This PR was merged into the 4.2 branch.
Discussion
----------
Remove a harmless duplicate array key from VarDumper
This has the same field order as the original code.
Detected via static analysis - The `type` is also the first element of the array. This change preserves the key order of the resulting array.
| Q | A
| ------------- | ---
| Branch? | 4.2
| Bug fix? | yes (harmless)
| New feature? | no
| BC breaks? | no <!-- see https://symfony.com/bc -->
| Deprecations? | no
| Tests pass? | N/A
| Fixed tickets |
| License | MIT
| Doc PR |
<!--
Write a short README entry for your feature/bugfix here (replace this comment block.)
This will help people understand your PR and can be used as a start of the Doc PR.
Additionally:
- Bug fixes must be submitted against the lowest branch where they apply
(lowest branches are regularly merged to upper ones so they get the fixes too).
- Features and deprecations must be submitted against the master branch.
-->
Commits
-------
1cd30acc2a Remove a harmless duplicate array key from VarDumper
This PR was merged into the 4.3-dev branch.
Discussion
----------
[DI] add id of referencing service when a deprecated alias is found
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
Improves #29968 a bit for DX.
Commits
-------
b124fb7271 [DI] add id of referencing service when a deprecated alias is found
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | yes
| New feature? | no
| BC breaks? | no <!-- see https://symfony.com/bc -->
| Deprecations? | no
| Tests pass? | yes (Manual tests only)
| Fixed tickets | #28122
| License | MIT
| Doc PR | n/a
According to issue https://github.com/symfony/symfony-docs/pull/10442, we tested in a demo bundle, for example in src/AppBundle/Resources/config/config.yml a package using hyphens: app-client-frontend, and withouth the patch it fails because the package is not recognized. With the patch, it works as expected.
```
framework:
assets:
packages:
app-client-frontend:
version: "%env(FRONTEND_VERSION)%"
version_format: '%%2$s/dist/%%1$s'
base_urls:
- "%env(FRONTEND_URL)%"
```
This PR was merged into the 4.3-dev branch.
Discussion
----------
[Mime] move add mime type guesser pass to the component
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
Commits
-------
ba20bb2e7e move add mime type guesser pass to the component
This PR was merged into the 4.3-dev branch.
Discussion
----------
[PHPUnitBridge] Static access in closure
| Q | A
| ------------- | ---
| Branch? | master for features
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n / a
| License | MIT
| Doc PR | n / a
#29718 bumps php to 5.5 . This is what we could simplify if it gets merged, thanks to this "new" PHP feature: https://3v4l.org/sJOWr
EDIT: it was merged, this can be reviewed.
Commits
-------
97f3023963 Use the scope of an instance
9df76ebbe5 Extract closures into static functions
This PR was merged into the 4.3-dev branch.
Discussion
----------
[Form] deprecate some options for single_text widgets
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | yes
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
Commits
-------
89ff331865 deprecate some options for single_text widgets
This PR was merged into the 4.3-dev branch.
Discussion
----------
[Mime] Add a set of default content-types for some extensions
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| BC breaks? | no <!-- see https://symfony.com/bc -->
| Deprecations? | no <!-- don't forget to update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| Tests pass? | yes <!-- please add some, will be required by reviewers -->
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
Some extensions have many possible content-types. This PR forces the first (preferred) content type for some extensions (the preset comes from Swiftmailer).
Commits
-------
37065d45f3 [Mime] added a set of default content-types for some extensions
This PR was merged into the 4.3-dev branch.
Discussion
----------
remove accidentally added changelog entries
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
The `help_html` option is neither part of the Twig bridge nor of the
FrameworkBundle. It is provided by the Form component.
Commits
-------
aa354cef57 remove accidentally added changelog entries
This PR was merged into the 4.3-dev branch.
Discussion
----------
[Debug][DebugClassLoader] Match callable() type for parameters not defined in sub classes
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #29969
| License | MIT
| Doc PR | -
Added test fixture for multi param, no param type and multi spaces as well.
BTW, I didn't understand why there was a positive lookbehind on the current regex. Looks useless to me and tests passes without it.
Commits
-------
89c89c9776 [Debug][DebugClassLoader] Match callable() type for parameters not defined in sub classes
This PR was merged into the 4.3-dev branch.
Discussion
----------
[DependencyInjection] fix DOM element namespace URL access
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
Commits
-------
429bddf96b fix DOM element namespace URL access
This PR was merged into the 4.3-dev branch.
Discussion
----------
[Routing] allow using compiled matchers and generators without dumping PHP code
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | yes
| Tests pass? | yes
| Fixed tickets | #29590
| License | MIT
| Doc PR | https://github.com/symfony/symfony-docs/pull/10790
This is a resurrection of #25909 to make matcher+generator dumpers output PHP arrays instead of PHP code.
Don't be fooled by the diff stats, it's mostly fixtures.
This PR should contribute to making the Routing component easier to use standalone.
On the way back from SFLive USA.
Commits
-------
f0a519ac7d [Routing] allow using compiled matchers and generators without dumping PHP code
This PR was merged into the 4.3-dev branch.
Discussion
----------
introducing native php serialize() support for Messenger transport
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | yes and no
| New feature? | yes and no
| BC breaks? | maybe (yes if we change the default)
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #29163
| License | MIT
| Doc PR | TODO!
Messenger currently uses the Serialize to serialize to JSON and then unserialize. This creates a lot of issues:
1) The default serializer requires you to have getter & setter method (or public properties) for them to be serialized. This makes it easy for data to disappear. I've seen several really smart people have this problem.
2) Related to the above, the forced getters/setters (and no required constructor args) force you to design your message classes around this.
It's not that the serializer is doing a bad job - it's just not the right use-case for it.
This PR proposes simply using `serialize()` and `unserialize()`. This is the behavior we want: we want to put objects to sleep and wake them back up.
I believe the original reason we did not do this was so that we could export "generic JSON", in case we wanted other workers (not our Symfony app) to consume the messages. But, that's an edge case, and could still be accomplished by creating your own serializer.
Btw, Laravel uses `serialize()` as does Enqueue for (un)serializing Event objects. We're making our life more difficult for no benefit.
Cheers!
Commits
-------
97e2e32af4 Changing default serializer in Messenger component to PhpSerializer
3111cef9a4 Update src/Symfony/Bundle/FrameworkBundle/Resources/config/messenger.xml
4132bfebe7 updating CHANGELOGs and fixing tests
b4788e4808 introducing native php serialize() support for Messenger transport
* 4.2:
[HttpFoundation] Check file exists before unlink
[Console] Fixed#29835: ConfirmationQuestion with default true for answer '0'
[Cache] PDO-based cache pool table autocreation does not work
[Translation] Concatenated translation messages
[Form] ensure compatibility with older PHPUnit mocks
[Serializer] Docblock about throwing exceptions on serializer
[Cache] fix used variable name
[Debug][ErrorHandler] Preserve our error handler when a logger set another one
[Form] Changed UrlType input type to text when default_protocol is not null
[Bugfix] MemcachedSessionHandler::close() must close connection
Always pass $key to NullAdapter->createCacheItem
* 4.1:
[HttpFoundation] Check file exists before unlink
[Console] Fixed#29835: ConfirmationQuestion with default true for answer '0'
[Translation] Concatenated translation messages
[Form] ensure compatibility with older PHPUnit mocks
[Serializer] Docblock about throwing exceptions on serializer
[Debug][ErrorHandler] Preserve our error handler when a logger set another one
[Form] Changed UrlType input type to text when default_protocol is not null
[Bugfix] MemcachedSessionHandler::close() must close connection
* 3.4:
[HttpFoundation] Check file exists before unlink
[Console] Fixed#29835: ConfirmationQuestion with default true for answer '0'
[Translation] Concatenated translation messages
[Form] ensure compatibility with older PHPUnit mocks
[Serializer] Docblock about throwing exceptions on serializer
[Debug][ErrorHandler] Preserve our error handler when a logger set another one
[Form] Changed UrlType input type to text when default_protocol is not null
[Bugfix] MemcachedSessionHandler::close() must close connection
This PR was merged into the 4.3-dev branch.
Discussion
----------
[VarDumper] Improve performance of AbstractCloner
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | no <!-- don't forget to update src/**/CHANGELOG.md files -->
| BC breaks? | no <!-- see https://symfony.com/bc -->
| Deprecations? | no <!-- don't forget to update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| Tests pass? | yes <!-- please add some, will be required by reviewers -->
| Fixed tickets | - <!-- #-prefixed issue number(s), if any -->
| License | MIT
| Doc PR | -
While profiling Symfony in "dev" environment (see #29762) I found that `VarCloner::addCasters()` was making thousands of `strtolower()` calls.
In this PR I propose to remove all those calls. I think it's possible to do it ... but I could be completely wrong, so please review.
-----
As a side note, in the past we did the same `strtolower()` to service IDs and parameter names. We stopped doing that in Symfony 3.3 and it gave us a small performance improvement (same as we could gain here).
If the `strtolower()` calls of `VarCloner::addCasters()` are made just to apply the caster even if the class name is wrongly spelled, I think we could make this change. My guess is that nothing would break for the user (unlike removing the `strtolower()` in DependencyInjection, which broke wrongly spelled services and params). Thanks!
Commits
-------
cff23e52bf [VarDumper] Improve performance of AbstractCloner
This PR was merged into the 4.3-dev branch.
Discussion
----------
[Routing] Make important parameters required when matching
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | https://github.com/symfony/symfony/issues/29763
| License | MIT
| Doc PR | n/a
1. This PR improves "important" route parameters implementation. Instead of considering `!slug` to be a variable name (which is not correct from my POV and leads to a lot of `'!' === $varName[0]` and `substr($varName, 1)` snippets), I took advantage of the `$token` array and used offset `[5]` for keeping boolean importance flag. This approach improved and simplified code.
1. This PR makes important parameters required when matching according to https://github.com/symfony/symfony/issues/29763
Commits
-------
2c3ab22080 Made important parameters required when matching
This PR was merged into the 3.4 branch.
Discussion
----------
[HttpFoundation] MemcachedSessionHandler::close() must close connection
| Q | A
| ------------- | ---
| Branch? | 3.4 <!-- see below -->
| Bug fix? | yes
| New feature? | no <!-- don't forget to update src/**/CHANGELOG.md files -->
| BC breaks? | no <!-- see https://symfony.com/bc -->
| Deprecations? | no <!-- don't forget to update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| License | MIT
Intoduced here https://github.com/symfony/symfony/pull/3333
Commits
-------
38a9d8b6a3 [Bugfix] MemcachedSessionHandler::close() must close connection
This PR was merged into the 4.2 branch.
Discussion
----------
Always pass $key to NullAdapter->createCacheItem
| Q | A
| ------------- | ---
| Branch? | 4.2
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes (build failure seems unrelated)
| Fixed tickets |
| License | MIT
| Doc PR |
Previously, if this were called, it would throw an ArgumentCountError.
I'm assuming existing code always checks hasItem, so this bug hasn't impacted many people.
This was noticed via static analysis.
The get() method was added to NullAdapter in symfony 4.2
Commits
-------
1976d29e01 Always pass $key to NullAdapter->createCacheItem
This PR was squashed before being merged into the 3.4 branch (closes#29844).
Discussion
----------
[Console] Fixed#29835: ConfirmationQuestion with default true for answer '0'
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | Almost all, one failure on appveyor?
| Fixed tickets | #29835
| License | MIT
| Doc PR | n/a
<!--
Write a short README entry for your feature/bugfix here (replace this comment block.)
This will help people understand your PR and can be used as a start of the Doc PR.
Additionally:
- Bug fixes must be submitted against the lowest branch where they apply
(lowest branches are regularly merged to upper ones so they get the fixes too).
- Features and deprecations must be submitted against the master branch.
-->
When using the ConfirmationQuestion class to ask a yes / no question,
if the default is true, and the answer regex is '/^y/i', then any
value not starting with [yY] is considered false.
This must include "0", which previously would return true, producing results such as:
```
$ php bin/console do:stuff
$ Do you want to continue? 0 <enter>
$ Ok, continuing!
```
Commits
-------
a0a7400d6f [Console] Fixed#29835: ConfirmationQuestion with default true for answer '0'
This PR was merged into the 3.4 branch.
Discussion
----------
[Debug][ErrorHandler] Preserve our error handler when a logger sets another one
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
When logging errors handled by the `ErrorHandler::handleError()` method, the logger can temporarily set its own custom error handler. This is for example the case of `Monolog` in the `StreamHandler` class (cf ebb804e432/src/Monolog/Handler/StreamHandler.php (L101)).
However, when the previous error handler is restored by the logger, it "skips" the real previous handler (the `ErrorHandler::handleError()` one) in the pile and goes back directly to the one before. I guess this is because the `restore_error_handler()` call is technically done in the error handler itself, so it logically restore it to the one before and not to itself.
Here is an easy small example that shows the PHP behavior : https://3v4l.org/4OZNZ
The only solution I have found to fix it is to set our error handler everytime an error is logged.
Here are the things I discovered while trying to find a cleaner fix :
- Setting the same error handler in the error handler itself doesn't actually add it to the pile. This is why adding a check is useless.
- Checking if the logger modified the error handler is impossible anyway : to get the current error handler, you need to set a new one temporarirly and then revert it. However, when you revert it by calling `restore_error_handler()` you end up having the same problem you are trying to fix...
- Also trying to get the current error handler in the error handler itself will return NULL if it is itself.
Commits
-------
b979fff6b8 [Debug][ErrorHandler] Preserve our error handler when a logger set another one
This PR was merged into the 4.2 branch.
Discussion
----------
[Cache] PDO-based cache pool table autocreation does not work
look at https://github.com/symfony/symfony/issues/29898
I believe that it is not good fix... But pgsq table not foutd throwed right there, in execute(). Dont know about another DB drivers, and i dont know will execute() again work or not, please if some one know more about PDO than me, check it!
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #29898
| License | MIT
Commits
-------
81d3716b0d [Cache] PDO-based cache pool table autocreation does not work
This PR was merged into the 3.4 branch.
Discussion
----------
[Form] Changed UrlType input type to text when default_protocol is not null
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #29690
| License | MIT
| Doc PR |
replaces #29691
Commits
-------
2791edf1fb [Form] Changed UrlType input type to text when default_protocol is not null
This PR was merged into the 4.3-dev branch.
Discussion
----------
[DI] Added support for deprecating aliases
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? |no
| Tests pass? | yes
| Fixed tickets | #24507
| License | MIT
| Doc PR | TBD
This PR is a continuity of #24707
Commits
-------
6c571adda7 Added support for deprecating aliases (runtime+dumper)
0eb071b9f8 Added support for deprecating an alias
This PR was squashed before being merged into the 3.4 branch (closes#29889).
Discussion
----------
[Serializer] Docblock about throwing exceptions on serializer
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| License | MIT
Most of the serializers can throw a `\Symfony\Component\Serializer\ExceptionInterface`. This makes the docblock in line with that.
Similar to this https://github.com/symfony/symfony/pull/29832
Commits
-------
0b44ad79c6 [Serializer] Docblock about throwing exceptions on serializer
This PR was merged into the 3.4 branch.
Discussion
----------
Enable PHP 7.3 on Travis
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
The bits of #29624 that apply to 3.4.
Commits
-------
335036cf09 Enable PHP 7.3 on Travis
* 4.2:
Bump phpunit bridge cache id
[appveyor] fix create-project phpunit
Fix HttpKernel Debug requirement
Fix heredoc
use final annotation to allow mocking the class
synchronise the form builder docblock
Grammar fix in exception message
fix tests
forward the parse error to the calling code
Avoid dots in generated class names.
[Debug][DebugClassLoader] Match more cases for final, deprecated and internal classes / methods extends
ensure compatibility with older PHPUnit mocks
[Security] Do not mix usage of password_*() functions and sodium_*() ones
* 4.1:
Bump phpunit bridge cache id
[appveyor] fix create-project phpunit
Fix HttpKernel Debug requirement
Fix heredoc
use final annotation to allow mocking the class
synchronise the form builder docblock
Grammar fix in exception message
fix tests
forward the parse error to the calling code
[Debug][DebugClassLoader] Match more cases for final, deprecated and internal classes / methods extends
ensure compatibility with older PHPUnit mocks
[Security] Do not mix usage of password_*() functions and sodium_*() ones
* 3.4:
Bump phpunit bridge cache id
[appveyor] fix create-project phpunit
Fix HttpKernel Debug requirement
Fix heredoc
use final annotation to allow mocking the class
synchronise the form builder docblock
Grammar fix in exception message
fix tests
forward the parse error to the calling code
[Debug][DebugClassLoader] Match more cases for final, deprecated and internal classes / methods extends
ensure compatibility with older PHPUnit mocks
[Security] Do not mix usage of password_*() functions and sodium_*() ones
This PR was merged into the 3.4 branch.
Discussion
----------
[Debug][DebugClassLoader] Match more cases for final, deprecated and internal classes / methods extends
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
Currently, when there is no comment for a tag and another tag after, the detection does not work. Example :
```php
/**
* @final
*
* @author John
*/
class A {
}
```
AFAIK, those tags must not be in a specific order. That's why we should try to support more cases because we might miss things to report.
Also I do not understand why the regex is not the same for the classes and methods detection. I fixed that too.
I added a lot of cases in the "extends from final class" test and an easy way to add more when needed. Adding them everywhere might be overkill and useless. WDYT ?
I'm considering this as bug fix.
Commits
-------
c3b670a908 [Debug][DebugClassLoader] Match more cases for final, deprecated and internal classes / methods extends
This PR was squashed before being merged into the 4.3-dev branch (closes#29850).
Discussion
----------
[FrameworkBundle] xliff-version option to translation update command
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes <!-- don't forget to update src/**/CHANGELOG.md files -->
| BC breaks? | no <!-- see https://symfony.com/bc -->
| Deprecations? | no <!-- don't forget to update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| Tests pass? | no <!-- please add some, will be required by reviewers -->
| License | MIT
New 'version' option added to xliff translation update command. Currently xliff version is hardcoded to 1.2.
Commits
-------
4ec28bd45d [FrameworkBundle] xliff-version option to translation update command
This PR was merged into the 3.4 branch.
Discussion
----------
[HttpKernel] Fix HttpKernel Debug requirement
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
The `LoggerDataCollector` is using the `SilencedErrorContext` class that doesn't exists before Symfony 3.2
Commits
-------
69feb49c0d Fix HttpKernel Debug requirement
This PR was merged into the 3.4 branch.
Discussion
----------
[Form] synchronise the form builder docblock
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
Commits
-------
419d3db86c synchronise the form builder docblock
This PR was merged into the 3.4 branch.
Discussion
----------
[Security] use final annotation to allow mocking the class
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #29946
| License | MIT
| Doc PR |
When the class was initially marked as `final`, it did only contain constants. Since #24337 the `Security` class also contains useful shortcut methods so allowing developers to mock the class in tests looks reasonable to me.
Commits
-------
1da00db247 use final annotation to allow mocking the class
This PR was merged into the 3.4 branch.
Discussion
----------
[DependencyInjection] forward the parse error to the calling code
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #29891
| License | MIT
| Doc PR |
This change does not fully solve the linked issue, but improves the exception a bit by providing a bit more context.
The error page will no start like this:
Commits
-------
c5c2d31fef forward the parse error to the calling code
This PR was merged into the 3.4 branch.
Discussion
----------
[Security] Do not mix password_*() API with libsodium one
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | n/a
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
Argon2IPasswordEncoder uses native `password_hash()` and `password_verify()` functions if the current PHP installation embeds Argon2 support (>=7.2, compiled `--with-password-argon2`).
Otherwise, it fallbacks to the libsodium extension.
This was fine at time the encoder was introduced, but meanwhile libsodium changed the algorithm used by `sodium_crypto_pwhash_str()` which is now argon2id, that goes outside of the scope of the encoder which was designed to deal with `argon2i` only.
Nothing we can do as databases may already contain passwords hashed with argon2id, the encoder must keep validating those.
However, the PHP installation may change as time goes by, and could suddenly embed the Argon2 core integration. In this case, the encoder would use the `password_verify()` function which would fail in case the password was not hashed using argon2i.
This PR prevents it by detecting that argon2id was used, avoiding usage of `password_verify()`.
See https://github.com/jedisct1/libsodium-php/issues/194 and https://github.com/symfony/symfony/issues/28093 for references.
Patch cannot be tested as it is platform dependent.
Side note: I'm currently working on a new implementation for 4.3 that will properly supports argon2id (which has been added to the PHP core sodium integration in 7.3) and argon2i, distinctively.
Commits
-------
d6cfde94b4 [Security] Do not mix usage of password_*() functions and sodium_*() ones
