Calling the parent constructor of the mocked `Mongo` class tries to
connect to a local MongoDB server which fails in case no local server
was configured.
Similarly, when the parent constructor of the mocked `MongoCollection`
class is called it performs checks on the passed arguments which fails
again when a connection was not established successfully before.
* 2.3:
added missing quotes in YAML files
[HttpKernel] Add `@group time-sensitive` on some transient tests
[DoctrineBridge] Fix issue which prevent the profiler to explain a query
Use mb_detect_encoding with $strict = true
don't allow to install the split Security packages
bumped Symfony version to 2.3.35
updated VERSION for 2.3.34
update CONTRIBUTORS for 2.3.34
updated CHANGELOG for 2.3.34
This PR was merged into the 2.3 branch.
Discussion
----------
Use mb_detect_encoding with $strict = true
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
Otherwise, UTF-8 can be returned for non-UTF8 strings...
See e.g. https://3v4l.org/oMMnX
Commits
-------
e6c89f1 Use mb_detect_encoding with $strict = true
This PR was merged into the 2.3 branch.
Discussion
----------
[Security] don't allow to install the split Security packages
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #16134
| License | MIT
| Doc PR |
Currently, you would be able to install the Security component fromm
Symfony 2.3 together with one of the split packages from a higher
Symfony vesion like this:
```json
{
"require": {
"symfony/symfony": "2.3.*",
"symfony/security-core": "~2.7"
}
}
```
However, you will end up with classes being present twice.
This must be reverted after merging up in the `2.7` branch.
Commits
-------
0d14064 don't allow to install the split Security packages
Currently, you would be able to install the Security component fromm
Symfony 2.3 together with one of the split packages from a higher
Symfony vesion like this:
```json
{
"require": {
"symfony/symfony": "2.3.*",
"symfony/security-core": "~2.7"
}
}
```
However, you will end up with classes being present twice.
This must be reverted after merging up in the `2.7` branch.
* 2.3:
fixed YAML files missing quotes when a string starts with @
[Routing] mark internal classes
[Translation][Csv file] remove unnecessary statements, for better readability.
[Form] remove validation of FormRegistry::getType as FormRegistry::hasType does not validate either
This PR was merged into the 2.3 branch.
Discussion
----------
fixed YAML files missing quotes when a string starts with @
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
Commits
-------
e36fea8 fixed YAML files missing quotes when a string starts with @
This PR was merged into the 2.3 branch.
Discussion
----------
[Translation][Csv loader] remove unnecessary statements, for better readability.
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Fixed tickets | ~
| Tests pass? | yes
| License | MIT
Commits
-------
47b8c3e [Translation][Csv file] remove unnecessary statements, for better readability.
This PR was merged into the 2.3 branch.
Discussion
----------
[Form] remove type check in FormRegistry::getType
| Q | A
| ------------- | ---
| Bug fix? | yes (consistency)
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
remove validation of `FormRegistry::getType` as `FormRegistry::hasType` does not validate either. So `hasType` currently triggers a PHP warning with a wrong argument.
also developers do not work with the registry directly anyway but through the factory. and the factory already validates the value. So this validation is useless in reality.
Commits
-------
d37b9e6 [Form] remove validation of FormRegistry::getType as FormRegistry::hasType does not validate either
* 2.3:
[DoctrineBridge] Fix required guess of boolean fields
[DI] don't use array_map to resolve services
Remove dead code in the PropertyPath constructor
[Process] Inherit env vars by default in PhpProcess
[HttpFoundation] Fixes /0 subnet handling in IpUtils
[Form] Simplify DateTimeToStringTransformer Avoid unneeded catch and re-throw of the same exception.
[HttpKernel] Remove a duplicate test for the EsiFragmentRenderer
Conflicts:
src/Symfony/Component/Process/Process.php
src/Symfony/Component/PropertyAccess/Tests/PropertyAccessorCollectionTest.php
src/Symfony/Component/PropertyAccess/Tests/PropertyAccessorTest.php
This PR was merged into the 2.3 branch.
Discussion
----------
[Process] Inherit env vars by default in PhpProcess
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
This is the cause of our failures on Windows, where the SYSTEMROOT env var is mandatory for mcrypt_create_iv to work.
I don't know why the browserkit client is run with no env inheritance and this looks like a bug.
Same for PhpProcess emptying the env by default, this looks like a bug, esp. since the parent `Process` class defaults to inheriting the env.
Tests are not broken by this change.
Commits
-------
ab8cc29 [Process] Inherit env vars by default in PhpProcess
This PR was merged into the 2.3 branch.
Discussion
----------
Remove dead code in the PropertyPath constructor
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
Custom singulars have been removed from the component before merging it in Symfony, but the code parsing them was only removed partially.
Commits
-------
ad4d0eb Remove dead code in the PropertyPath constructor
This PR was squashed before being merged into the 2.3 branch (closes#16177).
Discussion
----------
[HttpFoundation] Fixes /0 subnet handling in IpUtils
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #16055
| License | MIT
| Doc PR | Not needed
Fixes bug #16055. For IP addresses with CIDR subnet length 0, the IP address must be valid - IPs with subnet masks greater than zero are implicitly validated due to the use of `ip2long` and `substr_compare` (although it's not particularly robust - there could be some future work to improve this here).
Commits
-------
d9ac571 [HttpFoundation] Fixes /0 subnet handling in IpUtils
This PR was merged into the 2.3 branch.
Discussion
----------
[HttpKernel] Remove a duplicate test for the EsiFragmentRenderer
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
Since the request was made a required argument to the `render()` method in #6829, this [test became a duplicate](23f51450bd/src/Symfony/Component/HttpKernel/Tests/RenderingStrategy/EsiRenderingStrategyTest.php (L28-L38)) of `testRenderFallbackToInlineStrategyIfEsiNotSupported()`.
Commits
-------
44d57a3 [HttpKernel] Remove a duplicate test for the EsiFragmentRenderer
Since the request was made a required argument to the `render()` method in #6829, this test became a duplicate of `testRenderFallbackToInlineStrategyIfEsiNotSupported()`.
* 2.3:
[Routing] use constants in tests
[Validator] Allow an empty path in a URL with only a fragment or a query
[HttpFoundation] Fix some typo in the Request doc
fixed CS
Added separated handling of root paths
This PR was merged into the 2.7 branch.
Discussion
----------
[TwigBundle] Fix Twig cache is not properly warmed
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #15982
| License | MIT
| Doc PR | -
Alternative to #15034
Commits
-------
e704ee4 [TwigBundle] Fix Twig cache is not properly warmed
This PR was merged into the 2.3 branch.
Discussion
----------
[filesystem] makeRelativePath does not work correctly from root
| Q | A
| ------------- | ---
| Bug fix? | yes/no
| New feature? | yes/no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #1234
| License | MIT
| Doc PR | #14066, #14067
When using `makeRelativePath`, it returns an incorrect path when trying to fetch an entry from the root:
$fs->makePathRelative('/foo/bar/baz', '/');
Actual result:
../foo/bar/baz
Expected result:
foo/bar/baz
As we have specified an absolute path, there is no point on having an `..` added. It works, because a root directory has a `..` which points to itself, but it could result in issues when the relative path is actually prefixed or concatted.
Commits
-------
791b124 fixed CS
7bb394e Added separated handling of root paths
* 2.3:
[HttpFoundation] Extend ClockMock to session storage tests
[Process] Don't use @requires on abstract class
Conflicts:
src/Symfony/Component/HttpFoundation/Tests/Session/Storage/Handler/PdoSessionHandlerTest.php
This PR was merged into the 2.7 branch.
Discussion
----------
[2.7][tests] Use @requires annotation when possible
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
Commits
-------
b028aea [tests] Use @requires annotation when possible
This PR was squashed before being merged into the 2.3 branch (closes#16095).
Discussion
----------
[Console] Add additional ways to detect OS400 platform
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #16053
| License | MIT
| Doc PR | None
This PR adds support for detecting the OS400 platform when the PHP function `php_uname()` is disabled. OS400 platform detection was added in #15058 to fix character encoding issues present on OS400. See that PR for more info.
This PR fixes regression introduced in #16053, which did not work on the IBM OS400 server I have access to. The constant `PHP_OS` being checked outputs "AIX" on my IBM OS400 server. I can't say for sure if it works on other IBM platforms... but I preserved this check just in case.
User @eloigranado [commented here](https://github.com/symfony/symfony/pull/15058#issuecomment-130743928) asking if we could switch to using `PHP_OS` constant instead of `php_uname()` because he claims some admins might "[hide] the exact kernel build from any attacker who discovers a remote PHP code execution vulnerability". I personally don't think we should accommodate this use case, but I was able to find alternate approaches.
### Why use case insensitive string matching stristr() instead of in_array()?
Here are the various outputs on my OS400 server:
echo PHP_OS; // "AIX"
echo getenv('OSTYPE'); // "os400"
echo php_uname('s'); // "OS400"
So we have various case issues here, and possible blank values on platforms where OSTYPE var doesn't exist or php_uname() is disabled. Concatenating these optional values together delimited by ; then case-insensitive searching the string for "OS400" seemed like a fair compromise. I would've probably done `in_array()` if case wasn't an issue.
Commits
-------
96a4071 [Console] Add additional ways to detect OS400 platform
This PR was merged into the 2.7 branch.
Discussion
----------
Added more tests for PropertyAccess
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
This is a follow up for [16090#issuecomment-145183635](https://github.com/symfony/symfony/pull/16090#issuecomment-145183635)
Commits
-------
378db75 Added more tests for PropertyAccess
This PR was merged into the 2.3 branch.
Discussion
----------
[Yaml] Allow tabs before comments at the end of a line
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
If a yml file has a tab character before a line ending comment the comment will be included in the parsed value. Yaml spec allows tab or space as whitespace characters so we need to check for tab as well. See included test.
Recently caused an odd and hard to find bug in our project.
See spec:
http://www.yaml.org/spec/1.2/spec.html#s-b-commenthttp://www.yaml.org/spec/1.2/spec.html#s-separate-in-linehttp://www.yaml.org/spec/1.2/spec.html#s-white
This is a new PR replacing https://github.com/symfony/symfony/pull/15747
@fabpot
Commits
-------
d040be7 [Yaml] Allow tabs before comments at the end of a line
This PR was merged into the 2.7 branch.
Discussion
----------
[2.7] Fix docblocks about callables
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
Commits
-------
7b12fe9 [2.7] Fix docblocks about callables
This PR was merged into the 2.7 branch.
Discussion
----------
[Security] sync translations and add a test for it
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #15955
| License | MIT
| Doc PR |
Commits
-------
08333ec [Security] sync translations and add a test for it
This PR was merged into the 2.3 branch.
Discussion
----------
Fix docblocks about callables
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
Commits
-------
a25beb6 Fix docblocks about callables
The FrameworkBundle in version 2.3 can be used with recent versions of
the Security component. However, after the Security component has been
split with Symfony 2.4, translations resources have been moved to the
`symfony/security-core` package. Thus, the changed location must be
taken into account.
This PR was merged into the 2.3 branch.
Discussion
----------
Command list ordering fix
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
Makes sure that global commands are always first.
Commits
-------
2984f8e fixed previous commit
70f2b3e global commands are always first in command list
* 2.3:
[Security][bugfix] "Remember me" cookie cleared on logout with custom "secure"/"httponly" config options [1]
[ci] Use current PHP_BINARY when running ./phpunit
Fixed typos
[UPGRADE-3.0] fix bullet indentation
[Security] InMemoryUserProvider now concerns whether user's password is changed when refreshing
This PR was merged into the 2.3 branch.
Discussion
----------
Fixed typos
Following #16098
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | N/A
| License | MIT
| Doc PR | N/A
Commits
-------
f5802c2 Fixed typos
This PR was squashed before being merged into the 2.3 branch (closes#14842).
Discussion
----------
[Security][bugfix] "Remember me" cookie cleared on logout with custom "secure"/"httponly" config options [1]
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #14822
| License | MIT
| Doc PR | ~
* test now always pass "secure" and "httponly" options, as they are required
* could be considered BC, but [`RememberMeFactory` passes them](https://github.com/symfony/symfony/blob/2.3/src/Symfony/Bundle/SecurityBundle/DependencyInjection/Security/Factory/RememberMeFactory.php#L21), so they should've always been treated as required
* I can squash the commits before merging
* Alternative solution: #14843
Commits
-------
18b1c6a [Security][bugfix] "Remember me" cookie cleared on logout with custom "secure"/"httponly" config options [1]
This PR was merged into the 2.3 branch.
Discussion
----------
[Security] InMemoryUserProvider now concerns whether user's password is changed when refreshing
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
When a user has changed own password, I want to logout any sessions which is authenticated by its user except changer itself.
[DaoAuthenticationManager::checkAuthentication()](https://github.com/symfony/symfony/blob/2.3/src/Symfony/Component/Security/Core/Authentication/Provider/DaoAuthenticationProvider.php#L59) method seems to concern about it.
But, this situation actually never happens because both users that will be passed to this method are always identical in re-authentication.
It's because the token refreshes own user via [ContextListener](https://github.com/symfony/symfony/blob/2.3/src/Symfony/Component/Security/Http/Firewall/ContextListener.php#L90) before re-authentication.
Commits
-------
729902a [Security] InMemoryUserProvider now concerns whether user's password is changed when refreshing
This PR was merged into the 2.3 branch.
Discussion
----------
Fix PropertyAccessor modifying array in object when array key does no…
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #16056
| License | MIT
| Doc PR |
Commits
-------
f24c678 Fix PropertyAccessor modifying array in object when array key does not exist
This PR was merged into the 2.3 branch.
Discussion
----------
Throw exception if tempnam returns false in ProcessPipes
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #15215
| License | MIT
| Doc PR |
Related to #16092
Commits
-------
1425b8a Throw exception if tempnam returns false in ProcessPipes
This condition is always `true` because `$attributesMetadata` does not exists in this `foreach` context and could overwrite values in the `$attributesMetadata` variable.
This PR was merged into the 2.3 branch.
Discussion
----------
[Console] use PHP_OS instead of php_uname('s')
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #15058
| License | MIT
| Doc PR |
The php_uname() function may be disabled for security reasons.
Commits
-------
40e0dc8 use PHP_OS instead of php_uname('s')
This PR was merged into the 2.3 branch.
Discussion
----------
[Yaml] Fix improper comments removal
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #15857
| License | MIT
| Doc PR | -
This tries to fix#15857 .
Honestly, I don't have any idea of the regressions it might introduce. Tests are passing, so if this code had any reason to exist, tests covering it are certainly missing :/
Any hint ?
Commits
-------
0e24fc5 [Yaml] Fix improper comments removal inside strings
This PR was merged into the 2.3 branch.
Discussion
----------
[TwigBundle] fix useless and failing test
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
This test is failing in php 7, see https://travis-ci.org/symfony/symfony/jobs/83107755#L2015
But it also doesn't test anything. So it's useless in it's current form.
In 2.7 we have more tests that are actually useful. So the class is not untested.
Commits
-------
d94dd16 [TwigBundle] fix useless and failing test
Make sure that all relevant information is passed to created crawlers.
To avoid future regressions, this commit backports the approach taken by
@stof in #15934 to have a single place in the class that is responsible
to create subcrawler instances.
* 2.3:
[DependencyInjection] improved a comment for reading fluency
[HttpKernel] change a class in tests to avoid depending on SQLite
[ci] Display fastest results first when running tests in parallel
[Yaml] Improve newline handling in folded scalar blocks
This PR was merged into the 2.3 branch.
Discussion
----------
[HttpKernel] change a class in tests to avoid depending on SQLite
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
Commits
-------
d6a7517 [HttpKernel] change a class in tests to avoid depending on SQLite