* 2.7:
Compatibility with Twig 1.27
Enhance GAE compat by removing some realpath()
bumped Symfony version to 2.7.21
updated VERSION for 2.7.20
update CONTRIBUTORS for 2.7.20
updated CHANGELOG for 2.7.20
[SecurityBundle] Fix twig-bridge lowest dep
* 2.7:
[TwigBundle] fixed usage of getSource in tests
Trim constant values in XmlFileLoader
move test to the HttpKernel component
[TwigBridge] fixed Twig_Source required argument
* 2.7:
[TwigBridge] removed deprecations added in Twig 1.27
PHP CS Fixer: use php_unit_dedicate_assert
fixed Filesystem:makePathRelative and added 2 more testcases
no 304 response if method is not cacheable
move tags from decorated to decorating service
This PR was merged into the 2.7 branch.
Discussion
----------
[FrameworkBundle] Convert null prefix to an empty string in translation:update
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #20044
| License | MIT
| Doc PR | n/a
This command needs the ability to use an empty string as prefix, which is not possible using `bin/console translation:update --prefix=""` because `$argv` doesn't parse empty strings thus the value is converted to `null` by `ArgvInput` (only since #19946, before the option was not considered to be set, giving the default `'__'` thus this should be fine from a BC pov).
Here I propose to explicitly convert the `prefix` value to an empty string if set to `null`, as it is a very specific need and we can't guess that from `ArgvInput`.
An other way to fix it could be to add a `--no-prefix` option to the command but I don't think it is worth it, and it couldn't be treated as a bug fix thus not fixed before `3.2`.
Commits
-------
f02b687 [FrameworkBundle] Convert null prefix to an empty string in translation:update command
* 2.7:
[HttpFoundation] JSONP callback validation
[Console] Improved the explanation of the hasOption() method
add missing use statement
bug #18042 [Security] $attributes can be anything, but RoleVoter assumes strings
* 2.7:
[FrameworkBundle] Alter container class instead of kernel name in cache:clear command
[Console] Fix validation of null values using SymfonyStyle::ask()
[Console] Escape default value and question in SymfonyStyle::ask()
* 2.7:
Fixed expectedException annotations
Security and validators messages translation to Latvian
[Form] FormView->isRendered() remove dead code and simplify the flow
* 2.7:
[Form] Fix typo in doc comment
[Config] Handle open_basedir restrictions in FileLocator
[bugfix] [Console] Set `Input::$interactive` to `false` when command is executed with `--quiet` as verbosity level
Use JSON_UNESCAPED_SLASHES for lint commands output
Fixed collapsed ChoiceType options attributes
Fixed the nullable support for php 7.1 and below
This PR was merged into the 2.7 branch.
Discussion
----------
[Yaml][TwigBridge] Use JSON_UNESCAPED_SLASHES for lint commands output
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
Slashes are escaped when sing the `lint:twig` and `lint:yaml` commands with the `format` option set to `json`, giving such results:
```json
[
{
"file": "yaml\/wrong\/1.yml",
"valid": false,
"message": "Unable to parse at line 1 (near \";:cc`\")."
}
]
```
That's not convenient as file paths may be reused (e.g. copy-pasted).
Results stay fine as error messages are already escaped:
```json
[
{
"file": "yaml/wrong/1.yml",
"valid": false,
"message": "Unable to parse at line 1 (near \";:cc`\")."
}
]
```
Commits
-------
0427594 Use JSON_UNESCAPED_SLASHES for lint commands output
* 2.7:
[FrameworkBundle] Fix Incorrect line break in exception message (500 debug page)
Minor cleanups and improvements
[form] lazy trans `post_max_size_message`.
[DI] Fix setting synthetic services on ContainerBuilder
[ClassLoader] Fix ClassCollectionLoader inlining with declare(strict_types=1)
* 2.7:
[FrameworkBundle] Check for class existence before is_subclass_of
Update GroupSequence.php
Code enhancement and cleanup
[DI] Add anti-regression test
Revert "minor #19689 [DI] Cleanup array_key_exists (ro0NL)"
[BrowserKit] Fix cookie expiration on 32 bit systems
bumped Symfony version to 2.7.18
updated VERSION for 2.7.17
update CONTRIBUTORS for 2.7.17
updated CHANGELOG for 2.7.17
Update misleading comment about RFC4627
This PR was merged into the 2.7 branch.
Discussion
----------
[FrameworkBundle] Check for class existence before is_subclass_of
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
Same as #19342
Commits
-------
8a9e0f5 [FrameworkBundle] Check for class existence before is_subclass_of
* 2.7:
[Validator][GroupSequence] fixed GroupSequence validation ignores PropertyMetadata of parent classes
[FrameworkBundle][Security] Remove useless mocks
[DoctrineBridge] Enhance exception message in EntityUserProvider
added friendly exception when constraint validator does not exist or it is not enabled
remove duplicate instruction
[FrameworkBundle] Remove TranslatorBagInterface check
[FrameworkBundle] Remove duplicated code in RouterDebugCommand
[Validator] fixed duplicate constraints with parent class interfaces
SecurityBundle:BasicAuthenticationListener: removed a default argument on getting a header value
* 2.7:
[Routing] Add missing options in docblock
[VarDumper] Fix dumping continuations
[HttpFoundation] fixed Request::getContent() reusage bug
[Form] Skip CSRF validation on form when POST max size is exceeded
Enhance the phpDoc return types so IDEs can handle the configuration tree.
fixes
Remove 3.0 from branch suggestions for fixes in PR template
[Process] Strengthen Windows pipe files opening (again...)
Fix#19531 [Form] DateType fails parsing when midnight is not a valid time
This PR was squashed before being merged into the 2.7 branch (closes#19373).
Discussion
----------
[Form] Skip CSRF validation on form when POST max size is exceeded
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #19140
| License | MIT
| Doc PR | N/A
In #19140 the CSRF validation listener was not aware that the POST max size had exceeded, and was adding a form error message that wasn't relevant to the actual error.
This introduces the `ServerParams` utility class into the `CsrfValidationListener` and checks that the POST max size has not been exceeded. If it has then it won't bother trying to validate the CSRF token.
My main concern with this change is that it opens up an attack vector around tokens, but I've encapsulated the request size validation in a single method in `ServerParams` now so that the request handlers are using the same logic.
Commits
-------
289531f [Form] Skip CSRF validation on form when POST max size is exceeded
* 2.7:
[Console] Application update PHPDoc of add and register methods
[Config] Extra tests for Config component
Fixed bugs in names of classes and methods.
[DoctrineBridge] Fixed php doc
[FrameworkBundle] Fixed parameters number mismatch declaration
[BrowserKit] Added test for followRedirect method (POST method)
Fix the money form type render with Bootstrap3
[BrowserKit] Uppercase the "GET" method in redirects
[WebProfilerBundle] Fixed JSDoc parameter definition
[HttpFoundation] HttpCache refresh stale responses containing an ETag
Conflicts:
src/Symfony/Component/BrowserKit/Tests/ClientTest.php
src/Symfony/Component/Security/Acl/Resources/bin/generateSql.php
This PR was squashed before being merged into the 2.7 branch (closes#19405).
Discussion
----------
Fixed bugs in names of classes and methods.
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | ~
| License | MIT
| Doc PR | ~
It's related to case sensitive.
I changed only calls of names of called methods but not definition of methods because BC.
Commits
-------
c41aa03 Fixed bugs in names of classes and methods.