This PR was merged into the 4.3-dev branch.
Discussion
----------
[Security] deprecate BCryptPasswordEncoder in favor of NativePasswordEncoder
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | yes
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
Follow up of #31140
Commits
-------
e197398d2f [Security] deprecate BCryptPasswordEncoder in favor of NativePasswordEncoder
An undefined SYMFONY_DEPRECATION_HELPER environment variable translates
to false, and that was previously interpreted as 0, which means strict
mode.
This restores backwards compatibility with the previous behavior, which
got broken in 1c73f9cfed .
This PR was merged into the 4.3-dev branch.
Discussion
----------
[Security] Add NativePasswordEncoder
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
This PR adds a new `NativePasswordEncoder` that defaults to the best available hashing algo to `password_hash()`. Best is determined by "us" or "php", the goal being that this will change in the future as new algos are published.
This provides a native encoder that we should recommend using by default.
Commits
-------
28f7961c55 [Security] Add NativePasswordEncoder
* 4.2:
Revert "bug #30423 [Security] Rework firewall's access denied rule (dimabory)"
[FrameworkBundle] minor: remove a typo from changelog
[VarDumper] fix tests with ICU 64.1
[VarDumper][Ldap] relax some locally failing tests
[Validator] #30192 Added the missing translations for the Tagalog ("tl") locale.
Make MimeTypeExtensionGuesser case insensitive
Fix get session when the request stack is empty
[Routing] fix trailing slash redirection with non-greedy trailing vars
[FrameworkBundle] decorate the ValidatorBuilder's translator with LegacyTranslatorProxy
This PR was merged into the 4.2 branch.
Discussion
----------
[Routing] fix trailing slash redirection with non-greedy trailing vars
| Q | A
| ------------- | ---
| Branch? | 4.2
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #30863, #31066
| License | MIT
| Doc PR | -
Fixes redirecting `/123/` to `/123` when the route is defined as `/{foo<\d+>}`
Commits
-------
d88833d27a [Routing] fix trailing slash redirection with non-greedy trailing vars
This PR was merged into the 4.2 branch.
Discussion
----------
[FrameworkBundle] decorate the ValidatorBuilder's translator with LegacyTranslatorProxy
| Q | A
| ------------- | ---
| Branch? | 4.2
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #31092, #31025
| License | MIT
| Doc PR | -
This allows defining a translator that implements only the new interface and use it with ValidatorBuilder.
ping @dvdknaap, @snebes since you were affected.
Commits
-------
a12656eaad [FrameworkBundle] decorate the ValidatorBuilder's translator with LegacyTranslatorProxy
This PR was merged into the 4.2 branch.
Discussion
----------
[HttpKernel] Fix get session when the request stack is empty
| Q | A
| ------------- | ---
| Branch? | 4.2
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
This bug happen behind an exception on a kernel response event, when one collector (e.g. `RequestDataCollector`) is trying to get the request session and the request stack is currently empty.
**Reproducer**
https://github.com/yceruto/get-session-bug (`GET /`)
See logs on terminal:
```bash
Apr 15 20:29:03 |ERROR| PHP 2019-04-15T20:29:03-04:00 Call to a member function isSecure() on null
Apr 15 20:29:03 |ERROR| PHP PHP Fatal error: Uncaught Symfony\Component\Debug\Exception\FatalThrowableError: Call to a member function isSecure() on null in /home/yceruto/demos/getsession/vendor/symfony/http-kernel/EventListener/SessionListener.php:43
Apr 15 20:29:03 |DEBUG| PHP Stack trace:
Apr 15 20:29:03 |DEBUG| PHP #0 /home/yceruto/demos/getsession/vendor/symfony/http-kernel/EventListener/AbstractSessionListener.php(59): Symfony\Component\HttpKernel\EventListener\SessionListener->getSession()
Apr 15 20:29:03 |DEBUG| PHP #1 /home/yceruto/demos/getsession/vendor/symfony/http-foundation/Request.php(707): Symfony\Component\HttpKernel\EventListener\AbstractSessionListener->Symfony\Component\HttpKernel\EventListener\{closure}()
Apr 15 20:29:03 |DEBUG| PHP #2 /home/yceruto/demos/getsession/vendor/symfony/http-kernel/DataCollector/RequestDataCollector.php(65): Symfony\Component\HttpFoundation\Request->getSession()
Apr 15 20:29:03 |DEBUG| PHP #3 /home/yceruto/demos/getsession/vendor/symfony/http-kernel/Profiler/Profiler.php(167): Symfony\Component\HttpKernel\DataCollector\RequestDataCollector->collect(Object(Symfony\Component\HttpFoundation\Request), Object(Symfony\Component\HttpFoundation\Respo in /home/yceruto/demos/getsession/vendor/symfony/http-kernel/EventListener/SessionListener.php on line 43
```
Friendly ping @nicolas-grekas as author of the previous PR https://github.com/symfony/symfony/pull/28244
Commits
-------
d62ca37ab6 Fix get session when the request stack is empty
* 3.4:
Revert "bug #30423 [Security] Rework firewall's access denied rule (dimabory)"
[FrameworkBundle] minor: remove a typo from changelog
[VarDumper][Ldap] relax some locally failing tests
[Validator] #30192 Added the missing translations for the Tagalog ("tl") locale.
Make MimeTypeExtensionGuesser case insensitive
This PR was merged into the 3.4 branch.
Discussion
----------
[Validator] Added the missing translations for the Tagalog ("tl") locale
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | No
| New feature? | No
| BC breaks? | No
| Deprecations? | No
| Tests pass? | Yes
| Fixed tickets | #30192
| License | MIT
| Doc PR |
[Validator] This pull request will add the missing translations for the Tagalog ("tl") locale.
Commits
-------
6ab574b7c9 [Validator] #30192 Added the missing translations for the Tagalog ("tl") locale.
This PR was merged into the 3.4 branch.
Discussion
----------
[HttpFoundation] Make MimeTypeExtensionGuesser case insensitive
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #... <!-- #-prefixed issue number(s), if any -->
| License | MIT
| Doc PR | symfony/symfony-docs#... <!-- required for new features -->
Some mime types have a camelCase word in them.
The Apache HTTPD project list items are all lower case.
So I suggest making the $mimeType string lowercase while checking the array key.
That way, we can keep the list in sync.
Example: xlsm file mime type is `application/vnd.ms-excel.sheet.macroEnabled.12`
The key that matches the xlsm extension in the `$defaultExtensions` array is `application/vnd.ms-excel.sheet.macroenabled.12`
Example xlsm file:
https://github.com/vermeirentony/xlsm-example
Commits
-------
e294ee6b9a Make MimeTypeExtensionGuesser case insensitive
This PR was merged into the 3.4 branch.
Discussion
----------
[FrameworkBundle][Form] Fix XSS issues in the form theme of the PHP templating engine
Based on #88
Commits
-------
ab4d05358c Fix XSS issues in the form theme of the PHP templating engine
This PR was merged into the 3.4 branch.
Discussion
----------
[Security] Add a separator in the remember me cookie hash
Based on #89
Commits
-------
a29ce2817c [Security] Add a separator in the remember me cookie hash
* 4.2:
bumped Symfony version to 4.2.7
updated VERSION for 4.2.6
updated CHANGELOG for 4.2.6
bumped Symfony version to 3.4.26
updated VERSION for 3.4.25
update CONTRIBUTORS for 3.4.25
updated CHANGELOG for 3.4.25
Workaround for \DateInterval::createFromDateString()
[DoctrineBridge] [DX] Update exception text in ManagerRegistry::resetService to avoid confusion.
Missing Lithuanian translations added to validator component.
* 3.4:
bumped Symfony version to 3.4.26
updated VERSION for 3.4.25
update CONTRIBUTORS for 3.4.25
updated CHANGELOG for 3.4.25
Workaround for \DateInterval::createFromDateString()
Missing Lithuanian translations added to validator component.
This PR was merged into the 4.3-dev branch.
Discussion
----------
[Messenger] Remove base64_encode & use addslashes
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | none
| License | MIT
| Doc PR | already covered by existing issue
In #30814, we base64_encoded messages because some transports (specifically DoctrineTransport + Postgresql & SQS) do not allow binary data.
The downside is that the messages become unreadable, which makes it much less convenient to debug your messages with 3rd party monitoring tools, for example.
This PR replaces base64_encode with addslashes. Another alternative (that I first tried in this PR) was to use a blob type, which Drupal does in its code (https://www.drupal.org/project/drupal/issues/690746). But, it still meant that binary data could cause problems with other transports, like SQS.
I also put all the serializer config under a nice, neat `serializer` key under messenger.
Best seen with `?w=1`.
Cheers!
Commits
-------
70b448d120 Reorganizing messenger serializer config and replacing base64_encode with addslashes
This PR was squashed before being merged into the 4.3-dev branch (closes#31040).
Discussion
----------
[BrowserKit] Fixed BC-break introduced by rename of Client to Browser
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | https://github.com/symfony/symfony/issues/31039
| License | MIT
| Doc PR |
Since #30541 the inheritance hierarchy of `\Symfony\Component\BrowserKit\Client` has changed. Notably the test.client no longer is an instance of `\Symfony\Component\BrowserKit\Client`.
This PR uses `class_alias` to fix the class hierarchy similarly as has been done in Twig. In this case I copied the approach of `Twig_TokenParser_AutoEscape` and `\Twig\TokenParser\AutoEscapeTokenParser`
Commits
-------
6a94dea5cd [BrowserKit] Fixed BC-break introduced by rename of Client to Browser
This PR was merged into the 4.3-dev branch.
Discussion
----------
[Serializer] Use name converter when normalizing constraint violation list
| Q | A
| ------------- | ---
| Branch? | master <!-- see below -->
| Bug fix? | no
| New feature? | yes <!-- don't forget to update src/**/CHANGELOG.md files -->
| BC breaks? | no <!-- see https://symfony.com/bc -->
| Deprecations? | no <!-- don't forget to update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| Tests pass? | yes <!-- please add some, will be required by reviewers -->
| Fixed tickets | #... <!-- #-prefixed issue number(s), if any -->
| License | MIT
| Doc PR | symfony/symfony-docs#... <!-- required for new features -->
When using name converter with serializer and the default ConstraintViolationListNormalizer, returned propertyPaths was not converted to the same format.
<!--
Write a short README entry for your feature/bugfix here (replace this comment block.)
This will help people understand your PR and can be used as a start of the Doc PR.
Additionally:
- Bug fixes must be submitted against the lowest branch where they apply
(lowest branches are regularly merged to upper ones so they get the fixes too).
- Features and deprecations must be submitted against the master branch.
-->
Commits
-------
dd93b707cc Use name converter when normalizing constraint violation list
This PR was squashed before being merged into the 4.3-dev branch (closes#28846).
Discussion
----------
[Intl] Simplify API
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| BC breaks? | no <!-- see https://symfony.com/bc -->
| Deprecations? | no
| Tests pass? | yes <!-- please add some, will be required by reviewers -->
| Fixed tickets | #18368
| License | MIT
| Doc PR | https://github.com/symfony/symfony-docs/issues/11221
Simplifies the Intl API. It greatly reduces the no. of boilerplate classes in this component. Very over complicated, much wow :)
Solving (IMHO):
```php
class LanguageBundle extends LanguageDataProvider implements LanguageBundleInterface
```
Which seems very over complicated just to provide static data.
```php
// before
Intl::getLanguageBundle()->getLanguageName() // string | null
// after
Languages::getName() // string
Languages::exists() // bool
```
I left out Canonicalization on puropose, that's a new topic to me.
- [x] Languages
- [x] Locales
- [x] Currencies
- [x] Regions
- [x] Scripts
- [ ] Timezones (#28831)
- [x] Update constraints
- [x] Update form types
Thoughts?
Commits
-------
d6b67d469a [Intl] Simplify API
* 4.2:
Skip testing the phpunit-bridge on not-master branches when $deps is empty
more tests
[DI] Fixes: #28326 - Overriding services autowired by name under _defaults bind not working
[DI] fix removing non-shared definition while inlining them
* 3.4:
Skip testing the phpunit-bridge on not-master branches when $deps is empty
more tests
[DI] Fixes: #28326 - Overriding services autowired by name under _defaults bind not working
This PR was merged into the 4.2 branch.
Discussion
----------
[DI] fix removing non-shared definition while inlining them
| Q | A
| ------------- | ---
| Branch? | 4.2
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #29628
| License | MIT
| Doc PR | -
I didn't manage to create a specific test case but this still has 100% coverage for the added lines and fixed the reproducer (and makes sense also :) )
Commits
-------
317e820694 [DI] fix removing non-shared definition while inlining them
This PR was merged into the 3.4 branch.
Discussion
----------
[DI] Overriding services autowired by name under _defaults bind not working
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #28326
| License | MIT
This is an implementation of ideas and suggestions of @nicolas-grekas and @GuilhemN.
Commits
-------
7e805eae2b more tests
35a40ace6f [DI] Fixes: #28326 - Overriding services autowired by name under _defaults bind not working
This PR was merged into the 4.3-dev branch.
Discussion
----------
[PhpUnitBridge] Url encoded deprecations helper config
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | yes
| Tests pass? | yes
| Fixed tickets | #28048
| License | MIT
| Doc PR | https://github.com/symfony/symfony-docs/pull/10701
First stab at implementing a new way of configuring the deprecation error handler. Includes a refactoring to keep things manageable.
Rework of #24867, blocked by #29718
TODO:
- [x] make the code 5.5 compatible 😢
- [x] add more tests
- [x] deprecate modes (using echo :P)
- [x] test this on real life projects and add some screenshots
- [x] docs PR
- [x] handle `strict`
- [x] adapt existing CI config
# Quiet configuration
# Default configuration
Commits
-------
1c73f9cfed [PhpUnitBridge] Url encoded deprecations helper config
This PR was merged into the 4.3-dev branch.
Discussion
----------
[HttpClient] Document the state object that is passed around by the HttpClient
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | N/A
| License | MIT
| Doc PR | N/A
In an attempt to make the code of the new HttpClient component more understandable, I've introduced internal classes that document the `$multi` object that is being passed around between *Client and *Response classes.
My goal is to make the code more accessible to potential contributors and static code analyzers.
Commits
-------
20f4eb3204 Document the state object that is passed around by the HttpClient.
This PR was merged into the 4.2 branch.
Discussion
----------
[FrameworkBundle] Fix for Controller DEPRECATED when using composer --optimized
| Q | A |
| --- | --- |
| Branch? | 4.2 |
| Bug fix? | Yes |
| New feature? | No |
| BC breaks? | No |
| Deprecations? | No |
| Tests pass? | Yes |
| Fixed tickets | --- |
| License | MIT |
Using `composer --optimize-autoload` causes `console cache:clear` (without warmup) to give DEPRECATED error, that stays in profiler.
I moved `@trigger_error` from beggining of the file to Controller __consctruct method.
Commits
-------
2ae2fd800d [FrameworkBundle] Fix Controller deprecated when using composer --optimized
Keep to use the same CS in all the Symfony code base.
Use:
```php
$resolver->setDefaults([
'compound' => false
]);
```
Instead of:
```php
$resolver->setDefaults(
[
'compound' => false,
]
);
```
Keep the double split when the method has two or more arguments.
I miss a PSR with this rule.
* 4.2:
Catch empty deprecation.log silently (fixes#31050)
minor: the meaning of the data breach was not correct
Optimize SVGs
property normalizer should also pass format and context to isAllowedAttribute
* 3.4:
minor: the meaning of the data breach was not correct
Optimize SVGs
property normalizer should also pass format and context to isAllowedAttribute
This PR was merged into the 3.4 branch.
Discussion
----------
Optimize SVGs
| Q | A
| ------------- | ---
| Branch? | 3.4 <!-- see below -->
| Bug fix? | yes
| New feature? | no <!-- don't forget to update src/**/CHANGELOG.md files -->
| BC breaks? | no <!-- see https://symfony.com/bc -->
| Deprecations? | no <!-- don't forget to update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| Tests pass? | yes <!-- please add some, will be required by reviewers -->
| Fixed tickets | / <!-- #-prefixed issue number(s), if any -->
| License | MIT
| Doc PR | / <!-- required for new features -->
Used [svgo](https://github.com/svg/svgo) to optimize the svgs. I kept the `viewBox` attribute to keep the aspects when SVGs are rescaled.
I also added `insert_final_newline = false` to the `.editorconfig` file because the newlines are removed from the SVGs and there's only one line left.
Commits
-------
4614cea9d2 Optimize SVGs
This PR was squashed before being merged into the 4.3-dev branch (closes#31073).
Discussion
----------
#30998 Fix deprecated setCircularReferenceHandler call
| Q | A
| ------------- | ---
| Branch? | 4.2
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #30998
| License | MIT
Instead of calling the `setCircularReferenceHandler()` method, it puts the handler in the default context.
Commits
-------
3a680402ce#30998 Fix deprecated setCircularReferenceHandler call
This PR was merged into the 3.4 branch.
Discussion
----------
property normalizer should also pass format and context to isAllowedAttribute
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | found while working on https://github.com/symfony/symfony/pull/30888
| License | MIT
| Doc PR | -
the context and format are optional parameters to `isAllowedAttribute`, but should be forwarded. due to this omission, the PropertyNormalizer was ignoring the 'attributes' context option (and does in version 4 also ignore the 'ignore_attributes' context option - that one is a property on the normalizer class in version 3 and therefore not ignored here)
Commits
-------
13e2fb735d property normalizer should also pass format and context to isAllowedAttribute
This PR was merged into the 4.3-dev branch.
Discussion
----------
[Dotenv] Improve Dotenv messages
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | no
| Fixed tickets | no
| License | MIT
| Doc PR | no
This PR improves a little bit of some messages from https://github.com/symfony/symfony/pull/31062
The first, passive sentences may be more suitable here because the value couldn't change by itself. It is changed by us - human.
The second, if we use **The default value of $usePutenv" argument of "%s\'s constructor**, we have to pass `__CLASS__` as the second parameter of `sprintf` function instead of `__METHOD__`. So, I suggest using **The default value of $usePutenv" argument of "%s"**.
Finally, the deprecation warning of `Dotenv::__construct()` is very long. Let's separate it into 2 pieces for readable reason.
Commits
-------
e871a6a83a Improve Dotenv messages
This PR was merged into the 4.3-dev branch.
Discussion
----------
[Mailer] fixed roundrobin test one dead which should recover
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | WIP <!-- please add some, will be required by reviewers -->
| License | MIT
| Doc PR | n/a
The Test `testSendOneDeadButRecover` is not checking the recovery part of its job. I fixed that by adding more `send` calls and added another test so that both recoveries (within retry period and not within retry period) are covered.
The `RoundRobinTransport` had a bug where the transport is dead but not yet in the `retryPeriod`. In that case the transport would not have been added back to the stack and thus got lost. Fixed that but that required an additional check if all transports are dead to prevent an infinite loop.
Commits
-------
5d4d4e7a71 fixed roundrobin dead transport which should recover
ccbb171312 fixed roundrobin dead transport which should recover
* 4.2:
fixed bad merge
Show more accurate message in profiler when missing stopwatch
CS Fixes: Not double split with one array argument
[Serializer] Add default object class resolver
Remove redundant animation prefixes
Remove redundant `box-sizing` prefixes
[VarExporter] support PHP7.4 __serialize & __unserialize
Rework firewall access denied rule
MetadataAwareNameConverter: Do not assume that property names are strings
[VarExporter] fix exporting classes with private constructors
fixed CS
Fix missing $extraDirs when open_basedir returns
This PR was squashed before being merged into the 4.3-dev branch (closes#31062).
Discussion
----------
[Dotenv] Deprecate useage of "putenv"
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | yes
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR | n/a
From discussions on https://github.com/symfony/recipes/pull/571, I think it is a good idea to make people opt-in to using `putenv`.
In Symfony 5.0 we will just change the value of the constructor. As an alternative, we could decide we want to remove `putenv` in Symfony 5.0. If so, I would also deprecate `$usePutenv=true`.
Commits
-------
8e45fc043e [Dotenv] Deprecate useage of \"putenv\"
* 3.4:
Show more accurate message in profiler when missing stopwatch
CS Fixes: Not double split with one array argument
Remove redundant animation prefixes
Remove redundant `box-sizing` prefixes
Rework firewall access denied rule
fixed CS
Fix missing $extraDirs when open_basedir returns
This PR was merged into the 3.4 branch.
Discussion
----------
CS Fixes: Not double split with one array argument
| Q | A
| ------------- | ---
| Branch? | 3.4 (master from #31063)
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | None
| License | MIT
| Doc PR | None
Keep to use the same CS in all the Symfony code base.
Use:
```php
$resolver->setDefaults([
'compound' => false
]);
```
Instead of:
```php
$resolver->setDefaults(
[
'compound' => false,
]
);
```
Keep the double split when the method has two or more arguments.
I miss a PSR with this rule.
Commits
-------
a56bf552ad CS Fixes: Not double split with one array argument
This PR was squashed before being merged into the 3.4 branch (closes#31059).
Discussion
----------
Show more accurate message in profiler when missing stopwatch
| Q | A
| ------------- | ---
| Branch? | 3.4+
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #31056
| License | MIT
| Doc PR | ~
This adds a message to the profiler if the stopwatch component is not installed, instead of suggesting to check if debug is enabled (even if it is enabled).
I had to add a method in the collector to expose the value collected, which in theory adds a feature. Is there perhaps a way to expose this collected data _without_ a "BC break"? I don't think it breaks anything, though it does make the dependencies on the http-kernel a bit strict. The other solution is to ignore if it's null and only act if it's a boolean (feature detection).
Commits
-------
326aa86d6a Show more accurate message in profiler when missing stopwatch
This PR was merged into the 4.3-dev branch.
Discussion
----------
[Security][TokenInterface] Prepare for the new serialization mechanism
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | yes
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
Continuation of https://github.com/symfony/symfony/pull/30965
Commits
-------
e6455ea2d8 [Security][TokenInterface] Prepare for the new serialization mechanism
Keep to use the same CS in all the Symfony code base.
Use:
```php
$resolver->setDefaults([
'compound' => false
]);
```
Instead of:
```php
$resolver->setDefaults(
[
'compound' => false,
]
);
```
Keep the double split when the method has two or more arguments.
I miss a PSR with this rule.
This PR was squashed before being merged into the 4.3-dev branch (closes#31044).
Discussion
----------
[HttpClient] Do not allow setting both json and body
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #30769
| License | MIT
| Doc PR | n/a
This will keep developers from using both the options `$options['body']` and `$options['json']`. Using both results in only json being the body of the request, which might lead to unexpected results.
Commits
-------
601adf5de7 [HttpClient] Do not allow setting both json and body
This PR was squashed before being merged into the 4.3-dev branch (closes#31021).
Discussion
----------
[Cache] Added command for list all available cache pools
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | https://github.com/symfony/symfony-docs/issues/9782
| License | MIT
| Doc PR |
Commits
-------
5c210e6fd5 [Cache] Added command for list all available cache pools
This PR was squashed before being merged into the 4.2 branch (closes#31026).
Discussion
----------
[Serializer] Add default object class resolver
| Q | A
| ------------- | ---
| Branch? | 4.2
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
The commit 1d8b5af3f0 introduce a BC break because before that commit the `extractAttributes` the `$object` can be a string which contain the fully qualified name of an object.
To fix the BC break and preserve the new feature, I suggest to create a default object class resolver if it is not set by the developer.
Commits
-------
dd5b8f16f5 [Serializer] Add default object class resolver
This PR was merged into the 4.2 branch.
Discussion
----------
[Serializer] MetadataAwareNameConverter: Do not assume that property names are strings
| Q | A
| ------------- | ---
| Branch? | 4.2 (class introduced in v4.2.3)
| Bug fix? | yes
| New feature? | no
| BC breaks? | no <!-- see https://symfony.com/bc -->
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | https://github.com/api-platform/core/pull/2709
| License | MIT
| Doc PR | n/a
When this class was introduced, there was an assumption made about the type of `propertyNames` and therefore a `: ?string` return type was introduced in the fallbacks/normalization private methods. Because symfony doesn't use strict mode yet (compatibility issues with php IIRC), when using a non-string property name (for example the integer `0` which is a valid property name in an array), it will convert the integer to a string.
This is not good, especially if you have a name converter that returns the given property name (ie no transformation) you'll have it's type changed which isn't correct.
I've discovered this bug while working on adding this name converter in api platform (https://github.com/api-platform/core/pull/2709).
Commits
-------
af1e136ca0 MetadataAwareNameConverter: Do not assume that property names are strings
This PR was merged into the 3.4 branch.
Discussion
----------
[Security] Rework firewall's access denied rule
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | ~~#30099~~, #28229
| License | MIT
| Doc PR |
Follow tickets provided above to reproduce bugs. (there are also some project examples)
~~In addition, I'm looking for someone who knows an answer to [this](https://github.com/symfony/symfony/issues/30099#issuecomment-468693492) regarding rework in this PR.~~
Commits
-------
5790859275 Rework firewall access denied rule
Test coverage added in #30997 did a good job of validating previous
behaviour, but didn't adequately cover the new callback logic. Added
coverage for new methods on the Question object.
This PR was merged into the 4.3-dev branch.
Discussion
----------
[Config] Deprecate TreeBuilder::root
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | yes
| Tests pass? |
| Fixed tickets | #29876
| License | MIT
| Doc PR | —
Alternative idea to #31015. Or is the `root` method still needed?
It would look like this:
Commits
-------
ff6bc79eba Deprecate TreeBuilder::root
