* 4.2:
[HttpFoundation] fix tests
[Routing] fix trailing slash matching with empty-matching trailing vars
[Routing] fix matching trailing vars with defaults
[Validator] fix LegacyTranslatorProxy
call method with Translator component only
bumped Symfony version to 4.2.8
updated VERSION for 4.2.7
updated CHANGELOG for 4.2.7
bumped Symfony version to 3.4.27
updated VERSION for 3.4.26
updated CHANGELOG for 3.4.26
This PR was merged into the 4.2 branch.
Discussion
----------
[Routing] fix trailing slash matching with empty-matching trailing vars
| Q | A
| ------------- | ---
| Branch? | 4.2
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
Reported by @bmack in https://github.com/symfony/symfony/pull/31107#issuecomment-484681404
This highlights a small inconsistency that exists for a long time (checked on 2.7 at least):
`new Route('/en-en/{b}', ['b' => 'bbb'], ['b' => '.*'])` matches `/en-en/`
`new Route('/en-en/{b}', ['b' => 'bbb'], ['b' => '.+'])` doesn't match it
(while both match `/en-en` and `/en-en/foo`)
This PR ensures the former behavior is preserved, while #31167 redirects the later to `/en-en`.
Commits
-------
d6da21ac19 [Routing] fix trailing slash matching with empty-matching trailing vars
This PR was merged into the 4.3-dev branch.
Discussion
----------
[Security] deprecate BCryptPasswordEncoder in favor of NativePasswordEncoder
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | yes
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
Follow up of #31140
Commits
-------
e197398d2f [Security] deprecate BCryptPasswordEncoder in favor of NativePasswordEncoder
This PR was merged into the 4.3-dev branch.
Discussion
----------
Treat undefined env var as strict mode
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
An undefined SYMFONY_DEPRECATION_HELPER environment variable translates
to false, and that was previously interpreted as 0, which means strict
mode.
This restores backwards compatibility with the previous behavior, which
got broken in 1c73f9cfed .
Commits
-------
6c3c199b4e Treat undefined env var as strict mode
An undefined SYMFONY_DEPRECATION_HELPER environment variable translates
to false, and that was previously interpreted as 0, which means strict
mode.
This restores backwards compatibility with the previous behavior, which
got broken in 1c73f9cfed .
This PR was merged into the 4.3-dev branch.
Discussion
----------
[Security] Add NativePasswordEncoder
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
This PR adds a new `NativePasswordEncoder` that defaults to the best available hashing algo to `password_hash()`. Best is determined by "us" or "php", the goal being that this will change in the future as new algos are published.
This provides a native encoder that we should recommend using by default.
Commits
-------
28f7961c55 [Security] Add NativePasswordEncoder
This PR was merged into the 4.2 branch.
Discussion
----------
[FrameworkBundle] call method with Translator component only
| Q | A
| ------------- | ---
| Branch? | 4.2
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #31152
| License | MIT
| Doc PR |
Commits
-------
f49881d24a call method with Translator component only
* 4.2:
Revert "bug #30423 [Security] Rework firewall's access denied rule (dimabory)"
[FrameworkBundle] minor: remove a typo from changelog
[VarDumper] fix tests with ICU 64.1
[VarDumper][Ldap] relax some locally failing tests
[Validator] #30192 Added the missing translations for the Tagalog ("tl") locale.
Make MimeTypeExtensionGuesser case insensitive
Fix get session when the request stack is empty
[Routing] fix trailing slash redirection with non-greedy trailing vars
[FrameworkBundle] decorate the ValidatorBuilder's translator with LegacyTranslatorProxy
This PR was merged into the 4.2 branch.
Discussion
----------
[Routing] fix trailing slash redirection with non-greedy trailing vars
| Q | A
| ------------- | ---
| Branch? | 4.2
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #30863, #31066
| License | MIT
| Doc PR | -
Fixes redirecting `/123/` to `/123` when the route is defined as `/{foo<\d+>}`
Commits
-------
d88833d27a [Routing] fix trailing slash redirection with non-greedy trailing vars
This PR was merged into the 4.2 branch.
Discussion
----------
[FrameworkBundle] decorate the ValidatorBuilder's translator with LegacyTranslatorProxy
| Q | A
| ------------- | ---
| Branch? | 4.2
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #31092, #31025
| License | MIT
| Doc PR | -
This allows defining a translator that implements only the new interface and use it with ValidatorBuilder.
ping @dvdknaap, @snebes since you were affected.
Commits
-------
a12656eaad [FrameworkBundle] decorate the ValidatorBuilder's translator with LegacyTranslatorProxy
This PR was merged into the 4.2 branch.
Discussion
----------
[HttpKernel] Fix get session when the request stack is empty
| Q | A
| ------------- | ---
| Branch? | 4.2
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
This bug happen behind an exception on a kernel response event, when one collector (e.g. `RequestDataCollector`) is trying to get the request session and the request stack is currently empty.
**Reproducer**
https://github.com/yceruto/get-session-bug (`GET /`)
See logs on terminal:
```bash
Apr 15 20:29:03 |ERROR| PHP 2019-04-15T20:29:03-04:00 Call to a member function isSecure() on null
Apr 15 20:29:03 |ERROR| PHP PHP Fatal error: Uncaught Symfony\Component\Debug\Exception\FatalThrowableError: Call to a member function isSecure() on null in /home/yceruto/demos/getsession/vendor/symfony/http-kernel/EventListener/SessionListener.php:43
Apr 15 20:29:03 |DEBUG| PHP Stack trace:
Apr 15 20:29:03 |DEBUG| PHP #0 /home/yceruto/demos/getsession/vendor/symfony/http-kernel/EventListener/AbstractSessionListener.php(59): Symfony\Component\HttpKernel\EventListener\SessionListener->getSession()
Apr 15 20:29:03 |DEBUG| PHP #1 /home/yceruto/demos/getsession/vendor/symfony/http-foundation/Request.php(707): Symfony\Component\HttpKernel\EventListener\AbstractSessionListener->Symfony\Component\HttpKernel\EventListener\{closure}()
Apr 15 20:29:03 |DEBUG| PHP #2 /home/yceruto/demos/getsession/vendor/symfony/http-kernel/DataCollector/RequestDataCollector.php(65): Symfony\Component\HttpFoundation\Request->getSession()
Apr 15 20:29:03 |DEBUG| PHP #3 /home/yceruto/demos/getsession/vendor/symfony/http-kernel/Profiler/Profiler.php(167): Symfony\Component\HttpKernel\DataCollector\RequestDataCollector->collect(Object(Symfony\Component\HttpFoundation\Request), Object(Symfony\Component\HttpFoundation\Respo in /home/yceruto/demos/getsession/vendor/symfony/http-kernel/EventListener/SessionListener.php on line 43
```
Friendly ping @nicolas-grekas as author of the previous PR https://github.com/symfony/symfony/pull/28244
Commits
-------
d62ca37ab6 Fix get session when the request stack is empty
* 3.4:
Revert "bug #30423 [Security] Rework firewall's access denied rule (dimabory)"
[FrameworkBundle] minor: remove a typo from changelog
[VarDumper][Ldap] relax some locally failing tests
[Validator] #30192 Added the missing translations for the Tagalog ("tl") locale.
Make MimeTypeExtensionGuesser case insensitive
This PR was merged into the 3.4 branch.
Discussion
----------
[Validator] Added the missing translations for the Tagalog ("tl") locale
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | No
| New feature? | No
| BC breaks? | No
| Deprecations? | No
| Tests pass? | Yes
| Fixed tickets | #30192
| License | MIT
| Doc PR |
[Validator] This pull request will add the missing translations for the Tagalog ("tl") locale.
Commits
-------
6ab574b7c9 [Validator] #30192 Added the missing translations for the Tagalog ("tl") locale.
This PR was merged into the 3.4 branch.
Discussion
----------
[HttpFoundation] Make MimeTypeExtensionGuesser case insensitive
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #... <!-- #-prefixed issue number(s), if any -->
| License | MIT
| Doc PR | symfony/symfony-docs#... <!-- required for new features -->
Some mime types have a camelCase word in them.
The Apache HTTPD project list items are all lower case.
So I suggest making the $mimeType string lowercase while checking the array key.
That way, we can keep the list in sync.
Example: xlsm file mime type is `application/vnd.ms-excel.sheet.macroEnabled.12`
The key that matches the xlsm extension in the `$defaultExtensions` array is `application/vnd.ms-excel.sheet.macroenabled.12`
Example xlsm file:
https://github.com/vermeirentony/xlsm-example
Commits
-------
e294ee6b9a Make MimeTypeExtensionGuesser case insensitive
This PR was merged into the 3.4 branch.
Discussion
----------
[FrameworkBundle] minor: remove a typo from changelog
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | no <!-- don't forget to update src/**/CHANGELOG.md files -->
| BC breaks? | no <!-- see https://symfony.com/bc -->
| Deprecations? | no <!-- don't forget to update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| Tests pass? | yes <!-- please add some, will be required by reviewers -->
| Fixed tickets | none <!-- #-prefixed issue number(s), if any -->
| License | MIT
| Doc PR | none. <!-- required for new features -->
<!--
Write a short README entry for your feature/bugfix here (replace this comment block.)
This will help people understand your PR and can be used as a start of the Doc PR.
Additionally:
- Bug fixes must be submitted against the lowest branch where they apply
(lowest branches are regularly merged to upper ones so they get the fixes too).
- Features and deprecations must be submitted against the master branch.
-->
just a little typo fix: new new -> new
Commits
-------
8f7682c175 [FrameworkBundle] minor: remove a typo from changelog