This PR was merged into the 3.4 branch.
Discussion
----------
[HttpKernel] Uses cookies to track the requests redirection
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #25698
| License | MIT
| Doc PR | ø
In order to track the redirections across requests, we need to have some state. So far, we've been using the session but some users have complained about it (#24774, #24730). The idea is that we don't actually need the session, we can use cookies.
It's a tradeoff: using a cookie would mean that both the redirection and the target page will not be cachable (because of the Set-Cookie to set the sf_redirect and the one to clear it).
As it's only on dev, it seems fair to say that having no cache (because of `Set-Cookie`s) is a better side effect than starting the session.
Commits
-------
83f257943f Uses cookies to track the requests redirection
This PR was merged into the 3.3 branch.
Discussion
----------
[FrameworkBundle] Fix using "annotations.cached_reader" in after-removing passes
| Q | A
| ------------- | ---
| Branch? | 3.3
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #25695
| License | MIT
| Doc PR | -
When `annotation_reader` is instantiated in an after-removing pass, it gets the real cache provider, instead of the dummy one that should be provided during compilation of the container.
This situation is found in e.g. `JMS\AopBundle\DependencyInjection\Compiler\PointcutMatchingPass`.
A workaround before next release could be to "get" the `annotation_reader` service somewhere before (like in a regular compiler pass of your own.)
Commits
-------
f66f9a7b37 [FrameworkBundle] Fix using "annotations.cached_reader" in after-removing passes
This PR was squashed before being merged into the 4.1-dev branch (closes#25710).
Discussion
----------
[FrameworkBundle] add cache.app.simple psr simple cache
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #25708
| License | MIT
| Doc PR | TODO?
This adds a PSR SimpleCache version of the `cache.app` service.
Should I also update the documentation somewhere? 😊
Commits
-------
1b6ec8b0ae [FrameworkBundle] add cache.app.simple psr simple cache
This PR was merged into the 2.7 branch.
Discussion
----------
[Security] Fail gracefully if the security token cannot be unserialized from the session
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
If the security token in the session can't be unserialized, an `E_NOTICE` is issued. This prevents it (and provides a better log message if it's not even a `__PHP_Incomplete_Class`).
This is similar to #24731, but I saw it triggered when changing OAuth library (https://github.com/elifesciences/journal/pull/824), so the token class itself no longer exists. (I want to avoid having to manually invalidate all sessions, as not all sessions use that token class.)
Commits
-------
053fa43add [Security] Fail gracefully if the security token cannot be unserialized from the session
This PR was merged into the 4.1-dev branch.
Discussion
----------
[Validator] Add option to pass custom values to Expression validator
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
I needed this in a Form. I had no way to pass things from `$options` into Expression validator.
Maybe can aid in https://github.com/symfony/symfony/pull/23134
Commits
-------
ba0565e3e8 [Validator] Add option to pass custom values to Expression validator
This PR was submitted for the 3.4 branch but it was squashed and merged into the 3.3 branch instead (closes#25585).
Discussion
----------
Add type string to docblock for Process::setInput()
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | none
| License | MIT
| Doc PR | none
Add `string` as valid `$input` for `Process::setInput()`. Since `getInput()` will also return as string and the internal method `ProcessUtils::validateInput()` will accept a string, this should be a viable input type.
Commits
-------
e3de68f2 Add type string to docblock for Process::setInput()
This PR was merged into the 3.3 branch.
Discussion
----------
Run simple-phpunit with --no-suggest option
| Q | A
| ------------- | ---
| Branch? | 3.3
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes/no
| Fixed tickets | #... <!-- #-prefixed issue number(s), if any -->
| License | MIT
| Doc PR | symfony/symfony-docs#... <!--highly recommended for new features-->
This should reduce the output on CI a bit :) (see https://travis-ci.org/msgphp/msgphp/jobs/325750064#L865)
Not really tested.. so i hope someone can confirm. AFAIK it happens from here.
Commits
-------
7c9a6c3864 Run simple-phpunit with --no-suggest option
This PR was squashed before being merged into the 3.4 branch (closes#25685).
Discussion
----------
Use triggering file to determine weak vendors if when the test is run in a separate process
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no <!-- don't forget to update src/**/CHANGELOG.md files -->
| BC breaks? | no
| Deprecations? | no <!-- don't forget to update UPGRADE-*.md files -->
| Tests pass? | I think so
| Fixed tickets | #25684
| License | MIT
| Doc PR | symfony/symfony-docs#... <!--highly recommended for new features-->
<!--
- Bug fixes must be submitted against the lowest branch where they apply
(lowest branches are regularly merged to upper ones so they get the fixes too).
- Features and deprecations must be submitted against the master branch.
- Replace this comment by a description of what your PR is solving.
-->
Commits
-------
3830577 Use triggering file to determine weak vendors if when the test is run in a separate process
* 4.0:
[DI] fix param name cast
Remove randomness from dumped containers
fixed messages to be explicit about the package needed to be installed
[FrameworkBundle] Fix recommended composer command (add vendor)
[WebProfilerBundle] set the var in the right scope
[TwigBundle] fix lowest dep
[HttpKernel] Disable CSP header on exception pages
Use the default host even if context is empty and fallback to relative URL if empty host
Proposing Flex-specific error messages in the controller shortcuts