This PR was merged into the 4.4 branch.
Discussion
----------
[ErrorHandler] Rework fatal errors
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | https://github.com/symfony/symfony/issues/32605
| License | MIT
| Doc PR | -
Built on top of https://github.com/symfony/symfony/pull/33038 so review only the second commit : d5c3f7ed48
The goals of this PR is to replace current "fatal error handlers" with "error enhancers" since all our current fatal error handlers works on \Error since PHP7.
That means we won't use the FatalErrorException anymore, so we will be able to remove it (once we don't need it in the rest of the codebase).
The final goal btw is to handle \Throwable everywhere in the code so we can remove FatalThrowableError & FatalErrorException classes.
Commits
-------
aaa0cdf523 [ErrorHandler] Rework fatal error handlers
* 4.3:
[Cache] clean tags folder on invalidation
[Cache] remove implicit dependency on symfony/filesystem
Allow to set cookie_samesite to 'none'
[VarDumper] fix array key error for class SymfonyCaster
Adds missing translations for no nb
[HttpKernel] fix $dotenvVars in data collector
Add the missing translations for the Swedish ("sv") locale
bumped Symfony version to 4.3.6
updated VERSION for 4.3.5
updated CHANGELOG for 4.3.5
bumped Symfony version to 3.4.33
updated VERSION for 3.4.32
update CONTRIBUTORS for 3.4.32
updated CHANGELOG for 3.4.32
[Messenger] DoctrineTransport: ensure auto setup is only done once
[Form][DateTimeImmutableToDateTimeTransformer] Preserve microseconds and use \DateTime::createFromImmutable() when available
[Crawler] document $default as string|null
This PR was squashed before being merged into the 4.4 branch (closes#33770).
Discussion
----------
Add types to constructors and private/final/internal methods (Batch III)
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| Tickets | #32179, #33228
| License | MIT
| Doc PR | N/A
Followup to #33709, this time with:
* Validator
* VarDumper
* Workflow
* Yaml
* all bridges
* all bundles
That should be the final batch. 😃
Commits
-------
6493902287 Add types to constructors and private/final/internal methods (Batch III)
* 4.3:
[Intl] Update the ICU data to 65.1 (4.3 branch)
Replace deprecated calls in tests
[Intl] Update the ICU data to 65.1
Delete 5_Security_issue.md
[DI] Whitelist validator.auto_mapper in UnusedTagsPass
[HttpClient] Fixed#33832 NO_PROXY option ignored in NativeHttpClient::request() method
[Cache] give 100ms before starting the expiration countdown
[Cache] fix logger usage in CacheTrait::doGet()
[VarDumper] fix dumping uninitialized SplFileInfo
Added missing translations.
Fixed invalid changelog 4.0.0 for VarDumper
Fixed invalid VarDumper upgrade doc.
[HttpFoundation] Check if data passed to SessionBagProxy::initialize is an array
Don't let falsey usernames slip through
- added deprecation message for non-int return value in Command::execute()
- fixed all core commands to return proper int values
- added proper return type-hint to Command::execute() method in all core Commands
This prevents to exclude the RedirectController from the warmed annotation cache which would lead to warnings when trying to use the warmed cache on read only file systems
See #29357
* 4.3:
Sync Twig templateExists behaviors
Fix the :only-of-type pseudo class selector
[Serializer] Add CsvEncoder tests for PHP 7.4
Copy phpunit.xsd to a predictable path
[Security/Http] fix parsing X509 emailAddress
[Serializer] fix denormalization of string-arrays with only one element #33731
[Cache] fix known tag versions ttl check
* 3.4:
Sync Twig templateExists behaviors
Fix the :only-of-type pseudo class selector
[Serializer] Add CsvEncoder tests for PHP 7.4
Copy phpunit.xsd to a predictable path
[Security/Http] fix parsing X509 emailAddress
[Serializer] fix denormalization of string-arrays with only one element #33731
[Cache] fix known tag versions ttl check
This PR was merged into the 4.4 branch.
Discussion
----------
[DX][Messenger] Improve error message when routing to an invalid transport
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #31613
| License | MIT
| Doc PR | -
Commits
-------
7909092891 [Messenger] Improve error message when routing to an invalid transport (closes#31613)
This PR was merged into the 4.4 branch.
Discussion
----------
[Security] add "anonymous: lazy" mode to firewalls
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | no
| New feature? | yes
| Deprecations? | no
| Tickets | Fixes#26769 et al.
| License | MIT
| Doc PR | -
Contains #33663 until it is merged.
This PR allows defining a firewall as such:
```yaml
security:
firewalls:
main:
anonymous: lazy
```
This means that the corresponding area should not start the session / load the user unless the application actively gets access to it. On pages that don't fetch the user at all, this means the session is not started, which means the corresponding token neither is. Lazily, when the user is accessed, e.g. via a call to `is_granted()`, the user is loaded, starting the session if needed.
See #27817 for previous explanations on the topic also.
Note that thanks to the logic in #33633, this PR doesn't have the drawback spotted in #27817: here, the profiler works as expected.
Recipe update pending at https://github.com/symfony/recipes/pull/649
Commits
-------
5cd1d7b4cc [Security] add "anonymous: lazy" mode to firewalls
* 4.3:
[Form][Validator][Intl] Fix tests
[Messenger] return empty envelopes when RetryableException occurs
[Validator] Accept underscores in the URL validator as the URL will resolve correctly
[Translation] Collect original locale in case of fallback translation
Fix toolbar load when GET params are present in "_wdt" route
* 3.4:
[Form][Validator][Intl] Fix tests
[Validator] Accept underscores in the URL validator as the URL will resolve correctly
[Translation] Collect original locale in case of fallback translation
Fix toolbar load when GET params are present in "_wdt" route
This PR was merged into the 4.4 branch.
Discussion
----------
[ErrorHandler] Forward \Throwable
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | https://github.com/symfony/symfony/issues/32605
| License | MIT
| Doc PR | -
The goal of this PR is that `ErrorHandler::handleException()` handles `\Throwable` directly and forwards it without altering it.
Commits
-------
62483ed305 [ErrorHandler] Forward \Throwable
This PR was merged into the 3.4 branch.
Discussion
----------
Fix toolbar load when GET params are present in "_wdt" route
When using a custom router that inject GET parameters, eg:
```
# services.yaml
parameters:
# Replace default url generator service
router.options.generator_base_class: Combodo\iTop\Portal\Routing\UrlGenerator
```
The path generated by the toolbar JS is HTML entity encoded which breaks the JS call (`&` becomes `&`).
| Q | A
| ------------- | ---
| Branch? | 4.4 for features / 3.4, 4.2 or 4.3 for bug fixes <!-- see below -->
| Bug fix? | yes
| New feature? | no <!-- please update src/**/CHANGELOG.md files -->
| BC breaks? | no <!-- see https://symfony.com/bc -->
| Deprecations? | no <!-- please update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| Tests pass? | yes <!-- please add some, will be required by reviewers -->
| Fixed tickets | #... <!-- #-prefixed issue number(s), if any -->
| License | MIT
| Doc PR | symfony/symfony-docs#... <!-- required for new features -->
<!--
Replace this notice by a short README for your feature/bugfix. This will help people
understand your PR and can be used as a start for the documentation.
Additionally (see https://symfony.com/roadmap):
- Bug fixes must be submitted against the lowest maintained branch where they apply
(lowest branches are regularly merged to upper ones so they get the fixes too).
- Features and deprecations must be submitted against branch 4.4.
- Legacy code removals go to the master branch.
-->
Commits
-------
5309e64949 Fix toolbar load when GET params are present in "_wdt" route
This PR was squashed before being merged into the 3.4 branch (closes#32925).
Discussion
----------
[Translation] Collect original locale in case of fallback translation
Before, it collected the fallback locale that was used to translate a key. But this information is confusing, as it does not reveal which translation key is missing in the requested language.
So I'd like to propose to track the "requested" locale instead, so that the Symfony profiler gives me the information in which locale the key is missing instead of which locale was used as a fallback.
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| BC breaks? | yes?
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
In principle, this change is a BC break, but imho also a bug. It's really confusing when the Profiler tells you that it uses a translation fallback for an ID and locale that is actually translated. Took some debugging so recognize that this fallback came from another locale. If you think it's better to target 5.0, I'll update the PR.
Commits
-------
5564e149cb [Translation] Collect original locale in case of fallback translation
* 4.3:
[FrameworkBundle] Fix framework bundle lock configuration not working as expected
[Validator] Add the missing translations for the Azerbaijani locale
[HttpClient] workaround bad Content-Length sent by old libcurl
[Cache] dont override native Memcached options
Fix CS
Fix exceptions (PDOException) error code type
Fix return type of Process::restart().
[Cache] fail gracefully when locking is not supported
[HttpClient] fix race condition when reading response with informational status
Names for buttons should start with lowercase
* 3.4:
[FrameworkBundle] Fix framework bundle lock configuration not working as expected
[Validator] Add the missing translations for the Azerbaijani locale
[Cache] dont override native Memcached options
Fix return type of Process::restart().
This PR was squashed before being merged into the 3.4 branch (closes#31198).
Discussion
----------
[FrameworkBundle] Fix framework bundle lock configuration not working as expected
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #31197
| License | MIT
| Doc PR | https://github.com/symfony/symfony-docs/pull/11465 & https://github.com/symfony/symfony-docs/pull/11466
This fixes#31197 and makes the lock configuration work with installations that are not full stack ones and configurations that use xml files.
Commits
-------
c7af2df340 [FrameworkBundle] Fix framework bundle lock configuration not working as expected
This PR was merged into the 4.4 branch.
Discussion
----------
[FrameworkBundle] Sort tagged services
| Q | A
| ------------- | ---
| Branch? | 4.4 <!-- see below -->
| Bug fix? | no
| New feature? | yes <!-- please update src/**/CHANGELOG.md files -->
| BC breaks? | no <!-- see https://symfony.com/bc -->
| Deprecations? | no <!-- please update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| Tests pass? | yes <!-- please add some, will be required by reviewers -->
| Fixed tickets | https://github.com/symfony/symfony/issues/32439 <!-- #-prefixed issue number(s), if any -->
| License | MIT
| Doc PR | -
Hi
This PR it's to improve DX when `debug:container` command is use with tag argument by sorting them by priority (More details in linked issue).
Currently they are sort by alphabetical order.
Commits
-------
54cef2a3a3 [FrameworkBundle] Sort tagged service by priority
This PR was merged into the 4.4 branch.
Discussion
----------
[Security] Make stateful firewalls turn responses private only when needed
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #26769 *et al.*
| License | MIT
| Doc PR | -
Replaces #28089
By taking over session usage tracking and replacing it with token usage tracking, we can prevent responses that don't actually use the token from turning responses private without changing anything to the lifecycle of security listeners. This makes the behavior much more seamless, allowing to still log the user with the monolog processor, and display it in the profiler toolbar.
This works by using two separate token storage services:
- `security.token_storage` now tracks access to the token and increments the session usage tracker when needed. This is the service that is injected in userland.
- `security.untracked_token_storage` is a raw token storage that just stores the token and is disconnected from the session. This service is injected in places where reading the session doesn't impact the generated output in any way (as e.g. in Monolog processors, etc.)
Commits
-------
20df3a125c [Security] Make stateful firewalls turn responses private only when needed
* 3.4:
Re-enable previously failing PHP 7.4 test cases
Revert "bug #33618 fix tests depending on other components' tests (xabbuh)"
install from source to include components tests
* 4.3:
ensure compatibility with type resolver 0.5
Call AssertEquals with proper parameters
[Twig] Fix Twig config extra keys
fix tests depending on other components' tests
* 3.4:
ensure compatibility with type resolver 0.5
Call AssertEquals with proper parameters
[Twig] Fix Twig config extra keys
fix tests depending on other components' tests
This PR was merged into the 4.4 branch.
Discussion
----------
[Twig] Add NotificationEmail
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | no
| New feature? | yes
| Deprecations? | no
| Tickets | n/a
| License | MIT
| Doc PR | -
This PR is an extract of the new Notifier component. It's a default template to send standardized emails with the Mailer component, which can be used independently of the Notifier component.
Such emails look like the following:
<img width="618" alt="image" src="https://user-images.githubusercontent.com/47313/65018883-694cb780-d92a-11e9-940a-875ea68f9e5d.png">
More info on SpeakerDeck (be warned that names have change since my presentation): https://speakerdeck.com/fabpot/symfony-notifier?slide=7
It requires Twig 1.12 which should be released later this week.
Usage example:
```php
$email = (new NotificationEmail())
->from('fabien@example.com')
->to('fabien@example.org')
->subject('My first notification email via Symfony')
->markdown(<<<EOF
There is a **problem** on your website, you should investigate it right now.
Or just wait, the problem might solves itself automatically, we never know.
EOF
)
->action('More info?', 'https://example.com/')
->importance('high')
//->exception(new \LogicException('That does not work at all...'))
;
```
Instead of `markdown()`, you can also use `content()` for simple emails.
Note that you can use Inky tags in the content:
```php
$email = (new NotificationEmail())
->from('fabien@example.com')
->to('fabien@example.org')
->subject('My first notification email via Symfony')
->markdown(<<<EOF
There is a **problem** on your website, you should investigate it right now.
Or just wait, the problem might solves itself automatically, we never know.
Some Title
==========
<center>
<button href="https://example.com/">Go?</button>
</center>
EOF
);
```
There is also the concept of a theme. By default, it uses the `default` theme, which is an alias for the `zurb_2` theme.
You can use `setTheme()` to override the theme for a given instance, or override the themes globally via the following config in `twig.yaml`:
```yaml
twig:
paths:
templates/email: email
```
Then, create `templates/email/default/notification/body.html.twig` and `templates/email/default/notification/body.txt.twig`. Extends the existing template via `{% extends "@!email/default/notification/body.html.twig" %}` (note the `!`).
Commits
-------
f6c6cf7dc9 [Twig] Add NotificationEmail
This PR was merged into the 3.4 branch.
Discussion
----------
fix tests depending on other components' tests
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| Tickets |
| License | MIT
| Doc PR |
Commits
-------
cd2f3a6056 fix tests depending on other components' tests
This PR was merged into the 4.4 branch.
Discussion
----------
Fix lint commands frozen on empty stdin
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
Running e.g. `lint:yaml -` with no piped content makes the command hangs currently, this makes it fail instead. Also fixes the command help which we forgot to update
Commits
-------
b60e0c1454 Fix lint commands frozen on empty stdin
* 4.3:
[Twig] Remove dead code
Add gitignore file for Symfony 4.3
Add gitignore file for Symfony 3.4
[Inflector] Add .gitignore file
[Messenger] Fix exception message of failed message is dropped on retry
Add default value for Accept header
[HttpClient] Add .gitignore file
[Finder] Adjust regex to correctly match comments in gitignore contents
[Security] Removed unused argument in Test
[Console] Get dimensions from stty on windows if possible
[Inflector] add support 'see' to 'ee' for singularize 'fees' to 'fee'
* 3.4:
[Twig] Remove dead code
Add gitignore file for Symfony 3.4
[Inflector] Add .gitignore file
[Security] Removed unused argument in Test
[Console] Get dimensions from stty on windows if possible
[Inflector] add support 'see' to 'ee' for singularize 'fees' to 'fee'
This PR was merged into the 4.4 branch.
Discussion
----------
[WebProfilerBundle] Clean time.js
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | -
The `classnames` property was removed in https://github.com/symfony/symfony/pull/33535.
Commits
-------
997ca70385 [WebProfilerBundle] Clean time.js
This PR was merged into the 4.4 branch.
Discussion
----------
Adding .gitattributes to remove Tests directory from "dist"
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | no
| New feature? | yes
| Deprecations? | no?
| Tickets |
| License | MIT
| Doc PR |
This is a controversial topic that have been mentioned before. We recently had some discussions on Slack about it and the community not in an agreement. This was asked back in 2014 already.
Im making this PR again, because I think this will help more people than it hurts to keep the tests in the "dist" version.
### Reasons for keeping the tests with the source
* You can look at the tests to understand how the code works
* It is convenient
In the past there were an argument of people might depend on Symfony's classes in Tests. That is no longer the case since we moved reusable classes from Tests to Test.
### Reasons for removing them (merging this PR)
* There should be difference between `composer update --prefer-source` and `composer update --prefer-dist`
* Smaller packages when deploying with Docker or on Serverless.
* Static analysis tools will not complain on PHP syntax errors in our tests ([example](https://github.com/symfony/symfony/blob/4.4/src/Symfony/Component/DependencyInjection/Tests/Fixtures/xml/xml_with_wrong_ext.php))
## How to decide?
Merging this PR or not is tricky because no side has a solid technical argument. It is basically just personal preference. Please give this PR a 👍 or 👎 if you want to give your opinion.
## Other PRs and issues related to this:
Add .gitattributes file (https://github.com/symfony/symfony/pull/29277)
Added .gitattributes files to root and all components (https://github.com/symfony/symfony/pull/26472)
Exclude non-essential files from Composer package (https://github.com/symfony/symfony/issues/25414)
[HttpFoundation] optimize files for distribution (https://github.com/symfony/symfony/pull/24427)
Add .gitattributes files (https://github.com/symfony/symfony/pull/23926)
[Suggestion] Adding .gitattributes to ignore unnecessary folders and files for production env (https://github.com/symfony/symfony/issues/20057)
Add lightweight and root only .gitattributes (https://github.com/symfony/symfony/pull/18004)
Add .gitattributes to exclude tests from ZIPs (https://github.com/symfony/symfony/pull/17995)
[RFC] Move tests out of the source and source out of the tests (https://github.com/symfony/symfony/issues/17749)
Removal of development & testing files using .gitattributes (https://github.com/symfony/symfony/issues/16174)
Please add .gitattributes files and fix line endings (https://github.com/symfony/symfony/issues/13521)
making use of .gitattributes (https://github.com/symfony/symfony/issues/11810)
## Workarounds
There are workarounds for both sides. Example:
### Workaround if merged
* `composer update --prefer-source`
### Workaround if closed
* `find vendor/symfony -name "Tests" -type d -exec rm -r "{}" \;`
* https://github.com/editorconfig/editorconfig/issues/228
* https://github.com/dg/composer-cleaner
Commits
-------
ac7dc24bcb Adding .gitattributes to remove Tests directory from "dist"
* 4.3:
fixed "link" to Contracts packages
[WebProfilerBundle] Fix time panel legend buttons
Fixed cache pools affecting each other due to an overwritten seed variable
properly catch legacy tag syntax usages
This PR was merged into the 4.4 branch.
Discussion
----------
[FrameworkBundle][ErrorRenderer] Use FileLinkFormatter service when possible
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | -
Consistent the way TwigBundle defines the `Symfony\Bridge\Twig\Extension\CodeExtension` service:
789448b65c/src/Symfony/Bundle/TwigBundle/Resources/config/twig.xml (L88)
Commits
-------
d4a6867 use debug.file_link_formatter service when possible
This PR was merged into the 4.4 branch.
Discussion
----------
[SecurityBundle] Move Anonymous DI integration to new AnonymousFactory
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | n/a
For some reason, all security authentication providers/listeners have a `SecurityFactory` that adds configuration and registers the necessary services, except from anonymous security. I'm not sure why that has not been done. The only thing I can think of is making sure it is added to the end.
I've added a new "internal" factory position, to make sure it is always the last registered provider and moved everything to a new `AnonymousFactory`.
Nothing changes on the usage side, but it makes internal code a bit easier to understand and makes sure we don't break anything while refactoring the `SecurityExtension` in the future.
Commits
-------
0da2761c15 Move Anonymous config to a SecurityFactory
This PR was merged into the 4.4 branch.
Discussion
----------
[Debug] disable new DebugClassLoader when testing the legacy one
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
Commits
-------
25a683bbeb [Debug] disable new DebugClassLoader when testing the legacy one
