working $fallback argument from ArrayAccessibleResourceBundle
This PR was merged into the 2.3 branch.
Discussion
----------
[Security] Use hash_equals for constant-time string comparison (again)
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
Use the `hash_equals` function (introduced in PHP 5.6) for timing attack safe string comparison when available.
Add in the DocBlock that length will leak (https://github.com/symfony/symfony/pull/11797#issuecomment-53990712).
Commits
-------
3071557 [Security] Add more tests for StringUtils::equals
03bd74b [Security] Use hash_equals for constant-time string comparison
This PR was merged into the 2.3 branch.
Discussion
----------
[DI] Added safeguards against invalid config in the YamlFileLoader
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #11333
| License | MIT
| Doc PR | n/a
Exceptions explaining the mistake are better than fatal errors or weird notices appearing when trying to deal with such invalid data.
The XML file loader is not affected by this because the data are validated with the XSD before being processed
Commits
-------
5183501 [DI] Added safeguards against invalid config in the YamlFileLoader
We didn't have this tag yet when this component was first written. The code in that
namespace is only used for resource bundle generation and was never meant for public
use.
Fixed phpdoc
Aligned variables and description
Removed enableCache and added cache setup in constructor
Added tests for locales with . and @ with caching
This PR was merged into the 2.5 branch.
Discussion
----------
[Process] add missing exceptions to docblock
| Q | A
| ------------- | ---
| Fixed tickets |
| License | MIT
Commits
-------
1be80c6 add missing exceptions to docblock
This PR was merged into the 2.6-dev branch.
Discussion
----------
[HttpKernel] Escape SSI virtual in generated response
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR | NA
If a template with an `<!--#inlude -->` tag is configured with an "virtual" containing a `'` ; the HttpCache will generate invalide php code.
See #11845 for the same issue on `<esi>` tags
Commits
-------
b50a434 Fix CS
1862427 Escape SSI virtual in generated response
This PR was merged into the 2.3 branch.
Discussion
----------
[HttpKernel] Escape ESI url in generated response
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR | NA
If a template with an `<esi>` tag is configured with an URL containing a `'` (in `src` or `alt`) ; the HttpCache will generate invalide php code.
It's not a security issue, given the template and the `<esi>` tag is written by the developper, but, as the character quote is allowed in URL (https://tools.ietf.org/html/rfc3986) it coud be a potential bug.
Commits
-------
b044c45 Escape parameter on generated response
This PR was merged into the 2.3 branch.
Discussion
----------
[Yaml] improve error message when detecting unquoted asterisks
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #11835
| License | MIT
| Doc PR |
Asterisks in unquoted strings are used in YAML to reference variables. Before Symfony 2.3.19, Symfony 2.4.9 and Symfony 2.5.4, unquoted asterisks in inlined YAML code were treated as regular strings. This was fixed for the inline parser in #11677. However, an unquoted * character now led to an error message like this:
```
PHP Warning: array_key_exists(): The first argument should be either a string or an integer in vendor/symfony/symfony/src/Symfony/Component/Yaml/Inline.php on line 409
[Symfony\Component\Yaml\Exception\ParseException]
Reference "" does not exist at line 171 (near "- { foo: * }").
```
Commits
-------
854e07b improve error when detecting unquoted asterisks
Asterisks in unquoted strings are used in YAML to reference
variables. Before Symfony 2.3.19, Symfony 2.4.9 and Symfony 2.5.4,
unquoted asterisks in inlined YAML code were treated as regular
strings. This was fixed for the inline parser in #11677. However, an
unquoted * character now led to an error message like this:
```
PHP Warning: array_key_exists(): The first argument should be either a string or an integer in vendor/symfony/symfony/src/Symfony/Component/Yaml/Inline.php on line 409
[Symfony\Component\Yaml\Exception\ParseException]
Reference "" does not exist at line 171 (near "- { foo: * }").
```
* 2.5: (23 commits)
[HttpKernel] fixed some unit tests for 2.4 (signature now uses SHA256 instead of MD5)
[HttpKernel] simplified code
[HttpKernel] fixed internal fragment handling
fixing yaml indentation
Unexpexted ));"
[WebProfiler] replaced the import/export feature from the web interface to a CLI tool
Forced all fragment uris to be signed, even for ESI
Add tests and more assertions
[FrameworkBundle][Translator] Validate locales.
[HttpFoundation] added some missing tests
[HttpFoundation] Improve string values in test codes
[Security] Add more tests for StringUtils::equals
fix comment: not fourth but sixth argument
fixing typo in a comment
[FrameworkBundle] fixed CS
[FrameworkBundle] PhpExtractor bugfix and improvements
[Finder] Fix findertest readability
[Filesystem] Add FTP stream wrapper context option to enable overwrite (override)
fix parsing of Authorization header
Test examples from Drupal SA-CORE-2014-003
...
Conflicts:
src/Symfony/Bundle/WebProfilerBundle/Resources/views/Profiler/admin.html.twig
src/Symfony/Component/Filesystem/Filesystem.php
src/Symfony/Component/HttpKernel/Fragment/EsiFragmentRenderer.php
* 2.4: (21 commits)
[HttpKernel] fixed some unit tests for 2.4 (signature now uses SHA256 instead of MD5)
[HttpKernel] simplified code
[HttpKernel] fixed internal fragment handling
fixing yaml indentation
[WebProfiler] replaced the import/export feature from the web interface to a CLI tool
Forced all fragment uris to be signed, even for ESI
Add tests and more assertions
[FrameworkBundle][Translator] Validate locales.
[HttpFoundation] added some missing tests
[HttpFoundation] Improve string values in test codes
[Security] Add more tests for StringUtils::equals
fix comment: not fourth but sixth argument
fixing typo in a comment
[FrameworkBundle] fixed CS
[FrameworkBundle] PhpExtractor bugfix and improvements
[Finder] Fix findertest readability
[Filesystem] Add FTP stream wrapper context option to enable overwrite (override)
fix parsing of Authorization header
Test examples from Drupal SA-CORE-2014-003
Fix potential DoS when parsing HOST
...
Conflicts:
src/Symfony/Bundle/FrameworkBundle/Tests/Translation/TranslatorTest.php
src/Symfony/Bundle/FrameworkBundle/Translation/Translator.php
* 2.3:
[HttpKernel] fixed internal fragment handling
fixing yaml indentation
[WebProfiler] replaced the import/export feature from the web interface to a CLI tool
Forced all fragment uris to be signed, even for ESI
Add tests and more assertions
[FrameworkBundle][Translator] Validate locales.
[HttpFoundation] added some missing tests
[HttpFoundation] Improve string values in test codes
fix comment: not fourth but sixth argument
fixing typo in a comment
[FrameworkBundle] fixed CS
[FrameworkBundle] PhpExtractor bugfix and improvements
[Finder] Fix findertest readability
[Filesystem] Add FTP stream wrapper context option to enable overwrite (override)
fix parsing of Authorization header
Test examples from Drupal SA-CORE-2014-003
Fix potential DoS when parsing HOST
Made optimization deprecating modulus operator
Conflicts:
src/Symfony/Bundle/FrameworkBundle/Resources/config/esi.xml
src/Symfony/Component/HttpFoundation/Request.php
src/Symfony/Component/HttpFoundation/Tests/RequestTest.php
src/Symfony/Component/HttpKernel/Fragment/EsiFragmentRenderer.php
This PR was merged into the 2.3 branch.
Discussion
----------
n/a
n/a
Commits
-------
9e1bc22 Add tests and more assertions
101a3b7 [FrameworkBundle][Translator] Validate locales.
This PR was merged into the 2.3 branch.
Discussion
----------
n/a
n/a
Commits
-------
3b4046e [HttpFoundation] added some missing tests
cefe237 fix parsing of Authorization header
This PR was merged into the 2.3 branch.
Discussion
----------
n/a
n/a
Commits
-------
1ee96a8 Test examples from Drupal SA-CORE-2014-003
5506ee8 Fix potential DoS when parsing HOST
This PR was merged into the 2.4 branch.
Discussion
----------
[Security] Add more tests for StringUtils::equals
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
More tests for `StringUtils::equals`.
Commits
-------
a676863 [Security] Add more tests for StringUtils::equals
This PR was merged into the 2.3 branch.
Discussion
----------
[Security] fixing typo in a comment
| Q | A
| ------------- | ---
| Fixed tickets |
| License | MIT
As reported [here](https://github.com/symfony/symfony/pull/11574/files#r16934052).
Commits
-------
faefd66 fixing typo in a comment
This PR was merged into the 2.6-dev branch.
Discussion
----------
[Console] Skip commands from ConsoleCommandEvent
Use case: We have different variations of the same application, for which
only certain commands are allowed. Right now this is done in a custom
Application class, but it would be much easier to just be able to skip
commands from a listener, where you can disable commands via the Event
object.
This patch provides this feature and corresponding test cases.
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes - for Console tests
| Fixed tickets | None
| License | MIT
| Doc PR | symfony/symfony-docs#4058
Commits
-------
acb1ae6 [Console] Skip commands from ConsoleCommandEvent
This PR was merged into the 2.6-dev branch.
Discussion
----------
[OptionsResolver] Changed order of validation
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | yes
| BC breaks? | no (I don't think it causes breaks)
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR | -
It's both a new feature and bug fix actually... I let @fabpot decide on this one.
<s>@sstok can you please confirm if this fixes#4500 ? I couldn't fully follow
that ticket and then I discovered this error. If not, can you please add more
information to your ticket about the problems?</s>
Commits
-------
a4f208b Changed order of validation
This PR was merged into the 2.3 branch.
Discussion
----------
[Security] Made optimization on constant-time algorithm removing modulus operator
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
This fix improves the constant-time algorithm used to compare strings, as it removes the `%` operator inside the loop.
Commits
-------
000bd0d Made optimization deprecating modulus operator
This PR was merged into the 2.6-dev branch.
Discussion
----------
[Validator] deprecate member metadata accessors
| Q | A
| ------------- | ---
| Bug fix? | sort of
| New feature? | no
| BC breaks? | no
| Deprecations? | yes
| Tests pass? | yes
| Fixed tickets | https://github.com/symfony/symfony/pull/11614/files#r16385109
| License | MIT
| Doc PR |
deprecate member metadata accessors in favor of existing property metadata accessors
Commits
-------
14d3f97 [Validator] add getConstraints to MetadataInterface
04eb61b [Validator] deprecate member metadata accessors in favor of existing property metadata accessors
This PR was merged into the 2.6-dev branch.
Discussion
----------
[Validator] Expression validator now processes null values
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | yes(minor)
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
The ExpressionValidator was incorrectly skipping validation of null or empty string values.
For example the following was (incorrectly) considered valid if hairColour is null because the validator was skipped
```php
<?php
namespace Acme\DemoBundle\Model\Person;
use Symfony\Component\Validator\Constraints as Assert;
class Person
{
private $hasHair;
/**
* @Assert\Expression(
* "!(this.hasHair() and value == null)",
* message="If you have hair you must pick its colour!"
* )
*/
private $hairColour;
}
```
This is a follow on from #11590 but is targeted against master as the BC break introduced was considered undesirable for currently released versions of symfony.
I will squash and create a documentation PR once there is consensus that this is ready to be merged.
Commits
-------
580e1a7 [Validator] fixed: Expressions always valid for null values
This PR was merged into the 2.5 branch.
Discussion
----------
[Validator] Test that validateProperty() works if no constraint is defined
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes (2.3 has to be merged into 2.5 first)
| Fixed tickets | #11604, #11614
| License | MIT
| Doc PR |
Adds a test case for #11604 to avoid regressions. The actual issue has been fixed in Symfony 2.3 with the merge of #11615.
Commits
-------
a47a884 add test for #11604
This PR was merged into the 2.6-dev branch.
Discussion
----------
[DX] Removed strict alias name check
Symfony allows to change the DI alias by overriding `Extension#getAlias()`, but it does throw an exception when it is anything else than the default. That doesn't sound nice and it makes it harder to change the alias. This can result in problems when the bundle is called WouterJEloquentBundle for instance (which has a default alias of `wouter_j_eloquent_bundle`, where I want it to be `wouterj_eloquent_bundle`).
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
Commits
-------
69d71c1 Made the exception message nicer
* 2.5:
fix typos
[HttpKernel] add use statement for phpdoc
fixed DateComparator if file does not exist
Disabled the PHPUnit self-update on Travis
fix mustRun() in sigchild environments
[ClassLoader] simplified phpdoc
[ClassLoader] Add a __call() method to XcacheClassLoader
fix some minor typos in tests
[Yaml] fixed mapping keys containing a quoted #
Added fixture to test parsing of hash keys ending with a space and #
[Validator] Pass strict argument into the strict email validator
[Filesystem Component] mkdir race condition fix#11626
[Validator] reverted permissions change on translation files
Fixed Factory services not within the ServiceReferenceGraph.
[CssSelector] Fix URL to SimonSapin/cssselect repo
[Validator] Fixed wrong translation keys/messages for Collection constraint. The error messages for a missing field and an unexpected field did not match the Contraint class
Remove hard dependency of RequestContext in AssetsExtension
added useful reminder about form.vars.errors into UPGRADE-2.5 notes
[YAML] resolve variables in inlined YAML
Disallow abstract definitions from doctrine event listener registration
Conflicts:
src/Symfony/Component/Yaml/Inline.php
src/Symfony/Component/Yaml/Parser.php
src/Symfony/Component/Yaml/Tests/InlineTest.php
* 2.4:
fix typos
[HttpKernel] add use statement for phpdoc
Disabled the PHPUnit self-update on Travis
[ClassLoader] simplified phpdoc
[ClassLoader] Add a __call() method to XcacheClassLoader
fix some minor typos in tests
[Yaml] fixed mapping keys containing a quoted #
Added fixture to test parsing of hash keys ending with a space and #
[Filesystem Component] mkdir race condition fix#11626
[Validator] reverted permissions change on translation files
Fixed Factory services not within the ServiceReferenceGraph.
[CssSelector] Fix URL to SimonSapin/cssselect repo
[Validator] Fixed wrong translation keys/messages for Collection constraint. The error messages for a missing field and an unexpected field did not match the Contraint class
[YAML] resolve variables in inlined YAML
Disallow abstract definitions from doctrine event listener registration
Conflicts:
src/Symfony/Component/Process/Tests/SigchildDisabledProcessTest.php
src/Symfony/Component/Yaml/Inline.php
* 2.3:
[HttpKernel] add use statement for phpdoc
Disabled the PHPUnit self-update on Travis
[ClassLoader] simplified phpdoc
[ClassLoader] Add a __call() method to XcacheClassLoader
fix some minor typos in tests
[Yaml] fixed mapping keys containing a quoted #
Added fixture to test parsing of hash keys ending with a space and #
[Filesystem Component] mkdir race condition fix#11626
[Validator] reverted permissions change on translation files
Fixed Factory services not within the ServiceReferenceGraph.
[CssSelector] Fix URL to SimonSapin/cssselect repo
[Validator] Fixed wrong translation keys/messages for Collection constraint. The error messages for a missing field and an unexpected field did not match the Contraint class
[YAML] resolve variables in inlined YAML
Disallow abstract definitions from doctrine event listener registration
Conflicts:
src/Symfony/Bridge/Doctrine/DependencyInjection/CompilerPass/RegisterEventListenersAndSubscribersPass.php
src/Symfony/Bridge/Doctrine/Tests/DependencyInjection/CompilerPass/RegisterEventListenersAndSubscribersPassTest.php
src/Symfony/Bundle/FrameworkBundle/EventListener/SessionListener.php
src/Symfony/Component/Filesystem/Filesystem.php
This PR was merged into the 2.5 branch.
Discussion
----------
[Process] fix mustRun() in sigchild environments
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
When being run in sigchild environments, the sigchild compatibility mode needs to be enabled to be able to call `getExitCode()`. Since `mustRun()` uses `getExitCode()` to determine whether or not a process terminated successfully, it cannot be used in sigchild environments when the sigchild compatibility mode is disabled.
Commits
-------
b764f6c fix mustRun() in sigchild environments
This PR was squashed before being merged into the 2.6-dev branch (closes#11769).
Discussion
----------
[HttpKernel] Change exception message in case no controller found
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #11754
| License | MIT
| Doc PR | n/a
Change the NotFoundHttpException message.
Commits
-------
b0a839c [HttpKernel] Change exception message in case no controller found
