This PR was squashed before being merged into the 3.4 branch.
Discussion
----------
[HttpKernel] Fix that the `Store` would not save responses with the X-Content-Digest header present
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets |
| License | MIT
| Doc PR |
Responses fetched from upstream sources might have a `X-Content-Digest` header, for example if the Symfony Cache is used upstream. This currently prevents the `Store` from saving such responses. In general, the value of this header should not be trusted.
As I consider this header an implementation detail of the `Store`, the fix tries to be local to that class; we should not rely on the `HttpCache` or other classes to remove untrustworthy headers for us.
This fixes the issue that when using the `HttpCache` in combination with the Symfony HttpClient, responses that have also been cached upstream in an instance of `HttpCache` are not cached locally. It adds the overhead of re-computing the content digest every time the `HttpCache` successfully re-validated a response.
Commits
-------
d8964fb8b7 [HttpKernel] Fix that the `Store` would not save responses with the X-Content-Digest header present
This PR was squashed before being merged into the 3.4 branch.
Discussion
----------
[Intl] bump icu 67.1
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| Tickets | Fix #... <!-- prefix each issue number with "Fix #", if any -->
| License | MIT
| Doc PR | symfony/symfony-docs#... <!-- required for new features -->
mainly some new locales+scripts (see 3a3a9ba)
Commits
-------
29eb271184 [Intl] bump icu 67.1
Before this fix it was unavailable to create Connection with access_key and secret_key in options, because they were added to $clientConfiguration var, and check for extra options was against $configuration var. Which lead to exception.
The idea is to check input options against self::DEFAULT_OPTIONS (which contains all available options)
* 5.0:
[PhpUnitBridge] fix bad detection of unsilenced deprecations
[Security] Unserialize $parentData, if needed, to avoid errors
[HttpKernel] Fix error logger when stderr is redirected to /dev/null (FPM)
* 4.4:
[PhpUnitBridge] fix bad detection of unsilenced deprecations
[Security] Unserialize $parentData, if needed, to avoid errors
[HttpKernel] Fix error logger when stderr is redirected to /dev/null (FPM)
This PR was squashed before being merged into the 4.4 branch.
Discussion
----------
[Security] Unserialize $parentData, if needed, to avoid errors
Check that the $parentData is an array. If it's a string, the variable is unserialized.
Useful to not break the compatibility with the older versions.
Bug reproduced when upgrading from 3.4 to 4.4
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | Fix#36813
| License | MIT
| Doc PR | symfony/symfony-docs#... <!-- required for new features -->
Commits
-------
b447433b67 [Security] Unserialize $parentData, if needed, to avoid errors
This PR was merged into the 3.4 branch.
Discussion
----------
[HttpKernel] Fix error logger when stderr is redirected to /dev/null
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no <!-- please update src/**/CHANGELOG.md files -->
| Deprecations? | no <!-- please update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| Tickets | n/a <!-- prefix each issue number with "Fix #", if any -->
| License | MIT
| Doc PR | n/a
The HttpKernel Logger is meant to be used as a last resort logging mechanism when no logger has been explicitly configured (Monolog is not a dependency for instance).
For small apps, that can be more than enough.
But under some circumstances, it does not work. When you are using PHP-FPM, `stderr` is ignored by default (`catch_workers_output` is `false`) and so, logs are ignored as well. There is no issue with the official PHP Docker image as the setting has been explicitly set to `true`. Not an issue with Symfony CLI as well, as we also change the setting. Not a problem either with the PHP built-in server as it does not use PHP FPM anyway.
But, in many other places, where the setting has its default value, logs are lost (as you can imagine, it happened to me). As this feature is meant to be a fallback, I think it should always work, or at least, we need to make everything possible to make it work out of the box; that's why I've considered it a bug and hence a PR on 3.4.
This PR changes the default value for the output to `null`, which uses `error_log()` instead of `stderr` to log errors. Why is it better? The output of `error_log()` is controllable by the `error_logs` PHP ini setting and it is well understood by everyone (the default configuration should always work well); so it should work in most/more cases.
The other change (to be discussed) is to also log messages at the `ERROR` level and not just the `CRITICAL` ones.
/cc @dunglas
Commits
-------
5f829bdaeb [HttpKernel] Fix error logger when stderr is redirected to /dev/null (FPM)
This PR was merged into the 4.4 branch.
Discussion
----------
[HttpKernel] Bring back the debug toolbar
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | Fix#36836
| License | MIT
| Doc PR | N/A
This PR effectively reverts #36789 in order to fix a regression caused by that PR.
Commits
-------
9f8d225aa1 Revert "Change priority of KernelEvents::RESPONSE subscriber"
This PR was merged into the 5.1-dev branch.
Discussion
----------
[Security] Improved upgrade path for custom remember me services
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | -
| Deprecations? | -
| Tickets | https://github.com/symfony/symfony/pull/36806#issuecomment-628592543
| License | MIT
| Doc PR |
This improves the upgrade path for custom remember me services now `LogoutHandlerInterface` has been deprecated.
As suggested in https://github.com/symfony/symfony/pull/36806#issuecomment-628592543, the `logout()` method should be added to the `RememberMeServicesInterface` in Symfony 6.
This patch allows developers to write a custom class implementing only `RememberMeServicesInterface` with a `logout()` method. Requiring them to implement `LogoutHandlerInterface` will mean they have to maintain 2 version of the class to support both Symfony 5.1+ and 6.0.
Commits
-------
c49d00f984 Added deprecation for RememberMe services without logout() method
* 5.0:
[VarDumper] fix for change in PHP 7.4.6 (bis)
[VarExporter] fix for change in PHP 7.4.6
[BrowserKit] Allow Referer set by history to be overridden (3.4)
* 4.4:
[VarDumper] fix for change in PHP 7.4.6 (bis)
[VarExporter] fix for change in PHP 7.4.6
[BrowserKit] Allow Referer set by history to be overridden (3.4)
This PR was merged into the 3.4 branch.
Discussion
----------
[BrowserKit] Allow Referer set by history to be overridden
| Q | A
| ------------- | ---
| Branch? | 3.4, see https://github.com/symfony/symfony/pull/36591 for 5.0
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets |
| License | MIT
| Doc PR |
Commits
-------
4774946fbd [BrowserKit] Allow Referer set by history to be overridden (3.4)
This PR was squashed before being merged into the 5.1-dev branch.
Discussion
----------
[DI] Renamed some PHP-DSL functions
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | -
As discussed in #36778, Symfony wants to move from XML to PHP for its own configuration. I propose these function renames to make the PHP-DSL a bit easier to understand:
```php
<?php
// Before
$services->set(Foo::class)
->args([ref(Bar::class), service('stdClass')]);
// After
$services->set(Foo::class)
->args([service(Bar::class), inline_service('stdClass')]);
```
Commits
-------
366405b93d [DI] Renamed some PHP-DSL functions
This PR was merged into the 5.1-dev branch.
Discussion
----------
RememberMeLogoutListener should depend on LogoutHandlerInterface
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| License | MIT
`RememberMeLogoutListener`, which was introduced together with the new authenticator security in Symfony 5.1, depends on `AbstractRememberMeServices`. This forces people to always extend from `AbstractRememberMeServices`, even when they're implementing the correct interface.
I'd suggest to depend on the minimum interface, which is `LogoutHandlerInterface`, instead.
Example of the type errors you'd get otherwise:
`
Argument 1 passed to Symfony\Component\Security\Http\EventListener\RememberMeLogoutListener::__construct() must be an instance of Symfony\Component\Security\Http\RememberMe\AbstractRememberMeServices, instance of Scheb\TwoFactorBundle\Security\Authentication\RememberMe\RememberMeServicesDecorator given, called in var/cache/dev/Container3IpOCEd/getSecurity_Logout_Listener_RememberMe_MainService.php on line 22
`
with
```php
class RememberMeServicesDecorator implements RememberMeServicesInterface, LogoutHandlerInterface
[...]
```
Commits
-------
994700fbae Depend on LogoutHandlerInterface
This PR was merged into the 5.1-dev branch.
Discussion
----------
[String] Move Inflector's polyfill-ctype dependency to String
| Q | A
| ------------- | ---
| Branch? | 5.1
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | N/A
| License | MIT
| Doc PR | N/A
With #35092, the inflector implementation was moved to the string component, including all calls to `ext-ctype`. This is why I think the dependency on the corresponding polyfill should be moved as well, which is what this PR does.
Commits
-------
de960b8007 [String] Move Inflector's polyfill-ctype dependency to String.
* 5.0:
[VarDumper] fix for change in PHP 7.4.6
Added regression test for AccountStatusException behavior (ref #36822)
[HttpClient] fix PHP warning + accept status code >= 600
[Security/Core] fix compat of `NativePasswordEncoder` with pre-PHP74 values of `PASSWORD_*` consts
embed resource name in error message
[FrameworkBundle] fix stringable annotation
Change priority of KernelEvents::RESPONSE subscriber
Fix register event listeners compiler pass
Missing description in `messenger:setup-transports` command
[Serializer] fix issue with PHP 8
[WebProfiler] Remove 'none' when appending CSP tokens
[TwigBundle] FormExtension does not have a constructor anymore since sf 4.0
[Yaml] Fix escaped quotes in quoted multi-line string
* 4.4:
[VarDumper] fix for change in PHP 7.4.6
Added regression test for AccountStatusException behavior (ref #36822)
[HttpClient] fix PHP warning + accept status code >= 600
[Security/Core] fix compat of `NativePasswordEncoder` with pre-PHP74 values of `PASSWORD_*` consts
embed resource name in error message
[FrameworkBundle] fix stringable annotation
Change priority of KernelEvents::RESPONSE subscriber
Fix register event listeners compiler pass
Missing description in `messenger:setup-transports` command
[Serializer] fix issue with PHP 8
[WebProfiler] Remove 'none' when appending CSP tokens
[TwigBundle] FormExtension does not have a constructor anymore since sf 4.0
[Yaml] Fix escaped quotes in quoted multi-line string
This PR was merged into the 4.4 branch.
Discussion
----------
[HttpClient] fix PHP warning + accept status code >= 600
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | Fix#36717
| License | MIT
| Doc PR | -
This fixes the PHP warning reported in the linked issue.
This also relaxes the accepted status codes, with https://www.linkedin.com/company/linkedin/ as an example that returns a non-conformant one (`999`).
These are now handled as 5xx codes, ie they trigger a ServerException.
Commits
-------
c764b5c36e [HttpClient] fix PHP warning + accept status code >= 600
This PR was merged into the 4.4 branch.
Discussion
----------
[Security/Core] fix compat of `NativePasswordEncoder` with pre-PHP74 values of `PASSWORD_*` consts
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | Fix#36451
| License | MIT
| Doc PR | -
Commits
-------
df32171cb2 [Security/Core] fix compat of `NativePasswordEncoder` with pre-PHP74 values of `PASSWORD_*` consts
This PR was merged into the 4.4 branch.
Discussion
----------
[DependencyInjection] Fix register event listeners compiler pass
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets |
| License | MIT
| Doc PR |
I've wanted to use the simpler event listener registration syntax (https://symfony.com/blog/new-in-symfony-4-4-simpler-event-listeners) in my project and it didn't work so I'm sending this fix.
We use the `KnpPaginatorBundle` bundle which also [calls the `RegisterListenersPass` compiler pass](https://github.com/KnpLabs/KnpPaginatorBundle/blob/v5.2.0/src/DependencyInjection/Compiler/PaginatorConfigurationPass.php#L22) in order to register with the event dispatcher their custom tags for listeners and subscribers (`knp_paginator.listener` and `knp_paginator.subscriber`).
Their compiler pass is `TYPE_BEFORE_REMOVING` and priority zero which is the same type and priority as the pass that gets [added by FrameworkBundle](https://github.com/symfony/symfony/blob/v4.4.8/src/Symfony/Bundle/FrameworkBundle/FrameworkBundle.php#L125). Since both the type and priority is the same the order of execution is `undefined` (because [that is how regular sort behaves in PHP which is used by default by `krsort`](https://github.com/symfony/symfony/blob/v4.4.8/src/Symfony/Component/DependencyInjection/Compiler/PassConfig.php#L264)) and the `RegisterListenersPass` currently removes the `eventAliasesParameter` parameter from the container if it is set (which is [set here](https://github.com/symfony/symfony/blob/v4.4.8/src/Symfony/Bundle/FrameworkBundle/Resources/config/services.xml#L9)). So what happens in my app is that the Knp compiler pass runs first, the `event_dispatcher.event_aliases` parameter is removed and then the FrameworkBundle registered compiler pass runs and since the aliases are not present anymore the events do not get aliased properly. The event dispatcher service in the compiled container looks like:
```php
$instance->addListener('Symfony\Component\HttpKernel\Event\RequestEvent', ...);
```
instead of the expected
```php
$instance->addListener('kernel.request', ...);
```
This means that my listener never gets called on the kernel request event.
Another potential fix would be to adjust the Knp compiler pass priority, but seeing as that would fix only that bundle (who knows how many bundles out there have the same problem) and that I don't see any drawback in letting the `event_dispatcher.event_aliases` parameter stay in the container I think that this is better to fix here.
Commits
-------
646878d072 Fix register event listeners compiler pass
* 3.4:
[VarDumper] fix for change in PHP 7.4.6
Added regression test for AccountStatusException behavior (ref #36822)
embed resource name in error message
[Serializer] fix issue with PHP 8
[Yaml] Fix escaped quotes in quoted multi-line string
This PR was merged into the 3.4 branch.
Discussion
----------
[Translator] embed resource name in error message
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| Tickets |
| License | MIT
| Doc PR |
Someone reported on Slack that they accidentally stored a translation file with the `.twig` extension and that the error message was quite confusing.
Commits
-------
507a5963e4 embed resource name in error message
This PR was merged into the 3.4 branch.
Discussion
----------
[Security] Update test to test AccountStatusException behavior
| Q | A
| ------------- | ---
| Branch? | 3.4 (behavior is this way since 2.0)
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | -
See https://github.com/symfony/symfony/pull/36822
This PR updates the `AccountStatusException` test to test the expected behavior of this exception (and its difference from `AuthenticationException`).
Commits
-------
08fbfcf5a0 Added regression test for AccountStatusException behavior (ref #36822)
