This PR was squashed before being merged into the 3.4 branch.
Discussion
----------
[Serializer] Fix unitialized properties (from PHP 7.4.2) when serializing context for the cache key
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | Fix https://github.com/symfony/symfony/issues/35574https://github.com/doctrine/orm/issues/8030
| License | MIT
| Doc PR | N/A
This bug only happens on the following conditions:
- A Doctrine entity (`Book`) having a relation with another entity (`Author`) is used;
- The `Author` entity uses typed properties (PHP 7.4) not initialized;
- The `Serializer` is used with the `Book` in the `OBJECT_TO_POPULATE` key in the context.
For instance:
```php
<?php
declare(strict_types=1);
namespace App\Entity;
use Doctrine\ORM\Mapping as ORM;
/** @ORM\Entity */
class Book
{
/**
* @ORM\ManyToOne(targetEntity="Author")
*/
public Author $author;
public ?string $isbn;
}
```
```php
<?php
declare(strict_types=1);
namespace App\Entity;
use Doctrine\ORM\Mapping as ORM;
/** @ORM\Entity */
class Author
{
public ?string $name;
}
```
Or even:
```php
<?php
declare(strict_types=1);
namespace App\Entity;
use Doctrine\ORM\Mapping as ORM;
/** @ORM\Entity */
class Author
{
private string $name;
public function __construct()
{
$this->name = 'Leo';
}
}
```
If the following is done (it's the case for instance in API Platform when a `PUT` is made):
```php
$serializer->deserialize('{"isbn":"2038717141"}', Book::class, 'json', ['object_to_populate' => $book]);
```
Then there will be the following error:
> Fatal error: Typed property Proxies\__CG__\App\Entity\Author::$ must not be accessed before initialization (in __sleep)
It's because of these lines in the `getCacheKey` method of the `AbstractObjectNormalizer`:
5da141b8d0/src/Symfony/Component/Serializer/Normalizer/AbstractObjectNormalizer.php (L405-L409)
Since the lazy proxyfied relation has a `__sleep` with unitialized properties, the `serialize` method will throw (since https://bugs.php.net/bug.php?id=79002: 846b647953).
I propose to fix this issue by unsetting the `OBJECT_TO_POPULATE` key in the context because I don't think it's useful for determining the attributes of the object.
For the next versions of Symfony, the fix should probably be elsewhere, in the default context.
For instance in Symfony 4.4, instead of:
15edfd39d4/src/Symfony/Component/Serializer/Normalizer/AbstractObjectNormalizer.php (L118)
It should be:
```php
$this->defaultContext[self::EXCLUDE_FROM_CACHE_KEY] = [self::CIRCULAR_REFERENCE_LIMIT_COUNTERS, self::OBJECT_TO_POPULATE];
```
But I'm not sure how it should be merged (another PR maybe?).
Commits
-------
1fafff7c10 [Serializer] Fix unitialized properties (from PHP 7.4.2) when serializing context for the cache key
This PR was squashed before being merged into the 3.4 branch.
Discussion
----------
[Validator] Add missing Ukrainian and Russian translations
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| Tickets | none
| License | MIT
Commits
-------
d43ef4ec92 [Validator] Add missing Ukrainian and Russian translations
This PR was merged into the 3.4 branch.
Discussion
----------
[HttpKernel][LoggerDataCollector] Prevent keys collisions in the sanitized logs processing
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | https://github.com/symfony/symfony/issues/36159
| License | MIT
| Doc PR | -
`$sanitizedLogs` is used with numeric and "associative" keys. To prevent collisions when the message is a number, we can simply prepend all messages with a random letter (so we avoid a behavior refactor). It doesn't matter since they key is only used for the processing, it is dropped at the end.
Commits
-------
79fe888072 [HttpKernel][LoggerDataCollector] Prevent keys collisions in the sanitized logs processing
This PR was merged into the 3.4 branch.
Discussion
----------
[Security/Http] Allow setting cookie security settings for delete_cookies
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | Fix https://github.com/symfony/symfony/pull/36243#discussion_r399646893
| License | MIT
| Doc PR | tbd
Similar to #36173 and #36175. This is needed for Chrome 80 compatibility.
My only question is whether we should introduce these specific settings, or somehow fetch them from `framework.session`?
Commits
-------
a696d1f3af [Security/Http] Allow setting cookie security settings for delete_cookies
This PR was merged into the 3.4 branch.
Discussion
----------
[FrameworkBundle] revert to legacy wiring of the session when circular refs are detected
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | Fix#36063
| License | MIT
| Doc PR | -
As introduced and reported in the linked PR.
Commits
-------
35644cf8dd [FrameworkBundle] revert to legacy wiring of the session when circular refs are detected
This PR was submitted for the 4.4 branch but it was merged into the 3.4 branch instead.
Discussion
----------
update Italian translation
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| Tickets |
| License | MIT
| Doc PR |
Update Italian with new translations added in Symfony 4.4
Commits
-------
6231b04079 update Italian translation
This PR was merged into the 3.4 branch.
Discussion
----------
[Validator] Assert Valid with many groups
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | Fix https://github.com/symfony/symfony/issues/36157
| License | MIT
Make a reference object get validated by each group when using the Valid constraint with many groups
Commits
-------
c9aa3a849a bug #36157 [Validator] Assert Valid with many groups
This PR was merged into the 3.4 branch.
Discussion
----------
[Validator] Add missing vietnamese translations
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | no <!-- please update src/**/CHANGELOG.md files -->
| Deprecations? | no <!-- please update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| Tickets | - <!-- prefix each issue number with "Fix #", if any -->
| License | MIT
| Doc PR | - <!-- required for new features -->
<!--
Replace this notice by a short README for your feature/bugfix. This will help people
understand your PR and can be used as a start for the documentation.
Additionally (see https://symfony.com/releases):
- Always add tests and ensure they pass.
- Never break backward compatibility (see https://symfony.com/bc).
- Bug fixes must be submitted against the lowest maintained branch where they apply
(lowest branches are regularly merged to upper ones so they get the fixes too.)
- Features and deprecations must be submitted against branch master.
-->
Commits
-------
25fdc8e580 [Validator] Add missing vietnamese translations
This PR was merged into the 3.4 branch.
Discussion
----------
[Validator] Add Hungarian translations
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | -
<!--
Replace this notice by a short README for your feature/bugfix. This will help people
understand your PR and can be used as a start for the documentation.
Additionally (see https://symfony.com/releases):
- Always add tests and ensure they pass.
- Never break backward compatibility (see https://symfony.com/bc).
- Bug fixes must be submitted against the lowest maintained branch where they apply
(lowest branches are regularly merged to upper ones so they get the fixes too.)
- Features and deprecations must be submitted against branch master.
-->
Commits
-------
9c1c9347c0 [Validator] Add missing Hungarian translations
This PR was submitted for the master branch but it was merged into the 3.4 branch instead (closes#36221).
Discussion
----------
[Validator] Add the missing translations for the Arabic (ar) locale
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| Tickets |
| License | MIT
This is a basic PR to add the missing Validator translations for AR Locale.
Commits
-------
d3fa02a918 [Validator] Add the missing translations for the Arabic (ar) locale
This PR was squashed before being merged into the 3.4 branch.
Discussion
----------
[Console] Fix OutputStream for PHP 7.4
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | Fix#36166
| License | MIT
From PHP 7.4, `fwrite` function now returns false for any failure: https://www.php.net/manual/en/migration74.incompatible.php#migration74.incompatible.core.fread-fwrite
Actually, the note in the PHP documentation is not exact: for PHP 7.3 and lower, `fwrite` function did return false when arguments passed in to the function were invalid, and 0 for other failures. From PHP 7.4, it returns false for any failure.
We can see it in the source code: for PHP 7.3: a1a8d14485/ext/standard/file.c (L1140)
Compare to PHP 7.4: https://github.com/php/php-src/blob/master/ext/standard/file.c#L1136
I update `OutputStream::doWrite()` to keep the same behavior as before.
Commits
-------
b375f93ed7 [Console] Fix OutputStream for PHP 7.4
This PR was submitted for the master branch but it was merged into the 3.4 branch instead.
Discussion
----------
[Validator] add German translations
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| Tickets |
| License | MIT
| Doc PR |
Commits
-------
32d9a5298e add German translations
This PR was submitted for the master branch but it was merged into the 3.4 branch instead (closes#36192).
Discussion
----------
[Validator] Add french "at least" constraint translations
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| License | MIT
Completion of PR https://github.com/symfony/symfony/pull/36165 by adding french translation for "at least" constraint.
Commits
-------
f885822350 Add french "at least" constraint translations
This PR was merged into the 3.4 branch.
Discussion
----------
[Security/Http] Remember me: allow to set the samesite cookie flag
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | -
Similar to #35605, since Chrome 80 is going to require the `samesite` attribute.
This is a cherry-pick of #27976
Commits
-------
f0ceb73397 [Security] Remember me: allow to set the samesite cookie flag
This PR was squashed before being merged into the 3.4 branch.
Discussion
----------
[Http Foundation] Fix clear cookie samesite
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | Fix#36107
| License | MIT
With Chrome Update 80, Cookies are required to be `secure` and `samesite=none` for cross site requests. However they are defaulted to `samesite=lax` if the samesite attribute is not set. In other words: developer has to explicitely opt-in for `samesite=none` in the case of a cross site request.
More details: https://chromestatus.com/feature/5088147346030592
We add the `samesite` argument to `clearCookie` method to allow developer to explicitely set this value.
Commits
-------
4bdea1f2e7 [Http Foundation] Fix clear cookie samesite
This PR was submitted for the 4.4 branch but it was squashed and merged into the 3.4 branch instead.
Discussion
----------
[Security] Check if firewall is stateless before checking for session/previous session
| Q | A
| ------------- | ---
| Branch? | 4.4 <!-- see below -->
| Bug fix? | yes
| New feature? | no <!-- please update src/**/CHANGELOG.md files -->
| Deprecations? | no <!-- please update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| Tickets | - <!-- prefix each issue number with "Fix #", if any -->
| License | MIT
| Doc PR | -
For one of our applications we had the issue that the session was always initialized, even for routes behind stateless firewalls. Using the redis session adapter this sometimes lead to exceptions if the connection failed. This change prevents the session from being initialized in the guard authentication handler for stateless firewalls
Commits
-------
9bb1230525 [Security] Check if firewall is stateless before checking for session/previous session
This PR was merged into the 3.4 branch.
Discussion
----------
[Form] Support customized intl php.ini settings
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | no
| License | MIT
| Doc PR | no
`IntlDateParser->parse()` behaves differently when `intl.error_level` and/or `intl.use_exceptions` are not 0.
This change makes sure `\IntlException` is caught when `intl.use_exceptions` is 1 and warnings thrown when `intl.error_level` is not 0 are ignored.
Commits
-------
61025d1d1b [Form] Support customized intl php.ini settings