This PR was submitted for the master branch but it was merged into the 3.4 branch instead (closes#36221).
Discussion
----------
[Validator] Add the missing translations for the Arabic (ar) locale
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| Tickets |
| License | MIT
This is a basic PR to add the missing Validator translations for AR Locale.
Commits
-------
d3fa02a918 [Validator] Add the missing translations for the Arabic (ar) locale
This PR was merged into the 5.1-dev branch.
Discussion
----------
[Typo] Rename occurence to occurrence
| Q | A
| ------------- | ---
| Branch? | master (5.1)
| Bug fix? | yes (typo)
| New feature? | no
| Deprecations? | no
| Tickets | Fix#36242
| License | MIT
| Doc PR | Not needed
This PR will fix correct spelling of methods containing the word occurrence implemented with PR :
- [PHPUnitBridge] Improved deprecations display #35271
This changes are on master branch, because the original PR is a new feature for Symfony 5.1.
Commits
-------
11f746a2c7 [Typo] Rename occurence to occurrence
This PR was squashed before being merged into the 5.1-dev branch.
Discussion
----------
[HttpClient] Fix TraceableHttpClient::stream that not works
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets |
| License | MIT
| Doc PR |
The stream method when using the TraceableHttpClient seems not work.
I'm not sure to really understand what the previous implementation should do but this is an attempt to fix it.
Commits
-------
575f0408df [HttpClient] Fix TraceableHttpClient::stream that not works
This PR was squashed before being merged into the 3.4 branch.
Discussion
----------
[Console] Fix OutputStream for PHP 7.4
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | Fix#36166
| License | MIT
From PHP 7.4, `fwrite` function now returns false for any failure: https://www.php.net/manual/en/migration74.incompatible.php#migration74.incompatible.core.fread-fwrite
Actually, the note in the PHP documentation is not exact: for PHP 7.3 and lower, `fwrite` function did return false when arguments passed in to the function were invalid, and 0 for other failures. From PHP 7.4, it returns false for any failure.
We can see it in the source code: for PHP 7.3: a1a8d14485/ext/standard/file.c (L1140)
Compare to PHP 7.4: https://github.com/php/php-src/blob/master/ext/standard/file.c#L1136
I update `OutputStream::doWrite()` to keep the same behavior as before.
Commits
-------
b375f93ed7 [Console] Fix OutputStream for PHP 7.4
This PR was squashed before being merged into the 4.4 branch.
Discussion
----------
add missing gitattributes for phpunit-bridge
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | no
| New feature? | no <!-- please update src/**/CHANGELOG.md files -->
| Deprecations? | no <!-- please update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| Tickets |
| License | MIT
| Doc PR |
Seems like the phpunit bridge has been forgotten in https://github.com/symfony/symfony/pull/33579
Commits
-------
d4c052a2fa add missing gitattributes for phpunit-bridge
This PR was submitted for the master branch but it was merged into the 3.4 branch instead.
Discussion
----------
[Validator] add German translations
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| Tickets |
| License | MIT
| Doc PR |
Commits
-------
32d9a5298e add German translations
This PR was submitted for the master branch but it was merged into the 3.4 branch instead (closes#36192).
Discussion
----------
[Validator] Add french "at least" constraint translations
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| License | MIT
Completion of PR https://github.com/symfony/symfony/pull/36165 by adding french translation for "at least" constraint.
Commits
-------
f885822350 Add french "at least" constraint translations
This PR was merged into the 5.1-dev branch.
Discussion
----------
[Form] Allowing plural message on extra data validation failure
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| Deprecations? | no
| License | MIT
| Doc PR | -
When using allow_extra_fields feature (and set to false) with an extra_fields_message, this message may now support pluralization regarding count of extra fields (extra data). e.g. "extra field found|extra fields found"
Commits
-------
0b058fa0a0 Allowing plural message on extra data validation failure
When using allow_extra_fields feature (and set to false) with an extra_fields_message, this message may now support pluralization regarding count of extra fields (extra data). e.g. "extra field found|extra fields found"
This PR was merged into the 5.1-dev branch.
Discussion
----------
[Uid] work around buggy libuuid
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | -
As found while working on the polyfill, fixed upstream in
d6ddf07d31
Commits
-------
ebf601b1a6 [Uid] work around buggy libuuid
* 5.0:
[Http Foundation] Fix clear cookie samesite
[Security] Check if firewall is stateless before checking for session/previous session
[Form] Support customized intl php.ini settings
[Security] Remember me: allow to set the samesite cookie flag
[Debug] fix for PHP 7.3.16+/7.4.4+
[Validator] Backport translations
[Mailer] Use %d instead of %s for error code in error messages
[HttpKernel] fix locking for PHP 7.4+
[Security] Fixed hardcoded value of SODIUM_CRYPTO_PWHASH_MEMLIMIT_INTERACTIVE
Prevent warning in proc_open()
[FrameworkBundle] Fix Router Cache
Fix deprecation messages
* 4.4:
[Http Foundation] Fix clear cookie samesite
[Security] Check if firewall is stateless before checking for session/previous session
[Form] Support customized intl php.ini settings
[Security] Remember me: allow to set the samesite cookie flag
[Debug] fix for PHP 7.3.16+/7.4.4+
[Validator] Backport translations
[Mailer] Use %d instead of %s for error code in error messages
[HttpKernel] fix locking for PHP 7.4+
[Security] Fixed hardcoded value of SODIUM_CRYPTO_PWHASH_MEMLIMIT_INTERACTIVE
Prevent warning in proc_open()
[FrameworkBundle] Fix Router Cache
Fix deprecation messages
* 3.4:
[Http Foundation] Fix clear cookie samesite
[Security] Check if firewall is stateless before checking for session/previous session
[Form] Support customized intl php.ini settings
[Security] Remember me: allow to set the samesite cookie flag
[Debug] fix for PHP 7.3.16+/7.4.4+
[Validator] Backport translations
Prevent warning in proc_open()
This PR was merged into the 3.4 branch.
Discussion
----------
[Security/Http] Remember me: allow to set the samesite cookie flag
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | -
Similar to #35605, since Chrome 80 is going to require the `samesite` attribute.
This is a cherry-pick of #27976
Commits
-------
f0ceb73397 [Security] Remember me: allow to set the samesite cookie flag
This PR was squashed before being merged into the 3.4 branch.
Discussion
----------
[Http Foundation] Fix clear cookie samesite
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | Fix#36107
| License | MIT
With Chrome Update 80, Cookies are required to be `secure` and `samesite=none` for cross site requests. However they are defaulted to `samesite=lax` if the samesite attribute is not set. In other words: developer has to explicitely opt-in for `samesite=none` in the case of a cross site request.
More details: https://chromestatus.com/feature/5088147346030592
We add the `samesite` argument to `clearCookie` method to allow developer to explicitely set this value.
Commits
-------
4bdea1f2e7 [Http Foundation] Fix clear cookie samesite
This PR was submitted for the 4.4 branch but it was squashed and merged into the 3.4 branch instead.
Discussion
----------
[Security] Check if firewall is stateless before checking for session/previous session
| Q | A
| ------------- | ---
| Branch? | 4.4 <!-- see below -->
| Bug fix? | yes
| New feature? | no <!-- please update src/**/CHANGELOG.md files -->
| Deprecations? | no <!-- please update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| Tickets | - <!-- prefix each issue number with "Fix #", if any -->
| License | MIT
| Doc PR | -
For one of our applications we had the issue that the session was always initialized, even for routes behind stateless firewalls. Using the redis session adapter this sometimes lead to exceptions if the connection failed. This change prevents the session from being initialized in the guard authentication handler for stateless firewalls
Commits
-------
9bb1230525 [Security] Check if firewall is stateless before checking for session/previous session