This PR was submitted for the master branch but it was merged into the 3.2 branch instead (closes#23586).
Discussion
----------
Fix case sensitive sameSite cookie
| Q | A
| ------------- | ---
| Branch? | 3.3
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #23585
| License | MIT
| Doc PR |
Commits
-------
14c310f5fb Fix case sensitive sameSite cookie
This PR was submitted for the 2.8 branch but it was merged into the 2.7 branch instead (closes#23238).
Discussion
----------
[Security] ensure the 'route' index is set before attempting to use it
| Q | A
| ------------- | ---
| Branch? | 2.8
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
```
// matching a request is more powerful than matching a URL path + context, so try that first
if ($this->urlMatcher instanceof RequestMatcherInterface) {
$parameters = $this->urlMatcher->matchRequest($request);
} else {
$parameters = $this->urlMatcher->match($request->getPathInfo());
}
return $path === $parameters['_route'];
```
Hi the issue here is the code is assuming a `_route` has been returned from the `match()` method.. however there is nothing to suggest that is always the case. For example if I just want to return a controller that is perhaps not added as an actual route I can & it works.. Although this will generate a notice warning.
**In terms of what happens if the `_route` is not defined should it return `false?` or actually perform a similar condition as `return $path === rawurldecode($request->getPathInfo());` **
I have an implementation of a router that is just returning a controller path and its arguments without a `_route` which works aside from this notice.
Commits
-------
7ae578cc1a fix(security): ensure the 'route' index is set before attempting to use it
This PR was merged into the 2.8 branch.
Discussion
----------
[WebProfilerBundle] Fix full sized dump hovering in toolbar
| Q | A
| ------------- | ---
| Branch? | 2.8 <!-- see comment below -->
| Bug fix? | yes
| New feature? | no <!-- don't forget updating src/**/CHANGELOG.md files -->
| BC breaks? | no
| Deprecations? | no <!-- don't forget updating UPGRADE-*.md files -->
| Tests pass? | yes
| Fixed tickets | #23563 <!-- #-prefixed issue number(s), if any -->
| License | MIT
| Doc PR | N/A
Since #22953, the dump block shown on hovering the toolbar item takes the full width. But at least on OS X chrome, safari and firefox, the behavior is buggy and makes it unusable as the cursor can't reach the dumped content:
![juin-29-2017 21-09-38](https://user-images.githubusercontent.com/2211145/27705877-b25c1496-5d0f-11e7-8fff-169e080e335c.gif)
Honestly, I don't really understand the issue here and tried some tweaks until it works everywhere, (including trying to add a `.no-resize` class on `sf-toolbar-info` to avoid executing the related js event listener in case it was conflicting).
As shown in the screenshot, it also fixes the case where the dump wasn't full width under a certain size.
Commits
-------
28930c5 [WebProfilerBundle] Fix full sized dump hovering in toolbar
This PR was merged into the 3.3 branch.
Discussion
----------
[Config] Minor fix
| Q | A
| ------------- | ---
| Branch? | 3.3
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
My bad.
BTW @javiereguiluz I confirm my diagnosis on #23573
Here is the last exception in that error page:
![capture du 2017-07-19 09-37-41](https://user-images.githubusercontent.com/243674/28355877-2bc71b5e-6c66-11e7-8e53-a88c42bec4e5.png)
Commits
-------
fa0b942 [Config] Minor fix
This PR was squashed before being merged into the 2.7 branch (closes#23580).
Discussion
----------
Fix login redirect when referer contains a query string
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #19026, #23027, #23061, #23411, #23551
| License | MIT
| Doc PR | n/a
In 3.3, #19026 was merged to fix a bug that should have been fixed in 2.7. The fix was wrong anyway, so this PR fixes it the proper way.
The first two commits refactors test (using mocks for data objects is a bad idea and using too many mocks actually makes tests test nothing).
The actual fix is in the third commit.
Commits
-------
022ac0be09 [Security] added more tests
9c7a1406cb [Security] fixed default target path when referer contains a query string
b1f1ae26b4 [Security] simplified tests
3387612451 [Security] refactored tests
This PR was squashed before being merged into the 3.2 branch (closes#23558).
Discussion
----------
[FrameworkBundle] fix ValidatorCacheWarmer: use serializing ArrayAdapter
| Q | A
| ------------- | ---
| Branch? | 3.2
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | https://github.com/symfony/symfony/issues/23544
| License | MIT
| Doc PR | -
The `ValidatorCacheWarmer` was using an `ArrayAdapter` with `$storeSerialized=false`. This is a problem as inside the `LazyLoadingMetadataFactory` the metaData objects are mutated (parent class constraints are merged into it) after they have been written into the cache.
So this means that currently when warming up the validator cache actually the merged metaData version is finally taken from the `ArrayAdapter` and written into the `PhpFilesAdapter`.
Which then caused some duplicate constraints as the parent constraints are merged again after fetching from the cache inside `LazyLoadingMetadataFactory`.
This fix makes sure we serialize objects into the `ArrayAdapter`.
Writing a test case for this does not seem easy to me. Any ideas?
EDIT: Maybe its even safer to just clone the object when writing it into the cache?
```diff
diff --git a/src/Symfony/Component/Validator/Mapping/Factory/LazyLoadingMetadataFactory.php b/src/Symfony/Component/Validator/Mapping/Factory/LazyLoadingMetadataFactory.php
index 79ad1f2..88eaf33 100644
--- a/src/Symfony/Component/Validator/Mapping/Factory/LazyLoadingMetadataFactory.php
+++ b/src/Symfony/Component/Validator/Mapping/Factory/LazyLoadingMetadataFactory.php
@@ -117,7 +117,7 @@ class LazyLoadingMetadataFactory implements MetadataFactoryInterface
}
if (null !== $this->cache) {
- $this->cache->write($metadata);
+ $this->cache->write(clone $metadata);
}
```
Opinions?
Commits
-------
c0556cb204 [FrameworkBundle] fix ValidatorCacheWarmer: use serializing ArrayAdapter
This PR was merged into the 3.3 branch.
Discussion
----------
[Config] Make ClassExistenceResource throw on invalid parents
| Q | A
| ------------- | ---
| Branch? | 3.3
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #23564
| License | MIT
| Doc PR | -
Let's throw a more specific exception when a parent class/interface/trait is missing.
Fine tunes #23041
Commits
-------
53b01903ce [Config] Make ClassExistenceResource throw on invalid parents
This PR was merged into the 3.3 branch.
Discussion
----------
[VarDumper] Use "C" locale when using "comma" flags
| Q | A
| ------------- | ---
| Branch? | 3.3
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #23572
| License | MIT
| Doc PR | -
Adding trailing comma implicitly requires a C locale.
Commits
-------
305ae5e5d4 [VarDumper] Use "C" locale when using "comma" flags
This PR was merged into the 3.2 branch.
Discussion
----------
[DI] Change "this" to "that" in `findAndSortTaggedServices` doc to reduce confusion
Continuation of PR #23578 which I royally messed up.....
| Q | A
| ------------- | ---
| Branch? | 3.2
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| License | MIT
| Doc PR | None
I know this is extremely minor, but reading the description of this method, I got confused. Wondering if it's just me.
Where it says:
> The order of additions must be respected for services having the same priority, and knowing that the \SplPriorityQueue class does not respect the FIFO method, we should not use **this** class.
Should it not say "we should not use **that** class"?
Commits
-------
04b7b04b65 Change "this" to "that" to avoid confusion
* 3.2:
[DI] Resolve aliases earlier
[DI] Mark Container::$privates as internal
bumped Symfony version to 3.2.13
updated VERSION for 3.2.12
updated CHANGELOG for 3.2.12
bumped Symfony version to 2.8.26
updated VERSION for 2.8.25
updated CHANGELOG for 2.8.25
bumped Symfony version to 2.7.33
updated VERSION for 2.7.32
update CONTRIBUTORS for 2.7.32
updated CHANGELOG for 2.7.32
* 2.8:
[DI] Resolve aliases earlier
bumped Symfony version to 2.8.26
updated VERSION for 2.8.25
updated CHANGELOG for 2.8.25
bumped Symfony version to 2.7.33
updated VERSION for 2.7.32
update CONTRIBUTORS for 2.7.32
updated CHANGELOG for 2.7.32
* 2.7:
[DI] Resolve aliases earlier
bumped Symfony version to 2.7.33
updated VERSION for 2.7.32
update CONTRIBUTORS for 2.7.32
updated CHANGELOG for 2.7.32
This PR was merged into the 3.3 branch.
Discussion
----------
[DI] Minor dumping logic simplification
| Q | A
| ------------- | ---
| Branch? | 3.3
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
Likely not a bug fix because private services should be dealt with by some compiler pass, but anyway, locally, I don't get why non-shared private services should check the "$this->services" property.
Did I miss something?
Commits
-------
37d8495 [DI] Minor dumping logic simplification
This PR was merged into the 2.7 branch.
Discussion
----------
[DI] Resolve aliases earlier
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
Not a bug fix because a compiler pass already resolves aliases, but makes reasoning locally about the code easier.
Commits
-------
9922827cc2 [DI] Resolve aliases earlier
This PR was merged into the 3.2 branch.
Discussion
----------
[DI] Mark Container::$privates as internal
| Q | A
| ------------- | ---
| Branch? | 3.2
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
As is should have been since its introduction.
Commits
-------
2725fd6080 [DI] Mark Container::$privates as internal