This PR was squashed before being merged into the 3.4 branch (closes#25947).
Discussion
----------
PhpDocExtractor::getTypes() throws fatal error when type omitted
| Q | A
| ------------- | ---
| Branch? | 3.2
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
When omitting a type in a `DocBlock` `Tag`, it will throw a fatal error due to the type being null with a call to `$tag->getType()`.
Commits
-------
54253ecfff PhpDocExtractor::getTypes() throws fatal error when type omitted
This PR was merged into the 4.1-dev branch.
Discussion
----------
[Serializer] Fix security issue on CsvEncoder about CSV injection
| Q | A
| ------------- | ---
| Branch? | master (4.1)
| Bug fix? | no
| New feature? | yes
| BC breaks? | yes
| Deprecations? | no
| Tests pass? | yes
| License | MIT
I read [this article](http://georgemauer.net/2017/10/07/csv-injection.html) about CSV injection and I thought it best to update the `CsvEncoder` so that it does not generate potentially malicious CSV files by default.
Commits
-------
a1b0bdbbac Fix security issue on CsvEncoder
This PR was merged into the 2.7 branch.
Discussion
----------
[Form] keep the context when validating forms
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #25542
| License | MIT
| Doc PR |
Commits
-------
317da3bdf8 keep the context when validating forms
This PR was merged into the 4.1-dev branch.
Discussion
----------
[Security] The AuthenticationException should implements Security's ExceptionInterface
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #25770
| License | MIT
| Doc PR | ø
Dunno why this is the case right now but this probably should not. Was reported by @paq85.
Commits
-------
0ee4cf1019 The Security Component's exceptions should implements Security's ExceptionInterface
This PR was merged into the 4.1-dev branch.
Discussion
----------
[WebProfilerBundle] Improve controller linking
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes/no
| Fixed tickets | #... <!-- #-prefixed issue number(s), if any -->
| License | MIT
| Doc PR | symfony/symfony-docs#... <!--highly recommended for new features-->
I propose to remove the `Controller class` entry from the request toolbar panel, IMHO it's confusing/useless compared to the linked `Controller` entry above. They represent the same.
To preserve its value it's now used as title attribute instead, favored over controller file currently being used here. We can read that from the statusbar anyway :-)
Before: (hovering ontroller link)
After: (hovering ontroller link)
Commits
-------
f6c0dc64e6 [WebProfilerBundle] Improve controller linking
This PR was squashed before being merged into the 4.1-dev branch (closes#26036).
Discussion
----------
Added support for getting default values in Accept headers
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #25877
| License | MIT
| Doc PR | -
Commits
-------
7e31fd94df Added support for getting default values in Accept headers
This PR was merged into the 2.7 branch.
Discussion
----------
[DI] minor: use a strict comparison in setDecoratedService
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | no
| New feature? | no <!-- don't forget to update src/**/CHANGELOG.md files -->
| BC breaks? | no
| Deprecations? | no <!-- don't forget to update UPGRADE-*.md files -->
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
Commits
-------
f167b50 [DI] minor: use a strict comparision in setDecoratedService
* 4.0:
Use the PCRE_DOLLAR_ENDONLY modifier in route regexes
[Form] Make sure errors are a part of the label on bootstrap 4 - this is a requirement for WCAG2
[Config] Only using filemtime to check file freshness
* 3.4:
Use the PCRE_DOLLAR_ENDONLY modifier in route regexes
[Form] Make sure errors are a part of the label on bootstrap 4 - this is a requirement for WCAG2
[Config] Only using filemtime to check file freshness
This PR was merged into the 4.1-dev branch.
Discussion
----------
[HttpFoundation] we should not pass size on FileBag removing the contruct parameter
| Q | A
| ------------- | ---
| Branch? | 4.1
| Bug fix? | yes
| New feature? | no <!-- don't forget to update src/**/CHANGELOG.md files -->
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #25466 <!-- #-prefixed issue number(s), if any -->
| License | MIT
| Doc PR | none
We may have forgotten this one, thanks to @craue for seeing it !
Commits
-------
0db65b5 fix tests
820186f [HttpFoundation] we should not pass size on FileBag
This PR was squashed before being merged into the 2.7 branch (closes#25373).
Discussion
----------
Use the PCRE_DOLLAR_ENDONLY modifier in route regexes
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
`UrlMatcher::match($pathinfo)` applies `rawurldecode()` to the `$pathinfo` before trying to match it against the routes.
If the URL contains a percent-encoded trailing newline (like in `/foo%0a`), the default PHP PCRE will still consider `#^/foo$#` a match, as the `$` metacharacter will also match *immediately before* the final character *if it is a newline*. This behavior can be changed by applying the [`PCRE_DOLLAR_ENDONLY` modifier](http://php.net/manual/en/reference.pcre.pattern.modifiers.php).
Without this change, URLs with trailing `%0a` lead to weird notices further down the road, for example when the `RedirectableUrlMatcher` or its equivalent in `PhpMatcherDumper` kick in, look at the last character (this time actually the newline), append a `/` and try to redirect to the resulting URL. Ultimately, PHP will complain with `Warning: Header may not contain more than a single header, new line detected` when sending the `Location` header.
Commits
-------
f713a3e Use the PCRE_DOLLAR_ENDONLY modifier in route regexes
This PR was merged into the 3.4 branch.
Discussion
----------
[Form] Make sure errors are a part of the label on bootstrap 4 - this is a requirement for WCAG2
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR | symfony/symfony-docs#... <!--highly recommended for new features-->
I recently let Europe's leading accessibility experts (Funkanu.se) review a site of mine, they gave me (among other) the feedback that errors should be a part of the label.
They said that it makes no sense for blind users to read label, read input and then read errors.
I know the implementation might look strange. But I wish something like this would be merged. That would be great for accessibility for all apps using Symfony.
We *could* also make sure it prints something like:
```
<label for=”name”>Name: <span class=”hidden”>Error message</span></label>
<input id=”name” type=”text”>
<span aria-hidden=”true”>Error message</span>
```
Commits
-------
a0b40f5 [Form] Make sure errors are a part of the label on bootstrap 4 - this is a requirement for WCAG2
This PR was merged into the 4.1-dev branch.
Discussion
----------
Unwrap errors in FlattenException
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| BC breaks? | maybe
| Deprecations? | no
| Tests pass? | no (but probably unrelated?)
| Fixed tickets | #26025
| License | MIT
| Doc PR | N/A
This is probably the most straightforward way to solve #26025. `FlattenException` is now unwrapping `FatalThrowableError` instances and logs the wrapped error instead. The consequence of this change is that the real error class is displayend on TwigBundle's exception page and the profiler.
Regarding BC: If we assume that `FlattenException` is used for rendering and logging, everything should be fine. But this PR changes `FlattenException`'s internal behavior. If a piece of code relied on errors appearing `FatalThrowableError` inside a `FlattenException`, that code would break.
<img width="402" alt="bildschirmfoto 2018-02-02 um 20 08 42" src="https://user-images.githubusercontent.com/1506493/35760077-0b202940-087e-11e8-9b98-8e4ba269780c.png">
Commits
-------
f14d7d6 Unwrap errors in FlattenException.
This PR was merged into the 3.4 branch.
Discussion
----------
[Config] Only using filemtime to check file freshness
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #25999
| License | MIT
Commits
-------
52c9cb4 [Config] Only using filemtime to check file freshness
This PR was merged into the 4.1-dev branch.
Discussion
----------
[DI] Put non-shared service factories in closures
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
With this change, non-shared services are moved to dedicated files (unless they are on the hot path).
Previously, they were always dumped as methods.
The goal of this change is to dump factories as methods *if and only if* the services they build are on the hot-path. By doing so, it will become very easy to figure out which services are on the hot path, vs the rest. And then people will be able to optimize their configurations: if too many things are dumped as methods, it will trivially mean some laziness is missing in definitions.
I spotted this while reviewing the dumped container of Blackfire, where we sometimes have long chains of dependencies that are on the hot path for no real reason - mixed with big non-shared factories (Sonata admin blocks in our case.)
Commits
-------
22c5325 [DI] Put non-shared service factories in closures
This PR was merged into the 3.4 branch.
Discussion
----------
[Config] Handle Service/EventSubscriberInterface in ReflectionClassResource
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #25906
| License | MIT
| Doc PR | -
@weaverryan that should fix an issue you reported.
Commits
-------
67e821b [Config] Handle Service/EventSubscriberInterface in ReflectionClassResource
This PR was merged into the 3.4 branch.
Discussion
----------
[DI][Routing] Fix tracking of globbed resources
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #25904
| License | MIT
| Doc PR | -
The current `GlobFileLoader` in `Config` misses resource tracking, so we can't use it and have to use a per-component one instead.
(deps=high failures will be fixed after merging up to master.)
Commits
-------
945c753 Add tests for glob loaders
ad98c1fa [DI][Routing] Fix tracking of globbed resources
This PR was merged into the 3.4 branch.
Discussion
----------
[SecurityBundle] Allow remember-me factory creation when multiple user providers are configured.
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | none
| License | MIT
| Doc PR | none
When more than one user provider is configured, and `remember_me` is enabled on a firewall, this avoids the deprecation notice in 3.4 and thrown `InvalidConfigurationException` in 4.0 ("Not configuring explicitly the provider for the "remember_me" listener on "foo" firewall is ambiguous as there is more than one registered provider."). The `RememberMeFactory` ignores the `$userProvider` argument and uses the secret configured for the firewall. (If no secret is configured, it throws its own exception.)
The added test passes in 3.4 with a deprecation notice without the change, so would expect it to fail in 4.0 without the change.
Other tests in the `SecurityBundle` already included two errors and one failure, not related to this change.
Commits
-------
6ab8dd9 Allow remember-me factory creation when multiple user providers are configured.
* 4.0:
[CssSelector] For AND operator, the left operand should have parentheses, not only right operand
Removed unused parameter from flattenDataProvider().
Update MongoDB extension on travis to make the builds green again.
* 3.4:
[CssSelector] For AND operator, the left operand should have parentheses, not only right operand
Removed unused parameter from flattenDataProvider().
Update MongoDB extension on travis to make the builds green again.
* 2.8:
[CssSelector] For AND operator, the left operand should have parentheses, not only right operand
Removed unused parameter from flattenDataProvider().
Update MongoDB extension on travis to make the builds green again.
* 2.7:
[CssSelector] For AND operator, the left operand should have parentheses, not only right operand
Removed unused parameter from flattenDataProvider().
Update MongoDB extension on travis to make the builds green again.
This PR was merged into the 2.7 branch.
Discussion
----------
[CssSelector] For AND operator, the left operand should have parentheses, not only right operand
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
From https://github.com/symfony/css-selector/pull/3
Commits
-------
76b40dc [CssSelector] For AND operator, the left operand should have parentheses, not only right operand
* 4.0:
[Intl] Fixed the broken link
Fix typo
Fix typo
Fixed issue #25985
Don't show wanna-be-private services as public in debug:container
[Routing] Fix trailing slash redirection for non-safe verbs
[DI] Fix tracking of source class changes for lazy-proxies
Proxy class names should be deterministic and independent of spl_object_hash() which is somewhat random
[Debug] Fix bad registration of exception handler, leading to mem leak
[Form] Fixed empty data on expanded ChoiceType and FileType
collect extension information as late as possible
* 3.4:
[Intl] Fixed the broken link
Fix typo
Fix typo
Fixed issue #25985
Don't show wanna-be-private services as public in debug:container
[Routing] Fix trailing slash redirection for non-safe verbs
[DI] Fix tracking of source class changes for lazy-proxies
Proxy class names should be deterministic and independent of spl_object_hash() which is somewhat random
[Debug] Fix bad registration of exception handler, leading to mem leak
[Form] Fixed empty data on expanded ChoiceType and FileType
collect extension information as late as possible
* 2.8:
[Intl] Fixed the broken link
[Routing] Fix trailing slash redirection for non-safe verbs
[Debug] Fix bad registration of exception handler, leading to mem leak
[Form] Fixed empty data on expanded ChoiceType and FileType
* 2.7:
[Intl] Fixed the broken link
[Routing] Fix trailing slash redirection for non-safe verbs
[Debug] Fix bad registration of exception handler, leading to mem leak
[Form] Fixed empty data on expanded ChoiceType and FileType
This PR was merged into the 2.7 branch.
Discussion
----------
[Intl] Fixed the broken link
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
From https://github.com/symfony/intl/pull/6
Commits
-------
5733e02960 [Intl] Fixed the broken link
This PR was merged into the 3.4 branch.
Discussion
----------
Don't show wanna-be-private services as public in debug:container
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #25987
| License | MIT
| Doc PR | n/a
Commits
-------
31f43e5226 Don't show wanna-be-private services as public in debug:container
This PR was merged into the 3.4 branch.
Discussion
----------
[HttpKernel] collect extension information as late as possible
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #25660
| License | MIT
| Doc PR |
Commits
-------
58cdbd03e1 collect extension information as late as possible
This PR was merged into the 3.4 branch.
Discussion
----------
[DI] Fix tracking of source class changes for lazy-proxies
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
Commits
-------
4f18e4b0dc [DI] Fix tracking of source class changes for lazy-proxies
This PR was merged into the 2.7 branch.
Discussion
----------
[Debug] Fix bad registration of exception handler, leading to mem leak
| Q | A
| ------------- | ---
| Branch? | 27
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #25965
| License | MIT
| Doc PR | -
Commits
-------
926b1bee18 [Debug] Fix bad registration of exception handler, leading to mem leak
This PR was merged into the 2.7 branch.
Discussion
----------
[Routing] Fix trailing slash redirection for non-safe verbs
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
This test dumped matchers using the existing test cases for (Redirectable)UrlMatcher so that we are sure they behave the same. Fixes the differences found while doing so.
Commits
-------
ad593aef2f [Routing] Fix trailing slash redirection for non-safe verbs
This PR was merged into the 2.7 branch.
Discussion
----------
[Form] Fixed empty data on expanded ChoiceType and FileType
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #25896
| License | MIT
| Doc PR | ~
Alternative of https://github.com/symfony/symfony/pull/25924.
I don't think we have to do this by adding overhead in master and getting it properly fixed in 2 years.
This is bug I've introduced while fixing another bug #17822. Which then has been replicated in #20418 and #24993.
I propose instead to clean up the code for all LTS, since this is a wrong behaviour that has never been documented, and most of all unreliable.
The `empty_data` can by anything in the view format as long as the reverse view transformation supports it. Even an object derived from the data class could be invokable.
I think we should remain consistent with https://github.com/symfony/symfony/blob/2.7/src/Symfony/Component/Form/Form.php#L615.
Commits
-------
9722c063fb [Form] Fixed empty data on expanded ChoiceType and FileType
When using any mode but the weak mode, you want your build to fail on
some or all deprecations, but it is still nice to be able to see what
you could fix without having to change modes.
This PR was merged into the 4.1-dev branch.
Discussion
----------
Adding an array adapter
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | none
| License | MIT
| Doc PR | symfony/symfony-docs#9110
There's no simple way to *disable* caching (e.g. in the dev) environment. Setting up an array adapter is a very simple way to allow this :).
Commits
-------
f92e03d adding an array adapter
This PR was merged into the 3.4 branch.
Discussion
----------
Deterministic proxy names
Proxy class names should be deterministic and independent of spl_object_hash() which is somewhat random to better support reproducible builds. See #25958
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
Commits
-------
b173b81f46 Proxy class names should be deterministic and independent of spl_object_hash() which is somewhat random
* 4.0:
update test for Twig performance optimizations
[WebProfilerBundle] Increase retry delays between toolbarAction ajax calls
support sapi_windows_vt100_support for php 7.2+
bumped Symfony version to 4.0.5
updated VERSION for 4.0.4
updated CHANGELOG for 4.0.4
bumped Symfony version to 3.4.5
updated VERSION for 3.4.4
updated CHANGELOG for 3.4.4
bumped Symfony version to 2.8.35
updated VERSION for 2.8.34
updated CHANGELOG for 2.8.34
bumped Symfony version to 2.7.42
updated VERSION for 2.7.41
update CONTRIBUTORS for 2.7.41
updated CHANGELOG for 2.7.41
[HttpFoundation] Added "null" type on Request::create docblock
Don't stop PSR-4 service discovery if a parent class is missing.
Allow trans filter to be safe
* 3.4:
update test for Twig performance optimizations
[WebProfilerBundle] Increase retry delays between toolbarAction ajax calls
support sapi_windows_vt100_support for php 7.2+
bumped Symfony version to 3.4.5
updated VERSION for 3.4.4
updated CHANGELOG for 3.4.4
bumped Symfony version to 2.8.35
updated VERSION for 2.8.34
updated CHANGELOG for 2.8.34
bumped Symfony version to 2.7.42
updated VERSION for 2.7.41
update CONTRIBUTORS for 2.7.41
updated CHANGELOG for 2.7.41
[HttpFoundation] Added "null" type on Request::create docblock
Don't stop PSR-4 service discovery if a parent class is missing.
Allow trans filter to be safe
* 2.8:
update test for Twig performance optimizations
[WebProfilerBundle] Increase retry delays between toolbarAction ajax calls
support sapi_windows_vt100_support for php 7.2+
bumped Symfony version to 2.8.35
updated VERSION for 2.8.34
updated CHANGELOG for 2.8.34
bumped Symfony version to 2.7.42
updated VERSION for 2.7.41
update CONTRIBUTORS for 2.7.41
updated CHANGELOG for 2.7.41
[HttpFoundation] Added "null" type on Request::create docblock
Allow trans filter to be safe
* 2.7:
update test for Twig performance optimizations
[WebProfilerBundle] Increase retry delays between toolbarAction ajax calls
support sapi_windows_vt100_support for php 7.2+
bumped Symfony version to 2.7.42
updated VERSION for 2.7.41
update CONTRIBUTORS for 2.7.41
updated CHANGELOG for 2.7.41
[HttpFoundation] Added "null" type on Request::create docblock
Allow trans filter to be safe
This PR was merged into the 2.7 branch.
Discussion
----------
[TwigBridge] update test for Twig performance optimizations
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | twigphp/Twig#2617
| License | MIT
| Doc PR |
Commits
-------
21bbad9 update test for Twig performance optimizations
This PR was merged into the 2.7 branch.
Discussion
----------
support sapi_windows_vt100_support for php 7.2+
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | See below
| License | MIT
| Doc PR | N/A
php 7.2 enabled color support on windows(>=10.0.10586) and introduced a new function called `sapi_windows_vt100_support` to get and set the state. this PR add the support for this new function, so users on windows can see the colorful world again with php 7.2+.
Commits
-------
5bbb77b support sapi_windows_vt100_support for php 7.2+
This PR was merged into the 2.7 branch.
Discussion
----------
[TwigBridge] Allow label translation to be safe
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | ~
| Fixed tickets | ~
| License | MIT
| Doc PR | ~
After overriding `TranslationExtension`'s `trans` filter to make it safe I noticed form labels were still escaped because of `label` in
```twig
{{ translation_domain is same as(false) ? label : label|trans({}, translation_domain) }}
```
Replacing this ternary with `if`/`else` allows `trans` return to be safe.
WDYT?
Commits
-------
041c42db6a Allow trans filter to be safe
This PR was squashed before being merged into the 2.7 branch (closes#25878).
Discussion
----------
[HttpFoundation] Added "null" type on Request::create docblock
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | n/a
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
Continuation of #24902 and #25875
Commits
-------
b18f9e76a5 [HttpFoundation] Added "null" type on Request::create docblock
This PR was merged into the 3.4 branch.
Discussion
----------
Don't stop PSR-4 service discovery if a parent class is missing
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #25929
| License | MIT
| Doc PR | N/A
Commits
-------
3d6c3ba836 Don't stop PSR-4 service discovery if a parent class is missing.
* 4.0:
[HttpFoundation] Use the correct syntax for session gc based on Pdo driver
Removed assertDateTimeEquals() methods.
Revert "bug #24987 [Console] Fix global console flag when used in chain (Simperfit)"
Revert "bug #25487 [Console] Fix a bug when passing a letter that could be an alias (Simperfit)"
Disable CSP header on exception pages only in debug
Fixed submitting disabled buttons
Fixed Button::setParent() when already submitted
Improve assertions
Restore RoleInterface import
[Console] Provide a bugfix where an array could be passed
Improve assertions
SCA: get rid of repetitive calls
allow null values for root nodes in YAML configs
revert useless tests fixtures changes
[VarDumper] Fix docblock
Improve phpdoc to make it more explicit
[DI] Fix initialization of legacy containers by delaying include_once
* 3.4:
[HttpFoundation] Use the correct syntax for session gc based on Pdo driver
Removed assertDateTimeEquals() methods.
Revert "bug #24987 [Console] Fix global console flag when used in chain (Simperfit)"
Revert "bug #25487 [Console] Fix a bug when passing a letter that could be an alias (Simperfit)"
Disable CSP header on exception pages only in debug
Fixed submitting disabled buttons
Fixed Button::setParent() when already submitted
Improve assertions
Restore RoleInterface import
[Console] Provide a bugfix where an array could be passed
Improve assertions
SCA: get rid of repetitive calls
allow null values for root nodes in YAML configs
revert useless tests fixtures changes
[VarDumper] Fix docblock
Improve phpdoc to make it more explicit
[DI] Fix initialization of legacy containers by delaying include_once
* 3.3:
[HttpFoundation] Use the correct syntax for session gc based on Pdo driver
Removed assertDateTimeEquals() methods.
Revert "bug #24987 [Console] Fix global console flag when used in chain (Simperfit)"
Revert "bug #25487 [Console] Fix a bug when passing a letter that could be an alias (Simperfit)"
Disable CSP header on exception pages only in debug
Fixed submitting disabled buttons
Fixed Button::setParent() when already submitted
Improve assertions
Restore RoleInterface import
Improve assertions
SCA: get rid of repetitive calls
allow null values for root nodes in YAML configs
revert useless tests fixtures changes
[VarDumper] Fix docblock
Improve phpdoc to make it more explicit
* 2.8:
[HttpFoundation] Use the correct syntax for session gc based on Pdo driver
Removed assertDateTimeEquals() methods.
Revert "bug #24987 [Console] Fix global console flag when used in chain (Simperfit)"
Revert "bug #25487 [Console] Fix a bug when passing a letter that could be an alias (Simperfit)"
Disable CSP header on exception pages only in debug
Fixed submitting disabled buttons
Fixed Button::setParent() when already submitted
Improve assertions
Improve assertions
SCA: get rid of repetitive calls
allow null values for root nodes in YAML configs
[VarDumper] Fix docblock
Improve phpdoc to make it more explicit
This PR was merged into the 2.7 branch.
Discussion
----------
Removed assertDateTimeEquals() methods
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | N/A
| License | MIT
| Doc PR | N/A
All PHPUnit versions that we use on Travis support comparing `DateTime` objects via `assertEquals()`. Yet, we have our own code in place to check for equality of `DateTime` objects. This PR removes that code.
Commits
-------
5b73d1c1e6 Removed assertDateTimeEquals() methods.
* 2.7:
[HttpFoundation] Use the correct syntax for session gc based on Pdo driver
Revert "bug #24987 [Console] Fix global console flag when used in chain (Simperfit)"
Revert "bug #25487 [Console] Fix a bug when passing a letter that could be an alias (Simperfit)"
Disable CSP header on exception pages only in debug
Fixed submitting disabled buttons
Fixed Button::setParent() when already submitted
Improve assertions
SCA: get rid of repetitive calls
allow null values for root nodes in YAML configs
[VarDumper] Fix docblock
Improve phpdoc to make it more explicit
This PR was merged into the 2.7 branch.
Discussion
----------
Improve assertions
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
Following #25420 before start other branches.
Btw, the other branches are 2.8, 3.3, 3.4, 4.0 and master?
Commits
-------
3d90a2217d Improve assertions
This PR was merged into the 2.7 branch.
Discussion
----------
Disable CSP header on exception pages only in debug
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #24772
| License | MIT
| Doc PR |
Based on a feedback we received, there are situations on production when it's desired to have CSP header in place even if exception occurred.
This uses now same condition that is used by ExceptionController in TwigBridge to evaluate if styled exception template is going to be shown, minus `showException` request attribute which don't make sense in this context, because it's used by PreviewController only and in such case this listener isn't triggered.
Overriding CSP header via HTML meta tag unfortunately, but not surprisingly, doesn't work.
Commits
-------
b77538c2fe Disable CSP header on exception pages only in debug
This PR was merged into the 2.7 branch.
Discussion
----------
[Form] Fixed Button::setParent() when already submitted
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | ~
| License | MIT
| Doc PR | ~
The `Button` does not respect the [FormInterface](https://github.com/symfony/symfony/blob/master/src/Symfony/Component/Form/FormInterface.php#L28), by extension the `SubmitButton` neither.
Commits
-------
9f0c7bf549 Fixed Button::setParent() when already submitted
This PR was merged into the 3.4 branch.
Discussion
----------
[Console] Provide a DX where an array could be passed
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no <!-- don't forget to update src/**/CHANGELOG.md files -->
| BC breaks? | no
| Deprecations? | no <!-- don't forget to update UPGRADE-*.md files -->
| Tests pass? | yes
| Fixed tickets | #25394
| License | MIT
| Doc PR | none
I think that this is not fixing the root causes that does not appears in 4.1, so maybe there is something better to do. I did not find the root cause So I think it can bo good to fix the problem too.
Commits
-------
de502f7 [Console] Provide a bugfix where an array could be passed
This PR was merged into the 3.3 branch.
Discussion
----------
Restore RoleInterface import
| Q | A
| ------------- | ---
| Branch? | 3.3
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no <!-- don't forget to update UPGRADE-*.md files -->
| Tests pass? | yes
| License | MIT
The import is use on PHPDoc but was accidentally removed. Maybe because PHPStorm does not match with the import when you use parenthesis.
Not really a bug as it is concerning only PHPDoc, but it make some analysis tools like PHPStan yelling:
```
------ -----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Line src/AppBundle/Security/Authentication/ApiKeyAuthenticator.php
------ -----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
64 Parameter #4 $roles of class Symfony\Component\Security\Core\Authentication\Token\PreAuthenticatedToken constructor expects array<string|Symfony\Component\Security\Core\Authentication\Token\RoleInterface>, array<string|Symfony\Component\Security\Core\Role\Role>
given.
------ -----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
------ -----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Line tests/AppBundle/Controller/WebTestCase.php
------ -----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
59 Parameter #4 $roles of class Symfony\Component\Security\Core\Authentication\Token\PreAuthenticatedToken constructor expects array<string|Symfony\Component\Security\Core\Authentication\Token\RoleInterface>, array<string|Symfony\Component\Security\Core\Role\Role>
given.
------ -----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
```
Commits
-------
8ecfeb1e31 Restore RoleInterface import
This PR was merged into the 2.7 branch.
Discussion
----------
[minor] SCA: reduce repetitive method calls (sequential and in loop)
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
Commits
-------
609372252f SCA: get rid of repetitive calls
This PR was merged into the 4.1-dev branch.
Discussion
----------
[DependencyInjection] Anonymous services in PHP DSL
| Q | A
| ------------- | ---
| Branch? | 4.1
| Bug fix? | no
| New feature? | enhancement for fluent PHP configs
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #24493
| License | MIT
| Doc PR | not yet
See #24493:
```php
$s->anonymous(SendEmailForRegisteredUser::class)->tag('listener');
```
Commits
-------
ee4227683d [DI] Add way to register service with implicit name using the PHP DSL
This PR was merged into the 3.4 branch.
Discussion
----------
[DI] Fix initialization of legacy containers by delaying include_once
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
Best reviewed ignoring whitespaces:
https://github.com/symfony/symfony/pull/25858/files?w=1
Noticed while removing a package: silencing the failing `include_once` as introduced in #25255 is not working for the `$oldContainer` in `Kernel`, and fails with a fatal error when an include succeeds but the class inside misses a parent.
Delaying the calls to `include_once` to the moment where the fresh container is actually used first, when setting the "kernel" service, works around the situation.
Commits
-------
5e750ec4b5 [DI] Fix initialization of legacy containers by delaying include_once
This PR was merged into the 4.1-dev branch.
Discussion
----------
Introduce signaled process specific exception class
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #25768
| License | MIT
| Doc PR | N/A
Introduced the `ProcessSignaledException` class to properly catch signaled process errors.
I took benefit to refactor process exception with a new `ProcessRuntimeException` class.
Commits
-------
68adb3b903 Introduce signaled process specific exception class
This will revert #25847. Basically, the changes done in #25847 were not
wrong per se. However, those changes were not necessary as the tests
were not failing because of the missing "assets" config, but due to an
issue introduced in the Config component. Furthermore, removing this
part of the config fixtures gives us the benefit that our before
normalization logic that enables assets support when the templating
integration is enabled is properly tested.
It confused me a lot that the method took an array and that the phpdoc said we should pass a string instead of an array. This small change should clear up the confusion.
* 4.0:
Have weak_vendors ignore deprecations from outside
[HttpFoundation] fixed return type of method HeaderBag::get
[HttpFoundation] Added "resource" type on Request::create docblock
[Console] Fix using finally where the catch can also fail
[Process] Skip environment variables with false value in Process
Revert "bug #25789 Enableable ArrayNodeDefinition is disabled for empty configuration (kejwmen)"
Formatting fix in upgrade 3.0 document
don't split lines on carriage returns when dumping
trim spaces from unquoted scalar values
Revert "bug #25851 [Validator] Conflict with egulias/email-validator 2.0 (emodric)"
[DI] compilation perf tweak
[Validator] Conflict with egulias/email-validator 2.0
[Validator] add missing parent isset and add test
* 3.4:
Have weak_vendors ignore deprecations from outside
[HttpFoundation] fixed return type of method HeaderBag::get
[HttpFoundation] Added "resource" type on Request::create docblock
[Process] Skip environment variables with false value in Process
Revert "bug #25789 Enableable ArrayNodeDefinition is disabled for empty configuration (kejwmen)"
Formatting fix in upgrade 3.0 document
don't split lines on carriage returns when dumping
Revert "bug #25851 [Validator] Conflict with egulias/email-validator 2.0 (emodric)"
[DI] compilation perf tweak
[Validator] Conflict with egulias/email-validator 2.0
[Validator] add missing parent isset and add test
* 3.3:
Have weak_vendors ignore deprecations from outside
[HttpFoundation] fixed return type of method HeaderBag::get
[HttpFoundation] Added "resource" type on Request::create docblock
[Process] Skip environment variables with false value in Process
Revert "bug #25789 Enableable ArrayNodeDefinition is disabled for empty configuration (kejwmen)"
Formatting fix in upgrade 3.0 document
don't split lines on carriage returns when dumping
Revert "bug #25851 [Validator] Conflict with egulias/email-validator 2.0 (emodric)"
[DI] compilation perf tweak
[Validator] Conflict with egulias/email-validator 2.0
[Validator] add missing parent isset and add test
* 2.8:
[HttpFoundation] fixed return type of method HeaderBag::get
[HttpFoundation] Added "resource" type on Request::create docblock
Revert "bug #25789 Enableable ArrayNodeDefinition is disabled for empty configuration (kejwmen)"
Formatting fix in upgrade 3.0 document
Revert "bug #25851 [Validator] Conflict with egulias/email-validator 2.0 (emodric)"
[Validator] add missing parent isset and add test
* 2.7:
[HttpFoundation] fixed return type of method HeaderBag::get
[HttpFoundation] Added "resource" type on Request::create docblock
Revert "bug #25789 Enableable ArrayNodeDefinition is disabled for empty configuration (kejwmen)"
Revert "bug #25851 [Validator] Conflict with egulias/email-validator 2.0 (emodric)"
[Validator] add missing parent isset and add test
This PR was merged into the 2.7 branch.
Discussion
----------
[HttpFoundation] fixed return type of method HeaderBag::get
| Q | A
| ------------- | ---
| Branch? | 3.3
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| License | MIT
<!--
- Bug fixes must be submitted against the lowest branch where they apply
(lowest branches are regularly merged to upper ones so they get the fixes too).
- Features and deprecations must be submitted against the master branch.
- Please fill in this template according to the PR you're about to submit.
- Replace this comment by a description of what your PR is solving.
-->
Commits
-------
6b608e8 [HttpFoundation] fixed return type of method HeaderBag::get
This PR was merged into the 2.7 branch.
Discussion
----------
[HttpFoundation] Added "resource" type on Request::create docblock
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
Replaces #24902
Commits
-------
d1a96ca [HttpFoundation] Added "resource" type on Request::create docblock
This PR was merged into the 4.0 branch.
Discussion
----------
[Console] Fix using finally where the catch can also fail
| Q | A
| ------------- | ---
| Branch? | 4.0
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #25872
| License | MIT
| Doc PR | -
Restores code to 3.4 state, which is free from the issue.
Commits
-------
763a914 [Console] Fix using finally where the catch can also fail
This PR was merged into the 2.7 branch.
Discussion
----------
[Validator] add missing parent isset and add test
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no <!-- don't forget to update src/**/CHANGELOG.md files -->
| BC breaks? | no
| Deprecations? | no <!-- don't forget to update UPGRADE-*.md files -->
| Tests pass? | yes
| Fixed tickets | #25843 <!-- #-prefixed issue number(s), if any -->
| License | MIT
| Doc PR |
This is a little PR to fix the error and to add the parent::__isset to the Constraints class, I'm adding a test too to be sure that this is not possible again.
Btw, since this is instagihub, I'm coding at home and then I see a squirrel :
Commits
-------
bcb79a3 [Validator] add missing parent isset and add test
This PR was merged into the 3.3 branch.
Discussion
----------
[Process] Skip environment variables with false value in Process
| Q | A
| ------------- | ---
| Branch? | master, 4.0, 3.3, 3.4
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | ~
| License | MIT
| Doc PR | ~
With the commit 03adce239d, all env variables are injecting in the process, and the env variable with the `false` value are converted in empty string.
For example, it's problematic with the bundle SymfonyWebServerBundle and the last version of the [symfony/framework-bundle recipe](https://github.com/symfony/recipes/blob/master/symfony/framework-bundle/3.3/public/index.php#L11), because the WebServer override the value of `APP_ENV` with `false` to override previously loaded variables (c5a1218555), and with the commit 03adce239d, the `APP_ENV` variable is injected with a empty string value, instead of not being injected, as was the case before.
This PR not use the same logic as the [getDefaultEnv()](https://github.com/symfony/symfony/blob/4.0/src/Symfony/Component/Process/Process.php#L1553) method.
Commits
-------
2daf4f9 [Process] Skip environment variables with false value in Process
This PR was squashed before being merged into the 4.1-dev branch (closes#25493).
Discussion
----------
[Serializer] `default_constructor_arguments` context option for denormalization
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | (there is no RFC for this)
| License | MIT
| Doc PR | https://github.com/symfony/symfony-docs/pull/8914
## Problems
In the case you want to deserialize value-objects, if all the data required by its constructor are **not** given as input, the serializer will throw a simple `RuntimeException` exception. This makes impossible to catch it. (as current fix on my projects I use exception message to be sure to catch the good one X.x")
The second problem is a missing feature to fill the required object with an empty one. This needs to be defined by the user because the serializer can't guess how to build it.
Here is a project that exposes the problem of the current behavior. https://github.com/Nek-/api-platform-value-object
## Solutions suggested
I suggest a solution in 2 parts because the second part is more touchy.
1. Replace the current exception by a new specific one
2. Add a new `empty_data` option to the context of deserialization so you can specify data for objects impossible to instantiate, this is great because the serializer no more throw exception and the validator can then work as expected and send violations to the user. This solution is inspired by forms solutions to fix the issue with value objects
Here is what you can do with this feature:
```php
class DummyValueObject
{
public function __construct($foo, $bar) { $this->foo = $foo; $this->bar = $bar; }
}
$empty = new DummyValueObject('', '');
$result = $normalizer->denormalize(['foo' => 'Hello'], DummyValueObject::class, 'json', [
'empty_data' => [
DummyValueObject::class => $empty,
],
]);
// It's impossible to construct a DummyValueObject with only "foo" value. So the serializer
// will replace it with the given empty data
```
There are 2 commits so I can quickly provide you only the first point if you want. Hope you'll like this.
## Solution after discussion
1. New exception `MissingConstructorArgumentsException`
2. New context option `default_constructor_arguments`
```php
class DummyValueObject
{
public function __construct($foo, $bar) { $this->foo = $foo; $this->bar = $bar; }
}
$result = $normalizer->denormalize(['foo' => 'Hello'], DummyValueObject::class, 'json', [
'default_constructor_arguments' => [
DummyValueObject::class => ['foo' => '', 'bar' => ''],
],
]);
// DummyValueObject is contructed with the given `foo` and empty `bar`
```
Commits
-------
1523a85542 [Serializer] context option for denormalization
This PR was merged into the 3.3 branch.
Discussion
----------
[FrameworkBundle] fix DI extension tests
| Q | A
| ------------- | ---
| Branch? | 3.3
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
The failing tests relied on the assets integration being enabled. Since
we never did enable this explicitly, the assets related definitions are
removed now that #25789 was merged which fixed#25760.
Commits
-------
1cb8f69 [FrameworkBundle] fix DI extension tests
The failing tests relied on the assets integration being enabled. Since
we never did enable this explicitly, the assets related definitions are
removed now that #25789 was merged which fixed#25760.
This PR was squashed before being merged into the 4.1-dev branch (closes#25627).
Discussion
----------
[DI] Add a simple CSV env var processor
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes <!-- don't forget to update src/**/CHANGELOG.md files -->
| BC breaks? | no
| Deprecations? | no <!-- don't forget to update UPGRADE-*.md files -->
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
Add a new environment variable processor to parse the very popular comma separated array format like `foo,bar`. As it uses the `str_getcsv`, it also support escaping and enclosure.
I'm not sure about the name, maybe `array` or `simple_array` would be better.
Commits
-------
d730209d87 [DI] Add a simple CSV env var processor
* 4.0:
[HttpKernel] DebugHandlersListener should always replace the existing exception handler
fix the Composer API being used
[Security] Notify that symfony/expression-language is not installed if ExpressionLanguage and ExpressionLanguagePrivider are used
[Debug] Always decorate existing exception handlers to deal with fatal errors
Enableable ArrayNodeDefinition is disabled for empty configuration
Fixing a bug where the dump() function depended on bundle ordering
[Cache] Fix handling of apcu_fetch() edgy behavior
Add nn (Norwegian Nynorsk) translation files, and improve existing file
Problem in phar see mergerequest #25579
[Form] Disallow transform dates beyond the year 9999
Avoid button label translation when it's set to false
Copied NO language files to the new NB locale.
[Serializer] DateTimeNormalizer handling of null and empty values (returning null or empty instead of new object)
Fix options resolver with array allowed types
[Console] Improve phpdoc on StyleInterface::ask()
[TwigBridge][WIP] Pass the form-check-inline in parent
* 3.4:
[HttpKernel] DebugHandlersListener should always replace the existing exception handler
fix the Composer API being used
[Security] Notify that symfony/expression-language is not installed if ExpressionLanguage and ExpressionLanguagePrivider are used
[Debug] Always decorate existing exception handlers to deal with fatal errors
Enableable ArrayNodeDefinition is disabled for empty configuration
Fixing a bug where the dump() function depended on bundle ordering
[Cache] Fix handling of apcu_fetch() edgy behavior
Add nn (Norwegian Nynorsk) translation files, and improve existing file
Problem in phar see mergerequest #25579
[Form] Disallow transform dates beyond the year 9999
Avoid button label translation when it's set to false
Copied NO language files to the new NB locale.
[Serializer] DateTimeNormalizer handling of null and empty values (returning null or empty instead of new object)
Fix options resolver with array allowed types
[Console] Improve phpdoc on StyleInterface::ask()
[TwigBridge][WIP] Pass the form-check-inline in parent
* 3.3:
[HttpKernel] DebugHandlersListener should always replace the existing exception handler
fix the Composer API being used
[Debug] Always decorate existing exception handlers to deal with fatal errors
Enableable ArrayNodeDefinition is disabled for empty configuration
Fixing a bug where the dump() function depended on bundle ordering
[Cache] Fix handling of apcu_fetch() edgy behavior
Add nn (Norwegian Nynorsk) translation files, and improve existing file
Problem in phar see mergerequest #25579
[Form] Disallow transform dates beyond the year 9999
Copied NO language files to the new NB locale.
[Serializer] DateTimeNormalizer handling of null and empty values (returning null or empty instead of new object)
[Console] Improve phpdoc on StyleInterface::ask()
* 2.8:
fix the Composer API being used
[Debug] Always decorate existing exception handlers to deal with fatal errors
Enableable ArrayNodeDefinition is disabled for empty configuration
Fixing a bug where the dump() function depended on bundle ordering
Add nn (Norwegian Nynorsk) translation files, and improve existing file
Problem in phar see mergerequest #25579
[Form] Disallow transform dates beyond the year 9999
Copied NO language files to the new NB locale.
[Console] Improve phpdoc on StyleInterface::ask()
* 2.7:
fix the Composer API being used
[Debug] Always decorate existing exception handlers to deal with fatal errors
Enableable ArrayNodeDefinition is disabled for empty configuration
Fixing a bug where the dump() function depended on bundle ordering
Add nn (Norwegian Nynorsk) translation files, and improve existing file
Problem in phar see mergerequest #25579
[Form] Disallow transform dates beyond the year 9999
Copied NO language files to the new NB locale.
[Console] Improve phpdoc on StyleInterface::ask()
This PR was squashed before being merged into the 4.1-dev branch (closes#25092).
Discussion
----------
[Security] #25091 add target user to SwitchUserListener
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #25091
| License | MIT
| Doc PR |
This patch provides the target user to the SwitchUserListener's
accessDecisionManager->decide() call as the $object parameter to
give any registered voters extra information.
Commits
-------
5cb6f2a [Security] #25091 add target user to SwitchUserListener
This PR was merged into the 2.7 branch.
Discussion
----------
[Debug] Always decorate existing exception handlers to deal with fatal errors
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #25827
| License | MIT
| Doc PR | -
Decorating the exception is seamless, let's always do it and fix handling of fatal errors.
Related to #25408 also.
Commits
-------
205d7ae3f7 [Debug] Always decorate existing exception handlers to deal with fatal errors
This PR was merged into the 3.4 branch.
Discussion
----------
[Security] Notify that symfony/expression-language is not installed if ExpressionLanguage is used
| Q | A
| ------------- | ---
| Branch? | master for features / 3.4
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #25742
| License | MIT
| Doc PR | not requested
Commits
-------
6aa2b7cce0 [Security] Notify that symfony/expression-language is not installed if ExpressionLanguage and ExpressionLanguagePrivider are used
This PR was squashed before being merged into the 4.1-dev branch (closes#24777).
Discussion
----------
[TwigBundle] Added priority to twig extensions
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR | Don't merge before the docs
Added priority to twig extensions in the `TwigEnvironmentPass` to control the order in which they're registered, similar to the `TwigLoaderPass`
Though, unsure on what priority to use as a default, and will PR docs when finalised.
Commits
-------
d87af719fd [TwigBundle] Added priority to twig extensions
This PR was merged into the 2.7 branch.
Discussion
----------
Fixing a bug where the dump() function depended on bundle ordering
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | none
| License | MIT
| Doc PR | not needed
If DebugBundle is registered *before* TwigBundle, then the simpler `dump()` function wins over the fancy, var-dumper one from DebugBundle. In other words, you get different functionality based on the *order* in which you install libraries. To get the "bad" way, you can:
```
composer create-project symfony/skeleton show_bad_dump
cd show_bad_dump
composer require symfony/debug-bundle
composer require twig
```
Then create a Twig template with a `dump()` inside. It will use the less-fancy XDebug version.
I'm not sure if there's a more elegant fix for this or not... I have verified locally that this DOES fix the issue.
Thanks!
Commits
-------
717663aac1 Fixing a bug where the dump() function depended on bundle ordering
This PR was merged into the 3.4 branch.
Discussion
----------
[OptionsResolver] Fix options resolver with array allowed types
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | none
| License | MIT
| Doc PR | none
When playing a simple test:
```php
use Symfony\Component\OptionsResolver\Options;
$resolver = new OptionsResolver();
$resolver->setDefined('foo');
$resolver->setAllowedTypes('foo', 'string[]');
$options = $resolver->resolve(['foo' => ['bar', 'baz']]);
```
I get this error:
```
Symfony\Component\OptionsResolver\Exception\InvalidOptionsException: The option "foo" with value array is expected to be of type "string[]", but is of type "string[]"
```
This PR should fix this.
Commits
-------
cc215f7347 Fix options resolver with array allowed types
This PR was squashed before being merged into the 2.7 branch (closes#25789).
Discussion
----------
Enableable ArrayNodeDefinition is disabled for empty configuration
| Q | A
| ------------- | ---
| Branch? | 2.7+
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #25760
| License | MIT
Fixes#25760.
Currently, documented behavior is not true:
70c8c2d47b/src/Symfony/Component/Config/Definition/Builder/ArrayNodeDefinition.php (L207-L208)
Commits
-------
a6a330dcd9 Enableable ArrayNodeDefinition is disabled for empty configuration
This PR was squashed before being merged into the 4.1-dev branch (closes#25741).
Discussion
----------
[Form] issue-13589: adding custom false-values to BooleanToString transformer
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #13589
| License | MIT
| Doc PR | https://github.com/symfony/symfony-docs/pull/9031
As suggested in #13589 , this PR adds the option to specify custom false-values, so we can use the CheckBoxType to handle strings '1' / '0' and eval them to true / false. While HTTP defines that checkbox types are either submitted=true or not-submitted=false, no matter of what value was submitted, it would be nice to have this option.
Also refs (which read like "the basic idea of the feature was accepted, PR almost done, then something-happend so PR wasnt merged"..?)
https://github.com/symfony/symfony/pull/15054https://github.com/symfony/symfony/pull/18005
Commits
-------
a3e5ac496f [Form] issue-13589: adding custom false-values to BooleanToString transformer
This PR was squashed before being merged into the 2.7 branch (closes#25816).
Discussion
----------
Problem in phar see mergerequest #25579
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #... <!-- #-prefixed issue number(s), if any -->
| License | MIT
| Doc PR | symfony/symfony-docs#... <!--highly recommended for new features-->
If packed into phar the old version creates path like 'file:///phar%3A/'. see https://github.com/symfony/symfony/pull/25579
Commits
-------
3e0c8ffb43 Problem in phar see mergerequest #25579
This PR was squashed before being merged into the 2.7 branch (closes#25781).
Discussion
----------
[Form] Disallow transform dates beyond the year 9999
Fixes#14727
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | not really
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #14727
| License | MIT
Explicitly locked out submission of dates beyond December 31st 9999 in forms as PHP is highly incapable of consistently handling such dates. Before this patch dates were randomly transformed or mangled.
Technically there is a BC break as this will now cause validation to fail on input that was *accepted* before, but it was mangled. Not my call but I prefer the rejection over data corruption:
```
// Old behavior
$transformer = new DateTimeToLocalizedStringTransformer('UTC', 'UTC', null, null, \IntlDateFormatter::GREGORIAN, 'yyyy-MM-dd');
$result = $transformer->reverseTransform('20107-03-21');
// $result is now 2007-03-21
```
Commits
-------
70cc969537 [Form] Disallow transform dates beyond the year 9999
This PR was merged into the 3.3 branch.
Discussion
----------
[Serializer] DateTimeNormalizer handling of null and empty values (returning it instead of new object)
| Q | A
| ------------- | ---
| Branch? | 3.3
| Bug fix? | yes
| New feature? | no <!-- don't forget to update src/**/CHANGELOG.md files -->
| BC breaks? | no
| Deprecations? | no <!-- don't forget to update UPGRADE-*.md files -->
| Tests pass? | no
| Fixed tickets | #23964
| License | MIT
| Doc PR |
I'm openning the disucussion on this as I think that should be returning null and not a new object.
WDYT ?
Working at home ;)
Commits
-------
74726f3896 [Serializer] DateTimeNormalizer handling of null and empty values (returning null or empty instead of new object)
This PR was merged into the 3.4 branch.
Discussion
----------
[TwigBridge] Pass the form-check-inline in parent
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no <!-- don't forget to update src/**/CHANGELOG.md files -->
| BC breaks? | no
| Deprecations? | no <!-- don't forget to update UPGRADE-*.md files -->
| Tests pass? | no
| Fixed tickets | #25099 <!-- #-prefixed issue number(s), if any -->
| License | MIT
| Doc PR | none
I'm trying to find a way to be able to handle this. Will add a reproducer soon.
Commits
-------
02b7edb825 [TwigBridge][WIP] Pass the form-check-inline in parent
This PR was merged into the 2.7 branch.
Discussion
----------
Copied NO language files to the new NB locale
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #25792
| License | MIT
| Doc PR | N/A
This PR copies all `NO` language files to a new locale `NB`. It also adds unit tests to ensure that `NB` and `NO` will always contain the same translations. This way, we allow application developers to either use the generic `NO` language code or the more precise `NB` (e.g. if they need to distinguish between the `NB` and `NN` variants of the Norwegian language).
For further details, please have a look at the discussion in #25792.
Commits
-------
aee9b1ea3e Copied NO language files to the new NB locale.
This PR was merged into the 2.7 branch.
Discussion
----------
[Console] Improve phpdoc on StyleInterface::ask()
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #... <!-- #-prefixed issue number(s), if any -->
| License | MIT
| Doc PR | symfony/symfony-docs#... <!--highly recommended for new features-->
In a CLI command i keep asking an optional question until i get an answer. So interactively it's a required question. It looks like..
```php
do {
$value = $io->ask('Value', null, function ($value) { return $value; });
} while (null === $value);
```
Which works nice.. but SA is complaining about
```
Strict comparison using === between null and string will always evaluate to false.
```
This should fix it. The mixed API goes back to https://github.com/symfony/symfony/blob/master/src/Symfony/Component/Console/Helper/QuestionHelper.php#L38
Commits
-------
499d04f [Console] Improve phpdoc on StyleInterface::ask()
* 4.0:
[appveyor] set memory_limit=-1
[Console] Keep the modified exception handler
[Console] Fix restoring exception handler
[Router] Skip anonymous classes when loading annotated routes
allow dashes in cwd pathname when running the tests
Fixed Request::__toString ignoring cookies
Make sure we only build once and have one time the prefix when importing routes
[Security] Fix fatal error on non string username
[FrameworkBundle] Automatically enable the CSRF if component *+ session* are loaded
* 3.4:
[appveyor] set memory_limit=-1
[Console] Keep the modified exception handler
[Console] Fix restoring exception handler
[Router] Skip anonymous classes when loading annotated routes
allow dashes in cwd pathname when running the tests
Fixed Request::__toString ignoring cookies
Make sure we only build once and have one time the prefix when importing routes
[Security] Fix fatal error on non string username
[FrameworkBundle] Automatically enable the CSRF if component *+ session* are loaded
* 3.3:
[appveyor] set memory_limit=-1
[Router] Skip anonymous classes when loading annotated routes
Fixed Request::__toString ignoring cookies
Make sure we only build once and have one time the prefix when importing routes
[Security] Fix fatal error on non string username
* 2.8:
[appveyor] set memory_limit=-1
[Router] Skip anonymous classes when loading annotated routes
Fixed Request::__toString ignoring cookies
[Security] Fix fatal error on non string username
* 2.7:
[appveyor] set memory_limit=-1
[Router] Skip anonymous classes when loading annotated routes
Fixed Request::__toString ignoring cookies
[Security] Fix fatal error on non string username
This PR was merged into the 2.7 branch.
Discussion
----------
[appveyor] set memory_limit=-1
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
Commits
-------
10e33ac [appveyor] set memory_limit=-1
This PR was squashed before being merged into the 2.7 branch (closes#25801).
Discussion
----------
[Router] Skip anonymous classes when loading annotated routes
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #25796
| License | MIT
| Doc PR |
Skip any usage of anonymous classes when parsing files in `AnnotationFileLoader`
Commits
-------
d76a545 [Router] Skip anonymous classes when loading annotated routes
This PR was merged into the 3.4 branch.
Discussion
----------
[FrameworkBundle] Auto-enable CSRF if the component *+ session* are loaded
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | https://github.com/symfony/recipes/issues/262
| License | MIT
| Doc PR | -
By binding CSRF and session default state, we provide better DX, but we also provide a way for bundles to enable session on its own: they just need to require "symfony/security-csrf".
Yes, that's a side effect, but I think that's a nice one for 3.4/4.0.
Of course, we might do better in 4.1, but for bug fix only releases, LGTM.
Commits
-------
9e8231f [FrameworkBundle] Automatically enable the CSRF if component *+ session* are loaded
This PR was merged into the 2.7 branch.
Discussion
----------
[Security] Fix fatal error on non string username
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | https://github.com/symfony/symfony/issues/25612
| License | MIT
| Doc PR | n/a
That's consistent with what #22569 did for the `json_login` listener.
Commits
-------
8f095683d0 [Security] Fix fatal error on non string username
This PR was merged into the 3.3 branch.
Discussion
----------
[Routing] Make sure we only build routes once
| Q | A
| ------------- | ---
| Branch? | 3.3
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #25746
| License | MIT
| Doc PR | ø
We need to build the collection(s) only once, else the prefix would be duplicated.
Commits
-------
927a75ac3e Make sure we only build once and have one time the prefix when importing routes
* 4.0:
[Console] Add placeholder for line number in console exception fixtures
fix HHVM tests
minor #25752 Don't right trim the deprecation message (alexpott)
* 3.4:
[Console] Add placeholder for line number in console exception fixtures
fix HHVM tests
minor #25752 Don't right trim the deprecation message (alexpott)
This PR was merged into the 3.3 branch.
Discussion
----------
Remove polyfill-util dependency from fullstack and security
| Q | A
| ------------- | ---
| Branch? | 3.3
| Bug fix? | kinda
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
Applies #22709 to the two higher-level packages. I've applied it to 3.3 as that's where that change was merged (though it was `master` as the time); these may actually apply earlier though?
(#16382 was mentioned and applied to 2.8, though is for the serializer which is unrelated? Should have been 3.0 when `StringUtils` was removed?)
Commits
-------
939efd59b9 Remove polyfill-util dependency from fullstack and security
This PR was submitted for the 3.4 branch but it was squashed and merged into the 3.3 branch instead (closes#25752).
Discussion
----------
Don't right trim the deprecation message
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | maybe yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no <!-- don't forget to update UPGRADE-*.md files -->
| Tests pass? | yes
| Fixed tickets | #... <!-- #-prefixed issue number(s), if any -->
| License | MIT
| Doc PR | symfony/symfony-docs#... <!--highly recommended for new features-->
<!--
- Bug fixes must be submitted against the lowest branch where they apply
(lowest branches are regularly merged to upper ones so they get the fixes too).
- Features and deprecations must be submitted against the master branch.
- Replace this comment by a description of what your PR is solving.
-->
The PhpUnit bridge lists deprecation messages after a test. In order to do this it outputs the message but it right trims the message - removing any fullstops. This is unexpected. It does this to add the number of time the message appears but this is not really necessary because the number of the times a deprecation message is triggered and from where is added below.
Commits
-------
0b03631 Don't right trim the deprecation message
* 4.0:
fix merge
fixed wrong description in a phpdoc
19 digits VISA card numbers are valid
Add missing @ in phpdoc return statement
Don't right trim the deprecation message
[HttpKernel] Fixed test name
[Debug] prevent infinite loop with faulty exception handlers
[FrameworkBundle] fix tests
Prefer composer install instead for using Symfony Installer
Add the missing `enabled` session attribute
[HttpKernel] Turn bad hosts into 400 instead of 500
* 3.4:
fix merge
fixed wrong description in a phpdoc
19 digits VISA card numbers are valid
Add missing @ in phpdoc return statement
Don't right trim the deprecation message
[HttpKernel] Fixed test name
[Debug] prevent infinite loop with faulty exception handlers
[FrameworkBundle] fix tests
Prefer composer install instead for using Symfony Installer
Add the missing `enabled` session attribute
[HttpKernel] Turn bad hosts into 400 instead of 500
* 3.3:
fix merge
fixed wrong description in a phpdoc
19 digits VISA card numbers are valid
Add missing @ in phpdoc return statement
Don't right trim the deprecation message
[HttpKernel] Fixed test name
[Debug] prevent infinite loop with faulty exception handlers
Add the missing `enabled` session attribute
[HttpKernel] Turn bad hosts into 400 instead of 500
* 2.8:
fixed wrong description in a phpdoc
19 digits VISA card numbers are valid
[HttpKernel] Fixed test name
[Debug] prevent infinite loop with faulty exception handlers
Add the missing `enabled` session attribute
[HttpKernel] Turn bad hosts into 400 instead of 500
* 2.7:
fixed wrong description in a phpdoc
19 digits VISA card numbers are valid
[HttpKernel] Fixed test name
[Debug] prevent infinite loop with faulty exception handlers
Add the missing `enabled` session attribute
[HttpKernel] Turn bad hosts into 400 instead of 500
* 4.0: (30 commits)
[FrameworkBundle] fix tests
[Serializer] Fixed throwing exception with option JSON_PARTIAL_OUTPUT_ON_ERROR
[HttpKernel] Fix session handling: decouple "save" from setting response "private"
swap filter/function and package names
[HttpFoundation] Always call proxied handler::destroy() in StrictSessionHandler
[HttpKernel] Fix compile error when a legacy container is fresh again
Add tests for the HttpKernel request collector and redirection via cookies
Uses cookies to track the requests redirection
Tweaked some styles in the profiler tables
Add type string to docblock for Process::setInput()
[Security] Fail gracefully if the security token cannot be unserialized from the session
[Form] AbstractLayoutTest - fix DOMDocument casing
Run simple-phpunit with --no-suggest option
[FrameworkBundle] Fix using "annotations.cached_reader" in after-removing passes
bumped Symfony version to 4.0.4
updated VERSION for 4.0.3
updated CHANGELOG for 4.0.3
bumped Symfony version to 3.4.4
updated VERSION for 3.4.3
updated CHANGELOG for 3.4.3
...
* 3.4: (26 commits)
[Serializer] Fixed throwing exception with option JSON_PARTIAL_OUTPUT_ON_ERROR
[HttpKernel] Fix session handling: decouple "save" from setting response "private"
swap filter/function and package names
[HttpFoundation] Always call proxied handler::destroy() in StrictSessionHandler
[HttpKernel] Fix compile error when a legacy container is fresh again
Add tests for the HttpKernel request collector and redirection via cookies
Uses cookies to track the requests redirection
Tweaked some styles in the profiler tables
Add type string to docblock for Process::setInput()
[Security] Fail gracefully if the security token cannot be unserialized from the session
[Form] AbstractLayoutTest - fix DOMDocument casing
Run simple-phpunit with --no-suggest option
[FrameworkBundle] Fix using "annotations.cached_reader" in after-removing passes
bumped Symfony version to 3.4.4
updated VERSION for 3.4.3
updated CHANGELOG for 3.4.3
bumped Symfony version to 3.3.16
updated VERSION for 3.3.15
updated CHANGELOG for 3.3.15
bumped Symfony version to 2.8.34
...
* 3.3:
[Serializer] Fixed throwing exception with option JSON_PARTIAL_OUTPUT_ON_ERROR
Tweaked some styles in the profiler tables
Add type string to docblock for Process::setInput()
[Security] Fail gracefully if the security token cannot be unserialized from the session
[Form] AbstractLayoutTest - fix DOMDocument casing
Run simple-phpunit with --no-suggest option
[FrameworkBundle] Fix using "annotations.cached_reader" in after-removing passes
bumped Symfony version to 3.3.16
updated VERSION for 3.3.15
updated CHANGELOG for 3.3.15
bumped Symfony version to 2.8.34
updated VERSION for 2.8.33
updated CHANGELOG for 2.8.33
bumped Symfony version to 2.7.41
updated VERSION for 2.7.40
update CONTRIBUTORS for 2.7.40
updated CHANGELOG for 2.7.40
* 2.8:
[Serializer] Fixed throwing exception with option JSON_PARTIAL_OUTPUT_ON_ERROR
Tweaked some styles in the profiler tables
[Security] Fail gracefully if the security token cannot be unserialized from the session
[Form] AbstractLayoutTest - fix DOMDocument casing
bumped Symfony version to 2.8.34
updated VERSION for 2.8.33
updated CHANGELOG for 2.8.33
bumped Symfony version to 2.7.41
updated VERSION for 2.7.40
update CONTRIBUTORS for 2.7.40
updated CHANGELOG for 2.7.40
* 2.7:
[Serializer] Fixed throwing exception with option JSON_PARTIAL_OUTPUT_ON_ERROR
[Security] Fail gracefully if the security token cannot be unserialized from the session
[Form] AbstractLayoutTest - fix DOMDocument casing
bumped Symfony version to 2.7.41
updated VERSION for 2.7.40
update CONTRIBUTORS for 2.7.40
updated CHANGELOG for 2.7.40
This PR was merged into the 3.4 branch.
Discussion
----------
[HttpKernel] Fix session handling: decouple "save" from setting response "private"
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
Fixes https://github.com/symfony/symfony/pull/25583#issuecomment-355717344 from @Tobion, and provides extra laziness for the "session" service, related to https://github.com/symfony/recipes/pull/333.
(deps=high failure will be fixed by merging to upper branches.)
Commits
-------
f8727b8827 [HttpKernel] Fix session handling: decouple "save" from setting response "private"
This PR was merged into the 2.7 branch.
Discussion
----------
[Serializer] Fixed throwing exception with option JSON_PARTIAL_OUTPUT_ON_ERROR
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no <!-- don't forget to update src/**/CHANGELOG.md files -->
| BC breaks? | no
| Deprecations? | no <!-- don't forget to update UPGRADE-*.md files -->
| Tests pass? | yes
| Fixed tickets | no
| License | MIT
| Doc PR | no
<!--
- Bug fixes must be submitted against the lowest branch where they apply
(lowest branches are regularly merged to upper ones so they get the fixes too).
- Features and deprecations must be submitted against the master branch.
- Replace this comment by a description of what your PR is solving.
-->
Php function json_encode/decode with option JSON_PARTIAL_OUTPUT_ON_ERROR return result on error, but if have is error json_last_error() always return error code even if there is a result and it is not false. Because of this is impossible set JSON_PARTIAL_OUTPUT_ON_ERROR option across variable $context.
Current fix solves this problem.
Verification on the false is completely correct, since json_encode / decode returns false only on error if not set JSON_PARTIAL_OUTPUT_ON_ERROR option.
Such have a problem e.g when encoding data is not utf-8 (emoji from facebook).
Commits
-------
e7e410b [Serializer] Fixed throwing exception with option JSON_PARTIAL_OUTPUT_ON_ERROR
This PR was merged into the 3.4 branch.
Discussion
----------
[TwigBridge] swap filter/function and package names
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
Error message was `Did you forget to run "composer require symfony/csrf_token"? Unknown function "form" in "Security/Pages/login.html".` and will now be `Did you forget to run "composer require symfony/form"? Unknown function "csrf_token" in "Security/Pages/login.html".`
Commits
-------
9db699bd8d swap filter/function and package names
This PR was merged into the 3.4 branch.
Discussion
----------
[HttpKernel] Add tests for request collector and cookie redirection
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes (#25719)
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR | ø
Not that I felt bad doing a PR without tests (#25719) but this one adds tests to be sure we stabilize this cookie-based redirection.
Commits
-------
7b4f5a15e7 Add tests for the HttpKernel request collector and redirection via cookies
This PR was merged into the 3.4 branch.
Discussion
----------
[HttpFoundation] Always call proxied handler::destroy() in StrictSessionHandler
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
Noticed by @jpauli: the native file session handler needs a call to `destroy()` to remove session files, even for new empty sessions.
Commits
-------
e5e2d5ddd2 [HttpFoundation] Always call proxied handler::destroy() in StrictSessionHandler
This PR was merged into the 3.3 branch.
Discussion
----------
[FrameworkBundle] Fix using "annotations.cached_reader" in after-removing passes
| Q | A
| ------------- | ---
| Branch? | 3.3
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #25695
| License | MIT
| Doc PR | -
When `annotation_reader` is instantiated in an after-removing pass, it gets the real cache provider, instead of the dummy one that should be provided during compilation of the container.
This situation is found in e.g. `JMS\AopBundle\DependencyInjection\Compiler\PointcutMatchingPass`.
A workaround before next release could be to "get" the `annotation_reader` service somewhere before (like in a regular compiler pass of your own.)
Commits
-------
f66f9a7b37 [FrameworkBundle] Fix using "annotations.cached_reader" in after-removing passes
This PR was squashed before being merged into the 4.1-dev branch (closes#25710).
Discussion
----------
[FrameworkBundle] add cache.app.simple psr simple cache
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #25708
| License | MIT
| Doc PR | TODO?
This adds a PSR SimpleCache version of the `cache.app` service.
Should I also update the documentation somewhere? 😊
Commits
-------
1b6ec8b0ae [FrameworkBundle] add cache.app.simple psr simple cache
This PR was merged into the 2.7 branch.
Discussion
----------
[Security] Fail gracefully if the security token cannot be unserialized from the session
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
If the security token in the session can't be unserialized, an `E_NOTICE` is issued. This prevents it (and provides a better log message if it's not even a `__PHP_Incomplete_Class`).
This is similar to #24731, but I saw it triggered when changing OAuth library (https://github.com/elifesciences/journal/pull/824), so the token class itself no longer exists. (I want to avoid having to manually invalidate all sessions, as not all sessions use that token class.)
Commits
-------
053fa43add [Security] Fail gracefully if the security token cannot be unserialized from the session
This PR was merged into the 4.1-dev branch.
Discussion
----------
[Validator] Add option to pass custom values to Expression validator
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
I needed this in a Form. I had no way to pass things from `$options` into Expression validator.
Maybe can aid in https://github.com/symfony/symfony/pull/23134
Commits
-------
ba0565e3e8 [Validator] Add option to pass custom values to Expression validator
This PR was submitted for the 3.4 branch but it was squashed and merged into the 3.3 branch instead (closes#25585).
Discussion
----------
Add type string to docblock for Process::setInput()
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | none
| License | MIT
| Doc PR | none
Add `string` as valid `$input` for `Process::setInput()`. Since `getInput()` will also return as string and the internal method `ProcessUtils::validateInput()` will accept a string, this should be a viable input type.
Commits
-------
e3de68f2 Add type string to docblock for Process::setInput()
This PR was squashed before being merged into the 3.4 branch (closes#25685).
Discussion
----------
Use triggering file to determine weak vendors if when the test is run in a separate process
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no <!-- don't forget to update src/**/CHANGELOG.md files -->
| BC breaks? | no
| Deprecations? | no <!-- don't forget to update UPGRADE-*.md files -->
| Tests pass? | I think so
| Fixed tickets | #25684
| License | MIT
| Doc PR | symfony/symfony-docs#... <!--highly recommended for new features-->
<!--
- Bug fixes must be submitted against the lowest branch where they apply
(lowest branches are regularly merged to upper ones so they get the fixes too).
- Features and deprecations must be submitted against the master branch.
- Replace this comment by a description of what your PR is solving.
-->
Commits
-------
3830577 Use triggering file to determine weak vendors if when the test is run in a separate process
* 4.0:
[DI] fix param name cast
Remove randomness from dumped containers
fixed messages to be explicit about the package needed to be installed
[FrameworkBundle] Fix recommended composer command (add vendor)
[WebProfilerBundle] set the var in the right scope
[TwigBundle] fix lowest dep
[HttpKernel] Disable CSP header on exception pages
Use the default host even if context is empty and fallback to relative URL if empty host
Proposing Flex-specific error messages in the controller shortcuts
* 3.4:
Remove randomness from dumped containers
fixed messages to be explicit about the package needed to be installed
[FrameworkBundle] Fix recommended composer command (add vendor)
[WebProfilerBundle] set the var in the right scope
[TwigBundle] fix lowest dep
[HttpKernel] Disable CSP header on exception pages
Use the default host even if context is empty and fallback to relative URL if empty host
Proposing Flex-specific error messages in the controller shortcuts
This PR was merged into the 3.4 branch.
Discussion
----------
Remove randomness from dumped containers
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
With this PR, the generated container is immutable by cache clearing: it doesn't contain any random string anymore (well, third party bundles can add random things back, but at least core doesn't).
Since the class+file name of the container is based on a hash of its content, it means that they are now stable also. This should help fix some edge cases/race conditions during cache clears/rebuilds.
(fabbot failure is false positive)
Commits
-------
14dd5d1dbd Remove randomness from dumped containers
This PR was merged into the 3.4 branch.
Discussion
----------
Fix fixed messages to be explicit about the package needed to be installed
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
<!--
- Bug fixes must be submitted against the lowest branch where they apply
(lowest branches are regularly merged to upper ones so they get the fixes too).
- Features and deprecations must be submitted against the master branch.
- Replace this comment by a description of what your PR is solving.
-->
Commits
-------
e8bc099 fixed messages to be explicit about the package needed to be installed
This PR was squashed before being merged into the 3.4 branch (closes#25678).
Discussion
----------
[WebProfilerBundle] set the var in the right scope
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
This PR fixes the bug when displaying the toolbar. The variable "has_time_events" was not created in the scope of the toolbar.
Commits
-------
3e9780df59 [WebProfilerBundle] set the var in the right scope
This PR was merged into the 2.7 branch.
Discussion
----------
[Routing] Use the default host even if context is empty
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #25464
| License | MIT
| Doc PR | ø
When the host in the context is empty... we should still use the default host.
**Note:** it seems like a lot of changes but all I did was to remove the `if` and de-indent the code that was inside.
Commits
-------
8f357df75b Use the default host even if context is empty and fallback to relative URL if empty host
This PR was merged into the 3.4 branch.
Discussion
----------
Backport Flex-specific error messages in controller shortcuts to 3.4
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | https://github.com/symfony/symfony/pull/25133#issuecomment-354551079
| License | MIT
| Doc PR | n/a
Commits
-------
419e93465f Proposing Flex-specific error messages in the controller shortcuts
* 4.0:
PHP CS Fixer: clean up repo and adjust config
use interface_exists instead of class_exists
[DX] [DI] Improve exception for invalid setter injection arguments
Dumper shouldn't use html format for phpdbg
[Validator] Fix access to root object when using composite constraint
* 3.4:
PHP CS Fixer: clean up repo and adjust config
use interface_exists instead of class_exists
[DX] [DI] Improve exception for invalid setter injection arguments
Dumper shouldn't use html format for phpdbg
[Validator] Fix access to root object when using composite constraint
* 3.3:
PHP CS Fixer: clean up repo and adjust config
use interface_exists instead of class_exists
Dumper shouldn't use html format for phpdbg
[Validator] Fix access to root object when using composite constraint
* 2.8:
PHP CS Fixer: clean up repo and adjust config
Dumper shouldn't use html format for phpdbg
[Validator] Fix access to root object when using composite constraint
* 2.7:
PHP CS Fixer: clean up repo and adjust config
Dumper shouldn't use html format for phpdbg
[Validator] Fix access to root object when using composite constraint
This PR was squashed before being merged into the 2.7 branch (closes#25653).
Discussion
----------
PHP CS Fixer: clean up repo and adjust config
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | n/a
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
Reason for this PR is that one want to have `php-cs-fixer fix -v` command executed without changes that shall not be applied for this repo. To achieve that, we need to groom config to exclude files that violate CS willingly, fix files that are violating CS unwillingly, and deliver missing case handling at PHP CS Fixer itself (https://github.com/FriendsOfPHP/PHP-CS-Fixer/pull/3359) (already merged!).
Commits
-------
b14cbc1 PHP CS Fixer: clean up repo and adjust config
This PR was merged into the 2.7 branch.
Discussion
----------
[Validator] Fix access to root object when using composite constraint
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #12315, #20477, #21706
| License | MIT
| Doc PR |
Commits
-------
b18cdcf417 [Validator] Fix access to root object when using composite constraint
* 4.0: (23 commits)
Clean up
Update return type in docblock.
PHP CS Fixer: no need to exclude xml and yml files
PHP CS Fixer: no need to exclude json file
[#22749] fix version in changelog
Update LICENSE year... forever
fixed some deprecation messages
fixed CS
Fixes for Oracle in PdoSessionHandler
fixed some deprecation messages
fixed some deprecation messages
fixed some deprecation messages
fixed some deprecation messages
Remove dead code
[TwigBundle/Brige] catch missing requirements to throw meaningful exceptions
[DI] fix CS
[HttpKernel] Call Response->setPrivate() instead of sending raw header() when session is started
[FrameworkBundle] Make cache:clear "atomic" and consistent with cache:warmup
Suggest to write an implementation if the interface cannot be autowired
[Debug] Skip DebugClassLoader checks for already parsed files
...
