* 2.3:
enforce memcached version to be 2.1.0
[FrameworkBundle] improve server:run feedback
[Form] no need to add the url listener when it does not do anything
[Form] Fix#11694 - Enforce options value type check in some form types
Lithuanian security translations
[Router] Cleanup
[FrameworkBundle] Fixed ide links
Add missing argument
[TwigBundle] do not pass a template reference to twig
[TwigBundle] show correct fallback exception template in debug mode
[TwigBundle] remove unused email placeholder from error page
use meta charset in layouts without legacy http-equiv
Conflicts:
src/Symfony/Bundle/TwigBundle/Loader/FilesystemLoader.php
src/Symfony/Bundle/TwigBundle/Resources/views/layout.html.twig
This PR was merged into the 2.3 branch.
Discussion
----------
[Form] no need to add the url listener when it does not do anything
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
In line with #11696
Commits
-------
7aea1c9 [Form] no need to add the url listener when it does not do anything
This PR was merged into the 2.3 branch.
Discussion
----------
use meta charset in layouts without legacy http-equiv
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
`<meta charset="UTF-8" />` is now the recommended approach
Commits
-------
96e7b01 use meta charset in layouts without legacy http-equiv
`array_map()` raises a warning when an exception is thrown inside the
callback (see https://bugs.php.net/bug.php?id=55416). To avoid these
warnings, `selectorToXPath()` is applied inside the loop.
[HttpFoundation] fixed the docs so that it gives some explanation about how you are vulnerable to CSRF when you enable the httpMethodeParameterOverride
Commands cannot have a double colon in their name (for example, a
command can't be named `foo::bar`). However, one might try to
retrieve a `foo::bar` command from the application like this:
```php
$command = $application->find('foo::bar');
```
The `findAlternatives()` method of the `Application` class fails to
handle these strings when there are commands registered with a name
consisting of at least three parts (e.g. a command is named
`foo:bar:baz`). In this case, an empty string is passed to `strpos()`
causing PHP to raise a warning.
* 2.3:
[Doc] Use Markdown syntax highlighting
[Finder] tweaked docs
[Finder] Add info about possibilities offered by SplFileInfo
fix components tests
[Intl] FIxed failing test
[Intl] Generated the data for ICU version 54-rc
[EventDispatcher] fix doc bloc on EventDispatcherInterface
[Validator] Update validators.zh_CN.xlf, fix translation error
bumped Symfony version to 2.3.21
updated VERSION for 2.3.20
update CONTRIBUTORS for 2.3.20
updated CHANGELOG for 2.3.20
[Intl] Integrated ICU data into Intl component
Conflicts:
src/Symfony/Component/HttpKernel/Kernel.php
src/Symfony/Component/Intl/ResourceBundle/LocaleBundle.php
This PR was merged into the 2.3 branch.
Discussion
----------
fix components tests
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
Since #12006, the `ContainerBuilder` contains the `addExpressionLanguageProvider()` method which references a class from the ExpressionLanguage component. By default, the PHPUnit mock API tries to mock all methods of the class being doubled. Since the ExpressionLanguage component is not required to run the tests, creating the mock objects fails when the mock API fails to mock the `addExpressionLanguageProvider()` method.
Commits
-------
2f2a732 fix components tests
Since #12006, the `ContainerBuilder` contains the
`addExpressionLanguageProvider()` method which references a class from
the ExpressionLanguage component. By default, the PHPUnit mock API
tries to mock all methods of the class being doubled. Since the
ExpressionLanguage component is not required to run the tests,
creating the mock objects fails when the mock API fails to mock
the `addExpressionLanguageProvider()` method.
This PR was merged into the 2.3 branch.
Discussion
----------
[Intl] Integrated ICU data into Intl component #1
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #11447, #10807
| License | MIT
| Doc PR | -
This PR is an alternative implementation to #11884. It depends on ~~#11906~~ and ~~#11907~~ being merged first (~~these are included in the diff until after a merge+rebase~~ merged+rebased now).
With this PR, the ICU component becomes obsolete. The ICU data is bundled with Intl in two different formats: JSON and the binary ICU resource bundle format (version 2) readable by PHP's `\ResourceBundle` class. For a performance comparison between the two, see my [benchmark](/webmozart/json-res-benchmark).
~~The data is contained in two zip files: json.zip (2.6MB) and rb-v2.zip (3.8MB). The handler~~
```php
\Symfony\Component\Intl\Composer\ScriptHandler::decompressData()
```
~~needs to be added as Composer hook and decompresses the data after install/update.~~
The data is included as text/binary now. Git takes care of the compression.
Before this PR can be merged, I would like to find out what the performance difference between the two formats is in real applications. For that, I need benchmarks from some real-life applications which use ICU data - e.g. in forms (language drop-downs, country selectors etc.) - for both the JSON and the binary data. You can force either format to be used by hard-coding the return value of `Intl::detectDataFormat()` to `Intl::JSON` and `Intl::RB_V2` respectively. I'll also try to create some more realistic benchmarks.
If JSON is not significantly slower/takes up significantly more memory than the binary format, we can drop the binary format altogether.
Commits
-------
be819c1 [Intl] Integrated ICU data into Intl component
* 2.4:
[Debug] fixed class lookup when using PSR-0 with a target dir
fixed standalone tests
fixed standalone tests
[Validator] fixed component standalone tests
fixed standalone component tests depending on Validator and Form
fixed some composer.json to make standalone component tests pass
[SecurityBundle] fixed tests when used in standalone
Conflicts:
src/Symfony/Component/HttpKernel/Tests/Bundle/BundleTest.php
src/Symfony/Component/Validator/composer.json
* 2.4:
Make Doctrine's dependency injection test less fragile.
[Finder] [Iterator] Make the tests less fragile
[Form][DateTime] Propagate invalid_message & invalid_message parameters to date & time sub widgets
Fix expression language in the container when using the "container" variable
* 2.3:
Make Doctrine's dependency injection test less fragile.
[Finder] [Iterator] Make the tests less fragile
[Form][DateTime] Propagate invalid_message & invalid_message parameters to date & time sub widgets
This PR was merged into the 2.5 branch.
Discussion
----------
[Validator] Added ConstraintValidator::buildViolation() helper for BC with the 2.4 API
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
This PR adds a `buildViolation()` helper method to the base `ConstraintValidator` to remove the API checks (2.4 vs. 2.5) from the constraint validator implementations. Once the 2.4 API is removed, this helper method will be removed as well.
**Todos**
- [x] Backport changes from #12021
Commits
-------
6b0c24a [Validator] Added ConstraintValidator::buildViolation() helper for BC with 2.4 API
This PR was merged into the 2.5 branch.
Discussion
----------
[Validator] Fixed LegacyValidator when only a constraint is validated
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
The 2.5-BC API is currently broken for the following use case:
```php
$validator->validate($value, $constraint);
```
This is fixed now.
Commits
-------
1d48206 [Validator] Fixed LegacyValidator when only a constraint is validated
This PR was squashed before being merged into the 2.4 branch (closes#12030).
Discussion
----------
Fix expression language in the container when using the "container" variable
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #11995
| License | MIT
| Doc PR | n/a
See #11995 for the description of the problem.
Commits
-------
2b2f0df Fix expression language in the container when using the "container" variable
* 2.4:
[Form] Removed constructor argument from FormTypeHttpFoundationExtension for forward compatibility with 2.5
[Validator] Simplified testing of violations
remove obsolete test file
[FrameworkBundle] output failed matched path for clarification
bug #10242 Missing checkPreAuth from RememberMeAuthenticationProvider
[Validator] Fixed StaticMethodLoaderTest to actually test something
[Form] Fixed ValidatorTypeGuesser to guess properties without constraints not to be required
Use request format from request in twig ExceptionController
fixed bug
added the possibility to return null from SimplePreAuthenticationListener
[Form] Moved POST_MAX_SIZE validation from FormValidator to request handler
[Form] Add a form error if post_max_size has been reached.
Response::isNotModified returns true when If-Modified-Since is later than Last-Modified
[WebProfilerBundle] turbolinks compatibility
Conflicts:
src/Symfony/Component/Form/Extension/Core/Type/FormType.php
src/Symfony/Component/Form/Extension/Validator/Constraints/FormValidator.php
src/Symfony/Component/Form/Extension/Validator/Util/ServerParams.php
src/Symfony/Component/Security/Core/Tests/Authentication/Provider/RememberMeAuthenticationProviderTest.php
src/Symfony/Component/Validator/Tests/Constraints/AbstractConstraintValidatorTest.php
* 2.3:
[Form] Removed constructor argument from FormTypeHttpFoundationExtension for forward compatibility with 2.5
[Validator] Simplified testing of violations
This PR was merged into the 2.3 branch.
Discussion
----------
[Validator] Simplified testing of violations
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
I simplified the assertion of violations in preparation of a replacement PR for #7276.
Commits
-------
8e5537b [Validator] Simplified testing of violations
* 2.3:
remove obsolete test file
[FrameworkBundle] output failed matched path for clarification
bug #10242 Missing checkPreAuth from RememberMeAuthenticationProvider
[Validator] Fixed StaticMethodLoaderTest to actually test something
[Form] Fixed ValidatorTypeGuesser to guess properties without constraints not to be required
Use request format from request in twig ExceptionController
[Form] Moved POST_MAX_SIZE validation from FormValidator to request handler
[Form] Add a form error if post_max_size has been reached.
Response::isNotModified returns true when If-Modified-Since is later than Last-Modified
[WebProfilerBundle] turbolinks compatibility
Conflicts:
src/Symfony/Component/Form/CHANGELOG.md
src/Symfony/Component/HttpFoundation/Tests/ResponseTest.php
src/Symfony/Component/Security/Core/Tests/Authentication/Provider/RememberMeAuthenticationProviderTest.php
This PR was merged into the 2.3 branch.
Discussion
----------
[Validator] Fixed StaticMethodLoaderTest to actually test something
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
This test is not testing anything, except for whether PHP throws a strict standards error when invalid code is loaded.
I disabled error reporting for this test, so that the actual functionality (ignoring static+abstract functions) is tested.
Commits
-------
1b1303a [Validator] Fixed StaticMethodLoaderTest to actually test something
This PR was merged into the 2.3 branch.
Discussion
----------
[Form] Fixed ValidatorTypeGuesser to guess properties without constraints not to be required
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #6645
| License | MIT
| Doc PR | -
Consider the following entity:
```php
class Author
{
/**
* @Assert\NotBlank
*/
private $name;
private $age;
}
```
Right now, the "required" HTML attribute is set for both fields (since the default value of the "required" option is true). IMO this is wrong.
With this fix, the ValidatorTypeGuesser guesses `false` for the "required" option unless a NotNull/NotBlank constraint is present.
Commits
-------
fd77b09 [Form] Fixed ValidatorTypeGuesser to guess properties without constraints not to be required
This PR was merged into the 2.3 branch.
Discussion
----------
[Form] Moved POST_MAX_SIZE validation from FormValidator to request handler
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #11729, #11877
| License | MIT
| Doc PR | -
Commits
-------
759ae1a [Form] Moved POST_MAX_SIZE validation from FormValidator to request handler
4780210 [Form] Add a form error if post_max_size has been reached.
* 2.4:
typo fixed in AbstractProcessTest (getoutput() => getOutput())
Avoid question mark and asterisk in folder names to prevent windows filesystem issues.
[Translation] [Config] Clear libxml errors after parsing XML file
* 2.3:
typo fixed in AbstractProcessTest (getoutput() => getOutput())
Avoid question mark and asterisk in folder names to prevent windows filesystem issues.
[Translation] [Config] Clear libxml errors after parsing XML file
Conflicts:
src/Symfony/Component/Config/Util/XmlUtils.php
This PR was merged into the 2.3 branch.
Discussion
----------
[Finder][Urgent] Remove asterisk and question mark from folder name in test to prevent windows file system issues.
Bugfix: Yes
Fixed tickets: #11984 , #11985
Related tickets: #11970
Commit #11970 prevented Symphony from being checked out via windows due to invalid characters in a folder name within the tests.
The issue was reported in #11984 and was attempted to be fixed in #11985 but wasn't due to still including the question mark.
Please accept this ASAP as it entirely breaks any composer that relies on it.
Commits
-------
5fbb278 Avoid question mark and asterisk in folder names to prevent windows filesystem issues.
This PR was merged into the 2.3 branch.
Discussion
----------
[Translation] [Config] Clear libxml errors after parsing xliff file
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
If libxml_use_internal_errors is set to `true` before parsing xliff file, the libxml errors are not cleared correctly. An error `Validation failed: no DTD found !` occurs in libxml errors after parsing and it's available outside the xliff parser (can break other functionality that use `libxml_get_errors` function).
Commits
-------
fab61ef [Translation] [Config] Clear libxml errors after parsing XML file
A previous commit introduced a folder with a question mark and an asterisk which are invalid NTFS folder name characters and prevented checkout on those systems.
* 2.4:
[2.3] Add missing development dependencies
Fix @return docs on HttpCache::restoreResponseBody()
[Finder] Escape location for regex searches
Make sure HttpCache is a trusted proxy
* 2.3:
[2.3] Add missing development dependencies
Fix @return docs on HttpCache::restoreResponseBody()
[Finder] Escape location for regex searches
Make sure HttpCache is a trusted proxy
Conflicts:
src/Symfony/Bridge/Doctrine/composer.json
src/Symfony/Bundle/FrameworkBundle/composer.json
src/Symfony/Bundle/SecurityBundle/composer.json
src/Symfony/Component/Form/composer.json
This PR was squashed before being merged into the 2.3 branch (closes#11340).
Discussion
----------
[2.3] Add missing development dependencies
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
I've also added a run of the test suite in every component scope.
Commits
-------
3b02af9 [2.3] Add missing development dependencies
This PR was merged into the 2.3 branch.
Discussion
----------
[HttpKernel] Make sure HttpCache is a trusted proxy
| Q | A
| ------------- | ---
| Bug fix? | yes (of sorts)
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #9292
| License | MIT
| Doc PR | https://github.com/symfony/symfony-docs/pull/4239Fixes#9292 by adding `127.0.0.1` as a trusted proxy when using `HttpCache` (assuming it hasn't been already).
Commits
-------
ca65362 Make sure HttpCache is a trusted proxy
This PR was squashed before being merged into the 2.3 branch (closes#11970).
Discussion
----------
[Finder] Escape location for regex searches
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
If the location to start searching in contains a regex special char
like + or ? and the path restriction is a regular expresion with a start
limitation. No results will be found wtih at least GnuFindAdapter - e.g.:
```
use Symfony\Component\Finder\Finder;
use Symfony\Component\Finder\Adapter;
mkdir('/tmp/reg+ex/dir/subdir', 0777, true);
$finder = Finder::create()
->removeAdapters()
->addAdapter(new Adapter\GnuFindAdapter());
$finder->in('/tmp/reg+ex')->path('/^dir/');
print count($finder)."\n";
```
Expected result: 2
Actual result is: 0
This pull request consists of:
* a new test checking for this bug (0e81086a49425d0e12cff4f479fabeb97e9ed757)
* the actual fix (6595b6b2b71afc57ef08686b4584713c0e4e48ed)
* changes to comply with the coding standard (7f199c5b53b3c1f38b36dcc286d3b20ae877425b)
## How to reproduce
### Fastest way
1. Move or copy your local symfony clone into a location containing special regex chars:
* `mv symfony symfony+regex`
2. Run tests in there
* `cd symfony+regex && phpunit`
> Result: Some tests in the finder component will fail.
### Alternative: A new clone
1. Clone symfony in a directory containing at least one regex special char
* `git clone https://github.com/symfony/symfony.git /tmp/symfony+regexchar`
2. As usual get composer, install dependencies and get phpunit
* You might simply want to follow [this guide](http://symfony.com/doc/current/contributing/code/tests.html)
3. Run tests in there
* `cd /tmp/symfony+regexchar && phpunit`
> Result: Some tests in the finder component will fail.
### Alternative: Apply the new test
1. Apply commit a29d1207ced2949c918357cf271200523960caef to your symfony clone
2. Run tests
> Result: The new test will fail.
Commits
-------
b63926b [Finder] Escape location for regex searches
This PR was merged into the 2.3 branch.
Discussion
----------
[HttpFoundation] fixed some volatile tests
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | see #11588
| License | MIT
| Doc PR | n/a
Commits
-------
00c1b75 [Process] fixed some volatile tests
974bf01 [HttpKernel] fixed a volatile test
6020c43 [HttpFoundation] fixed some volatile tests
* 2.4: (39 commits)
[Form] Fix PHPDoc for builder setData methods The underlying data variable is typed as mixed whereas the methods paramers where typed as array.
fixed CS
[Intl] Improved bundle reader implementations
[Console] guarded against invalid aliases
switch before_script to before_install and script to install
fixed typo
[HttpFoundation] Request - URI - comment improvements
[Validator] The ratio of the ImageValidator is rounded to two decimals now
[Security] Added more tests
remove `service` parameter type from XSD
[Intl] Added exception handler to command line scripts
[Intl] Fixed a few bugs in TextBundleWriter
[Intl] Updated icu.ini up to ICU 53
[Intl] Removed non-working $fallback argument from ArrayAccessibleResourceBundle
Use separated function to resolve command and related arguments
[SwiftmailerBridge] Bump allowed versions of swiftmailer
[FrameworkBundle] Remove invalid markup
[Intl] Added "internal" tag to all classes under Symfony\Component\Intl\ResourceBundle
Remove routes for removed WebProfiler actions
[Security] Fix usage of unexistent method in DoctrineAclCache.
...
Conflicts:
.travis.yml
src/Symfony/Bundle/FrameworkBundle/Command/ServerRunCommand.php
src/Symfony/Component/HttpKernel/Kernel.php
src/Symfony/Component/Process/PhpExecutableFinder.php
* 2.3: (35 commits)
[Form] Fix PHPDoc for builder setData methods The underlying data variable is typed as mixed whereas the methods paramers where typed as array.
fixed CS
[Intl] Improved bundle reader implementations
[Console] guarded against invalid aliases
switch before_script to before_install and script to install
fixed typo
[HttpFoundation] Request - URI - comment improvements
[Security] Added more tests
remove `service` parameter type from XSD
[Intl] Added exception handler to command line scripts
[Intl] Fixed a few bugs in TextBundleWriter
[Intl] Updated icu.ini up to ICU 53
[Intl] Removed non-working $fallback argument from ArrayAccessibleResourceBundle
Use separated function to resolve command and related arguments
[SwiftmailerBridge] Bump allowed versions of swiftmailer
[FrameworkBundle] Remove invalid markup
[Intl] Added "internal" tag to all classes under Symfony\Component\Intl\ResourceBundle
Remove routes for removed WebProfiler actions
[Security] Fix usage of unexistent method in DoctrineAclCache.
backport more error information from 2.6 to 2.3
...
Conflicts:
.travis.yml
src/Symfony/Component/DependencyInjection/Loader/YamlFileLoader.php
src/Symfony/Component/DependencyInjection/Tests/Loader/XmlFileLoaderTest.php
src/Symfony/Component/HttpKernel/Kernel.php
src/Symfony/Component/Process/PhpExecutableFinder.php
This PR was merged into the 2.3 branch.
Discussion
----------
[Security] Uniform AccessDecisionManager decide behaviour
| Q | A
| --------------------|---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #10170
| License | MIT
| Doc PR | none
This PR uniforms the way the 3 decision policies (affirmative, consensus, unanimous) are handled in the Security\Core\Authoritzation\AccessDecisionManager.php
See #10170
Commits
-------
938ae4b [Security] Added more tests
This PR was merged into the 2.3 branch.
Discussion
----------
[Translation] made XliffFileDumper support CDATA sections.
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | maybe
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #11256
| License | MIT
Commits
-------
9926845 [Translation] made XliffFileDumper support CDATA sections.
This PR was merged into the 2.3 branch.
Discussion
----------
[Intl] Improved bundle reader implementations
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
This PR extracts bundle reader improvements from #9206.
The code is internal and used for resource bundle generation only, so I did not care about BC too much.
Commits
-------
c3cce5c [Intl] Improved bundle reader implementations
This PR was merged into the 2.3 branch.
Discussion
----------
[YAML] fix handling of empty sequence items
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #11798
| License | MIT
| Doc PR |
When a line contains only a dash it cannot safely be assumed that it contains a nested list or an embedded mapping. If the next line starts with a dash at the same indentation, the current line's item is to be treated as `null`.
Commits
-------
fc85435 fix handling of empty sequence items
This PR was merged into the 2.3 branch.
Discussion
----------
[Intl] Fixed a few bugs in TextBundleWriter
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
See the included test cases for more information. This code was extracted from #9206.
Commits
-------
7b4a35a [Intl] Fixed a few bugs in TextBundleWriter
This PR was merged into the 2.3 branch.
Discussion
----------
[Form][Validator] All index items after children are to be considered grand-children when resolving ViolationPath
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | unsure, see note below
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #11458
| License | MIT
| Doc PR | -
#### Possible BC Break
The old behavior had unit test cases specifically testing the case of a grand-children form. However, this behavior is not documented anywhere and the fix seems to have no adverse effects on form validation. `Symfony\Component\Form\FormInterface` implements `ArrayAccess`, therefore, semantically speaking, `children[direct_child].children[grand_children]` and `children[direct_child][grand_children]` are equivalent. `offsetGet` is expected to fetch an element from `children`. I do not see why both were not considered equivalent when resolving the ViolationPath.
This commit will indeed change how some errors are mapped. However since the old mapping is (in my opinion) a bug...
Commits
-------
c64a75f [Form][Validator] All index items after children are to be considered grand-children when resolving ViolationPath (fixes#11458)
This PR was merged into the 2.3 branch.
Discussion
----------
[Form] FormBuilder::getIterator() now deals with resolved children
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
I think FormBuilder::getIterator() should resolve children before makes an iterator because it seems to be used in same purpose with FormBuilder::all().
What do you think?
Commits
-------
0deb505 [Form] FormBuilder::getIterator() now deals with resolved children
This PR was merged into the 2.3 branch.
Discussion
----------
[DependencyInjection] remove `service` parameter type from XSD
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR | symfony/symfony-docs#4222
Referencing a service in a parameter doesn't work and will lead to an error when the configuration is loaded (see symfony/symfony-docs#4211).
Commits
-------
7333c2d remove `service` parameter type from XSD
This PR was merged into the 2.3 branch.
Discussion
----------
[Intl] Updated icu.ini up to ICU 53
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
Extracted from #9206.
Commits
-------
260e2fe [Intl] Updated icu.ini up to ICU 53
This PR was merged into the 2.3 branch.
Discussion
----------
[Intl] Removed non-working $fallback argument from ArrayAccessibleResourceBundle
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
The code in question didn't actually work. This was extracted from #9206.
Commits
-------
5feda5e [Intl] Removed non-working $fallback argument from ArrayAccessibleResourceBundle
This PR was merged into the 2.3 branch.
Discussion
----------
[Security] Use hash_equals for constant-time string comparison (again)
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
Use the `hash_equals` function (introduced in PHP 5.6) for timing attack safe string comparison when available.
Add in the DocBlock that length will leak (https://github.com/symfony/symfony/pull/11797#issuecomment-53990712).
Commits
-------
3071557 [Security] Add more tests for StringUtils::equals
03bd74b [Security] Use hash_equals for constant-time string comparison
This PR was merged into the 2.3 branch.
Discussion
----------
[DI] Added safeguards against invalid config in the YamlFileLoader
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #11333
| License | MIT
| Doc PR | n/a
Exceptions explaining the mistake are better than fatal errors or weird notices appearing when trying to deal with such invalid data.
The XML file loader is not affected by this because the data are validated with the XSD before being processed
Commits
-------
5183501 [DI] Added safeguards against invalid config in the YamlFileLoader
We didn't have this tag yet when this component was first written. The code in that
namespace is only used for resource bundle generation and was never meant for public
use.
This PR was merged into the 2.5 branch.
Discussion
----------
[Process] add missing exceptions to docblock
| Q | A
| ------------- | ---
| Fixed tickets |
| License | MIT
Commits
-------
1be80c6 add missing exceptions to docblock
This PR was merged into the 2.3 branch.
Discussion
----------
[HttpKernel] Escape ESI url in generated response
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR | NA
If a template with an `<esi>` tag is configured with an URL containing a `'` (in `src` or `alt`) ; the HttpCache will generate invalide php code.
It's not a security issue, given the template and the `<esi>` tag is written by the developper, but, as the character quote is allowed in URL (https://tools.ietf.org/html/rfc3986) it coud be a potential bug.
Commits
-------
b044c45 Escape parameter on generated response
This PR was merged into the 2.3 branch.
Discussion
----------
[Yaml] improve error message when detecting unquoted asterisks
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #11835
| License | MIT
| Doc PR |
Asterisks in unquoted strings are used in YAML to reference variables. Before Symfony 2.3.19, Symfony 2.4.9 and Symfony 2.5.4, unquoted asterisks in inlined YAML code were treated as regular strings. This was fixed for the inline parser in #11677. However, an unquoted * character now led to an error message like this:
```
PHP Warning: array_key_exists(): The first argument should be either a string or an integer in vendor/symfony/symfony/src/Symfony/Component/Yaml/Inline.php on line 409
[Symfony\Component\Yaml\Exception\ParseException]
Reference "" does not exist at line 171 (near "- { foo: * }").
```
Commits
-------
854e07b improve error when detecting unquoted asterisks
Asterisks in unquoted strings are used in YAML to reference
variables. Before Symfony 2.3.19, Symfony 2.4.9 and Symfony 2.5.4,
unquoted asterisks in inlined YAML code were treated as regular
strings. This was fixed for the inline parser in #11677. However, an
unquoted * character now led to an error message like this:
```
PHP Warning: array_key_exists(): The first argument should be either a string or an integer in vendor/symfony/symfony/src/Symfony/Component/Yaml/Inline.php on line 409
[Symfony\Component\Yaml\Exception\ParseException]
Reference "" does not exist at line 171 (near "- { foo: * }").
```
* 2.4: (21 commits)
[HttpKernel] fixed some unit tests for 2.4 (signature now uses SHA256 instead of MD5)
[HttpKernel] simplified code
[HttpKernel] fixed internal fragment handling
fixing yaml indentation
[WebProfiler] replaced the import/export feature from the web interface to a CLI tool
Forced all fragment uris to be signed, even for ESI
Add tests and more assertions
[FrameworkBundle][Translator] Validate locales.
[HttpFoundation] added some missing tests
[HttpFoundation] Improve string values in test codes
[Security] Add more tests for StringUtils::equals
fix comment: not fourth but sixth argument
fixing typo in a comment
[FrameworkBundle] fixed CS
[FrameworkBundle] PhpExtractor bugfix and improvements
[Finder] Fix findertest readability
[Filesystem] Add FTP stream wrapper context option to enable overwrite (override)
fix parsing of Authorization header
Test examples from Drupal SA-CORE-2014-003
Fix potential DoS when parsing HOST
...
Conflicts:
src/Symfony/Bundle/FrameworkBundle/Tests/Translation/TranslatorTest.php
src/Symfony/Bundle/FrameworkBundle/Translation/Translator.php
* 2.3:
[HttpKernel] fixed internal fragment handling
fixing yaml indentation
[WebProfiler] replaced the import/export feature from the web interface to a CLI tool
Forced all fragment uris to be signed, even for ESI
Add tests and more assertions
[FrameworkBundle][Translator] Validate locales.
[HttpFoundation] added some missing tests
[HttpFoundation] Improve string values in test codes
fix comment: not fourth but sixth argument
fixing typo in a comment
[FrameworkBundle] fixed CS
[FrameworkBundle] PhpExtractor bugfix and improvements
[Finder] Fix findertest readability
[Filesystem] Add FTP stream wrapper context option to enable overwrite (override)
fix parsing of Authorization header
Test examples from Drupal SA-CORE-2014-003
Fix potential DoS when parsing HOST
Made optimization deprecating modulus operator
Conflicts:
src/Symfony/Bundle/FrameworkBundle/Resources/config/esi.xml
src/Symfony/Component/HttpFoundation/Request.php
src/Symfony/Component/HttpFoundation/Tests/RequestTest.php
src/Symfony/Component/HttpKernel/Fragment/EsiFragmentRenderer.php
This PR was merged into the 2.3 branch.
Discussion
----------
n/a
n/a
Commits
-------
9e1bc22 Add tests and more assertions
101a3b7 [FrameworkBundle][Translator] Validate locales.
This PR was merged into the 2.3 branch.
Discussion
----------
n/a
n/a
Commits
-------
3b4046e [HttpFoundation] added some missing tests
cefe237 fix parsing of Authorization header
This PR was merged into the 2.3 branch.
Discussion
----------
n/a
n/a
Commits
-------
1ee96a8 Test examples from Drupal SA-CORE-2014-003
5506ee8 Fix potential DoS when parsing HOST
This PR was merged into the 2.4 branch.
Discussion
----------
[Security] Add more tests for StringUtils::equals
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
More tests for `StringUtils::equals`.
Commits
-------
a676863 [Security] Add more tests for StringUtils::equals
This PR was merged into the 2.3 branch.
Discussion
----------
[Security] fixing typo in a comment
| Q | A
| ------------- | ---
| Fixed tickets |
| License | MIT
As reported [here](https://github.com/symfony/symfony/pull/11574/files#r16934052).
Commits
-------
faefd66 fixing typo in a comment
This PR was merged into the 2.3 branch.
Discussion
----------
[Security] Made optimization on constant-time algorithm removing modulus operator
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
This fix improves the constant-time algorithm used to compare strings, as it removes the `%` operator inside the loop.
Commits
-------
000bd0d Made optimization deprecating modulus operator
This PR was merged into the 2.5 branch.
Discussion
----------
[Validator] Test that validateProperty() works if no constraint is defined
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes (2.3 has to be merged into 2.5 first)
| Fixed tickets | #11604, #11614
| License | MIT
| Doc PR |
Adds a test case for #11604 to avoid regressions. The actual issue has been fixed in Symfony 2.3 with the merge of #11615.
Commits
-------
a47a884 add test for #11604
* 2.4:
fix typos
[HttpKernel] add use statement for phpdoc
Disabled the PHPUnit self-update on Travis
[ClassLoader] simplified phpdoc
[ClassLoader] Add a __call() method to XcacheClassLoader
fix some minor typos in tests
[Yaml] fixed mapping keys containing a quoted #
Added fixture to test parsing of hash keys ending with a space and #
[Filesystem Component] mkdir race condition fix#11626
[Validator] reverted permissions change on translation files
Fixed Factory services not within the ServiceReferenceGraph.
[CssSelector] Fix URL to SimonSapin/cssselect repo
[Validator] Fixed wrong translation keys/messages for Collection constraint. The error messages for a missing field and an unexpected field did not match the Contraint class
[YAML] resolve variables in inlined YAML
Disallow abstract definitions from doctrine event listener registration
Conflicts:
src/Symfony/Component/Process/Tests/SigchildDisabledProcessTest.php
src/Symfony/Component/Yaml/Inline.php
* 2.3:
[HttpKernel] add use statement for phpdoc
Disabled the PHPUnit self-update on Travis
[ClassLoader] simplified phpdoc
[ClassLoader] Add a __call() method to XcacheClassLoader
fix some minor typos in tests
[Yaml] fixed mapping keys containing a quoted #
Added fixture to test parsing of hash keys ending with a space and #
[Filesystem Component] mkdir race condition fix#11626
[Validator] reverted permissions change on translation files
Fixed Factory services not within the ServiceReferenceGraph.
[CssSelector] Fix URL to SimonSapin/cssselect repo
[Validator] Fixed wrong translation keys/messages for Collection constraint. The error messages for a missing field and an unexpected field did not match the Contraint class
[YAML] resolve variables in inlined YAML
Disallow abstract definitions from doctrine event listener registration
Conflicts:
src/Symfony/Bridge/Doctrine/DependencyInjection/CompilerPass/RegisterEventListenersAndSubscribersPass.php
src/Symfony/Bridge/Doctrine/Tests/DependencyInjection/CompilerPass/RegisterEventListenersAndSubscribersPassTest.php
src/Symfony/Bundle/FrameworkBundle/EventListener/SessionListener.php
src/Symfony/Component/Filesystem/Filesystem.php
This PR was merged into the 2.5 branch.
Discussion
----------
[Process] fix mustRun() in sigchild environments
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
When being run in sigchild environments, the sigchild compatibility mode needs to be enabled to be able to call `getExitCode()`. Since `mustRun()` uses `getExitCode()` to determine whether or not a process terminated successfully, it cannot be used in sigchild environments when the sigchild compatibility mode is disabled.
Commits
-------
b764f6c fix mustRun() in sigchild environments
When a line contains only a dash it cannot safely be assumed that
it contains a nested list or an embedded mapping. If the next line
starts with a dash at the same indentation, the current line's item
is to be treated as `null`.
This PR was merged into the 2.3 branch.
Discussion
----------
[Yaml] fixed mapping keys containing a quoted #
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #11700, #11723
| License | MIT
| Doc PR | n/a
Commits
-------
110f999 [Yaml] fixed mapping keys containing a quoted #
8ba3b28 Added fixture to test parsing of hash keys ending with a space and #
This PR was squashed before being merged into the 2.5 branch (closes#11787).
Discussion
----------
fixed DateComparator if file does not exist
Description:
When a file is deleted after the iterator is created, the accept function throws the following exception: SplFileInfo::getMTime(): stat failed. This is because the function doesn't check first for the existence of the file. In theory, a deletion between existence being checked and getMTime getting called would still result in this error, but the risk area for this race condition is much smaller than the current risk area.
| Q | A
| ------------ | ----
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #11785
| License | MIT
| Doc PR |
Commits
-------
c6e9e06 fixed DateComparator if file does not exist
When being run in sigchild environments, the sigchild compatibility
mode needs to be enabled to be able to call `getExitCode()`. Since
`mustRun()` uses `getExitCode()` to determine whether or not a process
terminated successfully, it cannot be used in sigchild environments
when the sigchild compatibility mode is disabled.
This PR was squashed before being merged into the 2.3 branch (closes#11768).
Discussion
----------
[ClassLoader] Add a __call() method to XcacheClassLoader
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #11733
| License | MIT
| Doc PR |
Commits
-------
dd0d6af [ClassLoader] Add a __call() method to XcacheClassLoader