This PR was merged into the 5.2 branch.
Discussion
----------
[Workflow] Fixed case when the marking store is not defined
| Q | A
| ------------- | ---
| Branch? | 5.2
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | Fix#39242
| License | MIT
| Doc PR |
---
Since we are using `abstract_arg()` in the [service definition](https://github.com/symfony/symfony/blob/v5.2.0/src/Symfony/Bundle/FrameworkBundle/Resources/config/workflow.php#L25) (where we used `null` before), and since there is a validation mechanism that ensure all abstract arg are resolved, the container compilation failed.
But if the marking store is not defined (which is legit), we want to fallback on the raw PHP implementation.
That's why, now, I replace the abstract arg by null, and everything seems OK
Commits
-------
bd38cceaa8 [Workflow] Fixed case when the marking store is not defined
This PR was merged into the 5.1 branch.
Discussion
----------
[String] Fix Notice when argument is empty string
| Q | A
| ------------- | ---
| Branch? | 5.1 <!-- see below -->
| Bug fix? | yes
| New feature? | no <!-- please update src/**/CHANGELOG.md files -->
| Deprecations? | no <!-- please update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| License | MIT
PHP Notice is generated when we pass empty string to `singularize` or `pluralize` method.
```
$inflector = new \Symfony\Component\String\Inflector\EnglishInflector();
$inflector->singularize('');
```
```
Notice: Uninitialized string offset: 0 in vendor/symfony/string/Inflector/EnglishInflector.php on line 344
PHP Notice: Uninitialized string offset: 0 in vendor/symfony/string/Inflector/EnglishInflector.php on line 344
```
```
$inflector = new \Symfony\Component\String\Inflector\EnglishInflector();
$inflector->pluralize('');
```
```
Notice: Uninitialized string offset: 0 in vendor/symfony/string/Inflector/EnglishInflector.php on line 424
PHP Notice: Uninitialized string offset: 0 in vendor/symfony/string/Inflector/EnglishInflector.php on line 424
```
**Background**:
When `\Symfony\Component\PropertyAccess\PropertyAccessorInterface::setValue` is used with `_` property, then it calls \Symfony\Component\String\Inflector\EnglishInflector::singularize with empty string.
```
class Check
{
public $_;
}
$check = new Check();
$pr = PropertyAccess::createPropertyAccessorBuilder()
->getPropertyAccessor();
if($pr->isWritable($check, '_')){
$pr->setValue($check, '_', 'test');
}
var_dump($check);
```
```
Notice: Uninitialized string offset: 0 in vendor/symfony/string/Inflector/EnglishInflector.php on line 344
PHP Notice: Uninitialized string offset: 0 in vendor/symfony/string/Inflector/EnglishInflector.php on line 344
...
Notice: Uninitialized string offset: 0 in vendor/symfony/string/Inflector/EnglishInflector.php on line 344
PHP Notice: Uninitialized string offset: 0 in vendor/symfony/string/Inflector/EnglishInflector.php on line 344
Notice: Uninitialized string offset: 0 in vendor/symfony/string/Inflector/EnglishInflector.php on line 344
object(Check)#6 (1) {
["_"]=>
string(4) "test"
}
```
P.S.
Another solution is to include empty string in \Symfony\Component\String\Inflector\EnglishInflector::$uninflected
```
private static $uninflected = [
'',
'atad',
'reed',
'kcabdeef',
'hsif',
'ofni',
'esoom',
'seires',
'peehs',
'seiceps',
];
```
If this PR is not relevant please close and sorry for inconvenience.
Commits
-------
88c2b9be62 [String] Fix Notice when argument is empty string
This PR was merged into the 4.4 branch.
Discussion
----------
[Inflector] Fix Notice when argument is empty string
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | no <!-- please update src/**/CHANGELOG.md files -->
| Deprecations? | no <!-- please update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| License | MIT
Fixing issue when we call `Inflector` with empty string:
```
\Symfony\Component\Inflector\Inflector::singularize('');
```
```
Notice: Uninitialized string offset: 0 in src/Symfony/Component/Inflector/Inflector.php on line 363
PHP Notice: Uninitialized string offset: 0 in src/Symfony/Component/Inflector/Inflector.php on line 363
...
Notice: Uninitialized string offset: 0 in src/Symfony/Component/Inflector/Inflector.php on line 363
PHP Notice: Uninitialized string offset: 0 in src/Symfony/Component/Inflector/Inflector.php on line 363
```
Fix for 5.1 https://github.com/symfony/symfony/pull/39244
Commits
-------
2dfe342452 [Inflector] Fix Notice when argument is empty string
This PR was merged into the 5.2 branch.
Discussion
----------
[Security] more defensive PasswordMigratingListener
| Q | A
| ------------- | ---
| Branch? | 5.2 (bug not here in 5.1.x)
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | Fix#39262
| License | MIT
| Doc PR | /
This proposed fix makes `PasswordMigratingListener` code more robust. It should handle Passports which does not contain an `UserBadge`, as it is not enforced by `UserPassportInterface`. Developers should be free to implement different passports with different badges (as I did on my own project), and it shouldn't lead to a crash in *frameworkland*.
The issue became apparent in 5.2.0 exactly, as `PasswordMigratingListener` is now called in (almost) every login, as `PasswordUpgradeBadge` is automatically added.
Commits
-------
0222ed3a32 [Security] fix#39262, more defensive PasswordMigratingListener
This PR was merged into the 5.2 branch.
Discussion
----------
[Security] fix#39249, default entry_point compiler pass was returning too early
| Q | A
| ------------- | ---
| Branch? | 5.2 (bug introduced in 5.2.0, after RC2)
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | Fix#39249
| License | MIT
| Doc PR | N/A
A `return` instead of `continue` was making compiler pass return after the first firewall. Hence subsequents firewalls never had a default entrypoint set.
This issue would occur with all firewalls, with any type of authenticator, though I saw it first with `http_basic` - because it is a bit more opaque and harder to debug.
Commits
-------
c3778050bd [Security] fix#39249, default entry_point compiler pass was returning too early
This PR was merged into the 5.1 branch.
Discussion
----------
[DomCrawler] Fix small typos in changelog
| Q | A
| ------------- | ---
| Branch? | 5.1
| Bug fix? | no
| New feature? | no <!-- please update src/**/CHANGELOG.md files -->
| Deprecations? | no <!-- please update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| Tickets | Fix #... <!-- prefix each issue number with "Fix #", no need to create an issue if none exist, explain below instead -->
| License | MIT
| Doc PR | symfony/symfony-docs#... <!-- required for new features -->
Fixing a small typos in CHANGELOG.
As these typos were introduced in 5.0 but that version is no longer maintained, I target 5.1.
Following https://github.com/symfony/symfony/pull/39231
Commits
-------
529bbaf0a9 Fix small typos
This PR was merged into the 4.4 branch.
Discussion
----------
[Security] remove return type definition in order to avoid type juggling
| Q | A
| ------------- | ---
| Branch? |4.4 <!-- see below -->
| Bug fix? | yes
| New feature? | no <!-- please update src/**/CHANGELOG.md files -->
| Deprecations? | no <!-- please update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| Tickets | Fix#39205 <!-- prefix each issue number with "Fix #", no need to create an issue if none exist, explain below instead -->
| License | MIT
| Doc PR | <!-- required for new features -->
<!--
Replace this notice by a short README for your feature/bugfix. This will help people
understand your PR and can be used as a start for the documentation.
Additionally (see https://symfony.com/releases):
- Always add tests and ensure they pass.
- Never break backward compatibility (see https://symfony.com/bc).
- Bug fixes must be submitted against the lowest maintained branch where they apply
(lowest branches are regularly merged to upper ones so they get the fixes too.)
- Features and deprecations must be submitted against branch 5.x.
-->
Everything described with details inrelated ticket
Commits
-------
668431fc09 remove return type definition in order to avoid type juggling
* 5.2:
Added additional file existence check on temporary file cleanup for dumpFile method
fix lexing inline sequences/mappings with trailing whitespaces
Added test for issue 39229
Bump Symfony version to 5.2.1
Update VERSION for 5.2.0
Update CHANGELOG for 5.2.0
[Security] [DX] Automatically add PasswordUpgradeBadge + default support() impl in AbstractFormLoginAuthenticator
[Console] Enable hyperlinks in Konsole/Yakuake
* 5.1:
Added additional file existence check on temporary file cleanup for dumpFile method
fix lexing inline sequences/mappings with trailing whitespaces
Added test for issue 39229
[Console] Enable hyperlinks in Konsole/Yakuake
* 4.4:
Added additional file existence check on temporary file cleanup for dumpFile method
fix lexing inline sequences/mappings with trailing whitespaces
Added test for issue 39229
[Console] Enable hyperlinks in Konsole/Yakuake
This PR was merged into the 4.4 branch.
Discussion
----------
[Console] Re-enable hyperlinks in Konsole/Yakuake
| Q | A
| ------------- | ---
| Branch? | 4.4 <!-- see below -->
| Bug fix? | yes
| New feature? | no <!-- please update src/**/CHANGELOG.md files -->
| Deprecations? | no <!-- please update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| Tickets | Fix#31809 <!-- prefix each issue number with "Fix #", no need to create an issue if none exist, explain below instead -->
| License | MIT
Hyperlinks feature was broken in KDE's Konsole/Yakuake (#31809) and thus disabled by #31849.
But the feature has been recently [implemented](https://invent.kde.org/utilities/konsole/-/merge_requests/138), and is about to be released in KDE 20.12 on December 10th 2020, see [release notes](https://community.kde.org/Releases/20.12_Release_Notes#Konsole).
![obrazek](https://user-images.githubusercontent.com/793041/100556284-92dccf00-32a1-11eb-9907-f65c2eaa1335.png)
Tested in RC version and seems to be working fine. The feature is disabled by default (as per security concerns), but even when disabled, it just gracefully don't show the links.
Commits
-------
728edf36bf [Console] Enable hyperlinks in Konsole/Yakuake
This PR was merged into the 4.4 branch.
Discussion
----------
[Filesystem] File existence check before calling unlink method
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | https://github.com/symfony/symfony/issues/39235
| License | MIT
| Doc PR | symfony/symfony-docs#...
Added additional file existence check on temporary file cleanup for `Filesystem::dumpFile()` method.
Commits
-------
520a10c221 Added additional file existence check on temporary file cleanup for dumpFile method
This PR was squashed before being merged into the 5.2 branch.
Discussion
----------
[Security] [DX] Automatically add PasswordUpgradeBadge + default support() impl in AbstractFormLoginAuthenticator
| Q | A
| ------------- | ---
| Branch? | 5.2 (hopefully? sorry to keep pushing the barrier here)
| Bug fix? | no
| New feature? | yes (sort of)
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | -
These are 2 suggestions we found while implementing `make:auth` for the new system (https://github.com/symfony/maker-bundle/pull/736):
Impact on a custom login form authenticator ([as generated by the new maker](https://github.com/symfony/maker-bundle/pull/736/files#diff-528164b6c24778d5e81fa3819b0552f0e68a9fea33c7d3446a012f3da7d0af60)):
* **Automatically add `PasswordUpgradeBadge`** if there is a user password with valid password credentials.
```diff
// ...
return new Passport(
new UserBadge($userIdentifier),
new PasswordCredentials($password),
[
- new PasswordUpgradeBadge($password),
new CsrfTokenBadge('authenticate', $csrf),
]
)
```
Note that this does not automatically migrate all passwords: it still relies on `PasswordUpgraderInterface` to be implemented on the user loader/provider.
* **Add default implementation of `AbstractFormLoginAuthenticator::support()`**
```diff
- public function supports(Request $request): ?bool
- {
- return self::LOGIN_ROUTE === $request->attributes->get('_route')
- && $request->isMethod('POST');
- }
```
cc @weaverryan @jrushlow
Commits
-------
27450c0bb4 [Security] [DX] Automatically add PasswordUpgradeBadge + default support() impl in AbstractFormLoginAuthenticator
* 5.2:
Bump Symfony version to 5.1.10
Update VERSION for 5.1.9
Update CHANGELOG for 5.1.9
Bump Symfony version to 4.4.18
Update VERSION for 4.4.17
Update CHANGELOG for 4.4.17
* 5.1:
Bump Symfony version to 5.1.10
Update VERSION for 5.1.9
Update CHANGELOG for 5.1.9
Bump Symfony version to 4.4.18
Update VERSION for 4.4.17
Update CHANGELOG for 4.4.17