This PR was merged into the 2.7 branch.
Discussion
----------
[WebProfilerBundle] Normalize whitespace in exceptions passed in headers
| Q | A
| ------------- | ---
| Branch? | 2.7 upwards
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #22072
| License | MIT
If an exception was thrown with line separators in its message the WebProfiler would cause an exception by passing it through unsanitized into the X-Debug-Error HTTP header. This commit fixes that by replacing all whitespace sequences with a single space in the header.
Commits
-------
d64679014b [WebProfilerBundle] Normalize whitespace in exceptions passed in headers
If an exception was thrown with line separators in its message the
WebProfiler would cause an exception by passing it through unsanitized
into the X-Debug-Error HTTP header. This commit fixes that by replacing
all whitespace sequences with a single space in the header.
This PR was merged into the 2.7 branch.
Discussion
----------
[HttpKernel] Fix test
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
Should make 2.7 green again on Travis.
Commits
-------
ba8f46ad23 [HttpKernel] Fix test
This PR was merged into the 2.7 branch.
Discussion
----------
[Console] Escape exception messages in renderException
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #22021
| License | MIT
| Doc PR | n/a
Adding style on exception messages should be prevented, it leads to weird results.
> Allowing formatting in them would be a nightmare, given that Symfony itself applies some formatting when rendering the exception.
Commits
-------
cb1348231a [Console] Escape exception messages
This PR was merged into the 2.7 branch.
Discussion
----------
Fix port usage in server:status command
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| License | MIT
This fixes a bug where running `console server:status -p 8001` won't work because the port is already contained in the default value for `address`.
Commits
-------
dbcfa5c659 Remove port from default host in server:status command
This PR was merged into the 2.7 branch.
Discussion
----------
[Bridge\Doctrine] Fix change breaking doctrine-bundle test suite
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
Doctrine Bundle's test suite [is currently broken](https://travis-ci.org/doctrine/DoctrineBundle/jobs/215222182) with `2.8@dev` because the tests expect `addEventListener` to be called with an array as first arg, but #22001 optimized them away as string. Since internally strings are turned back into arrays, let's tweak that change and make Doctrine Bundle green again.
Commits
-------
0577c7b089 [Bridge\Doctrine] Fix change breaking doctrine-bundle test suite
This PR was merged into the 2.7 branch.
Discussion
----------
[Filesystem] normalize paths before making them relative
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #22083
| License | MIT
| Doc PR |
Commits
-------
d50ffa1de7 normalize paths before making them relative
This PR was merged into the 2.7 branch.
Discussion
----------
[HttpFoundation][DX] MockArraySessionStorage: phpdocs update
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| License | MIT
Commits
-------
967f7a7add MockArraySessionStorage: updated phpdoc for $bags so that IDE autocompletion would work
This PR was squashed before being merged into the 2.7 branch (closes#22138).
Discussion
----------
[HttpFoundation][bugfix] $bags should always be initialized
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #21990
| License | MIT
Commits
-------
d984c73e66 [HttpFoundation][bugfix] should always be initialized
This PR was submitted for the master branch but it was merged into the 2.7 branch instead (closes#21810).
Discussion
----------
#21809 [SecurityBundle] bugfix: if security provider's name contains upper cases then container didn't compile
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? no
| Tests pass? | yes
| Fixed tickets | #21809
| License | MIT
then security.yml providers was with upper case, on container compile error was thrown:
````
[04:39:32][Ant output] [exec] [exec] > Sensio\Bundle\DistributionBundle\Composer\ScriptHandler::clearCache
[04:39:32][Ant output] [exec] [exec]
[04:39:32][Ant output] [exec] [exec]
[04:39:32][Ant output] [exec] [exec] [Symfony\Component\DependencyInjection\Exception\ServiceNotFoundException]
[04:39:32][Ant output] [exec] [exec] The service "security.authentication.provider.simple_form.default" has a de
[04:39:32][Ant output] [exec] [exec] pendency on a non-existent service "security.user.provider.concrete.carrier
[04:39:32][Ant output] [exec] [exec] User".
`````
Problem has occurred with this commit line:
fbd9f88e31 (diff-2be909961a57bf75fbb600c1f5fc46e3R320)
Issue fixes with this PR.
Commits
-------
6d23c8c41c#21809 [SecurityBundle] bugfix: if security provider's name contains upper cases then container didn't compile
This PR was merged into the 2.7 branch.
Discussion
----------
[Security] Fixed roles serialization on token from user object
| Q | A |
| --- | --- |
| Branch? | 2.7 |
| Bug fix? | yes |
| New feature? | no |
| BC breaks? | no |
| Deprecations? | no |
| Tests pass? | yes |
| Fixed tickets | #14274 |
| License | MIT |
| Doc PR | - |
This PR fixes the serialization of tokens when using `Role` objects provided from the user. Indeed, there were actually a reference issue that can causes fatal errors like the following one:
```
FatalErrorException in RoleHierarchy.php line 43:
Error: Call to a member function getRole() on string
```
Here is a small code example to reproduce and its output:
``` php
$user = new Symfony\Component\Security\Core\User\User('name', 'password', [
new Symfony\Component\Security\Core\Role\Role('name')
]);
$token = new Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken($user, 'password', 'providerKey', $user->getRoles());
$serialized = serialize($token);
$unserialized = unserialize($serialized);
var_dump($unserialized->getRoles());
```
Before:
```
array(1) { [0]=> bool(true) }
```
After:
```
array(1) { [0]=> object(Symfony\Component\Security\Core\Role\Role)#15 (1) {["role":"Symfony\Component\Security\Core\Role\Role":private]=> string(4) "name" } }
```
Thank you
Commits
-------
dfa7f5020e [Security] Fixed roles serialization on token from user object
This PR was submitted for the 3.2 branch but it was merged into the 2.7 branch instead (closes#22022).
Discussion
----------
[Validator] fix URL validator to detect non supported chars according to RFC 3986
| Q | A
| ------------- | ---
| Branch? | 3.2
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #21961
| License | MIT
| Doc PR | none
Commits
-------
3599c476bf [Validator] fix URL validator to detect non supported chars according to RFC 3986
This PR was merged into the 2.7 branch.
Discussion
----------
[Security] simplify the SwitchUserListenerTest
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
While working on #22048 I noticed that the `SwitchUserListenerTest` was more complicated than necessary by mocking a lot of stuff that didn't need to be mocked.
Commits
-------
923bbdbf9f [Security] simplify the SwitchUserListenerTest
This PR was squashed before being merged into the 2.7 branch (closes#21968).
Discussion
----------
Fixed pathinfo calculation for requests starting with a question mark.
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #21967
| License | MIT
| Doc PR |
With improper `strpos` result check calculated pathinfo for requests starting with '?' equals to request itself.
Correct pathinfo for those requests should be '/'.
Commits
-------
43297b45de Fixed pathinfo calculation for requests starting with a question mark.
This PR was merged into the 2.7 branch.
Discussion
----------
[HttpFoundation] Fix Request::getHost() when having several hosts in X_FORWARDED_HOST
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
The first "host" in the list provided by `X_FORWARDED_HOST` should be the one, not the last.
Already the case for "port" and "scheme".
Commits
-------
9a2b2de64f [HttpFoundation] Fix Request::getHost() when having several hosts in X_FORWARDED_HOST
This PR was submitted for the master branch but it was merged into the 2.7 branch instead (closes#21208).
Discussion
----------
[Validator] Add object handling of invalid constraints in Composite
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #21206
| License | MIT
| Doc PR | n/a
This PR fixes a minor bug described in #21206. The constraint `Symfony\Component\Validator\Constraints\Composite` doesn't check in it's exception handling if the wrongly created instance of a nested constraint is an object, which is the expected type for a constraint.
Commits
-------
4bd2c22871 [Validator] Add object handling of invalid constraints in Composite
This PR was squashed before being merged into the 2.7 branch (closes#22099).
Discussion
----------
HttpCache: New test for revalidating responses with an expired TTL
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
See #22035, in particular [this and the following comments](https://github.com/symfony/symfony/pull/22035#issuecomment-287572234).
Commits
-------
067ab52ba0 HttpCache: New test for revalidating responses with an expired TTL
This PR was merged into the 2.7 branch.
Discussion
----------
[Serializer] [XML] Ignore Process Instruction
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #22005
| License | MIT
| Doc PR | N/A
This Pull request ignores Process instruction data in XML for decoding the data.
Commits
-------
0c741f5704 [Serializer] [XML] Ignore Process Instruction
This PR was merged into the 2.7 branch.
Discussion
----------
fix some risky tests
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
PHPUnit 6 marks tests as risky when they have no assertions (and are not marked as skipped or incomplete). This PR will update our test suite accordingly.
Component that still need to be covered:
- [ ] Config
- [ ] Form
- [ ] HttpFoundation
- [ ] Security
- [ ] Workflow
Commits
-------
abf1787dcc fix some risky tests
This PR was squashed before being merged into the 2.7 branch (closes#22079).
Discussion
----------
[HttpKernel] Fixed bug with purging of HTTPS URLs
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
I found two bugs in `HttpCache\Store::purge()` with HTTPS URLs:
1. `->purge('https://example.com/')` only purges the `http` version not the `https` one.
2. If a cache entry exists for both `http` and `https`, only the `http` version gets purged, the `https` version stays in the cache.
I think this issues were introduced with #21582.
This pull request fixes both issues and adds tests for them.
Commits
-------
f50915066f [HttpKernel] Fixed bug with purging of HTTPS URLs
This PR was squashed before being merged into the 2.7 branch (closes#22012).
Discussion
----------
[DI] [YamlFileLoader] change error message of a non existing file
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #22007
| License | MIT
| Doc PR | symfony/symfony-docs
This PR replaces the error message when non existing Yaml file is loaded. It gives more sense for the user.
Commits
-------
1c2ea97585 [DI] [YamlFileLoader] change error message of a non existing file
This PR was squashed before being merged into the 2.7 branch (closes#21523).
Discussion
----------
#20411 fix Yaml parsing for very long quoted strings
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #20411
| License | MIT
| Doc PR | no
This is a second fix for the issue discussed in #20411. My first PR (#21279) didn't fix the bug in all cases, sorry.
If a YAML string has too many spaces in the value, it can trigger a `PREG_BACKTRACK_LIMIT_ERROR` error in the Yaml parser.
There should be no behavioural change other than the bug fix
I have included a test which fails before this fix and passes after this fix.
I have also added checks that detect other PCRE internal errors and throw a more descriptive exception. Before this patch, the YAML engine would often give incorrect results, rather than throwing, on a PCRE `PREG_BACKTRACK_LIMIT_ERROR` error.
Commits
-------
c9a1c09182#20411 fix Yaml parsing for very long quoted strings
This PR was merged into the 2.7 branch.
Discussion
----------
[Doctrine Bridge] fix priority for doctrine event listeners
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #21977
| License | MIT
| Doc PR | -
This fixes handling the priorities for doctrine event listeners. As found out by @chapterjason in https://github.com/symfony/symfony/issues/21977 the priority was incorrectly handled as soon as a listener had more than one tag (so listening to multiple events).
With this changes all tagged listeners are globally sorted by priority (using the same stable sort approach as in the later available `PriorityTaggedServiceTrait`) and then added one by one to the event manager.
I also updated the tests a bit as it was not covering all cases.
We also have to extend the docs for it I think as it does not mention the `priority` and `lazy` option at all? http://symfony.com/doc/current/doctrine/event_listeners_subscribers.html
Commits
-------
9d9d4efb88 [Doctrine Bridge] fix priority for doctrine event listeners