This PR was squashed before being merged into the 4.1-dev branch (closes#25092).
Discussion
----------
[Security] #25091 add target user to SwitchUserListener
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #25091
| License | MIT
| Doc PR |
This patch provides the target user to the SwitchUserListener's
accessDecisionManager->decide() call as the $object parameter to
give any registered voters extra information.
Commits
-------
5cb6f2a [Security] #25091 add target user to SwitchUserListener
This PR was squashed before being merged into the 4.1-dev branch (closes#24777).
Discussion
----------
[TwigBundle] Added priority to twig extensions
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR | Don't merge before the docs
Added priority to twig extensions in the `TwigEnvironmentPass` to control the order in which they're registered, similar to the `TwigLoaderPass`
Though, unsure on what priority to use as a default, and will PR docs when finalised.
Commits
-------
d87af719fd [TwigBundle] Added priority to twig extensions
This PR was squashed before being merged into the 4.1-dev branch (closes#25741).
Discussion
----------
[Form] issue-13589: adding custom false-values to BooleanToString transformer
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #13589
| License | MIT
| Doc PR | https://github.com/symfony/symfony-docs/pull/9031
As suggested in #13589 , this PR adds the option to specify custom false-values, so we can use the CheckBoxType to handle strings '1' / '0' and eval them to true / false. While HTTP defines that checkbox types are either submitted=true or not-submitted=false, no matter of what value was submitted, it would be nice to have this option.
Also refs (which read like "the basic idea of the feature was accepted, PR almost done, then something-happend so PR wasnt merged"..?)
https://github.com/symfony/symfony/pull/15054https://github.com/symfony/symfony/pull/18005
Commits
-------
a3e5ac496f [Form] issue-13589: adding custom false-values to BooleanToString transformer
* 4.0:
[appveyor] set memory_limit=-1
[Console] Keep the modified exception handler
[Console] Fix restoring exception handler
[Router] Skip anonymous classes when loading annotated routes
allow dashes in cwd pathname when running the tests
Fixed Request::__toString ignoring cookies
Make sure we only build once and have one time the prefix when importing routes
[Security] Fix fatal error on non string username
[FrameworkBundle] Automatically enable the CSRF if component *+ session* are loaded
* 3.4:
[appveyor] set memory_limit=-1
[Console] Keep the modified exception handler
[Console] Fix restoring exception handler
[Router] Skip anonymous classes when loading annotated routes
allow dashes in cwd pathname when running the tests
Fixed Request::__toString ignoring cookies
Make sure we only build once and have one time the prefix when importing routes
[Security] Fix fatal error on non string username
[FrameworkBundle] Automatically enable the CSRF if component *+ session* are loaded
* 3.3:
[appveyor] set memory_limit=-1
[Router] Skip anonymous classes when loading annotated routes
Fixed Request::__toString ignoring cookies
Make sure we only build once and have one time the prefix when importing routes
[Security] Fix fatal error on non string username
* 2.8:
[appveyor] set memory_limit=-1
[Router] Skip anonymous classes when loading annotated routes
Fixed Request::__toString ignoring cookies
[Security] Fix fatal error on non string username
* 2.7:
[appveyor] set memory_limit=-1
[Router] Skip anonymous classes when loading annotated routes
Fixed Request::__toString ignoring cookies
[Security] Fix fatal error on non string username
This PR was merged into the 2.7 branch.
Discussion
----------
[appveyor] set memory_limit=-1
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
Commits
-------
10e33ac [appveyor] set memory_limit=-1
This PR was squashed before being merged into the 2.7 branch (closes#25801).
Discussion
----------
[Router] Skip anonymous classes when loading annotated routes
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #25796
| License | MIT
| Doc PR |
Skip any usage of anonymous classes when parsing files in `AnnotationFileLoader`
Commits
-------
d76a545 [Router] Skip anonymous classes when loading annotated routes
This PR was merged into the 3.4 branch.
Discussion
----------
[FrameworkBundle] Auto-enable CSRF if the component *+ session* are loaded
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | https://github.com/symfony/recipes/issues/262
| License | MIT
| Doc PR | -
By binding CSRF and session default state, we provide better DX, but we also provide a way for bundles to enable session on its own: they just need to require "symfony/security-csrf".
Yes, that's a side effect, but I think that's a nice one for 3.4/4.0.
Of course, we might do better in 4.1, but for bug fix only releases, LGTM.
Commits
-------
9e8231f [FrameworkBundle] Automatically enable the CSRF if component *+ session* are loaded
This PR was submitted for the master branch but it was merged into the 3.4 branch instead (closes#25804).
Discussion
----------
[XmlUtils] allow dashes in cwd pathname when running the tests
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
Small fix the allow dashes in cwd pathname when running tests. The change was introduced with ref 7473981c14 so 2.x and 3.x branches should be fine.
Steps to reproduce (assuming all required libraries are installed):
mkdir /tmp/folder-with-dashes/ && cd $_
git clone git@github.com:symfony/symfony.git
cd symfony && composer install --prefer-dist
./phpunit --stop-on-failure
Commits
-------
db5f8de allow dashes in cwd pathname when running the tests
This PR was merged into the 2.7 branch.
Discussion
----------
[Security] Fix fatal error on non string username
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | https://github.com/symfony/symfony/issues/25612
| License | MIT
| Doc PR | n/a
That's consistent with what #22569 did for the `json_login` listener.
Commits
-------
8f095683d0 [Security] Fix fatal error on non string username
This PR was merged into the 3.3 branch.
Discussion
----------
[Routing] Make sure we only build routes once
| Q | A
| ------------- | ---
| Branch? | 3.3
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #25746
| License | MIT
| Doc PR | ø
We need to build the collection(s) only once, else the prefix would be duplicated.
Commits
-------
927a75ac3e Make sure we only build once and have one time the prefix when importing routes
This PR was squashed before being merged into the 2.7 branch (closes#25799).
Discussion
----------
Fixed Request::__toString ignoring cookies
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
`Request::__toString()` ignored cookie values which caused me some headaches during a debugging session 😄
Commits
-------
0f79d09a10 Fixed Request::__toString ignoring cookies
* 4.0:
[Console] Add placeholder for line number in console exception fixtures
fix HHVM tests
minor #25752 Don't right trim the deprecation message (alexpott)
* 3.4:
[Console] Add placeholder for line number in console exception fixtures
fix HHVM tests
minor #25752 Don't right trim the deprecation message (alexpott)
This PR was squashed before being merged into the 3.4 branch (closes#25794).
Discussion
----------
[Console] Add placeholder for line number in console exception fixtures
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
Add placeholders for exception line numbers for tests in `ApplicationTest` to make the tests more flexible
Commits
-------
686d4f7 [Console] Add placeholder for line number in console exception fixtures
This PR was merged into the 2.7 branch.
Discussion
----------
[HttpFoundation] fix HHVM tests
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes/no
| Fixed tickets |
| License | MIT
| Doc PR |
It looks like `parse_url()` broke for some URLs in HHVM 3.18.7. For our tests it IMO isn't really relevant how username and password look like.
Commits
-------
da21003 fix HHVM tests
This PR was merged into the 3.3 branch.
Discussion
----------
Remove polyfill-util dependency from fullstack and security
| Q | A
| ------------- | ---
| Branch? | 3.3
| Bug fix? | kinda
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
Applies #22709 to the two higher-level packages. I've applied it to 3.3 as that's where that change was merged (though it was `master` as the time); these may actually apply earlier though?
(#16382 was mentioned and applied to 2.8, though is for the serializer which is unrelated? Should have been 3.0 when `StringUtils` was removed?)
Commits
-------
939efd59b9 Remove polyfill-util dependency from fullstack and security
This PR was submitted for the 3.4 branch but it was squashed and merged into the 3.3 branch instead (closes#25752).
Discussion
----------
Don't right trim the deprecation message
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | maybe yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no <!-- don't forget to update UPGRADE-*.md files -->
| Tests pass? | yes
| Fixed tickets | #... <!-- #-prefixed issue number(s), if any -->
| License | MIT
| Doc PR | symfony/symfony-docs#... <!--highly recommended for new features-->
<!--
- Bug fixes must be submitted against the lowest branch where they apply
(lowest branches are regularly merged to upper ones so they get the fixes too).
- Features and deprecations must be submitted against the master branch.
- Replace this comment by a description of what your PR is solving.
-->
The PhpUnit bridge lists deprecation messages after a test. In order to do this it outputs the message but it right trims the message - removing any fullstops. This is unexpected. It does this to add the number of time the message appears but this is not really necessary because the number of the times a deprecation message is triggered and from where is added below.
Commits
-------
0b03631 Don't right trim the deprecation message
* 4.0:
fix merge
fixed wrong description in a phpdoc
19 digits VISA card numbers are valid
Add missing @ in phpdoc return statement
Don't right trim the deprecation message
[HttpKernel] Fixed test name
[Debug] prevent infinite loop with faulty exception handlers
[FrameworkBundle] fix tests
Prefer composer install instead for using Symfony Installer
Add the missing `enabled` session attribute
[HttpKernel] Turn bad hosts into 400 instead of 500
* 3.4:
fix merge
fixed wrong description in a phpdoc
19 digits VISA card numbers are valid
Add missing @ in phpdoc return statement
Don't right trim the deprecation message
[HttpKernel] Fixed test name
[Debug] prevent infinite loop with faulty exception handlers
[FrameworkBundle] fix tests
Prefer composer install instead for using Symfony Installer
Add the missing `enabled` session attribute
[HttpKernel] Turn bad hosts into 400 instead of 500
* 3.3:
fix merge
fixed wrong description in a phpdoc
19 digits VISA card numbers are valid
Add missing @ in phpdoc return statement
Don't right trim the deprecation message
[HttpKernel] Fixed test name
[Debug] prevent infinite loop with faulty exception handlers
Add the missing `enabled` session attribute
[HttpKernel] Turn bad hosts into 400 instead of 500
* 2.8:
fixed wrong description in a phpdoc
19 digits VISA card numbers are valid
[HttpKernel] Fixed test name
[Debug] prevent infinite loop with faulty exception handlers
Add the missing `enabled` session attribute
[HttpKernel] Turn bad hosts into 400 instead of 500
* 2.7:
fixed wrong description in a phpdoc
19 digits VISA card numbers are valid
[HttpKernel] Fixed test name
[Debug] prevent infinite loop with faulty exception handlers
Add the missing `enabled` session attribute
[HttpKernel] Turn bad hosts into 400 instead of 500