This PR was merged into the 2.7 branch.
Discussion
----------
[FrameworkBundle] Convert null prefix to an empty string in translation:update
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #20044
| License | MIT
| Doc PR | n/a
This command needs the ability to use an empty string as prefix, which is not possible using `bin/console translation:update --prefix=""` because `$argv` doesn't parse empty strings thus the value is converted to `null` by `ArgvInput` (only since #19946, before the option was not considered to be set, giving the default `'__'` thus this should be fine from a BC pov).
Here I propose to explicitly convert the `prefix` value to an empty string if set to `null`, as it is a very specific need and we can't guess that from `ArgvInput`.
An other way to fix it could be to add a `--no-prefix` option to the command but I don't think it is worth it, and it couldn't be treated as a bug fix thus not fixed before `3.2`.
Commits
-------
f02b687 [FrameworkBundle] Convert null prefix to an empty string in translation:update command
This PR was merged into the 2.7 branch.
Discussion
----------
[Yaml][TwigBridge] Use JSON_UNESCAPED_SLASHES for lint commands output
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
Slashes are escaped when sing the `lint:twig` and `lint:yaml` commands with the `format` option set to `json`, giving such results:
```json
[
{
"file": "yaml\/wrong\/1.yml",
"valid": false,
"message": "Unable to parse at line 1 (near \";:cc`\")."
}
]
```
That's not convenient as file paths may be reused (e.g. copy-pasted).
Results stay fine as error messages are already escaped:
```json
[
{
"file": "yaml/wrong/1.yml",
"valid": false,
"message": "Unable to parse at line 1 (near \";:cc`\")."
}
]
```
Commits
-------
0427594 Use JSON_UNESCAPED_SLASHES for lint commands output
This PR was merged into the 2.7 branch.
Discussion
----------
[FrameworkBundle] Check for class existence before is_subclass_of
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
Same as #19342
Commits
-------
8a9e0f5 [FrameworkBundle] Check for class existence before is_subclass_of
This PR was squashed before being merged into the 2.7 branch (closes#19373).
Discussion
----------
[Form] Skip CSRF validation on form when POST max size is exceeded
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #19140
| License | MIT
| Doc PR | N/A
In #19140 the CSRF validation listener was not aware that the POST max size had exceeded, and was adding a form error message that wasn't relevant to the actual error.
This introduces the `ServerParams` utility class into the `CsrfValidationListener` and checks that the POST max size has not been exceeded. If it has then it won't bother trying to validate the CSRF token.
My main concern with this change is that it opens up an attack vector around tokens, but I've encapsulated the request size validation in a single method in `ServerParams` now so that the request handlers are using the same logic.
Commits
-------
289531f [Form] Skip CSRF validation on form when POST max size is exceeded
This PR was squashed before being merged into the 2.7 branch (closes#19405).
Discussion
----------
Fixed bugs in names of classes and methods.
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | ~
| License | MIT
| Doc PR | ~
It's related to case sensitive.
I changed only calls of names of called methods but not definition of methods because BC.
Commits
-------
c41aa03 Fixed bugs in names of classes and methods.
This PR was squashed before being merged into the 2.7 branch (closes#18688).
Discussion
----------
[HttpFoundation] Warning when request has both Forwarded and X-Forwarded-For
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR | symfony/symfony-docs#6526
Emit a warning when a request has both a trusted Forwarded header and a trusted X-Forwarded-For header, as this is most likely a misconfiguration which causes security issues.
Commits
-------
ee8842f [HttpFoundation] Warning when request has both Forwarded and X-Forwarded-For
* 2.3:
updated VERSION for 2.3.42
update CONTRIBUTORS for 2.3.42
updated CHANGELOG for 2.3.42
Revert "bug #18908 [DependencyInjection] force enabling the external XML entity loaders (xabbuh)"
Partial revert of previous PR
[DependencyInjection] Skip deep reference check for 'service_container'
Catch \Throwable
[Serializer] Add missing @throws annotations
Fix for #18843
force enabling the external XML entity loaders
Removed UTC specification with timestamp
This PR was merged into the 2.7 branch.
Discussion
----------
[FrameworkBundle] Remove misleading comment
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
This is not true for service_container anymore.
Commits
-------
9f2f858 [FrameworkBundle] Remove misleading comment
* 2.3:
Detect CLI color support for Windows 10 build 10586
[EventDispatcher] Try first if the event is Stopped
[FrameworkBundle] fixes grammar in container:debug command manual.
Conflicts:
src/Symfony/Component/EventDispatcher/EventDispatcher.php
src/Symfony/Component/HttpKernel/Debug/TraceableEventDispatcher.php
* 2.3:
[Validator] use correct term for a property in docblock (not "option")
[PropertyAccess] Remove most ref mismatches to improve perf
[Validator] EmailValidator cannot extract hostname if email contains multiple @ symbols
[NumberFormatter] Fix invalid numeric literal on PHP 7
Use XML_ELEMENT_NODE in nodeType check
[PropertyAccess] Reduce overhead of UnexpectedTypeException tracking
[PropertyAccess] Throw an UnexpectedTypeException when the type do not match
[FrameworkBundle] Add tests for the Controller class
Conflicts:
src/Symfony/Bundle/FrameworkBundle/Tests/Controller/ControllerTest.php
src/Symfony/Component/Intl/NumberFormatter/NumberFormatter.php
src/Symfony/Component/PropertyAccess/PropertyAccessor.php
src/Symfony/Component/PropertyAccess/PropertyAccessorInterface.php
src/Symfony/Component/PropertyAccess/PropertyPath.php
src/Symfony/Component/PropertyAccess/Tests/PropertyAccessorTest.php
src/Symfony/Component/Validator/Constraints/EmailValidator.php
* 2.3:
Improved the PHPdoc of FileSystem::copy()
[Validator] Test DNS Email constraints using checkdnsrr() mock
[travis] Run real php subprocesses on hhvm for Process component tests
bug #18161 [Translation] Add support for fuzzy tags in PoFileLoader
[Form] Fix NumberToLocalizedStringTransformer::reverseTransform with big integers
[Form] Fix INT64 cast to float in IntegerType.
[SecurityBundle][PHPDoc] Added method doumentation for SecurityFactoryInterface
FrameworkBundle: Client: getContainer(): fixed phpdoc
[Validator] Updating inaccurate docblock comment
Conflicts:
.travis.yml
src/Symfony/Component/Validator/Tests/Constraints/EmailValidatorTest.php
* 2.3:
[HttpFoundation] Fix transient test
[HttpFoundation] Add a dependency on the mbstring polyfill
add readme files where missing
Don't use reflections when possible
[Form] Update form tests after the ICU data update
[Intl] Update tests and the number formatter to match behaviour of the intl extension
[Intl] Update the ICU data to version 55
[Intl] Fix the update-data.php script in preparation for ICU 5.5
Use constant instead of function call.
fixed test name
automatically generate safe fallback filename
Conflicts:
src/Symfony/Component/Debug/Debug.php
src/Symfony/Component/HttpFoundation/composer.json
src/Symfony/Component/Serializer/Tests/Normalizer/GetSetMethodNormalizerTest.php
This PR was merged into the 2.7 branch.
Discussion
----------
[2.7] Don't use reflection when possible
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
See https://github.com/symfony/symfony/pull/18021
Commits
-------
35be501 Don't use reflections when possible
* 2.3:
Updated all the README files
[TwigBundle] Fix failing test on appveyor
[FrameworkBundle] Fix a regression in handling absolute and namespaced template paths
Allow to normalize \Traversable
Remove _path from query parameters when fragment is a subrequest and request attributes are already set Added tests for _path removal in FragmentListener
Simplified everything
Added a test
Fixed the problem in an easier way
Fixed a syntax issue
Improved the error message when a template is not found
[CodingStandards] Conformed to coding standards
[TwigBundle] fixed Include file locations in "Template could not be found" exception
This PR was merged into the 2.7 branch.
Discussion
----------
[FrameworkBundle] Test that ObjectNormalizer is registered
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
Commits
-------
129b140 [FrameworkBundle] Test that ObjectNormalizer is registered
* 2.3:
#17676 - making the proxy instantiation compatible with ProxyManager 2.x by detecting proxy features
Fix bug when using an private aliased factory service
ChoiceFormField of type "select" could be "disabled"
Update contributing docs
[Console] Fix escaping of trailing backslashes
Fix constraint validator alias being required
[ci] clone with depth=1 to kill push-forced PRs
Add check on If-Range header
This PR was merged into the 2.3 branch.
Discussion
----------
[FrameworkBundle] read commands from bundles when accessing list
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
This allows access to the list of commands registered by the kernel (bundle and later service ids) programmatically when you do not `run` the application.
Commits
-------
0fe3088 register commands from kernel when accessing list
This PR was merged into the 2.7 branch.
Discussion
----------
[Form] Fix choice placeholder edge cases
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
Fixing several problems with choice placeholder that enhances #9030 for more edge cases:
- A choice with an empty value manually added in the choices array should only be considered a placeholder when it is the first element in the final choice select.
This is part of the HTML spec and how browsers also behave. If you select a choice with an empty value that is not the first option, it will still pass the "required" check
and thus submit the empty value. So it's not a placeholder.
If in the example below you move the empty option to the first place, the browsers will error on submit that you
must select a value. So only then it is a placeholder to show as initial value.
```html
<select id="form_timezone" name="form[timezone]" required="required">
<option value="Africa/Abidjan">Abidjan</option>
<option value="">Empty</option>
</select>
```
Also the validator https://validator.w3.org/nu/ will mark the above code as error:
> The first child option element of a select element with a required attribute, and without a multiple attribute, and without a size attribute whose value is greater than 1, must have either an empty value attribute, or must have no text content. Consider either adding a placeholder option label, or adding a size attribute with a value equal to the number of option elements.
This is fixed by replacing`0 !== count($choiceList->getChoicesForValues(array('')))` with `$view->vars['placeholder_in_choices'] = $choiceListView->hasPlaceholder()`.
Which means, the required attribute is removed automatically because the select form element is required implicitly anyway due to the nature of the choice UI.
- As the above quote mentions, the `size` attribute also has impact. Namely for a select with size > 1 it can be possible to have a required attribute even without placeholder.
This is because when the size > 1, there is no default choice selected (similar to select with "multiple").
- A placeholder for required radio buttons or a select with size > 1 does not make sense as it would just be fake data that can be submitted (similar to the ignored placeholder for multi-select and checkboxes).
Commits
-------
0efbc30 [Form] fix edge cases with choice placeholder
* 2.3:
remove unnecessary retrieval and setting of data
avoid (string) catchable fatal error for __PHP_Incomplete_Class instances
sendContent return as parent.
[FrameworkBundle] Fix a typo
* 2.3:
[travis] Add some comments
changed operator from and to &&
Conflicts:
src/Symfony/Bundle/FrameworkBundle/Resources/views/Form/choice_widget_collapsed.html.php
* 2.3:
fix container cache key generation
[Translation] Add resources from fallback locale
[DependencyInjection] enforce tags to have a name
[YAML] Refine the return value of Yaml::parse()
If the actual class name were not taken into, we would not be able to
detect inconsistencies between the different configuration formats (PHP,
YAML, and XML) as the container built based on the first evaluated
configuration format would be cached and reused by tests for the other
formats too.
This PR was merged into the 2.7 branch.
Discussion
----------
[FrameworkBundle] remove default null value for asset version
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
Setting `null` as the version of a package means that it uses the empty
version strategy. However, omitting the `version` option entirely was
meant to fall back to the default version strategy. This is not possible
when the default version value is `null` as there is no way to remove
it.
Commits
-------
25f735f remove default null value for asset version
Setting `null` as the version of a package means that it uses the empty
version strategy. However, omitting the `version` option entirely was
meant to fall back to the default version strategy. This is not possible
when the default version value is `null` as there is no way to remove
it.