This PR was merged into the 4.3 branch.
Discussion
----------
[Cache] fail gracefully when locking is not supported
| Q | A
| ------------- | ---
| Branch? | 4.3
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | Fix#33392
| License | MIT
| Doc PR | -
Commits
-------
93485190f9 [Cache] fail gracefully when locking is not supported
This PR was squashed before being merged into the 4.3 branch (closes#33713).
Discussion
----------
Fix exceptions (PDOException) error code type
| Q | A
| ------------- | ---
| Branch? | 4.3
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | Fix#33704
| License | MIT
From the [php.net docs](https://www.php.net/manual/en/exception.getcode.php) `Exception::getCode()` description:
> Returns the exception code as integer in Exception but possibly as other type in Exception descendants (for example as **string** in PDOException).
So if can be string, we convert it to the int in the `HandlerFailedException` but it still string in `nestedExceptiions`.
Commits
-------
9efa025a2a Fix exceptions (PDOException) error code type
This PR was merged into the 4.3 branch.
Discussion
----------
[Form] Names for buttons should start with lowercase
| Q | A
| ------------- | ---
| Branch? | 4.3
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | N/A
| License | MIT
| Doc PR | N/A
This fix changes the messages related to the changes in https://github.com/symfony/symfony/pull/28969 - the message used to state that names should start with a letter, a digit ... - so I got a confusing message:
```
Using names for buttons that do not start with a letter, a digit, or an underscore is deprecated since Symfony 4.3 and will throw an exception in 5.0 ("Search" given).'
```
Which made me find the message, look at the regex that was used, and work out that actually it should start with a lowercase letter, and hence this PR - where I assume there is a reason that the name must start with lowercase letters.
Commits
-------
f65524e4e0 Names for buttons should start with lowercase
This PR was merged into the 4.4 branch.
Discussion
----------
[FrameworkBundle] Sort tagged services
| Q | A
| ------------- | ---
| Branch? | 4.4 <!-- see below -->
| Bug fix? | no
| New feature? | yes <!-- please update src/**/CHANGELOG.md files -->
| BC breaks? | no <!-- see https://symfony.com/bc -->
| Deprecations? | no <!-- please update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| Tests pass? | yes <!-- please add some, will be required by reviewers -->
| Fixed tickets | https://github.com/symfony/symfony/issues/32439 <!-- #-prefixed issue number(s), if any -->
| License | MIT
| Doc PR | -
Hi
This PR it's to improve DX when `debug:container` command is use with tag argument by sorting them by priority (More details in linked issue).
Currently they are sort by alphabetical order.
Commits
-------
54cef2a3a3 [FrameworkBundle] Sort tagged service by priority
This PR was merged into the 4.4 branch.
Discussion
----------
[DI] scope singly-implemented interfaces detection by file
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | no
| BC breaks? | yes
| Deprecations? | no
| Tests pass? | yes
| License | MIT
[DependencyInjection] fixed handling singly implemented interfaces when importing multiple resources
for example:
```yaml
App\Adapter\:
resource: '../src/Adapter/*'
App\Port\:
resource: '../src/Port/*'
```
this configuration wont create service for interface (in other words singly implemented interface wont be autowired) and this chage fixes it
**Also** this will prevent false positives - for example if I had one implementation in \App\Port namespace and another in \App\Adapter then interface service would still be registered
but that could potentially break exisitng code not aware of this bug
Commits
-------
c1f39709ff [DI] add FileLoader::registerAliasesForSinglyImplementedInterfaces()
bec38900d8 [DI] scope singly-implemented interfaces detection by file
This PR was merged into the 4.4 branch.
Discussion
----------
[ErrorHandler] Show fallback error page when default error controller is disabled
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | -
This would avoid a blank page on errors when we've disabled the default error controller. e.g:
```yaml
framework:
error_controller: null
```
So, we will show you the default HTML error page.
Commits
-------
8eea11cc26 Show fallback error page when framework.error_controller is null
This PR was merged into the 4.4 branch.
Discussion
----------
[ErrorHandler] don't throw deprecations for return-types by default
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| Tickets | Fix#33235
| License | MIT
| Doc PR | -
As discussed a few times already, in 4.4, `DebugClassLoader` shouldn't trigger deprecations when return types are missing. We'll enable them back in 5.1.
Commits
-------
2cb419edf4 [ErrorHandler] don't throw deprecations for return-types by default
This PR was merged into the 4.4 branch.
Discussion
----------
[HttpKernel] compress files generated by the profiler
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | no
| New feature? | yes
| Deprecations? | no
| Tickets | #33006
| License | MIT
| Doc PR | -
I've recently seen several reports of fastly growing profiler storages. Let's compress them when possible.
Locally for the skeleton homepage, a single profile goes from 150k to 15k. Level 3 is producing significant compression ratio while being measurably faster than level 6 (the default), that's why I'm using it.
Commits
-------
08f9470556 [HttpKernel] compress files generated by the profiler
This PR was squashed before being merged into the 4.4 branch (closes#33317).
Discussion
----------
[Messenger] Added support for `from_transport` attribute on `messenger.message_handler` tag
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #33306
| License | MIT
| Doc PR | https://github.com/symfony/symfony-docs/pull/12231
Right now, it's only possible to have dynamic `from_transport` when using `MessageSubscriberInterface`. Things like `priority` and `bus` can already be added as attributes on the messenger.message_handler` tag.
With this PR it now also supports `from_transport`.
Commits
-------
c965e4e844 [Messenger] Added support for `from_transport` attribute on `messenger.message_handler` tag
This PR was merged into the 3.4 branch.
Discussion
----------
Fix return type of Process::restart()
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | N/A
| License | MIT
| Doc PR | N/A
`Process::restart()` is annotated with `@return $this`, but it actually returns a clone of the current object. So `@return static` would be more appropriate.
Commits
-------
7d7380d9e7 Fix return type of Process::restart().
This PR was merged into the 4.3 branch.
Discussion
----------
Add missing row_attr option to FormType
| Q | A
| ------------- | ---
| Branch? | 4.3
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | Fix: #33682 - related issue #33573
| License | MIT
The #33573 modified Symfony's form themes. But the [FormType](https://github.com/symfony/form/blob/master/Extension/Core/Type/FormType.php) don't allow the option `row_attr` so the OptionResolver throw an exception that the option is unknown.
This PR basically add the option and give it to the form view (like `label_attr` do)
Commits
-------
d711ea2b54 Add missing row_attr option to FormType
This PR was merged into the 4.3 branch.
Discussion
----------
[Security] use LegacyEventDispatcherProxy
| Q | A
| ------------- | ---
| Branch? | 4.3
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | -
I ran into an issue on one of my apps that has its own event dispatcher class using the old dispatch method signature
```php
public function dispatch($eventName, Event $event = null)
```
This leads to
```
TypeError: Argument 2 passed to X\Tests\Base\TestEventDispatcher::dispatch() must be an instance of Symfony\Component\EventDispatcher\Event or null, string given, called in /var/www/x/symfony/vendor/symfony/security/Http/Firewall/ContextListener.php on line 230
/var/www/x/symfony/tests/Base/TestEventDispatcher.php:20
/var/www/x/symfony/vendor/symfony/security/Http/Firewall/ContextListener.php:230
/var/www/x/symfony/vendor/symfony/security/Http/Firewall/ContextListener.php:111
```
since the event here is dispatched using the new signature:
https://github.com/symfony/symfony/blob/4.4/src/Symfony/Component/Security/Http/Firewall/ContextListener.php#L259
Commits
-------
7067e48165 [Security] use LegacyEventDispatcherProxy
* 4.3:
[Security/Http] fix typo in deprecation message
Various tweaks 3.4
Various tweaks 4.3
[PhpUnit] Fix usleep mock return value
[Lock] use Predis\ClientInterface instead of Predis\Client
Fix version typo in deprecation notice
Make legacy "wrong" RFC2047 encoding apply only to one header
This PR was merged into the 4.3 branch.
Discussion
----------
[Security/Http] fix typo in deprecation message
| Q | A
| ------------- | ---
| Branch? | 4.3
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | -
spotted by @stof in #33676
Commits
-------
e70057aed4 [Security/Http] fix typo in deprecation message
This PR was squashed before being merged into the 4.4 branch (closes#33584).
Discussion
----------
[Security] Deprecate isGranted()/decide() on more than one attribute
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | no
| New feature? | no
| Deprecations? | yes
| Tickets | -
| License | MIT
| Doc PR | tbd
While I expect it not be used much, it is currently possible to call `isGranted()` on more than one attribute:
```php
if ($this->authorizationChecker->isGranted(['ROLE_USER', 'ROLE_ADMIN'])) {
// ...
}
```
Supporting this includes a couple of problems/questions:
- It is not clear whether this is `OR` or `AND`;
- In fact, this is left over to the voter to decide upon. So it can vary for each voter and writers of new voters need to consider this (otherwise, you get issues like https://github.com/LeaseWeb/LswSecureControllerBundle/issues/4 );
- It promotes to vote over roles instead of actions.
I think we can do better. In the past, we've created all tooling for this to be self-explaining and easier:
```php
// ExpressionLanguage component (also includes other functions, like `is_granted('EDIT')`)
if ($this->authorizationChecker->isGranted("has_role('ROLE_USER') or has_role('ROLE_ADMIN')")) {
// ...
}
// calling it multiple times in PHP (may reduce performance)
if ($this->authorizationChecker->isGranted('ROLE_USER')
|| $this->authorizationChecker->isGranted('ROLE_ADMIN')
) {
// ...
}
// or by using Role Hierarchy, if a user really wants to vote on roles
```
This PR deprecates passing more than one attribute to `isGranted()` and `decide()` to remove this confusing bit in Security usage.
Backwards compatiblity help
---
I need some help in how to approach changing the `VoterInterface::vote(TokenInterface $token, $subject, array $attributes)` method in a backwards compatible way. Removing `array` breaks all Voters, so does changing it to `string` and removed the parameter all together.
Commits
-------
c64b0beffb [Security] Deprecate isGranted()/decide() on more than one attribute
This PR was merged into the 4.4 branch.
Discussion
----------
[Security] Make stateful firewalls turn responses private only when needed
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #26769 *et al.*
| License | MIT
| Doc PR | -
Replaces #28089
By taking over session usage tracking and replacing it with token usage tracking, we can prevent responses that don't actually use the token from turning responses private without changing anything to the lifecycle of security listeners. This makes the behavior much more seamless, allowing to still log the user with the monolog processor, and display it in the profiler toolbar.
This works by using two separate token storage services:
- `security.token_storage` now tracks access to the token and increments the session usage tracker when needed. This is the service that is injected in userland.
- `security.untracked_token_storage` is a raw token storage that just stores the token and is disconnected from the session. This service is injected in places where reading the session doesn't impact the generated output in any way (as e.g. in Monolog processors, etc.)
Commits
-------
20df3a125c [Security] Make stateful firewalls turn responses private only when needed
