* 2.7:
[Security] Fix wrong term in UserProviderInterface
[HttpFoundation] Set meta refresh time to 0 in RedirectResponse content
[Security] validate empty passwords again
[DI] Remove irrelevant comment from container
[TwigBridge] cleaner implementation of the TwigRenderer
This PR was merged into the 2.7 branch.
Discussion
----------
[Security] validate empty passwords again
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | https://github.com/symfony/symfony/pull/23341#issuecomment-315341226
| License | MIT
| Doc PR |
It looks like this part of #23341 causes serious security issues for some users who rely on the validator to also compare the empty string with their user's password (see for example https://github.com/symfony/symfony/pull/23341#issuecomment-315341226). Thus I suggest to revert this part of #23341.
Commits
-------
878198cefa [Security] validate empty passwords again
This PR was submitted for the master branch but it was merged into the 2.7 branch instead (closes#23487).
Discussion
----------
[Security] Fix wrong term in UserProviderInterface
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | no <!-- don't forget updating src/**/CHANGELOG.md files -->
| BC breaks? | no
| Deprecations? | no <!-- don't forget updating UPGRADE-*.md files -->
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
The term "account" is the just remnant from the days of AccountInterface, isn't it?
Commits
-------
b5b8c15831 [Security] Fix wrong term in UserProviderInterface
This PR was merged into the 2.7 branch.
Discussion
----------
[DI] Remove irrelevant comment from container
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes-ish
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #... <!-- #-prefixed issue number(s), if any -->
| License | MIT
| Doc PR | symfony/symfony-docs#... <!--highly recommended for new features-->
Spotted in #22811
Commits
-------
595a225a0f [DI] Remove irrelevant comment from container
This PR was submitted for the master branch but it was merged into the 2.7 branch instead (closes#23526).
Discussion
----------
[HttpFoundation] Set meta refresh time to 0 in RedirectResponse content
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #23524
| License | MIT
Set meta refresh time to 0 in RedirectResponse content
Commits
-------
5508a00e74 [HttpFoundation] Set meta refresh time to 0 in RedirectResponse content
This PR was merged into the 2.8 branch.
Discussion
----------
Disable inlining deprecated services
| Q | A
| ------------- | ---
| Branch? | 2.8
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #23536
| License | MIT
Deprecation errors are not triggered for inlined services.
Disabling inlining for those services will fix this issue.
Commits
-------
6ab8ca0d36 disable inlining deprecated services
This PR was merged into the 2.7 branch.
Discussion
----------
[TwigBridge] cleaner implementation of the TwigRenderer
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | no
| New feature? | no <!-- don't forget updating src/**/CHANGELOG.md files -->
| BC breaks? | no
| Deprecations? | no <!-- don't forget updating UPGRADE-*.md files -->
| Tests pass? | yes
| Fixed tickets | https://github.com/symfony/symfony/pull/23432#discussion_r125880092
| License | MIT
| Doc PR |
<!--
- Bug fixes must be submitted against the lowest branch where they apply
(lowest branches are regularly merged to upper ones so they get the fixes too).
- Features and deprecations must be submitted against the 3.4,
legacy code removals go to the master branch.
- Please fill in this template according to the PR you're about to submit.
- Replace this comment by a description of what your PR is solving.
-->
Commits
-------
c7c5ba8 [TwigBridge] cleaner implementation of the TwigRenderer
* 2.7:
[DI] Handle root namespace in service definitions
Use rawurlencode() to transform the Cookie into a string
[Security] Fix authentication.failure event not dispatched on AccountStatusException
This PR was squashed before being merged into the 2.7 branch (closes#23468).
Discussion
----------
[DI] Handle root namespace in service definitions
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #... <!-- #-prefixed issue number(s), if any -->
| License | MIT
| Doc PR | symfony/symfony-docs#... <!--highly recommended for new features-->
Fixes
```
Cannot dump definition because of invalid class name ('\\stdClass')
```
for
```yaml
services:
foo: {class: '\stdClass' }
```
`ContainerBuilder` allows it, so `PhpDumper` should as well.
Commits
-------
05170c8 [DI] Handle root namespace in service definitions
This PR was merged into the 2.7 branch.
Discussion
----------
[Security] Fix authentication.failure event not dispatched on AccountStatusException
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | https://github.com/symfony/symfony/issues/18807
| License | MIT
| Doc PR | n/a
Authentication fails if the user exists but its account is disabled/expired/locked, the failure event should be dispatched in this case, so that you can hook into as for any authentication exception.
Commits
-------
64c2efd [Security] Fix authentication.failure event not dispatched on AccountStatusException
This PR was squashed before being merged into the 2.7 branch (closes#23461).
Discussion
----------
Use rawurlencode() to transform the Cookie into a string
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #23255
| License | MIT
| Doc PR | -
Commits
-------
025dfff Use rawurlencode() to transform the Cookie into a string
* 2.7:
allow to configure custom formats in XML configs
require the XML PHP extension
Fixed absolute url generation for query strings and hash urls
bumped Symfony version to 2.7.32
[Filesystem] Dont copy perms when origin is remote
updated VERSION for 2.7.31
update CONTRIBUTORS for 2.7.31
updated CHANGELOG for 2.7.31
This PR was merged into the 2.7 branch.
Discussion
----------
[TwigBundle] allow to configure custom formats in XML configs
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #13554
| License | MIT
| Doc PR |
Commits
-------
5a3a24b allow to configure custom formats in XML configs
This PR was squashed before being merged into the 2.8 branch (closes#23460).
Discussion
----------
Don't display the Symfony debug toolbar when printing the page
| Q | A
| ------------- | ---
| Branch? | 2.8
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #23303
| License | MIT
| Doc PR | -
Commits
-------
ca3ff88 Don't display the Symfony debug toolbar when printing the page
This PR was merged into the 2.7 branch.
Discussion
----------
require the XML PHP extension
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | https://github.com/symfony/symfony/pull/22676#issuecomment-300434331, symfony/symfony-standard#1099
| License | MIT
| Doc PR |
I suggest to either revert #22676 or to be consistent and require the XML extension in all bundles as well as in the `symfony/symfony` package.
Commits
-------
032e654acb require the XML PHP extension
This PR was squashed before being merged into the 2.7 branch (closes#23261).
Discussion
----------
Fixed absolute url generation for query strings and hash urls
| Q | A
| ------------- | ---
| Branch? | 2.7, ...
| Bug fix? | yes
| New feature? |no
| BC breaks? | yes? absolute_url will change its output but the old was incorrect
| Deprecations? |no
| Tests pass? | yes?
| Fixed tickets | fixes#23260
| License | MIT
Fixed absolute url generation for query strings
Commits
-------
89ad27d544 Fixed absolute url generation for query strings and hash urls
This PR was merged into the 2.7 branch.
Discussion
----------
[Filesystem] Dont copy perms when origin is remote
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #23312
| License | MIT
| Doc PR | -
Commits
-------
7b442211dc [Filesystem] Dont copy perms when origin is remote
* 2.7:
[FrameworkBundle] Do not remove files from assets dir
bumped Symfony version to 2.7.31
updated VERSION for 2.7.30
update CONTRIBUTORS for 2.7.30
updated CHANGELOG for 2.7.30
This PR was merged into the 2.7 branch.
Discussion
----------
[FrameworkBundle] Do not remove files from assets dir
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
The patch introduced in https://github.com/symfony/symfony/pull/23195 removes files from `web/bundles` (eg. `.gitignore`) which is unintentional I think.
Commits
-------
6ed9c8d8c5 [FrameworkBundle] Do not remove files from assets dir