* 4.2:
fix tests
fix PHPUnit 4.8 compatibility
[Debug] Fixed error handling when an error is already handled when another error is already handled (5)
sync validator translations
* 3.4:
fix PHPUnit 4.8 compatibility
[Debug] Fixed error handling when an error is already handled when another error is already handled (5)
sync validator translations
* 3.4:
fixed CS
fixed short array CS in comments
fixed CS in ExpressionLanguage fixtures
fixed CS in generated files
fixed CS on generated container files
fixed CS on Form PHP templates
fixed CS on YAML fixtures
fixed fixtures
switched array() to []
* 4.2: (27 commits)
[VarExporter] dont call userland code with uninitialized objects
Fix typos in doc blocks
[Debug] ignore underscore vs backslash namespaces in DebugClassLoader
[TwigBridge][Form] Prevent multiple rendering of form collection prototypes
[FrameworkBundle] fix describing routes with no controllers
[DI] move RegisterServiceSubscribersPass before DecoratorServicePass
Update ValidationListener.php
[Yaml] ensures that the mb_internal_encoding is reset to its initial value
[Messenger] Restore message handlers laziness
[WebLink] Fixed documentation link
[Security] getTargetPath of TargetPathTrait must return string or null
[Hackday][Serializer] Deserialization ignores argument type hint from phpdoc for array in constructor argument
Optimize perf by replacing call_user_func with dynamic vars
[Cache] Fix dsn parsing
[Routing] fix dumping same-path routes with placeholders
[WebProfilerBundle][TwigBundle] CSS fixes
Add a docblock for FormFactoryInterface
[Security] defer log message in guard authenticator
[Validator] Added IBAN format for Vatican City State
merge conflicts
...
* 4.1:
Fix typos in doc blocks
[Debug] ignore underscore vs backslash namespaces in DebugClassLoader
[TwigBridge][Form] Prevent multiple rendering of form collection prototypes
[FrameworkBundle] fix describing routes with no controllers
[DI] move RegisterServiceSubscribersPass before DecoratorServicePass
Update ValidationListener.php
[Yaml] ensures that the mb_internal_encoding is reset to its initial value
[WebLink] Fixed documentation link
[Security] getTargetPath of TargetPathTrait must return string or null
[Hackday][Serializer] Deserialization ignores argument type hint from phpdoc for array in constructor argument
Optimize perf by replacing call_user_func with dynamic vars
[Routing] fix dumping same-path routes with placeholders
[Security] defer log message in guard authenticator
[Validator] Added IBAN format for Vatican City State
merge conflicts
filter out invalid Intl values
filter out invalid language values
[Validator] Fixed grouped composite constraints
[Form] Filter arrays out of scalar form types
Fix HeaderBag::get phpdoc
* 3.4:
Fix Clidumper tests
Enable the fixer enforcing fully-qualified calls for compiler-optimized functions
Apply fixers
Disable the native_constant_invocation fixer until it can be scoped
Update the list of excluded files for the CS fixer
* 2.8:
Fix Clidumper tests
Enable the fixer enforcing fully-qualified calls for compiler-optimized functions
Apply fixers
Disable the native_constant_invocation fixer until it can be scoped
Update the list of excluded files for the CS fixer
* 3.4:
Bump ext-mongodb to 1.5 on Travis
Redesign the Debug error page in prod
[DI] fix dumping deprecated service in yaml
bumped Symfony version to 3.4.13
updated VERSION for 3.4.12
updated CHANGELOG for 3.4.12
bumped Symfony version to 2.8.43
updated VERSION for 2.8.42
update CONTRIBUTORS for 2.8.42
updated CHANGELOG for 2.8.42
* 3.2:
[DI] Remove unused props from the PhpDumper
[ProxyManager] Cleanup fixtures
[Debug] HTML-escape array key
Add some phpdocs for IDE autocompletion and better SCA
Fixed typo in docblock
* 2.8:
[DI] Remove unused props from the PhpDumper
[ProxyManager] Cleanup fixtures
[Debug] HTML-escape array key
Add some phpdocs for IDE autocompletion and better SCA
Fixed typo in docblock
* 2.7:
[DI] Remove unused props from the PhpDumper
[ProxyManager] Cleanup fixtures
[Debug] HTML-escape array key
Add some phpdocs for IDE autocompletion and better SCA
This PR was merged into the 2.7 branch.
Discussion
----------
[Debug] Missing escape in debug output
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
When pretty-printing an exception, the debug handler does not properly escape array keys.
The problem only occurs when debug output is enabled, so this is not considered a [security issue](http://symfony.com/doc/current/contributing/code/security.html) (according to @fabpot), because the debug tools [should not be used in production](https://symfony.com/doc/current/components/debug.html#usage).
A test for this is included in my patch for #18722.
Commits
-------
636777d [Debug] HTML-escape array key
* 2.7:
Using FQ name for PHP_VERSION_ID
[Form] Fix \IntlDateFormatter timezone parameter usage to bypass PHP bug #66323
Harden the debugging of Twig filters and functions
bumped Symfony version to 2.7.29
updated VERSION for 2.7.28
update CONTRIBUTORS for 2.7.28
updated CHANGELOG for 2.7.28
Errors reported by Sami API Doc generator on branch 3.2
ERROR: The "factory" @param tag variable name is wrong (should be "objectLoader") on "Symfony\Bridge\Doctrine\Form\ChoiceList\DoctrineChoiceLoader::__construct" in src/Symfony/Bridge/Doctrine/Form/ChoiceList/DoctrineChoiceLoader.php:68
ERROR: The "objectLoader" @param tag variable name is wrong (should be "factory") on "Symfony\Bridge\Doctrine\Form\ChoiceList\DoctrineChoiceLoader::__construct" in src/Symfony/Bridge/Doctrine/Form/ChoiceList/DoctrineChoiceLoader.php:68
ERROR: "7" @param tags are expected but only "6" found on "Symfony\Bundle\WebProfilerBundle\Controller\ProfilerController::__construct" in src/Symfony/Bundle/WebProfilerBundle/Controller/ProfilerController.php:50
ERROR: "3" @param tags are expected but only "2" found on "Symfony\Component\Asset\PathPackage::__construct" in src/Symfony/Component/Asset/PathPackage.php:35
ERROR: "2" @param tags are expected but only "1" found on "Symfony\Component\Cache\Adapter\PhpArrayAdapter::create" in src/Symfony/Component/Cache/Adapter/PhpArrayAdapter.php:64
ERROR: "3" @param tags are expected but only "1" found on "Symfony\Component\Cache\Adapter\RedisAdapter::__construct" in src/Symfony/Component/Cache/Adapter/RedisAdapter.php:39
ERROR: The "format" @param tag variable name is wrong (should be "fileLinkFormat") on "Symfony\Component\Debug\ExceptionHandler::setFileLinkFormat" in src/Symfony/Component/Debug/ExceptionHandler.php:90
ERROR: "2" @param tags are expected but only "3" found on "Symfony\Component\DependencyInjection\Compiler\Compiler::addPass" in src/Symfony/Component/DependencyInjection/Compiler/Compiler.php:73
ERROR: "2" @param tags are expected but only "3" found on "Symfony\Component\DependencyInjection\Compiler\PassConfig::addPass" in src/Symfony/Component/DependencyInjection/Compiler/PassConfig.php:97
ERROR: "2" @param tags are expected but only "3" found on "Symfony\Component\DependencyInjection\ContainerBuilder::addCompilerPass" in src/Symfony/Component/DependencyInjection/ContainerBuilder.php:311
ERROR: "2" @param tags are expected but only "3" found on "Symfony\Component\DependencyInjection\LazyProxy\PhpDumper\DumperInterface::getProxyFactoryCode" in src/Symfony/Component/DependencyInjection/LazyProxy/PhpDumper/DumperInterface.php:41
ERROR: "0" @param tags are expected but only "1" found on "Symfony\Component\HttpFoundation\Request::isMethodSafe" in src/Symfony/Component/HttpFoundation/Request.php:1458
ERROR: "5" @param tags are expected but only "6" found on "Symfony\Component\Serializer\Normalizer\AbstractNormalizer::instantiateObject" in src/Symfony/Component/Serializer/Normalizer/AbstractNormalizer.php:291
* 3.1:
fixed @return when returning this or static
override property constraints in child class
removed unneeded comment
[Console] improved code coverage of Command class
[FrameworkBundle] Make TemplateController working without the Templating component
Only count on arrays or countables to avoid warnings in PHP 7.2
* 2.8:
fixed @return when returning this or static
override property constraints in child class
removed unneeded comment
[Console] improved code coverage of Command class
[FrameworkBundle] Make TemplateController working without the Templating component
Only count on arrays or countables to avoid warnings in PHP 7.2
* 2.7:
fixed @return when returning this or static
override property constraints in child class
[Console] improved code coverage of Command class
Only count on arrays or countables to avoid warnings in PHP 7.2
* 3.1:
Disable CLI color for Windows 10 greater than 10.0.10586
Exception details break the layout
[HttpKernel] Remove wrong docblock
[HttpKernel] Fix HttpCache validation HTTP method
[FrameworkBundle] Fix default lifetime of cache pools
Move space from the before 'if' to the after 'if'
[TwigBundle] Add a check for choice's attributes emptiness before calling block('attributes')