This PR was merged into the 5.3-dev branch.
Discussion
----------
[DependencyInjection] accept null index in #[TaggedItem]
| Q | A
| ------------- | ---
| Branch? | 5.x
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | -
As hinted by @stof in https://github.com/symfony/symfony/pull/40248#discussion_r595065941
Commits
-------
6d16fac703 [DI] accept null index in #[TaggedItem]
This PR was merged into the 5.3-dev branch.
Discussion
----------
[Security] Rename User to InMemoryUser
| Q | A
| ------------- | ---
| Branch? | 5.x
| Bug fix? | no
| New feature? | yes
| Deprecations? | yes
| Tickets | Closes#26348
| License | MIT
| Doc PR | -
This PR aims to clarify that the `User` class should only be used by the `InMemoryUserProvider`, as documented:
c06a76c384/src/Symfony/Component/Security/Core/User/User.php (L15-L17)
It also renames `UserChecker` to `InMemoryUserChecker` because it only works with the in-memory user class:
c06a76c384/src/Symfony/Component/Security/Core/User/UserChecker.php (L31-L32)
Commits
-------
55b51d3f90 [Security] Rename User to InMemoryUser
This PR was merged into the 5.3-dev branch.
Discussion
----------
Deprecate configuring tag names and service ids in compiler passes
| Q | A
| ------------- | ---
| Branch? | 5.x
| Bug fix? | no
| New feature? | no
| Deprecations? | yes
| Tickets | -
| License | MIT
| Doc PR | -
This PR is aimed at reducing the code complexity by hardcoding the name of tags and service ids that compiler passes have to deal with.
I think making these names configurable only adds boilerplate and maintenance overhead for no benefit:
- for the practice: the need to use a pass with a renamed tag/id should be extremely rare (do yo know any?)
- for the theory: a decorating pass could still rename before/after the processing, so this use case is still supported.
Side note: I skipped updating changelog+upgrade files. This would be just noise to me (nobody uses this possibility anyway ;) )
Commits
-------
6fe82d8be7 Deprecate configuring tag names and service ids in compiler passes
* 5.2:
[ErrorHandler] Fix error caused by `include` + open_basedir
[FrameworkBundle] Make the TestBrowserToken interchangeable with other tokens
[Console] ProgressBar clears too many lines on update
[FrameworkBundle] Exclude unreadable files when executing About command
[Bridge\Twig] Add 'form-control-range' for range input type
Be explicit about transparent background color of links in toolbar
[Translation] fix test case name
[Cache] Fix wrong namespace in test
[DependencyInjection] Fix return type
* 4.4:
[Console] ProgressBar clears too many lines on update
[FrameworkBundle] Exclude unreadable files when executing About command
[Bridge\Twig] Add 'form-control-range' for range input type
Be explicit about transparent background color of links in toolbar
[Translation] fix test case name
[Cache] Fix wrong namespace in test
[DependencyInjection] Fix return type
This PR was squashed before being merged into the 4.4 branch.
Discussion
----------
[Console] ProgressBar clears too many lines on update
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? |no <!-- please update src/**/CHANGELOG.md files -->
| Deprecations? |no <!-- please update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| License | MIT
The ProgressBar incorrectly calculates line lengths when updating, including non-displayable characters such as ANSI colors. This causes it to clear too many lines if the terminal width is greater than the displayed line length but less than the line length including non-displayed characters. An example of this bug in action is https://github.com/acquia/cli/issues/467
Commits
-------
2aa3df0c74 [Console] ProgressBar clears too many lines on update
This PR was merged into the 5.3-dev branch.
Discussion
----------
[DependencyInjection] Add `#[TaggedItem]` attribute for defining the index and priority of classes found in tagged iterators/locators
| Q | A
| ------------- | ---
| Branch? | 5.x
| Bug fix? | no
| New feature? | yes
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | -
Next to #39804, this PR adds a new `#[TaggedItem]` attribute that ppl can use to define the index of their service classes when they're used in tagged collections (iterators/locators.
This replaces the `public static getDefaultName()` and `getDefaultPriority()` methods that ppl could use for this purpose:
```php
#[TaggedItem(index: 'api.logger', priority: 123)]
class MyApiLogger implements LoggerInterface
{
}
```
This will ship the corresponding service at index `api.logger`, priority=123 when building locators/iterators.
Commits
-------
252f2ca1fb [DependencyInjection] Add `#[TaggedItem]` attribute for defining the index and priority of classes found in tagged iterators/locators
* 5.2:
[Mailer] fix lowest allowed dependencies
Refresh original user in SwitchUserListener.
check if templating engine supports view
[Mime] Escape commas in address names
* 4.4:
[Mailer] fix lowest allowed dependencies
Refresh original user in SwitchUserListener.
check if templating engine supports view
[Mime] Escape commas in address names
This PR was merged into the 5.3-dev branch.
Discussion
----------
[Validator] Add Validation::createIsValidCallable() that returns a boolean instead of exception
| Q | A
| ------------- | ---
| Branch? | 5.x
| Bug fix? | no
| New feature? | yes
| Deprecations? | no
| Tickets | Fix#36820
| License | MIT
| Doc PR | tbd
This adds a `Validator::createValidCallable()` (I'm very open for other name suggestions) that returns a boolean instead of exceptions. This allows usingit in places where booleans are expected, for instance in the referenced OptionsResolver case:
```php
$resolver->setAllowedValues('name', Validation::createValidCallable(
new Assert\Length(['min' => 10 ])
));
```
Commits
-------
e731f5fda9 [Validator] Add createValidCallable() that returns a boolean
This PR was merged into the 4.4 branch.
Discussion
----------
[Mime] Escape commas in address names
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | Fix#39416
| License | MIT
| Doc PR | --
<!--
Replace this notice by a short README for your feature/bugfix. This will help people
understand your PR and can be used as a start for the documentation.
Additionally (see https://symfony.com/releases):
- Always add tests and ensure they pass.
- Never break backward compatibility (see https://symfony.com/bc).
- Bug fixes must be submitted against the lowest maintained branch where they apply
(lowest branches are regularly merged to upper ones so they get the fixes too.)
- Features and deprecations must be submitted against branch 5.x.
-->
Before:
```php
$address = new Address('fabien@symfony.com', 'Fabien, Potencier');
$address->toString(); // Fabien, Potencier <fabien@symfony.com> -> Interpreted like two emails
```
After:
```php
$address = new Address('fabien@symfony.com', 'Fabien, Potencier');
$address->toString(); // "Fabien, Potencier" <fabien@symfony.com>
```
Commits
-------
39e9158999 [Mime] Escape commas in address names
This PR was merged into the 5.3-dev branch.
Discussion
----------
[Console] improve exception message when required argument is added after an optional one
| Q | A
| ------------- | ---
| Branch? | 5.x <!-- see below -->
| Bug fix? | no
| New feature? | wouldn't say so, rather DX improvement <!-- please update src/**/CHANGELOG.md files -->
| Deprecations? | no <!-- please update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| Tickets | Fix#40302 <!-- prefix each issue number with "Fix #", no need to create an issue if none exist, explain below instead -->
| License | MIT
| Doc PR | n/a
Hello, this is my first contribution to Symfony Framework. It's time to pull my weight.
About the issue:
I did improve an error message to include passed argument's name and the latest optional argument's name.
![Screenshot at 2021-02-26 23-08-10](https://user-images.githubusercontent.com/79662742/109361609-8f011e80-7889-11eb-8700-cbbd388c0109.png)
An author also mentioned "But which command?", however this is shown twice as we can see on the screenshot above so I skipped that.
Commits
-------
9bddbbd7ed#40302 improve exception message when required argument is added after an optional one
This PR was merged into the 5.3-dev branch.
Discussion
----------
[HttpFoundation] Use InputBag for POST requests too
| Q | A
| ------------- | ---
| Branch? | 5.x
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| Tickets | Partially revert #37265
| License | MIT
| Doc PR | -
#37265 was created as a fix for #37100. However, when #37327 was merged, the original bug was also fixed with a different solution (allowing null values on `InputBag::set`) and parts of #37265 are not needed anymore. By using only `InputBag` as the `$request` bag we can tighten the typehint again and make static analysis a bit more useful.
Commits
-------
381a0a19f7 use InputBag for POST requests too, added missing scalar type hints
* 5.2:
bug #40427 [Console] Stop accepting ints as InputOption defaults
Fix fingerprint when context is not serializable
Fix `ConstraintViolation#getMessageTemplate()` to always return `string`
The types accepted and provided by `InputInterface::getOption`
and `setOption` do not include `int` (and passing something like
`--option=123` will set the option to the string `"123"`, not
to the integer `123`).
The `InputOption` default types should match this.
This PR was merged into the 5.2 branch.
Discussion
----------
Fix `ConstraintViolation#getMessageTemplate()` to always return `string`
| Q | A
| ------------- | ---
| Branch? | 5.2
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets |
| License | MIT
| Doc PR |
`ConstraintViolation#getMessageTemplate()`'s inherited signature states that `string` is
to be returned by it at all times, yet the implementation returns `null` when no message
template had been provided at instantiation.
This patch obviates it, returning an empty string when the
message template is `null`.
Ref: https://github.com/symfony/symfony/pull/40415#issuecomment-792839512
Commits
-------
72a464e449 Fix `ConstraintViolation#getMessageTemplate()` to always return `string`
* 5.2:
Bump Symfony version to 5.2.6
Update VERSION for 5.2.5
Update CHANGELOG for 5.2.5
Update translations for Norwegian Nynorsk (nn) #38756
Fix eventListener initialization when eventSubscriber constructor dispatch an event
[FrameworkBundle] fix XSD
clear unchecked choice radio boxes even if clear missing is set to false
Fix `ConstraintViolation#getPropertyPath()` to always return `string`
[ErrorHandler] Added missing type annotations to FlattenException
[TwigBridge] Allow version 3 of the Twig extra packages
Fix FrameworkBundle PropertyAccess definition when not in debug
* 4.4:
Update translations for Norwegian Nynorsk (nn) #38756
Fix eventListener initialization when eventSubscriber constructor dispatch an event
clear unchecked choice radio boxes even if clear missing is set to false
[ErrorHandler] Added missing type annotations to FlattenException
[TwigBridge] Allow version 3 of the Twig extra packages
Fix FrameworkBundle PropertyAccess definition when not in debug
This PR was merged into the 5.3-dev branch.
Discussion
----------
[Runtime] a new component to decouple applications from global state
| Q | A
| ------------- | ---
| Branch? | 5.x
| Bug fix? | no
| New feature? | yes
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | https://github.com/symfony/symfony-docs/pull/15081
Follow up of #36652, see discussion there.
What if we could decouple the bootstrapping logic of our apps from any global state?
This PR makes it possible via a new proposed `symfony/runtime` component.
The immediate benefit this provides is easier maintenance of Symfony apps: code that is currently shipped by recipes will be able to move to `vendor/`. Read the previous sentence twice, this is big :)
Check the following PR to see how far this goes: https://github.com/symfony/recipes/pull/787
The longer-term benefit is being able to run the exact same app under several runtimes: PHP-FPM, CLI, but also PHP-PM and similar. Thanks to the proposed interface, this benefit could span to any PHP apps; not only to apps using the Symfony HttpKernel/HttpFoundation components. This part could be moved to `symfony/contracts` in the future.
Performance-wise, I measured no significant difference with the current way of running apps.
RuntimeInterface
----------------
The core of this component is the `RuntimeInterface` which describes a high-order
runtime logic.
It is designed to be totally generic and able to run any application outside of
the global state in 6 steps:
1. the main entry point returns a callable that wraps the application;
2. this callable is passed to `RuntimeInterface::getResolver()`, which returns a
`ResolverInterface`; this resolver returns an array with the (potentially
decorated) callable at index 0, and all its resolved arguments at index 1;
3. the callable is invoked with its arguments; it returns an object that
represents the application;
4. that object is passed to `RuntimeInterface::getRunner()`, which returns a
`RunnerInterface`: an instance that knows how to "run" the object;
5. that instance is `run()` and returns the exit status code as `int`;
6. the PHP engine is exited with this status code.
This process is extremely flexible as it allows implementations of
`RuntimeInterface` to hook into any critical steps.
Autoloading
-----------
This package registers itself as a Composer plugin to generate a
`vendor/autoload_runtime.php` file. This file shall be required instead of the
usual `vendor/autoload.php` in front-controllers that leverage this component
and return a callable.
Before requiring the `vendor/autoload_runtime.php` file, set the
`$_SERVER['APP_RUNTIME']` variable to a class that implements `RuntimeInterface`
and that should be used to run the returned callable.
Alternatively, the class of the runtime can be defined in the `extra.runtime.class`
entry of the `composer.json` file.
A `SymfonyRuntime` is used by default. It knows the conventions to run
Symfony and native PHP applications.
Examples
--------
This `public/index.php` is a "Hello World" that handles a "name" query parameter:
```php
<?php
require_once dirname(__DIR__).'/vendor/autoload_runtime.php';
return function (array $request, array $context): void {
// $request holds keys "query", "body", "files" and "session",
// which map to $_GET, $_POST, $_FILES and &$_SESSION respectively
// $context maps to $_SERVER
$name = $request['query']['name'] ?? 'World';
$time = $context['REQUEST_TIME'];
echo sprintf('Hello %s, the current Unix timestamp is %s.', $name, $time);
};
```
This `bin/console.php` is a single-command "Hello World" application
(run `composer require symfony/console` before launching it):
```php
<?php
use Symfony\Component\Console\Command\Command;
use Symfony\Component\Console\Input\InputInterface;
use Symfony\Component\Console\Output\OutputInterface;
require_once dirname(__DIR__).'/vendor/autoload_runtime.php';
return function (Command $command) {
$command->addArgument('name', null, 'Who should I greet?', 'World');
return $command->setCode(function (InputInterface $input, OutputInterface $output) {
$name = $input->getArgument('name');
$output->writeln(sprintf('Hello <comment>%s</>', $name));
});
};
```
The `SymfonyRuntime` can resolve and handle many types related to the
`symfony/http-foundation` and `symfony/console` components.
Check its source code for more information.
Commits
-------
61b32ab2a3 [Runtime] a new component to decouple applications from global state
This PR was merged into the 5.3-dev branch.
Discussion
----------
Don't use sprintf in trigger_deprecation() calls
| Q | A
| ------------- | ---
| Branch? | 5.x
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | -
Old habits die hard :)
Commits
-------
9ba8f0567d Don't use sprintf in trigger_deprecation() calls
`ConstraintViolation#getMessageTemplate()`'s inherited signature states that `string` is
to be returned by it at all times, yet the implementation returns `null` when no message
template had been provided at instantiation.
This patch obviates it, returning an empty string when the
message template is `null`.
Ref: https://github.com/symfony/symfony/pull/40415#issuecomment-792839512
This PR was squashed before being merged into the 5.3-dev branch.
Discussion
----------
[DependencyInjection] Add support an integer return for default_index_method
| Q | A
| ------------- | ---
| Branch? | 5.x for features
| Bug fix? | no
| New feature? | yes
| Deprecations? | no
| Tickets | #40319
| License | MIT
| Doc PR | TODO
Commits
-------
f0922c70d6 [DependencyInjection] Add support an integer return for default_index_method
This PR was merged into the 4.4 branch.
Discussion
----------
[Form] clear unchecked choice radio boxes even if clear missing is set to false
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | Fix#16802
| License | MIT
| Doc PR |
Commits
-------
e7b4851ea0 clear unchecked choice radio boxes even if clear missing is set to false
This PR was merged into the 5.3-dev branch.
Discussion
----------
[PropertyAccess] use bitwise flags to configure when the property accessor should throw
| Q | A
| ------------- | ---
| Branch? | 5.x
| Bug fix? | no
| New feature? | no
| Deprecations? | yes
| Tickets | Fix#31126
| License | MIT
| Doc PR |
Commits
-------
a50cfcb49d use bitwise flags to configure when the property accessor should throw
This PR was merged into the 5.3-dev branch.
Discussion
----------
[Cache] boost perf by wrapping keys validity checks with `assert()`
| Q | A
| ------------- | ---
| Branch? | 5.x
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | -
PSR-6 has one perf hog: checking the validity of keys.
But in practice, an invalid key should never happen in production: encoding/cleanup is a must-have, and it's a step that should be identified *during dev*.
That's why I think we're safe wrapping these checks with `assert()`.
On an `ArrayAdapter`, this doubles the throughput of the pool when getting items.
I didn't use `assert()` in constructors when not on the hot path.
This PR also makes some callable properties static, as they should be from the beginning.
Commits
-------
8f03a1f555 [Cache] boost perf by wrapping keys validity checks with `assert()`
Motivations for this change:
* Avoid an unneded preg call, explode+implode is faster
* The previous regex created to suboptimal expressions,
due to the pipe that caused empty to be matched.
That means an input like `foo:bar`
was translated into `foo[^:]*[^:]*:bar[^:]*[^:]*`
instead of simply `foo[^:]*:bar[^:]*`
`ConstraintViolation#getPropertyPath()`'s inherited signature states that `string` is
to be returned by it at all times, yet the implementation returns `null` when no property
path had been provided at instantiation.
This patch obviates it, returning an empty string when the
property path is `null`.
* 5.2:
[WebLink] Removed unused property
Fix method name compare in ResolveControllerNameSubscriber
add uz security validator and form validator file
uzb translation
* 4.4:
[WebLink] Removed unused property
Fix method name compare in ResolveControllerNameSubscriber
add uz security validator and form validator file
uzb translation
This PR was merged into the 5.3-dev branch.
Discussion
----------
[Security] Decouple passwords from UserInterface
| Q | A
| ------------- | ---
| Branch? | 5.x
| Bug fix? | no
| New feature? | yes
| Deprecations? | yes
| Tickets | #23081, helps with #39308
| License | MIT
| Doc PR | todo
This PR addresses a long-standing issue of the Security component: UserInterface is coupled to passwords.
It does it by moving the `getPassword()` method from `UserInterface` to a `PasswordAuthenticatedUserInterface`, and the `getSalt()` method to a `LegacyPasswordAuthenticatedUserInterface`.
Steps:
- In 5.3, we add the new interface and, at places where password-based authentication happens, trigger deprecation notices when a `UserInterface` object does not implement the new interface(s). The UserInterface is kept as-is until 6.0.
- In 6.0, we can remove the methods from `UserInterface` as well as support for using password authentication with user objects not implementing the new interface(s).
As a side-effect, some password-related interfaces (`UserPasswordHasherInterface` and `PasswordUpgraderInterface`) must change their signatures to type-hint against the new interface.
That is done in a BC way, which is to make the concerned methods virtual until 6.0, with deprecation notices triggered from callers and concrete implementations.
Benefits:
In 6.0, applications that use password-less authentication (e.g. login links) won't need to write no-op `getPassword()` and `getSalt()` in order to fulfil the `UserInterface` contract.
For applications that do use password-based authentication, they will need to opt-in explicitly by implementing the relevant interface(s).
This build on great discussions with @wouterj and @nicolas-grekas, and it is part of the overall rework of the Security component.
Commits
-------
2764225a38 [Security] Decouple passwords from UserInterface
This PR was squashed before being merged into the 5.3-dev branch.
Discussion
----------
[Notifier] [OvhCloud] Add "sender"
| Q | A
| ------------- | ---
| Branch? | 5.x
| Bug fix? | no
| New feature? | yes
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | symfony/symfony-docs#... <!-- required for new features --> (I'm waiting to see if the feature is accepted )
Add "sender" option to the DSN that allows configuring the sender of the message.
OVHCloud manages two cases for sending sms according to the [doc](https://docs.ovh.com/fr/sms/envoyer_des_sms_avec_lapi_ovh_en_php/):
> The senderForResponse parameter will allow the use of a short number, which allows you to send SMS directly without having to create an alphanumeric sender (for example: your name).
> Short numbers also allow you to receive responses from the recipients of your SMS, which can be useful for a satisfaction survey, a voting application, a game, etc.
![CleanShot 2021-03-05 at 13 26 33](https://user-images.githubusercontent.com/523981/110115554-84c5af80-7db6-11eb-815d-7e8bafa81e5d.png)
This PR introduces the management of these 2 cases with a new option `sender`:
* if `sender` is set, we use it
* if `sender` is not set, we use `senderForResponse` to get a short number (current behavior)
I took the logic implementedin the old official SDK : 52d279e112/src/Message.php (L161)
Commits
-------
c5a9b252ab [Notifier] [OvhCloud] Add "sender"
This PR was merged into the 5.3-dev branch.
Discussion
----------
[DependencyInjection] Implement psr/container 1.1
| Q | A
| ------------- | ---
| Branch? | 5.x
| Bug fix? | no
| New feature? | yes
| Deprecations? | no
| Tickets | N/A
| License | MIT
| Doc PR | N/A
The `psr/container` interfaces have been updated with type declarations. The lack of those is what kept us from adding property type declarations to the `get()` and `has()` methods of our own `ContainerInterface`.
A small BC break is that we have never prevented calling code from passing `null` as the service ID. Even without strict types, this will cause a `TypeError` after my changes. I already had to update `AutowirePass` because of that.
On the other hand, it was neither documented that we allow `null` here nor did the container do anything useful (`has(null)` always resulted in `false` and `get(null)` always returned `null`).
Commits
-------
d9095aa892 [DependencyInjection] Implement psr/container 1.1
* 5.2:
Backport psr/container 1.1/2.0 compatibility
Update notifier_transports.php
Dont lock tables or start transactions
Bump Symfony version to 5.2.5
Update VERSION for 5.2.4
Update CHANGELOG for 5.2.4
Bump Symfony version to 4.4.21
Update VERSION for 4.4.20
Update CONTRIBUTORS for 4.4.20
Update CHANGELOG for 4.4.20
* 4.4:
Backport psr/container 1.1/2.0 compatibility
Bump Symfony version to 4.4.21
Update VERSION for 4.4.20
Update CONTRIBUTORS for 4.4.20
Update CHANGELOG for 4.4.20
This PR was merged into the 5.3-dev branch.
Discussion
----------
[Security] Re-add accidentally removed property declarations
| Q | A
| ------------- | ---
| Branch? | 5.x
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | -
spotted while playing with psalm locally, mistake made in #39802
Commits
-------
bccf736b99 [Security] Readd accidentally removed property declarations
This PR was squashed before being merged into the 5.2 branch.
Discussion
----------
[Messenger] Doctrine setup with migrations
| Q | A
| ------------- | ---
| Branch? | 5.2
| Bug fix? | yes
| New feature? |
| Deprecations? | no
| Tickets | Fix#40130
| License | MIT
| Doc PR |
This PR reverts parts of #40055.
When running these commands, You do need to be in a transaction:
- `doctrine:schema:create`
- `messenger:setup-transports`
- `doctrine:migrations:diff` and `doctrine:migrations:migrate`
Commits
-------
3371e1cf39 [Messenger] Doctrine setup with migrations