* 3.2:
[Cache] Fix Redis pipelining/multi-ops
[Yaml] Fix the tests
[github] Add a reminder about CHANGELOG.md files
respect the umask argument in dumpFile()
dumpFile(), preserve existing file permissions
[Form] Fixed overridden choices option in extended choice types
Add validate method to mockec validator in form TypeTestCase
bumped Symfony version to 2.8.19
updated VERSION for 2.8.18
updated CHANGELOG for 2.8.18
bumped Symfony version to 2.7.26
updated VERSION for 2.7.25
update CONTRIBUTORS for 2.7.25
updated CHANGELOG for 2.7.25
[HttpKernel] fixed Kernel name when stored in a directory starting with a number
context listener: hardening user provider handling
[Console] Do not squash input changes made from console.command event
* 2.8:
respect the umask argument in dumpFile()
dumpFile(), preserve existing file permissions
Add validate method to mockec validator in form TypeTestCase
bumped Symfony version to 2.8.19
updated VERSION for 2.8.18
updated CHANGELOG for 2.8.18
bumped Symfony version to 2.7.26
updated VERSION for 2.7.25
update CONTRIBUTORS for 2.7.25
updated CHANGELOG for 2.7.25
[HttpKernel] fixed Kernel name when stored in a directory starting with a number
context listener: hardening user provider handling
[Console] Do not squash input changes made from console.command event
* 2.7:
respect the umask argument in dumpFile()
dumpFile(), preserve existing file permissions
Add validate method to mockec validator in form TypeTestCase
bumped Symfony version to 2.7.26
updated VERSION for 2.7.25
update CONTRIBUTORS for 2.7.25
updated CHANGELOG for 2.7.25
[HttpKernel] fixed Kernel name when stored in a directory starting with a number
context listener: hardening user provider handling
This PR was merged into the 3.3-dev branch.
Discussion
----------
[HttpKernel] Allow signing URIs with a custom query string parameter
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
`UriSigner` is currently restricting to using `_hash` as the query string parameter, this makes is customisable.
Commits
-------
32301c3a30 Allow a custom query string parameter
This PR was merged into the 2.7 branch.
Discussion
----------
[HttpKernel] fix Kernel name when stored in a directory starting with a number
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #20489
| License | MIT
| Doc PR | -
replaces #20750
Commits
-------
f244eb8414 [HttpKernel] fixed Kernel name when stored in a directory starting with a number
This PR was merged into the 3.3-dev branch.
Discussion
----------
[HttpKernel] Deprecate X-Status-Code for better alternative
| Q | A |
| --- | --- |
| Branch? | master |
| Bug fix? | no |
| New feature? | yes |
| BC breaks? | no |
| Deprecations? | yes |
| Tests pass? | yes |
| Fixed tickets | #12343 |
| License | MIT |
| Doc PR | https://github.com/symfony/symfony-docs/pull/6948 |
This marks the X-Status-Code header method of setting a custom response status
code in exception listeners for a better alternative. There is now a new method
on the `GetResponseForExceptionEvent` that allows successful status codes in
the response sent to the client.
The old method of setting the X-Status-Code header will now throw a deprecation warning.
Instead, in your exception listener you simply call `GetResponseForExceptionEvent::allowCustomResponseCode()` which will tell the Kernel not to override the status code of the event's response object.
Currenty the `X-Status-Code` header will still be removed, so as not to change the existing behaviour, but this is something we can remove in 4.0.
TODO:
- [x] Replace usage of X-Status-Code in `FormAuthenticationEntryPoint`
- [x] Open Silex issue
- [x] Rename method on the response
- [x] Ensure correct response code is set in `AuthenticationEntryPointInterface` implementations
- [x] Ensure the exception listeners are marking `GetResponseForExceptionEvent` as allowing a custom response code
- [x] In the Security component we should only use the new method of setting a custom response code if it is available, and fall back to the `X-Status-Code` method
Commits
-------
cc0ef282cd [HttpKernel] Deprecate X-Status-Code for better alternative
This PR was merged into the 3.3-dev branch.
Discussion
----------
Remove some container injections in favor of service locators
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | https://github.com/symfony/symfony/pull/21553#issuecomment-279214666
| License | MIT
| Doc PR | n/a
Commits
-------
8293b753cf Replace some container injections by service locators
0be9ea8ba1 [EventDispatcher] Fix abstract event subscribers registration
This PR was merged into the 3.3-dev branch.
Discussion
----------
[HttpKernel] Added the SessionValueResolver
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #21159
| License | MIT
| Doc PR | (soon)
This feature adds the `SessionValueResolver`. That means that you no longer have to rely on injecting a `SessionInterface` implementation via the constructor or getting this implementation from the `Request`. Regardless of method, it does not know about the `getFlashBag()`.
By adding the `Session` to the action arguments, you can now type-hint against the implementation rather than interface, which contains the `getFlashBag()`, making it accessible rather than using duck-typing.
_It should also feel less like injecting a service into the constructor which has a state or getting a service from the request._
**Old Situation**
```php
class Controller
{
public function __construct(SessionInterface $session) { /* ... */ }
public function fooAction(Request $request)
{
$this->get('session')->get(...);
$request->getSession()->get(...);
$this->session->get(...)
// duck-typing
$this->get('session')->getFlashBag();
$request->getSession()->getFlashBag();
$this->session->getFlashBag();
$this->addFlash(...);
}
}
```
**New Situation** _- The controller shortcut for flashbag could in theory be removed now_
```php
class Controller
{
public function fooAction(Session $session)
{
$session->get(...);
$session->getFlashBag();
}
}
```
Commits
-------
b4464dcea1 Added the SessionValueResolver
This marks the X-Status-Code header method of setting a custom response
status code in exception listeners as deprecated. Instead there is now
a new method on the GetResponseForExceptionEvent that allows successful
status codes in the response sent to the client.
* 3.2:
Refactored other PHPUnit method calls to work with namespaced PHPUnit 6
Refactored other PHPUnit method calls to work with namespaced PHPUnit 6
Further refactorings to PHPUnit namespaces
resolve parameters in definition classes
* 2.8:
Refactored other PHPUnit method calls to work with namespaced PHPUnit 6
Further refactorings to PHPUnit namespaces
resolve parameters in definition classes
* 3.2:
Fix typo in process error message
Update to PHPUnit namespaces
Minor typo fix messsagesData -> messagesData
remove translation data collector when not usable
This PR was merged into the 3.3-dev branch.
Discussion
----------
Secure unserialize by restricting allowed classes when using PHP 7
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | ---
| License | MIT
| Doc PR | ---
While playing around with Symfony in a PHP 7.1 application I noticed a warning in how EnvParameterResoure uses unserialize. Since PHP 7.0 introduced the options argument which allows to restrict which classes can be unserialized for better security, it might make sense to use it here. As far as I can tell this is no BC break, it only provides an additional safety mechanism.
Commits
-------
b4201810b9 Conditionally add options to unserialize in PHP 7.0+.
* 3.2:
[Console] Fix too strict test
[FrameworkBundle] Execute the PhpDocExtractor earlier
[validator] Updated croatian translation
Update DebugHandlersListener.php
ignore invalid cookies expires date format
[Console] SfStyleTest: Remove COLUMN env on tearDown
[TwigBundle] Fix the name of the cache warming test class
[Console] Fix TableCell issues with decoration
Add missing pieces in the upgrade guide to 3.0
* 3.2: (40 commits)
fixed CS
fixed CS
fixed CS fixer config
fixed typo
Revert "fixed typo"
fixed typo
fixed CS
Avoid setting request attributes from signature arguments in AnnotationClassLoader
[DependencyInjection] Add some missing typehints in YamlFileLoader
[DependencyInjection] minor: Fix a DocBlock
[HttpKernel] Give higher priority to adding request formats
[Cache] Fix tags expiration
[PhpUnit] Blacklist DeprecationErrorHandler in stack traces
[PropertyInfo] Don't try to access a property thru a static method
[PropertyInfo] Exclude static methods form properties guessing
[Workflow] Added new validator to make sure each place has unique translation names
[Cache] [PdoAdapter] Fix MySQL 1170 error (blob as primary key)
[FrameworkBundle] Fix third level headers for MarkdownDescriptor
[Ldap] Using Ldap stored username instead of form submitted one
[Ldap] load users with the good username case
...
* 3.1: (31 commits)
fixed CS
fixed CS
fixed CS fixer config
fixed typo
Revert "fixed typo"
fixed typo
fixed CS
Avoid setting request attributes from signature arguments in AnnotationClassLoader
[DependencyInjection] Add some missing typehints in YamlFileLoader
[DependencyInjection] minor: Fix a DocBlock
[HttpKernel] Give higher priority to adding request formats
[PropertyInfo] Don't try to access a property thru a static method
[PropertyInfo] Exclude static methods form properties guessing
[FrameworkBundle] Fix third level headers for MarkdownDescriptor
[Ldap] Using Ldap stored username instead of form submitted one
[Ldap] load users with the good username case
[DoctrineBridge] Fixed invalid unique value as composite key
[Doctrine Bridge] fix UniqueEntityValidator for composite object primary keys
[TwigBundle] do not lose already set method calls
#20411 fix Yaml parsing for very long quoted strings
...
* 2.8: (26 commits)
fixed CS
fixed CS
fixed CS fixer config
fixed typo
Revert "fixed typo"
fixed typo
fixed CS
Avoid setting request attributes from signature arguments in AnnotationClassLoader
[DependencyInjection] Add some missing typehints in YamlFileLoader
[DependencyInjection] minor: Fix a DocBlock
[HttpKernel] Give higher priority to adding request formats
[PropertyInfo] Don't try to access a property thru a static method
[PropertyInfo] Exclude static methods form properties guessing
[FrameworkBundle] Fix third level headers for MarkdownDescriptor
[TwigBundle] do not lose already set method calls
#20411 fix Yaml parsing for very long quoted strings
CS: apply is_null
DX: remove invalid inheritdoc
bumped Symfony version to 2.8.17
updated VERSION for 2.8.16
...
* 2.7:
fixed typo
Revert "fixed typo"
fixed typo
fixed CS
Avoid setting request attributes from signature arguments in AnnotationClassLoader
[DependencyInjection] Add some missing typehints in YamlFileLoader
[DependencyInjection] minor: Fix a DocBlock
[HttpKernel] Give higher priority to adding request formats
[FrameworkBundle] Fix third level headers for MarkdownDescriptor
[TwigBundle] do not lose already set method calls
#20411 fix Yaml parsing for very long quoted strings
CS: apply is_null
DX: remove invalid inheritdoc
bumped Symfony version to 2.7.24
updated VERSION for 2.7.23
update CONTRIBUTORS for 2.7.23
updated CHANGELOG for 2.7.23
[FrameworkBundle] Skip test if xdebug.file_link_format is defined.
* 3.2:
[DI] Add missing legacy group on testLegacy
Minor tweaks
Fix merge
[DI] Dont share service when no id provided
Fix Container and PhpDumper test inaccuracies
[DI] Fix missing new line after private alias
[ClassLoader] Throw an exception if the cache is not writeable
Fixing regression in TwigEngine exception handling.
* 3.1:
Fix merge
[DI] Dont share service when no id provided
Fix Container and PhpDumper test inaccuracies
[DI] Fix missing new line after private alias
[ClassLoader] Throw an exception if the cache is not writeable
Fixing regression in TwigEngine exception handling.
* 2.8:
Fix merge
[DI] Dont share service when no id provided
Fix Container and PhpDumper test inaccuracies
[DI] Fix missing new line after private alias
[ClassLoader] Throw an exception if the cache is not writeable
Fixing regression in TwigEngine exception handling.
* 2.7:
[DI] Dont share service when no id provided
Fix Container and PhpDumper test inaccuracies
[DI] Fix missing new line after private alias
[ClassLoader] Throw an exception if the cache is not writeable
Fixing regression in TwigEngine exception handling.
* 3.2:
[TwigBundle] fixed usage when Templating is not installed
[Validator] Check cascasdedGroups for being countable
[Cache] Add changelog for 3.2
[Cache] Add changelog
[Filesystem] Check that the directory is writable after created it in dumpFile()
[HttpFoundation] Improved set cookie header tests
[Serializer] int is valid when float is expected when deserializing JSON
[Console] increased code coverage of Output classes
Added missing headers in fixture files
[Profiler][VarDumper] Fix minor color issue & duplicated selector
* 3.1:
[TwigBundle] fixed usage when Templating is not installed
[Validator] Check cascasdedGroups for being countable
[Cache] Add changelog
[Filesystem] Check that the directory is writable after created it in dumpFile()
[HttpFoundation] Improved set cookie header tests
[Serializer] int is valid when float is expected when deserializing JSON
[Console] increased code coverage of Output classes
Added missing headers in fixture files
[Profiler][VarDumper] Fix minor color issue & duplicated selector
This PR was merged into the 3.3-dev branch.
Discussion
----------
Deprecate ClassCollectionLoader and Kernel::loadClassCache
| Q | A
| ------------- | ---
| Branch? | "master"
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | yes
| Tests pass? | yes
| Fixed tickets | #20668
| License | MIT
As suggested by @nicolas-grekas in #20668 I added deprecation notices to ClassCollectionLoader and Kernel::loadClassCache.
Commits
-------
660d79a186 Deprecates ClassCache-cache warmer.
This PR was merged into the 3.3-dev branch.
Discussion
----------
No fallback to REQUEST_TIME in TimeDataCollector
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | no
| BC breaks? | no (?)
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | ~
| License | MIT
| Doc PR | ~
As of PHP 5.4 the `REQUEST_TIME_FLOAT` is available and the minimum version of PHP is 5.5 in Symfony. I think it's safe to use as I can't find cases where this is _not_ defined.
Commits
-------
ba00543 No fallback to REQUEST_TIME in TimeDataCollector
* 3.2:
[FrameworkBundle] Ignore AnnotationException exceptions in the AnnotationsCacheWarmer
fixed @return when returning this or static
override property constraints in child class
removed unneeded comment
[Console] improved code coverage of Command class
[FrameworkBundle] Make TemplateController working without the Templating component
[FrameworkBundle] Allow multiple transactions with the same name
Only count on arrays or countables to avoid warnings in PHP 7.2
* 3.1:
fixed @return when returning this or static
override property constraints in child class
removed unneeded comment
[Console] improved code coverage of Command class
[FrameworkBundle] Make TemplateController working without the Templating component
Only count on arrays or countables to avoid warnings in PHP 7.2
* 2.8:
fixed @return when returning this or static
override property constraints in child class
removed unneeded comment
[Console] improved code coverage of Command class
[FrameworkBundle] Make TemplateController working without the Templating component
Only count on arrays or countables to avoid warnings in PHP 7.2
* 2.7:
fixed @return when returning this or static
override property constraints in child class
[Console] improved code coverage of Command class
Only count on arrays or countables to avoid warnings in PHP 7.2
* 3.1:
fixed obsolete getMock() usage
fixed obsolete getMock() usage
fixed obsolete getMock() usage
[WebProfilerBundle] Display multiple HTTP headers in WDT
do not remove the Twig ExceptionController service
removed obsolete condition
do not try to register incomplete definitions
* 2.8:
fixed obsolete getMock() usage
fixed obsolete getMock() usage
[WebProfilerBundle] Display multiple HTTP headers in WDT
do not remove the Twig ExceptionController service
removed obsolete condition
do not try to register incomplete definitions
This PR was merged into the 3.3-dev branch.
Discussion
----------
[WebProfilerBundle] Split PHP version if needed
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes/no
| Fixed tickets | https://github.com/symfony/symfony/pull/20697#issuecomment-263966015
| License | MIT
| Doc PR | symfony/symfony-docs#... <!--highly recommended for new features-->
Commits
-------
1241a00 [WebProfilerBundle] Split PHP version if needed
This PR was merged into the 3.3-dev branch.
Discussion
----------
Request exceptions
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | yes
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #20389, #20615, #20662
| License | MIT
| Doc PR | n/a
Replaces #20389 and #20662. The idea is to generically manage 400 responses when an exception implements `RequestExceptionInterface`.
The "weird" caches on the request for the host and the clients IPs allows to correctly manage exceptions in an exception listener/controller (as we are duplicating the request there, but we don't want to throw an exception there).
Commits
-------
32ec288 [HttpFoundation] refactored Request exceptions
d876809 Return a 400 response for suspicious operations
This PR was merged into the 3.3-dev branch.
Discussion
----------
[HttpKernel] Fix Bundle name regression
| Q | A
| ------------- | ---
| Branch? | 3.2
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #20117
| License | MIT
| Doc PR | N/A
The bundle name can be set manually instead of being guessed from the class name, as the property is protected.
However, a regression prevents this name to be used, as calling `Bundle::getNamespace()` recomputes the bundle name from class instead.
The ability to name explicitly bundles is appreciable when dealing with "virtual" ones, or when providing bundles in a library under a `Vendor\MyPackage\Bridge\Symfony\Bundle` namespace. No need to rename the bundle class `VendorMyPackageBundle` which will make the instantiation in `Kernel::registerBundle()` quite ugly:
```diff
- new Vendor\MyPackage\Bridge\Symfony\Bundle\VendorMyPackageBundle()
+ new Vendor\MyPackage\Bridge\Symfony\Bundle\Bundle()
```
What about removing `Bundle::parseClassName()` and processing the namespace and bundle name separately, but keeping the `namespace` property introduced in #20117?
Commits
-------
3b5127d [HttpKernel] Fix Bundle name regression