* 5.2:
[WebLink] Removed unused property
Fix method name compare in ResolveControllerNameSubscriber
add uz security validator and form validator file
uzb translation
* 4.4:
[WebLink] Removed unused property
Fix method name compare in ResolveControllerNameSubscriber
add uz security validator and form validator file
uzb translation
This PR was merged into the 4.4 branch.
Discussion
----------
[WebLink] Removed unused property
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | N/A
| License | MIT
| Doc PR | N/A
In `Link::withHref()`, a property `templated` is written, that is never declared or access anywhere else. I assume that this is dead code.
Commits
-------
848972e830 [WebLink] Removed unused property
This PR was merged into the 4.4 branch.
Discussion
----------
[FrameworkBundle] [4.4]: Fix method name compare in ResolveControllerNameSubscriber
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | no <!-- please update src/**/CHANGELOG.md files -->
| Deprecations? | no <!-- please update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| Tickets | <!-- prefix each issue number with "Fix #", no need to create an issue if none exist, explain below instead -->
| License | MIT
| Doc PR | <!-- required for new features -->
The left side to `strtolower` was not actually lowercased, so it would be always `false`.
The bug was introduced in 6c109c71a9 (https://github.com/symfony/symfony/pull/31938)
<!--
Replace this notice by a short README for your feature/bugfix. This will help people
understand your PR and can be used as a start for the documentation.
Additionally (see https://symfony.com/releases):
- Always add tests and ensure they pass.
- Never break backward compatibility (see https://symfony.com/bc).
- Bug fixes must be submitted against the lowest maintained branch where they apply
(lowest branches are regularly merged to upper ones so they get the fixes too.)
- Features and deprecations must be submitted against branch 5.x.
- Changelog entry should follow https://symfony.com/doc/current/contributing/code/conventions.html#writing-a-changelog-entry
-->
Commits
-------
69431a3db3 Fix method name compare in ResolveControllerNameSubscriber
This PR was merged into the 4.4 branch.
Discussion
----------
add 2 translations file uzb lang
| Q | A
| ------------- | ---
| Branch? | 5.x for features / 4.4 or 5.2 for bug fixes <!-- see below -->
| Bug fix? | no
| New feature? | yes <!-- please update src/**/CHANGELOG.md files -->
| Deprecations? | no <!-- please update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| Tickets | Fix #... <!-- prefix each issue number with "Fix #", no need to create an issue if none exist, explain below instead -->
| License | MIT
| Doc PR | symfony/symfony-docs#... <!-- required for new features -->
<!--
Replace this notice by a short README for your feature/bugfix. This will help people
understand your PR and can be used as a start for the documentation.
Additionally (see https://symfony.com/releases):
- Always add tests and ensure they pass.
- Never break backward compatibility (see https://symfony.com/bc).
- Bug fixes must be submitted against the lowest maintained branch where they apply
(lowest branches are regularly merged to upper ones so they get the fixes too.)
- Features and deprecations must be submitted against branch 5.x.
- Changelog entry should follow https://symfony.com/doc/current/contributing/code/conventions.html#writing-a-changelog-entry
-->
Commits
-------
73392924bf add uz security validator and form validator file
This PR was submitted for the 5.x branch but it was merged into the 4.4 branch instead.
Discussion
----------
add uz validators file
| Q | A
| ------------- | ---
| Branch? | 5.x
| Bug fix? | no
| New feature? | yes
| Deprecations? | no
| Tickets | Fix #... <!-- prefix each issue number with "Fix #", no need to create an issue if none exist, explain below instead -->
| License | MIT
| Doc PR | symfony/symfony-docs#... <!-- required for new features -->
<!--
Replace this notice by a short README for your feature/bugfix. This will help people
understand your PR and can be used as a start for the documentation.
Additionally (see https://symfony.com/releases):
- Always add tests and ensure they pass.
- Never break backward compatibility (see https://symfony.com/bc).
- Bug fixes must be submitted against the lowest maintained branch where they apply
(lowest branches are regularly merged to upper ones so they get the fixes too.)
- Features and deprecations must be submitted against branch 5.x.
- Changelog entry should follow https://symfony.com/doc/current/contributing/code/conventions.html#writing-a-changelog-entry
-->
add uz validators file
Commits
-------
df4679c163 uzb translation
This PR was merged into the 5.3-dev branch.
Discussion
----------
[Security] Decouple passwords from UserInterface
| Q | A
| ------------- | ---
| Branch? | 5.x
| Bug fix? | no
| New feature? | yes
| Deprecations? | yes
| Tickets | #23081, helps with #39308
| License | MIT
| Doc PR | todo
This PR addresses a long-standing issue of the Security component: UserInterface is coupled to passwords.
It does it by moving the `getPassword()` method from `UserInterface` to a `PasswordAuthenticatedUserInterface`, and the `getSalt()` method to a `LegacyPasswordAuthenticatedUserInterface`.
Steps:
- In 5.3, we add the new interface and, at places where password-based authentication happens, trigger deprecation notices when a `UserInterface` object does not implement the new interface(s). The UserInterface is kept as-is until 6.0.
- In 6.0, we can remove the methods from `UserInterface` as well as support for using password authentication with user objects not implementing the new interface(s).
As a side-effect, some password-related interfaces (`UserPasswordHasherInterface` and `PasswordUpgraderInterface`) must change their signatures to type-hint against the new interface.
That is done in a BC way, which is to make the concerned methods virtual until 6.0, with deprecation notices triggered from callers and concrete implementations.
Benefits:
In 6.0, applications that use password-less authentication (e.g. login links) won't need to write no-op `getPassword()` and `getSalt()` in order to fulfil the `UserInterface` contract.
For applications that do use password-based authentication, they will need to opt-in explicitly by implementing the relevant interface(s).
This build on great discussions with @wouterj and @nicolas-grekas, and it is part of the overall rework of the Security component.
Commits
-------
2764225a38 [Security] Decouple passwords from UserInterface
This PR was squashed before being merged into the 5.3-dev branch.
Discussion
----------
[Notifier] [OvhCloud] Add "sender"
| Q | A
| ------------- | ---
| Branch? | 5.x
| Bug fix? | no
| New feature? | yes
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | symfony/symfony-docs#... <!-- required for new features --> (I'm waiting to see if the feature is accepted )
Add "sender" option to the DSN that allows configuring the sender of the message.
OVHCloud manages two cases for sending sms according to the [doc](https://docs.ovh.com/fr/sms/envoyer_des_sms_avec_lapi_ovh_en_php/):
> The senderForResponse parameter will allow the use of a short number, which allows you to send SMS directly without having to create an alphanumeric sender (for example: your name).
> Short numbers also allow you to receive responses from the recipients of your SMS, which can be useful for a satisfaction survey, a voting application, a game, etc.
This PR introduces the management of these 2 cases with a new option `sender`:
* if `sender` is set, we use it
* if `sender` is not set, we use `senderForResponse` to get a short number (current behavior)
I took the logic implementedin the old official SDK : 52d279e112/src/Message.php (L161)
Commits
-------
c5a9b252ab [Notifier] [OvhCloud] Add "sender"
This PR was merged into the 5.3-dev branch.
Discussion
----------
[DependencyInjection] Implement psr/container 1.1
| Q | A
| ------------- | ---
| Branch? | 5.x
| Bug fix? | no
| New feature? | yes
| Deprecations? | no
| Tickets | N/A
| License | MIT
| Doc PR | N/A
The `psr/container` interfaces have been updated with type declarations. The lack of those is what kept us from adding property type declarations to the `get()` and `has()` methods of our own `ContainerInterface`.
A small BC break is that we have never prevented calling code from passing `null` as the service ID. Even without strict types, this will cause a `TypeError` after my changes. I already had to update `AutowirePass` because of that.
On the other hand, it was neither documented that we allow `null` here nor did the container do anything useful (`has(null)` always resulted in `false` and `get(null)` always returned `null`).
Commits
-------
d9095aa892 [DependencyInjection] Implement psr/container 1.1
This PR was merged into the 4.4 branch.
Discussion
----------
[TwigBridge] Render email once
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | Fix#39718
| License | MIT
| Doc PR | -
When `\Symfony\Component\Mailer\Mailer` send an email via the Bus (async) it dispatches an `MessageEvent`, then the consumer call the `\Symfony\Component\Mailer\Transport\AbstractTransport::send` method which also dispatches an `MessageEvent`.
This event is listened by `\Symfony\Bridge\Twig\Mime\BodyRenderer::render` which rendered twice an email.
I'm not sure why the event is send twice, and if we could safely remove one of them (or maybe deprecating the `MessageEvent`, in favor of `SendMessageEvent` + `AsyncMessageEvent`)
This PR store a flag in the Message to avoid rendering it twice.
Commits
-------
186ea59180 Render email once
* 5.2:
Backport psr/container 1.1/2.0 compatibility
Update notifier_transports.php
Dont lock tables or start transactions
Bump Symfony version to 5.2.5
Update VERSION for 5.2.4
Update CHANGELOG for 5.2.4
Bump Symfony version to 4.4.21
Update VERSION for 4.4.20
Update CONTRIBUTORS for 4.4.20
Update CHANGELOG for 4.4.20
* 4.4:
Backport psr/container 1.1/2.0 compatibility
Bump Symfony version to 4.4.21
Update VERSION for 4.4.20
Update CONTRIBUTORS for 4.4.20
Update CHANGELOG for 4.4.20
This PR was merged into the 4.4 branch.
Discussion
----------
[DependencyInjection][Security] Backport psr/container 1.1/2.0 compatibility
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | Fix https://github.com/symfony/symfony/pull/40384/files#r588494278
| License | MIT
| Doc PR | N/A
This PR backports a fix that I had to apply to the 5.x branch in order to make it compatible with the `psr/container` 1.1 interfaces.
It also updates various composer.json files:
* Security Core only consumes a PSR `ContainerInterface` without providing its own implementation. I should be compatible with version 2 of the PSR package already.
* ~~DependencyInjection breaks on PHP 7.2 and 7.3 if `psr/container` 1.1.0 is installed. A version 1.1.1 has already been release that fixes the issue. I've added a conflict rule to document the incompatibility.~~
Commits
-------
7f8242ef58 Backport psr/container 1.1/2.0 compatibility
This PR was merged into the 5.2 branch.
Discussion
----------
[Messenger] Don't lock tables or start transactions
| Q | A
| ------------- | ---
| Branch? | 5.2
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets |
| License | MIT
| Doc PR |
I was so sure my PR #40336 fixed the doctrine-messenger issue once and for all. But it had a very silent bug..
This has been tricky to debug and find because the `PDO` behaves differently in PHP 7.4 compared to PHP 8.
| Scenario | Command | Is executed in transaction | Method that calls `PostgreSqlConnection::getTriggerSql()` |
| --| -- | -- | -- |
| A | `messenger:setup-transports` | No | `setup()`
| B| `doctrine:schema:create` | No | `getExtraSetupSqlForTable()`
| C | `doctrine:migration:diff` | Yes by default, but it can be configured | `getExtraSetupSqlForTable()`
PR #40055 fixed scenario C on PHP 8, but that also broke scenario B on PHP 7.4 and PHP 8.
In PR #40336 I was wrong claiming:
> We don't need COMMIT because the transaction will commit itself when we close the connection.
The result was the we removed all the errors messages from the 3 scenarios. But scenario B will produce some SQL that is actually never committed. IE it will silently fail.
I've been trying to figure out a good solution to how or when to start a transaction. I tried out @fbourigault [suggestion](https://github.com/symfony/symfony/pull/40336#issuecomment-790622951) but that would be the same fix as #40055.
---------------
We need a transaction because the SQL includes a `LOCK TABLE`, however, I cannot see a strict need for it. This PR removes `LOCK TABLE` and all transaction juggling. It all seams to work.
I would be happy to get thorough feedback on this PR so we can end the chapter of constantly adding bugs to this part of the component.
@dunglas, you added `LOCK TABLE` in your initial version of this class in https://github.com/symfony/symfony/pull/35485, could you share some knowledge if this is a good or bad idea?
Commits
-------
26061a131d Dont lock tables or start transactions
This PR was merged into the 5.2 branch.
Discussion
----------
Changing ZulipTransportFactory tag to prevent the exception UnsupportedSchemeException
| Q | A
| ------------- | ---
| Branch? | 5.2 <!-- see below -->
| Bug fix? | yes
| New feature? | no <!-- please update src/**/CHANGELOG.md files -->
| Deprecations? | no <!-- please update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| Tickets | Fix#40374 <!-- prefix each issue number with "Fix #", no need to create an issue if none exist, explain below instead -->
| License | MIT
| Doc PR | <!-- required for new features -->
<!--
Replace this notice by a short README for your feature/bugfix. This will help people
understand your PR and can be used as a start for the documentation.
Additionally (see https://symfony.com/releases):
- Always add tests and ensure they pass.
- Never break backward compatibility (see https://symfony.com/bc).
- Bug fixes must be submitted against the lowest maintained branch where they apply
(lowest branches are regularly merged to upper ones so they get the fixes too.)
- Features and deprecations must be submitted against branch 5.x.
- Changelog entry should follow https://symfony.com/doc/current/contributing/code/conventions.html#writing-a-changelog-entry
-->
Changing ZulipTransportFactory to 'chatter.transport_factory' to prevent the exception UnsupportedSchemeException "The "zulip" scheme is not supported."
Commits
-------
61c5bafafc Update notifier_transports.php
This PR was squashed before being merged into the 5.3-dev branch.
Discussion
----------
[FrameworkBundle][Translation] Extract translation IDs from all of src
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | yes
| Deprecations? | no
| Tickets | Related to #39126 possibly #35082 as well
| License | MIT
| Doc PR | TBD
This PR allows extracting (`bin/console translation:update`) and debugging (`bin/console debug:translation`) translations using Translatable messages.
Currently we only check classes that include the `TranslatorInterface`, but this no longer covers all instances of this.
Current considerations:
- Should this be treated as a bug fix or a new feature? On one hand, text extraction would no longer work if moving to TranslatableMessages (like we're doing) on the other, it wasn't intended to search all PHP files. As a bug fix would get this into Symfony faster, as a feature would mean having to wait until 5.3 is released.
- Is there a better way to get the source directory that doesn't involve hardcoding `/src`?
- Adding this in on a project with ~12k LOC in `/src` takes these operations from about 3s to 5s, but I feel like this is reasonable considering this command isn't likely called constantly. I can provide more accurate stats as requested.
Commits
-------
b02ae5050c [FrameworkBundle][Translation] Extract translation IDs from all of src
This PR was merged into the 5.3-dev branch.
Discussion
----------
[Security] Re-add accidentally removed property declarations
| Q | A
| ------------- | ---
| Branch? | 5.x
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | -
spotted while playing with psalm locally, mistake made in #39802
Commits
-------
bccf736b99 [Security] Readd accidentally removed property declarations
