This PR was squashed before being merged into the 2.7 branch (closes#19373).
Discussion
----------
[Form] Skip CSRF validation on form when POST max size is exceeded
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #19140
| License | MIT
| Doc PR | N/A
In #19140 the CSRF validation listener was not aware that the POST max size had exceeded, and was adding a form error message that wasn't relevant to the actual error.
This introduces the `ServerParams` utility class into the `CsrfValidationListener` and checks that the POST max size has not been exceeded. If it has then it won't bother trying to validate the CSRF token.
My main concern with this change is that it opens up an attack vector around tokens, but I've encapsulated the request size validation in a single method in `ServerParams` now so that the request handlers are using the same logic.
Commits
-------
289531f [Form] Skip CSRF validation on form when POST max size is exceeded
This PR was merged into the 2.7 branch.
Discussion
----------
Fix#19531 [Form] DateType fails parsing when midnight is not a valid time
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #19531
| License | MIT
| Doc PR |
Commits
-------
c951bb6Fix#19531 [Form] DateType fails parsing when midnight is not a valid time
This PR was submitted for the 2.8 branch but it was merged into the 2.7 branch instead (closes#19565).
Discussion
----------
Make IDEs handle the configuration tree
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
When defining a configuration tree, my IDE (PhpStorm) gives me a lot of `Method 'scalarNode' not found in null|\Symfony\Component\Config\Definition\Builder\NodeParentInterface` warnings. This can easily be fixed by adding more return types to the phpDoc comments of the `end()` methods of the `NodeBuilder` and `NodeDefinition` classes.
Commits
-------
4e8bfc6 Enhance the phpDoc return types so IDEs can handle the configuration tree.
This PR was submitted for the master branch but it was merged into the 2.7 branch instead (closes#19563).
Discussion
----------
[Validator] Dutch translation fixes
| Q | A
| ------------- | ---
| Branch? | "master"
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | ~
| License | MIT
| Doc PR | ~
Some dutch translation fixes. I probably can rebase this against 2.*, but maybe someone wants to comment first or spots any other spelling errors.
Ignore fabbot.io :)
Commits
-------
359204f fixes
This PR was merged into the 2.7 branch.
Discussion
----------
Remove 3.0 from branch suggestions for fixes in PR template
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
Appart from security fixes, the 3.0.9 patch release was the last one for the 3.0 branch.
I'd suggest not proposing anymore to submit fixes on this branch.
Commits
-------
3265932 Remove 3.0 from branch suggestions for fixes in PR template
This PR was merged into the 2.7 branch.
Discussion
----------
[appveyor] Fix cache handling
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
I noticed that the cache for the c:\php dir was almost always skipped. After looking more carefully at appveyor's doc, there is only one cache for all branches/PRs.
Which means we can't have variations for cached items in the same way we have on travis.
Thus, we can only cache things that are the same across all branches. Namely our phpunit wrapper and composer.phar.
Commits
-------
fb828d7 [appveyor] Fix cache handling
This PR was submitted for the master branch but it was merged into the 2.7 branch instead (closes#19561).
Discussion
----------
[Console] Fix indentation of Help: section of txt usage help
| Q | A
| ------------- | ---
| Branch? | 3.1
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
I noticed that all of the sections output by `TextDescriptor` (*Usage*, *Arguments*, *Options*, *Available commands*, &c.) are indented by 2 spaces, except for the *Help* section, which is indented by only 1 space:
<img width="1039" alt="screen shot 2016-08-07 at 08 53 53" src="https://cloud.githubusercontent.com/assets/122095/17462818/34c99cfc-5c7e-11e6-9674-9324c537fc01.png">
This PR makes the indentation consistent with the other sections. (I don't *think* that qualifies as a BC break?)
Commits
-------
4e4c674 Console: Fix indentation of Help: section of txt usage help
This PR was squashed before being merged into the 2.7 branch (closes#19468).
Discussion
----------
[Intl] Update ICU data to 57.1
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #19315
| License | MIT
| Doc PR | -
I think the only thing that makes sense with ICU is to always be on the latest available version.
Commits
-------
a48c00b [Intl] Update ICU data to 57.1
This PR was merged into the 2.7 branch.
Discussion
----------
[Config] Improved test
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | ~
| License | MIT
| Doc PR | ~
Commits
-------
456d53a [Config] Improved test
This PR was merged into the 2.7 branch.
Discussion
----------
Added class existence check if is_subclass_of() fails in compiler passes
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | comma-separated list of tickets fixed by the PR, if any
| License | MIT
| Doc PR | no
Backport of #19342 to 2.7 branch
Commits
-------
77adea7 Added class existence check if is_subclass_of() fails in compiler passes
This PR was merged into the 2.7 branch.
Discussion
----------
[Routing] Reorder assert parameters
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
The expected value must be the first parameter.
Commits
-------
7f88796 [Routing] Reorder assert parameters
This PR was merged into the 2.7 branch.
Discussion
----------
Added missing czech validators translation of not expected charset
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| License | MIT
Profiler was complaining about using a not translated message so I translated it.
Not sure if bug or feature. The bug label is probably not apropriate, sorry. But I guess it should be merged to all versions.
Commits
-------
7eacae8 Added missing czech validators translation of not expected charset
This PR was merged into the 2.7 branch.
Discussion
----------
Workaround another buggy PHP warning
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
Added error-suppression to the `is_executable($path)` call, too, per the bug noted just above.
The cited issue manifests as such without it:
```
ErrorException in ExecutableFinder.php line 63:
is_executable(): open_basedir restriction in effect. File(/usr/share/php) is not within the allowed path(s): (/usr/share/php:/tmp:/usr/share/phpmyadmin:/etc/phpmyadmin:/var/lib/phpmyadmin:/usr/local/zend/var/zray/extensions:/usr/local/zend/share:/usr/local/zend/var/plugins)
```
Commits
-------
4348f4b Workaround another buggy PHP warning
Added error-suppression to the `is_executable($path)` call, too, per the bug noted just above.
The cited issue manifests as such without it:
```
ErrorException in ExecutableFinder.php line 63:
is_executable(): open_basedir restriction in effect. File(/usr/share/php) is not within the allowed path(s): (/usr/share/php:/tmp:/usr/share/phpmyadmin:/etc/phpmyadmin:/var/lib/phpmyadmin:/usr/local/zend/var/zray/extensions:/usr/local/zend/share:/usr/local/zend/var/plugins)
```
This PR was merged into the 2.7 branch.
Discussion
----------
[SwiftMailerBridge] Fix flawed deprecation message
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
Given `__CLASS__` returns null outside of a class, the deprecation message is incomplete.
Commits
-------
9b0cbab Remove usage of __CLASS__ outside of a class
This PR was merged into the 2.7 branch.
Discussion
----------
[HttpKernel] Fix variable conflicting name
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
Simply fix a conflicting name (`$bundle` is used for the foreach on line 466 and 476). It works for the moment only because there is nothing after the second foreach inside the first.
Commits
-------
9ac9f55 [HttpKernel] Fix variable conflicting name
This PR was merged into the 2.7 branch.
Discussion
----------
[Process] Fix double-fread() when reading unix pipes
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
While looking at the blackfire profile of a `composer install`, I was able to reduce the number of calls to `fread` from 90k to 60k using this patch (and from 60k to <1k with https://github.com/composer/composer/pull/5569 but that's another story).
In fact, we should continue reading only if there might be something next, which won"t be the case if the buffer has not been filled.
Commits
-------
ac17617 [Process] Fix double-fread() when reading unix pipes
This PR was merged into the 2.7 branch.
Discussion
----------
[Process] Fix AbstractPipes::write() for a situation seen on HHVM (at least)
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | https://github.com/composer/composer/issues/5381, https://github.com/composer/composer/issues/5566
| License | MIT
| Doc PR | -
Even if I tried with my local hhvm, I can't reproduce the reported issues, yet it looks like some versions of HHVM trigger a notice here.
Commits
-------
2bb2b9b [Process] Fix AbstractPipes::write() for a situation seen on HHVM (at least)
