This PR was merged into the 2.3 branch.
Discussion
----------
[Security] allow to use `method` in XML configs
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
Before this change, you always had to use the `methods` key which is
inconsistent compared to other options like `roles` and `ips` for which
it was possible to use their singular versions.
Commits
-------
9b0dfd4 [Security] allow to use `method` in XML configs
This PR was merged into the 2.6 branch.
Discussion
----------
[Twig][Bridge] replaced `extends` with `use` in bootstrap_3_horizontal_layout.html.twig
| Q | A
| ------------- | ---
| Fixed tickets |
| License | MIT
The fact `bootstrap_3_horizontal_layout.html.twig` **extends** `bootstrap_3_layout.html.twig` prevent to `use` it while using `{% form_theme form _self %}`.
As form templates don't have any code outside blocks this PR shouldn't induce any BC break.
Commits
-------
15886b6 [Twig][Bridge] replaced `extends` with `use` in bootstrap_3_horizontal_layout.html.twig
This PR was squashed before being merged into the 2.3 branch (closes#15223).
Discussion
----------
[Finder] Command::addAtIndex() fails with Command instance argument
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #14384
| License | MIT
| Doc PR | -
Fixed reported bug #14384 and added test case for it. This is a second PR as previous #14385 went bad after I failed to rebase 2.3 branch properly.
Commits
-------
2aff566 [Finder] Command::addAtIndex() fails with Command instance argument
This PR was merged into the 2.3 branch.
Discussion
----------
CS fixes for 2.3
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | ?
| Fixed tickets | N/A
| License | MIT
| Doc PR | N/A
To keep fabbot.io happy ;)
Commits
-------
464b67e fix CS
Before this change, you always had to use the `methods` key which is
inconsistent compared to other options like `roles` and `ips` for which
it was possible to use their singular versions.
This PR was merged into the 2.7 branch.
Discussion
----------
[TwigBridge] fix for legacy asset() with EmptyVersionStrategy
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #15156
| License | MIT
| Doc PR |
Commits
-------
cf86a03 fix for legacy asset() with EmptyVersionStrategy
This PR was merged into the 2.7 branch.
Discussion
----------
[Serializer] Fix Groups tests.
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
Commits
-------
2bd8fb8 [Serializer] Fix Groups tests.
This PR was merged into the 2.8 branch.
Discussion
----------
[2.8] Fix lowest deps
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
Looks like that by testing the lowest deps on 5.3, we missed some constraints in our test suite.
Commits
-------
a036a77 [2.8] Fix lowest deps
This PR was squashed before being merged into the 2.8 branch (closes#15141).
Discussion
----------
[DX] [Security] Renamed Token#getKey() to getSecret()
There are 2 very vague parameter names in the authentication process: `$providerKey` and `$key`. Some tokens/providers have the first one, some tokens/providers the second one and some both. An overview:
| Token | `providerKey` | `key`
| --- | --- | ---
| `AnonymousToken` | - | yes
| `PreAuth...Token` | yes | -
| `RememberMeToken` | yes | yes
| `UsernamePasswordToken` | yes | -
Both names are extremely general and their PHPdocs contains pure no-shit-sherlock-descriptions :squirrel: (like "The key."). This made me and @iltar think it's just an inconsistency and they have the same meaning.
...until we dived deeper into the code and came to the conclusion that `$key` has a Security task (while `$providerKey` doesn't really). If it takes people connected to Symfony internals 30+ minutes to find this out, it should be considered for an improvement imo.
So here is our suggestion: **Rename `$key` to `$secret`**. This explains much better what the value of the string has to be (for instance, it's important that the string is not easily guessable and cannot be found out, according to the Spring docs). It also explains the usage better (it's used as a replacement for credentials and to hash the RememberMeToken).
**Tl;dr**: `$key` and `$providerKey` are too general names, let's improve DX by renaming them. This PR tackles `$key` by renaming it to `$secret`.
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | yes
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
*My excuse for the completely unrelated branch name*
Commits
-------
24e0eb6 [DX] [Security] Renamed Token#getKey() to getSecret()
This PR was merged into the 2.6 branch.
Discussion
----------
[Validator] always evaluate binary format when changed
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #13891
| License | MIT
| Doc PR |
Commits
-------
2ad7e67 [Validator] always evaluate binary format when changed
* 2.7:
Update DateTimeToArrayTransformer.php
Mock microtime() and time() in transient tests
Azerbaijani language pluralization rule
Move HHVM tests out of the allowed failures
* 2.6:
Update DateTimeToArrayTransformer.php
Mock microtime() and time() in transient tests
Azerbaijani language pluralization rule
Move HHVM tests out of the allowed failures
* 2.3:
Update DateTimeToArrayTransformer.php
Mock microtime() and time() in transient tests
Azerbaijani language pluralization rule
Move HHVM tests out of the allowed failures
This PR was merged into the 2.3 branch.
Discussion
----------
Mock microtime() and time() in transient tests
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
Commits
-------
8319ca3 Mock microtime() and time() in transient tests
In AZ, as in TR, pluralization is always 0:
0 kitab (zero books)
1 kitab (1 book)
3 kitab (3 books)
104 kitab (104 books)
Apparently ZF ruleset was wrong in the first place :)
* 2.6:
[2.6] Towards 100% HHVM compat
[Security/Http] Fix test
[Stopwatch] Fix test
Minor fixes
Towards 100% HHVM compat
unify default AccessDeniedExeption message
trigger event with right user (add test)
[Security] Initialize SwitchUserEvent::targetUser on attemptExitUser
[Form] Fixed: Data mappers always receive forms indexed by their names
Conflicts:
src/Symfony/Bundle/FrameworkBundle/Controller/Controller.php
src/Symfony/Component/VarDumper/Tests/CliDumperTest.php
src/Symfony/Component/VarDumper/Tests/HtmlDumperTest.php
This PR was merged into the 2.8 branch.
Discussion
----------
[Validator] Added missing error codes and turned codes into UUIDs
Reopened#12388 on the 2.8 branch.
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
With the current implementation of error codes, checking which error occurred is unnecessarily complex:
```php
if ($violation->getConstraint() instanceof Length && Length::TOO_SHORT_ERROR === $violation->getCode()) {
// ...
}
```
Also, the code is completely missing for some constraints. This is fixed now. By using UUIDs, the check is reduced to:
```php
if (Length::TOO_SHORT_ERROR === $violation->getCode()) {
// ...
}
```
Also, APIs can simply output the error code and the name of the error without needing to point to the constraint as well.
Before:
```json
[
{
"code": "1",
"name": "TOO_SHORT_ERROR",
"message": "This value is too short. ...",
"constraint": "Symfony\\Component\\Validator\\Constraints\\Length"
}
]
```
After:
```json
[
{
"code": "9ff3fdc4-b214-49db-8718-39c315e33d45",
"name": "TOO_SHORT_ERROR",
"message": "This value is too short. ..."
}
]
```
This makes it possible to implement a service on symfony.com which looks up error codes, e.g.
symfony.com/error?code=9ff3fdc4-b214-49db-8718-39c315e33d45
Such a URL could redirect directly to the documentation of the appropriate constraint. We could even support user-submitted error codes which redirect to the documentation of that constraint.
Commits
-------
8874e88 [Validator] Added missing error codes and turned codes into UUIDs
* 2.3:
Minor fixes
Towards 100% HHVM compat
trigger event with right user (add test)
[Security] Initialize SwitchUserEvent::targetUser on attemptExitUser
[Form] Fixed: Data mappers always receive forms indexed by their names
Conflicts:
src/Symfony/Component/Debug/Tests/ErrorHandlerTest.php
src/Symfony/Component/Filesystem/Filesystem.php
src/Symfony/Component/Process/Tests/AbstractProcessTest.php
This PR was merged into the 2.7 branch.
Discussion
----------
[Form] Fixed handling of choices passed in choice groups
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | **yes**
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #14915
| License | MIT
| Doc PR | -
I introduced a bug in the 2.7 ChoiceList implementation when choices are passed as groups:
```
$form->add('response', 'choice', array(
'choices' => array(
'Decided' => array($yesObj, $noObj),
'Undecided' => array($maybeObj),
),
// use getName() for the labels
'choice_label' => 'name',
'choices_as_values' => true,
));
```
In this example, since the choices `$yesObj` and `$maybeObj` have the same array index `0`, the same label is displayed for the two options. The problem is that we rely on the keys passed in the "choices" option to identify choices in a choice list (which are, as you see, not guaranteed to be free of duplicates).
This PR changes the new choice list implementation to identify choices by values instead. We already have the guarantee that choices can be identified uniquely by their string values.
This PR should be included in 2.7.2 to fix the regression.
Unfortunately, a few BC breaks in the new implementation are necessary to make this fix:
* The legacy `ChoiceListInterface` was reverted to how it was in 2.6 and does *not* extend the new `ChoiceListInterface` anymore.
* As a consequence, legacy choice lists need to be wrapped into a `LegacyChoiceListAdapter` when they are passed to any place in the framework where a new choice list is expected.
* The new `ChoiceListInterface` has two additional methods `getStructuredValues()` and `getOriginalKeys()` now.
* `ArrayKeyChoiceList::toArrayKey()` was marked as internal.
* `ChoiceListFactoryInterface::createView()` does not accept arrays and Traversables anymore for the `$groupBy` parameter (for simplicity).
@fabpot Where should we document the upgrade path for 2.7.1 => 2.7.2?
Commits
-------
7623dc8 [Form] Fixed handling of choices passed in choice groups
This PR was merged into the 2.7 branch.
Discussion
----------
[Bridge/PhpUnit] Enforce a consistent locale
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
Will fix some HHVM failures
Commits
-------
b04fe83 [Bridge/PhpUnit] Enforce a consistent locale
This PR was merged into the 2.3 branch.
Discussion
----------
[Form] Fixed: Data mappers always receive forms indexed by their names
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
This PR facilitates writing domain-specific data mappers, since it guarantees that you can access forms by name in the data mapper methods. Currently, `Form::add()` does not set the index of the array passed to the data mapper to the form's name.
Commits
-------
86b7fe5 [Form] Fixed: Data mappers always receive forms indexed by their names
This PR was merged into the 2.7 branch.
Discussion
----------
Fix choice translation domain for expanded choice widget
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #15140
| License | MIT
This fix the form component using the translation_domain instead of the choice_translation_domain for expanded choice widgets.
I had to add the possibility to skip label translation when using ```translation_domain => false``` to do this fix so this can be considered a new feature to.
Commits
-------
52755ba Fix choice translation domain for expanded choice widget
This PR was merged into the 2.8 branch.
Discussion
----------
[FrameworkBundle] add option to force web server startup
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
The `server:start` command will report an error message when a lock file
does exist.
However, this means that you cannot restart the web server process if
the previously running process terminated accidentally or if it was
terminated by the user without executing the `server:stop` command (e.g.
by using the system's `kill` command or the task manager).
This commit adds a `--force` option that makes it possible to launch the
web server process even if a lock file does exist.
Commits
-------
1583fad add option to force web server startup
The `SwitchUserEvent` is triggered in case an account is switched. This works okay while switching to the user, but on exit the `SwitchUserEvent` is triggered again with the original User. That User was not initialized by the provider yet.
load user by UserInterface instead of username
* 2.6:
[2.6][Validator] Fix BC for Validator's validate method
Very small typo fix
Fix quoting style consistency.
[DependencyInjection] Fail when dumping a Definition with no class nor factory
Normalizing recursively - see #9096
No change - the normalizeParams is a copy-and-paste of the earlier logic
fixes issue with logging array of non-utf8 data
fix validation for Maestro UK card numbers
Conflicts:
src/Symfony/Component/Security/Http/Firewall/DigestAuthenticationListener.php
src/Symfony/Component/Validator/Validator/LegacyValidator.php
* 2.3:
Fix quoting style consistency.
[DependencyInjection] Fail when dumping a Definition with no class nor factory
Normalizing recursively - see #9096
No change - the normalizeParams is a copy-and-paste of the earlier logic
fixes issue with logging array of non-utf8 data
fix validation for Maestro UK card numbers
This PR was merged into the 2.6 branch.
Discussion
----------
[2.6][Validator] Fix BC for Validator's validate method
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
This fix makes method call ``` $validator->validate($value, array()); ``` backward compatible and does not throw
```
[Symfony\Component\Validator\Exception\NoSuchMetadataException]
The class or interface "XXX" does not exist.
```
when the ``` $value ``` is a scalar type.
Commits
-------
ffe25dc [2.6][Validator] Fix BC for Validator's validate method
This PR was merged into the 2.6 branch.
Discussion
----------
Very small typo fix
| Q | A
| --- | ---
| License | MIT
| Fixed tickets | -
Commits
-------
04deaed Very small typo fix
The `server:start` command will report an error message when a lock file
does exist.
However, this means that you cannot restart the web server process if
the previously running process terminated accidentally or if it was
terminated by the user without executing the `server:stop` command (e.g.
by using the system's `kill` command or the task manager).
This commit adds a `--force` option that makes it possible to launch the
web server process even if a lock file does exist.
This PR was merged into the 2.3 branch.
Discussion
----------
[DependencyInjection] Fail when dumping a Definition with no class nor factory
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
I tried creating an anonymous inline service with a DefinitionDecorator, but that did not work.
Here is the fix.
Commits
-------
23ad4ad [DependencyInjection] Fail when dumping a Definition with no class nor factory
This PR was merged into the 2.3 branch.
Discussion
----------
[Validator] fix validation for Maestro UK card numbers
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #15085
| License | MIT
| Doc PR |
The issue with the fix in #15086 was, that the `[56-69]` part of the regular expression did not cover the numbers from 56 to 69 but only matched one number if it was 5, 6 or 9 which means that the regular expression itself was not only invalid, but also covered only a total maximum length of 18 digits.
Commits
-------
f24532a fix validation for Maestro UK card numbers
This PR was merged into the 2.3 branch.
Discussion
----------
[Form] fixed sending non array data on submit to ResizeListener
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #13804, #13851
| License | MIT
| Doc PR |
I agree with @Tobion that #13851 is a bug fix and therefore should be applied on the `2.3` branch too.
Commits
-------
0f185c9 [Form] [EventListener] fixed sending non array data on submit to ResizeListener
This PR was merged into the 2.7 branch.
Discussion
----------
[Console] respect multi-character shortcuts
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #15105
| License | MIT
| Doc PR |
The `TextDescriptor` assumed that shortcuts will only consume one space
when calculating the maximum width needed to display the option's
synopsis.
Commits
-------
bd49f23 [Console] respect multi-character shortcuts
This PR was merged into the 2.7 branch.
Discussion
----------
[FrameworkBundle] update type hint in test
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
Commits
-------
96a5653 update type hint
This PR was merged into the 2.7 branch.
Discussion
----------
[2.7][DependencyInjection] improve deprecation messages
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
Also include the service id in the deprecation message.
Commits
-------
9e41fa7 [DependencyInjection] improve deprecation messages
