* 4.2:
[DI] Fix dumping Doctrine-like service graphs
fix serialization workaround in CustomUserMessageAuthenticationException
PHPUnit Bridge: Rollback to traditional array syntax.
[Form] fix some docblocks and type checks
* 3.4:
[DI] Fix dumping Doctrine-like service graphs
fix serialization workaround in CustomUserMessageAuthenticationException
PHPUnit Bridge: Rollback to traditional array syntax.
[Form] fix some docblocks and type checks
* 4.2:
[Routing] dont redirect routes with greedy trailing vars with no explicit slash
skip native serialize among child and parent serializable objects
[Routing] backport tests from 4.1
[MonologBridge] Remove unused local variable
Remove unreachable code
Add PackageNameTest to ConfigurationTest also add in the changelog the corresponding entry to this PR
Support use of hyphen in asset package name
Fix format strings for deprecation notices
Remove a harmless duplicate array key from VarDumper
[VarDumper] Fixed search bar
Remove gendered pronouns
Replace gender by eye color in tests
[Security] dont do nested calls to serialize()
* 4.1:
[Routing] dont redirect routes with greedy trailing vars with no explicit slash
skip native serialize among child and parent serializable objects
[Routing] backport tests from 4.1
[MonologBridge] Remove unused local variable
Remove unreachable code
Add PackageNameTest to ConfigurationTest also add in the changelog the corresponding entry to this PR
Support use of hyphen in asset package name
Remove gendered pronouns
Replace gender by eye color in tests
[Security] dont do nested calls to serialize()
* 3.4:
skip native serialize among child and parent serializable objects
[Routing] backport tests from 4.1
Add PackageNameTest to ConfigurationTest also add in the changelog the corresponding entry to this PR
Support use of hyphen in asset package name
Remove gendered pronouns
Replace gender by eye color in tests
[Security] dont do nested calls to serialize()
* 4.2:
Bump phpunit bridge cache id
[appveyor] fix create-project phpunit
Fix HttpKernel Debug requirement
Fix heredoc
use final annotation to allow mocking the class
synchronise the form builder docblock
Grammar fix in exception message
fix tests
forward the parse error to the calling code
Avoid dots in generated class names.
[Debug][DebugClassLoader] Match more cases for final, deprecated and internal classes / methods extends
ensure compatibility with older PHPUnit mocks
[Security] Do not mix usage of password_*() functions and sodium_*() ones
* 4.1:
Bump phpunit bridge cache id
[appveyor] fix create-project phpunit
Fix HttpKernel Debug requirement
Fix heredoc
use final annotation to allow mocking the class
synchronise the form builder docblock
Grammar fix in exception message
fix tests
forward the parse error to the calling code
[Debug][DebugClassLoader] Match more cases for final, deprecated and internal classes / methods extends
ensure compatibility with older PHPUnit mocks
[Security] Do not mix usage of password_*() functions and sodium_*() ones
* 3.4:
Bump phpunit bridge cache id
[appveyor] fix create-project phpunit
Fix HttpKernel Debug requirement
Fix heredoc
use final annotation to allow mocking the class
synchronise the form builder docblock
Grammar fix in exception message
fix tests
forward the parse error to the calling code
[Debug][DebugClassLoader] Match more cases for final, deprecated and internal classes / methods extends
ensure compatibility with older PHPUnit mocks
[Security] Do not mix usage of password_*() functions and sodium_*() ones
This PR was merged into the 3.4 branch.
Discussion
----------
[Security] Do not mix password_*() API with libsodium one
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | n/a
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
Argon2IPasswordEncoder uses native `password_hash()` and `password_verify()` functions if the current PHP installation embeds Argon2 support (>=7.2, compiled `--with-password-argon2`).
Otherwise, it fallbacks to the libsodium extension.
This was fine at time the encoder was introduced, but meanwhile libsodium changed the algorithm used by `sodium_crypto_pwhash_str()` which is now argon2id, that goes outside of the scope of the encoder which was designed to deal with `argon2i` only.
Nothing we can do as databases may already contain passwords hashed with argon2id, the encoder must keep validating those.
However, the PHP installation may change as time goes by, and could suddenly embed the Argon2 core integration. In this case, the encoder would use the `password_verify()` function which would fail in case the password was not hashed using argon2i.
This PR prevents it by detecting that argon2id was used, avoiding usage of `password_verify()`.
See https://github.com/jedisct1/libsodium-php/issues/194 and https://github.com/symfony/symfony/issues/28093 for references.
Patch cannot be tested as it is platform dependent.
Side note: I'm currently working on a new implementation for 4.3 that will properly supports argon2id (which has been added to the PHP core sodium integration in 7.3) and argon2i, distinctively.
Commits
-------
d6cfde94b4 [Security] Do not mix usage of password_*() functions and sodium_*() ones
* 3.4:
fixed CS
fixed short array CS in comments
fixed CS in ExpressionLanguage fixtures
fixed CS in generated files
fixed CS on generated container files
fixed CS on Form PHP templates
fixed CS on YAML fixtures
fixed fixtures
switched array() to []
* 4.2:
update years in license files
Fix: Adjust DocBlock
\"ParserTest->getParserTestData()\" -> only some more tests
access the container getting it from the kernel
Replace slave and master by replica and primary
Fix erasing cookies issue
[Lock] Pedantic improvements for lock
[EventDispatcher] Fixed phpdoc on interface
update year in license files
[VarExporter] fix exporting array indexes
[SecurityBundle] Fix traceable voters
[Console] Fix help text for single command applications
Fix random test failure on lock
improve error message when using test client without the BrowserKit component
Fixed minor typos in an error message
[Event Dispatcher] fixed 29703: TraceableEventDispatcher reset now sets callStack to null with test to dispatch after reset.
Fixed minor typos
Fix: Method can also return null
[Stopwatch] Fixed phpdoc for category name
* 4.1:
Fix: Adjust DocBlock
\"ParserTest->getParserTestData()\" -> only some more tests
access the container getting it from the kernel
[Lock] Pedantic improvements for lock
[EventDispatcher] Fixed phpdoc on interface
update year in license files
[Console] Fix help text for single command applications
Fix random test failure on lock
improve error message when using test client without the BrowserKit component
[Event Dispatcher] fixed 29703: TraceableEventDispatcher reset now sets callStack to null with test to dispatch after reset.
Fixed minor typos
Fix: Method can also return null
[Stopwatch] Fixed phpdoc for category name
* 3.4:
Fix: Adjust DocBlock
\"ParserTest->getParserTestData()\" -> only some more tests
[Lock] Pedantic improvements for lock
[EventDispatcher] Fixed phpdoc on interface
update year in license files
[Console] Fix help text for single command applications
Fix random test failure on lock
improve error message when using test client without the BrowserKit component
[Event Dispatcher] fixed 29703: TraceableEventDispatcher reset now sets callStack to null with test to dispatch after reset.
Fixed minor typos
Fix: Method can also return null
[Stopwatch] Fixed phpdoc for category name
* 4.2:
[Twig] Remove spaces to fix whitespace in tags
[Twig] Replace for-loops with blocks for attributes
fixed CS
[Tests] Change to willThrowException
[Console] fix PHPDoc in Command
Update FileLoaderLoadException.php
Fix wrong calls to clearstatcache
Add Vietnamese translation for validators
Allow running PHPUnit with "xdebug.scream" ON
[VarDumper] Add descriptors tests
[Cache] fix bad optim
[Yaml] detect circular references
[DI] fix reporting bindings on overriden services as unused
[Routing] minor fix or previous PR
* 4.2:
[Routing] fix trailing slash redirections involving a trailing var
[EventDispatcher] Revers event tracing order
[Security] Prefer clone over unserialize(serialize()) for user refreshment
[Console] OutputFormatter: move strtolower to createStyleFromString
Adjust tests to work in the armhf architecture. Fixes#29281.
Vietnamese translations improvement
[Form] Fixed FormErrorIterator class phpdoc
Renamed test controller from Controller to TestController so it doesn't show up in the IDE autocomplete.
Don't use he in docs when its not needed
EventSubscriberInterface isn't a man
Fix undefined variable in cache ArrayTrait
fixed public directory of web server and assets install when configured in composer.json
* 4.1:
[Routing] fix trailing slash redirections involving a trailing var
[EventDispatcher] Revers event tracing order
[Security] Prefer clone over unserialize(serialize()) for user refreshment
[Console] OutputFormatter: move strtolower to createStyleFromString
Adjust tests to work in the armhf architecture. Fixes#29281.
Vietnamese translations improvement
[Form] Fixed FormErrorIterator class phpdoc
Renamed test controller from Controller to TestController so it doesn't show up in the IDE autocomplete.
Don't use he in docs when its not needed
EventSubscriberInterface isn't a man
fixed public directory of web server and assets install when configured in composer.json
* 3.4:
[EventDispatcher] Revers event tracing order
[Security] Prefer clone over unserialize(serialize()) for user refreshment
[Console] OutputFormatter: move strtolower to createStyleFromString
Adjust tests to work in the armhf architecture. Fixes#29281.
Vietnamese translations improvement
[Form] Fixed FormErrorIterator class phpdoc
Renamed test controller from Controller to TestController so it doesn't show up in the IDE autocomplete.
Don't use he in docs when its not needed
EventSubscriberInterface isn't a man
fixed public directory of web server and assets install when configured in composer.json
* 4.2: (27 commits)
[VarExporter] dont call userland code with uninitialized objects
Fix typos in doc blocks
[Debug] ignore underscore vs backslash namespaces in DebugClassLoader
[TwigBridge][Form] Prevent multiple rendering of form collection prototypes
[FrameworkBundle] fix describing routes with no controllers
[DI] move RegisterServiceSubscribersPass before DecoratorServicePass
Update ValidationListener.php
[Yaml] ensures that the mb_internal_encoding is reset to its initial value
[Messenger] Restore message handlers laziness
[WebLink] Fixed documentation link
[Security] getTargetPath of TargetPathTrait must return string or null
[Hackday][Serializer] Deserialization ignores argument type hint from phpdoc for array in constructor argument
Optimize perf by replacing call_user_func with dynamic vars
[Cache] Fix dsn parsing
[Routing] fix dumping same-path routes with placeholders
[WebProfilerBundle][TwigBundle] CSS fixes
Add a docblock for FormFactoryInterface
[Security] defer log message in guard authenticator
[Validator] Added IBAN format for Vatican City State
merge conflicts
...
* 4.1:
Fix typos in doc blocks
[Debug] ignore underscore vs backslash namespaces in DebugClassLoader
[TwigBridge][Form] Prevent multiple rendering of form collection prototypes
[FrameworkBundle] fix describing routes with no controllers
[DI] move RegisterServiceSubscribersPass before DecoratorServicePass
Update ValidationListener.php
[Yaml] ensures that the mb_internal_encoding is reset to its initial value
[WebLink] Fixed documentation link
[Security] getTargetPath of TargetPathTrait must return string or null
[Hackday][Serializer] Deserialization ignores argument type hint from phpdoc for array in constructor argument
Optimize perf by replacing call_user_func with dynamic vars
[Routing] fix dumping same-path routes with placeholders
[Security] defer log message in guard authenticator
[Validator] Added IBAN format for Vatican City State
merge conflicts
filter out invalid Intl values
filter out invalid language values
[Validator] Fixed grouped composite constraints
[Form] Filter arrays out of scalar form types
Fix HeaderBag::get phpdoc
* 3.4:
[Debug] ignore underscore vs backslash namespaces in DebugClassLoader
[TwigBridge][Form] Prevent multiple rendering of form collection prototypes
[FrameworkBundle] fix describing routes with no controllers
[DI] move RegisterServiceSubscribersPass before DecoratorServicePass
Update ValidationListener.php
[Yaml] ensures that the mb_internal_encoding is reset to its initial value
[WebLink] Fixed documentation link
[Security] getTargetPath of TargetPathTrait must return string or null
[Hackday][Serializer] Deserialization ignores argument type hint from phpdoc for array in constructor argument
[Security] defer log message in guard authenticator
merge conflicts
Fix HeaderBag::get phpdoc
This PR was squashed before being merged into the 3.4 branch (closes#29408).
Discussion
----------
[Security] getTargetPath of TargetPathTrait must return string or null
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes (possible bug)
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| License | MIT
Since the return type is string the default return value must be also string.
Commits
-------
8d4b787dd9 [Security] getTargetPath of TargetPathTrait must return string or null
* 4.2:
[Security\Http] detect bad redirect targets using backslashes
[Form] Filter file uploads out of regular form types
Fix CI
minor #28258 [travis] fix composer.lock invalidation for deps=low (nicolas-grekas)
[travis] fix composer.lock invalidation for PRs patching several components
[travis] fix composer.lock invalidation for deps=low
minor #28199 [travis][appveyor] use symfony/flex to accelerate builds (nicolas-grekas)
[travis] ignore ordering when validating composer.lock files for deps=low
minor #28146 [travis] cache composer.lock files for deps=low (nicolas-grekas)
fix ci
[travis] fix requiring mongodb/mongodb before composer up
minor #28114 [travis] merge "same Symfony version" jobs in one (nicolas-grekas)
[2.7] Make CI green
updated VERSION for 2.7.49
updated CHANGELOG for 2.7.49
[HttpKernel] fix trusted headers management in HttpCache and InlineFragmentRenderer
[HttpFoundation] Remove support for legacy and risky HTTP headers
updated VERSION for 2.7.48
update CONTRIBUTORS for 2.7.48
updated CHANGELOG for 2.7.48
* 4.1:
[Security\Http] detect bad redirect targets using backslashes
[Form] Filter file uploads out of regular form types
Fix CI
minor #28258 [travis] fix composer.lock invalidation for deps=low (nicolas-grekas)
[travis] fix composer.lock invalidation for PRs patching several components
[travis] fix composer.lock invalidation for deps=low
minor #28199 [travis][appveyor] use symfony/flex to accelerate builds (nicolas-grekas)
[travis] ignore ordering when validating composer.lock files for deps=low
minor #28146 [travis] cache composer.lock files for deps=low (nicolas-grekas)
fix ci
[travis] fix requiring mongodb/mongodb before composer up
minor #28114 [travis] merge "same Symfony version" jobs in one (nicolas-grekas)
[2.7] Make CI green
updated VERSION for 2.7.49
updated CHANGELOG for 2.7.49
[HttpKernel] fix trusted headers management in HttpCache and InlineFragmentRenderer
[HttpFoundation] Remove support for legacy and risky HTTP headers
updated VERSION for 2.7.48
update CONTRIBUTORS for 2.7.48
updated CHANGELOG for 2.7.48
* 3.4:
[Security\Http] detect bad redirect targets using backslashes
[Form] Filter file uploads out of regular form types
Fix CI
minor #28258 [travis] fix composer.lock invalidation for deps=low (nicolas-grekas)
[travis] fix composer.lock invalidation for PRs patching several components
[travis] fix composer.lock invalidation for deps=low
minor #28199 [travis][appveyor] use symfony/flex to accelerate builds (nicolas-grekas)
[travis] ignore ordering when validating composer.lock files for deps=low
minor #28146 [travis] cache composer.lock files for deps=low (nicolas-grekas)
fix ci
[travis] fix requiring mongodb/mongodb before composer up
minor #28114 [travis] merge "same Symfony version" jobs in one (nicolas-grekas)
[2.7] Make CI green
updated VERSION for 2.7.49
updated CHANGELOG for 2.7.49
[HttpKernel] fix trusted headers management in HttpCache and InlineFragmentRenderer
[HttpFoundation] Remove support for legacy and risky HTTP headers
updated VERSION for 2.7.48
update CONTRIBUTORS for 2.7.48
updated CHANGELOG for 2.7.48
* 2.8:
[Security\Http] detect bad redirect targets using backslashes
[Form] Filter file uploads out of regular form types
Fix CI
minor #28258 [travis] fix composer.lock invalidation for deps=low (nicolas-grekas)
[travis] fix composer.lock invalidation for PRs patching several components
[travis] fix composer.lock invalidation for deps=low
minor #28199 [travis][appveyor] use symfony/flex to accelerate builds (nicolas-grekas)
[travis] ignore ordering when validating composer.lock files for deps=low
minor #28146 [travis] cache composer.lock files for deps=low (nicolas-grekas)
fix ci
[travis] fix requiring mongodb/mongodb before composer up
minor #28114 [travis] merge "same Symfony version" jobs in one (nicolas-grekas)
[2.7] Make CI green
updated VERSION for 2.7.49
updated CHANGELOG for 2.7.49
[HttpKernel] fix trusted headers management in HttpCache and InlineFragmentRenderer
[HttpFoundation] Remove support for legacy and risky HTTP headers
updated VERSION for 2.7.48
update CONTRIBUTORS for 2.7.48
updated CHANGELOG for 2.7.48
* 2.7:
[Security\Http] detect bad redirect targets using backslashes
[Form] Filter file uploads out of regular form types
Fix CI
minor #28258 [travis] fix composer.lock invalidation for deps=low (nicolas-grekas)
[travis] fix composer.lock invalidation for PRs patching several components
[travis] fix composer.lock invalidation for deps=low
minor #28199 [travis][appveyor] use symfony/flex to accelerate builds (nicolas-grekas)
[travis] ignore ordering when validating composer.lock files for deps=low
minor #28146 [travis] cache composer.lock files for deps=low (nicolas-grekas)
fix ci
[travis] fix requiring mongodb/mongodb before composer up
minor #28114 [travis] merge "same Symfony version" jobs in one (nicolas-grekas)
[2.7] Make CI green
updated VERSION for 2.7.49
updated CHANGELOG for 2.7.49
[HttpKernel] fix trusted headers management in HttpCache and InlineFragmentRenderer
[HttpFoundation] Remove support for legacy and risky HTTP headers
updated VERSION for 2.7.48
update CONTRIBUTORS for 2.7.48
updated CHANGELOG for 2.7.48
* 4.1:
[Form] Hardened test suite for empty data
Bump phpunit XSD version to 5.2
[Fwb][EventDispatcher][HttpKernel] Fix getClosureScopeClass usage to describe callables
Add required key attribute
* 3.4:
[Form] Hardened test suite for empty data
Bump phpunit XSD version to 5.2
[Fwb][EventDispatcher][HttpKernel] Fix getClosureScopeClass usage to describe callables
Add required key attribute
Some attributes being used in the phpunit configuration files, namely
failOnRisky and failOnWarning were introduced in phpunit 5.2.0. The
Composer configuration shows that tests should run with old versions of
phpunit, but phpunit only validates the configuration against the XSD
since phpunit 7.2.0.
These changes can be tested as follows:
wget http://schema.phpunit.de/5.2/phpunit.xsd
xargs xmllint --schema phpunit.xsd 1>/dev/null
find src -name phpunit.xml.dist| xargs xmllint --schema phpunit.xsd 1>/dev/null
See 7e06a82806
See 46e3745a03/composer.json (L98)
* 4.1:
SCA: removed unused variables
Remove duplicate condition
fix useless space in docblock
remove unneeded tearDown method
[Intl] Update the ICU data to 63.1
[FrameworkBundle] Fix broken exception message
[Messenger] send using the routing_key for AMQP transport
also clean away the NO_AUTO_CACHE_CONTROL_HEADER if we have no session
[TwigBundle] Fix usage of TwigBundle without FrameworkBundle
Revert "fixed CS"
[Serializer] Reduce class discriminator overhead
Skip empty proxy code
[Security] Fix "exclude-from-classmap"
[Security] Removed unsed trait import
[Config] Fix @method annotation
add missing double-quotes to extra_fields output message
[DI] Default undefined env to empty string during compile
Convert InsufficientAuthenticationException to HttpException
The "/Tests/" directory doesn't exist in the Security Component, tests are located within the Security components folders and none of the tests were being excluded in an --classmap-authoritative dump of the autoload.
* 4.1: (27 commits)
Added the Code of Conduct file
do not override custom access decision configs
[Security] Do not deauthenticate user when the first refreshed user has changed
fix a return type hint
invalidate stale commits for PRs too
add missing cache prefix seed attribute to XSD
fix command description
Fix class documentation
[Validator] Add a missing translation
[FrameworkBundle] Fix 3.4 tests
[DI] fix dumping inline services again
Rename consumer to receiver
Register messenger before the profiler
Fix phpdocs
[EventDispatcher] Remove template method in test case
Added LB translation for #27993 (UUID validator message translation)
Replace deprecated validateValue with validate
[FWBundle] Automatically enable PropertyInfo when using Flex
[Process] fix locking of pipe files on Windows
Correct PHPDoc type for float ttl
...
* 3.4: (21 commits)
Added the Code of Conduct file
do not override custom access decision configs
[Security] Do not deauthenticate user when the first refreshed user has changed
invalidate stale commits for PRs too
add missing cache prefix seed attribute to XSD
fix command description
Fix class documentation
[Validator] Add a missing translation
[FrameworkBundle] Fix 3.4 tests
[DI] fix dumping inline services again
Fix phpdocs
[EventDispatcher] Remove template method in test case
Added LB translation for #27993 (UUID validator message translation)
Replace deprecated validateValue with validate
[FWBundle] Automatically enable PropertyInfo when using Flex
[Process] fix locking of pipe files on Windows
Correct PHPDoc type for float ttl
bumped Symfony version to 3.4.18
updated VERSION for 3.4.17
updated CHANGELOG for 3.4.17
...
This PR was squashed before being merged into the 3.4 branch (closes#28072).
Discussion
----------
[Security] Do not deauthenticate user when the first refreshed user has changed
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
Currently the token is deauthenticated when the first refreshed user has changed. In theory, a second user provider could find a user that is the same than the user stored in the token.
Also, the deauthentication is currently affected by the order of the user providers in the security.yaml and IMHO it does not make sense.
Commits
-------
95dce67 [Security] Do not deauthenticate user when the first refreshed user has changed
* 4.1: (21 commits)
[php_cs] disable fopen_flags
[DI] fix error in dumped container
[CS] Remove unused variables passed to closures
[DI] fix dumping setters before their inlined instances
[CS] Remove empty comment
[CS] Enforces null type hint on last position in phpDocs
[CS] Use combined assignment operators when possible
Fix a typo in error messages
Don't return early as this bypasses the auto exit feature
[Console] Add missing null to input values allowed types
[PHPUnitBridge] Fix microtime() format
bumped Symfony version to 4.1.6
updated VERSION for 4.1.5
updated CHANGELOG for 4.1.5
bumped Symfony version to 3.4.17
updated VERSION for 3.4.16
updated CHANGELOG for 3.4.16
bumped Symfony version to 2.8.47
update CONTRIBUTORS for 2.8.46
updated VERSION for 2.8.46
...
* 3.4:
[php_cs] disable fopen_flags
[DI] fix error in dumped container
[CS] Remove unused variables passed to closures
[DI] fix dumping setters before their inlined instances
[CS] Remove empty comment
[CS] Enforces null type hint on last position in phpDocs
[CS] Use combined assignment operators when possible
Fix a typo in error messages
Don't return early as this bypasses the auto exit feature
[Console] Add missing null to input values allowed types
[PHPUnitBridge] Fix microtime() format
bumped Symfony version to 3.4.17
updated VERSION for 3.4.16
updated CHANGELOG for 3.4.16
bumped Symfony version to 2.8.47
update CONTRIBUTORS for 2.8.46
updated VERSION for 2.8.46
updated CHANGELOG for 2.8.46
* 2.8:
[php_cs] disable fopen_flags
[CS] Remove unused variables passed to closures
[CS] Remove empty comment
[CS] Enforces null type hint on last position in phpDocs
[CS] Use combined assignment operators when possible
Fix a typo in error messages
[Console] Add missing null to input values allowed types
[PHPUnitBridge] Fix microtime() format
bumped Symfony version to 2.8.47
update CONTRIBUTORS for 2.8.46
updated VERSION for 2.8.46
updated CHANGELOG for 2.8.46
* 4.1:
[Console] simplified code
removed useless phpdoc
improve docblocks around group sequences
[Cache] prevent getting older entries when the version key is evicted
[WebProfilerBundle] added a note in the README
[Yaml] Skip parser test with root user
[Filesystem] Skip tests on readable file when run with root user
[FWBundle] Fix an error in WebTestCase::createClient's PHPDoc
[HttpFoundation][Security] forward locale and format to subrequests
[Console] Send the right exit code to console.terminate listeners
[HttpFoundation] fix hidding warnings from session handlers
Caching missed templates on cache warmup
* 3.4:
[Console] simplified code
removed useless phpdoc
improve docblocks around group sequences
[Cache] prevent getting older entries when the version key is evicted
[WebProfilerBundle] added a note in the README
[Yaml] Skip parser test with root user
[Filesystem] Skip tests on readable file when run with root user
[FWBundle] Fix an error in WebTestCase::createClient's PHPDoc
[HttpFoundation][Security] forward locale and format to subrequests
[Console] Send the right exit code to console.terminate listeners
[HttpFoundation] fix hidding warnings from session handlers
Caching missed templates on cache warmup
* 2.8:
improve docblocks around group sequences
[WebProfilerBundle] added a note in the README
[Filesystem] Skip tests on readable file when run with root user
[FWBundle] Fix an error in WebTestCase::createClient's PHPDoc
[HttpFoundation][Security] forward locale and format to subrequests
[Console] Send the right exit code to console.terminate listeners
Caching missed templates on cache warmup
This PR was merged into the 4.2-dev branch.
Discussion
----------
[HttpFoundation] make cookies auto-secure when passing them $secure=null + plan to make it and samesite=lax the defaults in 5.0
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | yes
| Tests pass? | yes
| Fixed tickets | #26731
| License | MIT
| Doc PR | -
By creating Cookie instances using `null` for the `$secure` argument, this PR allows making cookies inherit their "secure" attribute from the request.
This PR also adds a forward to make $secure=null and samesite=lax the defaults in Symfony 5.0:
- either define all constructor's arguments explicitly
- or use the new `Cookie::create()` factory
Commits
-------
9493cfd5f2 [HttpFoundation] make cookies auto-secure when passing them $secure=null + plan to make it and samesite=lax the defaults in 5.0
* 4.1:
[DI] configure inlined services before injecting them when dumping the container
Consistently throw exceptions on a single line
fix fopen calls
Update .editorconfig
* 3.4:
[DI] configure inlined services before injecting them when dumping the container
Consistently throw exceptions on a single line
fix fopen calls
Update .editorconfig
This PR was merged into the 4.2-dev branch.
Discussion
----------
Mark ExceptionInterfaces throwable #2
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
This has been reverted in beta of 4.1 because of lack of support in prophecy, which has been fixed since then (incl. release). Can be merged again.
References:
https://github.com/symfony/symfony/pull/26702https://github.com/symfony/symfony/pull/27420https://github.com/symfony/symfony/issues/27419https://github.com/phpspec/prophecy/pull/412
ping @dunglas @ciaranmcnulty @dkarlovi @Wirone @teohhanhui @stof @nicolas-grekas @ondrejmirtes
Commits
-------
17c3675226 Mark ExceptionInterfaces throwable
* 4.1:
Use the real image URL for the filesystem tests
[Finder] Update PHPdoc append()
[DI] Fix phpdoc
Fix code examples in PHPDoc
[HttpKernel] Fix inheritdocs
bumped Symfony version to 3.4.16
updated VERSION for 3.4.15
updated CHANGELOG for 3.4.15
* 3.4:
Use the real image URL for the filesystem tests
[Finder] Update PHPdoc append()
[DI] Fix phpdoc
Fix code examples in PHPDoc
[HttpKernel] Fix inheritdocs
bumped Symfony version to 3.4.16
updated VERSION for 3.4.15
updated CHANGELOG for 3.4.15
* 2.8:
Use the real image URL for the filesystem tests
[Finder] Update PHPdoc append()
[DI] Fix phpdoc
Fix code examples in PHPDoc
[HttpKernel] Fix inheritdocs
* 4.1:
fix merge
[travis][appveyor] use symfony/flex to accelerate builds
Add missing stderr redirection
clean up unused code
Remove the HTML5 validation from the profiler URL search form
[Filesystem] Add test to prevent regression when using array|resource with dumpFile
Add help texts for checkboxes in horizontal bootstrap 4 forms
[Security] Call AccessListener after LogoutListener
* 3.4:
[travis][appveyor] use symfony/flex to accelerate builds
Add missing stderr redirection
clean up unused code
[Filesystem] Add test to prevent regression when using array|resource with dumpFile
[Security] Call AccessListener after LogoutListener
* 4.1:
Fix Clidumper tests
Enable the fixer enforcing fully-qualified calls for compiler-optimized functions
Apply fixers
Disable the native_constant_invocation fixer until it can be scoped
Update the list of excluded files for the CS fixer
* 4.0:
Fix Clidumper tests
Enable the fixer enforcing fully-qualified calls for compiler-optimized functions
Apply fixers
Disable the native_constant_invocation fixer until it can be scoped
Update the list of excluded files for the CS fixer
* 3.4:
Fix Clidumper tests
Enable the fixer enforcing fully-qualified calls for compiler-optimized functions
Apply fixers
Disable the native_constant_invocation fixer until it can be scoped
Update the list of excluded files for the CS fixer
* 2.8:
Fix Clidumper tests
Enable the fixer enforcing fully-qualified calls for compiler-optimized functions
Apply fixers
Disable the native_constant_invocation fixer until it can be scoped
Update the list of excluded files for the CS fixer
This PR was squashed before being merged into the 4.2-dev branch (closes#27943).
Discussion
----------
[Security] Deprecate returning stringish objects from Security::getUser
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | yes-ish
| New feature? | no
| BC breaks? | no
| Deprecations? | yes
| Tests pass? | yes <!-- please add some, will be required by reviewers -->
| Fixed tickets | #... <!-- #-prefixed issue number(s), if any -->
| License | MIT
| Doc PR | symfony/symfony-docs#... <!-- required for new features -->
`$user` can also be an object implementing `__ toString`. Here we want only true user objects...
Commits
-------
8c410da7e7 [Security] Deprecate returning stringish objects from Security::getUser
* 4.1:
fixed typo
[FrameworkBundle] fixed brackets position in method calls
Add placeholder support in bootstrap 4 file fields
[Form] Improve rendering of `file` field in bootstrap 4
[Form] Fix PHPDoc for FormConfigBuilder $dataClass argument
[Security] Update user phpdoc on tokens
[WebProfilerBundle] Fixed icon alignment issue using Bootstrap 4.1.2
suppress side effects in 'get' or 'has' methods of NamespacedAttributeBag
[HttpFoundation] reset callback on StreamedResponse when setNotModified() is called
[HttpFoundation] Fixed phpdoc for get method of HeaderBag
fix typo in ContainerBuilder docblock
[Form/Profiler] Massively reducing memory footprint of form profiling pages by removing redundant 'form' variable from view variables.
[Console] correctly return parameter's default value on "--"
[DependencyInjection] add missing test for #27710
[EventDispatcher] Clear orphaned events on TraceableEventDispatcher::reset
Fix serialization of abstract items with groups across multiple entities
* 4.0:
fixed typo
[FrameworkBundle] fixed brackets position in method calls
[Form] Fix PHPDoc for FormConfigBuilder $dataClass argument
[Security] Update user phpdoc on tokens
[WebProfilerBundle] Fixed icon alignment issue using Bootstrap 4.1.2
suppress side effects in 'get' or 'has' methods of NamespacedAttributeBag
[HttpFoundation] reset callback on StreamedResponse when setNotModified() is called
[HttpFoundation] Fixed phpdoc for get method of HeaderBag
fix typo in ContainerBuilder docblock
[Form/Profiler] Massively reducing memory footprint of form profiling pages by removing redundant 'form' variable from view variables.
[Console] correctly return parameter's default value on "--"
* 3.4:
[FrameworkBundle] fixed brackets position in method calls
[Form] Fix PHPDoc for FormConfigBuilder $dataClass argument
[Security] Update user phpdoc on tokens
[WebProfilerBundle] Fixed icon alignment issue using Bootstrap 4.1.2
suppress side effects in 'get' or 'has' methods of NamespacedAttributeBag
[HttpFoundation] reset callback on StreamedResponse when setNotModified() is called
[HttpFoundation] Fixed phpdoc for get method of HeaderBag
fix typo in ContainerBuilder docblock
[Form/Profiler] Massively reducing memory footprint of form profiling pages by removing redundant 'form' variable from view variables.
[Console] correctly return parameter's default value on "--"
* 2.8:
[Form] Fix PHPDoc for FormConfigBuilder $dataClass argument
[Security] Update user phpdoc on tokens
[WebProfilerBundle] Fixed icon alignment issue using Bootstrap 4.1.2
suppress side effects in 'get' or 'has' methods of NamespacedAttributeBag
[HttpFoundation] reset callback on StreamedResponse when setNotModified() is called
[HttpFoundation] Fixed phpdoc for get method of HeaderBag
fix typo in ContainerBuilder docblock
This PR was merged into the 4.2-dev branch.
Discussion
----------
Add symfony/contracts: a set of abstractions extracted out of the Symfony components
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| BC breaks? | -
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
A set of abstractions extracted out of the Symfony components.
This is a topic I've been thinking about for a long time. I feel like the time has come for Symfony to publish some abstractions so that people could build on them in a decoupled way.
I've identified interfaces in some components that would greatly benefit from being moved out from the components where they are for now. E.g. #26929 is something that has a broader scope than the Cache component itself.
By putting them in a new `symfony/abstractions` package, we would allow more innovation in the Symfony community, at the abstraction level.
In order to start small, I propose only one interface that gathers a concept that is shared amongst many components already: `ResetInterface`. It would provide a standard `reset()` method, whose purpose is to set an object back to its initial state, allowing it to be reused many times with no side effects/leaks related to its history. By this definition, it could also be autoconfigured (as done here, see update in FrameworkExtension). See wording in the docblock in the attached source code.
Ideally, I'd like this package to provide not only interfaces, by also generic traits, and reference test suites when possible. We could work on adding more abstractions during the 4.2 cycle. WDYT?
## Here is the attached README:
A set of abstractions extracted out of the Symfony components.
Can be used to build on semantics that the Symfony components proved useful - and
that already have battle tested implementations.
Design Principles
-----------------
* contracts are split by domain, each into their own sub-namespaces;
* contracts are small and consistent sets of PHP interfaces, traits, normative
docblocks and reference test suites when applicable, etc.;
* all contracts must have a proven implementation to enter this repository;
* they must be backward compatible with existing Symfony components.
FAQ
---
### How to use this package?
The abstractions in this package are useful to achieve loose coupling and
interoperability. By using the provided interfaces as type hints, you are able
to reuse any implementations that match their contracts. It could be a Symfony
component, or another one provided by the PHP community at large.
Depending on their semantics, some interfaces can be combined with autowiring to
seamlessly inject a service in your classes.
Others might be useful as labeling interfaces, to hint about a specific behavior
that could be enabled when using autoconfiguration or manual service tagging (or
any other means provided by your framework.)
### How is this different from PHP-FIG's PSRs?
When applicable, the provided contracts are built on top of PHP-FIG's PSR. We
encourage relying on them and won't duplicate the effort. Still, the FIG has
different goals and different processes. Here, we don't need to seek universal
standards. Instead, we're providing abstractions that are compatible with the
implementations provided by Symfony. This should actually also contribute
positively to the PHP-FIG (from which Symfony is a member), by hinting the group
at some abstractions the PHP world might like to take inspiration from.
### Why isn't this package split into several packages?
Putting all interfaces in one package eases discoverability and dependency
management. Instead of dealing with a myriad of small packages and the
corresponding matrix of versions, you just need to deal with one package and one
version. Also when using IDE autocompletion or just reading the source code, it
makes it easier to figure out which contracts are provided.
There are two downsides to this approach: you may have unused files in your
`vendor/` directory, and in the future, it will be impossible to use two
different sub-namespaces in different major versions of the package. For the
"unused files" downside, it has no practical consequences: their file sizes are
very small, and there is no performance overhead at all since they are never
loaded. For major versions, this package follows the Symfony BC + deprecation
policies, with an additional restriction to never remove deprecated interfaces.
Resources
---------
* [Documentation](https://symfony.com/doc/current/components/contracts.html)
* [Contributing](https://symfony.com/doc/current/contributing/index.html)
* [Report issues](https://github.com/symfony/symfony/issues) and
[send Pull Requests](https://github.com/symfony/symfony/pulls)
in the [main Symfony repository](https://github.com/symfony/symfony)
Commits
-------
898203649f Added symfony/contracts: a set of abstractions extracted out of the components
* 4.1:
[DomCrawler] Fix ChoiceFormField::select() PHPDoc
[Security] LdapUserProvider uidKey could be null
[HttpFoundation] add tests for FlashBagInterface::setAll()
Check for Hyper terminal on all operating systems.
[DI] Don't show internal service id on binding errors
Fix a bug when having more than one named handler per message subscriber
Prevent toolbar links color override by css
add conflict for non-compatible TwigBridge version
* 4.0:
[DomCrawler] Fix ChoiceFormField::select() PHPDoc
[Security] LdapUserProvider uidKey could be null
[HttpFoundation] add tests for FlashBagInterface::setAll()
Check for Hyper terminal on all operating systems.
[DI] Don't show internal service id on binding errors
Prevent toolbar links color override by css
This PR was merged into the 4.2-dev branch.
Discussion
----------
[Security] Use AuthenticationTrustResolver in SimplePreAuthenticationListener
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes (minor)
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
Minor, but would be consistent with how `ContextListener` checks for anonymous tokens.
Commits
-------
27b89cb [Security] Use AuthenticationTrustResolver in SimplePreAuthenticationListener
* 4.1:
[minor] SCA
[Serializer] Minor tweaks for a67b650f12
allow_extra_attributes does not throw an exception as documented
[Cache] fix visibility of RedisTrait::init()
[Serializer] Updates DocBlock to a mixed param type
* 4.0:
[minor] SCA
[Serializer] Minor tweaks for a67b650f12
allow_extra_attributes does not throw an exception as documented
[Cache] fix visibility of RedisTrait::init()
[Serializer] Updates DocBlock to a mixed param type
This PR was merged into the 4.2-dev branch.
Discussion
----------
[DX] Log potential redirect loops caused by forced HTTPS
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #27603
| License | MIT
| Doc PR | n/a
If the developer forgets/fails to set "trusted_proxies" properly, forcing the
https channel can cause infinite redirect loops. This change will hopefully
help them identify the problem faster.
See https://github.com/symfony/symfony/issues/27603
Commits
-------
53048cec6d Log potential redirect loops caused by forced HTTPS
If the developer forgets/fails to set "trusted_proxies" properly, forcing the
https channel can cause infinite redirect loops. This change will hopefully
help them identify the problem faster.
See https://github.com/symfony/symfony/issues/27603
* 4.1:
remove HHVM code
[VarDumper] Fix dumping ArrayObject and ArrayIterator instances
[ProxyManagerBridge] Fixed support of private services
[Cache] Fix typo in comment.
[FrameworkBundle] give access to non-shared services when using test.service_container
Fix bad method call with guard authentication + session migration
Avoid calling eval when there is no script embedded in the toolbar
* 3.4:
[VarDumper] Fix dumping ArrayObject and ArrayIterator instances
[ProxyManagerBridge] Fixed support of private services
[Cache] Fix typo in comment.
Fix bad method call with guard authentication + session migration
* 4.1:
fixed CS
Avoiding session migration for stateless firewall UsernamePasswordJsonAuthenticationListener
fixed CS
Avoid migration on stateless firewalls
[Serializer] deserialize from xml: Fix a collection that contains the only one element
[HttpKernel] Log/Collect exceptions at prio 0
[PhpUnitBridge] Fix error on some Windows OS
[DI] Deduplicate generated proxy classes
[Routing] fix matching host patterns, utf8 prefixes and non-capturing groups
* 4.0:
fixed CS
Avoiding session migration for stateless firewall UsernamePasswordJsonAuthenticationListener
fixed CS
Avoid migration on stateless firewalls
[Serializer] deserialize from xml: Fix a collection that contains the only one element
[PhpUnitBridge] Fix error on some Windows OS
[DI] Deduplicate generated proxy classes
* 3.4:
fixed CS
Avoiding session migration for stateless firewall UsernamePasswordJsonAuthenticationListener
fixed CS
Avoid migration on stateless firewalls
[Serializer] deserialize from xml: Fix a collection that contains the only one element
[PhpUnitBridge] Fix error on some Windows OS
[DI] Deduplicate generated proxy classes
This PR was squashed before being merged into the 2.8 branch (closes#27452).
Discussion
----------
Avoid migration on stateless firewalls
| Q | A
| ------------- | ---
| Branch? | 2.8
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | Related to #27395
| License | MIT
| Doc PR | symfony/symfony-docs#9860
This is a proof-of-concept. Once we agree / are happy, I need to add this to all of the other authentication mechanisms that recently got the session migration code & add tests.
Basically, this avoids migrating the session if the firewall is stateless. There were 2 options to do this:
A) Make the `SessionAuthenticationStrategy` aware of all stateless firewalls. **This is the current approach**
or
B) Make each individual authentication listener aware whether or not *its* firewall is stateless.
Commits
-------
cca73bb564 Avoid migration on stateless firewalls
* 4.1:
[Cache][Security] Use Throwable where possible
revert #27545
Update Finder.php
[FrameworkBundle] remove dead code in CachePoolClearerPass
Fix security-core cross-dependencies, fixes#27507
Pass previous exception to FatalErrorException
* 4.0:
[Cache][Security] Use Throwable where possible
revert #27545
Update Finder.php
[FrameworkBundle] remove dead code in CachePoolClearerPass
Fix security-core cross-dependencies, fixes#27507
Pass previous exception to FatalErrorException
* 4.1:
[FrameworkBundle] Fix test-container on kernel reboot, revert to returning the real container from Client::getContainer()
Remove mentions of "beta" in composer.json files
[DI] Ignore missing tree root nodes on validate
[WebProfilerBundle] fixed getSession when no session has been set deprecation warnings
bug #27299 [Cache] memcache connect should not add duplicate entries on sequential calls
[Router] regression when matching a route
[FrameworkBundle][SecurityBundle] Remove no-longer necessary Bundle::registerCommands override
[Routing] Don't reorder past variable-length placeholders
[DebugBundle] DebugBundle::registerCommands should be noop
[BrowserKit] Fix a BC break in Client affecting Panthère
[DX] Improve exception message when AbstractController::getParameter fails
simple-phpunit: remove outdated appveryor workaround
* 4.1: (22 commits)
[HttpKernel] Fix restoring trusted proxies in tests
Update UPGRADE-4.0.md
[Messenger] Fix suggested enqueue adapter package
bumped Symfony version to 4.1.1
updated VERSION for 4.1.0
updated CHANGELOG for 4.1.0
Insert correct parameter_bag service in AbstractController
Revert "feature #26702 Mark ExceptionInterfaces throwable (ostrolucky)"
CODEOWNERS: some more rules
removed unneeded comments in tests
removed unneeded comments in tests
Change PHPDoc in ResponseHeaderBag::getCookies() to help IDEs
[HttpKernel] fix registering IDE links
update UPGRADE-4.1 for feature #26332 Form field help option
[HttpKernel] Set first trusted proxy as REMOTE_ADDR in InlineFragmentRenderer.
[Process] Consider \"executable\" suffixes first on Windows
Triggering RememberMe's loginFail() when token cannot be created
bumped Symfony version to 4.1.0
updated VERSION for 4.1.0-BETA3
updated CHANGELOG for 4.1.0-BETA3
...
* 4.0:
[HttpKernel] Fix restoring trusted proxies in tests
Update UPGRADE-4.0.md
CODEOWNERS: some more rules
removed unneeded comments in tests
removed unneeded comments in tests
Change PHPDoc in ResponseHeaderBag::getCookies() to help IDEs
[HttpKernel] fix registering IDE links
[HttpKernel] Set first trusted proxy as REMOTE_ADDR in InlineFragmentRenderer.
[Process] Consider \"executable\" suffixes first on Windows
Triggering RememberMe's loginFail() when token cannot be created
[Serializer] Fix serializer tries to denormalize null values on nullable properties
[FrameworkBundle] Change priority of AddConsoleCommandPass to TYPE_BEFORE_REMOVING
* 3.4:
[HttpKernel] Fix restoring trusted proxies in tests
Update UPGRADE-4.0.md
CODEOWNERS: some more rules
removed unneeded comments in tests
removed unneeded comments in tests
Change PHPDoc in ResponseHeaderBag::getCookies() to help IDEs
[HttpKernel] fix registering IDE links
[HttpKernel] Set first trusted proxy as REMOTE_ADDR in InlineFragmentRenderer.
[Process] Consider \"executable\" suffixes first on Windows
Triggering RememberMe's loginFail() when token cannot be created
[Serializer] Fix serializer tries to denormalize null values on nullable properties
[FrameworkBundle] Change priority of AddConsoleCommandPass to TYPE_BEFORE_REMOVING
* 2.8:
removed unneeded comments in tests
Change PHPDoc in ResponseHeaderBag::getCookies() to help IDEs
[HttpKernel] Set first trusted proxy as REMOTE_ADDR in InlineFragmentRenderer.
[Process] Consider \"executable\" suffixes first on Windows
Triggering RememberMe's loginFail() when token cannot be created
This PR was squashed before being merged into the 4.2-dev branch (closes#26981).
Discussion
----------
No more support for custom anon/remember tokens based on FQCN
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | yes
| Tests pass? | yes
| Fixed tickets | #26940
| License | MIT
| Doc PR | ~
This PR deprecates the ability to configure a custom anonymous and remember me token class, via the AuthenticationTrustResolver. The only change required _if_ you have changed the token classes like this, is to extend the Anonymous/RememberMe token classes.
Commits
-------
860d4549c2 No more support for custom anon/remember tokens based on FQCN
* 4.1: (26 commits)
Revert "bug #27312 Supress deprecation notices thrown when getting private servies from container in tests (arderyp)"
[HttpKernel] reset kernel start time on reboot
Add code of Conduct links in our README
bumped Symfony version to 4.0.12
[FrameworkBundle] Fix using test.service_container when Client is rebooted
[DI] never inline lazy services
updated VERSION for 4.0.11
updated CHANGELOG for 4.0.11
bumped Symfony version to 3.4.12
updated VERSION for 3.4.11
updated CHANGELOG for 3.4.11
Default testsuite to latest PHPUnit 6.*
[Github] Update the pull-request template
bumped Symfony version to 2.8.42
updated VERSION for 2.8.41
updated CHANGELOG for 2.8.41
Tweak Argon2 test config
[HttpFoundation] Fix cookie test with xdebug
[FrameworkBundle] cleanup generated test container
[Serializer] Check the value of enable_max_depth if defined
...
This PR was merged into the 4.2-dev branch.
Discussion
----------
[Security][SecurityBundle] FirewallMap/FirewallContext deprecations
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | yes/no <!-- don't forget to update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| Tests pass? | yes <!-- please add some, will be required by reviewers -->
| Fixed tickets | #... <!-- #-prefixed issue number(s), if any -->
| License | MIT
| Doc PR | symfony/symfony-docs#... <!-- required for new features -->
Next to #24805.
Commits
-------
a71ba78478 [Security][SecurityBundle] FirewallMap/FirewallContext deprecations
This PR was merged into the 4.1 branch.
Discussion
----------
[Security] Fix missing use in UserInterface
| Q | A
| ------------- | ---
| Branch? | 4.1
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| License | MIT
Fix missing `Role` use used in the `getRoles` return type.
Commits
-------
3e0a0f4cb5 Fix missing use in UserInterface
This PR was merged into the 4.1 branch.
Discussion
----------
Tweak Argon2 test config
| Q | A
| ------------- | ---
| Branch? | 4.1
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
Memory cost 8 seems to be lowest value accepted on my machine
```
Testing Symfony\Component\Security\Core\Tests\Encoder\Argon2iPasswordEncoderTest
E.... 5 / 5 (100%)
Time: 114 ms, Memory: 4.00MB
There was 1 error:
1) Symfony\Component\Security\Core\Tests\Encoder\Argon2iPasswordEncoderTest::testValidationWithConfig
password_hash(): Memory cost is outside of allowed memory range
/home/gadelat/PhpstormProjects/symfony/src/Symfony/Component/Security/Core/Encoder/Argon2iPasswordEncoder.php:105
/home/gadelat/PhpstormProjects/symfony/src/Symfony/Component/Security/Core/Encoder/Argon2iPasswordEncoder.php:67
/home/gadelat/PhpstormProjects/symfony/src/Symfony/Component/Security/Core/Tests/Encoder/Argon2iPasswordEncoderTest.php:34
```
Commits
-------
0e74f73af5 Tweak Argon2 test config
Memory cost 8 seems to be lowest value accepted on my machine
```
Testing Symfony\Component\Security\Core\Tests\Encoder\Argon2iPasswordEncoderTest
E.... 5 / 5 (100%)
Time: 114 ms, Memory: 4.00MB
There was 1 error:
1) Symfony\Component\Security\Core\Tests\Encoder\Argon2iPasswordEncoderTest::testValidationWithConfig
password_hash(): Memory cost is outside of allowed memory range
/home/gadelat/PhpstormProjects/symfony/src/Symfony/Component/Security/Core/Encoder/Argon2iPasswordEncoder.php:105
/home/gadelat/PhpstormProjects/symfony/src/Symfony/Component/Security/Core/Encoder/Argon2iPasswordEncoder.php:67
/home/gadelat/PhpstormProjects/symfony/src/Symfony/Component/Security/Core/Tests/Encoder/Argon2iPasswordEncoderTest.php:34
```
* 4.1:
migrating session for UsernamePasswordJsonAuthenticationListener
migrating session for UsernamePasswordJsonAuthenticationListener
Adding session authentication strategy to Guard to avoid session fixation
Adding session strategy to ALL listeners to avoid *any* possible fixation
[HttpFoundation] Break infinite loop in PdoSessionHandler when MySQL is in loose mode
* 3.4:
migrating session for UsernamePasswordJsonAuthenticationListener
Adding session authentication strategy to Guard to avoid session fixation
Adding session strategy to ALL listeners to avoid *any* possible fixation
[HttpFoundation] Break infinite loop in PdoSessionHandler when MySQL is in loose mode
* 2.8:
Adding session authentication strategy to Guard to avoid session fixation
Adding session strategy to ALL listeners to avoid *any* possible fixation
[HttpFoundation] Break infinite loop in PdoSessionHandler when MySQL is in loose mode
* 4.0:
migrating session for UsernamePasswordJsonAuthenticationListener
Adding session authentication strategy to Guard to avoid session fixation
Adding session strategy to ALL listeners to avoid *any* possible fixation
* 3.4:
migrating session for UsernamePasswordJsonAuthenticationListener
Adding session authentication strategy to Guard to avoid session fixation
Adding session strategy to ALL listeners to avoid *any* possible fixation
* 2.8:
Adding session authentication strategy to Guard to avoid session fixation
Adding session strategy to ALL listeners to avoid *any* possible fixation
* 4.1:
Supress deprecation notices thrown when getting private servies from container in tests
Uses `protected` for test functions
[Messenger] Allow to scope handlers per bus
do not mock the session in token storage tests
[DependencyInjection] resolve array env vars
Add Occitan plural rule
Fix security/* cross-dependencies
[Messenger] implement several senders using a ChainSender
[Lock] Skip test if posix extension is not installed
fix bug when imported routes are prefixed
[DI] Allow defining bindings on ChildDefinition
use strict compare in url validator
Disallow illegal characters like "." in session.name
[HttpKernel] do file_exists() check instead of silent notice
Select alternatives on missing receiver arg or typo
fix rounding from string
* 4.0:
do not mock the session in token storage tests
[DependencyInjection] resolve array env vars
Add Occitan plural rule
Fix security/* cross-dependencies
[Lock] Skip test if posix extension is not installed
[DI] Allow defining bindings on ChildDefinition
use strict compare in url validator
Disallow illegal characters like "." in session.name
[HttpKernel] do file_exists() check instead of silent notice
fix rounding from string
* 3.4:
do not mock the session in token storage tests
[DependencyInjection] resolve array env vars
Add Occitan plural rule
Fix security/* cross-dependencies
[Lock] Skip test if posix extension is not installed
[DI] Allow defining bindings on ChildDefinition
use strict compare in url validator
Disallow illegal characters like "." in session.name
[HttpKernel] do file_exists() check instead of silent notice
fix rounding from string
* 2.8:
do not mock the session in token storage tests
Add Occitan plural rule
Fix security/* cross-dependencies
Disallow illegal characters like "." in session.name
fix rounding from string
* 2.7:
do not mock the session in token storage tests
Add Occitan plural rule
Disallow illegal characters like "." in session.name
fix rounding from string
This PR was merged into the 3.4 branch.
Discussion
----------
[HttpKernel] Fix dealing with self/parent in ArgumentMetadataFactory
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
Applies CS fixes that where merged on 4.0 to 3.4, embeds a fix in ArgumentMetadataFactory, which couldn't deal with self/parent type hints.
Commits
-------
ba5cb1a245 fixed CS
* 3.4:
fix merge
[Security] Fix logout
Cleanup 2 tests for the HttpException classes
#27250 limiting GET_LOCK key up to 64 char due to changes in MySQL 5.7.5 and later
[Config] Fix tests when path contains UTF chars
[DI] Shared services should not be inlined in non-shared ones
[Profiler] Remove propel & event_listener_loading category identifiers
[Filesystem] Fix usages of error_get_last()
[Cache][Lock] Fix usages of error_get_last()
[Debug] Fix populating error_get_last() for handled silent errors
[DI] Display previous error messages when throwing unused bindings
Suppress warnings when open_basedir is non-empty
* 2.8:
[Security] Fix logout
#27250 limiting GET_LOCK key up to 64 char due to changes in MySQL 5.7.5 and later
[Profiler] Remove propel & event_listener_loading category identifiers
[Filesystem] Fix usages of error_get_last()
[Debug] Fix populating error_get_last() for handled silent errors
Suppress warnings when open_basedir is non-empty
* 2.7:
[Security] Fix logout
#27250 limiting GET_LOCK key up to 64 char due to changes in MySQL 5.7.5 and later
[Profiler] Remove propel & event_listener_loading category identifiers
[Filesystem] Fix usages of error_get_last()
[Debug] Fix populating error_get_last() for handled silent errors
Suppress warnings when open_basedir is non-empty
* 4.0: (22 commits)
[appveyor] use PHP 7.1 to run composer
[HttpKernel] Don't clean legacy containers that are still loaded
[VarDumper] Fix HtmlDumper classes match
Make the simple auth provider the same as in Symfony 2.7.
[PhpUnitBridge] silence wget
fix merge
[Security] guardAuthenticationProvider::authenticate cannot return null according to interface specification
[PhpUnitBridge] Fix#26994
[VarDumper] Remove decoration from actual output in tests
[PropertyInfo] Minor cleanup and perf improvement
[Bridge/Doctrine] fix count() notice on PHP 7.2
[Security] Skip user checks if not implementing UserInterface
[DI] Add check of internal type to ContainerBuilder::getReflectionClass
[HttpFoundation] Add HTTP_EARLY_HINTS const
[DoctrineBridge] Improve exception message at `IdReader::getIdValue()`
Add type hints
fixed CS
Use new PHP7.2 functions in hasColorSupport
[VarDumper] Fix dumping of SplObjectStorage
[HttpFoundation] Add functional tests for Response::sendHeaders()
...
* 3.4: (22 commits)
[appveyor] use PHP 7.1 to run composer
[HttpKernel] Don't clean legacy containers that are still loaded
[VarDumper] Fix HtmlDumper classes match
Make the simple auth provider the same as in Symfony 2.7.
[PhpUnitBridge] silence wget
fix merge
[Security] guardAuthenticationProvider::authenticate cannot return null according to interface specification
[PhpUnitBridge] Fix#26994
[VarDumper] Remove decoration from actual output in tests
[PropertyInfo] Minor cleanup and perf improvement
[Bridge/Doctrine] fix count() notice on PHP 7.2
[Security] Skip user checks if not implementing UserInterface
[DI] Add check of internal type to ContainerBuilder::getReflectionClass
[HttpFoundation] Add HTTP_EARLY_HINTS const
[DoctrineBridge] Improve exception message at `IdReader::getIdValue()`
Add type hints
fixed CS
Use new PHP7.2 functions in hasColorSupport
[VarDumper] Fix dumping of SplObjectStorage
[HttpFoundation] Add functional tests for Response::sendHeaders()
...
* 2.8:
[Security] guardAuthenticationProvider::authenticate cannot return null according to interface specification
[VarDumper] Remove decoration from actual output in tests
[PropertyInfo] Minor cleanup and perf improvement
[Bridge/Doctrine] fix count() notice on PHP 7.2
[Security] Skip user checks if not implementing UserInterface
[HttpFoundation] Add HTTP_EARLY_HINTS const
[DoctrineBridge] Improve exception message at `IdReader::getIdValue()`
fixed CS
Use new PHP7.2 functions in hasColorSupport
[VarDumper] Fix dumping of SplObjectStorage
Fixed being logged out on failed attempt in guard
* 2.7:
[VarDumper] Remove decoration from actual output in tests
[Bridge/Doctrine] fix count() notice on PHP 7.2
[Security] Skip user checks if not implementing UserInterface
[HttpFoundation] Add HTTP_EARLY_HINTS const
[DoctrineBridge] Improve exception message at `IdReader::getIdValue()`
fixed CS
Use new PHP7.2 functions in hasColorSupport
[VarDumper] Fix dumping of SplObjectStorage
This PR was merged into the 2.8 branch.
Discussion
----------
[Security] Fixed being logged out on failed attempt in guard
| Q | A
| ------------- | ---
| Branch? | 2.8
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #25992
| License | MIT
| Doc PR | ~
This fixes the issue described in the ticket. After this fix, guard will no longer "forget" your authentication when your next attempt fails.
Commits
-------
4fc0ecbf90 Fixed being logged out on failed attempt in guard
* 4.0:
[Form] Fix typo in Upgrade 3.4/4.0
[EventDispatcher] Dispatcher in stopEventPropagation test now registers correct listener
Update da translations
Fix Typo in Guard Factory
* 3.4:
[Form] Fix typo in Upgrade 3.4/4.0
[EventDispatcher] Dispatcher in stopEventPropagation test now registers correct listener
Update da translations
Fix Typo in Guard Factory
This PR was merged into the 2.7 branch.
Discussion
----------
Update da translations
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
The Danish translations have several serious errors. This PR adjusts to official Danish orthography, and updates some texts for internal consistency and to better reflect the original English text.
Commits
-------
d0ea26bd15 Update da translations
* 4.0:
[Routing] Fix throwing NoConfigurationException instead of 405
[Security] Load the user before pre/post auth checks when needed
[SecurityBundle] Add test for simple authentication config
[WebProfilerBundle] fix version check
[SecurityBundle] Add missing argument to security.authentication.provider.simple
[Finder] fix tests
* 3.4:
[Routing] Fix throwing NoConfigurationException instead of 405
[Security] Load the user before pre/post auth checks when needed
[SecurityBundle] Add test for simple authentication config
[WebProfilerBundle] fix version check
[SecurityBundle] Add missing argument to security.authentication.provider.simple
[Finder] fix tests
* 2.8:
[Security] Load the user before pre/post auth checks when needed
[SecurityBundle] Add test for simple authentication config
[SecurityBundle] Add missing argument to security.authentication.provider.simple
[Finder] fix tests
This PR was merged into the 4.1-dev branch.
Discussion
----------
Mark ExceptionInterfaces throwable
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
This interface is meant to be catched, but currently it doesn't guarantee class extending it is an instance of Throwable or Exception.
Commits
-------
b2d8792908 Mark ExceptionInterfaces throwable
* 4.0: (24 commits)
moved Twig runtime to proper class
fixed deprecated messages in tests
add PHP errors options to XML schema definition
[HttpCache] Unlink tmp file on error
Added LB translation for #26327 (Errors sign for people that do not see colors)
[TwigBridge] Fix rendering of currency by MoneyType
Import InvalidArgumentException in PdoAdapter
[DI] Do not suggest writing an implementation when multiple exist
[Intl] Update ICU data to 61.1
Use 3rd person verb form in command description
[Validator] Add Japanese translation
Support phpdbg SAPI in Debug::enable()
[HttpKernel] DumpDataCollector: do not flush when a dumper is provided
[DI] Fix hardcoded cache dir for warmups
[Routing] fix tests
[Routing] Fixed the importing of files using glob patterns that match multiple resources
[Ldap] cast to string when checking empty passwords
[Validator] sync validator translation id
[WebProfilerBundle] use the router to resolve file links
no type errors with invalid submitted data types
...
* 3.4: (24 commits)
moved Twig runtime to proper class
fixed deprecated messages in tests
add PHP errors options to XML schema definition
[HttpCache] Unlink tmp file on error
Added LB translation for #26327 (Errors sign for people that do not see colors)
[TwigBridge] Fix rendering of currency by MoneyType
Import InvalidArgumentException in PdoAdapter
[DI] Do not suggest writing an implementation when multiple exist
[Intl] Update ICU data to 61.1
Use 3rd person verb form in command description
[Validator] Add Japanese translation
Support phpdbg SAPI in Debug::enable()
[HttpKernel] DumpDataCollector: do not flush when a dumper is provided
[DI] Fix hardcoded cache dir for warmups
[Routing] fix tests
[Routing] Fixed the importing of files using glob patterns that match multiple resources
[Ldap] cast to string when checking empty passwords
[Validator] sync validator translation id
[WebProfilerBundle] use the router to resolve file links
no type errors with invalid submitted data types
...
* 2.8:
[Intl] Update ICU data to 61.1
[Validator] Add Japanese translation
Support phpdbg SAPI in Debug::enable()
[Ldap] cast to string when checking empty passwords
[Validator] sync validator translation id
no type errors with invalid submitted data types
[FrameworkBundle] Partially revert HttpCache is not longer abstract (4d075da)
[Finder] Fixed leading/trailing / in filename
allow html5 compatible rendering of forms with null names
Change datetime input to datetime-local
* 4.0: (32 commits)
[Form] fix tests and deps
[Cache] Rely on mock for Doctrine ArrayCache
[FrameworkBundle] Respect debug mode when warm up annotations
[Console] Fix docblock of DescriptorInterface::describe
[Config] Handle nullable node name + fix inheritdocs
[Security] added userChecker to SimpleAuthenticationProvider
[Debug] fix test
Fix typo in test method name
Fixes#26563 (open_basedir restriction in effect)
[Debug] Reset previous exception handler ealier to prevent infinite loop
add hint in Github pull request template
[Validator] Fix docblock of ClassMetadata#members
[BrowserKit] Fix cookie path handling when $domain is null
[DoctrineBridge] Don't rely on ClassMetadataInfo->hasField in DoctrineOrmTypeGuesser anymore
[BrowserKit] Improves CookieJar::get
[BrowserKit] Fix Cookie's PHPDoc
[DomCrawler] Change bad wording in ChoiceFormField::untick
[DomCrawler] Fix the PHPDoc of ChoiceFormField::setValue
[DomCrawler] Avoid a useless call to strtolower
[FrameworkBundle] HttpCache is not longer abstract
...
* 3.4: (32 commits)
[Form] fix tests and deps
[Cache] Rely on mock for Doctrine ArrayCache
[FrameworkBundle] Respect debug mode when warm up annotations
[Console] Fix docblock of DescriptorInterface::describe
[Config] Handle nullable node name + fix inheritdocs
[Security] added userChecker to SimpleAuthenticationProvider
[Debug] fix test
Fix typo in test method name
Fixes#26563 (open_basedir restriction in effect)
[Debug] Reset previous exception handler ealier to prevent infinite loop
add hint in Github pull request template
[Validator] Fix docblock of ClassMetadata#members
[BrowserKit] Fix cookie path handling when $domain is null
[DoctrineBridge] Don't rely on ClassMetadataInfo->hasField in DoctrineOrmTypeGuesser anymore
[BrowserKit] Improves CookieJar::get
[BrowserKit] Fix Cookie's PHPDoc
[DomCrawler] Change bad wording in ChoiceFormField::untick
[DomCrawler] Fix the PHPDoc of ChoiceFormField::setValue
[DomCrawler] Avoid a useless call to strtolower
[FrameworkBundle] HttpCache is not longer abstract
...
* 2.8: (29 commits)
[Console] Fix docblock of DescriptorInterface::describe
[Config] Handle nullable node name + fix inheritdocs
[Security] added userChecker to SimpleAuthenticationProvider
[Debug] fix test
Fix typo in test method name
Fixes#26563 (open_basedir restriction in effect)
[Debug] Reset previous exception handler ealier to prevent infinite loop
add hint in Github pull request template
[Validator] Fix docblock of ClassMetadata#members
[BrowserKit] Fix cookie path handling when $domain is null
[DoctrineBridge] Don't rely on ClassMetadataInfo->hasField in DoctrineOrmTypeGuesser anymore
[BrowserKit] Improves CookieJar::get
[BrowserKit] Fix Cookie's PHPDoc
[DomCrawler] Change bad wording in ChoiceFormField::untick
[DomCrawler] Fix the PHPDoc of ChoiceFormField::setValue
[DomCrawler] Avoid a useless call to strtolower
[FrameworkBundle] HttpCache is not longer abstract
Php Inspections (EA Ultimate): address some of one-time used local variables
[Intl] Load locale aliases to support alias fallbacks
[CssSelector] Fix CSS identifiers parsing - they can start with dash
...
* 2.7:
[Config] Handle nullable node name + fix inheritdocs
[Security] added userChecker to SimpleAuthenticationProvider
[Debug] fix test
Fix typo in test method name
Fixes#26563 (open_basedir restriction in effect)
[Debug] Reset previous exception handler ealier to prevent infinite loop
add hint in Github pull request template
[Validator] Fix docblock of ClassMetadata#members
[BrowserKit] Fix cookie path handling when $domain is null
[DoctrineBridge] Don't rely on ClassMetadataInfo->hasField in DoctrineOrmTypeGuesser anymore
[BrowserKit] Improves CookieJar::get
[BrowserKit] Fix Cookie's PHPDoc
[DomCrawler] Change bad wording in ChoiceFormField::untick
[DomCrawler] Fix the PHPDoc of ChoiceFormField::setValue
[DomCrawler] Avoid a useless call to strtolower
[FrameworkBundle] HttpCache is not longer abstract
[DomCrawler] extract(): fix a bug when the attribute list is empty
[Config] Backport string|null api for node names
This PR was squashed before being merged into the 4.1-dev branch (closes#26467).
Discussion
----------
Add UsernameNotFoundException declaration to refreshUser().
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | maybe
| New feature? | maybe
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
Symfony\Component\Security\Core\User\UserProviderInterface::refreshUser() does not declare that implementations may throw a UsernameNotFoundException, although a) it makes sense, as the user could have been deleted since the last load, and b) the ContextListener already handles the UsernameNotFoundException. So it looks like someone thought of this, but simply forgot the annotation.
Unsure if this is a bugfix or a feature, but as it doesn't change executed code, master should be soon enough.
Commits
-------
f7a0c46338 Add UsernameNotFoundException declaration to refreshUser().
* 4.0:
Fix typos
[Routing] remove useless failing mocks
[appveyor] Workaround GitHub disabling of low versions of TLS
Use long array syntax
[Routing] Fix GC control of PHP-DSL
[Routing] Don't throw 405 when scheme requirement doesn't match
[Routing] Revert throwing 405 on missed slash/scheme redirections
[WebProfilerBundle] fix test after ajax path updated
Fix ArrayInput::toString() for InputArgument::IS_ARRAY args
Update excluded_ajax_paths for sf4
Add missing use for RoleInterface
Add missing use of Role
[Routing] fix CS
add container.autowiring.strict_mode to 3.4 docs
Set controller without __invoke method from invokable class
[VarDumper] Fixed PHPDoc
* 4.0:
[Translation] Process multiple segments within a single unit.
Document the container.autowiring.strict_mode option
fix custom radios/inputs for checkbox/radio type
Another PR template tweak
[FrameworkBundle] Add missing XML config for circular_reference_handler. Add tests.
fix CS
[PropertyInfo] ReflectionExtractor: give a chance to other extractors if no properties
Clean calls to http_build_query()
[WebProfilerBundle] limit ajax request to 100 and remove the last one
Add support for URL-like DSNs for the PdoSessionHandler
removed version in @final @internal for version < 4.0
[HttpFoundation] Fix missing "throw" in JsonResponse
Improve the documentation of
Suppress warning from sapi_windows_vt100_support on stream other than STDIO
removed extra-verbose comments
Fixes#26136: Avoid emitting warning in hasParameterOption()
Added a README entry to the PR template
[HttpFoundation] Add x-zip-compressed to MimeTypeExtensionGuesser.
[DI] Add null check for removeChild
* 3.4:
[Translation] Process multiple segments within a single unit.
Document the container.autowiring.strict_mode option
fix custom radios/inputs for checkbox/radio type
Another PR template tweak
[FrameworkBundle] Add missing XML config for circular_reference_handler. Add tests.
fix CS
[PropertyInfo] ReflectionExtractor: give a chance to other extractors if no properties
Clean calls to http_build_query()
[WebProfilerBundle] limit ajax request to 100 and remove the last one
Add support for URL-like DSNs for the PdoSessionHandler
[HttpFoundation] Fix missing "throw" in JsonResponse
Improve the documentation of
Suppress warning from sapi_windows_vt100_support on stream other than STDIO
removed extra-verbose comments
Fixes#26136: Avoid emitting warning in hasParameterOption()
Added a README entry to the PR template
[HttpFoundation] Add x-zip-compressed to MimeTypeExtensionGuesser.
[DI] Add null check for removeChild
* 2.8:
Another PR template tweak
[PropertyInfo] ReflectionExtractor: give a chance to other extractors if no properties
Clean calls to http_build_query()
[WebProfilerBundle] limit ajax request to 100 and remove the last one
[HttpFoundation] Fix missing "throw" in JsonResponse
Improve the documentation of
Suppress warning from sapi_windows_vt100_support on stream other than STDIO
removed extra-verbose comments
Fixes#26136: Avoid emitting warning in hasParameterOption()
Added a README entry to the PR template
[HttpFoundation] Add x-zip-compressed to MimeTypeExtensionGuesser.
[DI] Add null check for removeChild
* 2.7:
Clean calls to http_build_query()
[HttpFoundation] Fix missing "throw" in JsonResponse
Improve the documentation of
Suppress warning from sapi_windows_vt100_support on stream other than STDIO
removed extra-verbose comments
Fixes#26136: Avoid emitting warning in hasParameterOption()
Added a README entry to the PR template
[HttpFoundation] Add x-zip-compressed to MimeTypeExtensionGuesser.
[DI] Add null check for removeChild
* 4.0:
[Serializer] optims and cleanup
do not mock the container builder in tests
[PhpUnitBridge] Added support for PHPUnit 7 in Coverage Listener
fix accessing request values
Avoid running the remove command without any packages
[Form] Add translations for Tagalog
* 3.4:
[Serializer] optims and cleanup
do not mock the container builder in tests
[PhpUnitBridge] Added support for PHPUnit 7 in Coverage Listener
fix accessing request values
Avoid running the remove command without any packages
[Form] Add translations for Tagalog
* 4.0:
[Routing] Throw 405 instead of 404 when redirect is not possible
[Process] fix test case
Add security.tl.xlf to legacy directory
[Security][Validator] Add translations for Tagalog
fixed typo
Typo fix in security component lithuanian translation.
[TwigBundle][WebProfilerBundle] Fix JS collision
[Process] Check PHP_BINDIR before $PATH in PhpExecutableFinder
* 3.4:
[Routing] Throw 405 instead of 404 when redirect is not possible
[Process] fix test case
Add security.tl.xlf to legacy directory
[Security][Validator] Add translations for Tagalog
fixed typo
Typo fix in security component lithuanian translation.
[TwigBundle][WebProfilerBundle] Fix JS collision
[Process] Check PHP_BINDIR before $PATH in PhpExecutableFinder
* 2.8:
[Routing] Throw 405 instead of 404 when redirect is not possible
[Process] fix test case
Add security.tl.xlf to legacy directory
[Security][Validator] Add translations for Tagalog
fixed typo
Typo fix in security component lithuanian translation.
[Process] Check PHP_BINDIR before $PATH in PhpExecutableFinder
* 2.7:
[Routing] Throw 405 instead of 404 when redirect is not possible
[Process] fix test case
Add security.tl.xlf to legacy directory
[Security][Validator] Add translations for Tagalog
fixed typo
Typo fix in security component lithuanian translation.
[Process] Check PHP_BINDIR before $PATH in PhpExecutableFinder
* 4.0:
fix merge
Env var maps to undefined constant.
[SecurityBundle] Backport test
[Security] fix merge of 2.7 into 2.8 + add test case
backport regression test from 3.4
do not mock the container builder or definitions
fixed CS
[TwigBundle] Register TwigBridge extensions first
[WebProfilerBundle] Fix sub request link
PhpDocExtractor::getTypes() throws fatal error when type omitted
Fix misspelling variable
use libsodium to run Argon2i related tests
[DI] minor: use a strict comparision in setDecoratedService
[HttpKernel] fix FC
Follow-on to #25825: Fix edge case in getParameterOption.
keep the context when validating forms
* 3.4:
Env var maps to undefined constant.
[SecurityBundle] Backport test
[Security] fix merge of 2.7 into 2.8 + add test case
backport regression test from 3.4
do not mock the container builder or definitions
fixed CS
[TwigBundle] Register TwigBridge extensions first
[WebProfilerBundle] Fix sub request link
PhpDocExtractor::getTypes() throws fatal error when type omitted
Fix misspelling variable
use libsodium to run Argon2i related tests
[DI] minor: use a strict comparision in setDecoratedService
[HttpKernel] fix FC
Follow-on to #25825: Fix edge case in getParameterOption.
keep the context when validating forms
* 2.8:
[SecurityBundle] Backport test
[Security] fix merge of 2.7 into 2.8 + add test case
backport regression test from 3.4
Fix misspelling variable
[DI] minor: use a strict comparision in setDecoratedService
Follow-on to #25825: Fix edge case in getParameterOption.
keep the context when validating forms
* 2.7:
[SecurityBundle] Backport test
Fix misspelling variable
[DI] minor: use a strict comparision in setDecoratedService
Follow-on to #25825: Fix edge case in getParameterOption.
keep the context when validating forms
This PR was merged into the 4.1-dev branch.
Discussion
----------
[Security] The AuthenticationException should implements Security's ExceptionInterface
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #25770
| License | MIT
| Doc PR | ø
Dunno why this is the case right now but this probably should not. Was reported by @paq85.
Commits
-------
0ee4cf1019 The Security Component's exceptions should implements Security's ExceptionInterface
* 4.0:
[HttpFoundation] Use the correct syntax for session gc based on Pdo driver
Removed assertDateTimeEquals() methods.
Revert "bug #24987 [Console] Fix global console flag when used in chain (Simperfit)"
Revert "bug #25487 [Console] Fix a bug when passing a letter that could be an alias (Simperfit)"
Disable CSP header on exception pages only in debug
Fixed submitting disabled buttons
Fixed Button::setParent() when already submitted
Improve assertions
Restore RoleInterface import
[Console] Provide a bugfix where an array could be passed
Improve assertions
SCA: get rid of repetitive calls
allow null values for root nodes in YAML configs
revert useless tests fixtures changes
[VarDumper] Fix docblock
Improve phpdoc to make it more explicit
[DI] Fix initialization of legacy containers by delaying include_once
* 3.4:
[HttpFoundation] Use the correct syntax for session gc based on Pdo driver
Removed assertDateTimeEquals() methods.
Revert "bug #24987 [Console] Fix global console flag when used in chain (Simperfit)"
Revert "bug #25487 [Console] Fix a bug when passing a letter that could be an alias (Simperfit)"
Disable CSP header on exception pages only in debug
Fixed submitting disabled buttons
Fixed Button::setParent() when already submitted
Improve assertions
Restore RoleInterface import
[Console] Provide a bugfix where an array could be passed
Improve assertions
SCA: get rid of repetitive calls
allow null values for root nodes in YAML configs
revert useless tests fixtures changes
[VarDumper] Fix docblock
Improve phpdoc to make it more explicit
[DI] Fix initialization of legacy containers by delaying include_once
* 3.3:
[HttpFoundation] Use the correct syntax for session gc based on Pdo driver
Removed assertDateTimeEquals() methods.
Revert "bug #24987 [Console] Fix global console flag when used in chain (Simperfit)"
Revert "bug #25487 [Console] Fix a bug when passing a letter that could be an alias (Simperfit)"
Disable CSP header on exception pages only in debug
Fixed submitting disabled buttons
Fixed Button::setParent() when already submitted
Improve assertions
Restore RoleInterface import
Improve assertions
SCA: get rid of repetitive calls
allow null values for root nodes in YAML configs
revert useless tests fixtures changes
[VarDumper] Fix docblock
Improve phpdoc to make it more explicit
This PR was merged into the 3.3 branch.
Discussion
----------
Restore RoleInterface import
| Q | A
| ------------- | ---
| Branch? | 3.3
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no <!-- don't forget to update UPGRADE-*.md files -->
| Tests pass? | yes
| License | MIT
The import is use on PHPDoc but was accidentally removed. Maybe because PHPStorm does not match with the import when you use parenthesis.
Not really a bug as it is concerning only PHPDoc, but it make some analysis tools like PHPStan yelling:
```
------ -----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Line src/AppBundle/Security/Authentication/ApiKeyAuthenticator.php
------ -----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
64 Parameter #4 $roles of class Symfony\Component\Security\Core\Authentication\Token\PreAuthenticatedToken constructor expects array<string|Symfony\Component\Security\Core\Authentication\Token\RoleInterface>, array<string|Symfony\Component\Security\Core\Role\Role>
given.
------ -----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
------ -----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Line tests/AppBundle/Controller/WebTestCase.php
------ -----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
59 Parameter #4 $roles of class Symfony\Component\Security\Core\Authentication\Token\PreAuthenticatedToken constructor expects array<string|Symfony\Component\Security\Core\Authentication\Token\RoleInterface>, array<string|Symfony\Component\Security\Core\Role\Role>
given.
------ -----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
```
Commits
-------
8ecfeb1e31 Restore RoleInterface import
* 4.0:
[HttpKernel] DebugHandlersListener should always replace the existing exception handler
fix the Composer API being used
[Security] Notify that symfony/expression-language is not installed if ExpressionLanguage and ExpressionLanguagePrivider are used
[Debug] Always decorate existing exception handlers to deal with fatal errors
Enableable ArrayNodeDefinition is disabled for empty configuration
Fixing a bug where the dump() function depended on bundle ordering
[Cache] Fix handling of apcu_fetch() edgy behavior
Add nn (Norwegian Nynorsk) translation files, and improve existing file
Problem in phar see mergerequest #25579
[Form] Disallow transform dates beyond the year 9999
Avoid button label translation when it's set to false
Copied NO language files to the new NB locale.
[Serializer] DateTimeNormalizer handling of null and empty values (returning null or empty instead of new object)
Fix options resolver with array allowed types
[Console] Improve phpdoc on StyleInterface::ask()
[TwigBridge][WIP] Pass the form-check-inline in parent
* 3.4:
[HttpKernel] DebugHandlersListener should always replace the existing exception handler
fix the Composer API being used
[Security] Notify that symfony/expression-language is not installed if ExpressionLanguage and ExpressionLanguagePrivider are used
[Debug] Always decorate existing exception handlers to deal with fatal errors
Enableable ArrayNodeDefinition is disabled for empty configuration
Fixing a bug where the dump() function depended on bundle ordering
[Cache] Fix handling of apcu_fetch() edgy behavior
Add nn (Norwegian Nynorsk) translation files, and improve existing file
Problem in phar see mergerequest #25579
[Form] Disallow transform dates beyond the year 9999
Avoid button label translation when it's set to false
Copied NO language files to the new NB locale.
[Serializer] DateTimeNormalizer handling of null and empty values (returning null or empty instead of new object)
Fix options resolver with array allowed types
[Console] Improve phpdoc on StyleInterface::ask()
[TwigBridge][WIP] Pass the form-check-inline in parent
* 3.3:
[HttpKernel] DebugHandlersListener should always replace the existing exception handler
fix the Composer API being used
[Debug] Always decorate existing exception handlers to deal with fatal errors
Enableable ArrayNodeDefinition is disabled for empty configuration
Fixing a bug where the dump() function depended on bundle ordering
[Cache] Fix handling of apcu_fetch() edgy behavior
Add nn (Norwegian Nynorsk) translation files, and improve existing file
Problem in phar see mergerequest #25579
[Form] Disallow transform dates beyond the year 9999
Copied NO language files to the new NB locale.
[Serializer] DateTimeNormalizer handling of null and empty values (returning null or empty instead of new object)
[Console] Improve phpdoc on StyleInterface::ask()
* 2.8:
fix the Composer API being used
[Debug] Always decorate existing exception handlers to deal with fatal errors
Enableable ArrayNodeDefinition is disabled for empty configuration
Fixing a bug where the dump() function depended on bundle ordering
Add nn (Norwegian Nynorsk) translation files, and improve existing file
Problem in phar see mergerequest #25579
[Form] Disallow transform dates beyond the year 9999
Copied NO language files to the new NB locale.
[Console] Improve phpdoc on StyleInterface::ask()
* 2.7:
fix the Composer API being used
[Debug] Always decorate existing exception handlers to deal with fatal errors
Enableable ArrayNodeDefinition is disabled for empty configuration
Fixing a bug where the dump() function depended on bundle ordering
Add nn (Norwegian Nynorsk) translation files, and improve existing file
Problem in phar see mergerequest #25579
[Form] Disallow transform dates beyond the year 9999
Copied NO language files to the new NB locale.
[Console] Improve phpdoc on StyleInterface::ask()
This PR was squashed before being merged into the 4.1-dev branch (closes#25092).
Discussion
----------
[Security] #25091 add target user to SwitchUserListener
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #25091
| License | MIT
| Doc PR |
This patch provides the target user to the SwitchUserListener's
accessDecisionManager->decide() call as the $object parameter to
give any registered voters extra information.
Commits
-------
5cb6f2a [Security] #25091 add target user to SwitchUserListener
This PR was merged into the 3.4 branch.
Discussion
----------
[Security] Notify that symfony/expression-language is not installed if ExpressionLanguage is used
| Q | A
| ------------- | ---
| Branch? | master for features / 3.4
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #25742
| License | MIT
| Doc PR | not requested
Commits
-------
6aa2b7cce0 [Security] Notify that symfony/expression-language is not installed if ExpressionLanguage and ExpressionLanguagePrivider are used
This PR was merged into the 2.7 branch.
Discussion
----------
Copied NO language files to the new NB locale
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #25792
| License | MIT
| Doc PR | N/A
This PR copies all `NO` language files to a new locale `NB`. It also adds unit tests to ensure that `NB` and `NO` will always contain the same translations. This way, we allow application developers to either use the generic `NO` language code or the more precise `NB` (e.g. if they need to distinguish between the `NB` and `NN` variants of the Norwegian language).
For further details, please have a look at the discussion in #25792.
Commits
-------
aee9b1ea3e Copied NO language files to the new NB locale.
* 4.0:
[appveyor] set memory_limit=-1
[Console] Keep the modified exception handler
[Console] Fix restoring exception handler
[Router] Skip anonymous classes when loading annotated routes
allow dashes in cwd pathname when running the tests
Fixed Request::__toString ignoring cookies
Make sure we only build once and have one time the prefix when importing routes
[Security] Fix fatal error on non string username
[FrameworkBundle] Automatically enable the CSRF if component *+ session* are loaded
* 3.4:
[appveyor] set memory_limit=-1
[Console] Keep the modified exception handler
[Console] Fix restoring exception handler
[Router] Skip anonymous classes when loading annotated routes
allow dashes in cwd pathname when running the tests
Fixed Request::__toString ignoring cookies
Make sure we only build once and have one time the prefix when importing routes
[Security] Fix fatal error on non string username
[FrameworkBundle] Automatically enable the CSRF if component *+ session* are loaded
* 3.3:
[appveyor] set memory_limit=-1
[Router] Skip anonymous classes when loading annotated routes
Fixed Request::__toString ignoring cookies
Make sure we only build once and have one time the prefix when importing routes
[Security] Fix fatal error on non string username
* 2.8:
[appveyor] set memory_limit=-1
[Router] Skip anonymous classes when loading annotated routes
Fixed Request::__toString ignoring cookies
[Security] Fix fatal error on non string username
* 2.7:
[appveyor] set memory_limit=-1
[Router] Skip anonymous classes when loading annotated routes
Fixed Request::__toString ignoring cookies
[Security] Fix fatal error on non string username
This PR was merged into the 2.7 branch.
Discussion
----------
[appveyor] set memory_limit=-1
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
Commits
-------
10e33ac [appveyor] set memory_limit=-1
This PR was merged into the 2.7 branch.
Discussion
----------
[Security] Fix fatal error on non string username
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | https://github.com/symfony/symfony/issues/25612
| License | MIT
| Doc PR | n/a
That's consistent with what #22569 did for the `json_login` listener.
Commits
-------
8f095683d0 [Security] Fix fatal error on non string username
* 4.0: (30 commits)
[FrameworkBundle] fix tests
[Serializer] Fixed throwing exception with option JSON_PARTIAL_OUTPUT_ON_ERROR
[HttpKernel] Fix session handling: decouple "save" from setting response "private"
swap filter/function and package names
[HttpFoundation] Always call proxied handler::destroy() in StrictSessionHandler
[HttpKernel] Fix compile error when a legacy container is fresh again
Add tests for the HttpKernel request collector and redirection via cookies
Uses cookies to track the requests redirection
Tweaked some styles in the profiler tables
Add type string to docblock for Process::setInput()
[Security] Fail gracefully if the security token cannot be unserialized from the session
[Form] AbstractLayoutTest - fix DOMDocument casing
Run simple-phpunit with --no-suggest option
[FrameworkBundle] Fix using "annotations.cached_reader" in after-removing passes
bumped Symfony version to 4.0.4
updated VERSION for 4.0.3
updated CHANGELOG for 4.0.3
bumped Symfony version to 3.4.4
updated VERSION for 3.4.3
updated CHANGELOG for 3.4.3
...
* 3.4: (26 commits)
[Serializer] Fixed throwing exception with option JSON_PARTIAL_OUTPUT_ON_ERROR
[HttpKernel] Fix session handling: decouple "save" from setting response "private"
swap filter/function and package names
[HttpFoundation] Always call proxied handler::destroy() in StrictSessionHandler
[HttpKernel] Fix compile error when a legacy container is fresh again
Add tests for the HttpKernel request collector and redirection via cookies
Uses cookies to track the requests redirection
Tweaked some styles in the profiler tables
Add type string to docblock for Process::setInput()
[Security] Fail gracefully if the security token cannot be unserialized from the session
[Form] AbstractLayoutTest - fix DOMDocument casing
Run simple-phpunit with --no-suggest option
[FrameworkBundle] Fix using "annotations.cached_reader" in after-removing passes
bumped Symfony version to 3.4.4
updated VERSION for 3.4.3
updated CHANGELOG for 3.4.3
bumped Symfony version to 3.3.16
updated VERSION for 3.3.15
updated CHANGELOG for 3.3.15
bumped Symfony version to 2.8.34
...
* 3.3:
[Serializer] Fixed throwing exception with option JSON_PARTIAL_OUTPUT_ON_ERROR
Tweaked some styles in the profiler tables
Add type string to docblock for Process::setInput()
[Security] Fail gracefully if the security token cannot be unserialized from the session
[Form] AbstractLayoutTest - fix DOMDocument casing
Run simple-phpunit with --no-suggest option
[FrameworkBundle] Fix using "annotations.cached_reader" in after-removing passes
bumped Symfony version to 3.3.16
updated VERSION for 3.3.15
updated CHANGELOG for 3.3.15
bumped Symfony version to 2.8.34
updated VERSION for 2.8.33
updated CHANGELOG for 2.8.33
bumped Symfony version to 2.7.41
updated VERSION for 2.7.40
update CONTRIBUTORS for 2.7.40
updated CHANGELOG for 2.7.40
* 2.8:
[Serializer] Fixed throwing exception with option JSON_PARTIAL_OUTPUT_ON_ERROR
Tweaked some styles in the profiler tables
[Security] Fail gracefully if the security token cannot be unserialized from the session
[Form] AbstractLayoutTest - fix DOMDocument casing
bumped Symfony version to 2.8.34
updated VERSION for 2.8.33
updated CHANGELOG for 2.8.33
bumped Symfony version to 2.7.41
updated VERSION for 2.7.40
update CONTRIBUTORS for 2.7.40
updated CHANGELOG for 2.7.40
* 2.7:
[Serializer] Fixed throwing exception with option JSON_PARTIAL_OUTPUT_ON_ERROR
[Security] Fail gracefully if the security token cannot be unserialized from the session
[Form] AbstractLayoutTest - fix DOMDocument casing
bumped Symfony version to 2.7.41
updated VERSION for 2.7.40
update CONTRIBUTORS for 2.7.40
updated CHANGELOG for 2.7.40
* 4.0:
PHP CS Fixer: clean up repo and adjust config
use interface_exists instead of class_exists
[DX] [DI] Improve exception for invalid setter injection arguments
Dumper shouldn't use html format for phpdbg
[Validator] Fix access to root object when using composite constraint
* 3.4:
PHP CS Fixer: clean up repo and adjust config
use interface_exists instead of class_exists
[DX] [DI] Improve exception for invalid setter injection arguments
Dumper shouldn't use html format for phpdbg
[Validator] Fix access to root object when using composite constraint
* 3.3:
PHP CS Fixer: clean up repo and adjust config
use interface_exists instead of class_exists
Dumper shouldn't use html format for phpdbg
[Validator] Fix access to root object when using composite constraint
* 2.8:
PHP CS Fixer: clean up repo and adjust config
Dumper shouldn't use html format for phpdbg
[Validator] Fix access to root object when using composite constraint
* 2.7:
PHP CS Fixer: clean up repo and adjust config
Dumper shouldn't use html format for phpdbg
[Validator] Fix access to root object when using composite constraint
* 4.0: (23 commits)
Clean up
Update return type in docblock.
PHP CS Fixer: no need to exclude xml and yml files
PHP CS Fixer: no need to exclude json file
[#22749] fix version in changelog
Update LICENSE year... forever
fixed some deprecation messages
fixed CS
Fixes for Oracle in PdoSessionHandler
fixed some deprecation messages
fixed some deprecation messages
fixed some deprecation messages
fixed some deprecation messages
Remove dead code
[TwigBundle/Brige] catch missing requirements to throw meaningful exceptions
[DI] fix CS
[HttpKernel] Call Response->setPrivate() instead of sending raw header() when session is started
[FrameworkBundle] Make cache:clear "atomic" and consistent with cache:warmup
Suggest to write an implementation if the interface cannot be autowired
[Debug] Skip DebugClassLoader checks for already parsed files
...
* 3.4:
Clean up
Update return type in docblock.
PHP CS Fixer: no need to exclude xml and yml files
PHP CS Fixer: no need to exclude json file
Update LICENSE year... forever
fixed some deprecation messages
fixed CS
Fixes for Oracle in PdoSessionHandler
fixed some deprecation messages
fixed some deprecation messages
fixed some deprecation messages
fixed some deprecation messages
[TwigBundle/Brige] catch missing requirements to throw meaningful exceptions
[HttpKernel] Call Response->setPrivate() instead of sending raw header() when session is started
[FrameworkBundle] Make cache:clear "atomic" and consistent with cache:warmup
Suggest to write an implementation if the interface cannot be autowired
[Debug] Skip DebugClassLoader checks for already parsed files
[2.7][DX] Use constant message contextualisation for deprecations
Remove group options without data and fix normalization
Remove redundant translation path
* 3.3:
Clean up
Update return type in docblock.
PHP CS Fixer: no need to exclude xml and yml files
PHP CS Fixer: no need to exclude json file
Update LICENSE year... forever
* 3.3:
fixed some deprecation messages
fixed some deprecation messages
fixed some deprecation messages
fixed some deprecation messages
[2.7][DX] Use constant message contextualisation for deprecations
* 4.0:
fixed wrong merge
Tweak message to be Flex friendly
[Routing] fixed tests
Fixing wrong class_exists on interface
Preserve percent-encoding in URLs when performing redirects in the UrlMatcher
removed FIXME
[Console] Fix a bug when passing a letter that could be an alias
add missing validation options to XSD file
Take advantage of AnnotationRegistry::registerUniqueLoader
[DI] Optimize Container::get() for perf
fix merge
Fix tests
Refactoring tests.
* 3.4:
fixed wrong merge
Tweak message to be Flex friendly
[Routing] fixed tests
Fixing wrong class_exists on interface
Preserve percent-encoding in URLs when performing redirects in the UrlMatcher
[Console] Fix a bug when passing a letter that could be an alias
add missing validation options to XSD file
Take advantage of AnnotationRegistry::registerUniqueLoader
[DI] Optimize Container::get() for perf
fix merge
Fix tests
Refactoring tests.
* 4.0:
SCA with Php Inspections (EA Extended)
Add test case for #25264
Fixed the null value exception case.
Remove rc/beta suffix from composer.json files
Ensure services & aliases can be referred to with `__toString`able objects
Throw an exception is expression language is not installed
[DI] Cast ids to string, as done on 3.4
Fail as early and noisily as possible
[Console][DI] Fail gracefully
[FrameworkBundle] Fix visibility of a test helper
[link] clear the cache after linking
[DI] Trigger deprecation when setting a to-be-private synthetic service
[Intl] Correct Typehint
[link] Prevent warnings when running link with 2.7
[Validator] ExpressionValidator should use OBJECT_TO_STRING to allow value in message
do not eagerly filter comment lines
[WebProfilerBundle], [TwigBundle] Fix Profiler breaking XHTML pages (Content-Type: application/xhtml+xml)
* 3.4:
SCA with Php Inspections (EA Extended)
Add test case for #25264
Fixed the null value exception case.
Remove rc/beta suffix from composer.json files
Throw an exception is expression language is not installed
Fail as early and noisily as possible
[Console][DI] Fail gracefully
[FrameworkBundle] Fix visibility of a test helper
[link] clear the cache after linking
[DI] Trigger deprecation when setting a to-be-private synthetic service
[link] Prevent warnings when running link with 2.7
[Validator] ExpressionValidator should use OBJECT_TO_STRING to allow value in message
do not eagerly filter comment lines
[WebProfilerBundle], [TwigBundle] Fix Profiler breaking XHTML pages (Content-Type: application/xhtml+xml)
This PR was merged into the 4.0-dev branch.
Discussion
----------
[SecurityBundle][Security][Translation] trigger some deprecations for legacy methods
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | yes
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
Commits
-------
e3396ea trigger some deprecations for legacy methods
* 4.0:
[Form] Fixed ContextErrorException in FileType
[DI] Fix handling of inlined definitions by ContainerBuilder
[Security] remove unused variable
[DI] Fix infinite loop when analyzing references
[Lock][Process][FrameworkBundle] fix tests
Display a nice error message if the form/serializer component is missing.
[SecurityBundle] providerIds is undefined error when firewall provider is not specified
[SecurityBundle] providerIds is undefined error when firewall provider is not specified
[SecurityBundle] providerIds is undefined error when firewall provider is not specified
Force phpunit-bridge update (bis)
[Bridge/PhpUnit] Fix disabling global state preservation
Incorrect dot on method loadChoices in upgrade doc
* 3.4:
fixed CS
fixed CS
[Security] Namespace generated CSRF tokens depending of the current scheme
ensure that submitted data are uploaded files
[Console] remove dead code
bumped Symfony version to 3.3.13
updated VERSION for 3.3.12
updated CHANGELOG for 3.3.12
bumped Symfony version to 2.8.31
updated VERSION for 2.8.30
updated CHANGELOG for 2.8.30
bumped Symfony version to 2.7.38
updated VERSION for 2.7.37
updated CHANGELOG for 2.7.37
[Security] Validate redirect targets using the session cookie domain
prevent bundle readers from breaking out of paths
* 3.3:
fixed CS
fixed CS
[Security] Namespace generated CSRF tokens depending of the current scheme
ensure that submitted data are uploaded files
[Console] remove dead code
bumped Symfony version to 3.3.13
updated VERSION for 3.3.12
updated CHANGELOG for 3.3.12
bumped Symfony version to 2.8.31
updated VERSION for 2.8.30
updated CHANGELOG for 2.8.30
bumped Symfony version to 2.7.38
updated VERSION for 2.7.37
updated CHANGELOG for 2.7.37
[Security] Validate redirect targets using the session cookie domain
prevent bundle readers from breaking out of paths
* 2.8:
fixed CS
fixed CS
[Security] Namespace generated CSRF tokens depending of the current scheme
ensure that submitted data are uploaded files
[Console] remove dead code
bumped Symfony version to 2.8.31
updated VERSION for 2.8.30
updated CHANGELOG for 2.8.30
bumped Symfony version to 2.7.38
updated VERSION for 2.7.37
updated CHANGELOG for 2.7.37
[Security] Validate redirect targets using the session cookie domain
prevent bundle readers from breaking out of paths
* 2.7:
fixed CS
fixed CS
[Security] Namespace generated CSRF tokens depending of the current scheme
ensure that submitted data are uploaded files
[Console] remove dead code
bumped Symfony version to 2.7.38
updated VERSION for 2.7.37
updated CHANGELOG for 2.7.37
[Security] Validate redirect targets using the session cookie domain
prevent bundle readers from breaking out of paths
This PR was merged into the 2.7 branch.
Discussion
----------
Validate redirect targets using the session cookie domain
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
<!--
- Bug fixes must be submitted against the lowest branch where they apply
(lowest branches are regularly merged to upper ones so they get the fixes too).
- Features and deprecations must be submitted against the master branch.
- Please fill in this template according to the PR you're about to submit.
- Replace this comment by a description of what your PR is solving.
-->
Commits
-------
52b06f1c21 [Security] Validate redirect targets using the session cookie domain
* 3.4:
[3.4] Remove useless docblocks
[3.3] More docblock fixes
[2.7] More docblock fixes
[TwigBridge] Fix BC break due required twig environment
Random fixes
Docblock fixes
[DI] Fix cannot bind env var
Fix some signatures in PHP-DSLs
[HttpKernel] Enhance deprecation message
bumped Symfony version to 3.4.0
updated VERSION for 3.4.0-BETA3
updated CHANGELOG for 3.4.0-BETA3
[SecurityBundle] Fix the datacollector to properly support decision.object being null
* 3.4:
[HttpFoundation] refactoring: calculate when need
[Serializer] Fix extra attributes when no group specified
[Intl] Make intl-data tests pass and save language aliases again
[FrameworkBundle][Config] fix: do not add resource checkers for debug=false
[DI] Fix "almost-circular" dependencies handling
[Console] Fix CommandTester::setInputs() docblock
Only enabling validation if it is present
Fix displaying errors for bootstrap 4
[Serializer] readd default argument value
Fix reference dump for deprecated nodes
[PhpUnitBridge] Fixed fatal error in CoverageListener when something goes wrong in Test::setUpBeforeClass
[HttpKernel] Let the storage manage the session starts
[VarDumper] fix trailling comma when dumping an exception
[Validator] Fix TraceableValidator is reset on data collector instantiation
Remove useless docblocks
[FrameworkBundle] Fix docblocks
[PropertyInfo] Remove useless docblocks
* 3.3:
[Serializer] Fix extra attributes when no group specified
[Intl] Make intl-data tests pass and save language aliases again
[Console] Fix CommandTester::setInputs() docblock
[Serializer] readd default argument value
[VarDumper] fix trailling comma when dumping an exception
Remove useless docblocks
[FrameworkBundle] Fix docblocks
[PropertyInfo] Remove useless docblocks
This PR was merged into the 3.4 branch.
Discussion
----------
[Security] Fix missing BC layer for AbstractGuardAuthenticator::getCredentials()
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
If a guard authenticator extends `AbstractGuardAuthenticator` and returns `null` from `getCredentials()`, an `\UnexpectedValueException` is thrown when upgrading to 3.4 because the abstract already implements the new interface.
This triggers a deprecation notice instead.
Commits
-------
b6bb84b [Security] Fix BC layer for AbstractGuardAuthenticator subclasses
* 3.4: (26 commits)
[Routing] Fix resource miss
[Security] Fixed auth provider authenticate() cannot return void
[FrameworkBundle][Serializer] Move DateIntervalNormalizer definition to xml
declare argument type
Improving annotation loader message
[FrameworkBundle][Serializer] Move normalizer/encoders definitions to xml file & remove unnecessary checks
Update UPGRADE-4.0.md
streamed response should return $this
$isClientIpsVali is not used
[WebServerBundle] Prevent commands from being registered by convention
content can be a resource
Adding the Form default theme files to be warmed up in Twig's cache
Remove BC Break label from `NullDumper` class
Username and password in basic auth are allowed to contain '.'
Remove obsolete PHPDoc from UriSigner
[Serializer] YamlEncoder: throw if the Yaml component isn't installed
[Serializer] ObjectNormalizer: throw if PropertyAccess isn't installed
[PropertyInfo] Add support for the iterable type
pdo session fix
Fixed pathinfo calculation for requests starting with a question mark. - fix bad conflict resolving issue - port symfony/symfony#21968 to 3.3+
...
* 3.3: (22 commits)
[Routing] Fix resource miss
[Security] Fixed auth provider authenticate() cannot return void
declare argument type
[FrameworkBundle][Serializer] Move normalizer/encoders definitions to xml file & remove unnecessary checks
streamed response should return $this
$isClientIpsVali is not used
content can be a resource
Adding the Form default theme files to be warmed up in Twig's cache
Remove BC Break label from `NullDumper` class
Username and password in basic auth are allowed to contain '.'
Remove obsolete PHPDoc from UriSigner
[Serializer] YamlEncoder: throw if the Yaml component isn't installed
[Serializer] ObjectNormalizer: throw if PropertyAccess isn't installed
[PropertyInfo] Add support for the iterable type
pdo session fix
Fixed pathinfo calculation for requests starting with a question mark. - fix bad conflict resolving issue - port symfony/symfony#21968 to 3.3+
Fixed unsetting from loosely equal keys OrderedHashMap
add DOMElement as return type in Crawler::getIterator to support foreach support in ide
Fixed mistake in exception expectation
[Debug] Fix same vendor detection in class loader
...
* 2.8:
[Routing] Fix resource miss
[Security] Fixed auth provider authenticate() cannot return void
declare argument type
streamed response should return $this
content can be a resource
Adding the Form default theme files to be warmed up in Twig's cache
* 2.7:
[Security] Fixed auth provider authenticate() cannot return void
declare argument type
streamed response should return $this
content can be a resource
The AuthenticationManagerInterface requires that authenticate() must return a TokenInterface, never null.
Several authentication providers are violating this. Changed to throw exception instead.
* 3.4:
bumped Symfony version to 3.4.0
updated VERSION for 3.4.0-BETA1
updated CHANGELOG for 3.4.0-BETA1
Do not process bindings in AbstractRecursivePass
don't bind scalar values to controller method arguments
Add extra autowiring aliases
adding AdapterInterface alias for cache.app
Adding a new debug:autowiring command
[HttpFoundation] Make sessions secure and lazy
[Routing] Ensure uniqueness without repeated check
[Console] Sync ConsoleLogger::interpolate with the one in HttpKernel
* 2.8:
Username and password in basic auth are allowed to contain '.'
Remove obsolete PHPDoc from UriSigner
[Serializer] ObjectNormalizer: throw if PropertyAccess isn't installed
[PropertyInfo] Add support for the iterable type
pdo session fix
Fixed unsetting from loosely equal keys OrderedHashMap
[Debug] Fix same vendor detection in class loader
Updated the source text and translation
reject remember-me token if user check fails
* 2.7:
Username and password in basic auth are allowed to contain '.'
Remove obsolete PHPDoc from UriSigner
[Serializer] ObjectNormalizer: throw if PropertyAccess isn't installed
pdo session fix
Fixed unsetting from loosely equal keys OrderedHashMap
[Debug] Fix same vendor detection in class loader
Updated the source text and translation
reject remember-me token if user check fails
* 3.4:
fix merge
fix merge
[FORM] Prevent forms from extending itself as a parent
fix merge
Fix 7.2 compat layer
[DI] Prefixed env vars and load time inlining are incompatible
bug #24499 [Bridge\PhpUnit] Fix infinite loop when running isolated method (bis) (nicolas-grekas)
Fix PHP 7.2 support
[HttpFoundation] Add missing session.lazy_write config option
[DI] Exclude inline services declared in XML from autowiring candidates
[HttpFoundation] Combine Cache-Control headers
[Form] fix parsing invalid floating point numbers
Escape command usage when displaying it in the text descriptor
[DI] Throw accurate failures when accessing removed services
[DI] Turn private defs to non-public ones before removing passes
Use for=ID on radio/checkbox label.
