This PR was merged into the 2.7 branch.
Discussion
----------
[Security] fix switch user _exit without having current token
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #22729
| License | MIT
| Doc PR | -
Attempting to `_exit` from a switched user caused an error when not having any token in the storage (for example happens when not logged in + disallowing anonymous users on that firewall):
`[1] Symfony\Component\Debug\Exception\FatalThrowableError: Type error: Argument 1 passed to Symfony\Component\Security\Http\Firewall\SwitchUserListener::getOriginalToken()
must be an instance of Symfony\Component\Security\Core\Authentication\Token\TokenInterface, null given, called in
symfony/symfony/src/Symfony/Component/Security/Http/Firewall/SwitchUserListener.php on line 164`
Commits
-------
16da6861be [Security] fix switch user _exit without having current token
This PR was merged into the 3.3 branch.
Discussion
----------
[Validator] replace hardcoded service id
| Q | A
| ------------- | ---
| Branch? | 3.3
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #23224
| License | MIT
| Doc PR |
Commits
-------
44ff4b1a49 [Validator] replace hardcoded service id
This PR was merged into the 2.7 branch.
Discussion
----------
[Routing] Fix XmlFileLoader exception message
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| License | MIT
When an `XmlFileLoader` encounters an unknown tag it throws an exception with message like `Unknown tag "foo" used in file "bar". Expected "default", "requirement" or "option".`. A proper message should be `Unknown tag "foo" used in file "bar". Expected "default", "requirement", "option" or "condition".`
Commits
-------
f6a94cb56f [Routing] Fix XmlFileLoader exception message
This PR was merged into the 2.7 branch.
Discussion
----------
[FrameworkBundle] Sessions: configurable "use_strict_mode" option for NativeSessionStorage
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| License | MIT
It is currently not possible to configure the `use_strict_mode` option for `NativeSessionStorage` in a proper manner.
The reason of this PR: https://github.com/symfony/symfony/pull/22352#issuecomment-302113533
It could be considered a new feature, but I wish it wouldn't, as I don't want to do any ugly hacking to get it working.
What else could be done?
* implement more options from `NativeSessionStorage` in the config?
* get rid of duplication somehow (maybe a static method in `NativeSessionStorage` that would return the option list and could be used in `FrameworkExtension`?)
* update `FrameworkExtensionTest`?
* update `ConfigurationTest`?
* update [the docs](https://symfony.com/doc/current/reference/configuration/framework.html#session)?
I'm willing to do those if decided.
Commits
-------
90e192e824 Sessions: configurable "use_strict_mode" option for NativeSessionStorage
This PR was squashed before being merged into the 2.7 branch (closes#23195).
Discussion
----------
[FrameworkBundle] [Command] Clean bundle directory, fixes#23177
| Q | A
| ------------- | ---
| Branch? | 2.7 <!-- see comment below -->
| Bug fix? | yes
| New feature? | no <!-- don't forget updating src/**/CHANGELOG.md files -->
| BC breaks? | no
| Deprecations? | no <!-- don't forget updating UPGRADE-*.md files -->
| Tests pass? | no
| Fixed tickets | #23177
| License | MIT
This PR fix#23177
when running an assets:install, it will remove directorys who do not have anymore a valid Bundle
Commits
-------
180f178f43 [FrameworkBundle] [Command] Clean bundle directory, fixes#23177
This PR was merged into the 3.3 branch.
Discussion
----------
Fixed composer resources between web/cli
| Q | A
| ------------- | ---
| Branch? | 3.3
| Bug fix? | yes
| New feature? | no (reverts one)
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #23212
| License | MIT
| Doc PR | ~
This is a possible fix for the flawed module check for the composer resource. As this is the easiest fix, I've created a PR ready to be merged.
Commits
-------
9e047122f1 Fixed composer resources between web/cli
This PR was squashed before being merged into the 3.3 branch (closes#23160).
Discussion
----------
[WebProfilerBundle] Fix the icon for the Cache panel
| Q | A
| ------------- | ---
| Branch? | 3.3
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #23159
| License | MIT
| Doc PR | -
Commits
-------
50c1d478ce [WebProfilerBundle] Fix the icon for the Cache panel
This PR was merged into the 2.7 branch.
Discussion
----------
[TwigBundle] Add Content-Type header for exception response
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
This PR comes after I was looking to customize the way exceptions are served for a JSON API (grabbed the info at http://symfony.com/doc/current/controller/error_pages.html#overriding-the-default-exceptioncontroller).
I noticed that even when changing the request format to 'json' so that the right json.twig template is served:
```php
// in my override of the ExceptionController
public function showAction(Request $request, FlattenException $exception, DebugLoggerInterface $logger = null)
{
$request->setRequestFormat('json');
return parent::showAction($request, $exception, $logger);
}
```
the response Content-Type header was still 'text/html'.
By now, the response Content-Type should be corresponding to the given request format.
I also feel there's some room for improvement with the general "displaying error for a JSON API" chapter as it feels strange that there's no configuration option to just say "serve me anything as json", but that's another issue.
Commits
-------
9e2b408f25 add content-type header on exception response
This PR was merged into the 3.3 branch.
Discussion
----------
[WebServerBundle] Fix router script option BC
| Q | A
| ------------- | ---
| Branch? | 3.3
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #23206
| License | MIT
| Doc PR | -
Server commands does not work with router script given by a relative path eg.:
```
bin/console server:run -r router.php
```
but, this was working before and was removed (by accident I guess) in https://github.com/symfony/symfony/pull/21039/files#diff-b915f83f99a4166eb34eab581a92501bL187
Commits
-------
aeab2fe1f7 [WebServerBundle] Fix router script path and check existence
This PR was merged into the 2.7 branch.
Discussion
----------
Reset redirectCount when throwing exception
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #23197
| License | MIT
When catching the exception throw when exceeding the redirect limit, all new request which results in a redirect fail. By resetting the redirectCount we can still use the same client instance.
Commits
-------
83fd578f96 Reset redirectCount when throwing exception
This PR was merged into the 3.3 branch.
Discussion
----------
[FrameworkBundle] Expose the AbstractController's container to its subclasses
| Q | A
| ------------- | ---
| Branch? | 3.3
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
This is useful if an application provides their own base Controller that
references items in the container. It also makes it simpler for that
base controller to add additional optional dependencies by only overriding
getSubscribedServices instead of having to reimplement setContainer and
use ControllerTrait.
Commits
-------
ee17131fca Expose the AbstractController's container to its subclasses
Useful if an application provides their own base Controller that
references items in the container. It also makes it simpler for that
base controller to add additional optional dependencies by only overriding
getSubscribedServices instead of having to reimplement setContainer and
use ControllerTrait.
This PR was merged into the 2.7 branch.
Discussion
----------
Keep s-maxage when expiry and validation are used in combination
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
(Symfony) docs say that [expiration wins over validation](https://symfony.com/doc/current/http_cache/validation.html). So,
a) when both the master and embedded response are public with an s-maxage, the result should be public as well and use the lower s-maxage of both, *also* in the case that the embedded response carries validation headers. (The cache may use those for revalidating the embedded response once it has become stale, but that does not impact expiration-based caching of the combined response.)
b) when both the master and embedded response are public with an s-maxage, the result should be public as well and use the lower s-maxage of both, *also* in the case that the master response carries validation headers. However, those *must not* be passed on to the client: They do not apply to the combined response, but may only be used by the cache itself to revalidate the (raw) master response.
Commits
-------
09bcbc70e7 Embedding a response that combines expiration and validation, that should not defeat expiration on the combined response
This PR was squashed before being merged into the 2.7 branch (closes#23129).
Discussion
----------
Fix two edge cases in ResponseCacheStrategy
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
While reviewing how `ResponseCacheStrategy` calculates the caching-related headers for responses that embed subrequests, I came across two cases that I think are currently implemented incorrectly.
a) When the main response is public and cacheable with an expiration time, but it embeds (via ESI) a controller that does not set any caching-related headers, this embedded response is more constrained. So, the resulting (combined) response must not be cacheable, especially it may not keep the s-maxage.
b) When the main response is public and cacheable with an expiration time, but it embeds (via ESI) a controller that explicitly creates a "private" response, the resulting (combined) response must be private as well.
Commits
-------
c6e8c07e4d Fix two edge cases in ResponseCacheStrategy
* 3.2:
[SecurityBundle] Move cache of the firewall context into the request parameters
Fix Usage with anonymous classes
[Workflow] Added more keywords in the composer.json
[Cache] APCu isSupported() should return true when apc.enable_cli=Off
[PropertyAccess] Do not silence TypeErrors from client code.
This PR was squashed before being merged into the 3.2 branch (closes#22943).
Discussion
----------
[SecurityBundle] Move cache of the firewall context into the request parameters
Following [this proposal](https://github.com/symfony/symfony/pull/22605#issuecomment-301276639). Since the matching context relates to the request, this information should have been cached inside the request parameters.
| Q | A
| ------------- | ---
| Branch? | 3.2
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #22605
| License | MIT
| Doc PR | n/a
* Avoid memory leak when handling multiple requests
* Adding the new request parameter `_firewall_context` might be considered as a breaking change. That adds a new "public" property that could be used by end developers.
Commits
-------
b3203cb8ab [SecurityBundle] Move cache of the firewall context into the request parameters
This PR was squashed before being merged into the 3.3 branch (closes#23088).
Discussion
----------
[FrameworkBundle] Dont set pre-defined esi/ssi services
| Q | A
| ------------- | ---
| Branch? | 3.3
| Bug fix? | yes
| New feature? | no
| BC breaks? | not sure
| Deprecations? | no
| Tests pass? | yes/no
| Fixed tickets | #23080
| License | MIT
| Doc PR | symfony/symfony-docs#... <!--highly recommended for new features-->
It fixes the issue, but im not sure what's expected if you dont use http cache (solely enabled ssi/esi in config). Before the services were initialized, now they are synthetic as http cache sets them, but thats optional =/
Commits
-------
8c26aab0fe [FrameworkBundle] Dont set pre-defined esi/ssi services
This PR was squashed before being merged into the 2.7 branch (closes#23057).
Discussion
----------
[Translation][FrameworkBundle] Fix resource loading order inconsistency reported in #23034
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #23034
| License | MIT
| Doc PR |
Fixes the bug reported in #23034:
When mixing `addResource()` calls and providing the `resource_files` option, the order in which resources are loaded depends on the `kernel.debug` setting and whether a cache is used.
In particular, when several loaders provide translations for the same message, the one that "wins" may change between development and production mode.
Commits
-------
2a9e65dea9 [Translation][FrameworkBundle] Fix resource loading order inconsistency reported in #23034
This PR was squashed before being merged into the 2.7 branch (closes#23092).
Discussion
----------
[Filesystem] added workaround in Filesystem::rename for PHP bug
[Filesystem] added workaround in Filesystem::rename for https://bugs.php.net/bug.php?id=54097
Standard PHP rename() of dirs across devices/mounted filesystems produces confusing copy error & throws IOException in Filesystem::rename. I got it during console cache:clear in the Docker environment. This PR possible fixes https://github.com/symfony/symfony/issues/19851 and other environment related issues.
Workaround is on \rename() fails try to Filesystem::mirror & Filesystem::remove if $origin is directory
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
Commits
-------
3ccbc479da [Filesystem] added workaround in Filesystem::rename for PHP bug