* 2.7:
[FrameworkBundle] Check for class existence before is_subclass_of
Update GroupSequence.php
Code enhancement and cleanup
[DI] Add anti-regression test
Revert "minor #19689 [DI] Cleanup array_key_exists (ro0NL)"
[BrowserKit] Fix cookie expiration on 32 bit systems
bumped Symfony version to 2.7.18
updated VERSION for 2.7.17
update CONTRIBUTORS for 2.7.17
updated CHANGELOG for 2.7.17
Update misleading comment about RFC4627
This PR was merged into the 2.7 branch.
Discussion
----------
[FrameworkBundle] Check for class existence before is_subclass_of
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
Same as #19342
Commits
-------
8a9e0f5 [FrameworkBundle] Check for class existence before is_subclass_of
* 2.7:
[Validator][GroupSequence] fixed GroupSequence validation ignores PropertyMetadata of parent classes
[FrameworkBundle][Security] Remove useless mocks
[DoctrineBridge] Enhance exception message in EntityUserProvider
added friendly exception when constraint validator does not exist or it is not enabled
remove duplicate instruction
[FrameworkBundle] Remove TranslatorBagInterface check
[FrameworkBundle] Remove duplicated code in RouterDebugCommand
[Validator] fixed duplicate constraints with parent class interfaces
SecurityBundle:BasicAuthenticationListener: removed a default argument on getting a header value
* 2.7:
[ClassLoader] Fix tests
[Debug][HttpKernel][VarDumper] Prepare for committed 7.2 changes
[DependencyInjection] PhpDumper::isFrozen inconsistency
[DI] Cleanup array_key_exists
include dynamic services in list of alternatives
[Debug] Swap dumper services at bootstrap
This commit fix a bug when using debug function too soon.
For example, if you call dump function during kernel::boot() the
dump output will be sent to stderr, even in a web context.
With this patch, the data collector is used by default, so the
dump output is send to the WDT. In a CLI context, if dump is used
too soon, the datacollector will buffer it, and release it at the
end of the script. So in this case everything will be visible by the
end used.
* 2.7:
[Routing] Add missing options in docblock
[VarDumper] Fix dumping continuations
[HttpFoundation] fixed Request::getContent() reusage bug
[Form] Skip CSRF validation on form when POST max size is exceeded
Enhance the phpDoc return types so IDEs can handle the configuration tree.
fixes
Remove 3.0 from branch suggestions for fixes in PR template
[Process] Strengthen Windows pipe files opening (again...)
Fix#19531 [Form] DateType fails parsing when midnight is not a valid time
This PR was squashed before being merged into the 2.7 branch (closes#19373).
Discussion
----------
[Form] Skip CSRF validation on form when POST max size is exceeded
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #19140
| License | MIT
| Doc PR | N/A
In #19140 the CSRF validation listener was not aware that the POST max size had exceeded, and was adding a form error message that wasn't relevant to the actual error.
This introduces the `ServerParams` utility class into the `CsrfValidationListener` and checks that the POST max size has not been exceeded. If it has then it won't bother trying to validate the CSRF token.
My main concern with this change is that it opens up an attack vector around tokens, but I've encapsulated the request size validation in a single method in `ServerParams` now so that the request handlers are using the same logic.
Commits
-------
289531f [Form] Skip CSRF validation on form when POST max size is exceeded
* 2.7:
[TwigBundle] Removed redundant return statement.
[TwigBridge] Removed extra arguments in 2 places.
[Process] Fix write access check for pipes on Windows
[HttpKernel] Use flock() for HttpCache's lock files
* 2.7:
[Console] Application update PHPDoc of add and register methods
[Config] Extra tests for Config component
Fixed bugs in names of classes and methods.
[DoctrineBridge] Fixed php doc
[FrameworkBundle] Fixed parameters number mismatch declaration
[BrowserKit] Added test for followRedirect method (POST method)
Fix the money form type render with Bootstrap3
[BrowserKit] Uppercase the "GET" method in redirects
[WebProfilerBundle] Fixed JSDoc parameter definition
[HttpFoundation] HttpCache refresh stale responses containing an ETag
Conflicts:
src/Symfony/Component/BrowserKit/Tests/ClientTest.php
src/Symfony/Component/Security/Acl/Resources/bin/generateSql.php
This PR was squashed before being merged into the 2.7 branch (closes#19405).
Discussion
----------
Fixed bugs in names of classes and methods.
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | ~
| License | MIT
| Doc PR | ~
It's related to case sensitive.
I changed only calls of names of called methods but not definition of methods because BC.
Commits
-------
c41aa03 Fixed bugs in names of classes and methods.
* 2.7:
[HttpKernel] Add listener that checks when request has both Forwarded and X-Forwarded-For
[HttpKernel] Move conflicting origin IPs handling to catch block
[travis] Fix deps=low/high patching
This PR was squashed before being merged into the 2.7 branch (closes#18688).
Discussion
----------
[HttpFoundation] Warning when request has both Forwarded and X-Forwarded-For
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR | symfony/symfony-docs#6526
Emit a warning when a request has both a trusted Forwarded header and a trusted X-Forwarded-For header, as this is most likely a misconfiguration which causes security issues.
Commits
-------
ee8842f [HttpFoundation] Warning when request has both Forwarded and X-Forwarded-For
This PR was merged into the 2.8 branch.
Discussion
----------
[Console] Fix formatting of SymfonyStyle::comment()
| Q | A
| ------------- | ---
| Branch? | 2.8
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #19172
| License | MIT
| Doc PR | n/a
This:
```php
$io->comment('Lorem ipsum dolor sit amet, consectetur adipisicing elit, <comment>sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat </comment>cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.');
```
Before outputs:
After:
This moves the lines-cutting logic from `block()` into a specific `createBlock`, used from both `comment()` and `block()`, sort as `comment()` can take messages containing nested tags and outputs a correctly formatted block without escaping tags.
Commits
-------
0a53e1d [Console] Fix formatting of SymfonyStyle::comment()
Remove decoration from frameworkbundle test (avoid testing the Console behaviour)
Set background to default
Test output
Adapt test for FrameworkBundle
Use Helper::strlenWithoutDecoration rather than Helper::strlen(strip_tags(..))
Improve logic for align all lines to the first in block()
Tests more block() possible outputs
Avoid calling Helper::strlenWithoutDecoration in loop for prefix, assign it instead
* 2.7:
[CS] Respect PSR2 4.2
[Form] fix `empty_data` option in expanded `ChoiceType`
[Console] removed unneeded private methods
sync min email validator version
[TwigBridge] Fix inconsistency in LintCommand help
explicitly forbid e-mail validator 2.0 or higher
Fixed SymfonyQuestionHelper multi-choice with defaults
[DoctrineBridge] Don't use object IDs in DoctrineChoiceLoader when passing a value closure
Differentiate between the first time a progress bar is displayed and subsequent times
finished previous commit
No more exception for malformed input name
fix post_max_size_message translation
[Process] Fix pipes cleaning on Windows
Avoid phpunit 5.4 warnings on getMock
[Form] Add exception to FormRenderer about non-unique block names
[Form] Consider a violation even if the form is not submitted
* 2.7:
fixed CS
tweaked default CS fixer config
[HttpKernel] Dont close the output stream in debug
move HttpKernel component to require section
Fixed oci and sqlsrv merge queries when emulation is disabled - fixes#17284
[Session] fix PDO transaction aborted under PostgreSQL
[Console] Use InputInterface inherited doc as possible
add docblock type elements to support newly added IteratorAggregate::getIterator PhpStorm support
FormBuilderInterface: fix getForm() return type.
Fixed typo in PHPDoc
* 2.7:
[HttpFoundation] Use UPSERT for sessions stored in PgSql >= 9.5
[Console] fixed PHPDoc
[travis] HHVM 3.12 LTS
Fix feature detection for IE
[Form] Fixed collapsed choice attributes
[Console] added explanation of messages usage in a progress bar
force enabling the external XML entity loaders
[Yaml] properly count skipped comment lines
Conflicts:
src/Symfony/Component/Translation/Loader/XliffFileLoader.php
* 2.7:
Added progressive jpeg to mime types guesser
[Yaml] Fix wrong line number when comments are inserted in the middle of a block.
Fixed singular of committee
Do not inject web debug toolbar on attachments
bumped Symfony version to 2.7.15
updated VERSION for 2.7.14
update CONTRIBUTORS for 2.7.14
updated CHANGELOG for 2.7.14
[Console] [SymfonyStyle] Replace long word wrapping test to directly test output
This PR was squashed before being merged into the 2.7 branch (closes#18971).
Discussion
----------
Do not inject web debug toolbar on attachments
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #18965
| License | MIT
| Doc PR | -
Commits
-------
4a7d836 Do not inject web debug toolbar on attachments
* 2.7:
[BrowserKit] Bump dom-crawler minimum version requirement
Make one call to "OutputInterface::write" method per table row
[HttpKernel] Fix context dependent test
[Debug] Fix context dependent test
* 2.7:
`@throws` annotations should go after `@return`
Fix merge
updated VERSION for 2.3.42
update CONTRIBUTORS for 2.3.42
updated CHANGELOG for 2.3.42
Revert "bug #18908 [DependencyInjection] force enabling the external XML entity loaders (xabbuh)"
Partial revert of previous PR
[DependencyInjection] Skip deep reference check for 'service_container'
Catch \Throwable
[Serializer] Add missing @throws annotations
Fix for #18843
force enabling the external XML entity loaders
Removed UTC specification with timestamp
Conflicts:
src/Symfony/Component/DependencyInjection/Tests/Dumper/PhpDumperTest.php
src/Symfony/Component/Finder/Finder.php
src/Symfony/Component/Security/Acl/Dbal/MutableAclProvider.php
src/Symfony/Component/Security/Acl/Domain/ObjectIdentity.php
src/Symfony/Component/Security/Acl/Model/AclInterface.php
src/Symfony/Component/Security/Acl/Model/MutableAclProviderInterface.php
src/Symfony/Component/Security/Acl/Permission/MaskBuilder.php
src/Symfony/Component/Translation/Loader/XliffFileLoader.php
src/Symfony/Component/Yaml/Tests/InlineTest.php
* 2.3:
updated VERSION for 2.3.42
update CONTRIBUTORS for 2.3.42
updated CHANGELOG for 2.3.42
Revert "bug #18908 [DependencyInjection] force enabling the external XML entity loaders (xabbuh)"
Partial revert of previous PR
[DependencyInjection] Skip deep reference check for 'service_container'
Catch \Throwable
[Serializer] Add missing @throws annotations
Fix for #18843
force enabling the external XML entity loaders
Removed UTC specification with timestamp
* 2.7:
[Yaml] fix exception contexts
People - person singularization
[Yaml] properly handle unindented collections
[Serializer] Add test for ignored attributes during denormalization
chomp newlines only at the end of YAML documents
Fixed server status command when port has been omitted
Update UPGRADE FROM 2.x to 3.0
Catch \Throwable
Use levenshtein level for better Bundle matching
[WebProfilerBundle] Fix CORS ajax security issues
This PR was merged into the 2.7 branch.
Discussion
----------
Use levenshtein level for better Bundle matching
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
_I've targetted 2.7 branch since this was introduced in the 2.6 version but the 2.6 isn't maintain anymore._
**TL;DR:** I found unused code in bad bundle exception when Symfony try to find the best bundle to fix the typo. Should we remove that code (and got a potential lower matching bundle name) or keep it and make it work?
-----
I've noticed that a part of the code wasn't used when determining which bundle typo was written on _bad bundle exception_, from https://github.com/symfony/symfony/pull/11210.
```php
$alternative = null;
$shortest = null;
foreach ($bundleNames as $bundleName) {
// if there's a partial match, return it immediately
if (false !== strpos($bundleName, $nonExistentBundleName)) {
return $bundleName;
}
$lev = levenshtein($nonExistentBundleName, $bundleName);
if ($lev <= strlen($nonExistentBundleName) / 3 && ($alternative === null || $lev < $shortest)) {
$alternative = $bundleName;
}
}
```
In this snippet, the `$shortest` wasn't update in the `foreach`. Reading the code, I guess it was supposed to add an even better accuracy when multiple bundle matche the typo'd bundle name.
Which mean when an alternative is found, we have to assign the level `$lev` from that match to `$shortest`.
```php
if ($lev <= strlen($nonExistentBundleName) / 3 && ($alternative === null || $lev < $shortest)) {
$alternative = $bundleName;
$shortest = $lev;
}
```
Let say you have these bundles: `FoooooBundle` and `FooBundle` and you request the bundle `FoodBundle`.
- Without `$shortest` updated, you'll got a suggestion with `FoooooBundle` (first matching bundle found)
- With `$shortest` upadted, you'll got a suggestion with `FooBundle` (because it has a better level than `FoooooBundle`)
This isn't a _bug fix_ since this is only supposed to help developper but not the final user.
**Question is**: should we keep that level comparison or just remove it?
Commits
-------
ac7f74e Use levenshtein level for better Bundle matching
* 2.7:
[2.3][Component/Security] Fixed phpdoc in AnonymousToken constructor for user param
prevent calling get() for service_container service
call get() after the container was compiled
Fixed readme of OptionsResolver
[DependencyInjection] Suggest ExpressionLanguage in composer.json
* 2.3:
[2.3][Component/Security] Fixed phpdoc in AnonymousToken constructor for user param
call get() after the container was compiled
Fixed readme of OptionsResolver
* 2.7:
add @Event annotation for AuthenticationEvents
add @Event annotation for KernelEvents
bumped Symfony version to 2.7.13
updated VERSION for 2.7.12
update CONTRIBUTORS for 2.7.12
updated CHANGELOG for 2.7.12
bumped Symfony version to 2.3.41
updated VERSION for 2.3.40
update CONTRIBUTORS for 2.3.40
updated CHANGELOG for 2.3.40
Revert "minor #18257 [Routing] Don't needlessly execute strtr's as they are fairly expensive (arjenm)"
Revert "fixed CS"
[FrameworkBundle] Remove misleading comment
bug #17460 [DI] fix ambiguous services schema
This PR was merged into the 2.7 branch.
Discussion
----------
[FrameworkBundle] Remove misleading comment
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
This is not true for service_container anymore.
Commits
-------
9f2f858 [FrameworkBundle] Remove misleading comment
* 2.7:
use stable 1.0.x Composer versions
Fix typo in VarDumper README
[WebProfilerBunde] Give an absolute url in case the request occured from another domain
This PR was merged into the 2.7 branch.
Discussion
----------
[2.7][WebProfilerBunde] Give an absolute url in case the request occured from another domain
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
This is related to #18413:
Using two symfony application ProjectA and MicroServiceB, if ProjectA issues XHR to MicroServiceB and both have the WebProfilerBundle enabled, then Ajax requests will be monitored in ProjectA. But - at the moment - it will try to look for profiles under ProjectA domain whereas data are stored on MicroServiceB domain.
This PR fixes this issue
Commits
-------
1a5d4ad [WebProfilerBunde] Give an absolute url in case the request occured from another domain
This PR was squashed before being merged into the 2.8 branch (closes#18457).
Discussion
----------
[WebProfilerBundle] Fixed error from unset twig variable
| Q | A
| ------------- | ---
| Branch? | 2.8
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
Minor bug, fixes error from twig variable which was removed in 2.8
Here was where it was originally set https://github.com/symfony/symfony/blob/2.7/src/Symfony/Bundle/WebProfilerBundle/Resources/views/Collector/config.html.twig#L69
Replaced with expected class name
Commits
-------
3e2c4c9 [WebProfilerBundle] Fixed error from unset twig variable
* 2.7:
[HttpFoundation] Improve phpdoc
[Logging] Add support for firefox in ChromePhpHandler
Windows 10 version check in just one line
Detect CLI color support for Windows 10 build 10586
[Security] Fixed SwitchUserListener when exiting an impersonication with AnonymousToken
[EventDispatcher] Try first if the event is Stopped
[FrameworkBundle] fixes grammar in container:debug command manual.
[Form] fix "prototype" not required when parent form is not required
* 2.3:
Detect CLI color support for Windows 10 build 10586
[EventDispatcher] Try first if the event is Stopped
[FrameworkBundle] fixes grammar in container:debug command manual.
Conflicts:
src/Symfony/Component/EventDispatcher/EventDispatcher.php
src/Symfony/Component/HttpKernel/Debug/TraceableEventDispatcher.php
* 2.7:
[travis] Disable hirak/prestissimo for deps=low/high tests
[HttpFoundation] fix phpdoc of UploadedFile
Lower complexity of Form:isValid()
skipped dns-sensitive tests when DnsMock is not found
[FrameworkBundle] Return the invokable service if its name is the class name
[ci] Skip dns-sensitive tests when DnsMock is not found
Exclude Bridge\PhpUnit from composer.json by default
fixed CS
Optimize ReplaceAliasByActualDefinitionPass
[Process] use __METHOD__ where applicable
[Routing] Don't needlessly execute strtr's as they are fairly expensive
This PR was merged into the 2.8 branch.
Discussion
----------
Fixed the styles of the Symfony icon in the web debug toolbar
| Q | A
| ------------- | ---
| Branch? | 2.8+
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
### Before
### After
---
@WhiteEagle88 the change from `24` to `40` was made in [this commit](d120c08f8b) of yours to fix some problems with Microsoft Edge browser. Could you please check if this pull request breaks anything for you? Thanks!
Commits
-------
ddc8d4e Fixed the styles of the Symfony icon in the web debug toolbar
* 2.7:
[ci] Get ICU/intl from github instead of nebm.ist.utl.pt/~glopes
[Debug] Fix case sensitivity checks
[Debug] Fix handling of php7 throwables
fix high deps tests
[Process] remove dead code
[WebProfilerBundle] Add missing use statement.
[ClassLoader] Fix storing not-found classes in APC cache
[Form] cs fixes in date types
[phpunit] disable prophecy
