* 2.7:
Fix max width for multibyte keys in choice question
[Console] Display console application name even when no version set
Remove empty statements.
This PR was merged into the 2.8 branch.
Discussion
----------
[FrameworkBundle] Don't log twice with the error handler
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #16980
| License | MIT
| Doc PR | -
ping @Tobion @yapro does it work as expected with this patch?
Commits
-------
5926ff2 [FrameworkBundle] Don't log twice with the error handler
* 2.7:
Typo fix
[2.3] Static Code Analysis for Components
Added support \IteratorAggregate for UniqueEntityValidator
Update AbstractChoiceListTest.php
Fix#17306 Paths with % in it are note allowed (like urlencoded)
Use proper class to fetch $versionStrategy property
Added sort order SORT_STRING for params in UriSigner
Remove normalizer cache in Serializer class
* 2.3:
Typo fix
[2.3] Static Code Analysis for Components
Added support \IteratorAggregate for UniqueEntityValidator
Fix#17306 Paths with % in it are note allowed (like urlencoded)
Added sort order SORT_STRING for params in UriSigner
Remove normalizer cache in Serializer class
* 2.7:
Add missing apostrophe in setSaveHandler phpdoc
[VarDumper] Fix typo
[FrameworkBundle] Add case in Kernel directory guess for PHPUnit
[FrameworkBundle] Add case in Kernel directory guess for PHPUnit
* 2.7:
[Process] Fix potential race condition
[PhpUnitBridge] Re-enable the garbage collector
typo
[FrameworkBundle] Set the kernel.name properly after a cache warmup
Removed spaces before semicolon
This PR was merged into the 2.8 branch.
Discussion
----------
Fix toolbar display when nvd3 is loaded on page
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | not applicable
Minor CSS fix for the toolbar, as nvd3 sets `svg { display: block }` so you end up with something like:
![image](https://cloud.githubusercontent.com/assets/183678/12079564/974aa694-b235-11e5-897e-ecb31ba20f26.png)
Commits
-------
d7010c0 Fix toolbar display when nvd3 is loaded on page
This PR was merged into the 2.7 branch.
Discussion
----------
[Form] Improved performance of ChoiceType and its subtypes
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
I found out today that, although CachingFactoryDecorator is part of Symfony 2.7, it is not configured to be used in the DI configuration. This simple in-memory cache improved the page load by 50% for one considerably large form with many (~600) choice/entity fields that I was working on today.
Also, caching of query builders with parameters was broken, since the parameters are represented by objects. PHP's object hashes were used to calculate the cache keys, hence the cache always missed. I converted parameters to arrays for calculating the cache keys to fix this problem.
Commits
-------
a0ef101 [Form] Improved performance of ChoiceType and its subtypes
* 2.7:
[travis] timeout the sigchild tests at 60s
CS: Single line comments should use double slashes (//) and not hash (#).
Do not use HttpKernel Extension when not needed for 2.7
Do not use HttpKernel Extension when not needed
bumped Symfony version to 2.7.9
updated VERSION for 2.7.8
updated CHANGELOG for 2.7.8
bumped Symfony version to 2.3.37
updated VERSION for 2.3.36
update CONTRIBUTORS for 2.3.36
updated CHANGELOG for 2.3.36
Revert "Revert "bug #17052 [2.7] Fixed flatten exception recursion with errors (GrahamCampbell)""
Revert "bug #17052 [2.7] Fixed flatten exception recursion with errors (GrahamCampbell)"
use nowdoc instead of heredoc
Conflicts:
src/Symfony/Component/DependencyInjection/Dumper/PhpDumper.php
src/Symfony/Component/HttpKernel/Kernel.php
src/Symfony/Component/Security/Acl/Dbal/AclProvider.php
src/Symfony/Component/Security/Acl/Dbal/MutableAclProvider.php
* 2.3:
[travis] timeout the sigchild tests at 60s
CS: Single line comments should use double slashes (//) and not hash (#).
Do not use HttpKernel Extension when not needed
bumped Symfony version to 2.3.37
updated VERSION for 2.3.36
update CONTRIBUTORS for 2.3.36
updated CHANGELOG for 2.3.36
use nowdoc instead of heredoc
Conflicts:
src/Symfony/Bundle/FrameworkBundle/Command/ConfigDumpReferenceCommand.php
src/Symfony/Bundle/FrameworkBundle/Command/RouterApacheDumperCommand.php
src/Symfony/Bundle/FrameworkBundle/Command/RouterMatchCommand.php
src/Symfony/Bundle/FrameworkBundle/Translation/Translator.php
src/Symfony/Bundle/TwigBundle/Command/LintCommand.php
src/Symfony/Component/Config/Tests/Definition/Dumper/YamlReferenceDumperTest.php
src/Symfony/Component/Debug/ExceptionHandler.php
src/Symfony/Component/HttpKernel/Kernel.php
src/Symfony/Component/Routing/Generator/Dumper/PhpGeneratorDumper.php
This PR was merged into the 2.3 branch.
Discussion
----------
CS: use nowdoc instead of heredoc
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | —
| License | MIT
| Doc PR | —
if this is accepted, we could add the fixer to symfony level of php-cs-fixer: https://github.com/FriendsOfPHP/PHP-CS-Fixer/pull/1580
Commits
-------
3dca549 use nowdoc instead of heredoc
* 2.7:
[2.7] Fixed flatten exception recursion with errors
Embedded identifier support
Also transform inline mappings to objects
Change the ExtensionInterface load method definition to bo identical to the documentation.
add and correct armenian translations
[Config] Fix array sort on normalization in edge case
[Security] Run tests on all PHP versions
[Serializer] Make metadata interfaces internal
[Yaml] fix indented line handling in folded blocks
improve BrowserKit test coverage p1
* 2.3:
[2.7] Fixed flatten exception recursion with errors
Embedded identifier support
Change the ExtensionInterface load method definition to bo identical to the documentation.
add and correct armenian translations
[Config] Fix array sort on normalization in edge case
[Yaml] fix indented line handling in folded blocks
improve BrowserKit test coverage p1
* 2.7:
[SecurityBundle] Removing test insulations for a huge perf win
[Validator] Use the new interface in the README
[Filesystem] fix tests on 2.3
[Filesystem] Recursivly widen non-executable directories
[Form] fix#15544 when a collection type attribute "required" is false, "prototype" should too
updated validators.bg.xlf
[Security] Enable bcrypt validation and result length tests on all PHP versions
[Security] Verify if a password encoded with bcrypt is no longer than 72 characters
[Console] Avoid extra blank lines when rendering exceptions
[Console][Table] fixed render row with multiple cells.
[Yaml] do not remove "comments" in scalar blocks
Conflicts:
src/Symfony/Component/Console/Application.php
src/Symfony/Component/Console/Tests/Fixtures/application_renderexception1.txt
src/Symfony/Component/Console/Tests/Fixtures/application_renderexception2.txt
src/Symfony/Component/Console/Tests/Fixtures/application_renderexception4.txt
src/Symfony/Component/Form/Extension/Core/Type/CollectionType.php
src/Symfony/Component/Form/Tests/Extension/Core/Type/CollectionTypeTest.php
src/Symfony/Component/Yaml/Tests/ParserTest.php
This PR was merged into the 2.3 branch.
Discussion
----------
[SecurityBundle] Removing test insulations for a huge perf win
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
Commits
-------
b8fa471 [SecurityBundle] Removing test insulations for a huge perf win
This PR was merged into the 2.8 branch.
Discussion
----------
[2.8] Use correct height for toolbar clearer
The toolbar is 36px heigh, while the clearer is set at 38px. This means that there is 2px between the end of the page and the toolbar. This is especially not nice when the footer has a dark color (it renders a 2px white line between toolbar and footer).
| Q | A
| ------------- | ---
| Fixed tickets | -
| License | MIT
Commits
-------
1a9c0bc Use correct height for clearer
* 2.7:
prefer phpunit 5.x on hhvm
[FrameworkBundle][HttpKernel] the finder is required to discover bundle commands
[travis] Auto-conf deps=high matrix line
Fix the logout path when not using the router
Fix the logout path when not using the router
[Form] cast IDs to match deprecated behaviour of EntityChoiceList
[HttpFoundation] Added the ability of mapping stream wrapper protocols when using X-Sendfile
[HttpFoundation] Add a test case for using BinaryFileResponse with stream wrappers
Conflicts:
.travis.yml
src/Symfony/Bundle/FrameworkBundle/composer.json
* 2.3:
prefer phpunit 5.x on hhvm
[FrameworkBundle][HttpKernel] the finder is required to discover bundle commands
[travis] Auto-conf deps=high matrix line
Fix the logout path when not using the router
[HttpFoundation] Added the ability of mapping stream wrapper protocols when using X-Sendfile
[HttpFoundation] Add a test case for using BinaryFileResponse with stream wrappers
Conflicts:
.travis.yml
src/Symfony/Bundle/FrameworkBundle/composer.json
src/Symfony/Bundle/SecurityBundle/Templating/Helper/LogoutUrlHelper.php
This PR was merged into the 2.3 branch.
Discussion
----------
Fix the logout path when not using the router
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #17029
| License | MIT
| Doc PR | n/a
This needs to use the base url, not the base path, so that it goes through the front controller when not using url rewriting.
Commits
-------
1a2567e Fix the logout path when not using the router
This PR was merged into the 2.8 branch.
Discussion
----------
[FrameworkBundle] ContainerDebugCommand: pass the right object to the descriptors
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | c5067dacb3 (commitcomment-14884960)
| License | MIT
| Doc PR |
Commits
-------
8cf0022 pass the right object to the descriptors
This PR was merged into the 2.8 branch.
Discussion
----------
[Form] Improve deprecation notice to mention the affected service id
| Q | A
| ------------- | ---
| Bug fix? |no
| New feature? |no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
This fix changes the deprecation notice to mention the affected service id. Without this update it is quite annoying to find the service with the deprecated definition.
Commits
-------
0b9ea95 Improve form deprecation notices to mention the affected service ids
* 2.7:
[Process] Enhance compatiblity with --enable-sigchild
fix short array syntax for php 5.3
[Serializer] Fixed on array of objects in .
[Process] Always call proc_close
[Validator] Updated Luxembourgish translations for 2.8
disable server commands without Process component
list all server command names in suggestion
Suggested Process dependency
disable server:run cmd without Process component
Suggested Process dependency
[FrameworkBundle] prevent cache:clear creating too long paths
[FrameworkBundle] [Translation] Fixed translations not written when no translations directory in update command
Conflicts:
.travis.yml
src/Symfony/Bundle/FrameworkBundle/Command/TranslationUpdateCommand.php
src/Symfony/Bundle/FrameworkBundle/composer.json
This PR was merged into the 2.3 branch.
Discussion
----------
[FrameworkBundle] prevent cache:clear creating too long paths
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #15547#16783
| License | MIT
| Doc PR | -
Commits
-------
6e279c5 [FrameworkBundle] prevent cache:clear creating too long paths
This PR was merged into the 2.7 branch.
Discussion
----------
[FrameworkBundle] [Translation] Fixed translations not written when no translations directory in update command
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
Currently when you run the TranslationUpdateCommand and want to write the translation in the domain file without a `translations` directory the output is `[OK] Success` but the file is not created.
This PR fix the creation of the directory.
Commits
-------
8c45107 [FrameworkBundle] [Translation] Fixed translations not written when no translations directory in update command
This PR was merged into the 2.7 branch.
Discussion
----------
[FrameworkBundle] Disable built-in server commands when Process component is missing
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
This also backports the improvement for the `suggest` section from #16650 to the `2.7` branch and improves it by also mentioning the other built-in server commands.
Commits
-------
972c4ca disable server commands without Process component
dd82b64 list all server command names in suggestion
d18fb9b Suggested Process dependency
This PR was merged into the 2.8 branch.
Discussion
----------
Suggested Process dependency
The `server:run` command requires the Process component.
Commits
-------
7c1231a Suggested Process dependency
* 2.7:
Fixed the wrong source name and the ja translation
[Debug] fix readme: DebugClassLoader moved to debug itself
[SecurityBundle] disable the init:acl command if ACL is not used
[DI] remove useless condition around unset
[Form] Disabled view data validation if "data_class" is set to null
[HttpFoundation] Workaround HHVM rewriting HTTP response line
* 2.3:
Fixed the wrong source name and the ja translation
[SecurityBundle] disable the init:acl command if ACL is not used
[DI] remove useless condition around unset
This PR was squashed before being merged into the 2.8 branch (closes#16621).
Discussion
----------
[Console] Fix bug with $output overloading
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | https://github.com/symfony/symfony-standard/issues/887, #16622
| License | MIT
| Doc PR | -
This is exactly why variable overloading isn't a great idea :)
Commits
-------
5764a00 [Console] Fix bug with overloading
This PR was squashed before being merged into the 2.8 branch (closes#16031).
Discussion
----------
[Translation][Form] Do not translate form labels and placeholders when 'translation_domain' is false
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
Seems like this behaviour was already partially added (as stated [here](https://github.com/symfony/symfony/pull/16016#issuecomment-144464875)) to solve the problem of expanded choice widgets.
Commits
-------
0e0b904 [Translation][Form] Do not translate form labels and placeholders when 'translation_domain' is false
This PR was merged into the 2.8 branch.
Discussion
----------
[HttpKernel] Don't reset on shutdown but in FrameworkBundle/Test/KernelTestCase
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #15185
| License | MIT
| Doc PR | -
While trying to migrate Blackfire to 2.8-beta, I found this BC-break: by resetting the container on kernel shut-down, functional tests are broken when they need to use the container after a call to `$this->client->request()`. Broken because e.g . the session or the profiler state is lost between consecutive requests in the same test, and because a call to $container->get('kernel') throws a synthetic-related exception.
This PR fixes the BC-break by reverting to the <=2.7 behavior (not resetting the container on kernel shut-down), and moving resetting to the KernelTestCase.
Commits
-------
baad4da [HttpKernel] Don't reset on shutdown but in FrameworkBundle/Test/KernelTestCase
* 2.7:
Fix undefined array $server
Fix bug in windows detection
[ProxyManager] Tmp fix composer reqs issue in ZF
Add missing exclusions from phpunit.xml.dist
[Serializer] ObjectNormalizer: don't serialize static methods and props
Fix the server variables in the router_*.php files
[Validator] Allow an empty path with a non empty fragment or a query
The following change adds support for Armenian pluralization.
[2.3][Process] fix Proccess run with pts enabled
Conflicts:
composer.json
src/Symfony/Bridge/ProxyManager/composer.json
src/Symfony/Component/Security/phpunit.xml.dist
* 2.3:
Fix undefined array $server
[ProxyManager] Tmp fix composer reqs issue in ZF
Add missing exclusions from phpunit.xml.dist
Fix the server variables in the router_*.php files
[Validator] Allow an empty path with a non empty fragment or a query
The following change adds support for Armenian pluralization.
[2.3][Process] fix Proccess run with pts enabled
Conflicts:
composer.json
src/Symfony/Bridge/ProxyManager/composer.json
src/Symfony/Bundle/DebugBundle/phpunit.xml.dist
src/Symfony/Component/Security/phpunit.xml.dist
This PR was squashed before being merged into the 2.3 branch (closes#16352).
Discussion
----------
Fix the server variables in the router_*.php files
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | none
| License | MIT
The built-in web server automatically rewrites everything to the `app_dev.php` script, but it does not adjust the server variables accordingly.
Here is the output of `print_r($_SERVER)` on Apache with mod_rewrite enabled (relevant lines only):
```
Array
(
[REQUEST_URI] => /text-elements.html
[SCRIPT_NAME] => /app_dev.php
[PHP_SELF] => /app_dev.php
)
```
And here is the output of the exact same script on the built-in server:
```
Array
(
[REQUEST_URI] => /text-elements.html
[SCRIPT_NAME] => /text-elements.html
[PHP_SELF] => /text-elements.html
)
```
And here is the return value of Symfony's `Request::getScriptName()` method:
```php
// Apache: http://localhost/text-elements.html
echo $this->container->get('request_stack')->getCurrentRequest()->getScriptName(); // /app_dev.php
// Built-in web server: http://127.0.0.1:8000/text-elements.html
echo $this->container->get('request_stack')->getCurrentRequest()->getScriptName(); // /text-elements.html
```
This PR fixes the two server variables in the `router_dev.php` script.
Commits
-------
4923411 Fix the server variables in the router_*.php files
This PR was merged into the 2.8 branch.
Discussion
----------
[Security] Renamed key to secret Part 2
Anonymous and RememberMe were already changed in https://github.com/symfony/symfony/pull/15141 This PR renames 2 more occurences of key in the Security: AnonymousAuthenticationListener and the Digest entry point.
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | yes
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
Commits
-------
55f59d5 Renamed key to secret
* 2.7:
[ci] Phpunit tests wont run if composer is installed in a wrapper
[ci] Add version tag in phpunit wrapper to trigger cache-reset on demand
fix race condition at mkdir (#16258)
[VarDumper] Fix PHP7 type-hints compat
[Bridge] [PhpUnit] fixes documentation markup.
[PropertyAccess] Port of the performance optimization from 2.3
trigger deprecation warning when using empty_value
[PropertyAccess] Test access to dynamic properties
[PropertyAccess] Fix dynamic property accessing.
[Serializer] GetSetNormalizer shouldn't set/get static methods
[Serializer] PropertyNormalizer shouldn't set static properties
JsonDescriptor - encode container params only once
Conflicts:
src/Symfony/Component/VarDumper/Tests/Caster/ReflectionCasterTest.php
This PR was merged into the 2.8 branch.
Discussion
----------
[DependencyInjection] [FrameworkBundle] Enhance autowiring DX
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
* Dump autowiring data when using the container
* Add autowiring data to the `debug:container` command
Commits
-------
9c3b910 [FrameworkBundle] Autowiring support for debug:container
18913e1 [DependencyInjection] Add autowiring support to dumpers
This PR was merged into the 2.7 branch.
Discussion
----------
[FrameworkBundle] JsonDescriptor - encode container params only once
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #16379
| License | MIT
| Doc PR |
Commits
-------
dd9d076 JsonDescriptor - encode container params only once
This PR was merged into the 2.8 branch.
Discussion
----------
[FrameworkBundle][Form] Better exception message for private form tagged services
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
Similar to what is done in [RegisterListenerPass](https://github.com/symfony/symfony/blob/2.8/src/Symfony/Component/EventDispatcher/DependencyInjection/RegisterListenersPass.php#L61-L63), those changes allow to have a better exception message when defining a private `form.type`, `form.type_extension` or `form.form_guesser` tagged service, and at container compilation instead of runtime:
> The service "my.form.type" must be public as form types are lazy-loaded.
instead of:
> You have requested a non-existent service "my.form.type"
If I'm right, similar cases were considered as new features in the past, so this targets 2.8.
Commits
-------
11d675f [FrameworkBundle][Form] Better exception message for private form tagged services
* 2.7:
added the new Composer exclude-from-classmap option
added the new Composer exclude-from-classmap option
fix expected argument type docblock
Set back libxml settings after testings.
fixed Twig deprecation notices
* 2.3:
added the new Composer exclude-from-classmap option
fix expected argument type docblock
Set back libxml settings after testings.
fixed Twig deprecation notices
This PR was merged into the 2.3 branch.
Discussion
----------
added the new Composer exclude-from-classmap option
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
Commits
-------
65bef75 added the new Composer exclude-from-classmap option
This PR was merged into the 2.8 branch.
Discussion
----------
Add the PHP 7 polyfill for the random_bytes function
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
Some classes (like the `SecureRandom` class) currently depends on the `random_bytes` function, which is only available in the PHP 7 polyfill
Commits
-------
8ab8ca0 Add the PHP 7 polyfill for the random_bytes function
This PR was merged into the 2.8 branch.
Discussion
----------
[WebProfilerBundle] Filter links in search results
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #14110
| License | MIT
| Doc PR |
Quite often I find myself copy/pasting the results from the search results in the profiler search form. Adding links for this allows developers to narrow down to the proper profiler result fast.
Commits
-------
4bffacc [WebProfilerBundle] Filter links in search results
This PR was merged into the 2.8 branch.
Discussion
----------
Fixed Ajax panel loading in the toolbar
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #16349
| License | MIT
| Doc PR | -
Commits
-------
862daf2 Fixed Ajax panel loading in the toolbar
* 2.7:
fixed YAML files missing quotes when a string starts with @
[VarDumper] Fix anonymous class dumping
[Routing] mark internal classes
[Translation][Csv file] remove unnecessary statements, for better readability.
[Form] remove validation of FormRegistry::getType as FormRegistry::hasType does not validate either
* 2.3:
fixed YAML files missing quotes when a string starts with @
[Routing] mark internal classes
[Translation][Csv file] remove unnecessary statements, for better readability.
[Form] remove validation of FormRegistry::getType as FormRegistry::hasType does not validate either
This PR was merged into the 2.8 branch.
Discussion
----------
[FrameworkBundle] Fix ClassCacheWarme when classes.php is already warmed
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
Autoreloading was previously set to `false`, but actually we want to force it.
This could even lead to a fatal error when warming where it was already warmed as the previous `classes.php` is directly required.
Commits
-------
d31350f [FrameworkBundle] Fix ClassCacheWarme when classes.php is already warmed
This PR was squashed before being merged into the 2.8 branch (closes#15966).
Discussion
----------
[FrameworkBundle] PropertyInfo support
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | not yet
Commits
-------
f84a92a [FrameworkBundle] PropertyInfo support
This PR was merged into the 2.8 branch.
Discussion
----------
[FrameworkBundle] Add a new ClassCache cache warmer
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
This new cache warmer allows to remove the known slowness of the first hit of a Symfony application (even when cache has been warmed up). This also allows to make a Symfony application runnable on a read-only filesystem (like in a Docker container for example)
Commits
-------
b570d6c [FrameworkBundle] Add a new ClassCache cache warmer
This PR was merged into the 2.8 branch.
Discussion
----------
[TwigBundle] added a Twig templates warmer when templating is disabled
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
When disabling the templating component, Twig templates are not warmed up as the warmer depends on the template finder which needs the templating component. This PR adds a new cache warmer that covers this case.
see #16262
Commits
-------
bd3701b [TwigBundle] added a Twig templates warmer when templating is disabled
This PR was merged into the 2.7 branch.
Discussion
----------
[TwigBundle] Fix Twig cache is not properly warmed
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #15982
| License | MIT
| Doc PR | -
Alternative to #15034
Commits
-------
e704ee4 [TwigBundle] Fix Twig cache is not properly warmed
This PR was merged into the 2.8 branch.
Discussion
----------
[EventDispatcher] added EventDispatcher::getListenerPriority()
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #14563, #15825
| License | MIT
| Doc PR | n/a
In #14563, we added a way to get the priorities of listeners, but as noted by @Tobion in #15825, the implementation is sub-optimal because of two main reasons: the change is not part of the interface but more importantly, the added boolean changes the return value of `getListeners()`.
This PR reverts most of #14563 to add a `getListenerPriority()` method. This method is quite slow, but as it should only be used for debugging purposes (on the CLI or the WDT), I think it's not really a problem.
In 3.0, this method should probably be added to `EventDispatcherInterface`.
ping @Tobion
Commits
-------
068e955 [EventDispatcher] added EventDispatcher::getListenerPriority()
This PR was merged into the 2.8 branch.
Discussion
----------
Fix the BC layer for the key->secret renaming for remember_me
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | https://github.com/symfony/symfony-docs/issues/5765
| License | MIT
| Doc PR | n/a
There was a mistake in https://github.com/symfony/symfony/pull/15141 removing the configuration entirely.
Commits
-------
f52b3a0 Fix the BC layer for the key->secret renaming for remember_me
This PR was merged into the 2.7 branch.
Discussion
----------
[2.7][tests] Use @requires annotation when possible
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
Commits
-------
b028aea [tests] Use @requires annotation when possible
| Q | A
| ------------- | ---
| Bug fix? | [yes]
| New feature? | [yes|no]
| BC breaks? | [yes|no]
Since cache is now required, it makes no sense to suggest it
This PR was merged into the 2.8 branch.
Discussion
----------
[DI] Warn when a definition relies on a deprecated class in ContainerBuilder::createService()
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | yes
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
The new feature is in the DI component and it enlighten a deprecation from Doctrine that we ignored in FrameworkBundle, that is also fixed in this PR.
See https://github.com/symfony/symfony/pull/16001/files?w=1
Commits
-------
ca69fa3 [DI] Warn when a definition relies on a deprecated class in ContainerBuilder::createService()
The FrameworkBundle in version 2.3 can be used with recent versions of
the Security component. However, after the Security component has been
split with Symfony 2.4, translations resources have been moved to the
`symfony/security-core` package. Thus, the changed location must be
taken into account.
* 2.7:
[Security][bugfix] "Remember me" cookie cleared on logout with custom "secure"/"httponly" config options [1]
[ci] Use current PHP_BINARY when running ./phpunit
Fixed typos
[UPGRADE-3.0] fix bullet indentation
Fix PropertyAccessor modifying array in object when array key does not exist
[Security] InMemoryUserProvider now concerns whether user's password is changed when refreshing
* 2.3:
[Security][bugfix] "Remember me" cookie cleared on logout with custom "secure"/"httponly" config options [1]
[ci] Use current PHP_BINARY when running ./phpunit
Fixed typos
[UPGRADE-3.0] fix bullet indentation
[Security] InMemoryUserProvider now concerns whether user's password is changed when refreshing
This PR was squashed before being merged into the 2.8 branch (closes#14721).
Discussion
----------
[Security] Configuring a user checker per firewall
_Changed my base branch to avoid issues, closed old PR_
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed ticket | #11090 and helps #14673
| License | MIT
| Doc PR | symfony/symfony-docs/pull/5530
This pull request adds support for a configurable user checker per firewall. An example could be:
```yml
services:
app.user_checker:
class: App\Security\UserChecker
arguments:
- "@request_stack"
security:
firewalls:
secured_area:
pattern: ^/
anonymous: ~
basic_auth: ~
user_checker: app.user_checker
```
The above example will use the `UserChecker` defined as `app.user_checker`. If the `user_checker` option is left empty, `security.user_checker` will be used. If the `user_checkers` option is not defined, it will fall back to the original behavior to not break backwards compatibility and will validate using the existing `UserChecker`: `security.user_checker`.
I left the default argument in the service definitions to be `security.user_checker` to include backwards compatibility for people who for some reason don't have the extension executed. You can obtain the checker for a specific firewall by appending the firewall name to it. For the firewall `secured_area`, this would be `security.user_checker.secured_area`.
Commits
-------
76bc662 [Security] Configuring a user checker per firewall
This PR was squashed before being merged into the 2.8 branch (closes#15742).
Discussion
----------
Using a service as a router resource
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | almost
| Fixed tickets | n/a
| License | MIT
| Doc PR | not yet...
Hi guys!
This adds the ability to use a service as a routing resource. In other words, instead of loading `routing.yml`, you could load `my_route_loader`, and then a method would be called on your service to return a RouteCollection.
Specifically, I'm interested in this because it would allow a user to point their main router resource to the kernel itself, making it possible to load routes inside the kernel (making a single-file full-stack app more possible).
Thanks!
Commits
-------
79e210f Using a service as a router resource
This PR was squashed before being merged into the 2.8 branch (closes#15926).
Discussion
----------
[2.8][Form] Deprecate alias tag option
FQCN should be used since 2.8 instead, so a deprecation error should be triggered when the `alias` setting is used.
Furthermore, the name of the option doesn't make much sense for form types (as it's the alias of the field it applies to), so I renamed it to `extended_type`. I'm open to any other suggestions.
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | yes
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
Commits
-------
e3aa522 [2.8][Form] Deprecate alias tag option
This PR was squashed before being merged into the 2.8 branch (closes#16023).
Discussion
----------
Minor fixes for the profiler and toolbar
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | partially #15439
| License | MIT
| Doc PR | -
Changes:
* Fixed a misaligned icon
* Changed the priorities of the collectors to better control their position and to leave a "gap" between priorities so custom panels can be displayed between the default panels. This idea came from @stof.
By the way, @stof do you know how can I set the priority of the SwiftMailer collector? Its definition is the only one that doesn't use the `<tag name="data_collector" />`:
```xml
<service id="swiftmailer.data_collector" class="%swiftmailer.data_collector.class%">
<argument type="service" id="service_container" />
</service>
```
https://github.com/symfony/swiftmailer-bundle/blob/master/Resources/config/swiftmailer.xml#L90-L92
Commits
-------
bff4098 Minor fixes for the profiler and toolbar
This PR was merged into the 2.8 branch.
Discussion
----------
[FrameworkBundle][TwigBridge] do not render empty form action attributes
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #13852, #15995
| License | MIT
| Doc PR |
Commits
-------
1307043 do not render empty form action attributes
This PR was merged into the 2.8 branch.
Discussion
----------
[FrameworkBundle] Tag deprecated services
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
Tag deprecated services as such. Some are deprecated by transitivity with their class definition.
Having given some workshops on migrating to sf 3.0, the deprecation triggered at the class level is cryptic to most. Triggering a more tailored one about the service is really important to me in order to help users migrate.
Commits
-------
87e8e8f [FrameworkBundle] Tag deprecated services
In #15973, the `searchResultsAction()` of the `ProfilerController` was
updated to pass the current request to the rendered template. However,
this change was not reflected in the test thus letting it fail.
This PR was merged into the 2.8 branch.
Discussion
----------
added logging of unused tags
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #11511, #11744
| License | MIT
| Doc PR | -
This is the same as #11744 but with some minor tweaks and some unit tests for the compiler pass.
Commits
-------
95c9f50 added some tests
d3271e1 missing tags in whitelist
f51fe4a [FrameworkBundle] [DependencyInjection] added logging of unused tags during container compilation
This PR was merged into the 2.8 branch.
Discussion
----------
[TwigBundle] removed usage of Templating classes
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | yes
| BC breaks? | yes (but frankly, I don't see how that would break anything out there)
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
Commits
-------
ff3c107 [TwigBundle] removed usage of Templating classes
7f13f95 [WebProfilerBundle] fixed a template reference
* Restore View Latest button
* In order to fit into the horizontal space available, shorten the names of the Latest Profiles and View Latest buttons and adjust the buttons' margin and padding.
This PR was merged into the 2.8 branch.
Discussion
----------
[2.8] [Ldap] Added support for LDAP (New Component + integration in the Security Component).
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | not yet
| Fixed tickets | -
| License | MIT
| Doc PR | not yet
Current state:
- [x] Implement logic
- [x] Post-review tuning and stabilization
- [x] Fix tests
This PR is a follow-up to #5189, which was in a stand-still for a few years now. It tries to fix the remaining issues which were mentioned in the discussion.
There are still a few issues with the PR, as it is. For example, it introduces two new firewall factories, whereas the base factories (`form_login` and `http_basic`) could simply introduce new configuration options.
Also, for a user to use an LDAP server as an authentication provider, he first needs to define a service which should be an instance of `Symfony\Component\Security\Ldap\Ldap`.
For example:
```yml
services:
my_ldap:
class: Symfony\Component\Security\Ldap\Ldap
arguments: [ "ldap.mydomain.tld" ]
```
Then, in `security.yml`, this service can be used in both the user provider and the firewalls:
```yml
security:
encoders:
Symfony\Component\Security\Core\User\User: plaintext
role_hierarchy:
ROLE_ADMIN: ROLE_USER
ROLE_SUPER_ADMIN: [ROLE_USER, ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH]
providers:
ldap_users:
ldap:
service: my_ldap
base_dn: dc=MyDomain,dc=tld
search_dn: CN=My User,OU=Users,DC=MyDomain,DC=tld
search_password: p455w0rd
filter: (sAMAccountName={username})
default_roles: ROLE_USER
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
demo_login:
pattern: ^/login$
security: false
api:
provider: ldap_users
stateless: true
pattern: ^/api
http_basic_ldap:
service: my_ldap
dn_string: "{username}@MYDOMAIN"
demo_secured_area:
provider: ldap_users
pattern: ^/
logout:
path: logout
target: login
form_login_ldap:
service: my_ldap
dn_string: CN={username},OU=Users,DC=MyDomain,DC=tld
check_path: login_check
login_path: login
```
Commits
-------
60b9f2e Implemented LDAP authentication and LDAP user provider
1c964b9 Introducing the LDAP component
* 2.7:
Detect Mintty for color support on Windows
Detect Mintty for color support on Windows
Add a group for tests of the finder against the FTP server
Fix license headers
Forbid serializing a Crawler
Fix phpdoc block of NativeSessionStorage class
Added exception when setAutoInitialize is called when locked
[FrameworkBundle] Advanced search templates of bundles
[Security] Allow user providers to be defined in many files
Use random_bytes function if it is available for random number generation
* 2.3:
Detect Mintty for color support on Windows
Add a group for tests of the finder against the FTP server
Fix license headers
Forbid serializing a Crawler
Fix phpdoc block of NativeSessionStorage class
Added exception when setAutoInitialize is called when locked
[FrameworkBundle] Advanced search templates of bundles
[Security] Allow user providers to be defined in many files
Use random_bytes function if it is available for random number generation
This PR was merged into the 2.8 branch.
Discussion
----------
[2.8][WebProfilerBundle] Fix search button click listener
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
This fixes an issue when clicking the sidebar "Search" button **text** instead of the **button**. Then the click event target/srcElement is the *span* child-element, instead of the listening *a* element, which causes errors in the listener, since it expects the listening element. In consequence of that the search form isn't shown.
To fix this, the same technique is used, as for the navigation tabs. Traversing the DOM up to the expected *a* element.
Commits
-------
f9ddddb [WebProfilerBundle] Fix search button click listener
This PR was merged into the 2.8 branch.
Discussion
----------
Guard minor tweaks
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
Various completely minor things, most from suggestions on #14673
Commits
-------
869d5a7 tweaking message related to configuration edge case that we want to be helpful with
da4758a Minor tweaks - lowering the required security-http requirement and nulling out a test field
* 2.7:
Fix license headers
Ensure the ClockMock is loaded before using it in the testsuite
Fix with_minutes option in time widget
Fixed properties not explicitily declared
This PR was merged into the 2.7 branch.
Discussion
----------
Fixed properties not explicitily declared
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | n/a
| License | MIT
Commits
-------
d2b3fe4 Fixed properties not explicitily declared
This PR was merged into the 2.8 branch.
Discussion
----------
deprecated the Shell Console class
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | yes
| Tests pass? | yes
| Fixed tickets | one of #11742
| License | MIT
| Doc PR | n/a
Commits
-------
1c17928 deprecated the Shell Console class
This PR was merged into the 2.8 branch.
Discussion
----------
[FrameworkBundle] compatibility with older Form component versions
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #15711
| License | MIT
| Doc PR |
Commits
-------
01ad767 compatibility with older Form component versions
This PR was squashed before being merged into the 2.8 branch (closes#15738).
Discussion
----------
Implement service-based Resource (cache) validation
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | yes
| Tests pass? | yes
| Fixed tickets | #7230, #15692, #7782
| License | MIT
| Doc PR | symfony/symfony-docs#5136
### Overview
Currently, any metadata passed to `ConfigCache` (namely implementations of `ResourceInterface`) is serialized to disk. When the `ConfigCache` is validated, the metadata is unserialized and queried through `ResourceInterface::isFresh()` to determine whether the cache is fresh. That way, `ResourceInterface` implementations cannot interact with services, for example a database connection.
This PR introduces the new concept of `ResourceCheckers`. Services implementing `ResourceCheckerInterface` can be tagged as `config_cache.resource_checker` with an optional priority.
Clients that wish to use `ConfigCache` can then obtain an instance from the `config_cache_factory` service (which implements `ConfigCacheFactoryInterface`). The factory will take care of injecting resource checkers into the `ConfigCache` instance so that they can be used for cache validation.
Checking cache metadata is easy for `ResourceCheckers`:
* First, the `ResourceCheckerInterface::supports()` implementation is passed the metadata object in question. If the checker cannot handle the type of resource passed, `supports()` should return `false`.
* Otherwise, the `ResourceCheckerInterface::isFresh()` method will be called and given the resource as well as the timestamp at which the cache was initialized. If that method returns `false`, the cache is considered stale. If it returns `true`, the resource is considered unchanged and will *not* be passed to any additional checkers.
### BC and migration path
This PR does not (intend to) break BC but it comes with deprecations. The main reason is that `ResourceInterface` contains an `isFresh()` method that does not make sense in the general case of resources.
Thus, `ResourceInterface::isFresh()` is marked as deprecated and should be removed in Symfony 3.0. Resource implementations that can (or wish to) be validated in that simple manner can implement the `SelfCheckingResourceInterface` sub-interface that still contains (and will keep) the `isFresh()` method. The change should be as simple as changing the `extends` list.
Apart from that, `ResourceInterface` will be kept as the base interface for resource implementations. It is used in several `@api` interfaces and thus cannot easily be substituted.
For the Symfony 2.x series, a `BCResourceInterfaceChecker` will be kept that performs validation through `ResourceInterface::isFresh()` but will trigger a deprecation warning. The remedy is to either implement a custom ResourceChecker with a priority higher than -1000; or to switch to the aforementioned `SelfCheckingResourceInterface` which is used at a priority of -990 (without deprecation warning).
The `ConfigCache` and `ConfigCacheFactory` classes can be used as previously but do not feature checker-based cache validation.
### Outlook and closing remarks:
This PR supersedes #7230, #15692 and works at least in parts towards the goal of #7176.
The `ResourceCheckerInterface`, `...ConfigCache` and `...ConfigCacheFactory` no longer need to be aware of the `debug` flag. The different validation rules applied previously are now just a matter of `ResourceChecker` configuration (i. e. "no checkers" in `prod`).
It might be possible to remove the `debug` flag from Symfony's `Router` and/or `Translator` classes in the future as well because it was only passed on to the `ConfigCache` there.
Commits
-------
20d3722 Implement service-based Resource (cache) validation
This PR was merged into the 2.8 branch.
Discussion
----------
New Guard Authentication System (e.g. putting the joy back into security)
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | at least partially: #14300, #11158, #11451, #10035, #10463, #8606, probably more
| License | MIT
| Doc PR | symfony/symfony-docs#5265
Hi guys!
Though it got much easier in 2.4 with `pre_auth`, authentication is a pain in Symfony. This introduces a new authentication provider called guard, with one goal in mind: put everything you need for *any* authentication system into one spot.
### How it works
With guard, you can perform custom authentication just by implementing the [GuardAuthenticatorInterface](https://github.com/weaverryan/symfony/blob/guard/src/Symfony/Component/Security/Guard/GuardAuthenticatorInterface.php) and registering it as a service. It has methods for every part of a custom authentication flow I can think of.
For a working example, see https://github.com/weaverryan/symfony-demo/tree/guard-auth. This uses 2 authenticators simultaneously, creating a system that handles [form login](https://github.com/weaverryan/symfony-demo/blob/guard-auth/src/AppBundle/Security/FormLoginAuthenticator.php) and [api token auth](https://github.com/weaverryan/symfony-demo/blob/guard-auth/src/AppBundle/Security/TokenAuthenticator.php) with a respectable amount of code. The [security.yml](https://github.com/weaverryan/symfony-demo/blob/guard-auth/app/config/security.yml) is also quite simple.
This also supports "manual login" without jumping through hoops: https://github.com/weaverryan/symfony-demo/blob/guard-auth/src/AppBundle/Controller/SecurityController.php#L45
I've also tested with "remember me" and "switch user" - no problems with either.
I hope you like it :).
### What's Needed
1) **Other Use-Cases?**: Please think about the code and try it. What use-cases are we *not* covering? I want Guard to be simple, but cover the 99.9% use-cases.
2) **Remember me** functionality cannot be triggered via manual login. That's true now, and it's not fixed, and it's tricky.
### Deprecations?
This is a new feature, so no deprecations. But, creating a login form with a guard authenticator is a whole heck of a lot easier to understand than `form_login` or even `simple_form`. In a perfect world, we'd either deprecate those or make them use "guard" internally so that we have just **one** way of performing authentication.
Thanks!
Commits
-------
a01ed35 Adding the necessary files so that Guard can be its own installable component
d763134 Removing unnecessary override
e353833 fabbot
dd485f4 Adding a new exception and throwing it when the User changes
302235e Fixing a bug where having an authentication failure would log you out.
396a162 Tweaks thanks to Wouter
c9d9430 Adding logging on this step and switching the order - not for any huge reason
31f9cae Adding a base class to assist with form login authentication
0501761 Allowing for other authenticators to be checked
293c8a1 meaningless author and license changes
81432f9 Adding missing factory registration
7a94994 Thanks again fabbot!
7de05be A few more changes thanks to @iltar
ffdbc66 Splitting the getting of the user and checking credentials into two steps
6edb9e1 Tweaking docblock on interface thanks to @iltar
d693721 Adding periods at the end of exceptions, and changing one class name to LogicException thanks to @iltar
eb158cb Updating interface method per suggestion - makes sense to me, Request is redundant
c73c32e Thanks fabbot!
6c180c7 Adding an edge case - this should not happen anyways
180e2c7 Properly handles "post auth" tokens that have become not authenticated
873ed28 Renaming the tokens to be clear they are "post" and "pre" auth - also adding an interface
a0bceb4 adding Guard tests
05af97c Initial commit (but after some polished work) of the new Guard authentication system
330aa7f Improving phpdoc on AuthenticationEntryPointInterface so people that implement this understand it
This PR was squashed before being merged into the 2.8 branch (closes#15861).
Discussion
----------
Avoid errors when generating the logout URL when there is no firewall key
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #15853
| License | MIT
| Doc PR | -
Commits
-------
a811912 Avoid errors when generating the logout URL when there is no firewall key
This PR was merged into the 2.8 branch.
Discussion
----------
[WebProfilerBundle] fixed cursor as pointer when hovering over link.
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Fixed tickets | ~
| Tests pass? | yes
| License | MIT
Commits
-------
ac7591f [WebProfilerBundle] added btn-link.
* 2.7:
[DomCrawler] Invalid uri created from forms if base tag present
[Console] update param type phpdoc for StreamOutput
[Console] fix typo in OutputInterface
Use stderr by default when a specific output is not injected
[Debug] Fix case mismatch detection
[HttpKernel] fix broken multiline <esi:remove>
[DoctrineBridge] Fixed#14840
[FrameworkBundle] add a suggest for the serializer component
[Yaml] Fix the parsing of float keys
[Console] Ensure the console output is only detected as decorated when both stderr and stdout support colors
[HttpKernel] fix DumpDataCollector compat with Twig 2.0
Improve exception messages.
Fix that two DirectoryResources with different patterns would be deduplicated
Tests fix clockmock
[WebProfilerBundle] Added tabindex="-1" to not interfer with normal UX
missing "YAML" in the exception message.
[Translator][warmup][fallback locales] fixed missing cache file generation.
[framework-bundle] Add Test for TranslationUpdateCommand
Use ObjectManager interface instead of EntityManager
* 2.3:
[DomCrawler] Invalid uri created from forms if base tag present
[Console] update param type phpdoc for StreamOutput
[Console] fix typo in OutputInterface
[HttpKernel] fix broken multiline <esi:remove>
[DoctrineBridge] Fixed#14840
[FrameworkBundle] add a suggest for the serializer component
[Yaml] Fix the parsing of float keys
[Console] Ensure the console output is only detected as decorated when both stderr and stdout support colors
Improve exception messages.
Fix that two DirectoryResources with different patterns would be deduplicated
Tests fix clockmock
[WebProfilerBundle] Added tabindex="-1" to not interfer with normal UX
missing "YAML" in the exception message.
[framework-bundle] Add Test for TranslationUpdateCommand
Use ObjectManager interface instead of EntityManager
This PR was squashed before being merged into the 2.8 branch (closes#14378).
Discussion
----------
[DX] Added a logout link in the security panel of the web debug toolbar
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
While developing applications, it's common to login/logout users continuously to test security features. I usually type `/logout` in the URL, but this is boring and, depending on the application, not always works.
This PR adds a small *Logout* link in the security panel when you are logged in the application:
![logged](https://cloud.githubusercontent.com/assets/73419/7184976/6c66831a-e460-11e4-86a9-eb5a48c9aa4c.png)
Anonymous users won't see anything:
![anonymous](https://cloud.githubusercontent.com/assets/73419/7184982/74a95b60-e460-11e4-8b35-72d8336355fb.png)
Commits
-------
192523a [DX] Added a logout link in the security panel of the web debug toolbar
This PR was squashed before being merged into the 2.8 branch (closes#15620).
Discussion
----------
[WIP] #15502 Make template shortcuts be usable without Templating component
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | ?
| Fixed tickets | #15502
| License | MIT
| Doc PR | -
Commits
-------
d547ec0 [WIP] #15502 Make template shortcuts be usable without Templating component
This PR was merged into the 2.3 branch.
Discussion
----------
[framework-bundle] Add Test for TranslationUpdateCommand
Added the test script as per the discussion in PR #15562
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
Commits
-------
232f6fd [framework-bundle] Add Test for TranslationUpdateCommand
This PR was merged into the 2.8 branch.
Discussion
----------
[HttpKernel] Move required RequestStack args as first arguments
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | yes
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
Since we planned to make RequestStack required, we have to move it as first arguments.
Commits
-------
84ba05b [HttpKernel] Move required RequestStack args as first arguments
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | n/a
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
The change removes the animation in the "sf-toolbar-block-ajax" when the request state was "ok".
When a form type provides a BC layer with old form names (all core types
do), the form registry will ask for type extensions registered on the
legacy name for BC, and trigger a warning if it finds any.
The DependencyInjectionExtension should not trigger warnings on its own
when being asked for such extensions (especially when it has none
registered).
Core extensions are also registered using the proper extended type
rather than legacy names.
This PR was merged into the 2.8 branch.
Discussion
----------
[SecurityBundle] allow more versions of the ACL package
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
This actually is the version that is required when using the Symfony SE
(`symfony/symfony` requires `symfony/security-acl` in version `~2.7`).
Commits
-------
3a15921 allow more versions of the ACL package
This PR was merged into the 2.8 branch.
Discussion
----------
[2.8] Deprecate IntrospectableContainerInterface
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | yes
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
Patch on Security is required for tests compat with 3.0, see #15684
IntrospectableContainerInterface is already deprecated in master.
Commits
-------
c2b94a1 [2.8] Cleanup
This PR was merged into the 2.8 branch.
Discussion
----------
[translation] Deprecated DiffOperation
## Summary:
The ``DiffOperation`` class has been deprecated and ``TargetOperation``
should be used instead, because ``DiffOperation`` has nothing to do
with 'diff', thus its class name is misleading.
Also added detailed documents for all operation interface and classes.
## Background:
The following names should have consistent meanings for all operations:
The name of ``intersection`` is temporarily introduced here to explain this issue.
* [x] ``intersection`` = source ∩ target = {x: x ∈ source ∧ x ∈ target}
* [x] ``all`` = **result of the operation, depends on the operation.**
* [x] ``new`` = all ∖ source = {x: x ∈ all ∧ x ∉ source}
* [x] ``obsolete`` = source ∖ all = {x: x ∈ source ∧ x ∉ all}
The following analysis explains why ``DiffOperation`` should be deprecated.
## Logic of ``MergeOperation``:
* [x] ``all`` = source ∪ target = {x: x ∈ source ∨ x ∈ target}
* [x] ``new`` = all ∖ source = {x: x ∈ target ∧ ∉ source}
* [x] ``obsolete`` = source ∖ all = {x: x ∈ source ∧ x ∉ source ∧ x ∉ target} = ∅
This absolutely makes sense.
## Logic of ``DiffOperation``:
* [ ] ``all`` = intersection ∪ (target ∖ intersection) = target
* [x] ``new`` = all ∖ source = {x: x ∈ target ∧ x ∉ source}
* [x] ``obsolete`` = source ∖ all = source ∖ target = {x: x ∈ source ∧ x ∉ target}
The ``all`` part is confusing because 'diff' should either mean 'relative complement' or 'symmetric difference' operation:
### Relative Complement:
* ``all`` = source ∖ target = {x: x ∈ source ∧ x ∉ target}
### Symmetric Difference:
* ``all`` = (source ∖ target) ∪ (target ∖ source) = {x: x ∈ source ∧ x ∉ target ∨ x ∈ target ∧ x ∉ source}
### Current Logic has Nothing to do with "Diff":
* ``all`` = intersection ∪ (target ∖ intersection) = target
So the name of ``DiffOperation`` is misleading and inappropriate.
Unfortunately, there is no corresponding set operation for this class,
so it's hard to give it an apppriate name.
From my point of view, I believe the most accurate name for this class
should be ``TargetOperation`` because its result is same as the target set.
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | yes
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
Commits
-------
353c94d [translation][framework-bundle] Deprecated DiffOperation
* 2.7:
[travis] Add PHP 7 to allowed failures until segfaults are fixed
[Intl] Fix test
[Translator][fallback catalogues] fixed circular reference.
bumped Symfony version to 2.3.33
updated VERSION for 2.3.32
update CONTRIBUTORS for 2.3.32
updated CHANGELOG for 2.3.32
[FrameworkBundle] Fix templating.helper.code.file_link_format when defined by ini setting
[console] Use the description when no help is available
* 2.3:
[Intl] Fix test
[Translator][fallback catalogues] fixed circular reference.
bumped Symfony version to 2.3.33
updated VERSION for 2.3.32
update CONTRIBUTORS for 2.3.32
updated CHANGELOG for 2.3.32
[FrameworkBundle] Fix templating.helper.code.file_link_format when defined by ini setting
[console] Use the description when no help is available
Conflicts:
src/Symfony/Component/Console/Tests/Fixtures/application_asxml1.txt
src/Symfony/Component/Console/Tests/Fixtures/application_asxml2.txt
src/Symfony/Component/HttpKernel/Kernel.php
Added the test script as per the discussion in PR #15562
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | yes
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
The ``DiffOperation`` class has been deprecated and ``TargetOperation``
should be used instead, because ``DiffOperation`` has nothing to do
with 'diff', thus its class name is misleading.
Also added detailed documents for all operation interface and classes.
The following names should have consistent meanings for all operations:
The name of ``intersection`` is temporarily introduced here to explain this issue.
* [x] ``intersection`` = source ∩ target = {x: x ∈ source ∧ x ∈ target}
* [x] ``all`` = **result of the operation, depends on the operation.**
* [x] ``new`` = all ∖ source = {x: x ∈ all ∧ x ∉ source}
* [x] ``obsolete`` = source ∖ all = {x: x ∈ source ∧ x ∉ all}
The following analysis explains why ``DiffOperation`` should be deprecated.
* [x] ``all`` = source ∪ target = {x: x ∈ source ∨ x ∈ target}
* [x] ``new`` = all ∖ source = {x: x ∈ target ∧ ∉ source}
* [x] ``obsolete`` = source ∖ all = {x: x ∈ source ∧ x ∉ source ∧ x ∉ target} = ∅
This absolutely makes sense.
* [ ] ``all`` = intersection ∪ (target ∖ intersection) = target
* [x] ``new`` = all ∖ source = {x: x ∈ target ∧ x ∉ source}
* [x] ``obsolete`` = source ∖ all = source ∖ target = {x: x ∈ source ∧ x ∉ target}
The ``all`` part is confusing because 'diff' should either mean 'relative complement' or 'symmetric difference' operation:
* ``all`` = source ∖ target = {x: x ∈ source ∧ x ∉ target}
* ``all`` = (source ∖ target) ∪ (target ∖ source) = {x: x ∈ source ∧ x ∉ target ∨ x ∈ target ∧ x ∉ source}
* ``all`` = intersection ∪ (target ∖ intersection) = target
So the name of ``DiffOperation`` is misleading and inappropriate.
Unfortunately, there is no corresponding set operation for this class,
so it's hard to give it an apppriate name.
From my point of view, I believe the most accurate name for this class
should be ``TargetOperation`` because its result is same as the target set.
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | yes
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
* 2.7:
Mark deprecated Twig functions as deprecated with the Twig feature
[appveyor] PHP 5.3.11 for Symfony 2.7
[HttpKernel] Group deprecation notices
Conflicts:
appveyor.yml
* 2.7:
[VarDumper] Fix missing support for dumping PHP7 return type
[travis] disable symfony_debug ext when deps!=no
Do not normalize the kernel root directory path (see symfony/symfony#15474).
Don't trigger deprecation on interfaces
[Debug] Ignore silencing for deprecations
[ci] Run minimal versions on appveyor only
Fix appveyor file
consistently use str_replace to unify directory separators (remaining)
This PR was merged into the 2.7 branch.
Discussion
----------
consistently use str_replace to unify directory separators (2.7)
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR | -
Remaining ones from #15614
Commits
-------
17ce649 consistently use str_replace to unify directory separators (remaining)
* 2.7:
Various fixes esp. on Windows
Fix the validation of form resources to register the default theme
Fix the retrieval of the value with property path when using a loader
[appveyor] minor enhancements
[Process] Disable failing tests on Windows
[Translation] Fix the string casting in the XliffFileLoader
Windows and Intl fixes
Add appveyor.yml for C.I. on Windows
[VarDumper] fixed HtmlDumper to target specific the head tag
[travis] merge php: nightly and deps=high test-matrix lines
consistently use str_replace to unify directory separators
Support omitting the <target> node in an .xlf file.
Fix the handling of values for multiple choice types
moved PHP nightly to PHP 7.0
[Security] Add missing docblock in PreAuthenticatedToken
Conflicts:
.travis.yml
This PR was merged into the 2.3 branch.
Discussion
----------
Fix the validation of form resources to register the default theme
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
https://github.com/symfony/symfony/pull/14173 made some wrong changes, changing the behavior of the code. This reverts to the right behavior in affected places
Commits
-------
ea92610 Fix the validation of form resources to register the default theme
* 2.7:
fixed CS
[DependencyInjection] Add missing file headers
fixed typo
made Symfony compatible with both Twig 1.x and 2.x
[FrameworkBundle] Fix precedence of xdebug.file_link_format