This PR was merged into the 3.4 branch.
Discussion
----------
[DependencyInjection] forward the parse error to the calling code
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #29891
| License | MIT
| Doc PR |
This change does not fully solve the linked issue, but improves the exception a bit by providing a bit more context.
The error page will no start like this:
Commits
-------
c5c2d31fef forward the parse error to the calling code
This PR was merged into the 4.2 branch.
Discussion
----------
Avoid dots in generated class names
| Q | A
| ------------- | ---
| Branch? | 4.2
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #29921
| License | MIT
| Doc PR | N/A
This PR removes dots from class names containers generated out of anonymous kernel classes.
Commits
-------
52c80e6cf2 Avoid dots in generated class names.
This PR was merged into the 3.4 branch.
Discussion
----------
[Security] Do not mix password_*() API with libsodium one
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | n/a
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
Argon2IPasswordEncoder uses native `password_hash()` and `password_verify()` functions if the current PHP installation embeds Argon2 support (>=7.2, compiled `--with-password-argon2`).
Otherwise, it fallbacks to the libsodium extension.
This was fine at time the encoder was introduced, but meanwhile libsodium changed the algorithm used by `sodium_crypto_pwhash_str()` which is now argon2id, that goes outside of the scope of the encoder which was designed to deal with `argon2i` only.
Nothing we can do as databases may already contain passwords hashed with argon2id, the encoder must keep validating those.
However, the PHP installation may change as time goes by, and could suddenly embed the Argon2 core integration. In this case, the encoder would use the `password_verify()` function which would fail in case the password was not hashed using argon2i.
This PR prevents it by detecting that argon2id was used, avoiding usage of `password_verify()`.
See https://github.com/jedisct1/libsodium-php/issues/194 and https://github.com/symfony/symfony/issues/28093 for references.
Patch cannot be tested as it is platform dependent.
Side note: I'm currently working on a new implementation for 4.3 that will properly supports argon2id (which has been added to the PHP core sodium integration in 7.3) and argon2i, distinctively.
Commits
-------
d6cfde94b4 [Security] Do not mix usage of password_*() functions and sodium_*() ones
This PR was merged into the 3.4 branch.
Discussion
----------
ensure compatibility with older PHPUnit mocks
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | alternative to #29913
| License | MIT
| Doc PR |
Commits
-------
b714419faf ensure compatibility with older PHPUnit mocks
This PR was squashed before being merged into the 4.3-dev branch (closes#29896).
Discussion
----------
[Mime] Add the component
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| BC breaks? | no <!-- see https://symfony.com/bc -->
| Deprecations? | yes
| Tests pass? | yes
| Fixed tickets | #28832#21985 makes #15460 trivial
| License | MIT
| Doc PR | symfony/symfony-docs#10886
This has been on my todo-list for X years :)
Commits
-------
bdca5d999b tweaked code
5268389191 [Mime] added freedesktop as a source for mime types
74ca91deaa [Mime] added the component
d7ee0ecc49 [HttpFoundation] updated File code
* 3.4:
fixed CS
fixed short array CS in comments
fixed CS in ExpressionLanguage fixtures
fixed CS in generated files
fixed CS on generated container files
fixed CS on Form PHP templates
fixed CS on YAML fixtures
fixed fixtures
switched array() to []
This PR was squashed before being merged into the 3.4 branch (closes#29903).
Discussion
----------
Move from array() to []
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | no <!-- don't forget to update src/**/CHANGELOG.md files -->
| BC breaks? | no <!-- see https://symfony.com/bc -->
| Deprecations? | no <!-- don't forget to update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| Tests pass? | yes <!-- please add some, will be required by reviewers -->
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
<!--
Write a short README entry for your feature/bugfix here (replace this comment block.)
This will help people understand your PR and can be used as a start of the Doc PR.
Additionally:
- Bug fixes must be submitted against the lowest branch where they apply
(lowest branches are regularly merged to upper ones so they get the fixes too).
- Features and deprecations must be submitted against the master branch.
-->
Commits
-------
37ab4cd056 fixed CS
1429267f9c fixed short array CS in comments
25240831e2 fixed CS in ExpressionLanguage fixtures
ec7dcb2784 fixed CS in generated files
afaa13e946 fixed CS on generated container files
7ffd8d3e03 fixed CS on Form PHP templates
0ba1acc82f fixed CS on YAML fixtures
ac9d6cff81 fixed fixtures
33a001e460 switched array() to []
This PR was squashed before being merged into the 4.3-dev branch (closes#29862).
Discussion
----------
Add block prefix to csrf token field
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #...
| License | MIT
| Doc PR | https://github.com/symfony/symfony-docs/pull/10867
Currently I use the following code snippet to overwrite the token rendering:
```twig
{%- block hidden_widget -%}
{%- if form.vars.name == '_token' -%}
{{ block('app__token_widget') }}
{%- else -%}
{{ block('hidden_widget', 'form_div_layout.html.twig') }}
{%- endif -%}
{%- endblock hidden_widget -%}
{%- block app__token_widget %}
{{ render_esi(controller('SuluFormBundle:FormWebsite:token', { 'form': form.parent.vars.name })) }}
{%- endblock app__token_widget -%}
```
With the change of https://symfony.com/blog/new-in-symfony-4-3-simpler-form-theming this workaround can now be removed and the following can be used:
```twig
{%- block token_widget %}
{{ render_esi(controller('SuluFormBundle:FormWebsite:token', { 'form': form.parent.vars.name })) }}
{%- endblock token_widget -%}
```
Commits
-------
02bd6893a5 Add block prefix to csrf token field
This PR was merged into the 3.4 branch.
Discussion
----------
[TwigBridge] remove unreachable code
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
Since our version constraint is `^1.37.1|^2.6.2` any Twig version that
is below 2.4.5 must be a Twig 1.x release.
Commits
-------
16f97b9769 remove unreachable code
This PR was merged into the 4.3-dev branch.
Discussion
----------
Simplify PHPUnit exception expectations
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | no <!-- don't forget to update src/**/CHANGELOG.md files -->
| BC breaks? | no <!-- see https://symfony.com/bc -->
| Deprecations? | no <!-- don't forget to update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| Tests pass? | yes <!-- please add some, will be required by reviewers -->
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
<!--
Write a short README entry for your feature/bugfix here (replace this comment block.)
This will help people understand your PR and can be used as a start of the Doc PR.
Additionally:
- Bug fixes must be submitted against the lowest branch where they apply
(lowest branches are regularly merged to upper ones so they get the fixes too).
- Features and deprecations must be submitted against the master branch.
-->
Commits
-------
eb75781ccd simplified PHPUnit exception expectations
This PR was merged into the 3.4 branch.
Discussion
----------
[DependencyInjection] the string "0" is a valid service identifier
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #29854
| License | MIT
| Doc PR |
Commits
-------
caca373383 the string "0" is a valid service identifier
This PR was merged into the 4.2 branch.
Discussion
----------
[DependencyInjection] fix test after revert of bugfix
| Q | A
| ------------- | ---
| Branch? | 4.2
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
In #29853 the bugfix made in #29597 was reverted as it did not work as
expected. This fixture file has been modified after the 3.4 branch was
merged up to account for the changes made in #2957 and must now be
reverted to the former state too.
Commits
-------
81f63b1a43 fix test after revert of bugfix
In #29853 the bugfix made in #29597 was reverted as it did not work as
expected. This fixture file has been modified after the 3.4 branch was
merged up to account for the changes made in #2957 and must now be
reverted to the former state too.
This PR was merged into the 3.4 branch.
Discussion
----------
Update MimeType extensions
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no <!-- don't forget to update src/**/CHANGELOG.md files -->
| BC breaks? | no <!-- see https://symfony.com/bc -->
| Deprecations? | no <!-- don't forget to update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| Tests pass? | yes <!-- please add some, will be required by reviewers -->
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
<!--
Write a short README entry for your feature/bugfix here (replace this comment block.)
This will help people understand your PR and can be used as a start of the Doc PR.
Additionally:
- Bug fixes must be submitted against the lowest branch where they apply
(lowest branches are regularly merged to upper ones so they get the fixes too).
- Features and deprecations must be submitted against the master branch.
-->
Commits
-------
5183049b73 updated MimeType extensions
