* 2.7:
[Security\Http] detect bad redirect targets using backslashes
[Form] Filter file uploads out of regular form types
Fix CI
minor #28258 [travis] fix composer.lock invalidation for deps=low (nicolas-grekas)
[travis] fix composer.lock invalidation for PRs patching several components
[travis] fix composer.lock invalidation for deps=low
minor #28199 [travis][appveyor] use symfony/flex to accelerate builds (nicolas-grekas)
[travis] ignore ordering when validating composer.lock files for deps=low
minor #28146 [travis] cache composer.lock files for deps=low (nicolas-grekas)
fix ci
[travis] fix requiring mongodb/mongodb before composer up
minor #28114 [travis] merge "same Symfony version" jobs in one (nicolas-grekas)
[2.7] Make CI green
updated VERSION for 2.7.49
updated CHANGELOG for 2.7.49
[HttpKernel] fix trusted headers management in HttpCache and InlineFragmentRenderer
[HttpFoundation] Remove support for legacy and risky HTTP headers
updated VERSION for 2.7.48
update CONTRIBUTORS for 2.7.48
updated CHANGELOG for 2.7.48
This PR was merged into the 2.7 branch.
Discussion
----------
[Form] Filter file uploads out of regular form types
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
This PR filters uploaded files out of the data processed by any form type except `FileType`.
Commits
-------
205a44ea7d [Form] Filter file uploads out of regular form types
This PR was merged into the 2.8 branch.
Discussion
----------
[Config] Use intersection type when referring to ParentNodeDefinitionInterface
| Q | A
| ------------- | ---
| Branch? | 2.8
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
Allows PHPStan to understand it correctly (refs https://github.com/libero/content-api-bundle/pull/2#discussion_r226237763).
PHPStorm 2018.3 will add support for it too, but to help older versions I've reversed the order (so `NodeDefinition` is recognised).
Commits
-------
e9cdabe570 Use intersection type when referring to ParentNodeDefinitionInterface
This PR was merged into the 2.8 branch.
Discussion
----------
[DoctrineBridge] catch errors while converting to db values in data collector
| Q | A
| ------------- | ---
| Branch? | 2.8
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| License | MIT
When the profiler is enabled and collecting doctrine queries data, if a query fails because of `ConversionException` or another error thrown while resolving parameters, the data collector is also throwing the same error.
This should fix this case. The tests for this case cannot be executed in 5.4 because Doctrine 2.5 fails with a fatal error in `DateType`.
Commits
-------
61c4531292 [DoctrineBridge] catch errors while converting to db values in data collector
This PR was merged into the 2.8 branch.
Discussion
----------
[Translation] Use XLIFF source rather than resname when there's no target
| Q | A
| ------------- | ---
| Branch? | 2.8
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
Relates to https://github.com/symfony/symfony/issues/20076#issuecomment-251552328. If there's no `<target>` in an XLIFF but there is a `@resname` then that's used rather than the `<source>`.
If I'm using translation keys and my source locale is `en`, then it's a bit redundant to duplicate the `<source>` in the `<target>` in the `en` file (since there is no translation).
This isn't changing the behaviour when `<target>` is present but empty.
(Caveat: I'm definitely not an expert on XLIFF.)
Commits
-------
8633ebbca0 Use XLIFF source rather than resname when there's no target
This PR was merged into the 2.8 branch.
Discussion
----------
[BrowserKit] fixed BC Break for HTTP_HOST header
| Q | A
| ------------- | ---
| Branch? | 2.7, 2.8, 3.x, 4.x
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes/no
| Fixed tickets | #22933
| License | MIT
| Doc PR | n/a
The situation well described in the original issue. I will add only:
- #10549 - makes server parameters to take precedence over URI.
- #16265 - partially revererts #10549. Makes server parameters do not affect URI. But this is only true for `Client::request()`. It is still possible to set host for URI by `Client::setServerParameters()` when URI is realative (see examples below).
I propose a compromise solution: add to HTTP_HOST header power to override URI when it is relative.
Proposed solution:
- if the request URI is relative, then use the HTTP_HOST header passed to Client::request() to generate an absolute URI
- if the request URI is absolute, then ignore the HTTP_HOST header (as it now works)
- do the same with HTTPS server parameter
Profit:
- fix BC Break
- the documentation will be correct
- http://symfony.com/doc/2.8/routing/hostname_pattern.html#testing-your-controllers
- https://symfony.com/doc/2.8/testing.html#testing-configuration
Before:
```
$client->setServerParameters(['HTTP_HOST' => 'example.com']);
$client->request('GET', '/');
$this->assertEquals('http://example.com/', $client->getRequest()->getUri());
$client->request('GET', '/', [], [], ['HTTP_HOST' => 'example.com']);
$this->assertEquals('http://localhost/', $client->getRequest()->getUri());
```
Fixed (see last line):
```
$client->setServerParameters(['HTTP_HOST' => 'example.com']);
$client->request('GET', '/');
$this->assertEquals('http://example.com/', $client->getRequest()->getUri());
$client->request('GET', '/', [], [], ['HTTP_HOST' => 'example.com']);
$this->assertEquals('http://example.com/', $client->getRequest()->getUri());
```
Commits
-------
8c4a59467f [BrowserKit] fixed BC Break for HTTP_HOST header; implemented same behaviour for HTTPS server parameter
This PR was merged into the 2.8 branch.
Discussion
----------
[DomCrawler] exclude fields inside "template" tags
| Q | A
| ------------- | ---
| Branch? | 2.8
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #27285
| License | MIT
| Doc PR |
Exclude fields values/files if fields are inside template tag. I think better to exclude values only instead of excluding fields at all (described in ticket #27285)
Commits
-------
19e3e154d7 [DomCrawler] exclude fields inside "template" tags
This PR was merged into the 2.8 branch.
Discussion
----------
[Request] [Documentation] clarify that isMethodCacheable() returns true only for GET & HEAD
| Q | A
| ------------- | ---
| Branch? | 2.8
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | na
| License | MIT
The current documentation points to https://tools.ietf.org/html/rfc7231#section-4.2.3.
The spec says: "this specification defines GET, HEAD, and POST as cacheable, although the overwhelming majority of cache implementations only support GET and HEAD.".
This fix to the documentation clarifies that Symfony follows majority (excluding POST) rather than the spec (including POST).
Commits
-------
9da998005b Doc fix: clarify isMethodCacheable() returns true only for GET & HEAD
This PR was merged into the 2.8 branch.
Discussion
----------
Changes for upcoming Travis' infra migration
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
Travis is deprecating the `sudo` keyword and moves everything to the same infrastructure (`sudo` really selects between two infrastructures).
See: https://blog.travis-ci.com/2018-11-19-required-linux-infrastructure-migration
Commits
-------
b3742694d9 Changes for upcoming Travis' infra migration
The current documentation points to https://tools.ietf.org/html/rfc7231#section-4.2.3.
The spec says: "this specification defines GET, HEAD, and POST as cacheable, although the overwhelming majority of cache implementations only support GET and HEAD.".
This fix to the documentation clarifies that Symfony follows majority (excluding POST) rather than the spec (including POST).
This PR was merged into the 2.8 branch.
Discussion
----------
[HttpFoundation] Fix trailing space for mime-type with parameters
| Q | A
| ------------- | ---
| Branch? | 2.8
| Bug fix? | yes
| New feature? | no <!-- don't forget to update src/**/CHANGELOG.md files -->
| BC breaks? | no <!-- see https://symfony.com/bc -->
| Deprecations? | no <!-- don't forget to update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| Tests pass? | yes <!-- please add some, will be required by reviewers -->
| Fixed tickets | #... <!-- #-prefixed issue number(s), if any -->
| License | MIT
| Doc PR | symfony/symfony-docs#... <!-- required for new features -->
<!--
Write a short README entry for your feature/bugfix here (replace this comment block.)
This will help people understand your PR and can be used as a start of the Doc PR.
Additionally:
- Bug fixes must be submitted against the lowest branch where they apply
(lowest branches are regularly merged to upper ones so they get the fixes too).
- Features and deprecations must be submitted against the master branch.
-->
This PR fixes a minor issue that we've discovered by exposing our API towards mobile applications which where sending the header as following `content-type: application/json ;charset=UTF-8`. Request is unable to determine the `getContentType -> getFormat` as **json** due to the whitespace at the end.
```php
$request = Request::createFromGlobals();
$request->headers->set('CONTENT_TYPE', 'application/json ;charset=UTF-8'); // Forcing header for test
if ($request->getContentType() !== 'json') {
// Return 415 (Unsupported Media Type) status code..
}
```
When checking https://tools.ietf.org/html/rfc7231#section-3.1.1.1 it seems that a space is part of the RFC spec. (Where OWS is abbreviated for Optional WhiteSpace)
```
media-type = type "/" subtype *( OWS ";" OWS parameter )
```
Current the following cases are supported:
* application/json; charset=UTF-8
* application/json;charset=UTF-8
The following are failing:
* application/json ; charset=UTF-8
* application/json ;charset=UTF-8
Commits
-------
f4866bc371 [HttpFoundation] Fix trailing space for mime-type with parameters
This PR was merged into the 2.8 branch.
Discussion
----------
[Component/EventDispatcher/Tests/AbstractEventDispatcherTest.php] Fix indentation error
| Q | A
| ------------- | ---
| Branch? | 2.8
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | no
| License | MIT
| Doc PR | no
Commits
-------
24264facaa Indentation error
This PR was merged into the 2.8 branch.
Discussion
----------
[Validator] Added the missing constraints instance checks
| Q | A
| ------------- | ---
| Branch? | 2.8
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
This PR adds the constraints instance checks missing to limit the validators use.
This behavior is already implemented in all built-in validators, but it was missed in two validators.
Commits
-------
0ecaead015 [Validator] Added the missing constraints instance checks
This PR was merged into the 2.8 branch.
Discussion
----------
[Form] Fixed empty data for compound date types
| Q | A
| ------------- | ---
| Branch? | 2.8
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #4715
| License | MIT
| Doc PR | ~
Commits
-------
9bab1e8aba [Form] Fixed empty data for compound date types
This PR was merged into the 2.8 branch.
Discussion
----------
Command::addOption should allow int in $default
| Q | A
| ------------- | ---
| Branch? | all
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | none
| License | MIT
| Doc PR |
<!--
Write a short README entry for your feature/bugfix here (replace this comment block.)
This will help people understand your PR and can be used as a start of the Doc PR.
Additionally:
- Bug fixes must be submitted against the lowest branch where they apply
(lowest branches are regularly merged to upper ones so they get the fixes too).
- Features and deprecations must be submitted against the master branch.
-->
In #28714 the documentation for `$default` on `Command::addOption` was changed to specify more specifically than `mixed`. However, there is an inconsistency as `InputOption::__construct` allows int in its `$default`, but not `Command::addOption`. This PR makes fixes that inconsistency.
Commits
-------
5f8bd89 Command::addOption should allow int in $default
This PR was merged into the 2.8 branch.
Discussion
----------
[Form] Minor fixes in docs and cs
| Q | A
| ------------- | ---
| Branch? | 2.8
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | ~
| License | MIT
| Doc PR | ~
Commits
-------
de40f5d07b [Form] Minor fixes in docs and cs
The constructor for InputOption allows int on the $default parameter, but not Command::addOption $default parameter
fixup: apply coding standards patch
This PR was merged into the 2.8 branch.
Discussion
----------
[PhpUnitBridge] Fix typo
| Q | A
| ------------- | ---
| Branch? | 2.8
| Bug fix? | yes
| New feature? | no
| BC breaks? | no <!-- see https://symfony.com/bc -->
| Deprecations? | no
| Tests pass? | yes <!-- please add some, will be required by reviewers -->
| Fixed tickets | #... <!-- #-prefixed issue number(s), if any -->
| License | MIT
| Doc PR | symfony/symfony-docs#... <!-- required for new features -->
<!--
Write a short README entry for your feature/bugfix here (replace this comment block.)
This will help people understand your PR and can be used as a start of the Doc PR.
Additionally:
- Bug fixes must be submitted against the lowest branch where they apply
(lowest branches are regularly merged to upper ones so they get the fixes too).
- Features and deprecations must be submitted against the master branch.
-->
Commits
-------
78e386e87f [PhpUnitBridge] Fix typo
This PR was merged into the 2.8 branch.
Discussion
----------
[Form] invalidate forms on transformation failures
| Q | A
| ------------- | ---
| Branch? | 2.8
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #20916, #21242, #28584
| License | MIT
| Doc PR |
Commits
-------
385d9df29c invalidate forms on transformation failures
This PR was squashed before being merged into the 2.8 branch (closes#29152).
Discussion
----------
[Config] Unset key during normalization
| Q | A
| ------------- | ---
| Branch? | 2.8
| Bug fix? | yes-ish
| New feature? | yes
| BC breaks? | no <!-- see https://symfony.com/bc -->
| Deprecations? | no
| Tests pass? | yes <!-- please add some, will be required by reviewers -->
| Fixed tickets | #29142
| License | MIT
| Doc PR | symfony/symfony-docs#... <!-- required for new features -->
2.8 vs. 4.x :) let me know.
Commits
-------
e1402d495e [Config] Unset key during normalization
This PR was merged into the 2.8 branch.
Discussion
----------
Add required key attribute
| Q | A
| ------------- | ---
| Branch? | 2.8
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
I am getting warnings when running tests with recent phpunit versions (since 7.2.0) :
> `- Element 'element': The attribute 'key' is required but missing.`
This requirement is far from being new, what is recent is phpunit
validating its configuration file against the XSD schema.
See d4484be1a9
This is pedantic (not a bugfix), and might be a bit painful to merge upstream, so if you feel like I should target a more recent instead and let the old branches go on with their lives, please tell me.
Commits
-------
c0733c22cb Add required key attribute
This PR was merged into the 2.8 branch.
Discussion
----------
Bump phpunit XSD version to 5.2
| Q | A
| ------------- | ---
| Branch? | 2.8
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
Some attributes being used in the phpunit configuration files, namely
`failOnRisky` and `failOnWarning` were introduced in phpunit 5.2.0. The
Composer configuration shows that tests should run with old versions of
phpunit, but phpunit only validates the configuration against the XSD
since phpunit 7.2.0
These changes can be tested as follows:
```
wget http://schema.phpunit.de/5.2/phpunit.xsd
xargs xmllint --schema phpunit.xsd 1>/dev/null
find src -name phpunit.xml.dist| xargs xmllint --schema phpunit.xsd 1>/dev/null
```
See 7e06a82806
See 46e3745a03/composer.json (L98)
Commits
-------
4dce4b7c30 Bump phpunit XSD version to 5.2
This PR was merged into the 2.8 branch.
Discussion
----------
[Form] Hardened test suite for empty data
| Q | A
| ------------- | ---
| Branch? | 2.8
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #
| License | MIT
| Doc PR | ~
Finally the continuation of #21877, giving some more love to 2.8 before it is not maintained anymore <3.
Commits
-------
b0dab6257b [Form] Hardened test suite for empty data
