The console formatter does a better job, unless the VarDumper component
is missing, in which case you will not see the "context" or "extra" keys
and the LineFormatter should be preferred.
This PR was merged into the 3.4 branch.
Discussion
----------
adding AdapterInterface alias for cache.app
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no-ish
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | TODO
I'd like to add this alias for autowiring. If only `CacheItemPoolInterface` is available, then it's a bit weird to use the extra Symfony cache features (e.g. tagging), as I'm calling methods on the `CacheItemPoolInterface` that don't exist. I'd rather type-hint `AdapterInterface` and confidently call those (+ get auto-complete).
Commits
-------
454f65a77d adding AdapterInterface alias for cache.app
This PR was merged into the 3.4 branch.
Discussion
----------
Add extra autowiring aliases
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | not really
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
This adds autowiring for RequestContextAwareInterface for the routing layer and for AuthenticationManagerInterface in the security layer.
Commits
-------
921a8794c6 Add extra autowiring aliases
This PR was merged into the 2.7 branch.
Discussion
----------
[HttpKernel] Remove obsolete PHPDoc from UriSigner
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | N/A
| License | MIT
| Doc PR | N/A
`_hash` query param does not have to be at the end of the URL ever since https://github.com/symfony/symfony/pull/12574 so this PHPDoc is confusing. I've actually lost couple of hours of work rewriting my URLs to place it at the end before I realized that `UriSigner` doesn't really care.
Commits
-------
45ac192200 Remove obsolete PHPDoc from UriSigner
This PR was merged into the 3.3 branch.
Discussion
----------
add DOMElement as return type in Crawler::getIterator to support foreach support in ide
| Q | A
| ------------- | ---
| Branch? | 3.3
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| License | MIT
In `Crawler::getIterator` return type is missing so ide (PhpStorm) is not able to provide completion inside foreach statements. This PR adds `DOMElement[]` to it
```php
$crawler = new Crawler('foobar');
foreach($crawler->filter('a') as $link) {
# support completion
$link->...
}
```
Commits
-------
2350597288 add DOMElement as return type in Crawler::getIterator to support foreach support in ide
This PR was merged into the 2.7 branch.
Discussion
----------
[Debug] Fix same vendor detection in class loader
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
Fix about same vendor detection in ClassLoader. Actually, detected namespace for `Doctrine\ORM\Configuration` is `Doctrine\ORM` instead of `Doctrine\`. So deprecations are triggered for classes in same namespace.
Commits
-------
d2ab0d8019 [Debug] Fix same vendor detection in class loader
This PR was merged into the 3.4 branch.
Discussion
----------
[HttpFoundation] Make sessions secure and lazy
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | yes
| Tests pass? | not yet
| Fixed tickets | #6388, #6036, #12375, #12325
| License | MIT
| Doc PR | -
The `SessionUpdateTimestampHandlerInterface` (new to PHP 7.0) is mostly undocumented, and just not implemented anywhere. Yet, it's required to implement session fixation preventions and lazy write in userland session handlers (there is https://wiki.php.net/rfc/session-read_only-lazy_write which describes the behavior.)
By implementing it, we would make Symfony session handling much better and stronger. Meanwhile, doing some cookie headers management, this also gives the opportunity to fix the "don't start if session is only read issue".
So, here we are for the general idea. Now needs more (and green) tests, and review of course.
Commits
-------
347939c9b3 [HttpFoundation] Make sessions secure and lazy
This PR was merged into the 3.3 branch.
Discussion
----------
[3.3] Fixed pathinfo calculation for requests starting with a question mark.
| Q | A
| ------------- | ---
| Branch? | 3.3
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #24487
| License | MIT
| Doc PR | no
Fix of bad merge conflict resolving as mentioned in #24487. Port #21968 to 3.3+
Commits
-------
c17a92259a Fixed pathinfo calculation for requests starting with a question mark. - fix bad conflict resolving issue - port symfony/symfony#21968 to 3.3+
This PR was squashed before being merged into the 3.3 branch (closes#24565).
Discussion
----------
[Serializer] YamlEncoder: throw if the Yaml component isn't installed
| Q | A
| ------------- | ---
| Branch? | 3.3 <!-- see comment below -->
| Bug fix? | yes
| New feature? | no <!-- don't forget to update src/**/CHANGELOG.md files -->
| BC breaks? | no
| Deprecations? | no <!-- don't forget to update UPGRADE-*.md files -->
| Tests pass? | no
| Fixed tickets | #... <!-- #-prefixed issue number(s), if any -->
| License | MIT
| Doc PR | n/a
Similar to #24563 but for the Yaml encoder (not the same branch).
Commits
-------
7d21caf8dd [Serializer] YamlEncoder: throw if the Yaml component isn't installed
This PR was squashed before being merged into the 2.8 branch (closes#24571).
Discussion
----------
[PropertyInfo] Add support for the iterable type
| Q | A
| ------------- | ---
| Branch? | 2.8
| Bug fix? | yes
| New feature? | no <!-- don't forget to update src/**/CHANGELOG.md files -->
| BC breaks? | no
| Deprecations? | no <!-- don't forget to update UPGRADE-*.md files -->
| Tests pass? | yes
| Fixed tickets | reported on Slack
| License | MIT
| Doc PR | n/a
Add support for the `iterable` pseudo-type introduced in PHP 7.1.
Commits
-------
a73249db31 [PropertyInfo] Add support for the iterable type
This PR was squashed before being merged into the 3.4 branch (closes#24556).
Discussion
----------
[Routing] Ensure uniqueness without repeated check
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
The RouteCollection ensures uniqueness of resources by using array_unique. The current implementation suffers from the following problems.
1. The array_unique method calls __toString for every element in the array but it is very inefficient in terms of the number of calls made. I.e. if the array has 50 elements it does not do 50 __toString calls. I did some tests with Blackfire in PHP 7.1 and found the following numbers.
25 elements => 240 calls
50 elements => 607 calls
100 elements => 1382 calls
200 elements => 3333 calls
2. The array_unique function is called every time the getResources() method is called, even when the resources did not change in the mean time. Combined with the above this leads to lower performance.
Many applications have a low number of routes so this is not a big issue. But for larger applications or bundles that generate routes (i.e. for CRUD or API / doc generation) this will have a bigger impact.
Commits
-------
16f7281178 [Routing] Ensure uniqueness without repeated check
This PR was merged into the 3.4 branch.
Discussion
----------
[Console] Sync ConsoleLogger::interpolate with the one in HttpKernel
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | no <!-- don't forget to update src/**/CHANGELOG.md files -->
| BC breaks? | no
| Deprecations? | no <!-- don't forget to update UPGRADE-*.md files -->
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
Adapted from: https://github.com/symfony/symfony/blob/master/src/Symfony/Component/HttpKernel/Log/Logger.php#L92
Better performance and datetime support (maybe should it be merged in a newer version, but I've targeted 2.7 to prevent future merge conflicts).
Commits
-------
8fcbc55 [Console] Sync ConsoleLogger::interpolate with the one in HttpKernel
This PR was merged into the 3.3 branch.
Discussion
----------
Fixed mistake in exception expectation
| Q | A
| ------------- | ---
| Branch? | 3.3
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
In some cases, (5 to be exact), the `expectException` is misused while attempting to provide compatibility with the older `setExpectedException` by making use of a non-existent parameter.
Firstly, this makes the tests inconsistent (old PHPUnit version test exception message, while newer one doesn't). Secondly, if PHPUnit interface suddenly starts making use of a 2nd parameter in `expectException`, the existing code might break or cause unexpected side-effects.
Original report: 87bb726712 (commitcomment-24848315)
Commits
-------
03be003 Fixed mistake in exception expectation
This PR was merged into the 2.7 branch.
Discussion
----------
[Form] Updated the source text and translation
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
I noticed that the source text had changed. See the [English version](https://github.com/symfony/symfony/blob/master/src/Symfony/Component/Form/Resources/translations/validators.en.xlf)
Ping @magnusnordlander or @vinkla, Is this translation okey?
Commits
-------
7da052f18f Updated the source text and translation
This PR was merged into the 3.4 branch.
Discussion
----------
[Form] [TwigBridge] Added option to disable usage of default themes when rendering a form
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | yes
| Tests pass? | yes
| Fixed tickets | N/A
| License | MIT
| Doc PR | https://github.com/symfony/symfony-docs/pull/8495
This adds a possibility to use `only` keyword in `form_theme` tag to disable usage of globally defined form themes, e.g.
`{% form_theme form with ['common.html.twig', 'form/fields.html.twig'] only %}`
Otherwise, in order to completely control the rendering of the forms (for example in custom admin interfaces), one would need to use a form theme which has all the possible twig blocks defined to prevent globally defined themes to interfere with the rendering.
`only` keyword is already used when including a Twig template to transfer only the variables which are explicitly defined in the `include` tag, so it seemed natural to use it here too.
This, of course, means that the user will need to manually `use` all of the templates that are required to render the form, including `form_div_layout.html.twig`
This issue is described in details over at Symfony Demo repo: https://github.com/symfony/symfony-demo/issues/515
TODO:
- [x] submit changes to the documentation
Commits
-------
e0681f9955 [Form] [TwigBridge] Added option to disable usage of default themes when rendering a form
This PR was merged into the 2.7 branch.
Discussion
----------
[Security] Reject remember-me token if UserCheckerInterface::checkPostAuth() fails
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #24525
| License | MIT
| Doc PR | -
I think this is a security hole - a user can remain logged in with a remember me cookie even though they can no longer pass `UserCheckInterface::checkPostAuth()` (could be disabled).
This is a small BC break but shouldn't be an issue as I think it is a bug. I don't think this requires a BC layer but if so, I can add.
Commits
-------
fe190b6ee9 reject remember-me token if user check fails
* 3.3:
[BrowserKit] Handle deprecations triggered in insulated requests
[Bridge\PhpUnit] Handle deprecations triggered in separate processes
[Validator] added magic method __isset() to File Constraint class
[DI] Fix possible incorrect php-code when dumped strings contains newlines
[Translation] minor: remove unused variable in test
never match invalid IP addresses