* 3.4: (22 commits)
use Precise on Travis to keep PHP LDAP support
Fix case sensitive sameSite cookie
[PropertyInfo] Use rawurlencode to escape PSR-6 keys
fix(security): ensure the 'route' index is set before attempting to use it
Fix registering lazy command services with autoconfigure enabled
Fix the design of the profiler exceptions when there is no message
[Config] Minor fix
document the TwigRenderer class deprecation
[Security] added more tests
[Security] fixed default target path when referer contains a query string
[Security] simplified tests
[Security] refactored tests
[WebProfilerBundle][TwigBundle] Fix infinite js loop on exception pages
[FrameworkBundle] fix ValidatorCacheWarmer: use serializing ArrayAdapter
Change "this" to "that" to avoid confusion
[VarDumper] Move locale sniffing to dump() time
[VarDumper] Use "C" locale when using "comma" flags
[Config] Make ClassExistenceResource throw on invalid parents
[DebugBundle] Added min_depth to Configuration
[Console] Add a factory command loader for standalone application with lazy-loading needs
...
* 3.3:
use Precise on Travis to keep PHP LDAP support
Fix case sensitive sameSite cookie
[PropertyInfo] Use rawurlencode to escape PSR-6 keys
fix(security): ensure the 'route' index is set before attempting to use it
Fix the design of the profiler exceptions when there is no message
[Config] Minor fix
[WebProfilerBundle] Fix full sized dump hovering in toolbar
* 3.2:
use Precise on Travis to keep PHP LDAP support
Fix case sensitive sameSite cookie
[PropertyInfo] Use rawurlencode to escape PSR-6 keys
fix(security): ensure the 'route' index is set before attempting to use it
[WebProfilerBundle] Fix full sized dump hovering in toolbar
* 2.8:
use Precise on Travis to keep PHP LDAP support
fix(security): ensure the 'route' index is set before attempting to use it
[WebProfilerBundle] Fix full sized dump hovering in toolbar
This PR was merged into the 4.0-dev branch.
Discussion
----------
[Bridge\Doctrine] Fix BC with DI v3.4
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
As allowed by composer.json.
Code borrowed from branch 3.4
Commits
-------
b03f0bdb06 [Bridge\Doctrine] Fix BC with DI v3.4
This PR was merged into the 3.4 branch.
Discussion
----------
[Console] Fix registering lazy command services with autoconfigure enabled
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
For
```yaml
_defaults:
autoconfigure: true
App\:
resource: '../../src/*'
App\Command\FooCommand:
tags:
- { name: console.command, command: foo }
```
Before you get the following error:
> Missing "command" attribute on tag "console.command" for service "App\Command\FooCommand"
Now the command is lazy.
----
Btw, @Tobion's https://github.com/symfony/symfony/pull/22734#discussion_r127410411
> Wouldn't it be more straightforward if aliases are just the additional tags using the command attribute as well?
Then there is no need for an alias property at all and this strange condition doesn't apply either.
Partially addressed here by removing the need for repeating the `command` attribute on each `console.command` tag
```yaml
# before
tags:
- { name: console.command, command: foo }
- { name: console.command, command: foo, alias: foobar }
# after
tags:
- { name: console.command, command: foo }
- { name: console.command, alias: foobar }
```
Tobias proposal:
```yaml
tags:
- { name: console.command, command: app:my-command }
- { name: console.command, command: app:my-alias }
```
I wanted to propose exactly the same at first, but finally found more clear to add a specific attribute for aliases, especially because relying on the order on which tags are defined sounds less good to me. Please tell me about your preference.
(And sorry for the noise around this feature, I want to polish it for 3.4)
Commits
-------
8a71aa31bb Fix registering lazy command services with autoconfigure enabled
This PR was merged into the 4.0-dev branch.
Discussion
----------
[Console] Make SymfonyQuestionHelper::ask optional by default
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | yes
| Tests pass? | yes (nothing in core depends on it)
| Fixed tickets | #... <!-- #-prefixed issue number(s), if any -->
| License | MIT
| Doc PR | symfony/symfony-docs#... <!--highly recommended for new features-->
i noticed when writing commands i always keep doing
```php
$io = new SymfonyStyle($input, $output);
$answer = $io->ask('...', null, function ($value) { return $value; });
// instead of just
$answer = $io->ask('...');
```
only to bypass a built-in validation, of which im not sure why it's there. Note the base question helper doesnt make this assumption...
Commits
-------
2da429cd0a [Console] Make SymfonyQuestionHelper::ask optional by default
- added `Symfony\Component\Cache\PruneableInterface` so PSR-6 or PSR-16 cache implementations can declare support
for manual stale cache pruning
- added FilesystemTrait::prune() and PhpFilesTrait::prune() implementations
- now FilesystemAdapter, PhpFilesAdapter, FilesystemCache, and PhpFilesCache implement PruneableInterface and
supports manual stale cache pruning
- Added `cache:pool:prune` command via `Symfony\Bundle\FrameworkBundle\Command\CachePoolPruneCommand` to allow
manual stale cache item pruning of supported PSR-6 and PSR-16 cache pool implementations
- Added `Symfony\Bundle\FrameworkBundle\DependencyInjection\Compiler\CachePoolPrunerPass` compiler pass to fetch
all cache pools implementing `PruneableInterface` and pass them to the command as an `IteratorArgument` so
these references are lazy loaded by the command
- updated changelogs as appropriate
This PR was merged into the 2.8 branch.
Discussion
----------
[WebProfilerBundle] Fix full sized dump hovering in toolbar
| Q | A
| ------------- | ---
| Branch? | 2.8 <!-- see comment below -->
| Bug fix? | yes
| New feature? | no <!-- don't forget updating src/**/CHANGELOG.md files -->
| BC breaks? | no
| Deprecations? | no <!-- don't forget updating UPGRADE-*.md files -->
| Tests pass? | yes
| Fixed tickets | #23563 <!-- #-prefixed issue number(s), if any -->
| License | MIT
| Doc PR | N/A
Since #22953, the dump block shown on hovering the toolbar item takes the full width. But at least on OS X chrome, safari and firefox, the behavior is buggy and makes it unusable as the cursor can't reach the dumped content:
Honestly, I don't really understand the issue here and tried some tweaks until it works everywhere, (including trying to add a `.no-resize` class on `sf-toolbar-info` to avoid executing the related js event listener in case it was conflicting).
As shown in the screenshot, it also fixes the case where the dump wasn't full width under a certain size.
Commits
-------
28930c5 [WebProfilerBundle] Fix full sized dump hovering in toolbar
This PR was merged into the 3.3 branch.
Discussion
----------
[Config] Minor fix
| Q | A
| ------------- | ---
| Branch? | 3.3
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
My bad.
BTW @javiereguiluz I confirm my diagnosis on #23573
Here is the last exception in that error page:
Commits
-------
fa0b942 [Config] Minor fix
This PR was merged into the 3.4 branch.
Discussion
----------
[Console] Add a factory command loader for standalone application with lazy-loading needs
| Q | A
| ------------- | ---
| Branch? | 3.4 <!-- see comment below -->
| Bug fix? | no
| New feature? | yes <!-- don't forget updating src/**/CHANGELOG.md files -->
| BC breaks? | no
| Deprecations? | no <!-- don't forget updating UPGRADE-*.md files -->
| Tests pass? | yes (failure unrelated)
| Fixed tickets | https://github.com/symfony/symfony/pull/22734#issuecomment-314706630 <!-- #-prefixed issue number(s), if any -->
| License | MIT
| Doc PR | todo (with https://github.com/symfony/symfony-docs/issues/8147)
So standalone applications can also benefit from the lazy loading feature without requiring a PSR-11 implementation specifically for this need.
The loader does not memoize any resolved command from factories, as it's the `Application` responsibility and the `ContainerCommandLoader` does not either (the PSR-11 does not enforce two successive calls to return the same value).
Commits
-------
9b40b4a [Console] Add a factory command loader for standalone application with lazy-loading needs
* 3.3:
[Security] added more tests
[Security] fixed default target path when referer contains a query string
[Security] simplified tests
[Security] refactored tests
[WebProfilerBundle][TwigBundle] Fix infinite js loop on exception pages
[FrameworkBundle] fix ValidatorCacheWarmer: use serializing ArrayAdapter
Change "this" to "that" to avoid confusion
[VarDumper] Move locale sniffing to dump() time
[VarDumper] Use "C" locale when using "comma" flags
[Config] Make ClassExistenceResource throw on invalid parents
This PR was merged into the 3.4 branch.
Discussion
----------
[DebugBundle] Added min_depth to Configuration
This enables calling the recently-added `setMinDepth` function on `VarCloner`.
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | none
| License | MIT
| Doc PR | symfony/symfony-docs#8185
Commits
-------
30cd70d [DebugBundle] Added min_depth to Configuration
This PR was squashed before being merged into the 3.2 branch (closes#23558).
Discussion
----------
[FrameworkBundle] fix ValidatorCacheWarmer: use serializing ArrayAdapter
| Q | A
| ------------- | ---
| Branch? | 3.2
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | https://github.com/symfony/symfony/issues/23544
| License | MIT
| Doc PR | -
The `ValidatorCacheWarmer` was using an `ArrayAdapter` with `$storeSerialized=false`. This is a problem as inside the `LazyLoadingMetadataFactory` the metaData objects are mutated (parent class constraints are merged into it) after they have been written into the cache.
So this means that currently when warming up the validator cache actually the merged metaData version is finally taken from the `ArrayAdapter` and written into the `PhpFilesAdapter`.
Which then caused some duplicate constraints as the parent constraints are merged again after fetching from the cache inside `LazyLoadingMetadataFactory`.
This fix makes sure we serialize objects into the `ArrayAdapter`.
Writing a test case for this does not seem easy to me. Any ideas?
EDIT: Maybe its even safer to just clone the object when writing it into the cache?
```diff
diff --git a/src/Symfony/Component/Validator/Mapping/Factory/LazyLoadingMetadataFactory.php b/src/Symfony/Component/Validator/Mapping/Factory/LazyLoadingMetadataFactory.php
index 79ad1f2..88eaf33 100644
--- a/src/Symfony/Component/Validator/Mapping/Factory/LazyLoadingMetadataFactory.php
+++ b/src/Symfony/Component/Validator/Mapping/Factory/LazyLoadingMetadataFactory.php
@@ -117,7 +117,7 @@ class LazyLoadingMetadataFactory implements MetadataFactoryInterface
}
if (null !== $this->cache) {
- $this->cache->write($metadata);
+ $this->cache->write(clone $metadata);
}
```
Opinions?
Commits
-------
c0556cb204 [FrameworkBundle] fix ValidatorCacheWarmer: use serializing ArrayAdapter
This PR was merged into the 4.0-dev branch.
Discussion
----------
[DI] Optimize use of private and pre-defined services
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes (perf)
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
By making private services really private and taking into account that (un)setting pre-defined services is not allowed anymore, we can go one step further into optimizing the dumped container.
Commits
-------
c0c1881fe4 [DI] Optimize use of private and pre-defined services
This PR was merged into the 3.3 branch.
Discussion
----------
[Config] Make ClassExistenceResource throw on invalid parents
| Q | A
| ------------- | ---
| Branch? | 3.3
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #23564
| License | MIT
| Doc PR | -
Let's throw a more specific exception when a parent class/interface/trait is missing.
Fine tunes #23041
Commits
-------
53b01903ce [Config] Make ClassExistenceResource throw on invalid parents
This PR was merged into the 3.2 branch.
Discussion
----------
[DI] Change "this" to "that" in `findAndSortTaggedServices` doc to reduce confusion
Continuation of PR #23578 which I royally messed up.....
| Q | A
| ------------- | ---
| Branch? | 3.2
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| License | MIT
| Doc PR | None
I know this is extremely minor, but reading the description of this method, I got confused. Wondering if it's just me.
Where it says:
> The order of additions must be respected for services having the same priority, and knowing that the \SplPriorityQueue class does not respect the FIFO method, we should not use **this** class.
Should it not say "we should not use **that** class"?
Commits
-------
04b7b04b65 Change "this" to "that" to avoid confusion
This PR was merged into the 3.4 branch.
Discussion
----------
[TwigBridge] fix tests
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
~The changed test did not pass locally. I do probably miss something important, but I fail to see why this did not occur when running the tests on Travis CI.~ Never mind, I was looking at the wrong build. It fails on Travis CI too.
Commits
-------
62410b6b7e [TwigBridge] fix tests
* 3.4:
[DI] Resolve aliases earlier
[DI] Mark Container::$privates as internal
[DI] Minor dumping logic simplification
bumped Symfony version to 3.3.6
updated VERSION for 3.3.5
updated CHANGELOG for 3.3.5
bumped Symfony version to 3.2.13
updated VERSION for 3.2.12
updated CHANGELOG for 3.2.12
bumped Symfony version to 2.8.26
updated VERSION for 2.8.25
updated CHANGELOG for 2.8.25
bumped Symfony version to 2.7.33
updated VERSION for 2.7.32
update CONTRIBUTORS for 2.7.32
updated CHANGELOG for 2.7.32
* 3.3:
[DI] Resolve aliases earlier
[DI] Mark Container::$privates as internal
[DI] Minor dumping logic simplification
bumped Symfony version to 3.3.6
updated VERSION for 3.3.5
updated CHANGELOG for 3.3.5
bumped Symfony version to 3.2.13
updated VERSION for 3.2.12
updated CHANGELOG for 3.2.12
bumped Symfony version to 2.8.26
updated VERSION for 2.8.25
updated CHANGELOG for 2.8.25
bumped Symfony version to 2.7.33
updated VERSION for 2.7.32
update CONTRIBUTORS for 2.7.32
updated CHANGELOG for 2.7.32
* 3.2:
[DI] Resolve aliases earlier
[DI] Mark Container::$privates as internal
bumped Symfony version to 3.2.13
updated VERSION for 3.2.12
updated CHANGELOG for 3.2.12
bumped Symfony version to 2.8.26
updated VERSION for 2.8.25
updated CHANGELOG for 2.8.25
bumped Symfony version to 2.7.33
updated VERSION for 2.7.32
update CONTRIBUTORS for 2.7.32
updated CHANGELOG for 2.7.32
* 2.8:
[DI] Resolve aliases earlier
bumped Symfony version to 2.8.26
updated VERSION for 2.8.25
updated CHANGELOG for 2.8.25
bumped Symfony version to 2.7.33
updated VERSION for 2.7.32
update CONTRIBUTORS for 2.7.32
updated CHANGELOG for 2.7.32
* 2.7:
[DI] Resolve aliases earlier
bumped Symfony version to 2.7.33
updated VERSION for 2.7.32
update CONTRIBUTORS for 2.7.32
updated CHANGELOG for 2.7.32
This PR was merged into the 2.7 branch.
Discussion
----------
[DI] Resolve aliases earlier
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
Not a bug fix because a compiler pass already resolves aliases, but makes reasoning locally about the code easier.
Commits
-------
9922827cc2 [DI] Resolve aliases earlier
* 3.4: (22 commits)
Fix lazy commands registration
[TwigBridge] deprecate TwigRenderer
[FrameworkBundle] Set default public directory on install assets
[Security] Fix wrong term in UserProviderInterface
[HttpFoundation] Set meta refresh time to 0 in RedirectResponse content
disable inlining deprecated services
[Stopwatch] Fix precision for root section
[Cache] add constructor docblocks for clarity
[WebServerBundle] allowed public/ root directory to be auto-discovered along side web/
[WebServerBundle] remove duplicate code
[SecurityBundle] Clarify deprecation in UserPasswordEncoderCommand::getContainer
[Profiler][Validator] ValidatorDataCollector: use new DataCollector::getCasters() method
[Profiler] Fix data collector getCasters() call
[VarDumper] Added setMinDepth to VarCloner
remove symfony/process suggestion
[DI] Remove unused dynamic property
[Cache] add constructor docblocks for clarity
[Security] validate empty passwords again
[Process] Fixed issue between process builder and exec
non-conflicting anonymous service ids across files
...
phpdocumentor/reflection-docblock included a change in release 3.2.0
which required a tag to be followed by a space. This conflicts with our
use of the `@Group` annotation:
```php
/**
* @var \DateTime[]
* @Groups({"a", "b"})
*/
public $collection;
```
* 3.3:
[FrameworkBundle] Set default public directory on install assets
[Security] Fix wrong term in UserProviderInterface
[HttpFoundation] Set meta refresh time to 0 in RedirectResponse content
disable inlining deprecated services
[Cache] add constructor docblocks for clarity
[WebServerBundle] allowed public/ root directory to be auto-discovered along side web/
[WebServerBundle] remove duplicate code
[SecurityBundle] Clarify deprecation in UserPasswordEncoderCommand::getContainer
[Cache] add constructor docblocks for clarity
[Security] validate empty passwords again
[DI] Remove irrelevant comment from container
[TwigBridge] cleaner implementation of the TwigRenderer
* 3.2:
[Security] Fix wrong term in UserProviderInterface
[HttpFoundation] Set meta refresh time to 0 in RedirectResponse content
disable inlining deprecated services
[Cache] add constructor docblocks for clarity
[Security] validate empty passwords again
[DI] Remove irrelevant comment from container
[TwigBridge] cleaner implementation of the TwigRenderer
* 2.8:
[Security] Fix wrong term in UserProviderInterface
[HttpFoundation] Set meta refresh time to 0 in RedirectResponse content
disable inlining deprecated services
[Security] validate empty passwords again
[DI] Remove irrelevant comment from container
[TwigBridge] cleaner implementation of the TwigRenderer
* 2.7:
[Security] Fix wrong term in UserProviderInterface
[HttpFoundation] Set meta refresh time to 0 in RedirectResponse content
[Security] validate empty passwords again
[DI] Remove irrelevant comment from container
[TwigBridge] cleaner implementation of the TwigRenderer
This PR was merged into the 3.4 branch.
Discussion
----------
[Console] Application is not responsible for setting the name of lazy commands
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
Fixes `all` not calling `get()` for lazy commands and stop setting the command name from Application (the command loader is responsible for returning valid commands).
Commits
-------
f25a8b5c41 Fix lazy commands registration
This PR was squashed before being merged into the 3.3 branch (closes#23513).
Discussion
----------
[FrameworkBundle] Set default public directory on install assets
| Q | A
| ------------- | ---
| Branch? | 3.3
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
After https://github.com/symfony/flex/pull/122 and https://github.com/symfony/recipes/pull/106 the default directory to install assets is `public`.
Commits
-------
1bdfe0b39b [FrameworkBundle] Set default public directory on install assets
This PR was merged into the 2.7 branch.
Discussion
----------
[Security] validate empty passwords again
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | https://github.com/symfony/symfony/pull/23341#issuecomment-315341226
| License | MIT
| Doc PR |
It looks like this part of #23341 causes serious security issues for some users who rely on the validator to also compare the empty string with their user's password (see for example https://github.com/symfony/symfony/pull/23341#issuecomment-315341226). Thus I suggest to revert this part of #23341.
Commits
-------
878198cefa [Security] validate empty passwords again
This PR was merged into the 3.4 branch.
Discussion
----------
[Profiler][Validator] ValidatorDataCollector: use new DataCollector::getCasters() method
| Q | A
| ------------- | ---
| Branch? | 3.4 <!-- see comment below -->
| Bug fix? | no
| New feature? | no <!-- don't forget updating src/**/CHANGELOG.md files -->
| BC breaks? | no
| Deprecations? | no <!-- don't forget updating UPGRADE-*.md files -->
| Tests pass? | yes
| Fixed tickets | https://github.com/symfony/symfony/pull/23465#discussion_r126382240 <!-- #-prefixed issue number(s), if any -->
| License | MIT
| Doc PR | N/A
~~First commit targets 3.3; see https://github.com/symfony/symfony/pull/23516.~~
I didn't re-used the `ConstraintViolationInterface` caster used in the form collector, as it's the purpose of the validator collector to show the constraints data.
Commits
-------
c725a700cf [Profiler][Validator] ValidatorDataCollector: use new DataCollector::getCasters() method
This PR was merged into the 3.4 branch.
Discussion
----------
[VarDumper] Added setMinDepth to VarCloner
This new function allows VarCloner users to specify a minimum tree
depth that must be fully explored before we start limiting the number of
cloned items via the existing setMaxItems functionality.
It’s useful for dumping arguments from a backtrace to ensure some
minimum level of detail, while keeping a very low setMaxItems value to
ensure fast performance at the deeper levels.
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | yes <!-- don't forget updating src/**/CHANGELOG.md files -->
| BC breaks? | no
| Deprecations? | no <!-- don't forget updating UPGRADE-*.md files -->
| Tests pass? | yes
| Fixed tickets | none
| License | MIT
| Doc PR | symfony/symfony-docs#8155 <!--highly recommended for new features-->
<!--
- Bug fixes must be submitted against the lowest branch where they apply
(lowest branches are regularly merged to upper ones so they get the fixes too).
- Features and deprecations must be submitted against the 3.4,
legacy code removals go to the master branch.
- Please fill in this template according to the PR you're about to submit.
- Replace this comment by a description of what your PR is solving.
-->
Commits
-------
d6534f5cfc [VarDumper] Added setMinDepth to VarCloner
