* 4.0:
[Routing] Fix throwing NoConfigurationException instead of 405
[Security] Load the user before pre/post auth checks when needed
[SecurityBundle] Add test for simple authentication config
[WebProfilerBundle] fix version check
[SecurityBundle] Add missing argument to security.authentication.provider.simple
[Finder] fix tests
* 3.4:
[Routing] Fix throwing NoConfigurationException instead of 405
[Security] Load the user before pre/post auth checks when needed
[SecurityBundle] Add test for simple authentication config
[WebProfilerBundle] fix version check
[SecurityBundle] Add missing argument to security.authentication.provider.simple
[Finder] fix tests
* 2.8:
[Security] Load the user before pre/post auth checks when needed
[SecurityBundle] Add test for simple authentication config
[SecurityBundle] Add missing argument to security.authentication.provider.simple
[Finder] fix tests
This PR was merged into the 4.1-dev branch.
Discussion
----------
Mark ExceptionInterfaces throwable
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
This interface is meant to be catched, but currently it doesn't guarantee class extending it is an instance of Throwable or Exception.
Commits
-------
b2d8792908 Mark ExceptionInterfaces throwable
* 4.0: (24 commits)
moved Twig runtime to proper class
fixed deprecated messages in tests
add PHP errors options to XML schema definition
[HttpCache] Unlink tmp file on error
Added LB translation for #26327 (Errors sign for people that do not see colors)
[TwigBridge] Fix rendering of currency by MoneyType
Import InvalidArgumentException in PdoAdapter
[DI] Do not suggest writing an implementation when multiple exist
[Intl] Update ICU data to 61.1
Use 3rd person verb form in command description
[Validator] Add Japanese translation
Support phpdbg SAPI in Debug::enable()
[HttpKernel] DumpDataCollector: do not flush when a dumper is provided
[DI] Fix hardcoded cache dir for warmups
[Routing] fix tests
[Routing] Fixed the importing of files using glob patterns that match multiple resources
[Ldap] cast to string when checking empty passwords
[Validator] sync validator translation id
[WebProfilerBundle] use the router to resolve file links
no type errors with invalid submitted data types
...
* 3.4: (24 commits)
moved Twig runtime to proper class
fixed deprecated messages in tests
add PHP errors options to XML schema definition
[HttpCache] Unlink tmp file on error
Added LB translation for #26327 (Errors sign for people that do not see colors)
[TwigBridge] Fix rendering of currency by MoneyType
Import InvalidArgumentException in PdoAdapter
[DI] Do not suggest writing an implementation when multiple exist
[Intl] Update ICU data to 61.1
Use 3rd person verb form in command description
[Validator] Add Japanese translation
Support phpdbg SAPI in Debug::enable()
[HttpKernel] DumpDataCollector: do not flush when a dumper is provided
[DI] Fix hardcoded cache dir for warmups
[Routing] fix tests
[Routing] Fixed the importing of files using glob patterns that match multiple resources
[Ldap] cast to string when checking empty passwords
[Validator] sync validator translation id
[WebProfilerBundle] use the router to resolve file links
no type errors with invalid submitted data types
...
* 2.8:
[Intl] Update ICU data to 61.1
[Validator] Add Japanese translation
Support phpdbg SAPI in Debug::enable()
[Ldap] cast to string when checking empty passwords
[Validator] sync validator translation id
no type errors with invalid submitted data types
[FrameworkBundle] Partially revert HttpCache is not longer abstract (4d075da)
[Finder] Fixed leading/trailing / in filename
allow html5 compatible rendering of forms with null names
Change datetime input to datetime-local
* 4.0: (32 commits)
[Form] fix tests and deps
[Cache] Rely on mock for Doctrine ArrayCache
[FrameworkBundle] Respect debug mode when warm up annotations
[Console] Fix docblock of DescriptorInterface::describe
[Config] Handle nullable node name + fix inheritdocs
[Security] added userChecker to SimpleAuthenticationProvider
[Debug] fix test
Fix typo in test method name
Fixes#26563 (open_basedir restriction in effect)
[Debug] Reset previous exception handler ealier to prevent infinite loop
add hint in Github pull request template
[Validator] Fix docblock of ClassMetadata#members
[BrowserKit] Fix cookie path handling when $domain is null
[DoctrineBridge] Don't rely on ClassMetadataInfo->hasField in DoctrineOrmTypeGuesser anymore
[BrowserKit] Improves CookieJar::get
[BrowserKit] Fix Cookie's PHPDoc
[DomCrawler] Change bad wording in ChoiceFormField::untick
[DomCrawler] Fix the PHPDoc of ChoiceFormField::setValue
[DomCrawler] Avoid a useless call to strtolower
[FrameworkBundle] HttpCache is not longer abstract
...
* 3.4: (32 commits)
[Form] fix tests and deps
[Cache] Rely on mock for Doctrine ArrayCache
[FrameworkBundle] Respect debug mode when warm up annotations
[Console] Fix docblock of DescriptorInterface::describe
[Config] Handle nullable node name + fix inheritdocs
[Security] added userChecker to SimpleAuthenticationProvider
[Debug] fix test
Fix typo in test method name
Fixes#26563 (open_basedir restriction in effect)
[Debug] Reset previous exception handler ealier to prevent infinite loop
add hint in Github pull request template
[Validator] Fix docblock of ClassMetadata#members
[BrowserKit] Fix cookie path handling when $domain is null
[DoctrineBridge] Don't rely on ClassMetadataInfo->hasField in DoctrineOrmTypeGuesser anymore
[BrowserKit] Improves CookieJar::get
[BrowserKit] Fix Cookie's PHPDoc
[DomCrawler] Change bad wording in ChoiceFormField::untick
[DomCrawler] Fix the PHPDoc of ChoiceFormField::setValue
[DomCrawler] Avoid a useless call to strtolower
[FrameworkBundle] HttpCache is not longer abstract
...
* 2.8: (29 commits)
[Console] Fix docblock of DescriptorInterface::describe
[Config] Handle nullable node name + fix inheritdocs
[Security] added userChecker to SimpleAuthenticationProvider
[Debug] fix test
Fix typo in test method name
Fixes#26563 (open_basedir restriction in effect)
[Debug] Reset previous exception handler ealier to prevent infinite loop
add hint in Github pull request template
[Validator] Fix docblock of ClassMetadata#members
[BrowserKit] Fix cookie path handling when $domain is null
[DoctrineBridge] Don't rely on ClassMetadataInfo->hasField in DoctrineOrmTypeGuesser anymore
[BrowserKit] Improves CookieJar::get
[BrowserKit] Fix Cookie's PHPDoc
[DomCrawler] Change bad wording in ChoiceFormField::untick
[DomCrawler] Fix the PHPDoc of ChoiceFormField::setValue
[DomCrawler] Avoid a useless call to strtolower
[FrameworkBundle] HttpCache is not longer abstract
Php Inspections (EA Ultimate): address some of one-time used local variables
[Intl] Load locale aliases to support alias fallbacks
[CssSelector] Fix CSS identifiers parsing - they can start with dash
...
* 2.7:
[Config] Handle nullable node name + fix inheritdocs
[Security] added userChecker to SimpleAuthenticationProvider
[Debug] fix test
Fix typo in test method name
Fixes#26563 (open_basedir restriction in effect)
[Debug] Reset previous exception handler ealier to prevent infinite loop
add hint in Github pull request template
[Validator] Fix docblock of ClassMetadata#members
[BrowserKit] Fix cookie path handling when $domain is null
[DoctrineBridge] Don't rely on ClassMetadataInfo->hasField in DoctrineOrmTypeGuesser anymore
[BrowserKit] Improves CookieJar::get
[BrowserKit] Fix Cookie's PHPDoc
[DomCrawler] Change bad wording in ChoiceFormField::untick
[DomCrawler] Fix the PHPDoc of ChoiceFormField::setValue
[DomCrawler] Avoid a useless call to strtolower
[FrameworkBundle] HttpCache is not longer abstract
[DomCrawler] extract(): fix a bug when the attribute list is empty
[Config] Backport string|null api for node names
This PR was squashed before being merged into the 4.1-dev branch (closes#26467).
Discussion
----------
Add UsernameNotFoundException declaration to refreshUser().
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | maybe
| New feature? | maybe
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
Symfony\Component\Security\Core\User\UserProviderInterface::refreshUser() does not declare that implementations may throw a UsernameNotFoundException, although a) it makes sense, as the user could have been deleted since the last load, and b) the ContextListener already handles the UsernameNotFoundException. So it looks like someone thought of this, but simply forgot the annotation.
Unsure if this is a bugfix or a feature, but as it doesn't change executed code, master should be soon enough.
Commits
-------
f7a0c46338 Add UsernameNotFoundException declaration to refreshUser().
* 4.0:
Fix typos
[Routing] remove useless failing mocks
[appveyor] Workaround GitHub disabling of low versions of TLS
Use long array syntax
[Routing] Fix GC control of PHP-DSL
[Routing] Don't throw 405 when scheme requirement doesn't match
[Routing] Revert throwing 405 on missed slash/scheme redirections
[WebProfilerBundle] fix test after ajax path updated
Fix ArrayInput::toString() for InputArgument::IS_ARRAY args
Update excluded_ajax_paths for sf4
Add missing use for RoleInterface
Add missing use of Role
[Routing] fix CS
add container.autowiring.strict_mode to 3.4 docs
Set controller without __invoke method from invokable class
[VarDumper] Fixed PHPDoc
* 4.0:
[Translation] Process multiple segments within a single unit.
Document the container.autowiring.strict_mode option
fix custom radios/inputs for checkbox/radio type
Another PR template tweak
[FrameworkBundle] Add missing XML config for circular_reference_handler. Add tests.
fix CS
[PropertyInfo] ReflectionExtractor: give a chance to other extractors if no properties
Clean calls to http_build_query()
[WebProfilerBundle] limit ajax request to 100 and remove the last one
Add support for URL-like DSNs for the PdoSessionHandler
removed version in @final @internal for version < 4.0
[HttpFoundation] Fix missing "throw" in JsonResponse
Improve the documentation of
Suppress warning from sapi_windows_vt100_support on stream other than STDIO
removed extra-verbose comments
Fixes#26136: Avoid emitting warning in hasParameterOption()
Added a README entry to the PR template
[HttpFoundation] Add x-zip-compressed to MimeTypeExtensionGuesser.
[DI] Add null check for removeChild
* 3.4:
[Translation] Process multiple segments within a single unit.
Document the container.autowiring.strict_mode option
fix custom radios/inputs for checkbox/radio type
Another PR template tweak
[FrameworkBundle] Add missing XML config for circular_reference_handler. Add tests.
fix CS
[PropertyInfo] ReflectionExtractor: give a chance to other extractors if no properties
Clean calls to http_build_query()
[WebProfilerBundle] limit ajax request to 100 and remove the last one
Add support for URL-like DSNs for the PdoSessionHandler
[HttpFoundation] Fix missing "throw" in JsonResponse
Improve the documentation of
Suppress warning from sapi_windows_vt100_support on stream other than STDIO
removed extra-verbose comments
Fixes#26136: Avoid emitting warning in hasParameterOption()
Added a README entry to the PR template
[HttpFoundation] Add x-zip-compressed to MimeTypeExtensionGuesser.
[DI] Add null check for removeChild
* 2.8:
Another PR template tweak
[PropertyInfo] ReflectionExtractor: give a chance to other extractors if no properties
Clean calls to http_build_query()
[WebProfilerBundle] limit ajax request to 100 and remove the last one
[HttpFoundation] Fix missing "throw" in JsonResponse
Improve the documentation of
Suppress warning from sapi_windows_vt100_support on stream other than STDIO
removed extra-verbose comments
Fixes#26136: Avoid emitting warning in hasParameterOption()
Added a README entry to the PR template
[HttpFoundation] Add x-zip-compressed to MimeTypeExtensionGuesser.
[DI] Add null check for removeChild
* 2.7:
Clean calls to http_build_query()
[HttpFoundation] Fix missing "throw" in JsonResponse
Improve the documentation of
Suppress warning from sapi_windows_vt100_support on stream other than STDIO
removed extra-verbose comments
Fixes#26136: Avoid emitting warning in hasParameterOption()
Added a README entry to the PR template
[HttpFoundation] Add x-zip-compressed to MimeTypeExtensionGuesser.
[DI] Add null check for removeChild
* 4.0:
[Serializer] optims and cleanup
do not mock the container builder in tests
[PhpUnitBridge] Added support for PHPUnit 7 in Coverage Listener
fix accessing request values
Avoid running the remove command without any packages
[Form] Add translations for Tagalog
* 3.4:
[Serializer] optims and cleanup
do not mock the container builder in tests
[PhpUnitBridge] Added support for PHPUnit 7 in Coverage Listener
fix accessing request values
Avoid running the remove command without any packages
[Form] Add translations for Tagalog
* 4.0:
[Routing] Throw 405 instead of 404 when redirect is not possible
[Process] fix test case
Add security.tl.xlf to legacy directory
[Security][Validator] Add translations for Tagalog
fixed typo
Typo fix in security component lithuanian translation.
[TwigBundle][WebProfilerBundle] Fix JS collision
[Process] Check PHP_BINDIR before $PATH in PhpExecutableFinder
* 3.4:
[Routing] Throw 405 instead of 404 when redirect is not possible
[Process] fix test case
Add security.tl.xlf to legacy directory
[Security][Validator] Add translations for Tagalog
fixed typo
Typo fix in security component lithuanian translation.
[TwigBundle][WebProfilerBundle] Fix JS collision
[Process] Check PHP_BINDIR before $PATH in PhpExecutableFinder
* 2.8:
[Routing] Throw 405 instead of 404 when redirect is not possible
[Process] fix test case
Add security.tl.xlf to legacy directory
[Security][Validator] Add translations for Tagalog
fixed typo
Typo fix in security component lithuanian translation.
[Process] Check PHP_BINDIR before $PATH in PhpExecutableFinder
* 2.7:
[Routing] Throw 405 instead of 404 when redirect is not possible
[Process] fix test case
Add security.tl.xlf to legacy directory
[Security][Validator] Add translations for Tagalog
fixed typo
Typo fix in security component lithuanian translation.
[Process] Check PHP_BINDIR before $PATH in PhpExecutableFinder
* 4.0:
fix merge
Env var maps to undefined constant.
[SecurityBundle] Backport test
[Security] fix merge of 2.7 into 2.8 + add test case
backport regression test from 3.4
do not mock the container builder or definitions
fixed CS
[TwigBundle] Register TwigBridge extensions first
[WebProfilerBundle] Fix sub request link
PhpDocExtractor::getTypes() throws fatal error when type omitted
Fix misspelling variable
use libsodium to run Argon2i related tests
[DI] minor: use a strict comparision in setDecoratedService
[HttpKernel] fix FC
Follow-on to #25825: Fix edge case in getParameterOption.
keep the context when validating forms
* 3.4:
Env var maps to undefined constant.
[SecurityBundle] Backport test
[Security] fix merge of 2.7 into 2.8 + add test case
backport regression test from 3.4
do not mock the container builder or definitions
fixed CS
[TwigBundle] Register TwigBridge extensions first
[WebProfilerBundle] Fix sub request link
PhpDocExtractor::getTypes() throws fatal error when type omitted
Fix misspelling variable
use libsodium to run Argon2i related tests
[DI] minor: use a strict comparision in setDecoratedService
[HttpKernel] fix FC
Follow-on to #25825: Fix edge case in getParameterOption.
keep the context when validating forms
* 2.8:
[SecurityBundle] Backport test
[Security] fix merge of 2.7 into 2.8 + add test case
backport regression test from 3.4
Fix misspelling variable
[DI] minor: use a strict comparision in setDecoratedService
Follow-on to #25825: Fix edge case in getParameterOption.
keep the context when validating forms
* 2.7:
[SecurityBundle] Backport test
Fix misspelling variable
[DI] minor: use a strict comparision in setDecoratedService
Follow-on to #25825: Fix edge case in getParameterOption.
keep the context when validating forms
This PR was merged into the 4.1-dev branch.
Discussion
----------
[Security] The AuthenticationException should implements Security's ExceptionInterface
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #25770
| License | MIT
| Doc PR | ø
Dunno why this is the case right now but this probably should not. Was reported by @paq85.
Commits
-------
0ee4cf1019 The Security Component's exceptions should implements Security's ExceptionInterface
* 4.0:
[HttpFoundation] Use the correct syntax for session gc based on Pdo driver
Removed assertDateTimeEquals() methods.
Revert "bug #24987 [Console] Fix global console flag when used in chain (Simperfit)"
Revert "bug #25487 [Console] Fix a bug when passing a letter that could be an alias (Simperfit)"
Disable CSP header on exception pages only in debug
Fixed submitting disabled buttons
Fixed Button::setParent() when already submitted
Improve assertions
Restore RoleInterface import
[Console] Provide a bugfix where an array could be passed
Improve assertions
SCA: get rid of repetitive calls
allow null values for root nodes in YAML configs
revert useless tests fixtures changes
[VarDumper] Fix docblock
Improve phpdoc to make it more explicit
[DI] Fix initialization of legacy containers by delaying include_once
* 3.4:
[HttpFoundation] Use the correct syntax for session gc based on Pdo driver
Removed assertDateTimeEquals() methods.
Revert "bug #24987 [Console] Fix global console flag when used in chain (Simperfit)"
Revert "bug #25487 [Console] Fix a bug when passing a letter that could be an alias (Simperfit)"
Disable CSP header on exception pages only in debug
Fixed submitting disabled buttons
Fixed Button::setParent() when already submitted
Improve assertions
Restore RoleInterface import
[Console] Provide a bugfix where an array could be passed
Improve assertions
SCA: get rid of repetitive calls
allow null values for root nodes in YAML configs
revert useless tests fixtures changes
[VarDumper] Fix docblock
Improve phpdoc to make it more explicit
[DI] Fix initialization of legacy containers by delaying include_once
* 3.3:
[HttpFoundation] Use the correct syntax for session gc based on Pdo driver
Removed assertDateTimeEquals() methods.
Revert "bug #24987 [Console] Fix global console flag when used in chain (Simperfit)"
Revert "bug #25487 [Console] Fix a bug when passing a letter that could be an alias (Simperfit)"
Disable CSP header on exception pages only in debug
Fixed submitting disabled buttons
Fixed Button::setParent() when already submitted
Improve assertions
Restore RoleInterface import
Improve assertions
SCA: get rid of repetitive calls
allow null values for root nodes in YAML configs
revert useless tests fixtures changes
[VarDumper] Fix docblock
Improve phpdoc to make it more explicit
This PR was merged into the 3.3 branch.
Discussion
----------
Restore RoleInterface import
| Q | A
| ------------- | ---
| Branch? | 3.3
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no <!-- don't forget to update UPGRADE-*.md files -->
| Tests pass? | yes
| License | MIT
The import is use on PHPDoc but was accidentally removed. Maybe because PHPStorm does not match with the import when you use parenthesis.
Not really a bug as it is concerning only PHPDoc, but it make some analysis tools like PHPStan yelling:
```
------ -----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Line src/AppBundle/Security/Authentication/ApiKeyAuthenticator.php
------ -----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
64 Parameter #4 $roles of class Symfony\Component\Security\Core\Authentication\Token\PreAuthenticatedToken constructor expects array<string|Symfony\Component\Security\Core\Authentication\Token\RoleInterface>, array<string|Symfony\Component\Security\Core\Role\Role>
given.
------ -----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
------ -----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Line tests/AppBundle/Controller/WebTestCase.php
------ -----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
59 Parameter #4 $roles of class Symfony\Component\Security\Core\Authentication\Token\PreAuthenticatedToken constructor expects array<string|Symfony\Component\Security\Core\Authentication\Token\RoleInterface>, array<string|Symfony\Component\Security\Core\Role\Role>
given.
------ -----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
```
Commits
-------
8ecfeb1e31 Restore RoleInterface import
* 4.0:
[HttpKernel] DebugHandlersListener should always replace the existing exception handler
fix the Composer API being used
[Security] Notify that symfony/expression-language is not installed if ExpressionLanguage and ExpressionLanguagePrivider are used
[Debug] Always decorate existing exception handlers to deal with fatal errors
Enableable ArrayNodeDefinition is disabled for empty configuration
Fixing a bug where the dump() function depended on bundle ordering
[Cache] Fix handling of apcu_fetch() edgy behavior
Add nn (Norwegian Nynorsk) translation files, and improve existing file
Problem in phar see mergerequest #25579
[Form] Disallow transform dates beyond the year 9999
Avoid button label translation when it's set to false
Copied NO language files to the new NB locale.
[Serializer] DateTimeNormalizer handling of null and empty values (returning null or empty instead of new object)
Fix options resolver with array allowed types
[Console] Improve phpdoc on StyleInterface::ask()
[TwigBridge][WIP] Pass the form-check-inline in parent
* 3.4:
[HttpKernel] DebugHandlersListener should always replace the existing exception handler
fix the Composer API being used
[Security] Notify that symfony/expression-language is not installed if ExpressionLanguage and ExpressionLanguagePrivider are used
[Debug] Always decorate existing exception handlers to deal with fatal errors
Enableable ArrayNodeDefinition is disabled for empty configuration
Fixing a bug where the dump() function depended on bundle ordering
[Cache] Fix handling of apcu_fetch() edgy behavior
Add nn (Norwegian Nynorsk) translation files, and improve existing file
Problem in phar see mergerequest #25579
[Form] Disallow transform dates beyond the year 9999
Avoid button label translation when it's set to false
Copied NO language files to the new NB locale.
[Serializer] DateTimeNormalizer handling of null and empty values (returning null or empty instead of new object)
Fix options resolver with array allowed types
[Console] Improve phpdoc on StyleInterface::ask()
[TwigBridge][WIP] Pass the form-check-inline in parent
* 3.3:
[HttpKernel] DebugHandlersListener should always replace the existing exception handler
fix the Composer API being used
[Debug] Always decorate existing exception handlers to deal with fatal errors
Enableable ArrayNodeDefinition is disabled for empty configuration
Fixing a bug where the dump() function depended on bundle ordering
[Cache] Fix handling of apcu_fetch() edgy behavior
Add nn (Norwegian Nynorsk) translation files, and improve existing file
Problem in phar see mergerequest #25579
[Form] Disallow transform dates beyond the year 9999
Copied NO language files to the new NB locale.
[Serializer] DateTimeNormalizer handling of null and empty values (returning null or empty instead of new object)
[Console] Improve phpdoc on StyleInterface::ask()
* 2.8:
fix the Composer API being used
[Debug] Always decorate existing exception handlers to deal with fatal errors
Enableable ArrayNodeDefinition is disabled for empty configuration
Fixing a bug where the dump() function depended on bundle ordering
Add nn (Norwegian Nynorsk) translation files, and improve existing file
Problem in phar see mergerequest #25579
[Form] Disallow transform dates beyond the year 9999
Copied NO language files to the new NB locale.
[Console] Improve phpdoc on StyleInterface::ask()
* 2.7:
fix the Composer API being used
[Debug] Always decorate existing exception handlers to deal with fatal errors
Enableable ArrayNodeDefinition is disabled for empty configuration
Fixing a bug where the dump() function depended on bundle ordering
Add nn (Norwegian Nynorsk) translation files, and improve existing file
Problem in phar see mergerequest #25579
[Form] Disallow transform dates beyond the year 9999
Copied NO language files to the new NB locale.
[Console] Improve phpdoc on StyleInterface::ask()
This PR was squashed before being merged into the 4.1-dev branch (closes#25092).
Discussion
----------
[Security] #25091 add target user to SwitchUserListener
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #25091
| License | MIT
| Doc PR |
This patch provides the target user to the SwitchUserListener's
accessDecisionManager->decide() call as the $object parameter to
give any registered voters extra information.
Commits
-------
5cb6f2a [Security] #25091 add target user to SwitchUserListener
This PR was merged into the 3.4 branch.
Discussion
----------
[Security] Notify that symfony/expression-language is not installed if ExpressionLanguage is used
| Q | A
| ------------- | ---
| Branch? | master for features / 3.4
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #25742
| License | MIT
| Doc PR | not requested
Commits
-------
6aa2b7cce0 [Security] Notify that symfony/expression-language is not installed if ExpressionLanguage and ExpressionLanguagePrivider are used
This PR was merged into the 2.7 branch.
Discussion
----------
Copied NO language files to the new NB locale
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #25792
| License | MIT
| Doc PR | N/A
This PR copies all `NO` language files to a new locale `NB`. It also adds unit tests to ensure that `NB` and `NO` will always contain the same translations. This way, we allow application developers to either use the generic `NO` language code or the more precise `NB` (e.g. if they need to distinguish between the `NB` and `NN` variants of the Norwegian language).
For further details, please have a look at the discussion in #25792.
Commits
-------
aee9b1ea3e Copied NO language files to the new NB locale.
* 4.0:
[appveyor] set memory_limit=-1
[Console] Keep the modified exception handler
[Console] Fix restoring exception handler
[Router] Skip anonymous classes when loading annotated routes
allow dashes in cwd pathname when running the tests
Fixed Request::__toString ignoring cookies
Make sure we only build once and have one time the prefix when importing routes
[Security] Fix fatal error on non string username
[FrameworkBundle] Automatically enable the CSRF if component *+ session* are loaded
* 3.4:
[appveyor] set memory_limit=-1
[Console] Keep the modified exception handler
[Console] Fix restoring exception handler
[Router] Skip anonymous classes when loading annotated routes
allow dashes in cwd pathname when running the tests
Fixed Request::__toString ignoring cookies
Make sure we only build once and have one time the prefix when importing routes
[Security] Fix fatal error on non string username
[FrameworkBundle] Automatically enable the CSRF if component *+ session* are loaded
* 3.3:
[appveyor] set memory_limit=-1
[Router] Skip anonymous classes when loading annotated routes
Fixed Request::__toString ignoring cookies
Make sure we only build once and have one time the prefix when importing routes
[Security] Fix fatal error on non string username
* 2.8:
[appveyor] set memory_limit=-1
[Router] Skip anonymous classes when loading annotated routes
Fixed Request::__toString ignoring cookies
[Security] Fix fatal error on non string username
* 2.7:
[appveyor] set memory_limit=-1
[Router] Skip anonymous classes when loading annotated routes
Fixed Request::__toString ignoring cookies
[Security] Fix fatal error on non string username
This PR was merged into the 2.7 branch.
Discussion
----------
[appveyor] set memory_limit=-1
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
Commits
-------
10e33ac [appveyor] set memory_limit=-1
This PR was merged into the 2.7 branch.
Discussion
----------
[Security] Fix fatal error on non string username
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | https://github.com/symfony/symfony/issues/25612
| License | MIT
| Doc PR | n/a
That's consistent with what #22569 did for the `json_login` listener.
Commits
-------
8f095683d0 [Security] Fix fatal error on non string username
* 4.0: (30 commits)
[FrameworkBundle] fix tests
[Serializer] Fixed throwing exception with option JSON_PARTIAL_OUTPUT_ON_ERROR
[HttpKernel] Fix session handling: decouple "save" from setting response "private"
swap filter/function and package names
[HttpFoundation] Always call proxied handler::destroy() in StrictSessionHandler
[HttpKernel] Fix compile error when a legacy container is fresh again
Add tests for the HttpKernel request collector and redirection via cookies
Uses cookies to track the requests redirection
Tweaked some styles in the profiler tables
Add type string to docblock for Process::setInput()
[Security] Fail gracefully if the security token cannot be unserialized from the session
[Form] AbstractLayoutTest - fix DOMDocument casing
Run simple-phpunit with --no-suggest option
[FrameworkBundle] Fix using "annotations.cached_reader" in after-removing passes
bumped Symfony version to 4.0.4
updated VERSION for 4.0.3
updated CHANGELOG for 4.0.3
bumped Symfony version to 3.4.4
updated VERSION for 3.4.3
updated CHANGELOG for 3.4.3
...
* 3.4: (26 commits)
[Serializer] Fixed throwing exception with option JSON_PARTIAL_OUTPUT_ON_ERROR
[HttpKernel] Fix session handling: decouple "save" from setting response "private"
swap filter/function and package names
[HttpFoundation] Always call proxied handler::destroy() in StrictSessionHandler
[HttpKernel] Fix compile error when a legacy container is fresh again
Add tests for the HttpKernel request collector and redirection via cookies
Uses cookies to track the requests redirection
Tweaked some styles in the profiler tables
Add type string to docblock for Process::setInput()
[Security] Fail gracefully if the security token cannot be unserialized from the session
[Form] AbstractLayoutTest - fix DOMDocument casing
Run simple-phpunit with --no-suggest option
[FrameworkBundle] Fix using "annotations.cached_reader" in after-removing passes
bumped Symfony version to 3.4.4
updated VERSION for 3.4.3
updated CHANGELOG for 3.4.3
bumped Symfony version to 3.3.16
updated VERSION for 3.3.15
updated CHANGELOG for 3.3.15
bumped Symfony version to 2.8.34
...
* 3.3:
[Serializer] Fixed throwing exception with option JSON_PARTIAL_OUTPUT_ON_ERROR
Tweaked some styles in the profiler tables
Add type string to docblock for Process::setInput()
[Security] Fail gracefully if the security token cannot be unserialized from the session
[Form] AbstractLayoutTest - fix DOMDocument casing
Run simple-phpunit with --no-suggest option
[FrameworkBundle] Fix using "annotations.cached_reader" in after-removing passes
bumped Symfony version to 3.3.16
updated VERSION for 3.3.15
updated CHANGELOG for 3.3.15
bumped Symfony version to 2.8.34
updated VERSION for 2.8.33
updated CHANGELOG for 2.8.33
bumped Symfony version to 2.7.41
updated VERSION for 2.7.40
update CONTRIBUTORS for 2.7.40
updated CHANGELOG for 2.7.40
* 2.8:
[Serializer] Fixed throwing exception with option JSON_PARTIAL_OUTPUT_ON_ERROR
Tweaked some styles in the profiler tables
[Security] Fail gracefully if the security token cannot be unserialized from the session
[Form] AbstractLayoutTest - fix DOMDocument casing
bumped Symfony version to 2.8.34
updated VERSION for 2.8.33
updated CHANGELOG for 2.8.33
bumped Symfony version to 2.7.41
updated VERSION for 2.7.40
update CONTRIBUTORS for 2.7.40
updated CHANGELOG for 2.7.40
* 2.7:
[Serializer] Fixed throwing exception with option JSON_PARTIAL_OUTPUT_ON_ERROR
[Security] Fail gracefully if the security token cannot be unserialized from the session
[Form] AbstractLayoutTest - fix DOMDocument casing
bumped Symfony version to 2.7.41
updated VERSION for 2.7.40
update CONTRIBUTORS for 2.7.40
updated CHANGELOG for 2.7.40
* 4.0:
PHP CS Fixer: clean up repo and adjust config
use interface_exists instead of class_exists
[DX] [DI] Improve exception for invalid setter injection arguments
Dumper shouldn't use html format for phpdbg
[Validator] Fix access to root object when using composite constraint
* 3.4:
PHP CS Fixer: clean up repo and adjust config
use interface_exists instead of class_exists
[DX] [DI] Improve exception for invalid setter injection arguments
Dumper shouldn't use html format for phpdbg
[Validator] Fix access to root object when using composite constraint
* 3.3:
PHP CS Fixer: clean up repo and adjust config
use interface_exists instead of class_exists
Dumper shouldn't use html format for phpdbg
[Validator] Fix access to root object when using composite constraint
* 2.8:
PHP CS Fixer: clean up repo and adjust config
Dumper shouldn't use html format for phpdbg
[Validator] Fix access to root object when using composite constraint
* 2.7:
PHP CS Fixer: clean up repo and adjust config
Dumper shouldn't use html format for phpdbg
[Validator] Fix access to root object when using composite constraint
* 4.0: (23 commits)
Clean up
Update return type in docblock.
PHP CS Fixer: no need to exclude xml and yml files
PHP CS Fixer: no need to exclude json file
[#22749] fix version in changelog
Update LICENSE year... forever
fixed some deprecation messages
fixed CS
Fixes for Oracle in PdoSessionHandler
fixed some deprecation messages
fixed some deprecation messages
fixed some deprecation messages
fixed some deprecation messages
Remove dead code
[TwigBundle/Brige] catch missing requirements to throw meaningful exceptions
[DI] fix CS
[HttpKernel] Call Response->setPrivate() instead of sending raw header() when session is started
[FrameworkBundle] Make cache:clear "atomic" and consistent with cache:warmup
Suggest to write an implementation if the interface cannot be autowired
[Debug] Skip DebugClassLoader checks for already parsed files
...
* 3.4:
Clean up
Update return type in docblock.
PHP CS Fixer: no need to exclude xml and yml files
PHP CS Fixer: no need to exclude json file
Update LICENSE year... forever
fixed some deprecation messages
fixed CS
Fixes for Oracle in PdoSessionHandler
fixed some deprecation messages
fixed some deprecation messages
fixed some deprecation messages
fixed some deprecation messages
[TwigBundle/Brige] catch missing requirements to throw meaningful exceptions
[HttpKernel] Call Response->setPrivate() instead of sending raw header() when session is started
[FrameworkBundle] Make cache:clear "atomic" and consistent with cache:warmup
Suggest to write an implementation if the interface cannot be autowired
[Debug] Skip DebugClassLoader checks for already parsed files
[2.7][DX] Use constant message contextualisation for deprecations
Remove group options without data and fix normalization
Remove redundant translation path
* 3.3:
Clean up
Update return type in docblock.
PHP CS Fixer: no need to exclude xml and yml files
PHP CS Fixer: no need to exclude json file
Update LICENSE year... forever
* 3.3:
fixed some deprecation messages
fixed some deprecation messages
fixed some deprecation messages
fixed some deprecation messages
[2.7][DX] Use constant message contextualisation for deprecations
* 4.0:
fixed wrong merge
Tweak message to be Flex friendly
[Routing] fixed tests
Fixing wrong class_exists on interface
Preserve percent-encoding in URLs when performing redirects in the UrlMatcher
removed FIXME
[Console] Fix a bug when passing a letter that could be an alias
add missing validation options to XSD file
Take advantage of AnnotationRegistry::registerUniqueLoader
[DI] Optimize Container::get() for perf
fix merge
Fix tests
Refactoring tests.
* 3.4:
fixed wrong merge
Tweak message to be Flex friendly
[Routing] fixed tests
Fixing wrong class_exists on interface
Preserve percent-encoding in URLs when performing redirects in the UrlMatcher
[Console] Fix a bug when passing a letter that could be an alias
add missing validation options to XSD file
Take advantage of AnnotationRegistry::registerUniqueLoader
[DI] Optimize Container::get() for perf
fix merge
Fix tests
Refactoring tests.
* 4.0:
SCA with Php Inspections (EA Extended)
Add test case for #25264
Fixed the null value exception case.
Remove rc/beta suffix from composer.json files
Ensure services & aliases can be referred to with `__toString`able objects
Throw an exception is expression language is not installed
[DI] Cast ids to string, as done on 3.4
Fail as early and noisily as possible
[Console][DI] Fail gracefully
[FrameworkBundle] Fix visibility of a test helper
[link] clear the cache after linking
[DI] Trigger deprecation when setting a to-be-private synthetic service
[Intl] Correct Typehint
[link] Prevent warnings when running link with 2.7
[Validator] ExpressionValidator should use OBJECT_TO_STRING to allow value in message
do not eagerly filter comment lines
[WebProfilerBundle], [TwigBundle] Fix Profiler breaking XHTML pages (Content-Type: application/xhtml+xml)
* 3.4:
SCA with Php Inspections (EA Extended)
Add test case for #25264
Fixed the null value exception case.
Remove rc/beta suffix from composer.json files
Throw an exception is expression language is not installed
Fail as early and noisily as possible
[Console][DI] Fail gracefully
[FrameworkBundle] Fix visibility of a test helper
[link] clear the cache after linking
[DI] Trigger deprecation when setting a to-be-private synthetic service
[link] Prevent warnings when running link with 2.7
[Validator] ExpressionValidator should use OBJECT_TO_STRING to allow value in message
do not eagerly filter comment lines
[WebProfilerBundle], [TwigBundle] Fix Profiler breaking XHTML pages (Content-Type: application/xhtml+xml)
This PR was merged into the 4.0-dev branch.
Discussion
----------
[SecurityBundle][Security][Translation] trigger some deprecations for legacy methods
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | yes
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
Commits
-------
e3396ea trigger some deprecations for legacy methods
* 4.0:
[Form] Fixed ContextErrorException in FileType
[DI] Fix handling of inlined definitions by ContainerBuilder
[Security] remove unused variable
[DI] Fix infinite loop when analyzing references
[Lock][Process][FrameworkBundle] fix tests
Display a nice error message if the form/serializer component is missing.
[SecurityBundle] providerIds is undefined error when firewall provider is not specified
[SecurityBundle] providerIds is undefined error when firewall provider is not specified
[SecurityBundle] providerIds is undefined error when firewall provider is not specified
Force phpunit-bridge update (bis)
[Bridge/PhpUnit] Fix disabling global state preservation
Incorrect dot on method loadChoices in upgrade doc
* 3.4:
fixed CS
fixed CS
[Security] Namespace generated CSRF tokens depending of the current scheme
ensure that submitted data are uploaded files
[Console] remove dead code
bumped Symfony version to 3.3.13
updated VERSION for 3.3.12
updated CHANGELOG for 3.3.12
bumped Symfony version to 2.8.31
updated VERSION for 2.8.30
updated CHANGELOG for 2.8.30
bumped Symfony version to 2.7.38
updated VERSION for 2.7.37
updated CHANGELOG for 2.7.37
[Security] Validate redirect targets using the session cookie domain
prevent bundle readers from breaking out of paths
* 3.3:
fixed CS
fixed CS
[Security] Namespace generated CSRF tokens depending of the current scheme
ensure that submitted data are uploaded files
[Console] remove dead code
bumped Symfony version to 3.3.13
updated VERSION for 3.3.12
updated CHANGELOG for 3.3.12
bumped Symfony version to 2.8.31
updated VERSION for 2.8.30
updated CHANGELOG for 2.8.30
bumped Symfony version to 2.7.38
updated VERSION for 2.7.37
updated CHANGELOG for 2.7.37
[Security] Validate redirect targets using the session cookie domain
prevent bundle readers from breaking out of paths
* 2.8:
fixed CS
fixed CS
[Security] Namespace generated CSRF tokens depending of the current scheme
ensure that submitted data are uploaded files
[Console] remove dead code
bumped Symfony version to 2.8.31
updated VERSION for 2.8.30
updated CHANGELOG for 2.8.30
bumped Symfony version to 2.7.38
updated VERSION for 2.7.37
updated CHANGELOG for 2.7.37
[Security] Validate redirect targets using the session cookie domain
prevent bundle readers from breaking out of paths
* 2.7:
fixed CS
fixed CS
[Security] Namespace generated CSRF tokens depending of the current scheme
ensure that submitted data are uploaded files
[Console] remove dead code
bumped Symfony version to 2.7.38
updated VERSION for 2.7.37
updated CHANGELOG for 2.7.37
[Security] Validate redirect targets using the session cookie domain
prevent bundle readers from breaking out of paths
This PR was merged into the 2.7 branch.
Discussion
----------
Validate redirect targets using the session cookie domain
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
<!--
- Bug fixes must be submitted against the lowest branch where they apply
(lowest branches are regularly merged to upper ones so they get the fixes too).
- Features and deprecations must be submitted against the master branch.
- Please fill in this template according to the PR you're about to submit.
- Replace this comment by a description of what your PR is solving.
-->
Commits
-------
52b06f1c21 [Security] Validate redirect targets using the session cookie domain
