This PR was merged into the 3.4 branch.
Discussion
----------
[HttpKernel] fix session tracking in surrogate master requests
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
Spotted while looking at ESI fragments resolved by`HttpCache`: right now when the master request starts the session, fragments are not cacheable anymore, even when they do not use the session.
Commits
-------
146e01cb44 [HttpKernel] fix session tracking in surrogate master requests
This PR was submitted for the master branch but it was squashed and merged into the 2.8 branch instead (closes#27508).
Discussion
----------
[Finder] Update RealIteratorTestCase
| Q | A
| ------------- | ---
| Branch? | 2.8
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #27480
| License | MIT
| Doc PR | n/a
Makes the entire test directory empty instead of trying to delete particular files and directories. The old method failed when trying to remove a directory which was not empty.
Commits
-------
7d0ebd41ab [Finder] Update RealIteratorTestCase
This PR was squashed before being merged into the 3.4 branch (closes#27623).
Discussion
----------
[minor] SCA
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
New findings: language level, greedy regex, array_column usages
Commits
-------
5922507dc5 [minor] SCA
This PR was merged into the 4.1 branch.
Discussion
----------
[HttpFoundation] Ensure RedisSessionHandler::updateTimestamp returns a boolean
| Q | A
| ------------- | ---
| Branch? | 4.1
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| License | MIT
Since v1.1.0 predis doesn't return the result of `EXPIRE` as a boolean, thus breaking `updateTimestamp` implementation.
Maybe it's worth mentioning error messages were useless here:
- Symfony: `User Warning: session_write_close(): Failed to write session data with Symfony\Component\HttpFoundation\Session\Storage\Handler\RedisSessionHandler handler`
- PHP: `session_write_close(): Session callback expects true/false return value`
Commits
-------
079b944077 Ensure updateTimestamp returns a boolean
This PR was submitted for the 3.4 branch but it was merged into the 2.8 branch instead (closes#27630).
Discussion
----------
[Validator][Form] Remove BOM in some xlf files
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? |
| Fixed tickets | #...
| License | MIT
| Doc PR | symfony/symfony-docs#...
I removed first blank space from some xml files
It caused this error during cache:clear
[ERROR 4] Start tag expected, '<' not found (in n/a - line 1, column 1)
Commits
-------
0bc53d66c0 [Validator] Remove BOM in some xlf files
This PR was squashed before being merged into the 3.4 branch (closes#27596).
Discussion
----------
[Framework][Workflow] Added support for interfaces
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| License | MIT
I consider this to be a bugfix in config, because `ClassInstanceSupportStrategy` (`InstanceOfSupportStrategy`) actually works with interfaces. Therefore propose to 3.4.
Commits
-------
6104c28c08 [Framework][Workflow] Added support for interfaces
* 3.4:
[VarDumper] Fix dumping ArrayObject and ArrayIterator instances
[ProxyManagerBridge] Fixed support of private services
[Cache] Fix typo in comment.
Fix bad method call with guard authentication + session migration
This PR was merged into the 3.4 branch.
Discussion
----------
[ProxyManagerBridge] Fixed support of private services
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #...
| License | MIT
| Doc PR |
<!--
Write a short README entry for your feature/bugfix here (replace this comment block.)
This will help people understand your PR and can be used as a start of the Doc PR.
Additionally:
- Bug fixes must be submitted against the lowest branch where they apply
(lowest branches are regularly merged to upper ones so they get the fixes too).
- Features and deprecations must be submitted against the master branch.
-->
Fixed lazy loading of private services, that was broken since Symfony 4.0 release because of renaming
addObjectResource
fa022f05be/src/Symfony/Component/DependencyInjection/CHANGELOG.md (L114)
Commits
-------
198bee0916 [ProxyManagerBridge] Fixed support of private services
This PR was merged into the 2.8 branch.
Discussion
----------
[VarDumper] Fix dumping ArrayObject and ArrayIterator instances
| Q | A
| ------------- | ---
| Branch? | 2.8
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
Properties added on child classes of `ArrayObject` and `ArrayIterator`, or dynamic properties added on instances of them were now properly dumped. This fixes it.
![image](https://user-images.githubusercontent.com/243674/41349429-2660cbc6-6f10-11e8-8015-a3d6ad8b0c9c.png)
Commits
-------
3ecabfc36e [VarDumper] Fix dumping ArrayObject and ArrayIterator instances
This PR was merged into the 4.1 branch.
Discussion
----------
[FrameworkBundle] give access to non-shared services when using test.service_container
| Q | A
| ------------- | ---
| Branch? | 4.1
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #27488
| License | MIT
| Doc PR | -
Commits
-------
516ff5a985 [FrameworkBundle] give access to non-shared services when using test.service_container
This PR was submitted for the master branch but it was merged into the 3.4 branch instead (closes#27598).
Discussion
----------
[Cache] Fix typo in comment.
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
It's just a typo fix.
Commits
-------
39dd9b2f97 [Cache] Fix typo in comment.
This PR was merged into the 4.1 branch.
Discussion
----------
Avoid calling eval when there is no script embedded in the toolbar
| Q | A
| ------------- | ---
| Branch? | 4.1
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #27583
| License | MIT
| Doc PR | n/a
#27189 changed the way embedded scripts were eval'd for the toolbar. But it also refactored the code in a way triggering `eval` all the time, even when there is no embedded script, which was reported several times as an issue with CSP.
While the debug panel (showing dumps) still requires having `unsafe-eval` in the CSP header (due to embedding scripts that we eval), this PR reverts back to the behavior of Symfony 4.0 and older, where only toolbars actually embedding scripts have this CSP compat issue.
Commits
-------
a0f78a5e0b Avoid calling eval when there is no script embedded in the toolbar
This PR was squashed before being merged into the 2.8 branch (closes#27581).
Discussion
----------
Fix bad method call with guard authentication + session migration
| Q | A
| ------------- | ---
| Branch? | 2.8
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no (but there needs to be on master)
| Tests pass? | yes
| Fixed tickets | #27577
| License | MIT
| Doc PR | n/a
I messed up #27452 :/. Guard is the one class where the session migration is not on the listener, it's on the handler. The tricky part is that there is only ONE handler (unlike listeners where there is 1 listener per firewall). That means that implementing a session migration strategy that avoids stateless firewalls was a bit more tricky: I could only think to inject a map into `GuardAuthenticationHandler`. On the bright side, this also fixes session migration (not happening) when people call the `authenticateUserAndHandleSuccess()` method directly.
On master, we'll need to add a deprecation to make the 3rd argument of `authenticateWithToken()` required - it's optional now for BC. We may also need to re-order the constructor args.
I DID test this in a real 2.8 project, to make sure that things were properly wired up. Apologies for not doing that for the other PR.
Cheers!
Commits
-------
2c0ac93 Fix bad method call with guard authentication + session migration
This PR was merged into the 4.1 branch.
Discussion
----------
[FrameworkBundle] fix for allowing single colon controller notation
| Q | A
| ------------- | ---
| Branch? | 4.1
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #27522
| License | MIT
| Doc PR | -
This fixes a BC break introduced in https://github.com/symfony/symfony/pull/26085#pullrequestreview-126370222.
ping @Tobion
Commits
-------
1680674174 [FrameworkBundle] fix for allowing single colon controller notation
* 4.0:
fixed CS
Avoiding session migration for stateless firewall UsernamePasswordJsonAuthenticationListener
fixed CS
Avoid migration on stateless firewalls
[Serializer] deserialize from xml: Fix a collection that contains the only one element
[PhpUnitBridge] Fix error on some Windows OS
[DI] Deduplicate generated proxy classes
* 3.4:
fixed CS
Avoiding session migration for stateless firewall UsernamePasswordJsonAuthenticationListener
fixed CS
Avoid migration on stateless firewalls
[Serializer] deserialize from xml: Fix a collection that contains the only one element
[PhpUnitBridge] Fix error on some Windows OS
[DI] Deduplicate generated proxy classes