This PR was merged into the 3.4 branch.
Discussion
----------
[Security] Add a separator in the remember me cookie hash
Based on #89
Commits
-------
a29ce2817c [Security] Add a separator in the remember me cookie hash
* 4.2:
bumped Symfony version to 4.2.7
updated VERSION for 4.2.6
updated CHANGELOG for 4.2.6
bumped Symfony version to 3.4.26
updated VERSION for 3.4.25
update CONTRIBUTORS for 3.4.25
updated CHANGELOG for 3.4.25
Workaround for \DateInterval::createFromDateString()
[DoctrineBridge] [DX] Update exception text in ManagerRegistry::resetService to avoid confusion.
Missing Lithuanian translations added to validator component.
* 3.4:
bumped Symfony version to 3.4.26
updated VERSION for 3.4.25
update CONTRIBUTORS for 3.4.25
updated CHANGELOG for 3.4.25
Workaround for \DateInterval::createFromDateString()
Missing Lithuanian translations added to validator component.
This PR was merged into the 4.3-dev branch.
Discussion
----------
[Messenger] Remove base64_encode & use addslashes
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | none
| License | MIT
| Doc PR | already covered by existing issue
In #30814, we base64_encoded messages because some transports (specifically DoctrineTransport + Postgresql & SQS) do not allow binary data.
The downside is that the messages become unreadable, which makes it much less convenient to debug your messages with 3rd party monitoring tools, for example.
This PR replaces base64_encode with addslashes. Another alternative (that I first tried in this PR) was to use a blob type, which Drupal does in its code (https://www.drupal.org/project/drupal/issues/690746). But, it still meant that binary data could cause problems with other transports, like SQS.
I also put all the serializer config under a nice, neat `serializer` key under messenger.
Best seen with `?w=1`.
Cheers!
Commits
-------
70b448d120 Reorganizing messenger serializer config and replacing base64_encode with addslashes
This PR was squashed before being merged into the 4.3-dev branch (closes#31040).
Discussion
----------
[BrowserKit] Fixed BC-break introduced by rename of Client to Browser
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | https://github.com/symfony/symfony/issues/31039
| License | MIT
| Doc PR |
Since #30541 the inheritance hierarchy of `\Symfony\Component\BrowserKit\Client` has changed. Notably the test.client no longer is an instance of `\Symfony\Component\BrowserKit\Client`.
This PR uses `class_alias` to fix the class hierarchy similarly as has been done in Twig. In this case I copied the approach of `Twig_TokenParser_AutoEscape` and `\Twig\TokenParser\AutoEscapeTokenParser`
Commits
-------
6a94dea5cd [BrowserKit] Fixed BC-break introduced by rename of Client to Browser
This PR was merged into the 4.3-dev branch.
Discussion
----------
[Serializer] Use name converter when normalizing constraint violation list
| Q | A
| ------------- | ---
| Branch? | master <!-- see below -->
| Bug fix? | no
| New feature? | yes <!-- don't forget to update src/**/CHANGELOG.md files -->
| BC breaks? | no <!-- see https://symfony.com/bc -->
| Deprecations? | no <!-- don't forget to update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| Tests pass? | yes <!-- please add some, will be required by reviewers -->
| Fixed tickets | #... <!-- #-prefixed issue number(s), if any -->
| License | MIT
| Doc PR | symfony/symfony-docs#... <!-- required for new features -->
When using name converter with serializer and the default ConstraintViolationListNormalizer, returned propertyPaths was not converted to the same format.
<!--
Write a short README entry for your feature/bugfix here (replace this comment block.)
This will help people understand your PR and can be used as a start of the Doc PR.
Additionally:
- Bug fixes must be submitted against the lowest branch where they apply
(lowest branches are regularly merged to upper ones so they get the fixes too).
- Features and deprecations must be submitted against the master branch.
-->
Commits
-------
dd93b707cc Use name converter when normalizing constraint violation list
This PR was squashed before being merged into the 4.3-dev branch (closes#28846).
Discussion
----------
[Intl] Simplify API
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| BC breaks? | no <!-- see https://symfony.com/bc -->
| Deprecations? | no
| Tests pass? | yes <!-- please add some, will be required by reviewers -->
| Fixed tickets | #18368
| License | MIT
| Doc PR | https://github.com/symfony/symfony-docs/issues/11221
Simplifies the Intl API. It greatly reduces the no. of boilerplate classes in this component. Very over complicated, much wow :)
Solving (IMHO):
```php
class LanguageBundle extends LanguageDataProvider implements LanguageBundleInterface
```
Which seems very over complicated just to provide static data.
```php
// before
Intl::getLanguageBundle()->getLanguageName() // string | null
// after
Languages::getName() // string
Languages::exists() // bool
```
I left out Canonicalization on puropose, that's a new topic to me.
- [x] Languages
- [x] Locales
- [x] Currencies
- [x] Regions
- [x] Scripts
- [ ] Timezones (#28831)
- [x] Update constraints
- [x] Update form types
Thoughts?
Commits
-------
d6b67d469a [Intl] Simplify API
* 4.2:
Skip testing the phpunit-bridge on not-master branches when $deps is empty
more tests
[DI] Fixes: #28326 - Overriding services autowired by name under _defaults bind not working
[DI] fix removing non-shared definition while inlining them
* 3.4:
Skip testing the phpunit-bridge on not-master branches when $deps is empty
more tests
[DI] Fixes: #28326 - Overriding services autowired by name under _defaults bind not working
This PR was merged into the 3.4 branch.
Discussion
----------
[DI] Overriding services autowired by name under _defaults bind not working
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #28326
| License | MIT
This is an implementation of ideas and suggestions of @nicolas-grekas and @GuilhemN.
Commits
-------
7e805eae2b more tests
35a40ace6f [DI] Fixes: #28326 - Overriding services autowired by name under _defaults bind not working
This PR was merged into the 4.3-dev branch.
Discussion
----------
[HttpClient] Document the state object that is passed around by the HttpClient
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | N/A
| License | MIT
| Doc PR | N/A
In an attempt to make the code of the new HttpClient component more understandable, I've introduced internal classes that document the `$multi` object that is being passed around between *Client and *Response classes.
My goal is to make the code more accessible to potential contributors and static code analyzers.
Commits
-------
20f4eb3204 Document the state object that is passed around by the HttpClient.
Keep to use the same CS in all the Symfony code base.
Use:
```php
$resolver->setDefaults([
'compound' => false
]);
```
Instead of:
```php
$resolver->setDefaults(
[
'compound' => false,
]
);
```
Keep the double split when the method has two or more arguments.
I miss a PSR with this rule.
* 4.2:
Catch empty deprecation.log silently (fixes#31050)
minor: the meaning of the data breach was not correct
Optimize SVGs
property normalizer should also pass format and context to isAllowedAttribute
* 3.4:
minor: the meaning of the data breach was not correct
Optimize SVGs
property normalizer should also pass format and context to isAllowedAttribute
This PR was merged into the 3.4 branch.
Discussion
----------
Optimize SVGs
| Q | A
| ------------- | ---
| Branch? | 3.4 <!-- see below -->
| Bug fix? | yes
| New feature? | no <!-- don't forget to update src/**/CHANGELOG.md files -->
| BC breaks? | no <!-- see https://symfony.com/bc -->
| Deprecations? | no <!-- don't forget to update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| Tests pass? | yes <!-- please add some, will be required by reviewers -->
| Fixed tickets | / <!-- #-prefixed issue number(s), if any -->
| License | MIT
| Doc PR | / <!-- required for new features -->
Used [svgo](https://github.com/svg/svgo) to optimize the svgs. I kept the `viewBox` attribute to keep the aspects when SVGs are rescaled.
I also added `insert_final_newline = false` to the `.editorconfig` file because the newlines are removed from the SVGs and there's only one line left.
Commits
-------
4614cea9d2 Optimize SVGs
This PR was merged into the 3.4 branch.
Discussion
----------
property normalizer should also pass format and context to isAllowedAttribute
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | found while working on https://github.com/symfony/symfony/pull/30888
| License | MIT
| Doc PR | -
the context and format are optional parameters to `isAllowedAttribute`, but should be forwarded. due to this omission, the PropertyNormalizer was ignoring the 'attributes' context option (and does in version 4 also ignore the 'ignore_attributes' context option - that one is a property on the normalizer class in version 3 and therefore not ignored here)
Commits
-------
13e2fb735d property normalizer should also pass format and context to isAllowedAttribute
This PR was merged into the 4.3-dev branch.
Discussion
----------
[Dotenv] Improve Dotenv messages
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | no
| Fixed tickets | no
| License | MIT
| Doc PR | no
This PR improves a little bit of some messages from https://github.com/symfony/symfony/pull/31062
The first, passive sentences may be more suitable here because the value couldn't change by itself. It is changed by us - human.
The second, if we use **The default value of $usePutenv" argument of "%s\'s constructor**, we have to pass `__CLASS__` as the second parameter of `sprintf` function instead of `__METHOD__`. So, I suggest using **The default value of $usePutenv" argument of "%s"**.
Finally, the deprecation warning of `Dotenv::__construct()` is very long. Let's separate it into 2 pieces for readable reason.
Commits
-------
e871a6a83a Improve Dotenv messages
This PR was merged into the 4.3-dev branch.
Discussion
----------
[Mailer] fixed roundrobin test one dead which should recover
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | WIP <!-- please add some, will be required by reviewers -->
| License | MIT
| Doc PR | n/a
The Test `testSendOneDeadButRecover` is not checking the recovery part of its job. I fixed that by adding more `send` calls and added another test so that both recoveries (within retry period and not within retry period) are covered.
The `RoundRobinTransport` had a bug where the transport is dead but not yet in the `retryPeriod`. In that case the transport would not have been added back to the stack and thus got lost. Fixed that but that required an additional check if all transports are dead to prevent an infinite loop.
Commits
-------
5d4d4e7a71 fixed roundrobin dead transport which should recover
ccbb171312 fixed roundrobin dead transport which should recover
* 4.2:
fixed bad merge
Show more accurate message in profiler when missing stopwatch
CS Fixes: Not double split with one array argument
[Serializer] Add default object class resolver
Remove redundant animation prefixes
Remove redundant `box-sizing` prefixes
[VarExporter] support PHP7.4 __serialize & __unserialize
Rework firewall access denied rule
MetadataAwareNameConverter: Do not assume that property names are strings
[VarExporter] fix exporting classes with private constructors
fixed CS
Fix missing $extraDirs when open_basedir returns
This PR was squashed before being merged into the 4.3-dev branch (closes#31062).
Discussion
----------
[Dotenv] Deprecate useage of "putenv"
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | yes
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR | n/a
From discussions on https://github.com/symfony/recipes/pull/571, I think it is a good idea to make people opt-in to using `putenv`.
In Symfony 5.0 we will just change the value of the constructor. As an alternative, we could decide we want to remove `putenv` in Symfony 5.0. If so, I would also deprecate `$usePutenv=true`.
Commits
-------
8e45fc043e [Dotenv] Deprecate useage of \"putenv\"
* 3.4:
Show more accurate message in profiler when missing stopwatch
CS Fixes: Not double split with one array argument
Remove redundant animation prefixes
Remove redundant `box-sizing` prefixes
Rework firewall access denied rule
fixed CS
Fix missing $extraDirs when open_basedir returns
This PR was merged into the 3.4 branch.
Discussion
----------
CS Fixes: Not double split with one array argument
| Q | A
| ------------- | ---
| Branch? | 3.4 (master from #31063)
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | None
| License | MIT
| Doc PR | None
Keep to use the same CS in all the Symfony code base.
Use:
```php
$resolver->setDefaults([
'compound' => false
]);
```
Instead of:
```php
$resolver->setDefaults(
[
'compound' => false,
]
);
```
Keep the double split when the method has two or more arguments.
I miss a PSR with this rule.
Commits
-------
a56bf552ad CS Fixes: Not double split with one array argument
This PR was merged into the 4.3-dev branch.
Discussion
----------
[Security][TokenInterface] Prepare for the new serialization mechanism
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | yes
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
Continuation of https://github.com/symfony/symfony/pull/30965
Commits
-------
e6455ea2d8 [Security][TokenInterface] Prepare for the new serialization mechanism
Keep to use the same CS in all the Symfony code base.
Use:
```php
$resolver->setDefaults([
'compound' => false
]);
```
Instead of:
```php
$resolver->setDefaults(
[
'compound' => false,
]
);
```
Keep the double split when the method has two or more arguments.
I miss a PSR with this rule.
This PR was squashed before being merged into the 4.3-dev branch (closes#31044).
Discussion
----------
[HttpClient] Do not allow setting both json and body
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #30769
| License | MIT
| Doc PR | n/a
This will keep developers from using both the options `$options['body']` and `$options['json']`. Using both results in only json being the body of the request, which might lead to unexpected results.
Commits
-------
601adf5de7 [HttpClient] Do not allow setting both json and body
This PR was squashed before being merged into the 4.3-dev branch (closes#31021).
Discussion
----------
[Cache] Added command for list all available cache pools
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | https://github.com/symfony/symfony-docs/issues/9782
| License | MIT
| Doc PR |
Commits
-------
5c210e6fd5 [Cache] Added command for list all available cache pools
This PR was squashed before being merged into the 4.2 branch (closes#31026).
Discussion
----------
[Serializer] Add default object class resolver
| Q | A
| ------------- | ---
| Branch? | 4.2
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
The commit 1d8b5af3f0 introduce a BC break because before that commit the `extractAttributes` the `$object` can be a string which contain the fully qualified name of an object.
To fix the BC break and preserve the new feature, I suggest to create a default object class resolver if it is not set by the developer.
Commits
-------
dd5b8f16f5 [Serializer] Add default object class resolver
This PR was merged into the 4.2 branch.
Discussion
----------
[Serializer] MetadataAwareNameConverter: Do not assume that property names are strings
| Q | A
| ------------- | ---
| Branch? | 4.2 (class introduced in v4.2.3)
| Bug fix? | yes
| New feature? | no
| BC breaks? | no <!-- see https://symfony.com/bc -->
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | https://github.com/api-platform/core/pull/2709
| License | MIT
| Doc PR | n/a
When this class was introduced, there was an assumption made about the type of `propertyNames` and therefore a `: ?string` return type was introduced in the fallbacks/normalization private methods. Because symfony doesn't use strict mode yet (compatibility issues with php IIRC), when using a non-string property name (for example the integer `0` which is a valid property name in an array), it will convert the integer to a string.
This is not good, especially if you have a name converter that returns the given property name (ie no transformation) you'll have it's type changed which isn't correct.
I've discovered this bug while working on adding this name converter in api platform (https://github.com/api-platform/core/pull/2709).
Commits
-------
af1e136ca0 MetadataAwareNameConverter: Do not assume that property names are strings
This PR was merged into the 3.4 branch.
Discussion
----------
[Security] Rework firewall's access denied rule
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | ~~#30099~~, #28229
| License | MIT
| Doc PR |
Follow tickets provided above to reproduce bugs. (there are also some project examples)
~~In addition, I'm looking for someone who knows an answer to [this](https://github.com/symfony/symfony/issues/30099#issuecomment-468693492) regarding rework in this PR.~~
Commits
-------
5790859275 Rework firewall access denied rule
Test coverage added in #30997 did a good job of validating previous
behaviour, but didn't adequately cover the new callback logic. Added
coverage for new methods on the Question object.
This PR was merged into the 4.3-dev branch.
Discussion
----------
[Config] Deprecate TreeBuilder::root
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | yes
| Tests pass? |
| Fixed tickets | #29876
| License | MIT
| Doc PR | —
Alternative idea to #31015. Or is the `root` method still needed?
It would look like this:
![Screenshot 2019-04-09 01 15 04](https://user-images.githubusercontent.com/330436/55762865-fbd85900-5a64-11e9-9680-0870c85d1c09.png)
Commits
-------
ff6bc79eba Deprecate TreeBuilder::root
This PR was merged into the 4.3-dev branch.
Discussion
----------
fix tests
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
* use legacy group when using the deprecated `hinclude_default_template`
templating config option
* conflict with DependencyInjection 4.2 in the HttpKernel component to
be able to rely on five values being retrieved from the values of the
`BoundArgument` class
* let the TwigBundle conflict with versions of FrameworkBundle that do
not ship the `url_helper` service
Commits
-------
682855fa7d fix tests
This PR was merged into the 4.3-dev branch.
Discussion
----------
[Console] Add callback support to Console\Question autocompleter
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| BC breaks? | minor edge case, see below
| Deprecations? | no
| Tests pass? | yes (with expanded coverage)
| Fixed tickets | N/A
| License | MIT
| Doc PR | symfony/symfony-docs#11349
Autocompletion is a useful feature, but it's not always possible to anticipate every input the user could provide in advance. For instance, if we're allowing the user to input a path to a file, it's not practical to populate an array with every file and directory in the filesystem, but we can easily build a callback function that populates its suggestions based on the path already inputted.
This change replaces the autocomplete logic that accepts an array of suggestions with an architecture that uses a callback function to populate suggestions in real time as the user provides input.
The first commit adds a test class covering all methods of the `Question` object, while the second commit modifies the `Question` object to accept and store a callback function. The existing `[gs]etAutocompleterValues()` methods are preserved, but instead of being referenced directly from the `QuestionHelper`, they create and call their own callbacks to emulate the current behaviour.
There is one edge case that is changed, as documented in the test: when a `Traversable` object is passed to `setAutocompleterValues()`, the return value of `getAutocompleterValues()` will be the unpacked (array) form of that object rather than the object itself. The unpacking is done lazily and cached on the callback function.
Commits
-------
caad562c11 [Console] Add callback support to Console\Question autocompleter
In order to enable more dynamic use cases such as word-by-word
autocomplete and path-based autocomplete, update the autocomplete logic
of the Question object and its helper to accept a callback function.
This function is called on each keystroke and should return an array of
possibilities to present to the user.
The original logic only accepted an array, which required
implementations to anticipate in advance all possible input values.
This change is fully backwards-compatible, but reimplements the old
behaviour by initializing a "dumb" callback function that always returns
the same array regardless of input.
* use legacy group when using the deprecated `hinclude_default_template`
templating config option
* conflict with DependencyInjection 4.2 in the HttpKernel component to
be able to rely on five values being retrieved from the values of the
`BoundArgument` class
* let the TwigBundle conflict with versions of FrameworkBundle that do
not ship the `url_helper` service
This PR was squashed before being merged into the 4.3-dev branch (closes#30978).
Discussion
----------
[HttpClient] Allow the HTTP_PROXY environment variable lookup with phpdbg
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | N/A
| License | MIT
| Doc PR | N/A
`phpdbg` and `embed` are two other legit PHP SAPI's hence should be allowed.
Commits
-------
fbd439e0bd [HttpClient] Allow the HTTP_PROXY environment variable lookup with phpdbg
This PR was merged into the 4.2 branch.
Discussion
----------
[Console] fix buildTableRows when Colspan is use with content too long
| Q | A
| ------------- | ---
| Branch? | 4.2 for bug fixes
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes ( new test added TableTest::testWithColspanAndMaxWith)
| Fixed tickets | https://github.com/symfony/symfony/issues/30701
| License | MIT
| Doc PR | no
<!-- fix for keeping ColumnMaxwith when Content is too long
Commits
-------
1cf9659b5f fix buildTableRows when Colspan is use with content too long
This PR was merged into the 4.2 branch.
Discussion
----------
[Serializer] take setIgnoredAttributes() deprecation into account
| Q | A
| ------------- | ---
| Branch? | 4.2
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
Commits
-------
4134be127a take setIgnoredAttributes() deprecation into account
* 4.2:
[serializer] validate that the specified callbacks and max_depth_handler are actually callable
[Serializer] Respect ignored attributes in cache key of normalizer
fix resetting the COLUMN environment variable
Fix TestRunner compatibility to PhpUnit 8
Fix dark themed componnents
prevent mixup of the object to populate
* 3.4:
[Serializer] Respect ignored attributes in cache key of normalizer
fix resetting the COLUMN environment variable
Fix TestRunner compatibility to PhpUnit 8
prevent mixup of the object to populate
This PR was squashed before being merged into the 3.4 branch (closes#30907).
Discussion
----------
[Serializer] Respect ignored attributes in cache key of normalizer
EUFOSSA
| Q | A
| ------------- | ---
| Branch | 3.4
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
Do not share the attributes cache in object normalizer when using a different setting for the ignoredAttributes setting.
In Symfony 4.2, the setter is deprecated in favor of the ignored_attibutes option in the $context. When merging this up, we will however still need to respect the field as well for BC, the cache key does not look at the default context (apart from the deprecated modifiers, the default context is immutable)
There might be performance regression for some use cases, but also could be a performance improvement when using 'attributes' in the context with lists of objects of the same class.
Commits
-------
926d228877 [Serializer] Respect ignored attributes in cache key of normalizer
This PR was merged into the 4.3-dev branch.
Discussion
----------
[Security] Add Argon2idPasswordEncoder
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | yes
| Tests pass? | yes
| Fixed tickets | #28093
| License | MIT
| Doc PR | TODO
Currently we have a `Argon2iPasswordEncoder` that may hash passwords using `argon2id` instead of `argon2i` (platform-dependent) which is not good.
This deprecates producing/validating `argon2id` hashed passwords using the `Argon2iPasswordEncoder`, and adds a `Argon2idPasswordEncoder` able to produce/validate `argon2id` hashed passwords only.
#EUFOSSA
Commits
-------
0c82173b24 [Security] Add Argon2idPasswordEncoder
This PR was merged into the 3.4 branch.
Discussion
----------
[serializer] prevent mixup in normalizer of the object to populate
EUFOSSA
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
OBJECT_TO_POPULATE is meant to specify the top level object. The implementation left the option in the context and it would be used whenever we have the first element that matches the class. #30607 (to master) introduces the feature to also keep the instances of attributes to deeply populate an existing object tree. In both cases, we do not want the mix up to happen with what the current OBJECT_TO_POPULATE is.
Commits
-------
fdb668e051 prevent mixup of the object to populate
This PR was merged into the 4.3-dev branch.
Discussion
----------
Prepare for the new serialization mechanism
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
#eufossa
Should I maybe split this component by component ?
https://wiki.php.net/rfc/custom_object_serialization has been accepted.
Best viewed in "split" mode.
This work is kind of required for https://github.com/symfony/symfony/issues/30304 so we don't trigger 30 deprecations from our own code base.
Commits
-------
d412e77a9c Prepare for the new serialization mechanism
This PR was merged into the 4.3-dev branch.
Discussion
----------
[Mailer] allow user/pass on dsn while using failover/roundrobin
| Q | A
| ------------- | ---
| Branch? | master <!-- see below -->
| Bug fix? | yes
| New feature? | no <!-- don't forget to update src/**/CHANGELOG.md files -->
| BC breaks? | no <!-- see https://symfony.com/bc -->
| Deprecations? | no <!-- don't forget to update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| Tests pass? | yes <!-- please add some, will be required by reviewers -->
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
this PR provides two things:
1. It is possible now to user `username` and `password` in a failover or round robin transport when using smtp
2. Fixed a type problem with `username` and `password` for the smtp transport as `getUsername()` cannot return `null` because of its signature but if no `username` is provided then the property would have been `null`. Fixed with setting an empty string as default. Same for `password`. (This was discovered by adding a test - yeah!)
Commits
-------
4518ac56a1 allow user/pass on dns while using failover/roundrobin and type fix for username/password
This PR was merged into the 3.4 branch.
Discussion
----------
Make tests independent from each other
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | none
| License | MIT
| Doc PR | n/a
Environment variables set in a test need to be restored to their
previous values or unset if we want to be able to run tests
independently.
Credits to @ostrolucky for spotting this issue, I'm available for help when merging this in more recent branch (issues may appear then).
Created during the EU-FOSSA hackathon
Commits
-------
00883fc409 Make tests independent from each other
This PR was merged into the 4.3-dev branch.
Discussion
----------
Allow env processor to resolve `::`
| Q | A
| ------------- | ---
| Branch? | 4.3
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | N/A
The env processor resolve to null when no fallback are provided. ie. `env(default::NOT_EXISTS)`
Issue is that the regexp does not allow such pattern. thus made the feature unusable.
Commits
-------
6b6c24c618 Allow env processor to resolve `::`
* 4.2:
fix tests
fix PHPUnit 4.8 compatibility
[Debug] Fixed error handling when an error is already handled when another error is already handled (5)
sync validator translations
* 3.4:
fix PHPUnit 4.8 compatibility
[Debug] Fixed error handling when an error is already handled when another error is already handled (5)
sync validator translations
This PR was merged into the 3.4 branch.
Discussion
----------
[Debug] Fixed error handling when an error is already handled when another error is already handled (5)
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
---
Please, don't ask how to reproduce it :)
Commits
-------
a36c7315f4 [Debug] Fixed error handling when an error is already handled when another error is already handled (5)
This PR was squashed before being merged into the 3.4 branch (closes#30979).
Discussion
----------
Fix the configurability of CoreExtension deps in standalone usage
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | not yet, but will allow fixing them
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
When using the Forms entrypoint to configure the component, there was no chance to configure dependencies of the CoreExtension, as the one registered without argument was first and would win.
The builder now delays the prepending of the CoreExtension to do it only if the CoreExtension is not registered explicitly.
We discovered that when trying to fix tests for the FileType, where we wanted to pass a Translator to it.
Commits
-------
934118b131 Fix the configurability of CoreExtension deps in standalone usage
This PR was merged into the 4.3-dev branch.
Discussion
----------
[Serializer] Experimental for ObjectListExtractor
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #30904
| License | MIT
| Doc PR | -
Related to #30818
I want to mark this class as `@expiremental` until we have the full refactoring done of the Serializer, also this would allow change needed if some behavior was not correctly taken into care in 4.3
Mark also `final` for the default implementation as we don't want that to be extendable and user should use composition over inheritance.
Commits
-------
b0cdf45464 Set object list extractor as expiremental, and use final for default implementation
This PR was merged into the 4.3-dev branch.
Discussion
----------
[Routing][ObjectRouteLoader] Allow invokable route loader services
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | https://github.com/symfony/symfony-docs/pull/11333
#eufossa
Fall back by default on the `__invoke` method when it is not configured.
Using a regex is easier to check that the format is valid, at least for the time we have to supports the single column notation.
TODO :
- [x] Changelog entry
- [x] Doc PR
Commits
-------
5bf7ad44e1 [Routing][ObjectRouteLoader] Allow invokable route loader services
This PR was merged into the 3.4 branch.
Discussion
----------
[Cache] fix using ProxyAdapter inside TagAwareAdapter
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #30400
| License | MIT
| Doc PR | -
EUFOSSA
After some debugging this is my first attempt to fix this issue @nicolas-grekas 😊 Let's discuss it.
without the fix the test fails like this:
```
Testing Symfony\Component\Cache\Tests\Adapter\TagAwareAndProxyAdapterIntegrationTest
F 1 / 1 (100%)
Time: 28 ms, Memory: 4.00MB
There was 1 failure:
1) Symfony\Component\Cache\Tests\Adapter\TagAwareAndProxyAdapterIntegrationTest::testIntegration
Failed asserting that Array &0 (
'tag1' => 0
'tag2' => 0
) is identical to 'bar'.
/var/www/symfony/src/Symfony/Component/Cache/Tests/Adapter/TagAwareAndProxyAdapterIntegrationTest.php:26
FAILURES!
Tests: 1, Assertions: 1, Failures: 1.
Commits
-------
98b9be9b6a [Cache] fix using ProxyAdapter inside TagAwareAdapter
This PR was merged into the 4.3-dev branch.
Discussion
----------
[DIC] Add a `require` env var processor
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR | symfony/symfony-docs#11313
This adds a new `require` processor that will `require()` the PHP file given as input value and return the value `return`ed from that file. Leverages opcaching (yay!).
#EUFOSSA
Commits
-------
03da3a22b1 Add a `require` env var processor
This PR was squashed before being merged into the 4.3-dev branch (closes#30964).
Discussion
----------
[HttpKernel] Add a "short" trace header format, make header configurable
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR | symfony/symfony-docs#11340
This pull requests adds the first usage of `array_key_first` to the Symfony code base. Additionally, it makes it possible to configure the `HttpCache` to also add a "trace" header in production.
The `HttpCache` is a convenient, low-barrier yet performant way of accelerating the application. By having the "trace" information returned as a header in production as well, you can write it to server log files. For example, with Apache you can use `%{X-Symfony-Cache}o` in the `LogFormat` directive to log response headers.
With the information in the log files, you can easily process it from logfile processing/system metrics tools to find out about cache performance, efficiency and the URLs that might need extra cache tweaking.
<img width="1040" alt="Bildschirmfoto 2019-04-07 um 11 43 23" src="https://user-images.githubusercontent.com/1202333/55681763-6e90e980-592a-11e9-900f-e096350531c2.png">
The "short" format will only output information for the main request to avoid leaking internal URLs for ESI subrequests. I also chose a concise format like `stale/valid/store` because that's much easier to parse out of logfiles (no whitespace, no need for quotes etc.).
If you're not comfortable with having `Symfony` in the header name that way, the header name can be changed through a configuration setting as well.
#FOSSHackathon
Commits
-------
9a2fcc9392 [HttpKernel] Add a \"short\" trace header format, make header configurable