Errors reported by Sami API Doc generator on branch 3.2
ERROR: The "factory" @param tag variable name is wrong (should be "objectLoader") on "Symfony\Bridge\Doctrine\Form\ChoiceList\DoctrineChoiceLoader::__construct" in src/Symfony/Bridge/Doctrine/Form/ChoiceList/DoctrineChoiceLoader.php:68
ERROR: The "objectLoader" @param tag variable name is wrong (should be "factory") on "Symfony\Bridge\Doctrine\Form\ChoiceList\DoctrineChoiceLoader::__construct" in src/Symfony/Bridge/Doctrine/Form/ChoiceList/DoctrineChoiceLoader.php:68
ERROR: "7" @param tags are expected but only "6" found on "Symfony\Bundle\WebProfilerBundle\Controller\ProfilerController::__construct" in src/Symfony/Bundle/WebProfilerBundle/Controller/ProfilerController.php:50
ERROR: "3" @param tags are expected but only "2" found on "Symfony\Component\Asset\PathPackage::__construct" in src/Symfony/Component/Asset/PathPackage.php:35
ERROR: "2" @param tags are expected but only "1" found on "Symfony\Component\Cache\Adapter\PhpArrayAdapter::create" in src/Symfony/Component/Cache/Adapter/PhpArrayAdapter.php:64
ERROR: "3" @param tags are expected but only "1" found on "Symfony\Component\Cache\Adapter\RedisAdapter::__construct" in src/Symfony/Component/Cache/Adapter/RedisAdapter.php:39
ERROR: The "format" @param tag variable name is wrong (should be "fileLinkFormat") on "Symfony\Component\Debug\ExceptionHandler::setFileLinkFormat" in src/Symfony/Component/Debug/ExceptionHandler.php:90
ERROR: "2" @param tags are expected but only "3" found on "Symfony\Component\DependencyInjection\Compiler\Compiler::addPass" in src/Symfony/Component/DependencyInjection/Compiler/Compiler.php:73
ERROR: "2" @param tags are expected but only "3" found on "Symfony\Component\DependencyInjection\Compiler\PassConfig::addPass" in src/Symfony/Component/DependencyInjection/Compiler/PassConfig.php:97
ERROR: "2" @param tags are expected but only "3" found on "Symfony\Component\DependencyInjection\ContainerBuilder::addCompilerPass" in src/Symfony/Component/DependencyInjection/ContainerBuilder.php:311
ERROR: "2" @param tags are expected but only "3" found on "Symfony\Component\DependencyInjection\LazyProxy\PhpDumper\DumperInterface::getProxyFactoryCode" in src/Symfony/Component/DependencyInjection/LazyProxy/PhpDumper/DumperInterface.php:41
ERROR: "0" @param tags are expected but only "1" found on "Symfony\Component\HttpFoundation\Request::isMethodSafe" in src/Symfony/Component/HttpFoundation/Request.php:1458
ERROR: "5" @param tags are expected but only "6" found on "Symfony\Component\Serializer\Normalizer\AbstractNormalizer::instantiateObject" in src/Symfony/Component/Serializer/Normalizer/AbstractNormalizer.php:291
* 3.2:
[Bridge\Doctrine] Fix change breaking doctrine-bundle test suite
[WebProfilerBundle] Include badge status in translation tabs
[FrameworkBundle] Cache pool clear command requires at least 1 pool
[HttpFoundation][bugfix] should always be initialized
MockArraySessionStorage: updated phpdoc for $bags so that IDE autocompletion would work
normalize paths before making them relative
removed test that does not test anything
fixed tests
#21809 [SecurityBundle] bugfix: if security provider's name contains upper cases then container didn't compile
[WebProfilerBundle] Fix for CSS attribute at Profiler Translation Page
Set Date header in Response constructor already
[Validator] fix URL validator to detect non supported chars according to RFC 3986
[Security] Fixed roles serialization on token from user object
* 2.8:
[Bridge\Doctrine] Fix change breaking doctrine-bundle test suite
[HttpFoundation][bugfix] should always be initialized
MockArraySessionStorage: updated phpdoc for $bags so that IDE autocompletion would work
normalize paths before making them relative
* 2.7:
[Bridge\Doctrine] Fix change breaking doctrine-bundle test suite
[HttpFoundation][bugfix] should always be initialized
MockArraySessionStorage: updated phpdoc for $bags so that IDE autocompletion would work
normalize paths before making them relative
This PR was squashed before being merged into the 3.3-dev branch (closes#21819).
Discussion
----------
[Twig Bridge] A simpler way to retrieve flash messages
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
Getting flash messages in templates is more complex than it could be. Main problems:
1. It's too low level: you need to get the "flash bag" (and first, learn what a "flash bag" is) and then you need to call the internal method: `all()`, `get()`, etc.
2. You need to be careful because the session will start automatically when you ask for flashes (even if there are no flashes). You can prevent this with the `{% if app.session is not null and app.session.started %}` code, but it's boring to always use that.
So, I propose to add a new `app.flashes` helper that works as follows.
---
## Get all the flash messages
### Before
```twig
{% if app.session is not null and app.session.started %}
{% for label, messages in app.session.flashbag.all %}
{% for message in messages %}
<div class="alert alert-{{ label }}">
{{ message }}
</div>
{% endfor %}
{% endfor %}
{% endif %}
```
### After
```twig
{% for label, messages in app.flashes %}
{% for message in messages %}
<div class="alert alert-{{ label }}">
{{ message }}
</div>
{% endfor %}
{% endfor %}
```
---
## Get only the flashes of type `notice`
```twig
{% if app.session is not null and app.session.started %}
{% for message in app.session.flashbag.get('notice') %}
<div class="alert alert-notice">
{{ message }}
</div>
{% endfor %}
{% endif %}
```
### After
```twig
{% for message in app.flashes('notice') %}
<div class="alert alert-notice">
{{ message }}
</div>
{% endfor %}
```
---
As an added bonus, you can get any number of flash messages because the method allows to pass an array of flash types:
```twig
{% for label, messages in app.flashes(['warning', 'error']) %}
{% for message in messages %}
<div class="alert alert-{{ label }}">
{{ message }}
</div>
{% endfor %}
{% endfor %}
```
Commits
-------
5a56b23327 [Twig Bridge] A simpler way to retrieve flash messages
This PR was squashed before being merged into the 3.3-dev branch (closes#20365).
Discussion
----------
[TwigBridge] Handle form label attributes like others
| Q | A |
| --- | --- |
| Branch? | master
| Bug fix? | no
| New feature? | yes
| BC breaks? | no |
| Deprecations? | no |
| Tests pass? | yes
| Fixed tickets | -
| License | MIT |
| Doc PR | -
The HTML for rendering attributes is duplicated in multiple blocks, making it error prone/hard to maintain.
Next, the label attributes followed a different approach. Imo. all should follow the same base rendering, showing the above is actually an issue.
Commits
-------
e317e0aeab [TwigBridge] Handle form label attributes like others
This PR was merged into the 3.3-dev branch.
Discussion
----------
[PhpUnitBridge] add errors as late as possible
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
PHPUnit may change the test's state after the listener's startTest()
method has been executed thus leading to broken test result output.
Commits
-------
167742e521 add errors as late as possible
* 3.2:
Fixes a typo in the form collector styles
[WebProfilerBundle] Fix content-security-policy compatibility
[WebProfilerBundle] Drop dead code
[HttpKernel] Fixed bug with purging of HTTPS URLs
fix some risky tests
[DI] [YamlFileLoader] change error message of a non existing file
[WebProfilerBundle] Handle Content-Security-Policy-Report-Only header correctly
[Security] Added option to return true in the method isRememberMeRequested
* 2.8:
Fixes a typo in the form collector styles
[HttpKernel] Fixed bug with purging of HTTPS URLs
fix some risky tests
[DI] [YamlFileLoader] change error message of a non existing file
[Security] Added option to return true in the method isRememberMeRequested
* 2.7:
[HttpKernel] Fixed bug with purging of HTTPS URLs
fix some risky tests
[DI] [YamlFileLoader] change error message of a non existing file
[Security] Added option to return true in the method isRememberMeRequested
* 2.7:
#20411 fix Yaml parsing for very long quoted strings
[Doctrine Bridge] fix priority for doctrine event listeners
Use PHP functions as array_map callbacks when possible
[Validator] revert wrong Phpdoc change
Use proper line endings
This PR was merged into the 2.7 branch.
Discussion
----------
[Doctrine Bridge] fix priority for doctrine event listeners
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #21977
| License | MIT
| Doc PR | -
This fixes handling the priorities for doctrine event listeners. As found out by @chapterjason in https://github.com/symfony/symfony/issues/21977 the priority was incorrectly handled as soon as a listener had more than one tag (so listening to multiple events).
With this changes all tagged listeners are globally sorted by priority (using the same stable sort approach as in the later available `PriorityTaggedServiceTrait`) and then added one by one to the event manager.
I also updated the tests a bit as it was not covering all cases.
We also have to extend the docs for it I think as it does not mention the `priority` and `lazy` option at all? http://symfony.com/doc/current/doctrine/event_listeners_subscribers.html
Commits
-------
9d9d4efb88 [Doctrine Bridge] fix priority for doctrine event listeners
This PR was merged into the 3.3-dev branch.
Discussion
----------
[FrameworkBundle][Monolog] Added a new way to follow logs
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
----
If you want to try this PR, you can use [my fork](https://github.com/lyrixx/symfony-standard/tree/server-log):
```bash
git clone https://github.com/lyrixx/symfony-standard -b server-log symfony-se-logs
cd symfony-se-logs
composer install
bin/console server:start
bin/console server:log
```
and from anywhere `curl http://0:8000`
---
Basically, it's a new way to view and filter real time logs, from the CLI.
![screenshot13](https://cloud.githubusercontent.com/assets/408368/21898198/52fa8c3c-d8ec-11e6-98db-6b3a6f8fe50d.png)
Commits
-------
ac92375ddb [FrameworkBundle][Monolog] Added a new way to follow logs
When registering the error handler, simple-phpunit might be used, and in
that case, the bootstrap process will not have environment variables
defined inside phpunit.xml.dist . This means `$mode` might differ when
registering the error handler, and when an error is triggered.
This raises a question: should the $mode argument be removed to avoid
similar errors in the future?
PHPUnit 5.3 doesn't have the forward compatibility layer for PHPUnit 6 so that `PHPUnit\Framework\TestCase` can be used instead of `PHPUnit_Framework_TestCase`.
This generates an error when upgrading to Symfony 3.2.5 without forcing the `SYMFONY_PHPUNIT_VERSION` const:
```
Class 'PHPUnit\Framework\TestCase' not found in vendor/symfony/symfony/src/Symfony/Bundle/FrameworkBundle/Test/KernelTestCase.php on line 25
```
This was introduced by c9684ad31f in 3.2.5
* 3.2:
[Serializer] Xml encoder throws exception for valid data
[Form] Hardened form type tests
fixed CS
Added setInputStream deprecation to UPGRADE guides
fixed CS
This PR was squashed before being merged into the 3.3-dev branch (closes#20680).
Discussion
----------
DoctrineDataCollector: taught sanitizeParam to support classes with __toString implemented.
This PR teaches \Symfony\Bridge\Doctrine\DataCollector\DoctrineDataCollector::sanitizeParam support objects, which implement __toString and therefore can be represented as a string with more sense, than "(object) ClassName". It also includes test for the feature.
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | [20673](https://github.com/symfony/symfony/issues/20673)
| License | MIT
| Doc PR | no
Commits
-------
f2970f22ac DoctrineDataCollector: taught sanitizeParam to support classes with __toString implemented.
This PR was merged into the 3.3-dev branch.
Discussion
----------
[PhpUnitBridge] include expected deprecations in assertion counter
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | https://github.com/symfony/symfony/pull/21786#issuecomment-283074426
| License | MIT
| Doc PR |
We still need to include the changes from #21786 as we cannot increment the number of assertions in the `startTest()` method (the PHPUnit test runner resets the counter after the listeners have been executed).
Commits
-------
cdcd5ae include expected deprecations in assertion counter
This PR was merged into the 3.3-dev branch.
Discussion
----------
[PhpUnitBride] disable global test listener when not registered
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
The global test listener is always initialized to register the clock
mock and DNS mock as soon as possible. However, when the listener is
registered locally through the PHPUnit config, it will never be
registered as a listener. In thise case, the state of the local
listener must be reset to correctly report expected deprecation test
results.
Commits
-------
f4cd6708b7 disable global test listener when not registered
The global test listener is always initialized to register the clock
mock and DNS mock as soon as possible. However, when the listener is
registered locally through the PHPUnit config, it will never be
registered as a listener. In thise case, the state of the local
listener must be reset to correctly report expected deprecation test
results.
The global test listener is always initialized to register the clock
mock and DNS mock as soon as possible. However, when the listener is
registered locally through the PHPUnit config, it will never be
registered as a listener. In thise case, the state of the local
listener must be reset to correctly report expected deprecation test
results.
This PR was merged into the 3.3-dev branch.
Discussion
----------
[PhpUnitBridge] do not register the test listener twice
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
If the listener is already configured through the PHPUnit config, there
is no need to also enable it explicitly in the test runner.
Commits
-------
f7bdfd068f do not register the test listener twice
This PR was merged into the 3.3-dev branch.
Discussion
----------
[PhpUnitBridge] testing for deprecations is not risky
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
Commits
-------
044cc8f14e testing for deprecations is not risky
* 3.2:
[SecurityBundle] only pass relevant user provider
[Intl] Make tests pass after the ICU data update
[Intl] Update ICU data to 58.2
do not register the test listener twice
[DependencyInjection] removed dead code.
[Yaml] Stop replacing NULLs when merging
[WebServerBundle] fixed html attribute escape
* 2.8:
[SecurityBundle] only pass relevant user provider
[Intl] Make tests pass after the ICU data update
[Intl] Update ICU data to 58.2
do not register the test listener twice
[DependencyInjection] removed dead code.
[Yaml] Stop replacing NULLs when merging
[WebServerBundle] fixed html attribute escape
A new mode is introduced, in which deprecations coming from the vendors
are not taken into account when deciding to exit with an error code. In
this mode, deprecations coming from the vendors are segregated from
other deprecations.
This PR was merged into the 3.2 branch.
Discussion
----------
[DoctrineBridge] Fixed validating custom doctrine type columns
| Q | A
| ------------- | ---
| Branch? | 3.1
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #21619
| License | MIT
| Doc PR | -
This fixes#21619 by not assuming the invalid `$value` is a Doctrine entity if its an object
Commits
-------
ad59370241 [DoctrineBridge] Fixed validating custom doctrine type columns
This PR was merged into the 3.3-dev branch.
Discussion
----------
[Bridge/PhpUnit] Add PHPUnit 6 support
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #21125
| License | MIT
| Doc PR | -
This PR makes our phpunit bridge compatible with all namespaced versions of phpunit, from 4.8.35 to 6.
It takes another approach than #21668 and #21221, thus replaces them.
Tested locally : tests pass when using phpunit 5.7, and fails with v6.0 because our own test suite is not yet compatible with it - but at least it runs nice.
If this were handled as usual Symfony component, we would consider some changes to be BC breaks. But in this specific case - a phpunit bridge - it makes no sense to me to apply the bc policy here. I added `@final` and `@internal` annotations to make this clearer.
Commits
-------
9e0745c [Bridge/PhpUnit] Add PHPUnit 6 support
* 3.2:
Refactored other PHPUnit method calls to work with namespaced PHPUnit 6
Refactored other PHPUnit method calls to work with namespaced PHPUnit 6
Further refactorings to PHPUnit namespaces
resolve parameters in definition classes
* 2.8:
Refactored other PHPUnit method calls to work with namespaced PHPUnit 6
Further refactorings to PHPUnit namespaces
resolve parameters in definition classes
This PR was squashed before being merged into the 2.8 branch (closes#21663).
Discussion
----------
Updated PHPUnit namespaces
| Q | A
| ------------- | ---
| Branch? | 2.8
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
Follow Up of #21564
Commits
-------
205ced4 Updated PHPUnit namespaces
This PR was squashed before being merged into the 3.3-dev branch (closes#21478).
Discussion
----------
[Asset] Add support for preloading with links and HTTP/2 push
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | todo
Allows compatible clients to preload mandatory assets like scripts, stylesheets or images according to [the "preload" working draft of the W3C](https://www.w3.org/TR/preload/).
Thanks to this PR, Symfony will automatically adds `Link` HTTP headers with a `preload` relation for mandatory assets. If an intermediate proxy supports HTTP/2 push, it will convert preload headers. For instance [Cloudflare supports this feature](https://blog.cloudflare.com/using-http-2-server-push-with-php/).
It dramatically increases pages speed and make the web greener because only one TCP connection is used to fetch all mandatory assets (decrease servers and devices loads, improve battery lives).
Usage:
Updated version:
```html
<html>
<body>
Hello
<script src="{{ preload(asset('/scripts/foo.js'), 'script') }}"></script>
</body>
</html>
```
~~First proposal:~~
```html
<html>
<body>
Hello
<script src="{{ preloaded_asset('/scripts/foo.js', 'script') }}"></script>
</body>
</html>
```
- [x] Add tests
Commits
-------
7bab21700d [Asset] Add support for preloading with links and HTTP/2 push
This PR was merged into the 3.3-dev branch.
Discussion
----------
[FrameworkBundle] Make use of stderr for non reliable output
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
Built-in commands should make use of the proper outputs.
As a feature on master, considering that people may actually rely on stdout and the fact commands have been changed a lot since 2.7, I think it's not worth doing this change on lower branches.
Please see also #20586 which adds a `SymfonyStyle::getErrorStyle()` shortcut for easily switching to stderr.
Commits
-------
7b262d8c29 [FrameworkBundle] Use getErrorStyle() when relevant
9a3a5686c8 Use stderr for some other commands
1ee48bfd60 [FrameworkBundle] Make use of stderr for non reliable output
* 3.2:
Fix typo in process error message
Update to PHPUnit namespaces
Minor typo fix messsagesData -> messagesData
remove translation data collector when not usable
* 3.2:
Permit empty suffix on Windows
fixed CS
[FrameworkBundle] Remove unused import
[Console][Table] fixed render when using multiple rowspans.
add docblocks for Twig url and path function to improve ide completion
check for circular refs caused by method calls
[Serializer] fix upper camel case conversion (see #21399)
[DI] Auto register extension configuration classes as a resource
[Console] Updated phpdoc on return types
* 2.8:
Permit empty suffix on Windows
[Console][Table] fixed render when using multiple rowspans.
add docblocks for Twig url and path function to improve ide completion
check for circular refs caused by method calls
[Serializer] fix upper camel case conversion (see #21399)
[DI] Auto register extension configuration classes as a resource
[Console] Updated phpdoc on return types
* 2.7:
Permit empty suffix on Windows
[Console][Table] fixed render when using multiple rowspans.
add docblocks for Twig url and path function to improve ide completion
check for circular refs caused by method calls
[Serializer] fix upper camel case conversion (see #21399)
[DI] Auto register extension configuration classes as a resource
[Console] Updated phpdoc on return types
This PR was merged into the 2.7 branch.
Discussion
----------
[TwigBridge] Add docblocks for Twig url and path function to improve ide completion
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| License | MIT
`RoutingExtension` missed docblock for Twig extension so `path` and `url` are not fully recognized by PhpStorm.
https://github.com/Haehnchen/idea-php-symfony2-plugin/issues/864 will add more smarter completion
`{{ p<caret> }} -> {{ path('<caret>') }}`, but string parameter is not detected. This will add the minimal docs
Commits
-------
93ab0179f0 add docblocks for Twig url and path function to improve ide completion
* 3.2: (27 commits)
Improve tracking of environment variables in the case of private services
[DI] Align AutowirePass with 2.8
property constraints can be added in child classes
added test for staticClassLoader in LazyLoadingMetadatafactory
fixed PHPUnit setUp and tearDown method visibility
spelling fixes
Readd Symfony version status in the toolbar
[Security] LdapUserProvider should not throw an exception if the UID key does not exist in an LDAP entry
make sure that null can be the invalid value
[VarDumper] Improve dump of AMQP* Object
Fix annotations cache folder path
[FrameworkBundle] Wire ArrayCache for annotation reader at bootstrap
Ignore missing 'debug.file_link_formatter' service in Debug bundle
[VarDumper] Fixed dumping of terminated generator
bumped Symfony version to 3.2.4
updated VERSION for 3.2.3
updated CHANGELOG for 3.2.3
bumped Symfony version to 2.8.18
updated VERSION for 2.8.17
updated CHANGELOG for 2.8.17
...
* 2.8:
property constraints can be added in child classes
added test for staticClassLoader in LazyLoadingMetadatafactory
spelling fixes
Readd Symfony version status in the toolbar
make sure that null can be the invalid value
[VarDumper] Improve dump of AMQP* Object
[VarDumper] Fixed dumping of terminated generator
bumped Symfony version to 2.8.18
updated VERSION for 2.8.17
updated CHANGELOG for 2.8.17
bumped Symfony version to 2.7.25
updated VERSION for 2.7.24
update CONTRIBUTORS for 2.7.24
updated CHANGELOG for 2.7.24
[FrameworkBundle] Simplify createPackageDefinition
fix directory resource considers same timestamp not fresh
return false early from directory resource
* 2.7:
property constraints can be added in child classes
added test for staticClassLoader in LazyLoadingMetadatafactory
spelling fixes
make sure that null can be the invalid value
bumped Symfony version to 2.7.25
updated VERSION for 2.7.24
update CONTRIBUTORS for 2.7.24
updated CHANGELOG for 2.7.24
[FrameworkBundle] Simplify createPackageDefinition
fix directory resource considers same timestamp not fresh
return false early from directory resource
This PR was merged into the 3.3-dev branch.
Discussion
----------
Secure unserialize by restricting allowed classes when using PHP 7
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | ---
| License | MIT
| Doc PR | ---
While playing around with Symfony in a PHP 7.1 application I noticed a warning in how EnvParameterResoure uses unserialize. Since PHP 7.0 introduced the options argument which allows to restrict which classes can be unserialized for better security, it might make sense to use it here. As far as I can tell this is no BC break, it only provides an additional safety mechanism.
Commits
-------
b4201810b9 Conditionally add options to unserialize in PHP 7.0+.
* 3.2:
Add HEADER_FORWARDED to setTrustedHeaderName docs
Fix phpDoc typo
[FrameworkBundle][Console] JsonDescriptor: Respect original output
Remove dead code
Enable dump() in autoload-dev
add missing functional Serializer test case
* 3.2:
fixed typo
fixed composer.json
[HttpKernel] Fix Bundle name regression
always check for all fields to be mapped
clarify exception when no args are configured
[PropertyAccess] Handle interfaces in the invalid argument exception
[DI] Fix defaults overriding empty strings in AutowirePass
[Debug] Workaround "null" $context
[Debug] Remove $context arg from handleError(), preparing for PHP 7.2
[FrameworkBundle] Dont wire "annotations.cached_reader" before removing passes
[Routing] Fix BC break in AnnotationClassLoader defaults attributes handling
Fix tests with ICU 57.1
Fix the condition checking the minimum ICU version
* 3.1:
fixed typo
fixed composer.json
always check for all fields to be mapped
clarify exception when no args are configured
[PropertyAccess] Handle interfaces in the invalid argument exception
[DI] Fix defaults overriding empty strings in AutowirePass
[Debug] Workaround "null" $context
[Debug] Remove $context arg from handleError(), preparing for PHP 7.2
[Routing] Fix BC break in AnnotationClassLoader defaults attributes handling
Fix tests with ICU 57.1
Fix the condition checking the minimum ICU version
* 2.8:
always check for all fields to be mapped
clarify exception when no args are configured
[PropertyAccess] Handle interfaces in the invalid argument exception
[DI] Fix defaults overriding empty strings in AutowirePass
[Debug] Workaround "null" $context
[Debug] Remove $context arg from handleError(), preparing for PHP 7.2
[Routing] Fix BC break in AnnotationClassLoader defaults attributes handling
Fix tests with ICU 57.1
Fix the condition checking the minimum ICU version
* 2.7:
always check for all fields to be mapped
clarify exception when no args are configured
[PropertyAccess] Handle interfaces in the invalid argument exception
[Debug] Workaround "null" $context
[Debug] Remove $context arg from handleError(), preparing for PHP 7.2
[Routing] Fix BC break in AnnotationClassLoader defaults attributes handling
Fix tests with ICU 57.1
Fix the condition checking the minimum ICU version
* 3.2: (40 commits)
fixed CS
fixed CS
fixed CS fixer config
fixed typo
Revert "fixed typo"
fixed typo
fixed CS
Avoid setting request attributes from signature arguments in AnnotationClassLoader
[DependencyInjection] Add some missing typehints in YamlFileLoader
[DependencyInjection] minor: Fix a DocBlock
[HttpKernel] Give higher priority to adding request formats
[Cache] Fix tags expiration
[PhpUnit] Blacklist DeprecationErrorHandler in stack traces
[PropertyInfo] Don't try to access a property thru a static method
[PropertyInfo] Exclude static methods form properties guessing
[Workflow] Added new validator to make sure each place has unique translation names
[Cache] [PdoAdapter] Fix MySQL 1170 error (blob as primary key)
[FrameworkBundle] Fix third level headers for MarkdownDescriptor
[Ldap] Using Ldap stored username instead of form submitted one
[Ldap] load users with the good username case
...
* 3.1: (31 commits)
fixed CS
fixed CS
fixed CS fixer config
fixed typo
Revert "fixed typo"
fixed typo
fixed CS
Avoid setting request attributes from signature arguments in AnnotationClassLoader
[DependencyInjection] Add some missing typehints in YamlFileLoader
[DependencyInjection] minor: Fix a DocBlock
[HttpKernel] Give higher priority to adding request formats
[PropertyInfo] Don't try to access a property thru a static method
[PropertyInfo] Exclude static methods form properties guessing
[FrameworkBundle] Fix third level headers for MarkdownDescriptor
[Ldap] Using Ldap stored username instead of form submitted one
[Ldap] load users with the good username case
[DoctrineBridge] Fixed invalid unique value as composite key
[Doctrine Bridge] fix UniqueEntityValidator for composite object primary keys
[TwigBundle] do not lose already set method calls
#20411 fix Yaml parsing for very long quoted strings
...
* 2.8: (26 commits)
fixed CS
fixed CS
fixed CS fixer config
fixed typo
Revert "fixed typo"
fixed typo
fixed CS
Avoid setting request attributes from signature arguments in AnnotationClassLoader
[DependencyInjection] Add some missing typehints in YamlFileLoader
[DependencyInjection] minor: Fix a DocBlock
[HttpKernel] Give higher priority to adding request formats
[PropertyInfo] Don't try to access a property thru a static method
[PropertyInfo] Exclude static methods form properties guessing
[FrameworkBundle] Fix third level headers for MarkdownDescriptor
[TwigBundle] do not lose already set method calls
#20411 fix Yaml parsing for very long quoted strings
CS: apply is_null
DX: remove invalid inheritdoc
bumped Symfony version to 2.8.17
updated VERSION for 2.8.16
...
* 2.7:
fixed typo
Revert "fixed typo"
fixed typo
fixed CS
Avoid setting request attributes from signature arguments in AnnotationClassLoader
[DependencyInjection] Add some missing typehints in YamlFileLoader
[DependencyInjection] minor: Fix a DocBlock
[HttpKernel] Give higher priority to adding request formats
[FrameworkBundle] Fix third level headers for MarkdownDescriptor
[TwigBundle] do not lose already set method calls
#20411 fix Yaml parsing for very long quoted strings
CS: apply is_null
DX: remove invalid inheritdoc
bumped Symfony version to 2.7.24
updated VERSION for 2.7.23
update CONTRIBUTORS for 2.7.23
updated CHANGELOG for 2.7.23
[FrameworkBundle] Skip test if xdebug.file_link_format is defined.