* 3.4:
[CS] Apply phpdoc_annotation_without_dot
bumped Symfony version to 3.3.10
updated VERSION for 3.3.9
updated CHANGELOG for 3.3.9
[DomCrawler] Fix conversion to int on GetPhpFiles
Remove `protected_to_private` rule.
Filtering empty uuids in ORMQueryBuilderLoader.
* 3.3:
[CS] Apply phpdoc_annotation_without_dot
bumped Symfony version to 3.3.10
updated VERSION for 3.3.9
updated CHANGELOG for 3.3.9
[DomCrawler] Fix conversion to int on GetPhpFiles
Remove `protected_to_private` rule.
Filtering empty uuids in ORMQueryBuilderLoader.
* 3.4:
[HttpKernel] Deprecate EnvParametersResource
[Lock] Check TTL expiration in lock acquisition
Fix race condition in tests between cache and lock
Improved how links are displayed in exception messages
* 3.4: (38 commits)
Fix merge
[Lock] Expose an expiringDate and isExpired method in Lock
[VarDumper] fix DateCasterTest
[config] Add ability to deprecate a node
feature #22382 [config] Add abbitily to deprecate a node (Nyholm, fabpot, sanpii)
Fix segfault in period caster
Create an interface for TranslationReader and moved TranslationLoader to Translation component
Always require symfony/polyfill-apcu to provide APCuIterator everywhere
[Lock] Fix some tests that require pcntl_sigwaitinfo() function
bumped Symfony version to 3.3.9
updated VERSION for 3.3.8
updated CHANGELOG for 3.3.8
[DI] Fix tracking env var placeholders nested in object graphs
bumped Symfony version to 3.3.8
updated VERSION for 3.3.7
updated CHANGELOG for 3.3.7
Add period caster
[DI] improve psr4-based service discovery with namespace option
[DI] Fix tracking env vars when merging configs (bis)
removed obsolete comment
...
* 3.3: (27 commits)
Always require symfony/polyfill-apcu to provide APCuIterator everywhere
bumped Symfony version to 3.3.9
updated VERSION for 3.3.8
updated CHANGELOG for 3.3.8
[DI] Fix tracking env var placeholders nested in object graphs
bumped Symfony version to 3.3.8
updated VERSION for 3.3.7
updated CHANGELOG for 3.3.7
[DI] Fix tracking env vars when merging configs (bis)
removed obsolete comment
install PHPUnit 6 on PHP 7.2
[Cache] Use zend.detect_unicode instead of zend.multibyte
Fix case sensitive typo in use class name
[VarDumper] Enhance docblock to tell about AbstractDumper::dumpLine(-1)
[Debug] Remove false-positive check in DebugClassLoader
[Validator] Fix use of GroupSequenceProvider in child classes
Change number PHPDoc type to int|float
[Cache] Workaround zend.detect_unicode + zend.multibyte
[VarDumper] Strengthen dumped JS
[VarDumper] Strengthen dumped JS
...
* 2.8:
[VarDumper] Enhance docblock to tell about AbstractDumper::dumpLine(-1)
[Debug] Remove false-positive check in DebugClassLoader
[Validator] Fix use of GroupSequenceProvider in child classes
Change number PHPDoc type to int|float
[VarDumper] Strengthen dumped JS
[travis] Add timing info
[Validator] Fix Greek translation
[Console] Initialize lazily to render exceptions properly
[Validator] Add a property tag for File::$maxSize
* 2.7:
[VarDumper] Enhance docblock to tell about AbstractDumper::dumpLine(-1)
[Debug] Remove false-positive check in DebugClassLoader
[Validator] Fix use of GroupSequenceProvider in child classes
Change number PHPDoc type to int|float
[VarDumper] Strengthen dumped JS
[travis] Add timing info
[Validator] Fix Greek translation
[Console] Initialize lazily to render exceptions properly
[Validator] Add a property tag for File::$maxSize
* 3.4: (23 commits)
[DI] Allow dumping inline services in Yaml
fixed CS
[2.8] Modify 2.8 upgrade doc - key option is deprecated.
Fix lock failling test
[Debug] Correctly detect methods not from the same vendor
[HttpKernel] Deprecated commands auto-registration
Fix minors in date caster
[FrameworkBundle] Catch Fatal errors in commands registration
[Debug] Detect internal and deprecated methods
[Profiler] Make the validator toolbar item consistent with the form one
[DebugBundle] Reword an outdated comment about var dumper wiring
updated CHANGELOG
[HttpFoundation] Remove length limit on ETag
[DI] Fix some docblocks
[DI] Fix some docblocks
Fixed the exception page design in responsive mode
[Console] Log exit codes as debug messages instead of errors
Fixed UPGRADE-4.0 about Container::set
Ignore memcached missing key error on dession destroy
[FrameworkBundle] Allow micro kernel to subscribe events easily
...
* 3.3:
fixed CS
[2.8] Modify 2.8 upgrade doc - key option is deprecated.
[DebugBundle] Reword an outdated comment about var dumper wiring
[DI] Fix some docblocks
[DI] Fix some docblocks
Fixed the exception page design in responsive mode
[Console] Log exit codes as debug messages instead of errors
Fixed UPGRADE-4.0 about Container::set
Ignore memcached missing key error on dession destroy
bumped Symfony version to 3.2.14
updated VERSION for 3.2.13
updated CHANGELOG for 3.2.13
* 3.3:
Removed useless argument $definition
Fix comment
[Config] Fix checking class existence freshness
bumped Symfony version to 3.3.7
updated VERSION for 3.3.6
updated CHANGELOG for 3.3.6
Bump minimal PHP version to ^5.5.9|>=7.0.8
* 3.4:
[DI] Remove unused props from the PhpDumper
[VarDumper] Keep and reuse array stubs in memory
[DI][ProxyManager] Pass the factory code to execute to DumperInterface::getProxyFactoryCode()
[Workflow] Adding workflow name to the announce event
[ProxyManager] Cleanup fixtures
[Console][WebServerBundle] Use "exec" when possible
[Debug] HTML-escape array key
Add some phpdocs for IDE autocompletion and better SCA
Fixed typo in docblock
* 3.3:
[DI] Remove unused props from the PhpDumper
[VarDumper] Keep and reuse array stubs in memory
[ProxyManager] Cleanup fixtures
[Console][WebServerBundle] Use "exec" when possible
[Debug] HTML-escape array key
Add some phpdocs for IDE autocompletion and better SCA
Fixed typo in docblock
* 3.2:
[DI] Remove unused props from the PhpDumper
[ProxyManager] Cleanup fixtures
[Debug] HTML-escape array key
Add some phpdocs for IDE autocompletion and better SCA
Fixed typo in docblock
* 2.8:
[DI] Remove unused props from the PhpDumper
[ProxyManager] Cleanup fixtures
[Debug] HTML-escape array key
Add some phpdocs for IDE autocompletion and better SCA
Fixed typo in docblock
* 2.7:
[DI] Remove unused props from the PhpDumper
[ProxyManager] Cleanup fixtures
[Debug] HTML-escape array key
Add some phpdocs for IDE autocompletion and better SCA
This PR was merged into the 2.7 branch.
Discussion
----------
[Debug] Missing escape in debug output
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
When pretty-printing an exception, the debug handler does not properly escape array keys.
The problem only occurs when debug output is enabled, so this is not considered a [security issue](http://symfony.com/doc/current/contributing/code/security.html) (according to @fabpot), because the debug tools [should not be used in production](https://symfony.com/doc/current/components/debug.html#usage).
A test for this is included in my patch for #18722.
Commits
-------
636777d [Debug] HTML-escape array key
* 3.4:
Deprecate support for stacked errors
fixed tests
[HttpFoundation] Find the original request protocol version
fixed CS
Add support for microseconds in Stopwatch
Preserve HttpOnly value when deserializing a header
add minimum and maximum amount of pixels to Image validator
fixed CHANGELOG
[DX] [TwigBundle] Enhance the new exception page design
[BrowserKit] Emulate back/forward browser navigation
Fix deprecated message
[Component][Serializer][Normalizer] : Deal it with Has Method for the Normalizer/Denormalizer
[Validator] improve the changelog
[FrameworkBundle] Wire inner translator
[FrameworkBundle][HttpKernel] Move addcachearmer, addcacheclearer compiler pass
[FrameworkBundle][Translation] Move translation compiler pass
* 3.3: (33 commits)
Preserve HttpOnly value when deserializing a header
[DX] [TwigBundle] Enhance the new exception page design
Fix deprecated message
[DI][Security] Prevent unwanted deprecation notices when using Expression Languages
bumped Symfony version to 3.3.5
updated VERSION for 3.3.4
updated CHANGELOG for 3.3.4
[VarDumper] Reduce size of serialized Data objects
bumped Symfony version to 3.2.12
updated VERSION for 3.2.11
updated CHANGELOG for 3.2.11
fixed bad merge
Fix indent of methods
[Cache] Handle APCu failures gracefully
[DoctrineBridge] Use normalizedIds for resetting entity manager services
[FrameworkBundle] Do not remove files from assets dir
[FrameworkBundle] 3.3: Don't get() private services from debug:router
bumped Symfony version to 3.3.4
updated VERSION for 3.3.3
updated CHANGELOG for 3.3.3
...
* 3.3:
[DI][Security] Prevent unwanted deprecation notices when using Expression Languages
bumped Symfony version to 3.3.5
updated VERSION for 3.3.4
updated CHANGELOG for 3.3.4
[VarDumper] Reduce size of serialized Data objects
bumped Symfony version to 3.2.12
updated VERSION for 3.2.11
updated CHANGELOG for 3.2.11
[DoctrineBridge] Use normalizedIds for resetting entity manager services
* 3.4:
[MonologBridge] Do not silence errors in ServerLogHandler::formatRecord
bumped Symfony version to 3.3.3
updated VERSION for 3.3.2
updated CHANGELOG for 3.3.2
[HttpKernel][Debug] Fix missing trace on deprecations collected during bootstrapping & silenced errors
[PropertyInfo] Made ReflectionExtractor's prefix lists instance variables
* 3.3:
[MonologBridge] Do not silence errors in ServerLogHandler::formatRecord
bumped Symfony version to 3.3.3
updated VERSION for 3.3.2
updated CHANGELOG for 3.3.2
[HttpKernel][Debug] Fix missing trace on deprecations collected during bootstrapping & silenced errors
* 3.4: (31 commits)
Using FQ name for PHP_VERSION_ID
[EventDispatcher] Handle laziness internally instead of relying on ClosureProxyArgument
Fix CacheCollectorPass priority
[Form] Fix \IntlDateFormatter timezone parameter usage to bypass PHP bug #66323
[Routing] Allow GET requests to be redirected. Fixes#23004
[DI] Deal with inlined non-shared services
[Cache] Ignore missing annotations.php
[DI] Autowiring exception thrown when inlined service is removed
Improving deprecation message when hitting the "deprecated type" lookup, but an alias is available
Harden the debugging of Twig filters and functions
Fixing a bug where an autowiring exception was thrown even when that service was removed
Remove extra arg in call to TraceableAdapter::start()
Support unknown compiler log format
[Config] Allow empty globs
Fix decorating TagAware adapters in dev
[Profiler] Fix clicking on links inside toggle
[Profiler] Fix text selection on exception pages
bumped Symfony version to 3.3.1
updated VERSION for 3.3.0
updated CHANGELOG for 3.3.0
...
* 3.3: (31 commits)
Using FQ name for PHP_VERSION_ID
[EventDispatcher] Handle laziness internally instead of relying on ClosureProxyArgument
Fix CacheCollectorPass priority
[Form] Fix \IntlDateFormatter timezone parameter usage to bypass PHP bug #66323
[Routing] Allow GET requests to be redirected. Fixes#23004
[DI] Deal with inlined non-shared services
[Cache] Ignore missing annotations.php
[DI] Autowiring exception thrown when inlined service is removed
Improving deprecation message when hitting the "deprecated type" lookup, but an alias is available
Harden the debugging of Twig filters and functions
Fixing a bug where an autowiring exception was thrown even when that service was removed
Remove extra arg in call to TraceableAdapter::start()
Support unknown compiler log format
[Config] Allow empty globs
Fix decorating TagAware adapters in dev
[Profiler] Fix clicking on links inside toggle
[Profiler] Fix text selection on exception pages
bumped Symfony version to 3.3.1
updated VERSION for 3.3.0
updated CHANGELOG for 3.3.0
...
* 3.2:
Using FQ name for PHP_VERSION_ID
[Form] Fix \IntlDateFormatter timezone parameter usage to bypass PHP bug #66323
Harden the debugging of Twig filters and functions
bumped Symfony version to 3.2.10
updated VERSION for 3.2.9
updated CHANGELOG for 3.2.9
bumped Symfony version to 2.8.22
updated VERSION for 2.8.21
updated CHANGELOG for 2.8.21
bumped Symfony version to 2.7.29
updated VERSION for 2.7.28
update CONTRIBUTORS for 2.7.28
updated CHANGELOG for 2.7.28
* 2.8:
Using FQ name for PHP_VERSION_ID
[Form] Fix \IntlDateFormatter timezone parameter usage to bypass PHP bug #66323
Harden the debugging of Twig filters and functions
bumped Symfony version to 2.8.22
updated VERSION for 2.8.21
updated CHANGELOG for 2.8.21
bumped Symfony version to 2.7.29
updated VERSION for 2.7.28
update CONTRIBUTORS for 2.7.28
updated CHANGELOG for 2.7.28
* 2.7:
Using FQ name for PHP_VERSION_ID
[Form] Fix \IntlDateFormatter timezone parameter usage to bypass PHP bug #66323
Harden the debugging of Twig filters and functions
bumped Symfony version to 2.7.29
updated VERSION for 2.7.28
update CONTRIBUTORS for 2.7.28
updated CHANGELOG for 2.7.28