This PR was merged into the 2.3 branch.
Discussion
----------
[Form] Improved exception message if the data class is not found
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #12359, #12367
| License | MIT
| Doc PR | -
Commits
-------
4145836 [Form] Improved exception message if the data class is not found
This PR was merged into the 2.3 branch.
Discussion
----------
[Yaml] execute cheaper checks before more expensive ones
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
Minor improvements to the checks as suggested by @stof in #13262.
Commits
-------
cd4349d execute cheaper checks before more expensive ones
If an empty token is provided (from automated tools, or on purpose when
running a command), the argument getter was not checking the other
tokens, as '' == false in php, which is the stop condition of the while
loop in this method.
This method should now rely on the count of tokens rather than the value
of the return of array_shift
* Support services using a parameter for their class name.
* Prevent abstract services as event subscribers.
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
This PR was merged into the 2.3 branch.
Discussion
----------
[Yaml] Improve YAML boolean escaping
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #13209
| License | MIT
| Doc PR | None
This PR ensures that PHP [values which would be interpreted as booleans][1] in older versions of the YAML spec are escaped with single quotes when dumped by the Dumper.
For example, dumping this:
```php
array(
'country_code' => 'no',
'speaks_norwegian' => 'y',
'heating' => 'on',
)
```
Will produce this YAML:
```yaml
country_code: 'no'
speaks_norwegian: 'y'
heating: 'on'
```
[1]: http://yaml.org/type/bool.html
Commits
-------
8fa056b Inline private 'is quoting required' methods in Escaper
afe827a Merge pull request #2 from larowlan/patch-2
a0ec0fe Add comment as requested
1e0633e Merge pull request #1 from larowlan/patch-1
81a8090 Remove duplicate 'require'
3760e67 [Yaml] Improve YAML boolean escaping
This PR was merged into the 2.3 branch.
Discussion
----------
fix missing comma in YamlDumper
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
The YamlDumper were missing commas between tag attributes.
See https://github.com/rosstuck/TuckConverterBundle/issues/6
Commits
-------
f600d1a fix missing comma in YamlDumper
This PR was merged into the 2.3 branch.
Discussion
----------
[Form] Set a child type to text if added to the form without a type.
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #13167
| License | MIT
| Doc PR | -
This copies the behaviour of `FormBuilder::create()` to `Form::add()`.
ping @webmozart
Commits
-------
57070a2 [Form] Set a child type to text if added to the form without a type.
This PR was squashed before being merged into the 2.3 branch (closes#13286).
Discussion
----------
[Security] Don't destroy the session on buggy php releases.
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #13269, #13283
| License | MIT
| Doc PR | none
See #13269 for the discussion. This workaround avoids destroying the old session after login on the migrate strategy when running under a php version that we know to be broken.
Corresponding php bug: https://bugs.php.net/bug.php?id=63379
Commits
-------
5d0b527 [Security] Don't destroy the session on buggy php releases.
This PR was squashed before being merged into the 2.3 branch (closes#13231).
Discussion
----------
[WIP] Made help information of commands more consistent
| Q | A
| --- | ---
| Test pass | Not yet
| License | MIT
| Fixed tickets | -
Commits
-------
602d687 [WIP] Made help information of commands more consistent
This PR was merged into the 2.3 branch.
Discussion
----------
CS: add missing param names to @param annotation
| Q | A
| ------------- | ---
| Fixed tickets |
| License | MIT
as stated by @stof [here](https://github.com/symfony/symfony/pull/12886#issuecomment-68626732)
Commits
-------
665825b add missing param names to @param annotation
- Moves dumping single-quoting logic into Yaml\Escaper
- Ensures that PHP values which would be interpreted as booleans in
older versions of the YAML spec are escaped with single quotes when
dumped by the Dumper.
This PR was merged into the 2.3 branch.
Discussion
----------
[2.3] missing cleanup for legacy test
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
Commits
-------
7e929ab [2.3] missing cleanup for legacy test
This PR was merged into the 2.3 branch.
Discussion
----------
[Filesystem] enforce umask while testing
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
Having a predictable umask (but not the usual one) should help (TDD for #13222).
When merging in 2.5, the patch should be moved to the new `FilesystemTestCase`
Commits
-------
1e547be [Filesystem] enforce umask while testing
This PR was merged into the 2.3 branch.
Discussion
----------
[TwigBridge] moved fixtures into their own directory
Commits
-------
0b775cd [TwigBridge] moved fixtures into their own directory
This PR was merged into the 2.3 branch.
Discussion
----------
[TwigBundle] added missing @deprecated tags
The `Symfony\Bundle\TwigBundle\Extension\ActionsExtension` class has been deprecated in Symfony 2.2 but we forgot to deprecate the related classes.
Commits
-------
82f8a79 [TwigBundle] added missing @deprecated tags
This PR was merged into the 2.3 branch.
Discussion
----------
[Yaml] Update README.md
| Q | A
| ------------- | ---
| Fixed tickets |
| License | MIT
The ability to pass file names to Yaml::parse() was deprecated in 2.2 and will be removed in 3.0. So show an up-to-date example.
Commits
-------
bab98f0 [Yaml] Update README.md
PHPUnit ini_set wrapper is now used in tests to automatically reset
ini settings after the test is run. This avoids possible side effects
and test skipping.
Native ini_set is still used in DefaultCsrfProviderTest, but its
tests are run in isolation.
This PR was merged into the 2.3 branch.
Discussion
----------
[2.3] for consistency, use value of DIRECTORY_SEPARATOR to detect Windows
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
This commit unifies the detection of Windows builds across the Symfony
codebase.
Commits
-------
20a427d use value of DIRECTORY_SEPARATOR to detect Windows
This PR was merged into the 2.3 branch.
Discussion
----------
Fix the implementation of deprecated Locale classes
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
The ICU component does not exist anymore, but the BC layer was still referencing it.
Commits
-------
eb0637f Fix the implementation of deprecated Locale classes
This PR was merged into the 2.3 branch.
Discussion
----------
Fix phpdoc and coding standards
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | ~
| License | MIT
| Doc PR | ~
This removes the unused use statements which were not catched by PHP-CS-Fixer because of string occurences. It also fixes some invalid phpdoc (scalar is not recognized as a valid type for instance).
This is complementary to https://github.com/symfony/symfony/pull/13134
Commits
-------
8cc3f6a Fix phpdoc and coding standards
This PR was merged into the 2.3 branch.
Discussion
----------
Remove usages of deprecated constants
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
This removes the usage of deprecated constants in our code.
I'm applying this in 2.3 to make merging branches easier. This is especially needed for 2.7 because of deprecation warnings added in #13060 (warnings are triggered in this PR because of these usages)
Commits
-------
6c00c22 Remove usages of deprecated constants
This PR was merged into the 2.3 branch.
Discussion
----------
Update functional tests to use the PSR NullLogger
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
This avoids using the deprecated NullLogger in tests.
I'm applying this in 2.3 to make merging branches easier. This is especially needed for 2.7 because of deprecation warnings added in #13060 (tests are failing in this PR currently because of that)
Commits
-------
30cff26 Update functional tests to use the PSR NullLogger
This removes the unused use statements which were not catched by
PHP-CS-Fixer because of string occurences. It also fixes some invalid
phpdoc (scalar is not recognized as a valid type for instance).
This PR was merged into the 2.3 branch.
Discussion
----------
No global state for isolated tests and other fixes
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
By default, phpunit preserves global state for isolated processes. This made the tests break on my laptop.
Other tweaks included.
In branch 2.5, `src/Symfony/Component/Security/Csrf/Tests/TokenStorage/NativeSessionTokenStorageTest.php` also misses the `@preserveGlobalState disabled` annotation. Please add it when merging
Commits
-------
750f3a6 No global state for isolated tests and other fixes
This PR was merged into the 2.3 branch.
Discussion
----------
[TwigBundle] Moved the setting of the default escaping strategy from the Twig engine to the Twig environment
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #11773
| License | MIT
| Doc PR | n/a
The default escaping strategy was set on the Twig Engine and not the Twig Environment. That's a problem under some circumstances (like what #11773 describes), but it's also much better to set everything on the Twig Environment directly.
Commits
-------
91b24e8 [TwigBundle] Moved the setting of the default escaping strategy from the Twig engine to the Twig environment
This PR was merged into the 2.3 branch.
Discussion
----------
[HttpFoundation] fixed error when an IP in the X-Forwarded-For HTTP head...
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
On symfony.com, we have errors related to IP addresses in the `X-Forwarded-For` HTTP header that have a port. If that happens (I have no ideas what is doing that), the page crashes with an error like `inet_pton(): Unrecognized address 187.65.229.211:63479` (which comes from IpUtils::checkIpv6()). This fixes the root cause by removing the port.
#12572 is solving the consequence and I propose to also merge it.
Commits
-------
60ad382 [HttpFoundation] fixed error when an IP in the X-Forwarded-For HTTP header contains a port
This PR was merged into the 2.3 branch.
Discussion
----------
[CssSelector] added the license of the Python library we ported to PHP
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #11894
| License | MIT
| Doc PR | n/a
Commits
-------
fa36b98 [CssSelector] added the license of the Python library we ported to PHP
This PR was merged into the 2.3 branch.
Discussion
----------
[2.3] [Bridge] [Propel] minor improvements to the Propel bridge.
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | ~
| License | MIT
| Doc PR | ~
Commits
-------
6d9d460 [Bridge] [Propel] minor improvements to the Propel bridge.
This PR was merged into the 2.3 branch.
Discussion
----------
[Config] fix error handler restoration in test
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
Commits
-------
266afeb [Config] fix error handler restoration in test
This PR was merged into the 2.3 branch.
Discussion
----------
[FrameworkBundle] forward error reporting level to insulated Client
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
Especially if deprecation notices are silenced on the main php instance, we should also silence them in the insulated Client
Commits
-------
d82e062 [FrameworkBundle] forward error reporting level to insulated Client
This PR was squashed before being merged into the 2.3 branch (closes#13054).
Discussion
----------
[2.3] CS Fixes
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | N/A
| License | MIT
| Doc PR | N/A
##### This pull request provides some cs fixes.
Commits
-------
b521c20 [2.3] CS Fixes
This PR was merged into the 2.3 branch.
Discussion
----------
[2.3] [SecurityBundle] adds unit tests suite for SecurityDataCollector class.
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | ~
| License | MIT
| Doc PR | ~
Commits
-------
85f72f4 [SecurityBundle] adds unit tests suite for SecurityDataCollector class.
This PR was merged into the 2.3 branch.
Discussion
----------
[PropertyAccess] Added test to verify #5775 is fixed
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #5775
| License | MIT
| Doc PR |
Added regression test to verify #5775 has been fixed some time ago, so that it can be closed.
Commits
-------
45651c6 [PropertyAccess] Added test to verify #5775 is fixed
This PR was merged into the 2.3 branch.
Discussion
----------
[Config] fixes broken unit test on ArrayNode class.
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | ~
| License | MIT
| Doc PR | ~
Commits
-------
a7ee58a [Config] fixes broken unit test on ArrayNode class.
This PR was merged into the 2.3 branch.
Discussion
----------
[Config] adds missing « use » statement for InvalidTypeException type hint in documentation.
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | ~
| License | MIT
| Doc PR | ~
Commits
-------
e855424 [Config] adds missing « use » statement for InvalidTypeException type hint in documentation.
This PR was merged into the 2.3 branch.
Discussion
----------
[Security] Delete old session on auth strategy migrate
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #13026
| License | MIT
| Doc PR |
As identified by @austinh in #13026 there are two sessions after authentication, since the previous session is migrated to a new one by ``session_regenerate_id``. This PR ensures the old session is been deleted immediately on migration.
I can't see any drawbacks, but if the change would break BC, another approach would be to add a new strategy like ``switch`` to enable instant deletion of the old session.
Commits
-------
5dd11e6 [Security] Delete old session on auth strategy migrate
This PR was merged into the 2.3 branch.
Discussion
----------
[Config] Very minor grammar fix in error message
It's just a tiny detail, but I found it important enough to submit a fix.
| Q | A
| --- | ---
| License | MIT
| Fixed tickets | -
Commits
-------
1c65f36 Very minor grammar fix in error message
This PR was merged into the 2.3 branch.
Discussion
----------
[Tests] Silenced all deprecations in tests for 2.3
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | ~
| License | MIT
| Doc PR | ~
Also removed src/Symfony/Component/Security/Core/Tests/Validator/Constraints/UserPasswordValidatorTest.php as it was not running at all.
Commits
-------
ef4ae63 [Tests] Silenced all deprecations in tests for 2.3
To be able to use `Twig_SimpleFunction` in `AssetsExtension`, Twig has
to be present in version 1.12 or higher. The TwigBridge only enforces
this Twig version as of version 2.3.10.
This PR was merged into the 2.3 branch.
Discussion
----------
[FrameworkBundle] fix cache:clear command
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #12893
| License | MIT
| Doc PR | -
Reading comment on #12893 stating that using absolute paths works around the pb, I tried using realpath(),
and it works!
Pending work on #12955 can be done quietly now.
Commits
-------
a14153a [FrameworkBundle] fix cache:clear command
This PR was merged into the 2.3 branch.
Discussion
----------
CS: There should be no empty lines following phpdocs
Commits
-------
143f900 CS: There should be no empty lines following phpdocs
This PR was merged into the 2.3 branch.
Discussion
----------
[HttpFoundation] Fix return phpdoc
| Q | A
| ------------- | ---
| Bug fix? | tiny (for IDE autocompletion)
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
What about using `self` or `static` keyword for this?
Commits
-------
9af2d81 Fix return phpdoc
This PR was squashed before being merged into the 2.3 branch (closes#12993).
Discussion
----------
[2.3] Docblocks should not be followed by a blank line
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | N/A
| License | MIT
| Doc PR | N/A
There should be no blank line(s) between phpdocs that document properties, interfaces, classes, functions, or traits. This pull request was a test run of a new php-cs-fixer: https://github.com/FriendsOfPHP/PHP-CS-Fixer/pull/864.
Commits
-------
4e7ba1b [2.3] Docblocks should not be followed by a blank line
This PR was merged into the 2.3 branch.
Discussion
----------
[2.3] [Security] Fixed The AuthenticationProviderInterface Alignment
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | N/A
| License | MIT
| Doc PR | N/A
##### This pull request fixes the AuthenticationProviderInterface alignment.
Everything was indented by one too many spaces.
Commits
-------
1270327 Fixed the AuthenticationProviderInterface alignment
This PR was squashed before being merged into the 2.3 branch (closes#12761).
Discussion
----------
[Filesystem] symlink use RealPath instead LinkTarget
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| License | MIT
Commits
-------
a8b8d33 [Filesystem] symlink use RealPath instead LinkTarget
This PR was merged into the 2.3 branch.
Discussion
----------
[2.3] Fixed the proxy-manager version constraint
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | N/A
| License | MIT
| Doc PR | N/A
##### This pull request fixes the `ocramius/proxy-manager` version constraint in the 2.3 branch.
`"~0.3.1"` is far cleaner than `">=0.3.1,<0.4-dev"`, and does the same thing.
Commits
-------
ed6c50f Fixed the proxy-manager version constraint
This PR was merged into the 2.3 branch.
Discussion
----------
[2.3] Remove possible call_user_func()
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
Merging this in 2.3 enhances performance a bit, but more importantly will ease future merges into 3.0.
Commits
-------
fad7aba [2.3] Remove possible call_user_func()
This PR was merged into the 2.3 branch.
Discussion
----------
[DependencyInjection] Perf php dumper
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
This PR came up after this comment to reduce the number of calls to dirname():
https://github.com/symfony/symfony/pull/12784#issuecomment-65619179
Commits
-------
375f83e Revert "[DependencyInjection] backport perf optim"
fcd8ff9 [DependencyInjection] perf optim: call dirname() at most 5x
c11535b [DependencyInjection] backport perf optim
This PR was merged into the 2.3 branch.
Discussion
----------
[ClassLoader] Fix undefined index in ClassCollectionLoader
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
Commits
-------
cfdb925 [ClassLoader] Fix undefined index in ClassCollectionLoader
This PR was merged into the 2.3 branch.
Discussion
----------
PSR-2 Fixes
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | N/A
| License | MIT
| Doc PR | N/A
##### This pull request brings symfony 2.3 back inline with PSR-2.
Commits
-------
eda746b PSR-2 fixes
This PR was merged into the 2.3 branch.
Discussion
----------
[DependencyInjection] make paths relative to __DIR__ in the generated container
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #6484, #3079, partially #9238, #10894, #10999
| License | MIT
| Doc PR | n/a
This is an alternative approach to #10999 for removing absolute paths from the generated container:
instead of trying to fix the container file after it has been dumped, telling to the PhpDumper where its output will be written allows it to replace parts of strings by an equivalent value based on `__DIR__`.
This should be safe, thus the PR is on 2.3.
Commits
-------
edd7057 [DependencyInjection] make paths relative to __DIR__ in the generated container
This PR was merged into the 2.3 branch.
Discussion
----------
Fixed the symfony/config version constraint
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | N/A
| License | MIT
| Doc PR | N/A
##### This pull request fixes the `symfony/config` version constraint in the proxy manager bridge.
Before this pull, composer was only allowing `v2.3.0` to be downloaded. This surely was not the intention. I've updated the version constraint from `"2.3"` to `"~2.3"` thus allowing all 2.x versions that are equal to or greater than `v2.3.0`.
Commits
-------
ec14f0f Fixed the symfony/config version constraint
This PR was merged into the 2.3 branch.
Discussion
----------
Docblock Fixes
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | N/A
| License | MIT
| Doc PR | N/A
##### This pull request fixes the docblock alignment as requested in #12760.
It was also necessary for me to ensure the `@return` annotations were correctly separated in order to accurately align the `@param` annotations.
Commits
-------
443307e Docblock fixes
This PR was merged into the 2.3 branch.
Discussion
----------
Tweaked the password-compat version constraint
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | N/A
| License | MIT
| Doc PR | N/A
##### This pull request tweaks the `"ircmaxell/password-compat` version constraint in the 2.3 branch.
I've updated the version constraint to `"~1.0"` match the way we require all "stable" releases. Note that this version constraint is technically different, but I consider it safe still.
Commits
-------
f703e56 Tweaked the password-compat version constraint
This PR was merged into the 2.3 branch.
Discussion
----------
[ClassLoader] define constant only if it wasn't defined before
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
Commits
-------
388229b define constant only if it wasn't defined before
This PR was merged into the 2.3 branch.
Discussion
----------
Rename Symfony2 to Symfony
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
Replaces #12563
Commits
-------
0a76b7e Rename Symfony2 to Symfony
This PR was merged into the 2.3 branch.
Discussion
----------
[Bundle][FrameworkBundle] be smarter when guessing the document root
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #12524
| License | MIT
| Doc PR |
Commits
-------
e28f5b8 be smarter when guessing the document root
This PR was merged into the 2.3 branch.
Discussion
----------
compare version using PHP_VERSION_ID
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
To let opcode caches optimize cached code, the `PHP_VERSION_ID`
constant is used to detect the current PHP version instead of calling
`version_compare()` with `PHP_VERSION`.
Commits
-------
367ed3c compare version using PHP_VERSION_ID
To let opcode caches optimize cached code, the `PHP_VERSION_ID`
constant is used to detect the current PHP version instead of calling
`version_compare()` with `PHP_VERSION`.
This PR was merged into the 2.3 branch.
Discussion
----------
[HttpFoundation] CSRF warning docs on Request::enableHttpMethodParameterOverride()
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #12043
| License | MIT
| Doc PR | /
Since I wanted to understand this issue I did some research and altered the comment block. Is this a clear enough explanation or does it need more?
Commits
-------
deb70ab CSRF warning docs on Request::enableHttpMethodParameterOverride()
This PR was merged into the 2.3 branch.
Discussion
----------
[Yaml] improve error message for multiple documents
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
The YAML parser doesn't support multiple documents. This pull requests
improves the error message when the parser detects multiple YAML
documents.
see also #11840
Commits
-------
c77fdcb improve error message for multiple documents
This PR was merged into the 2.3 branch.
Discussion
----------
Translation debug improve error reporting
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #12252
| License | MIT
| Doc PR |
Indicate which file was being parsed if an exception is thrown while running translation:debug
When running the translation:debug command, if a template contains invalid twig markup,
an exception is thrown. This patch rethrows a new exception that includes the filename
being parsed in the message to aid debugging.
Commits
-------
97a8f7e [TwigBundle] added a test
b1bffc0 Indicate which file was being parsed if an exception is thrown while running translation:debug
This PR was merged into the 2.3 branch.
Discussion
----------
[Form] fix form handling with OPTIONS request method
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #8282
| License | MIT
| Doc PR | -
The OPTIONS request is just handled as any other request method. And accoring to the spec, an options request can also contain a request body like a POST. This only applied when using the deprecated form processing with `$form->submit($request)`. The change also makes the handling consistent with the `handleRequest` behavior via https://github.com/symfony/symfony/blob/master/src/Symfony/Component/Form/Extension/HttpFoundation/HttpFoundationRequestHandler.php
Commits
-------
28eabd8 [Form] fix form handling with unconventional request methods like OPTIONS
When running the translation:debug command, if a template contains invalid twig markup,
an exception is thrown. This patch rethrows a new exception that includes the filename
being parsed in the message to aid debuging.
This PR was merged into the 2.3 branch.
Discussion
----------
[Validator] Fixed Regex::getHtmlPattern() to work with complex and negated patterns
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #5307
| License | MIT
| Doc PR | -
According to my own testing, this should fix the generation of HTML patterns when `Regex::$match` is set to false. Additionally, patterns containing pipes (or statements) are fixed. See the test cases for examples.
Commits
-------
bf006f5 [Validator] Fixed Regex::getHtmlPattern() to work with complex and negated patterns
This PR was merged into the 2.3 branch.
Discussion
----------
[Session] remove invalid hack in session regenerate
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
The original issue #7380 was just caused because the developer missed to save the session before doing the redirect. That's all. Such mistakes won't happen anymore with #12341
This reverts #8270 and following. Also it makes absolutely no sense to do this only for the `files` save handler which creates huge inconsistencies. All save handlers are affected and it's more a documentation thing.
Commits
-------
703d906 [Session] remove invalid workaround in session regenerate
This PR was merged into the 2.3 branch.
Discussion
----------
[Kernel] ensure session is saved before sending response
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #6417, #7885
| License | MIT
| Doc PR | n/a
Saves the session, in case it is still open, before sending the response.
This ensures several things in case the developer did not save the session explicitly:
- If a session save handler without locking is used, it ensures the data is available
on the next request, e.g. after a redirect. PHPs auto-save at script end via
session_register_shutdown is executed after fastcgi_finish_request. So in this case
the data could be missing the next request because it might not be saved the moment
the new request is processed.
- A locking save handler (e.g. the native 'files') circumvents concurrency problems like
the one above. By saving the session before long-running things in the terminate event,
we ensure the session is not blocked longer than needed.
- When regenerating the session ID no locking is involved in PHPs session design. See
https://bugs.php.net/bug.php?id=61470 for a discussion. So in this case, the session must
be saved anyway before sending the headers with the new session ID. Otherwise session
data could get lost again for concurrent requests with the new ID. One result could be
that you get logged out after just logging in.
This listener should be executed as one of the last listeners, so that previous listeners
can still operate on the open session. This prevents the overhead of restarting it.
Listeners after closing the session can still work with the session as usual because
Symfonys session implementation starts the session on demand. So writing to it after
it is saved will just restart it.
Commits
-------
b7bfef0 [Kernel] ensure session is saved before sending response
This PR was merged into the 2.3 branch.
Discussion
----------
[Config] fix filelocator with empty name
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
fix filelocator with empty name + phpdoc in config component
Commits
-------
63b8c07 [DependencyInjection] use inheritdoc for loaders
ddd2fe2 [Config] fix filelocator with empty name
The original issue #7380 was just caused because the developer missed to save the session before doing the redirect. That's all. This reverts #8270 and following.
This also makes the CompiledRoute implement Serializable in order to:
1. make the serialization format shorter
2. have no null bytes in there, which the native serializer add for private properties, and thus would complicate saving in databases etc.
3. We should add to our symfony BC promise, that only classes that implement Serializable are ensured to be deserializable correctly with serialized representations of the class in previous symfony versions.
This PR was squashed before being merged into the 2.3 branch (closes#12293).
Discussion
----------
Remove aligned '=>' and '='
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | [https://github.com/symfony/symfony/issues/12284]
| License | MIT
Could you said to me if i should make an other PR for 2.5 branch.
Commits
-------
51312d3 Remove aligned '=>' and '='
This PR was merged into the 2.3 branch.
Discussion
----------
[Security][listener] change priority of switchuser
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| License | MIT
Hi,
I have the following users:
- Manager: Allowed to access to (/admin) and has a role ROLE_ALLOWED_TO_SWITCH
- Partner: Allowed to access to (/partner)
When I attempt to switch to partner user I get "Access denied", well I think the switchuser listener must be registred before access listener.
Commits
-------
5f8047d [Security][listener] change priority of switchuser
This PR was merged into the 2.3 branch.
Discussion
----------
[Form] no need to add the url listener when it does not do anything
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
In line with #11696
Commits
-------
7aea1c9 [Form] no need to add the url listener when it does not do anything
In #12253, improved feedback was added to the `server:run` command
instructing the user how to terminate the built-in web server. This
is hereby backported to the `2.3` branch.
This PR was merged into the 2.3 branch.
Discussion
----------
[TwigBundle] do not pass a template reference to twig
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
twig does not know about template references and only expects a string.
this commit also fixes that name parsing and locating was called twice for nonexistent templates.
Commits
-------
7fe33e3 [TwigBundle] do not pass a template reference to twig
twig does not know about template references and only expects a string.
this commit also fixes that name parsing and locating was called twice for nonexistent templates
This PR was merged into the 2.3 branch.
Discussion
----------
use meta charset in layouts without legacy http-equiv
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
`<meta charset="UTF-8" />` is now the recommended approach
Commits
-------
96e7b01 use meta charset in layouts without legacy http-equiv
`array_map()` raises a warning when an exception is thrown inside the
callback (see https://bugs.php.net/bug.php?id=55416). To avoid these
warnings, `selectorToXPath()` is applied inside the loop.
[HttpFoundation] fixed the docs so that it gives some explanation about how you are vulnerable to CSRF when you enable the httpMethodeParameterOverride
A small fix in the "parse" function of the "ControllerNameParser" Controller.
We should use "!==" instead of "!=" since it's better and faster in this case.
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | NA
| License | MIT
| Doc PR | NA
This PR was merged into the 2.3 branch.
Discussion
----------
fix components tests
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
Since #12006, the `ContainerBuilder` contains the `addExpressionLanguageProvider()` method which references a class from the ExpressionLanguage component. By default, the PHPUnit mock API tries to mock all methods of the class being doubled. Since the ExpressionLanguage component is not required to run the tests, creating the mock objects fails when the mock API fails to mock the `addExpressionLanguageProvider()` method.
Commits
-------
2f2a732 fix components tests
Since #12006, the `ContainerBuilder` contains the
`addExpressionLanguageProvider()` method which references a class from
the ExpressionLanguage component. By default, the PHPUnit mock API
tries to mock all methods of the class being doubled. Since the
ExpressionLanguage component is not required to run the tests,
creating the mock objects fails when the mock API fails to mock
the `addExpressionLanguageProvider()` method.
This PR was merged into the 2.3 branch.
Discussion
----------
[Intl] Integrated ICU data into Intl component #1
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #11447, #10807
| License | MIT
| Doc PR | -
This PR is an alternative implementation to #11884. It depends on ~~#11906~~ and ~~#11907~~ being merged first (~~these are included in the diff until after a merge+rebase~~ merged+rebased now).
With this PR, the ICU component becomes obsolete. The ICU data is bundled with Intl in two different formats: JSON and the binary ICU resource bundle format (version 2) readable by PHP's `\ResourceBundle` class. For a performance comparison between the two, see my [benchmark](/webmozart/json-res-benchmark).
~~The data is contained in two zip files: json.zip (2.6MB) and rb-v2.zip (3.8MB). The handler~~
```php
\Symfony\Component\Intl\Composer\ScriptHandler::decompressData()
```
~~needs to be added as Composer hook and decompresses the data after install/update.~~
The data is included as text/binary now. Git takes care of the compression.
Before this PR can be merged, I would like to find out what the performance difference between the two formats is in real applications. For that, I need benchmarks from some real-life applications which use ICU data - e.g. in forms (language drop-downs, country selectors etc.) - for both the JSON and the binary data. You can force either format to be used by hard-coding the return value of `Intl::detectDataFormat()` to `Intl::JSON` and `Intl::RB_V2` respectively. I'll also try to create some more realistic benchmarks.
If JSON is not significantly slower/takes up significantly more memory than the binary format, we can drop the binary format altogether.
Commits
-------
be819c1 [Intl] Integrated ICU data into Intl component
[Doctrine][DependencyInjection] The test checks that a few items are ordered according to the value of their 'priority' attribute. However, a few of the items have the same value of this attribute. RegisterEventListenersAndSubscribersPass doesn't use a stable sorting, yet the test asserts that items that are 'equal' shall go in the original order. Modified so that the order of the original items is not checked.
This PR was merged into the 2.3 branch.
Discussion
----------
[Validator] Simplified testing of violations
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
I simplified the assertion of violations in preparation of a replacement PR for #7276.
Commits
-------
8e5537b [Validator] Simplified testing of violations
This PR was merged into the 2.3 branch.
Discussion
----------
[Validator] Fixed StaticMethodLoaderTest to actually test something
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
This test is not testing anything, except for whether PHP throws a strict standards error when invalid code is loaded.
I disabled error reporting for this test, so that the actual functionality (ignoring static+abstract functions) is tested.
Commits
-------
1b1303a [Validator] Fixed StaticMethodLoaderTest to actually test something
This PR was merged into the 2.3 branch.
Discussion
----------
[FrameworkBundle] output failed matched path for clarification
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #11780
| License | MIT
| Doc PR | -
Because cygwin resolves the path behind the scenes, it is otherwise very unclear what path is actually used for matching.
Commits
-------
8d13af7 [FrameworkBundle] output failed matched path for clarification
This PR was merged into the 2.3 branch.
Discussion
----------
[Form] Fixed ValidatorTypeGuesser to guess properties without constraints not to be required
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #6645
| License | MIT
| Doc PR | -
Consider the following entity:
```php
class Author
{
/**
* @Assert\NotBlank
*/
private $name;
private $age;
}
```
Right now, the "required" HTML attribute is set for both fields (since the default value of the "required" option is true). IMO this is wrong.
With this fix, the ValidatorTypeGuesser guesses `false` for the "required" option unless a NotNull/NotBlank constraint is present.
Commits
-------
fd77b09 [Form] Fixed ValidatorTypeGuesser to guess properties without constraints not to be required
This PR was merged into the 2.3 branch.
Discussion
----------
[Form] Moved POST_MAX_SIZE validation from FormValidator to request handler
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #11729, #11877
| License | MIT
| Doc PR | -
Commits
-------
759ae1a [Form] Moved POST_MAX_SIZE validation from FormValidator to request handler
4780210 [Form] Add a form error if post_max_size has been reached.
This PR was merged into the 2.3 branch.
Discussion
----------
[WebProfilerBundle] turbolinks compatibility
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | no
| Fixed tickets | -
| License | MIT
| Doc PR | -
Fix profiler when using turbolinks. (Without this, profiler is rendered without assets)
Commits
-------
c65b4c7 [WebProfilerBundle] turbolinks compatibility
This PR was merged into the 2.3 branch.
Discussion
----------
[Finder][Urgent] Remove asterisk and question mark from folder name in test to prevent windows file system issues.
Bugfix: Yes
Fixed tickets: #11984 , #11985
Related tickets: #11970
Commit #11970 prevented Symphony from being checked out via windows due to invalid characters in a folder name within the tests.
The issue was reported in #11984 and was attempted to be fixed in #11985 but wasn't due to still including the question mark.
Please accept this ASAP as it entirely breaks any composer that relies on it.
Commits
-------
5fbb278 Avoid question mark and asterisk in folder names to prevent windows filesystem issues.
This PR was merged into the 2.3 branch.
Discussion
----------
[Translation] [Config] Clear libxml errors after parsing xliff file
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
If libxml_use_internal_errors is set to `true` before parsing xliff file, the libxml errors are not cleared correctly. An error `Validation failed: no DTD found !` occurs in libxml errors after parsing and it's available outside the xliff parser (can break other functionality that use `libxml_get_errors` function).
Commits
-------
fab61ef [Translation] [Config] Clear libxml errors after parsing XML file
A previous commit introduced a folder with a question mark and an asterisk which are invalid NTFS folder name characters and prevented checkout on those systems.
This PR was squashed before being merged into the 2.3 branch (closes#11340).
Discussion
----------
[2.3] Add missing development dependencies
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
I've also added a run of the test suite in every component scope.
Commits
-------
3b02af9 [2.3] Add missing development dependencies
This PR was merged into the 2.3 branch.
Discussion
----------
[HttpKernel] Make sure HttpCache is a trusted proxy
| Q | A
| ------------- | ---
| Bug fix? | yes (of sorts)
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #9292
| License | MIT
| Doc PR | https://github.com/symfony/symfony-docs/pull/4239Fixes#9292 by adding `127.0.0.1` as a trusted proxy when using `HttpCache` (assuming it hasn't been already).
Commits
-------
ca65362 Make sure HttpCache is a trusted proxy
This PR was squashed before being merged into the 2.3 branch (closes#11970).
Discussion
----------
[Finder] Escape location for regex searches
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
If the location to start searching in contains a regex special char
like + or ? and the path restriction is a regular expresion with a start
limitation. No results will be found wtih at least GnuFindAdapter - e.g.:
```
use Symfony\Component\Finder\Finder;
use Symfony\Component\Finder\Adapter;
mkdir('/tmp/reg+ex/dir/subdir', 0777, true);
$finder = Finder::create()
->removeAdapters()
->addAdapter(new Adapter\GnuFindAdapter());
$finder->in('/tmp/reg+ex')->path('/^dir/');
print count($finder)."\n";
```
Expected result: 2
Actual result is: 0
This pull request consists of:
* a new test checking for this bug (0e81086a49425d0e12cff4f479fabeb97e9ed757)
* the actual fix (6595b6b2b71afc57ef08686b4584713c0e4e48ed)
* changes to comply with the coding standard (7f199c5b53b3c1f38b36dcc286d3b20ae877425b)
## How to reproduce
### Fastest way
1. Move or copy your local symfony clone into a location containing special regex chars:
* `mv symfony symfony+regex`
2. Run tests in there
* `cd symfony+regex && phpunit`
> Result: Some tests in the finder component will fail.
### Alternative: A new clone
1. Clone symfony in a directory containing at least one regex special char
* `git clone https://github.com/symfony/symfony.git /tmp/symfony+regexchar`
2. As usual get composer, install dependencies and get phpunit
* You might simply want to follow [this guide](http://symfony.com/doc/current/contributing/code/tests.html)
3. Run tests in there
* `cd /tmp/symfony+regexchar && phpunit`
> Result: Some tests in the finder component will fail.
### Alternative: Apply the new test
1. Apply commit a29d1207ced2949c918357cf271200523960caef to your symfony clone
2. Run tests
> Result: The new test will fail.
Commits
-------
b63926b [Finder] Escape location for regex searches
This PR was merged into the 2.3 branch.
Discussion
----------
[HttpFoundation] fixed some volatile tests
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | see #11588
| License | MIT
| Doc PR | n/a
Commits
-------
00c1b75 [Process] fixed some volatile tests
974bf01 [HttpKernel] fixed a volatile test
6020c43 [HttpFoundation] fixed some volatile tests
This PR was merged into the 2.3 branch.
Discussion
----------
[Security] Uniform AccessDecisionManager decide behaviour
| Q | A
| --------------------|---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #10170
| License | MIT
| Doc PR | none
This PR uniforms the way the 3 decision policies (affirmative, consensus, unanimous) are handled in the Security\Core\Authoritzation\AccessDecisionManager.php
See #10170
Commits
-------
938ae4b [Security] Added more tests
This PR was merged into the 2.3 branch.
Discussion
----------
[Translation] made XliffFileDumper support CDATA sections.
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | maybe
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #11256
| License | MIT
Commits
-------
9926845 [Translation] made XliffFileDumper support CDATA sections.
This PR was merged into the 2.3 branch.
Discussion
----------
[Intl] Improved bundle reader implementations
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
This PR extracts bundle reader improvements from #9206.
The code is internal and used for resource bundle generation only, so I did not care about BC too much.
Commits
-------
c3cce5c [Intl] Improved bundle reader implementations
This PR was merged into the 2.3 branch.
Discussion
----------
[YAML] fix handling of empty sequence items
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #11798
| License | MIT
| Doc PR |
When a line contains only a dash it cannot safely be assumed that it contains a nested list or an embedded mapping. If the next line starts with a dash at the same indentation, the current line's item is to be treated as `null`.
Commits
-------
fc85435 fix handling of empty sequence items
This PR was merged into the 2.3 branch.
Discussion
----------
[Intl] Fixed a few bugs in TextBundleWriter
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
See the included test cases for more information. This code was extracted from #9206.
Commits
-------
7b4a35a [Intl] Fixed a few bugs in TextBundleWriter
This PR was merged into the 2.3 branch.
Discussion
----------
[Form][Validator] All index items after children are to be considered grand-children when resolving ViolationPath
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | unsure, see note below
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #11458
| License | MIT
| Doc PR | -
#### Possible BC Break
The old behavior had unit test cases specifically testing the case of a grand-children form. However, this behavior is not documented anywhere and the fix seems to have no adverse effects on form validation. `Symfony\Component\Form\FormInterface` implements `ArrayAccess`, therefore, semantically speaking, `children[direct_child].children[grand_children]` and `children[direct_child][grand_children]` are equivalent. `offsetGet` is expected to fetch an element from `children`. I do not see why both were not considered equivalent when resolving the ViolationPath.
This commit will indeed change how some errors are mapped. However since the old mapping is (in my opinion) a bug...
Commits
-------
c64a75f [Form][Validator] All index items after children are to be considered grand-children when resolving ViolationPath (fixes#11458)
This PR was merged into the 2.3 branch.
Discussion
----------
[Form] FormBuilder::getIterator() now deals with resolved children
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
I think FormBuilder::getIterator() should resolve children before makes an iterator because it seems to be used in same purpose with FormBuilder::all().
What do you think?
Commits
-------
0deb505 [Form] FormBuilder::getIterator() now deals with resolved children
This PR was merged into the 2.3 branch.
Discussion
----------
[SwiftmailerBridge] Bump allowed versions of swiftmailer
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes (but SwiftmailerBridge itself does not contain any tests)
| Fixed tickets | -
| License | MIT
| Doc PR | -
Current version of Swiftmailer is 5.2.1, while (previously to this commit)
the version installed by composer was 5.0.3.
This is rather important, since 5.2.1 closes a security issue that 5.0.3 is
vulnarable to (https://github.com/swiftmailer/swiftmailer/issues/494).
Commits
-------
a5e3fc9 [SwiftmailerBridge] Bump allowed versions of swiftmailer
This PR was merged into the 2.3 branch.
Discussion
----------
[DependencyInjection] remove `service` parameter type from XSD
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR | symfony/symfony-docs#4222
Referencing a service in a parameter doesn't work and will lead to an error when the configuration is loaded (see symfony/symfony-docs#4211).
Commits
-------
7333c2d remove `service` parameter type from XSD
This PR was merged into the 2.3 branch.
Discussion
----------
[Intl] Updated icu.ini up to ICU 53
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
Extracted from #9206.
Commits
-------
260e2fe [Intl] Updated icu.ini up to ICU 53
This PR was merged into the 2.3 branch.
Discussion
----------
[Intl] Removed non-working $fallback argument from ArrayAccessibleResourceBundle
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
The code in question didn't actually work. This was extracted from #9206.
Commits
-------
5feda5e [Intl] Removed non-working $fallback argument from ArrayAccessibleResourceBundle
Current version of Swiftmailer is 5.2.1, while (previously to this commit)
the version installed by composer was 5.0.3.
This is rather important, since 5.2.1 closes a security issue that 5.0.3 is
vulnarable to (https://github.com/swiftmailer/swiftmailer/issues/494).
This PR was merged into the 2.3 branch.
Discussion
----------
[Security] Use hash_equals for constant-time string comparison (again)
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
Use the `hash_equals` function (introduced in PHP 5.6) for timing attack safe string comparison when available.
Add in the DocBlock that length will leak (https://github.com/symfony/symfony/pull/11797#issuecomment-53990712).
Commits
-------
3071557 [Security] Add more tests for StringUtils::equals
03bd74b [Security] Use hash_equals for constant-time string comparison
This PR was merged into the 2.3 branch.
Discussion
----------
[DI] Added safeguards against invalid config in the YamlFileLoader
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #11333
| License | MIT
| Doc PR | n/a
Exceptions explaining the mistake are better than fatal errors or weird notices appearing when trying to deal with such invalid data.
The XML file loader is not affected by this because the data are validated with the XSD before being processed
Commits
-------
5183501 [DI] Added safeguards against invalid config in the YamlFileLoader
We didn't have this tag yet when this component was first written. The code in that
namespace is only used for resource bundle generation and was never meant for public
use.
This PR was merged into the 2.3 branch.
Discussion
----------
[FrameworkBundle] improve handling router script paths
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
The `server:run` command switches the working directory before starting the built-in web server. Therefore, the path to a custom router script had to be specified based on the document root path and not based on the user's working directory.
Another option is to update the documentation (as started in symfony/symfony-docs#4194). Though I think the current behaviour is a bug. The intended behaviour can be derived from the command's help message:
> ```
If you have custom docroot directory layout, you can specify your own
router script using --router option:
> ./app/console server:run --router=app/config/router.php
```
As you can see, the path is specified based on the current working directory.
Commits
-------
0a16cf2 improve handling router script paths
This PR was merged into the 2.3 branch.
Discussion
----------
[FrameworkBundle] backport more error information from 2.6 to 2.3
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #11724
| License | MIT
| Doc PR |
Commits
-------
87449e0 backport more error information from 2.6 to 2.3
The commit on master was:
server:run command: provide more error information
The server:run command didn't provide many information when the executed
command exited unexpectedly. Now, the process' exit code is passed through
and an error message is displayed.
This PR was merged into the 2.3 branch.
Discussion
----------
[HttpKernel] Escape ESI url in generated response
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR | NA
If a template with an `<esi>` tag is configured with an URL containing a `'` (in `src` or `alt`) ; the HttpCache will generate invalide php code.
It's not a security issue, given the template and the `<esi>` tag is written by the developper, but, as the character quote is allowed in URL (https://tools.ietf.org/html/rfc3986) it coud be a potential bug.
Commits
-------
b044c45 Escape parameter on generated response
This PR was merged into the 2.3 branch.
Discussion
----------
[Yaml] improve error message when detecting unquoted asterisks
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #11835
| License | MIT
| Doc PR |
Asterisks in unquoted strings are used in YAML to reference variables. Before Symfony 2.3.19, Symfony 2.4.9 and Symfony 2.5.4, unquoted asterisks in inlined YAML code were treated as regular strings. This was fixed for the inline parser in #11677. However, an unquoted * character now led to an error message like this:
```
PHP Warning: array_key_exists(): The first argument should be either a string or an integer in vendor/symfony/symfony/src/Symfony/Component/Yaml/Inline.php on line 409
[Symfony\Component\Yaml\Exception\ParseException]
Reference "" does not exist at line 171 (near "- { foo: * }").
```
Commits
-------
854e07b improve error when detecting unquoted asterisks
The `server:run` command switches the working directory before
starting the built-in web server. Therefore, the path to a custom
router script had to be specified based on the document root path
and not based on the user's working directory.
Asterisks in unquoted strings are used in YAML to reference
variables. Before Symfony 2.3.19, Symfony 2.4.9 and Symfony 2.5.4,
unquoted asterisks in inlined YAML code were treated as regular
strings. This was fixed for the inline parser in #11677. However, an
unquoted * character now led to an error message like this:
```
PHP Warning: array_key_exists(): The first argument should be either a string or an integer in vendor/symfony/symfony/src/Symfony/Component/Yaml/Inline.php on line 409
[Symfony\Component\Yaml\Exception\ParseException]
Reference "" does not exist at line 171 (near "- { foo: * }").
```
This PR was merged into the 2.3 branch.
Discussion
----------
n/a
n/a
Commits
-------
f38536a [WebProfiler] replaced the import/export feature from the web interface to a CLI tool
This PR was merged into the 2.3 branch.
Discussion
----------
n/a
n/a
Commits
-------
9e1bc22 Add tests and more assertions
101a3b7 [FrameworkBundle][Translator] Validate locales.
This PR was merged into the 2.3 branch.
Discussion
----------
n/a
n/a
Commits
-------
3b4046e [HttpFoundation] added some missing tests
cefe237 fix parsing of Authorization header
This PR was merged into the 2.3 branch.
Discussion
----------
n/a
n/a
Commits
-------
1ee96a8 Test examples from Drupal SA-CORE-2014-003
5506ee8 Fix potential DoS when parsing HOST
This PR was merged into the 2.3 branch.
Discussion
----------
[Security] fixing typo in a comment
| Q | A
| ------------- | ---
| Fixed tickets |
| License | MIT
As reported [here](https://github.com/symfony/symfony/pull/11574/files#r16934052).
Commits
-------
faefd66 fixing typo in a comment
This PR was merged into the 2.3 branch.
Discussion
----------
[Security] Made optimization on constant-time algorithm removing modulus operator
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
This fix improves the constant-time algorithm used to compare strings, as it removes the `%` operator inside the loop.
Commits
-------
000bd0d Made optimization deprecating modulus operator
When a line contains only a dash it cannot safely be assumed that
it contains a nested list or an embedded mapping. If the next line
starts with a dash at the same indentation, the current line's item
is to be treated as `null`.
This PR was merged into the 2.3 branch.
Discussion
----------
[Yaml] fixed mapping keys containing a quoted #
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #11700, #11723
| License | MIT
| Doc PR | n/a
Commits
-------
110f999 [Yaml] fixed mapping keys containing a quoted #
8ba3b28 Added fixture to test parsing of hash keys ending with a space and #
This PR was merged into the 2.3 branch.
Discussion
----------
[DoctrineBridge] Abstract Doctrine Subscribers with tags
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | this one
| License | MIT
| Doc PR | N/A
I've hit a problem with some doctrine listeners, built by decorating an abstract definition.
I want the abstract definition to hold the tag, however because the RegisterEventListenersAndSubscribersPass runs before abstract definitions are removed, they get added as method calls to the EventManager definition, which once the abstract service is removed, we end up with a method call that breaks the container.
I don't know if this is the best approach, it might be better not to return abstract services when calling `findTaggedServiceIds` instead?
Commits
-------
cbcf513 Disallow abstract definitions from doctrine event listener registration
This PR was squashed before being merged into the 2.3 branch (closes#11768).
Discussion
----------
[ClassLoader] Add a __call() method to XcacheClassLoader
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #11733
| License | MIT
| Doc PR |
Commits
-------
dd0d6af [ClassLoader] Add a __call() method to XcacheClassLoader
This PR was merged into the 2.3 branch.
Discussion
----------
[YAML] resolve variables in inlined YAML
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #11665
| License | MIT
| Doc PR |
#11569 does not resolve variables in inline YAML.
Commits
-------
45a5863 [YAML] resolve variables in inlined YAML
This PR was merged into the 2.3 branch.
Discussion
----------
[Validator] Fixed wrong translations for Collection constraints
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #11630
| License | MIT
| Doc PR |
The error messages for a missing field and an unexpected field did not match the Constraint class.
Commits
-------
808de2b [Validator] Fixed wrong translation keys/messages for Collection constraint. The error messages for a missing field and an unexpected field did not match the Contraint class
This PR was squashed before being merged into the 2.3 branch (closes#11711).
Discussion
----------
[DoctrineBridge] Fix empty parameter logging in the dbal logger
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #11710
| License | MIT
| Doc PR | -
Commits
-------
ef23f02 [DoctrineBridge] Fix empty parameter logging in the dbal logger
This PR was merged into the 2.3 branch.
Discussion
----------
[DomCrawler] check for the correct field type
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #11689
| License | MIT
| Doc PR |
HTML allow to define different form fields with the same name. Imagine the following form:
```html
<html>
<body>
<form action="/">
<input type="hidden" name="option" value="default">
<input type="radio" name="option" value="A">
<input type="radio" name="option" value="B">
<input type="hidden" name="settings[1]" value="0">
<input type="checkbox" name="settings[1]" value="1" id="setting-1">
<button>klickme</button>
</form>
</body>
</html>
```
Since the `FormFieldRegistry` can only handle one field per name, the hidden field option is registered first before the radio field with the same name is evaluated. Thus, the `FormFieldRegistry` returns an `InputFormField` instance on which the `addChoices()` method can not be called.
Commits
-------
169b397 check for the correct field type
This PR was merged into the 2.3 branch.
Discussion
----------
[Routing] fix handling of nullable XML attributes
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
As @Tobion pointed out in #11394, ``true`` and ``1`` are valid values in boolean XML attributes. The XmlFileLoader didn't handle ``1`` values properly.
Commits
-------
7b4d4b6 fix handling of nullable XML attributes
This PR was merged into the 2.3 branch.
Discussion
----------
[DomCrawler] fix the axes handling in a bc way
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #11503
| License | MIT
| Doc PR |
The previous fix in #11548 for handling XPath axes was not backward compatible. In previous Symfony versions the Crawler handled nodes by holding a "fake root node". This must be taken into account when evaluating (relativizing) XPath expressions.
Commits
-------
d26040f [DomCrawler] fix the axes handling in a bc way
This PR was merged into the 2.3 branch.
Discussion
----------
[Validator] return empty metadata collection if none do exist
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR | [The reference to the documentation PR if any]
Backport of #11614 for Symfony 2.3 and 2.4.
Commits
-------
f5bc18d return empty metadata collection if none do exist
HTML allow to define different form fields with the same name.
Imagine the following form:
<html>
<body>
<form action="/">
<input type="hidden" name="option" value="default">
<input type="radio" name="option" value="A">
<input type="radio" name="option" value="B">
<input type="hidden" name="settings[1]" value="0">
<input type="checkbox" name="settings[1]" value="1" id="setting-1">
<button>klickme</button>
</form>
</body>
</html>
Since the `FormFieldRegistry` can only handle one field per name, the
hidden field option is registered first before the radio field with
the same name is evaluated. Thus, the `FormFieldRegistry` returns an
`InputFormField` instance on which the `addChoices()` method can not
be called.
This PR was merged into the 2.3 branch.
Discussion
----------
[HttpFoundation] revert #11510, moved to 2.6
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | none
| License | MIT
| Doc PR | none
This reverts PR #11510 from 2.3.
Commits
-------
fb120c7 revert #11510, moved to 2.6
This PR was merged into the 2.3 branch.
Discussion
----------
[Validator] Convert objects to string in comparison validators
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
In the [latest merge from 2.3 into 2.4](/symfony/symfony/commit/3bed1b7988e94a897a64c6a2ad3bf70bde9005c1), the changes from 6cf5e0812e in 2.4 got lost. This PR brings back these changes and backports them to 2.3.
The change is BC, because the former value `true` of the `$prettyDateTime` will be cast to `1`, which corresponds to the `PRETTY_DATE` format constant.
Commits
-------
273671e [Validator] Convert objects to string in comparison validators. Reapplies 6cf5e0812e
This PR was squashed before being merged into the 2.3 branch (closes#11510).
Discussion
----------
[HttpFoundation] MongoDbSessionHandler supports auto expiry via configurable expiry_field
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #11508
| License | MIT
| Doc PR | no
ToDo
* [x] Fix Tests
Looking for feedback on this early PR.
This adds a config option that disables the PHP GC method call from doing anything,
It also means that the write method sets up the auto expiring index.
Ref: #11508
Commits
-------
b56b740 [HttpFoundation] MongoDbSessionHandler supports auto expiry via configurable expiry_field
This PR was merged into the 2.3 branch.
Discussion
----------
[Console] fixed style creation when providing an unknown tag option
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
When formatting a string, the console ignore style it cannot parse. But if a string looks like an option (`<setting=value>`) for instance, instead of displaying the text as is, it currently throws an exception.
Commits
-------
8814920 [Console] fixed style creation when providing an unknown tag option
The previous fix in #11548 for handling XPath axes was not backward
compatible. In previous Symfony versions the Crawler handled nodes
by holding a "fake root node". This must be taken into account when
evaluating (relativizing) XPath expressions.
The PropertyMetadataContainerInterface defines that the method
getPropertyMetadata() has to return an empty collection if no
metadata have been configured for the given property. Though, its
implementation in the ClassMetadata class didn't check for
existence of such metadata. This behavior led to unexpected PHP
notices when validating a property or a property value of a property
without any configured constraints (only affects the new 2.5 API).
Additionally, the getMemberMetadatas() didn't check for existing
array keys as well which has also been fixed.
This PR was merged into the 2.3 branch.
Discussion
----------
[Process] Added process synchronization to the incremental output tests
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
The tests currently fail from time to time if the executing machine is under
heavy load. This leads to false negatives on Travis CI.
A side effect of the change is that the tests are much faster now.
Commits
-------
6dd3946 [Process] Added process synchronization to the incremental output tests
The tests currently fail from time to time if the executing machine is under
heavy load. This leads to false negatives on Travis CI.
A side effect of the change is that the tests are much faster now.
This PR was merged into the 2.3 branch.
Discussion
----------
[Bundle][FrameworkBundle] built-in server: exit when docroot does not exist
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #6496
| License | MIT
| Doc PR |
When the server:run command is run with an invalid document root
directory (for example, when being in the app directory and not
changing the document root to ../web/), the command crashes on Windows
with a 267 exit code. On Linux, the server starts but just publishes
internal server errors.
Commits
-------
f143254 built-in server: exit when docroot does not exist
This PR was merged into the 2.3 branch.
Discussion
----------
[Form] fix whitespace in Twig form template
| Q | A
| ------------- | ---
| Bug fix? | kind of (after updating from 2.3.17 to 2.3.18, some of my tests were broken because of this)
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | they should, let's see what Travis has to say...
| Fixed tickets | --
| License | MIT
| Doc PR | --
This fixes some whitespace rendering.
after merging #11386:
```html
<input type="text" id="myfield" name="myfield" value="blah" />
```
before merging #11386 and with this PR again:
```html
<input type="text" id="myfield" name="myfield" value="blah" />
```
Commits
-------
8504d02 fixed whitespace in Twig form template
This PR was merged into the 2.3 branch.
Discussion
----------
[DependencyInjection] Fixed missing 'factory-class' attribute in XmlDumper output
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
Problem: XmlDumper doesn't write 'factory-class' XML attribute for definitions on which setFactoryClass() was called.
Impact: Container[Builder] to throws an exception when the relevant service is being requested/initiated after loading the dumped XML.
`Uncaught Exception Symfony\Component\DependencyInjection\Exception\RuntimeException: "Cannot create service "xxx" from factory method without a factory service or factory class." at /<path>/<to>//DependencyInjection/ContainerBuilder.php`
Solution: Made XmlDumper write the 'factory-class' attribute, and updated the relevant test fixture.
Another related problem, is that XMLFileLoader doesn't complain if the 'factory-class' attribute is missing for a 'service' elements that include 'factory-method' attribute, resulting in an ill-configured Definition object in the ContainerBuilder. I'll post an issue/ticket, and probably send another PR for that.
Commits
-------
18e3e6f [DependencyInjection] fixed missing 'factory-class' attribute in XmlDumper output
Symfony\Component\DependencyInjection\Dumper\XmlDumper didn't write 'factory-class' XML attribute for definitions on which setFactoryClass() was called.
This caused the Container[Builder] to throw an exception when the relevant service is being requested/initiated after loading the dumped XML:
`Uncaught Exception Symfony\Component\DependencyInjection\Exception\RuntimeException: "Cannot create service "xxx" from factory method without a factory service or factory class." at /<path>/<to>/vendor/symfony/dependency-injection/Symfony/Component/DependencyInjection/ContainerBuilder.php`
Fixed the problem, and updated the relevant test fixture.
This PR was merged into the 2.3 branch.
Discussion
----------
[Component][DomCrawler] fix axes handling in Crawler::filterXPath()
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #11503
| License | MIT
| Doc PR |
Due to some limitations in the ``relativize()`` method, it was not possible to use XPath axes other than ``descendant`` or ``descendant-or-self`` in the ``filterXPath()`` method of the ``Crawler`` class. This commit adds support for the ``ancestor``, ``ancestor-or-self``, ``attribute``, ``child``, ``following``, ``following-sibling``, ``parent``, ``preceding``, ``preceding-sibling`` and ``self`` axes.
The only axis missing after this is the ``namespace`` axis. Filtering for namespace nodes returns ``DOMNameSpaceNode`` instances which can't be passed to the ``add()`` method.
Commits
-------
8dc322b fix axes handling in Crawler::filterXPath()
Due to some limitations in the relativize() method, it was not
possible to use XPath axes other than descendant or descendant-or-self
in the filterXPath() method of the Crawler class. This commit adds
support for the ancestor, ancestor-or-self, attribute, child,
following, following-sibling, parent, preceding, preceding-sibling and
self axes.
This PR was merged into the 2.3 branch.
Discussion
----------
fix some docblocks
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
Commits
-------
1775da5 fix some docblocks
When the server:run command is run with an invalid document root
directory (for example, when being in the app directory and not
changing the document root to ../web/), the command crashes on Windows
with a 267 exit code. On Linux, the server starts but just publishes
internal server errors.
This PR was merged into the 2.3 branch.
Discussion
----------
Make builds green again
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
This PR rolls back changes made to the fixture and generated files in e9022adaef (#11512).
Commits
-------
88b4e70 [DependencyInjection] Roll back changes made to generated files.
f89811d [Console] Roll back changes made to fixture files.
This PR was merged into the 2.3 branch.
Discussion
----------
[Serializer] properly handle null data when denormalizing
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #10794
| License | MIT
| Doc PR |
Commits
-------
123fc62 properly handle null data when denormalizing
This PR was merged into the 2.3 branch.
Discussion
----------
[Validator] Fixed string conversion in constraint violations
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #10675
| License | MIT
| Doc PR | -
Commits
-------
32ae95b [Validator] Added more detailed inline documentation
08ea6d3 [Validator] Removed information from the violation output if the value is an array, object or resource
d6a783f [Validator] Renamed valueToString() to formatValue(); added missing formatValue() calls
71897d7 [Validator] Fixed CS
cea4155 [Validator] Fixed date-to-string conversion tests to match ICU 51
5aa7e6d [Validator] Added "{{ value }}" parameters where they were missing
f329552 [Validator] Simplified and explained the LuhnValidator
bff09f2 [Validator] Simplified IssnValidator
224e70f [Validator] Fixed and simplified IsbnValidator
fd58870 [Validator] Simplified IBAN validation algorithm
97243bc [Validator] Fixed value-to-string conversion in constraint violations
75e8815 [Validator] Fix constraint violation message parameterization
This PR was merged into the 2.3 branch.
Discussion
----------
[EventDispatcher] don't count empty listeners
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #11444
| License | MIT
| Doc PR |
When event listeners for certain events are removed from the event
dispatcher, empty arrays are not being removed. Therefore, counting
on empty arrays leads to wrong results of the hasListeners() method.
Thanks to @mlindenb for discovering this an proposing a solution.
Commits
-------
fdbb04a [EventDispatcher] don't count empty listeners
When event listeners for certain events are removed from the event
dispatcher, empty arrays are not being removed. Therefore, counting
on empty arrays leads to wrong results of the hasListeners() method.
wait() throws an exception when the process was terminated by a signal.
This should not happen when the termination was requested by calling
either the stop() or the signal() method (for example, inside a callback
which is passed to wait()).
This PR was merged into the 2.3 branch.
Discussion
----------
[BrowserKit] Fixed server HTTP_HOST port uri conversion
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #11356
| License | MIT
| Doc PR | n/a
See #11356
Commits
-------
103fd88 [BrowserKit] refactor code and fix unquoted regex
f401ab9 Fixed server HTTP_HOST port uri conversion
This PR was merged into the 2.3 branch.
Discussion
----------
Fix issue described in #11421
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #11421
| License | MIT
| Doc PR | NA
This pull request fixes the issue described in #11421. It also adds a test for the issue. The issue is present in 2.0 forward, but I decided to fix it on the 2.3 branch so that I could also write a test for it (2.0 had no tests for the Process component, and 2.1 and 2.2 didn't have tests for the `ExecutableFinder` class).
Commits
-------
4cf50e8 Bring code into standard
9f4313c [Process] Add test to verify fix for issue #1142102eb765 [Process] Fixes issue #11421
This PR was merged into the 2.3 branch.
Discussion
----------
Pass a Scope instance instead of a scope name when cloning a container in the GrahpvizDumper
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #11055
| License | MIT
| Doc PR | -
Commits
-------
6787669 [DependencyInjection] Pass a Scope instance instead of a scope name.
If null is passed to denormalize(), no property values can be set on
the denormalized object. Additionally, this fixes passing values to
the denormalized object's constructor if the incoming data is an object.
This PR was merged into the 2.3 branch.
Discussion
----------
[2.3][Process] Reduce I/O load on Windows platform
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
When using file handles, no `stream_select` call is done.
On linux platforms, `stream_select` introduce a sleep as it has 0.2s timeout, there is no such pause on Windows, producing lot's of disk I/Os when reading file handles
Commits
-------
ff0bb01 [Process] Reduce I/O load on Windows platform
This PR was merged into the 2.3 branch.
Discussion
----------
[2.3][Form] Check if IntlDateFormatter constructor returned a valid object before using it
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
`IntlDateFormatter` constructor [may return false](http://www.php.net/manual/en/intldateformatter.create.php#refsect1-intldateformatter.create-returnvalues). This patches avoids fatal errors in these cases
This PR replaces #11334
Commits
-------
ebf967d [Form] Check if IntlDateFormatter constructor returned a valid object before using it
This PR was merged into the 2.3 branch.
Discussion
----------
[Validator] Backported #11410 to 2.3: Object initializers are called only once per object
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
Before, object initializers were called multiple times if an object was validated in different groups in the same validation run. The initializers, however, are not aware of the current validation group, so calling them more than once does not make sense.
Now, object initializers are called exactly once per validated object.
See #11410
Commits
-------
291cbf9 [Validator] Backported #11410 to 2.3: Object initializers are called only once per object
This PR was merged into the 2.3 branch.
Discussion
----------
[2.3] [Process] Use correct test for empty string in UnixPipes
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
This PR supersedes #11264 : 2.3 compatibility + Windows compatibility + CS fix
Commits
-------
cec0a45 [Process] Adjust PR #11264, make it Windows compatible and fix CS
9e1ea4a [Process] Use correct test for empty string in UnixPipes
This PR was merged into the 2.3 branch.
Discussion
----------
[HttpFoundation] Fix to prevent magic bytes injection in JSONP responses... (CVE-2014-4671)
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no*
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | N/A
| License | MIT
| Doc PR | N/A
| CVE Ticket | [CVE-2014-4671](http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-4671)
| See Also | [Rosetta Flash](http://miki.it/blog/2014/7/8/abusing-jsonp-with-rosetta-flash/)
\* Unless you are parsing the response string manually, which you really shouldn't do anyway
**THIS IS A SECURITY FIX AND SHOULD BE MERGED SHORTLY**
This fix prevents attacks vectors where third-party browser plugins depends on ASCII magic bytes in order to execute a plugin. This is currently exploited with Flash using a carefully crafted JSONP response, allowing the execution of random SWF data from a domain with a vulnerable JSONP endpoint.
This security issue is mitigated by adding an empty comment right before the callback parameter. This does not affect the execution of the JSONP callback.
Commits
-------
6af3d05 [HttpFoundation] Fix to prevent magic bytes injection in JSONP responses (Prevents CVE-2014-4671)
This PR was merged into the 2.3 branch.
Discussion
----------
[2.3] [Validator] Fix UserPassword validator translation
| Q | A
| ------------- | ---
| Fixed tickets | None
| License | MIT
Fixes the UserPassword translation message only for 2.3 as discussed in symfony/symfony#11383.
Commits
-------
73d50ed Fix UserPassword validator translation
This PR was merged into the 2.3 branch.
Discussion
----------
[2.3][HttpFoundation] Fix wrong assertion in Response test
| Q | A
| ------------- | ---
| Bug fix? | kinda
| New feature? | no
| BC breaks? | no
| Tests pass? | yes
| License | MIT
Commits
-------
3d63f80 [HttpFoundation] Fix wrong assertion in Response test
This PR was merged into the 2.3 branch.
Discussion
----------
remove defaults from PHPUnit configuration
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | --
| License | MIT
| Doc PR | --
Follow-up to #11329.
Commits
-------
afc4930 removed defaults from PHPUnit configuration
This PR was squashed before being merged into the 2.3 branch (closes#11194).
Discussion
----------
[DomCrawler] Remove the query string and the anchor of the uri of a link
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | ~
| License | MIT
| Doc PR | ~
Commits
-------
fe5d2d1 [DomCrawler] Remove the query string and the anchor of the uri of a link
The parent constructor will create a new formatter if the $formatter parameter is null
This fix avoids that the formatter becomes 2 different instances in $this and $this->stderr
This PR was squashed before being merged into the 2.3 branch (closes#11179).
Discussion
----------
[Process] Fix ExecutableFinder with open basedir
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
This fixes the `ExecutableFinder` object to properly fetch the `open_basedir` setting, also added a bunch of tests for the `find()` method.
Commits
-------
b8f8c0e [Process] Fix ExecutableFinder with open basedir
This PR was merged into the 2.3 branch.
Discussion
----------
[CssSelector] Refactored the CssSelector to remove the circular object graph
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #10879, replaces #11221
| License | MIT
| Doc PR | n/a
This allows the translator and its extensions to be garbage collected based on the refcount rather than requiring the garbage collector run, making it much more likely to happen at the end of the ``CssSelector::toXPath`` call.
Node translators now receive the Translator as second argument, instead of requiring to inject it in the extension to keep a reference to it. This way, the Translator is referenced nowhere inside it, only by the caller, and so will be destructed at the end of the usage (and extensions will then be destructed after it when not used anymore).
Commits
-------
994f81f Refactored the CssSelector to remove the circular object graph
This allows the translator and its extensions to be garbage collected
based on the refcount rather than requiring the garbage collector run,
making it much more likely to happen at the end of the
CssSelector::toXPath call.
This PR was merged into the 2.3 branch.
Discussion
----------
[DomCrawler] properly handle buttons with single and double quotes insid...
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #11151
| License | MIT
| Doc PR |
Commits
-------
cbbdbe4 [DomCrawler] properly handle buttons with single and double quotes inside the name attribute
This PR was merged into the 2.3 branch.
Discussion
----------
[Tests] don't disable constructor calls to mockups of classes that extend intern...
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
Fixes the tests for the 2.3 branch as reported by @stof in #11176.
Commits
-------
2c726b8 don't disable constructor calls to mockups of classes that extend internal PHP classes
See [PSR-2](http://www.php-fig.org/psr/psr-2/) paragraph 5.2
> There MUST be a comment such as `// no break` when fall-through is intentional in a non-empty case body.
Related to #11181
This PR was merged into the 2.3 branch.
Discussion
----------
[HttpFoundation] Fixed Request::getPort returns incorrect value under IPv6
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
Commits
-------
2a0e8e3 [HttpFoundation] Fixed Request::getPort returns incorrect value under IPv6
This PR was merged into the 2.3 branch.
Discussion
----------
[Filesystem] Fix test suite on OSX
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
Reviewing PR's, I realized the filesystem test suite fails on my setup (OSX, PHP 5.5.13 with posix ext). `posix_getgrgid` returns false, so some tests are failing.
This solves this issue.
Be aware that the patched method has been moved in FilesystemTestCase in recent branches
Commits
-------
e26f08e [Filesystem] Fix test suite on OSX
This PR was squashed before being merged into the 2.3 branch (closes#10966).
Discussion
----------
PHP Fatal error when getContainer method of ContainerAwareCommand has be...
PHP Fatal error when getContainer method of ContainerAwareCommand has been called within the configure method of a Command (application property is not been set yet at that time)
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
Commits
-------
8ea5c4c PHP Fatal error when getContainer method of ContainerAwareCommand has be...
This PR was merged into the 2.3 branch.
Discussion
----------
[HttpFoundation] Fix basic authentication in url with PHP-FPM
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | dispute
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
`getUser()` and `getPassword()` from `Request` are broken when using PHP-FPM because of the lack of `$_SERVER['PHP_AUTH_USER']` and `$_SERVER['PHP_AUTH_PW']`. This PR fixes the issue.
However, now an empty password will return an empty string (which is the expected behavior of `ServerBag`) instead of `NULL`. The test is updated accordingly, but should we consider this as a breakage?
This issue was spotted by using basic auth via the Illuminate component of Laravel and is present from v2.1.0 to master.
Commits
-------
7a75adf [HttpFoundation] Basic auth in url is broken when using PHP CGI/FPM
Request#getUser() and Request#getPassword() introduced in
aecfd0a891 do not handle the lack of
PHP_AUTH_USER and PHP_AUTH_PW in $this->server when using PHP-FPM. Use
$this->headers instead.
Furthermore, the test of empty password now expects an empty string
instead of NULL according to a450d002f2.
If you have a select with attribute name="foo[]", and you submit your form, http_build_query returns empty string as a result. In this case you get a form extra field validation error, because your field "foo" converts to
'' => bool(false)
This PR was merged into the 2.3 branch.
Discussion
----------
[HttpFoundation] smaller fixes for PdoSessionHandler
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #10652
| License | MIT
For both the PdoSessionHandler and DbalSessionHandler
- https://github.com/symfony/symfony/pull/10652#issuecomment-42370425: Transactional DELETE + INSERT does not work as expected
- https://github.com/symfony/symfony/pull/10652#issuecomment-44359784: sqlsrv 2005 does not support the MERGE SQL, and if used it requires an HOLDLOCK
- missing time update for sqlsrv and oracle
Commits
-------
a0e1d4d [Doctrine Bridge] fix DBAL session handler according to PdoSessionHandler
00d707f [HttpFoundation] use different approach for duplicate keys in postgres, fix merge for sqlsrv and oracle
This PR was merged into the 2.3 branch.
Discussion
----------
[Validator] Fix a parameter name in a test
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | none
| License | MIT
| Doc PR | not required
Commits
-------
069e925 Fix a parameter name in a test
At the moment both constraints can only be defined on other annotations (specifically, the Collection annotation). Defining the required or optional annotation directly on a field or method throws a ClassNotFoundException, since the constraint validator factory tries to load the validator (which does not exist).
This PR was squashed before being merged into the 2.3 branch (closes#10983).
Discussion
----------
[DomCrawler] Fixed charset detection in html5 meta charset tag
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | N/A
| License | MIT
It may be minor to folks with ascii-charactered language, but is critical for us Japanese.
Many Japanese websites with SJIS encoding have "Shift_JIS" as their encoding declaration.
Commits
-------
172e752 [DomCrawler] Fixed charset detection in html5 meta charset tag
This PR was merged into the 2.3 branch.
Discussion
----------
[2.3][Process] Add validation on Process input
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
This adds validation on Process input. For the moment, passing a stream would result in a PHP error.
I propose to deprecate values that are not strictly string in 2.6 (see upcoming PR)
Commits
-------
583092b [Process] Add validation on Process input
This PR was merged into the 2.3 branch.
Discussion
----------
[Validator] Fixed StaticMethodLoaderTest on systems that don't have E_STRICT enabled by default
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
Commits
-------
a470ae2 [Validator] Fixed StaticMethodLoader on systems that don't have E_STRICT enabled by default
This PR was merged into the 2.3 branch.
Discussion
----------
[DomCrawler] Fixed the coding standards to use strict comparisons
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
Many places in DomCrawler are using loose comparison instead of strict comparison. I saw them while checking the whole component for DOMNode vs DOMElement usage whe working on #10927. However, I submitted this change to 2.3 instead, to ease merging between branches (applying the change only in master would likely create conflicts regularly when merging changes in DomCrawler between branches later)
Commits
-------
77b446c [DomCrawler] Fixed the coding standards to use strict comparisons
This PR was merged into the 2.3 branch.
Discussion
----------
[HttpFoundation] implement session locking for PDO
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #4976 for PDO
| License | MIT
This is probably the first Session Handler for databases that actually works with locking. I've seen many implementations of session handlers (mostly only for one database vendor) while researching and none used locking. Not even the [PHPs SQLite session handler](https://github.com/php/php-src/blob/PHP-5.3/ext/sqlite/sess_sqlite.c) or [PECL Postgres Handler](http://svn.php.net/viewvc/pecl/session_pgsql/trunk/session_pgsql.c?revision=326806&view=markup) implemented locking correctly which is probably the reason why they have been discontinued. [Zend Session](https://github.com/zendframework/zf2/blob/master/library/Zend/Session/SaveHandler/DbTableGateway.php) seems not to use locking either. But it saves the lifetime together with the session which seems like a good idea because you could have different lifetimes for different sessions.
- Implements session locking for MySQL, Postgres, Oracle, SQL Server and SQLite.
Only tested it for MySQL. So would be good if someone can confirm it works as intended on the other databases as well.
- Also removed the custom RuntimeException which is not useful and a PDOException extends RuntimeException anyway, so no BC break.
- I added a default for the table name to be in line with the DoctrineSessionHandler.
- Check session.gc_maxlifetime in read(). Imagine we have only ever one user on an app. If maxlifetime is not checked in read, his session would never expire! What I don't get is why PHP calls gc() after read() instead of calling it before... Strange decision. For this reason I also had to do the following to improve performance.
- I delay gc() to close() so that it is executed outside the transactional and blocking read-write process. This way, pruning expired sessions does not block them from being started while the current session is used.
- Fixed time update for Oracle and SQL Server.
Commits
-------
50ec828 [HttpFoundation] implement session locking for PDO
This PR was merged into the 2.3 branch.
Discussion
----------
[HttpKernel] removed absolute paths from the generated container
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | first step to resolve#6484, #3079, and #9238
| License | MIT
| Doc PR | n/a
This PR converts absolute paths to relative ones in the dumped container. The code is a bit "ugly", but it gets the job done and I'm not sure that there is a more elegant way without breaking everything.
Commits
-------
c1450b4 [HttpKernel] removed absolute paths from the generated container
This PR was merged into the 2.3 branch.
Discussion
----------
[DomCrawler] Fixed the initial state for options without value attribute
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | n/a
Commits
-------
78cff96 [DomCrawler] Fixed the initial state for options without value attribute
An option is marked as selected by the presence of the selected attribute,
not by the presence of a non-empty selected attribute. The same is true
for checked radio buttons or checkboxes.
This PR was squashed before being merged into the 2.3 branch (closes#10777).
Discussion
----------
[Form] Automatically add step attribute to HTML5 time widgets to display seconds if needed
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #9976, #10203
| License | MIT
| Doc PR | none
Same issue as #9976 and #10203: when you add a `time` field to a form with options `single_text` (so HTML5) and `with_seconds`, the generated input does not contain the `step` attribute, therefore the browser does not show them, leading to an error at the submit because of an invalid format.
Compared to #9976/#10203:
* Unit testable
* Available directly in the component
* Available in other templating format than twig
* Still able to customise the step attribute by hand
Commits
-------
a379298 [Form] Automatically add step attribute to HTML5 time widgets to display seconds if needed
This PR was merged into the 2.3 branch.
Discussion
----------
[Console] Fix a console test
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
re #10714
Every wide character in the fixture file is actually 3 ansi-characters long.
Commits
-------
61108b9 Disable 5.6 until it is stable again.
8cadb49 Update the fixtures.
This PR was merged into the 2.3 branch.
Discussion
----------
[HttpKernel] Fixed cache behavior when TTL has expired and a default "global" TTL is defined
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | no
| Fixed tickets | #8232, #10822, #9919
| License | MIT
From #9919:
"When the cache is stale the `validate` method `forward` the request to the backend. A new response will be created with or without TTL configuration. If the TTL was not set then the default one should be set like in the `fetch` method."
This PR fixes this issue, the tests provided in #9919 pass, and I've tweaked them to avoid the costly sleep calls.
Commits
-------
e3983e8 [HttpKernel] fixed default TTL not applied under certain conditions
bc42dae Added test when TTL has expired
This PR was merged into the 2.3 branch.
Discussion
----------
Lower mbstring dep, remove it for Yaml and CssSelector components
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | yes
| Tests pass? | yes
| Fixed tickets | none
| License | MIT
| Doc PR | none
Commits
-------
a4b805d Lower mbstring dep, remove it for Yaml and CssSelector components
This PR was squashed before being merged into the 2.3 branch (closes#10714).
Discussion
----------
[Console]Improve formatter for double-width character
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | yes for one that expecting current broken output
| Deprecations? | no
| Fixed tickets |
| Tests pass? | yes
| License | MIT
| Doc PR |
EDIT: fixed the table above not to remove irrelevant line
As mb_strlen just returns "how many chars in the string",
formatting with double-width character is bit broken.
The test I add is skipped when mbstring extension is not loaded.
I'm afraid if some of you cannot properly display japanese string.
(表示するテキスト just means "Some text to display")
Commits
-------
a52f41d [Console]Improve formatter for double-width character
This PR was merged into the 2.3 branch.
Discussion
----------
[Form] Fixed TrimListenerTest as of PHP 5.5
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
Commits
-------
b0bc83d [Form] Fixed TrimListenerTest as of PHP 5.5
This PR was merged into the 2.3 branch.
Discussion
----------
[BrowserKit] Allow URLs that don't contain a path when creating a cookie from a string
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
The Cookie class doesn't require a path, but the `fromString()` static method does, so when URL given is something like http://www.example.com (ie no trailing slash) it currently throws an exception. This PR removes the requirement.
Commits
-------
fc1223f Allow URLs that don't contain a path
| Q | A
| ------------- | ---
| Fixed tickets | #10845
| License | MIT
This fixes the description of parameter `array $config` in file ConfigurationExtensionInterface.php by removing the extra `$config`.
This PR was merged into the 2.3 branch.
Discussion
----------
[TwigBridge][Transchoice] set %count% from the current context.
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | [no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #8408
| License | MIT
Commits
-------
8f7b2cc [TwigBridge][Transchoice] set %count% from the current context.
This PR was merged into the 2.3 branch.
Discussion
----------
Fix a test that was ambiguous
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | see #9634 for a discussion of this and #9383 for the report
| License | MIT
| Doc PR | n/a
This PR fixes a test that was always passing as the exception catch was catching the PHP notice but also the exception sent by `fail`, so it was useless. That said, I'm not even convinced that this test is useful at all.
Commits
-------
a94b4e0 [Validator] fixed wrong test
This PR was merged into the 2.3 branch.
Discussion
----------
[2.3] Fix phpunit test suite on travis #2
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #10821
| License | MIT
This is a second approach to solve #10821.
Something is weird: `Symfony\Component\Form\Tests\Extension\Core\EventListener\TrimListenerTest` passes when using PHPUnit as phar and fails when using a composer global install
Commits
-------
32e5f67 [DependencyInjection] Fix travis unit tests
c7befd5 Update PHPUnit before run
This PR was squashed before being merged into the 2.3 branch (closes#10773).
Discussion
----------
[WebProfilerBundle ] Fixed an edge case on WDT loading
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #6824 ?
| License | MIT
| Doc PR | none
In some case you can notice the WDT just disappears.
By tracking it down, I noticed that the XHR call returns an empty response with 200 as status code, but if you go directly on the _wdt/my_token URL it works correctly.
What's happening is that when you have a slow listener on `kernel.terminate` (for example the SwiftMailer one with a slow connection), you response (and therefore the WDT javascript) is sent and processed by the browser, the XHR call is done, but the Profiler storage didn't happened yet so no profiling data is available and the `ProfilerController` just sends an empty response with 200 as status code.
Here we change to instead send a specific status code, and treat it in javascript by retrying several times before failing.
The question are:
* Is 204 the most appropriate response code?
* Are 500 ms and 5 max retries good values?
Commits
-------
9d885ed [WebProfilerBundle ] Fixed an edge case on WDT loading
This PR was merged into the 2.3 branch.
Discussion
----------
[Process] Disable TTY mode on Windows platform
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| License | MIT
Commits
-------
7942c2a [Process] Disable TTY mode on Windows platform
This PR was merged into the 2.3 branch.
Discussion
----------
[FrameworkBundle] improve English in RouterMatchCommand
Improve English in command output.
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
Commits
-------
dd26d1e [FrameworkBundle] improve English in RouterMatchCommand
This PR was merged into the 2.3 branch.
Discussion
----------
[2.3][Process] Setting STDIN while running should not be possible
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
Commits
-------
3e3517a [Process] Setting STDIN while running should not be possible
This PR was squashed before being merged into the 2.3 branch (closes#10749).
Discussion
----------
Fixed incompatibility of x509 auth with nginx
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
This commit fixes x509 authentication when using nginx as web server.
X509AuthenticationListener depends on the SSL_CLIENT_S_DN_Email field being set.
As is, this field is specific to Apache and cannot be provided by nginx. nginx
can provide the DN of the certificate in SSL_CLIENT_S_DN. If the email field is
not set, the listener tries to extract the email address from the DN.
Commits
-------
ba8fc16 Fixed incompatibility of x509 auth with nginx
This PR was merged into the 2.3 branch.
Discussion
----------
[Finder] Marked test skipped when ftp stream wrapper is not available
| Q | A
| ---------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| License | MIT
This should prevent test from failing on hhvm as ftp stream wrapper is not currently implemented.
See https://github.com/facebook/hhvm/issues/2108 for more details.
Commits
-------
f35fc81 [Finder] Marked test skipped when ftp stream wrapper is not available
This PR was merged into the 2.3 branch.
Discussion
----------
[HttpFoundation] Fix DbalSessionHandler
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
This is basically the same as #10652 for the DbalSessionHandler.
- First commit fixes fix DbalSessionHandler for high concurrency, interface compliance, compatibility with all drivers (oci8, mysqli, pdo with mysql, sqlsrv, sqlite).
- Second commit updates phpdoc of SessionHandlerInterface and unifies parameters of all handlers according to interface (so inheritdoc actually makes sense).
Commits
-------
524bf84 [HttpFoundation] update phpdoc of SessionHandlerInterface and unify parameters of all handlers according to interface
ccdfbe6 [Doctrine Bridge] fix DbalSessionHandler for high concurrency, interface compliance, compatibility with all drivers (oci8, mysqli, pdo with mysql, sqlsrv, sqlite)
This PR was merged into the 2.3 branch.
Discussion
----------
unified return null usages
| Q | A
| ------------- | ---
| License | MIT
This PR unifies the way we return `null` from a function or method:
* always use `return;` instead of `return null;` (the current code base uses both);
* never use `return;` at the end of a function/method.
Commits
-------
d1d569b unified return null usages
This PR was merged into the 2.3 branch.
Discussion
----------
[HttpFoundation] status 201 is allowed to have a body
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | only if someone relied on wrong behavior
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #10673
| License | MIT
Status 201 is allowed to have a response body.
Commits
-------
1761f64 [HttpFoundation] status 201 is allowed to have a body
This PR was merged into the 2.3 branch.
Discussion
----------
[2.3][Process] Fix#10681, process are failing on Windows Server 2003
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #10681
| License | MIT
Commits
-------
46fdfbb [Process] Fix#10681, process are failing on Windows Server 2003
This PR was merged into the 2.3 branch.
Discussion
----------
made {@inheritdoc} annotations consistent across the board
| Q | A
| ------------- | ---
| License | MIT
Commits
-------
810b9ed made {@inheritdoc} annotations consistent across the board
This PR was merged into the 2.3 branch.
Discussion
----------
Made types used by Symfony compatible with the ones of Hack
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
PHP supports several ways to express types: like Boolean/bool or integer/int. Hack only supports one of them, so this PR proposes to use the Hack type to make Symfony a bit more "compatible" with Hack (gradual upgrade ;)).
Commits
-------
3c9c10f made phpdoc types consistent with those defined in Hack
0555b7f made types consistent with those defined in Hack
This PR was squashed before being merged into the 2.3 branch (closes#10708).
Discussion
----------
Add support Thai translations
Add [Thai](http://www.thai-language.com/) translations to:
+ Symfony/Component/Validator/Resources/translations/
+ Symfony/Component/Security/Resources/translations/
Commits
-------
4bc2951 Add support Thai translations
This PR was merged into the 2.3 branch.
Discussion
----------
[HttpFoundation] fix PDO session handler under high concurrency
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #8448 and http://trac.symfony-project.org/ticket/4777 (which was never really fixed as you can see here)
| License | MIT
- The first commit fixes PDO session handler under high concurrency.
- The second commit uses MERGE SQL for MS SQL Server. Tested with http://sqlfiddle.com/#!6/66b6d/14
- The third commit uses INSERT OR REPLACE for sqlite session handler http://sqlfiddle.com/#!7/e6707/3
What I find rather bad with the class design is that it depends on the table definition, but it's not part of the class. Also it doesn't make use of open() and close() which could be used to make the database connection lazy instead of having is open all the time when not needed. Doctrine also only lazy connects, but we use PDO directly here.
Furthermore, the session handlers should not throw exceptions, from what I read, but return false when an error occurs. This is not followed in this class. Maybe @drak knows how php session management behaves when the session handlers return false?
Commits
-------
5c08e29 [HttpFoundation] use insert or replace for sqlite session handler
05ea19a [HttpFoundation] use MERGE SQL for MS SQL Server session storage
e58d7cf [HttpFoundation] fix PDO session handler under high concurrency
This PR was merged into the 2.3 branch.
Discussion
----------
[Profiler] Prevent throwing fatal errors when searching timestamps or invalid dates
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| License | MIT
Commits
-------
eea9d24 [Profiler] Prevent throwing fatal errors when searching timestamps or invalid dates
This PR was merged into the 2.3 branch.
Discussion
----------
[Templating] PhpEngine should propagate charset to its helpers
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #10666
| License | MIT
Commits
-------
ed9e48b [Templating] PhpEngine should propagate charset to its helpers
This PR was merged into the 2.3 branch.
Discussion
----------
[BrowserKit] Fix#10641 : BrowserKit is broken when using ip as host
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #10641
| License | MIT
As documented in http://php.net/manual/en/function.preg-replace.php, we have to use the `$` notation for replacing the backreference
>When working with a replacement pattern where a backreference is immediately followed by another number (i.e.: placing a literal number immediately after a matched pattern), you cannot use the familiar \\1 notation for your backreference. \\11, for example, would confuse preg_replace() since it does not know whether you want the \\1 backreference followed by a literal 1, or the \\11 backreference followed by nothing. In this case the solution is to use \${1}1. This creates an isolated $1 backreference, leaving the 1 as a literal.
Commits
-------
e946da3 [BrowserKit] Fix#10641 : BrowserKit is broken when using ip as host
It is done for two reasons:
* consistency - we use real exception objects in most of the code
* latest phpunit does not like the way we were creating mocks for exceptions (it could be also fixed by letting phpunit to call the original constructor)
This PR was merged into the 2.3 branch.
Discussion
----------
Fixes URL validator to accept single part urls
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #3207#6817
| License | MIT
| Doc PR | N/A
This PR replaces #6817 and has been rebased for 2.3, making a change to the regex to be simpler for single dot matches. (changing `([\pL\pN\pS-\.])+([\.]{0,1}[\pL]+[\.]{0,1})` to `([\pL\pN\pS-\.])+(\.?[\pL]+\.?)`)
Commits
-------
91e226e Fixes URL validator to accept single part urls
This PR was merged into the 2.3 branch.
Discussion
----------
[2.3] Use `Filesystem::chmod` instead of `chmod` when dumping file
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| License | MIT
This adds consistency as discussed in ca5eea5c19 (commitcomment-5804089)
Commits
-------
c2ffefd Use `Filesystem::chmod` instead of `chmod` when dumping file
YamlFileLoader used the resource name as the current directory during import, which can cause a failed import when using a relative path. Using the $path variable output from the locator is consistent with other loaders and fixes the bug.
If the response contents has been sent before an error occurs, PHP
triggers the warning "Cannot modify header information - headers already sent"
This change ensure that the error message is echoed, while it's impossible
to change the HTTP status code and headers.
This PR was squashed before being merged into the 2.3 branch (closes#10410).
Discussion
----------
[Form] Fix "Array was modified outside object" in ResizeFormListener.
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #10405
| License | MIT
| Doc PR |
This is the second pull request for this issue. The history of this is as follows:
Original Fix was added Feb 11th under Pull Request #10232.
Users began complaining of Doctrine ArrayCollection not being updated in forms.
Revert was added Feb 15th under Pull Request #10269.
Issue #10405 was opened on 7th Mar for the original bug.
Pull Request #10269 has a failing test that illustrates users concerns.
I have added failing tests to this pull request to illustrate the problems described in #10405.
All tests now pass, and all forms of $data are now supported, including arrays, DoctrineCollection, ArrayObject, and other IteratorAggregates.
__Details as follows:__
The onSubmit() method of the ResizeFormListener class is assuming the data is an array, and calling unset directly inside a foreach. This works fine in most scenarios, but if data is an instance of IteratorAggregate that is iterating over $data by reference, it breaks with the following error:
Symfony\Component\Form\Extension\Core\EventListener\ResizeFormListener::onSubmit(): ArrayIterator::next(): Array was modified outside object and internal position is no longer valid in ./vendor/symfony/symfony/src/Symfony/Component/Form/Extension/Core/EventListener/ResizeFormListener.php line 142
This is because the foreach loop is using an Iterator in the background, but the ResizeFormListener has unset the underlying data directly, causing the value that the Iterators internal pointer is pointing to to change.
The Iterator provided by IteratorAggregate may or may not have the ability to modify it's underlying data. So it is not possible to rely on the Iterator to modify the data. Instead, it is simpler to avoid modifying $data at all while we are iterating over it. So instead, we simply iterate over $data once to determine the keys we need to delete, and store them. Then we iterate over the keys and delete them from $data.
Commits
-------
aa63fae [Form] Fix "Array was modified outside object" in ResizeFormListener.
This PR was merged into the 2.3 branch.
Discussion
----------
[2.3][Validator] Minor fix in IBAN validator
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #10481, #10489
| License | MIT
Added more values to unit tests of IBAN validator to make clear it doesn't accept lower case letters.
> Permitted IBAN characters are the digits 0 to 9 and the 26 upper-case Latin alphabetic characters A to Z.
http://en.wikipedia.org/wiki/International_Bank_Account_Number
Also made little adjustment to code which meant to validate lowercase letters but actually was useless.
Commits
-------
3eeb306 Fix IBAN validator
This PR was merged into the 2.3 branch.
Discussion
----------
[2.3][Process] Remove unreachable code + avoid skipping tests in sigchild environment
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| License | MIT
As mentioned by @Tobion in https://github.com/symfony/symfony/pull/10480#issuecomment-38002910, I removed the dead code. I also fixed/updated the test suite on PHP compiled with `--enable-sigchild`.
Commits
-------
d52dd32 [Process] Remove unreachable code + avoid skipping tests in sigchild environment
This PR was merged into the 2.3 branch.
Discussion
----------
[Process] fix some typos and refactor some code
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
Commits
-------
b422613 [Process] fix some typos and refactor some code
This PR was merged into the 2.3 branch.
Discussion
----------
[2.3][Process] Fix escaping on Windows
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| License | MIT
Windows escaping is broken since the last merges.
After digging more on Windows escaping, I realised some things:
- We forbid environment variable expansion by escaping `%APPDATA%` to `^%"APPDATA"^%`
- We explicitly ask for variable expansion at runtime (running the command line with the [`/V:ON`](https://github.com/symfony/symfony/blob/2.3/src/Symfony/Component/Process/Process.php#L235) flag). Running a command containing `!APPDATA!` will be escaped and expanded (our previous rule is easily overriden)
- On platform that are not windows, we use strong escaping that prevents any variable expansion (`$PATH` will be escaped to `'$PATH'` that is not interpreted as the current PATH)
We have three possibilities:
- Keep this behavior as this.
- Prefer a consistent API and use a strong escaping strategy everywhere, but it would result in a BC break (see #8975).
- Allow environment variable expansion and escape `%APPDATA%` to `"%APPDATA%"`
Any thoughts about this ?
Commits
-------
0f65f90 [Process] Fix escaping on Windows
This PR was merged into the 2.3 branch.
Discussion
----------
[Process] Fixed fatal errors in getOutput and getErrorOutput when process was not started
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #10022
| License | MIT
This PR replaces #9452 and address the latest changes.
Side note : I've not updated `getExitCode`, `getExitCodeText` and `isSuccessful` as they were explicitly tested to return null in case the process is not started or terminated. I think it would be a BC break to do that.
Commits
-------
449fe01 [Process] Trow exceptions in case a Process method is supposed to be called after termination
0ae6858 [Process] fixed fatal errors in getOutput and getErrorOutput when process was not started
This PR was merged into the 2.3 branch.
Discussion
----------
[2.3][Process] Fix quoted arguments escaping
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| License | MIT
This PR replaces #8972
Commits
-------
de681cb [Process] Add tests on ProcessUtils::escapeArgument
85fb495 [Process] Fix: Arguments including space and quote are not correctly escaped (win)
This PR was merged into the 2.3 branch.
Discussion
----------
[DomCrawler] Fixed incorrect value name conversion in getPhpValues() and getPhpFiles()
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #6908
| License | MIT
This PR replaces #10193
Commits
-------
89c599e [DomCrawler] Add tests for recursive cases of getPhpValues() and getPhpFiles()
e961f57 [DomCrawler] Fixed incorrect value name conversion in getPhpValues() and getPhpFiles()
This PR was merged into the 2.3 branch.
Discussion
----------
[Process] Fixed data in pipe being truncated if not read before process termination
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #9409
| License | MIT
| Doc PR | N/A
This is a repeat of the botched pull request #9630.
Commits
-------
7e51913 Fixed data in pipe being truncated if not read before process termination
This PR was merged into the 2.3 branch.
Discussion
----------
[Process] Fix process status in TTY mode
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| License | MIT
When running a process with TTY mode, status in automatically set to `terminated`
once it's started.
It's wrong for two reasons :
- The status of the process is not yet terminated.
- The exitcode value is never caught
Commits
-------
51c70f8 [Process] Fix process status in TTY mode
When running a process with TTY mode, status in automatically set to `terminated`
once it's started.
It's wrong for two reasons :
- The status of the process is not yet terminated.
- The exitcode value is never caught
This PR was squashed before being merged into the 2.3 branch (closes#10251).
Discussion
----------
[Form][2.3] Fixes empty file-inputs getting treated as extra field.
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #8575 (https://github.com/symfony/symfony/pull/8575#issuecomment-34867485)
| License | MIT
Re-applies 968fe23 (PR #8575).
The test for this already exists, it was just this line that got overwritten by eb9f76d5ba (diff-ca5e25b47f3ecc94cd557946aeb486c6L542)
To clarify, this is a PR into 2.3 branch - this already exists in 2.4 (and later from this PR: https://github.com/symfony/symfony/pull/9146)
Commits
-------
8d99d75 [Form][2.3] Fixes empty file-inputs getting treated as extra field.
This PR was merged into the 2.3 branch.
Discussion
----------
Update FileLoader to fix issue #10339
This fixes an issue in Symfony\Component\Config\Loader\FileLoader
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #10339
| License | MIT
| Doc PR | none
Commits
-------
3988728 Update FileLoader to fix issue #10339
FileLoader now uses resolved FileLoader's (the one that explicitly
supports that resource) FileLocatorInterface instance before falling
back to its own when trying to load resources in import() method.
This PR was squashed before being merged into the 2.3 branch (closes#10305).
Discussion
----------
[Process] minor fixes
| Q | A
| ------------- | ---
| Fixed tickets | [n/a]
| License | MIT
The "same" PR as #10220, but on "2.3" branch
Commits
-------
f03e5dc [Process] minor fixes
This PR was merged into the 2.3 branch.
Discussion
----------
[Validator] Removed PHP <5.3.3 specific code which is not officially supported
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
There is some code in the validator component which handles a PHP bug for versions strictly inferiors to 5.3.3. Since these versions are not supported (the requirements say 5.3.3 minimum) I thought we could remove it.
Regards.
Commits
-------
f10c974 [Validator] Removed PHP <5.3.3 specific code which is not officially supported.
This PR was merged into the 2.3 branch.
Discussion
----------
[Console] removed problematic regex
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #9462
| License | MIT
| Doc PR | n/a
This PR is a quick implementation of a replacement fora problematic regex.
Commits
-------
80bc41e [Console] removed problematic regex
This PR was merged into the 2.3 branch.
Discussion
----------
[DomCrawler] Added support for <area> tags to be treated as links
The [HTML area tag](https://developer.mozilla.org/en-US/docs/Web/HTML/Element/area) behaves exactly like the `a` tag in that they're both clickable, and if it has a `href` follows a link. The Link class works the same with both tags.
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
Commits
-------
23acd26 [DomCrawler] Added support for <area> tags to be treated as links
The onSubmit() method of the ResizeFormListener class is assuming the data is an array, and calling unset directly inside a foreach. This works fine in most scenarios, but if data is an instance of IteratorAggregate, it breaks with the following error:
Symfony\Component\Form\Extension\Core\EventListener\ResizeFormListener::onSubmit(): ArrayIterator::next(): Array was modified outside object and internal position is no longer valid in ./vendor/symfony/symfony/src/Symfony/Component/Form/Extension/Core/EventListener/ResizeFormListener.php line 142
This is because the foreach loop is using an Iterator in the background, but the ResizeFormListener has unset the underlying data directly, causing the Iterator and data to be out of sync. When the data is an instance of IteratorAggregate, the loop should use the iterator directly and not rely on foreach.
The onSubmit method has been updated accordingly.
This PR was merged into the 2.3 branch.
Discussion
----------
[HttpKernel] fixed wrong reference in TraceableEventDispatcher
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #9748, #9727
| License | MIT
| Doc PR | n/a
This PR fixes#9748 and #9727 by removing the `id` state. Only private method signatures have been changed, so that qualifies for a fix in 2.3.
The `getNotCalledListeners()` is a bit special as it tries to get non-called listeners. It passes `null` as the event id as if a listener has been called more than once, getting the first call is enough.
Commits
-------
acd3317 [HttpKernel] fixed wrong reference in TraceableEventDispatcher
This PR was squashed before being merged into the 2.3 branch (closes#10151).
Discussion
----------
[Form] Update DateTime objects only if the actual value has changed
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
Right now the Form component replaces DateTime fields with new Objects, therefore the hash is changing.
This leads to unnecessary database updated when working with doctrine. With this patch the DateTime object
of the actual entity is only replaced if the value has been changed.
Commits
-------
1f22d3a [Form] Update DateTime objects only if the actual value has changed
Sometimes, tests are failing because REQUEST_TIME
changes between the creation of the various sub-requests.
By using delta, we allow maximum of second of difference.
Example: https://travis-ci.org/symfony/symfony/jobs/17668158#L511
This PR was merged into the 2.3 branch.
Discussion
----------
[Validator][Translation] add zh_TW validator translations
add Traditional Chinese validator translations.
Commits
-------
c755e85 add zh_TW validator translations
This PR was merged into the 2.3 branch.
Discussion
----------
[DependencyInjection] Remove unneeded file
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
I think the file was moved here by mistake from the fixtures.
Commits
-------
caf1809 [DependencyInjection] Remove unneeded file
This PR was merged into the 2.3 branch.
Discussion
----------
added lines to exceptions for the trans and transchoice tags
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #10120
| License | MIT
| Doc PR | n/a
Commits
-------
ee0470d added lines to exceptions for the trans and transchoice tags
This PR was merged into the 2.3 branch.
Discussion
----------
Remove obsolete conditions
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
In `composer.json`, Twig version is set to 1.12 as a minimum, so all conditions about earlier Twig versions can be safely removed.
Commits
-------
c3ff76a [Twig] removed obsolete conditions on Twig versions
This PR was merged into the 2.3 branch.
Discussion
----------
[Form] Make FormInterface::add docblock more explicit
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
When replacing a child form from within a form event, it's not obvious that you have to use the 'add' method. Though it's minor, this will save somebody a google search.
Commits
-------
23216aa [Form] Make FormInterface::add docblock more explicit
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
When replacing a child form from within a form event, it's not obvious that you have to use the 'add' method. Though it's minor, this will save somebody a google search.
This PR was merged into the 2.3 branch.
Discussion
----------
[2.3][Component/Security] Fixed some phpdocs in Security/Core
| Q | A
| ------------- | ---
| Bug fix? | kinda*
| New feature? | no
| License | MIT
\* - those missing phpdocs lead to problems when debugging with IDE, as well as some were wrong (i.e. `SecurityContextInterface::isGranted()`) as parameters differ in interface & class implementing it
Commits
-------
80fae1d [Component/Security] Fixed some phpdocs in Security/Core
This PR was merged into the 2.3 branch.
Discussion
----------
Prevent WDT from creating a session
The wdt should not create a session.
Bug fix: yes
Feature addition: no
Backwards compatibility break: no
Symfony2 tests pass: yes
Fixes the following tickets: N/A
Todo: -
License of the code: MIT
Documentation PR: N/A
Commits
-------
4791351 Prevent WDT from creating a session
This PR was merged into the 2.3 branch.
Discussion
----------
[All] update license year to 2014
| Q | A |
| --- | --- |
| Bug fix? | n |
| New feature? | n |
| BC breaks? | n |
| Deprecations? | n |
| Tests pass? | y |
| Fixed tickets | na |
| License | MIT |
| Doc PR | na |
Sent using [Gush](https://github.com/cordoval/gush)
sorry about the previous PR now closed, forgot Gush had branched off of master and not 2.3
Commits
-------
8ace5f9 update year on licenses
This PR was merged into the 2.3 branch.
Discussion
----------
[Process] Fix#9861 : Revert TTY mode
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #9861
| License | MIT
This revert the TTY mode support for the process component
Commits
-------
160b1cf [Process] Fix#9861 : Revert TTY mode
This PR was squashed before being merged into the 2.3 branch (closes#9948).
Discussion
----------
[WebProfilerBundle] Fixed profiler toolbar icons for XHTML.
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | n/a
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
Profiler page itself is entirely autonomic, but toolbar is not - unfortunately currently it doesn't work in XHTML documents :(.
#9877 backported to `2.3` branch.
Commits
-------
296c4d1 [WebProfilerBundle] Fixed profiler toolbar icons for XHTML.
This PR was merged into the 2.3 branch.
Discussion
----------
Propel1 exception message
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #9932
| License | MIT
| Doc PR | none
This add exception message for `ModelChoiceList` and `ModelType` when `class` parameter is not provided or invalid
Commits
-------
047492f [Propel1Bridge][ModelChoiceList] add exception message for invalid classes
This PR was merged into the 2.3 branch.
Discussion
----------
[HttpFoundation] Documented public properties
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #9670
| License | MIT
| Doc PR | -
`$request` and `$query` parameter bags could be hard to get for a newcommer, who's used to `$_POST` and `$_GET` variables. Some people claim naming makes no sense (see #9671).
For consistency I documented all public properties.
Commits
-------
1b79831 [HttpFoundation] Documented public properties.
This PR was squashed before being merged into the 2.3 branch (closes#9925).
Discussion
----------
[Routing] add missing unit tests for Route and RouteCollection classes
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | none
| License | MIT
| Doc PR | none
Just add few unit tests in Route and RouteCollection classes to have a full coverage.
Commits
-------
7bbd568 [Routing] add missing unit tests for Route and RouteCollection classes
This PR was merged into the 2.3 branch.
Discussion
----------
removed unneeded use statements
| Q | A
| ------------- | ---
| License | MIT
Commits
-------
7f9a366 removed unneeded use statements
This PR was merged into the 2.3 branch.
Discussion
----------
[HttpFoundation] Throw proper exception when invalid data is passed to JsonResponse class
| Q | A
| ------------- | ---
| Bug fix? | yes
| BC breaks? | no*
| Tests pass? | yes
| Fixed tickets | #9903
| License | MIT
\* as described in mentioned issue, before this PR there was thrown exception `UnexpectedValueException`, which was not correct, but I guess some people trying to hide the bug could use `try {} catch` on it.
Commits
-------
38287e7 [HttpFoundation] Throw proper exception when invalid data is passed to JsonResponse class
This PR was merged into the 2.3 branch.
Discussion
----------
[Security] fixed pre/post authentication checks
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #8510, #9622
| License | MIT
| Doc PR | N/A
After further investigation of #8510, I found that all checks in the `checkPreAuth` actually belongs to `checkPostAuth` and the same goes for checks in `CheckPostAuth` (I checked the original source from Spring and indeed, that's how it is implemented there: see https://github.com/spring-projects/spring-security/blob/master/core/src/main/java/org/springframework/security/authentication/dao/AbstractUserDetailsAuthenticationProvider.java#L305
).
So, this PR fixes that issue. I think that we can do this change safely in 2.3 as the error message is the same for all causes by default (`$hideUserNotFoundExceptions` is `true` by default in `UserAuthenticationProvider`).
The only "real" change is whether the authentication is checked or not.
Commits
-------
ada82a2 [Security] fixed pre/post authentication checks
This PR was merged into the 2.3 branch.
Discussion
----------
fixed some PSR-0 class names
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
Commits
-------
a38e2c0 fixes PSR-0 issues in tests
This PR was merged into the 2.3 branch.
Discussion
----------
[Filesystem | WCM] 9339 fix stat on url for filesystem copy
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #9339
| License | MIT
| Doc PR | na
supersedes https://github.com/symfony/symfony/pull/9863
Commits
-------
4fba412 adjusted behavior to always copy override on url files
This PR was merged into the 2.3 branch.
Discussion
----------
[Console] fixed column width when using the Table helper with some decoration in cells
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #8152, #9366
| License | MIT
| Doc PR | n/a
This PR fixes the same issue as #9366 but works in all situations (all kind of styles, when the string is shorter than any other one or larger than any other ones, ...).
I'm not very satisfied with the fix and especially the `computeLengthWithoutDecoration` method, but the whole helper should be rethought to make it stateless (out of the scope of this PR).
Commits
-------
5b4d057 [Console] fixed column width when using the Table helper with some decoration in cells
This PR was squashed before being merged into the 2.3 branch (closes#8997).
Discussion
----------
[Security] Fixed problem with losing ROLE_PREVIOUS_ADMIN role.
<table>
<tr>
<td><b>Q</b></td>
<td><b>A</b></td>
</tr>
<tr>
<td>Bug fix?</td>
<td>yes</td>
</tr>
<tr>
<td>New feature</td>
<td>no</td>
</tr>
<tr>
<td>BC breaks?</td>
<td>no</td>
</tr>
<tr>
<td>Deprecations?</td>
<td>no</td>
</tr>
<tr>
<td>Tests pass?</td>
<td>yes</td>
</tr>
<tr>
<td>Fixed tickets</td>
<td>#3085, #8974</td>
</tr>
<tr>
<td>License</td>
<td>MIT</td>
</tr>
<tr>
<td>Doc PR</td>
<td>n/a</td>
</tr>
</table>
Problem occurs while user is impersonated. Authentication process generates new token and doeas not preserve role ```ROLE_PREVIOUS_ADMIN```. Ex. when parameter ```security.always_authenticate_before_granting``` is enabled.
Commits
-------
a7baa3b [Security] Fixed problem with losing ROLE_PREVIOUS_ADMIN role.
This PR was merged into the 2.3 branch.
Discussion
----------
[Security] Fix ExceptionListener to catch correctly AccessDeniedException if is not first exception
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #9544, #8467?, #9823
| License | MIT
| Doc PR |
Same as #9823 but with some refactoring of the code and with some unit tests.
When merging to 2.4, the unit tests can be simplified a bit.
Commits
-------
172fd63 [Security] made code easier to understand, added some missing unit tests
616b6c5 [Security] fixed error 500 instead of 403 if previous exception is provided to AccessDeniedException
This PR was merged into the 2.3 branch.
Discussion
----------
[Dependencyinjection] Fixed handling of inlined references in the AnalyzeServiceReferencesPass
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #8299, #9829
| License | MIT
| Doc PR | n/a
Hopefully a better fix for #9829 (ping @jakzal). Unit tests coming soon.
In some cases `InlineServiceDefinitionsPass` replaces a Reference with a service Definition. In such scenarios `AnalyzeServiceReferencesPass` was falling into an infinite loop.
Commits
-------
d650295 [DependencyInjection] fixed InlineServiceDefinitionsPass to not inline a service if it's part of the current definition (to avoid an infinite loop)