This PR was merged into the 2.3 branch.
Discussion
----------
[2.3] [Security] Fixed The AuthenticationProviderInterface Alignment
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | N/A
| License | MIT
| Doc PR | N/A
##### This pull request fixes the AuthenticationProviderInterface alignment.
Everything was indented by one too many spaces.
Commits
-------
1270327 Fixed the AuthenticationProviderInterface alignment
This PR was squashed before being merged into the 2.3 branch (closes#12761).
Discussion
----------
[Filesystem] symlink use RealPath instead LinkTarget
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| License | MIT
Commits
-------
a8b8d33 [Filesystem] symlink use RealPath instead LinkTarget
This PR was merged into the 2.3 branch.
Discussion
----------
[2.3] Fixed the proxy-manager version constraint
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | N/A
| License | MIT
| Doc PR | N/A
##### This pull request fixes the `ocramius/proxy-manager` version constraint in the 2.3 branch.
`"~0.3.1"` is far cleaner than `">=0.3.1,<0.4-dev"`, and does the same thing.
Commits
-------
ed6c50f Fixed the proxy-manager version constraint
This PR was merged into the 2.3 branch.
Discussion
----------
[2.3] Remove possible call_user_func()
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
Merging this in 2.3 enhances performance a bit, but more importantly will ease future merges into 3.0.
Commits
-------
fad7aba [2.3] Remove possible call_user_func()
This PR was merged into the 2.3 branch.
Discussion
----------
[DependencyInjection] Perf php dumper
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
This PR came up after this comment to reduce the number of calls to dirname():
https://github.com/symfony/symfony/pull/12784#issuecomment-65619179
Commits
-------
375f83e Revert "[DependencyInjection] backport perf optim"
fcd8ff9 [DependencyInjection] perf optim: call dirname() at most 5x
c11535b [DependencyInjection] backport perf optim
This PR was merged into the 2.3 branch.
Discussion
----------
[ClassLoader] Fix undefined index in ClassCollectionLoader
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
Commits
-------
cfdb925 [ClassLoader] Fix undefined index in ClassCollectionLoader
This PR was merged into the 2.3 branch.
Discussion
----------
PSR-2 Fixes
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | N/A
| License | MIT
| Doc PR | N/A
##### This pull request brings symfony 2.3 back inline with PSR-2.
Commits
-------
eda746b PSR-2 fixes
This PR was merged into the 2.3 branch.
Discussion
----------
[DependencyInjection] make paths relative to __DIR__ in the generated container
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #6484, #3079, partially #9238, #10894, #10999
| License | MIT
| Doc PR | n/a
This is an alternative approach to #10999 for removing absolute paths from the generated container:
instead of trying to fix the container file after it has been dumped, telling to the PhpDumper where its output will be written allows it to replace parts of strings by an equivalent value based on `__DIR__`.
This should be safe, thus the PR is on 2.3.
Commits
-------
edd7057 [DependencyInjection] make paths relative to __DIR__ in the generated container
This PR was merged into the 2.3 branch.
Discussion
----------
Fixed the symfony/config version constraint
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | N/A
| License | MIT
| Doc PR | N/A
##### This pull request fixes the `symfony/config` version constraint in the proxy manager bridge.
Before this pull, composer was only allowing `v2.3.0` to be downloaded. This surely was not the intention. I've updated the version constraint from `"2.3"` to `"~2.3"` thus allowing all 2.x versions that are equal to or greater than `v2.3.0`.
Commits
-------
ec14f0f Fixed the symfony/config version constraint
This PR was merged into the 2.3 branch.
Discussion
----------
Docblock Fixes
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | N/A
| License | MIT
| Doc PR | N/A
##### This pull request fixes the docblock alignment as requested in #12760.
It was also necessary for me to ensure the `@return` annotations were correctly separated in order to accurately align the `@param` annotations.
Commits
-------
443307e Docblock fixes
This PR was merged into the 2.3 branch.
Discussion
----------
Tweaked the password-compat version constraint
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | N/A
| License | MIT
| Doc PR | N/A
##### This pull request tweaks the `"ircmaxell/password-compat` version constraint in the 2.3 branch.
I've updated the version constraint to `"~1.0"` match the way we require all "stable" releases. Note that this version constraint is technically different, but I consider it safe still.
Commits
-------
f703e56 Tweaked the password-compat version constraint
This PR was merged into the 2.3 branch.
Discussion
----------
[ClassLoader] define constant only if it wasn't defined before
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
Commits
-------
388229b define constant only if it wasn't defined before
This PR was merged into the 2.3 branch.
Discussion
----------
Rename Symfony2 to Symfony
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
Replaces #12563
Commits
-------
0a76b7e Rename Symfony2 to Symfony
This PR was merged into the 2.3 branch.
Discussion
----------
[Bundle][FrameworkBundle] be smarter when guessing the document root
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #12524
| License | MIT
| Doc PR |
Commits
-------
e28f5b8 be smarter when guessing the document root
This PR was merged into the 2.3 branch.
Discussion
----------
compare version using PHP_VERSION_ID
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
To let opcode caches optimize cached code, the `PHP_VERSION_ID`
constant is used to detect the current PHP version instead of calling
`version_compare()` with `PHP_VERSION`.
Commits
-------
367ed3c compare version using PHP_VERSION_ID
To let opcode caches optimize cached code, the `PHP_VERSION_ID`
constant is used to detect the current PHP version instead of calling
`version_compare()` with `PHP_VERSION`.
This PR was merged into the 2.3 branch.
Discussion
----------
[HttpFoundation] CSRF warning docs on Request::enableHttpMethodParameterOverride()
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #12043
| License | MIT
| Doc PR | /
Since I wanted to understand this issue I did some research and altered the comment block. Is this a clear enough explanation or does it need more?
Commits
-------
deb70ab CSRF warning docs on Request::enableHttpMethodParameterOverride()
This PR was merged into the 2.3 branch.
Discussion
----------
[Yaml] improve error message for multiple documents
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
The YAML parser doesn't support multiple documents. This pull requests
improves the error message when the parser detects multiple YAML
documents.
see also #11840
Commits
-------
c77fdcb improve error message for multiple documents
This PR was merged into the 2.3 branch.
Discussion
----------
Translation debug improve error reporting
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #12252
| License | MIT
| Doc PR |
Indicate which file was being parsed if an exception is thrown while running translation:debug
When running the translation:debug command, if a template contains invalid twig markup,
an exception is thrown. This patch rethrows a new exception that includes the filename
being parsed in the message to aid debugging.
Commits
-------
97a8f7e [TwigBundle] added a test
b1bffc0 Indicate which file was being parsed if an exception is thrown while running translation:debug
This PR was merged into the 2.3 branch.
Discussion
----------
[Form] fix form handling with OPTIONS request method
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #8282
| License | MIT
| Doc PR | -
The OPTIONS request is just handled as any other request method. And accoring to the spec, an options request can also contain a request body like a POST. This only applied when using the deprecated form processing with `$form->submit($request)`. The change also makes the handling consistent with the `handleRequest` behavior via https://github.com/symfony/symfony/blob/master/src/Symfony/Component/Form/Extension/HttpFoundation/HttpFoundationRequestHandler.php
Commits
-------
28eabd8 [Form] fix form handling with unconventional request methods like OPTIONS
When running the translation:debug command, if a template contains invalid twig markup,
an exception is thrown. This patch rethrows a new exception that includes the filename
being parsed in the message to aid debuging.
This PR was merged into the 2.3 branch.
Discussion
----------
[Validator] Fixed Regex::getHtmlPattern() to work with complex and negated patterns
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #5307
| License | MIT
| Doc PR | -
According to my own testing, this should fix the generation of HTML patterns when `Regex::$match` is set to false. Additionally, patterns containing pipes (or statements) are fixed. See the test cases for examples.
Commits
-------
bf006f5 [Validator] Fixed Regex::getHtmlPattern() to work with complex and negated patterns
This PR was merged into the 2.3 branch.
Discussion
----------
[Session] remove invalid hack in session regenerate
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
The original issue #7380 was just caused because the developer missed to save the session before doing the redirect. That's all. Such mistakes won't happen anymore with #12341
This reverts #8270 and following. Also it makes absolutely no sense to do this only for the `files` save handler which creates huge inconsistencies. All save handlers are affected and it's more a documentation thing.
Commits
-------
703d906 [Session] remove invalid workaround in session regenerate
This PR was merged into the 2.3 branch.
Discussion
----------
[Kernel] ensure session is saved before sending response
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #6417, #7885
| License | MIT
| Doc PR | n/a
Saves the session, in case it is still open, before sending the response.
This ensures several things in case the developer did not save the session explicitly:
- If a session save handler without locking is used, it ensures the data is available
on the next request, e.g. after a redirect. PHPs auto-save at script end via
session_register_shutdown is executed after fastcgi_finish_request. So in this case
the data could be missing the next request because it might not be saved the moment
the new request is processed.
- A locking save handler (e.g. the native 'files') circumvents concurrency problems like
the one above. By saving the session before long-running things in the terminate event,
we ensure the session is not blocked longer than needed.
- When regenerating the session ID no locking is involved in PHPs session design. See
https://bugs.php.net/bug.php?id=61470 for a discussion. So in this case, the session must
be saved anyway before sending the headers with the new session ID. Otherwise session
data could get lost again for concurrent requests with the new ID. One result could be
that you get logged out after just logging in.
This listener should be executed as one of the last listeners, so that previous listeners
can still operate on the open session. This prevents the overhead of restarting it.
Listeners after closing the session can still work with the session as usual because
Symfonys session implementation starts the session on demand. So writing to it after
it is saved will just restart it.
Commits
-------
b7bfef0 [Kernel] ensure session is saved before sending response
This PR was merged into the 2.3 branch.
Discussion
----------
[Config] fix filelocator with empty name
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
fix filelocator with empty name + phpdoc in config component
Commits
-------
63b8c07 [DependencyInjection] use inheritdoc for loaders
ddd2fe2 [Config] fix filelocator with empty name
The original issue #7380 was just caused because the developer missed to save the session before doing the redirect. That's all. This reverts #8270 and following.
This also makes the CompiledRoute implement Serializable in order to:
1. make the serialization format shorter
2. have no null bytes in there, which the native serializer add for private properties, and thus would complicate saving in databases etc.
3. We should add to our symfony BC promise, that only classes that implement Serializable are ensured to be deserializable correctly with serialized representations of the class in previous symfony versions.
This PR was squashed before being merged into the 2.3 branch (closes#12293).
Discussion
----------
Remove aligned '=>' and '='
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | [https://github.com/symfony/symfony/issues/12284]
| License | MIT
Could you said to me if i should make an other PR for 2.5 branch.
Commits
-------
51312d3 Remove aligned '=>' and '='
This PR was merged into the 2.3 branch.
Discussion
----------
[Security][listener] change priority of switchuser
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| License | MIT
Hi,
I have the following users:
- Manager: Allowed to access to (/admin) and has a role ROLE_ALLOWED_TO_SWITCH
- Partner: Allowed to access to (/partner)
When I attempt to switch to partner user I get "Access denied", well I think the switchuser listener must be registred before access listener.
Commits
-------
5f8047d [Security][listener] change priority of switchuser
This PR was merged into the 2.3 branch.
Discussion
----------
[Form] no need to add the url listener when it does not do anything
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
In line with #11696
Commits
-------
7aea1c9 [Form] no need to add the url listener when it does not do anything
In #12253, improved feedback was added to the `server:run` command
instructing the user how to terminate the built-in web server. This
is hereby backported to the `2.3` branch.
This PR was merged into the 2.3 branch.
Discussion
----------
[TwigBundle] do not pass a template reference to twig
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
twig does not know about template references and only expects a string.
this commit also fixes that name parsing and locating was called twice for nonexistent templates.
Commits
-------
7fe33e3 [TwigBundle] do not pass a template reference to twig
twig does not know about template references and only expects a string.
this commit also fixes that name parsing and locating was called twice for nonexistent templates
This PR was merged into the 2.3 branch.
Discussion
----------
use meta charset in layouts without legacy http-equiv
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
`<meta charset="UTF-8" />` is now the recommended approach
Commits
-------
96e7b01 use meta charset in layouts without legacy http-equiv
`array_map()` raises a warning when an exception is thrown inside the
callback (see https://bugs.php.net/bug.php?id=55416). To avoid these
warnings, `selectorToXPath()` is applied inside the loop.
[HttpFoundation] fixed the docs so that it gives some explanation about how you are vulnerable to CSRF when you enable the httpMethodeParameterOverride
A small fix in the "parse" function of the "ControllerNameParser" Controller.
We should use "!==" instead of "!=" since it's better and faster in this case.
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | NA
| License | MIT
| Doc PR | NA
This PR was merged into the 2.3 branch.
Discussion
----------
fix components tests
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
Since #12006, the `ContainerBuilder` contains the `addExpressionLanguageProvider()` method which references a class from the ExpressionLanguage component. By default, the PHPUnit mock API tries to mock all methods of the class being doubled. Since the ExpressionLanguage component is not required to run the tests, creating the mock objects fails when the mock API fails to mock the `addExpressionLanguageProvider()` method.
Commits
-------
2f2a732 fix components tests
Since #12006, the `ContainerBuilder` contains the
`addExpressionLanguageProvider()` method which references a class from
the ExpressionLanguage component. By default, the PHPUnit mock API
tries to mock all methods of the class being doubled. Since the
ExpressionLanguage component is not required to run the tests,
creating the mock objects fails when the mock API fails to mock
the `addExpressionLanguageProvider()` method.
This PR was merged into the 2.3 branch.
Discussion
----------
[Intl] Integrated ICU data into Intl component #1
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #11447, #10807
| License | MIT
| Doc PR | -
This PR is an alternative implementation to #11884. It depends on ~~#11906~~ and ~~#11907~~ being merged first (~~these are included in the diff until after a merge+rebase~~ merged+rebased now).
With this PR, the ICU component becomes obsolete. The ICU data is bundled with Intl in two different formats: JSON and the binary ICU resource bundle format (version 2) readable by PHP's `\ResourceBundle` class. For a performance comparison between the two, see my [benchmark](/webmozart/json-res-benchmark).
~~The data is contained in two zip files: json.zip (2.6MB) and rb-v2.zip (3.8MB). The handler~~
```php
\Symfony\Component\Intl\Composer\ScriptHandler::decompressData()
```
~~needs to be added as Composer hook and decompresses the data after install/update.~~
The data is included as text/binary now. Git takes care of the compression.
Before this PR can be merged, I would like to find out what the performance difference between the two formats is in real applications. For that, I need benchmarks from some real-life applications which use ICU data - e.g. in forms (language drop-downs, country selectors etc.) - for both the JSON and the binary data. You can force either format to be used by hard-coding the return value of `Intl::detectDataFormat()` to `Intl::JSON` and `Intl::RB_V2` respectively. I'll also try to create some more realistic benchmarks.
If JSON is not significantly slower/takes up significantly more memory than the binary format, we can drop the binary format altogether.
Commits
-------
be819c1 [Intl] Integrated ICU data into Intl component
[Doctrine][DependencyInjection] The test checks that a few items are ordered according to the value of their 'priority' attribute. However, a few of the items have the same value of this attribute. RegisterEventListenersAndSubscribersPass doesn't use a stable sorting, yet the test asserts that items that are 'equal' shall go in the original order. Modified so that the order of the original items is not checked.
This PR was merged into the 2.3 branch.
Discussion
----------
[Validator] Simplified testing of violations
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
I simplified the assertion of violations in preparation of a replacement PR for #7276.
Commits
-------
8e5537b [Validator] Simplified testing of violations
