This PR was merged into the 3.3-dev branch.
Discussion
----------
[Security] Fix json_login default success/failure handling
| Q | A
| ------------- | ---
| Branch? | 3.3
| Bug fix? | yes
| New feature? | no
| BC breaks? | no (master only)
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #22483
| License | MIT
| Doc PR | n/a
This makes the `json_login` listener default configuration stateless oriented by:
- Not using the default (redirect based) failure handler, it returns a 401 (json) response containing the failure reason instead
- Not using the default (redirect based) success handler, just let the original request continue instead (reaching the targeted resource without being redirected).
- Setting `require_previous_session` to `false` by default (I have to set it on `form-login` each time I want it to be stateless)
- Removing the options related to redirections (`default_target_path`, `login_path`, ...) from the listener factory, if one wants redirections then one has to write its own handlers, not the inverse
Commits
-------
9749618ff5 Fix json_login default success/failure handling
This PR was squashed before being merged into the 3.3-dev branch (closes#22234).
Discussion
----------
[DI] Introducing autoconfigure: automatic _instanceof configuration
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes (mostly, a continuation of a new feature)
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | https://github.com/symfony/symfony-docs/issues/7538
This is a proposal to allow the user to opt into some automatic `_instanceof` config. Suppose I want to auto-tag all of my voters and event subscribers
```yml
# current
services:
_defaults:
autowire: true
_instanceof:
Symfony\Component\Security\Core\Authorization\Voter\VoterInterface:
tags: [security.voter]
Symfony\Component\EventDispatcher\EventSubscriberInterface:
tags: [kernel.event_subscriber]
# services using the above tags
AppBundle\Security\PostVoter: ~
AppBundle\EventListener\CheckRequirementsSubscriber: ~
```
If I'm registering a service with a class that implements `VoterInterface`, when would I ever *not* want that to be tagged with `security.voter`? Here's the proposed code:
```yml
# proposed
services:
_defaults:
autowire: true
autoconfigure: true
# services using the auto_configure_instanceof functionality
AppBundle\Security\PostVoter: ~
AppBundle\EventListener\CheckRequirementsSubscriber: ~
```
The user must opt into this and it only applies locally to this configuration file. It works because each enabled bundle would have the opportunity to add one or more "automatic instanceof" definitions - e.g. SecurityBundle would add the `security.voter` instanceof config, FrameworkBundle would add the `kernel.event_subscriber` instanceof config, etc.
For another example, you can check out the proposed changes to `symfony-demo` - symfony/symfony-demo#483 - the `_instanceof` section is pretty heavy: 81694ac21e/app/config/services.yml (L20)
Thanks!
Commits
-------
18627bf9f6 [DI] Introducing autoconfigure: automatic _instanceof configuration
This PR was merged into the 3.3-dev branch.
Discussion
----------
Persist app bootstrapping logs for logger datacollector
| Q | A
| ------------- | ---
| Branch? | 3.3
| Bug fix? | no
| New feature? | yes
| BC breaks? | ?
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #21405
| License | MIT
Logs generated during the container build are catched by the BufferingLogger with a special flag.
They are persist by the LoggerDataCollector and are available in the logger profiler.
In the profiler toolbar, the "container build" logs increment the current logs counter (even if the container was previously built).
<img width="540" alt="capture d ecran 2017-02-01 a 20 56 40" src="https://cloud.githubusercontent.com/assets/1017746/22523826/0bc12e4a-e8c1-11e6-830f-7f6238ea7423.png">
<img width="1022" alt="capture d ecran 2017-02-01 a 20 57 55" src="https://cloud.githubusercontent.com/assets/1017746/22523859/2c48a698-e8c1-11e6-9bdb-d85f3e692938.png">
The BufferingLogger now require the cachePath and the filesystem to persist a (unique) container build logs.
If the current workflow is ok, I will update the test coverage (actually they fail). Maybe we can display the appDevDebugProjectContainerCompiler.log content in that logger profile.
Commits
-------
2fd18b5503 [VarDumper] Fine tune dumping log messages
ce3ef6a96e Persist app bootstrapping logs for logger datacollector
The conflict rule already forbids installing releases before 3.3 of the
Asset component. This will bring the constraint in the `require-dev`
section inline with the conflict rule.
* 3.2:
Make .travis.yml more readable
Fold Travis CI output by component
[VarDumper] Minor tweaks to html/css dumps
Add trhows PHPDoc in Application::run
[Debug] Set exit status to 255 on error
[HttpFoundation] Store IANA's RNG files in the repository
[PropertyInfo] Remove a useless call to count() in SerializerExtractor
[PropertyInfo] Prevent returning int values in some cases.
[HttpFoundation] Fix getClientIp @return docblock
Add @throws phpdoc
unify PHPUnit config files
This PR was squashed before being merged into the 3.3-dev branch (closes#22425).
Discussion
----------
[Security] Allow to set a check_path on json_login listener
| Q | A
| ------------- | ---
| Branch? | 3.3
| Bug fix? | yes
| New feature? | no
| BC breaks? | no, master only
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #21948, ~~#22423~~
| License | MIT
| Doc PR | n/a
The listener should allow to restrict authentication to a given check_path, as stated in the docs http://symfony.com/doc/master/security/json_login_setup.html
Commits
-------
9f7eb618a4 [Security] Allow to set a check_path on json_login listener
This PR was merged into the 3.3-dev branch.
Discussion
----------
[FrameworkBundle][Workflow] Deprecate the default type of a workflow
| Q | A
| ------------- | ---
| Branch? | 3.3
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | yes
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
---
Before this patch, the default type is "workflow". Most of the time a
"state_machine" is better because it's simpler and it involves less
knowledge to be able to use it.
So this patch deprecate a missing type in Symfony 3.3. And In Symfony
4.0 the default value will become "state_machine".
Commits
-------
004751c [FrameworkBundle][Workflow] Deprecate the default type of a workflow
This PR was squashed before being merged into the 3.3-dev branch (closes#22420).
Discussion
----------
[DI] Make tagged abstract services throw earlier
| Q | A
| ------------- | ---
| Branch? | 3.3
| Bug fix? | yes
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
As spotted by @stof in https://github.com/symfony/symfony/pull/22388#issuecomment-293565243, skipping abstract tagged services removes an opportunity to report config mistakes to users.
Instead of skipping them, let's throw as done before (thus reverting #22039, ping @chalasr).
I made `$container->findTaggedServiceIds()` accept a 2nd arg to make this more systematic.
To keep the possibility to have abstract tagged services *for the purpose of tag inheritance*, `ResolveTagsInheritancePass` now resets their tags.
Commits
-------
388e4b3389 [DI] Make tagged abstract services throw earlier
cd06c1297b Revert "minor #22039 Skip abstract definitions in compiler passes (chalasr)"
Before this patch, the default type is "workflow". Most of the time a
"state_machine" is better because it's simpler and it involves less
knowledge to be able to use it.
So this patch deprecate a missing type in Symfony 3.3. And In Symfony
4.0 the default value will become "state_machine".
* 3.2:
[2.8] Prevent double registrations related to tag priorities
Prevent double registrations related to tag priorities
[3.2] Prevent double registrations related to tag priorities
This PR was merged into the 2.8 branch.
Discussion
----------
[2.8] Prevent double registrations related to tag priorities
| Q | A
| ------------- | ---
| Branch? | 2.8
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
#22396 on 2.8
Commits
-------
2be5821743 [2.8] Prevent double registrations related to tag priorities
This PR was merged into the 2.7 branch.
Discussion
----------
Prevent double registrations related to tag priorities
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
The current logic is inconsistent, and allows the same id to be used several times. This makes the first explicit priority to always win.
Commits
-------
6764dcdf39 Prevent double registrations related to tag priorities
This PR was merged into the 3.3-dev branch.
Discussion
----------
added a more specialized exception for a better error message
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | yes/no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
When trying to load a resource, it is very interesting to understand why a resource cannot be loaded. Especially when you get `Cannot load resource "../src/Controller/".`... when the real error is that annotation support is disabled. This PR adds more information in that case.
Commits
-------
aeb9bffa8f added a more specialized exception for a better error message
This PR was merged into the 3.3-dev branch.
Discussion
----------
[FrameworkBundle] Use findDefinition() instead of getDefinition() on aliases
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
The services for which `has()` is called might be aliases at this point so `getDefinition()` gives an exception, I ran into by executing this pass but not the removing ones (skipping ReplaceAliasByActualDefinitionPass) while working on https://github.com/symfony/symfony/issues/16388. Let's make it safe to use independently.
Commits
-------
41f3d1f166 Use findDefinition() instead of getDefinition() after calling has()
This PR was squashed before being merged into the 3.3-dev branch (closes#22344).
Discussion
----------
[DX] [TwigBundle] Improve default expand states of exception template
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no <!-- don't forget updating UPGRADE-*.md files -->
| Tests pass? | yes
| Fixed tickets | #22334
| License | MIT
As discussed in #22334 this PR changes the default exception template to more intelligently decide which call stack to initially expand:
- All exceptions are scanned for user code, ignoring the front controller and callbacks
- Only exceptions containing user code are expanded
- If no user code is found the first exception is expanded
Commits
-------
df25691250 [DX] [TwigBundle] Improve default expand states of exception template
This PR was merged into the 3.3-dev branch.
Discussion
----------
[HttpKernel et al.] Move DataCollector::cloneVar() to lateCollect()
| Q | A
| ------------- | ---
| Branch? | 3.3
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #22166
| License | MIT
| Doc PR | -
<!--
- Bug fixes must be submitted against the lowest branch where they apply
(lowest branches are regularly merged to upper ones so they get the fixes too).
- Features and deprecations must be submitted against the master branch.
- Please fill in this template according to the PR you're about to submit.
- Replace this comment by a description of what your PR is solving.
-->
Commits
-------
f83f971c3f [HttpKernel et al.] Move DataCollector::cloneVar() to lateCollect()
This PR was merged into the 3.3-dev branch.
Discussion
----------
[HttpKernel][FrameworkBundle] Dump container logs in Kernel, to have them also on errors
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | yes
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
Inspecting container failures without the logs is hard, let's have them at hand. This should not be the responsibility of a compiler pass.
Commits
-------
a8b83340bb [HttpKernel][FrameworkBundle] Dump container logs in Kernel, to have them also on errors
This PR was merged into the 3.3-dev branch.
Discussion
----------
[BC BREAK][DI] Always autowire "by id" instead of using reflection against all existing services
| Q | A
| ------------- | ---
| Branch? | 3.3
| Bug fix? | no
| New feature? | yes
| BC breaks? | yes - compile time only
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
(patch best reviewed [ignoring whitespaces](https://github.com/symfony/symfony/pull/22295/files?w=1).)
"By-id" autowiring, as introduced in #22060 is free from all the issues that "by-type" autowiring has:
- it has no magic and requires explicit type<>id matching (*vs* using reflection on all services to cherry-pick *the* one that matches some type-hint *at that time*, which is fragile)
- it is free from any ambiguities (*vs* the Damocles' sword of breaking config just by enabling some unrelated bundle)
- it is easily introspected: just look at DI config files (*vs* inspecting the type-hierarchy of all services + their type-hints)
- ~~it is side-effect free, thus plain predictable (*vs* auto-registration of discovered types as services)~~
- it plays nice with deprecated services or classes (see #22282)
- *etc.*
Another consideration is that any "by-type" autowired configuration is either broken (because of future ambiguities) - or equivalent to a "by-id" configuration (because resolving ambiguities *means* adding explicit type<>id mappings.) For theoreticians, we could say that "by-id" autowiring is the asymptotic limit of "by-type" autowiring :-)
For all these reasons - and also because it reduces the complexity of the code base - I propose to change the behavior and only support "by-id" autowiring in 3.3. This will break some configurations relying on "by-type" autowiring. Yet the break will only happen at compile-time, which means this won't *silently* break any apps. For all core Symfony services, they will work out of the box thanks to #22098 *et al.* For the remaining services, fixing ones config should be pretty straightforward: just follow the suggestions provided by the exception messages. If they are fine to you, you'll end up with the exact same config in the end. And maybe you'll spot issues that were hidden previously.
Commits
-------
cc5e582dcf [BC BREAK][DI] Always autowire "by id" instead of using reflection against all existing services
This PR was merged into the 3.3-dev branch.
Discussion
----------
[WebProfiler] Fix race condition in fast Ajax requests
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #22297
| License | MIT
Patch `startAjaxRequest` and `finishAjaxRequest` functions to absolute noop in case the debug toolbar itself is not loaded yet, and spool historic requests after the toolbar is loaded.
Commits
-------
538a59254f [WebProfiler] Fix race condition in fast Ajax requests
* 3.2:
bumped Symfony version to 3.2.8
updated VERSION for 3.2.7
updated CHANGELOG for 3.2.7
Fixes#22264 - add support for Chrome headless, see also Seldaek/monolog#966
[Workflow] update documentation URL in readme
bumped Symfony version to 2.8.20
updated VERSION for 2.8.19
updated CHANGELOG for 2.8.19
Dont call sprintf() when no placeholders are used
* 2.8:
Fixes#22264 - add support for Chrome headless, see also Seldaek/monolog#966
bumped Symfony version to 2.8.20
updated VERSION for 2.8.19
updated CHANGELOG for 2.8.19
Dont call sprintf() when no placeholders are used
Patch startAjaxRequest and finishAjaxRequest functions to absolute noop
in case the debug toolbar itself is not loaded yet, and spool historic
requests after the toolbar is loaded.
Fixes#22297
This PR was merged into the 3.3-dev branch.
Discussion
----------
[Security] Use IteratorArgument for voters
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | yes
| Tests pass? | yes
| License | MIT
Use an IteratorArgument for injecting voters into the AccessDecisionManager.
Commits
-------
4ec80b1ae8 Use IteratorArgument for voters
* 3.2:
[FrameworkBundle] Update console fixtures after #22217
Allow Upper Case property names
fix some risky tests
bumped Symfony version to 2.7.27
updated VERSION for 2.7.26
update CONTRIBUTORS for 2.7.26
updated CHANGELOG for 2.7.26
This PR was squashed before being merged into the 2.8 branch (closes#22278).
Discussion
----------
[FrameworkBundle] Update console fixtures after #22217
| Q | A
| ------------- | ---
| Branch? | 2.8
| Bug fix? | yes (regression from #22217)
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | https://github.com/symfony/symfony/pull/22217#issuecomment-291497513
| License | MIT
| Doc PR | symfony/symfony-docs#... <!--highly recommended for new features-->
cc @fabpot
Sorry for the inconvenience :)
Commits
-------
6e1cee6 [FrameworkBundle] Update console fixtures after #22217
* 3.2:
[DI] Autowiring and factories are incompatible with each others
[DI] Don't use auto-registered services to populate type-candidates
Lighten tests output by removing composer suggestions
support nullable array or collection
Complete the injection of the expression in all syntax errors
CS: Remove invisible chars
Disable resource tracking if the config component is missing
[EventDispatcher] Remove unneded count()
Fix tests expecting a valid date
Avoid forcing to define the choices_as_values option when using choice_loader
add expression text to SyntaxError
[Console] Fix table cell styling
[Console] Revised exception rendering
Fix @param in PHPDoc
[WebProfilerBundle] Normalize whitespace in exceptions passed in headers
Disable color support detection for tests
[Form] Improve the exceptions when trying to get the data in a PRE_SET_DATA listener and the data has not already been set
* 2.8:
[DI] Autowiring and factories are incompatible with each others
[DI] Don't use auto-registered services to populate type-candidates
Lighten tests output by removing composer suggestions
support nullable array or collection
Complete the injection of the expression in all syntax errors
CS: Remove invisible chars
Disable resource tracking if the config component is missing
[EventDispatcher] Remove unneded count()
Fix tests expecting a valid date
Avoid forcing to define the choices_as_values option when using choice_loader
add expression text to SyntaxError
[Console] Fix table cell styling
[Console] Revised exception rendering
[WebProfilerBundle] Normalize whitespace in exceptions passed in headers
Disable color support detection for tests
[Form] Improve the exceptions when trying to get the data in a PRE_SET_DATA listener and the data has not already been set
This PR was merged into the 3.3-dev branch.
Discussion
----------
[DI] add ServiceLocatorTagPass::register() to share service locators
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | yes
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
Right now, one service locator is created per controller / service subscriber. But since service locators are stateless, this is just wasting resources when several controllers have the exact same set of services managed by their locators (as would be the case when registering the new `AbstractController` as a service subscribers).
This PR fixes this issue, and a few related others found along the way.
Commits
-------
8ff764be82 [DI] add ServiceLocatorTagPass::register() to share service locators
This PR was merged into the 3.3-dev branch.
Discussion
----------
[DI] Dont trigger deprecation for event_dispatcher service
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #22208
| License | MIT
| Doc PR | n/a
Mute deprecations for the event_dispatcher service keeping only relevant ones i.e when the api of the deprecated class is used intentionally, ugly but prevent breaking test suites like the [LexikJWTAuthenticationBundle one](https://travis-ci.org/lexik/LexikJWTAuthenticationBundle/jobs/216664013#L278).
Commits
-------
a49fe25fa3 [DI] Dont trigger deprecation for event_dispatcher service
* 2.7:
Lighten tests output by removing composer suggestions
CS: Remove invisible chars
Disable resource tracking if the config component is missing
[EventDispatcher] Remove unneded count()
Fix tests expecting a valid date
[Console] Fix table cell styling
[Console] Revised exception rendering
[WebProfilerBundle] Normalize whitespace in exceptions passed in headers
Disable color support detection for tests
[Form] Improve the exceptions when trying to get the data in a PRE_SET_DATA listener and the data has not already been set
This PR was merged into the 3.3-dev branch.
Discussion
----------
[HttpKernel] Dont implement ServiceSubscriberInterface on *SessionListener
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #22171, silexphp/Silex#1496
| License | MIT
| Doc PR | -
Implementing `ServiceSubscriberInterface` creates a dep on the DI component, which Silex can't afford. Let's revert that part.
@GromNaN can you please confirm this fixes your issue?
Commits
-------
7cd90f5c97 [HttpKernel] Dont implement ServiceSubscriberInterface on *SessionListener
This PR was merged into the 2.7 branch.
Discussion
----------
[WebProfilerBundle] Normalize whitespace in exceptions passed in headers
| Q | A
| ------------- | ---
| Branch? | 2.7 upwards
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #22072
| License | MIT
If an exception was thrown with line separators in its message the WebProfiler would cause an exception by passing it through unsanitized into the X-Debug-Error HTTP header. This commit fixes that by replacing all whitespace sequences with a single space in the header.
Commits
-------
d64679014b [WebProfilerBundle] Normalize whitespace in exceptions passed in headers
Errors reported by Sami API Doc generator on branch 3.2
ERROR: The "factory" @param tag variable name is wrong (should be "objectLoader") on "Symfony\Bridge\Doctrine\Form\ChoiceList\DoctrineChoiceLoader::__construct" in src/Symfony/Bridge/Doctrine/Form/ChoiceList/DoctrineChoiceLoader.php:68
ERROR: The "objectLoader" @param tag variable name is wrong (should be "factory") on "Symfony\Bridge\Doctrine\Form\ChoiceList\DoctrineChoiceLoader::__construct" in src/Symfony/Bridge/Doctrine/Form/ChoiceList/DoctrineChoiceLoader.php:68
ERROR: "7" @param tags are expected but only "6" found on "Symfony\Bundle\WebProfilerBundle\Controller\ProfilerController::__construct" in src/Symfony/Bundle/WebProfilerBundle/Controller/ProfilerController.php:50
ERROR: "3" @param tags are expected but only "2" found on "Symfony\Component\Asset\PathPackage::__construct" in src/Symfony/Component/Asset/PathPackage.php:35
ERROR: "2" @param tags are expected but only "1" found on "Symfony\Component\Cache\Adapter\PhpArrayAdapter::create" in src/Symfony/Component/Cache/Adapter/PhpArrayAdapter.php:64
ERROR: "3" @param tags are expected but only "1" found on "Symfony\Component\Cache\Adapter\RedisAdapter::__construct" in src/Symfony/Component/Cache/Adapter/RedisAdapter.php:39
ERROR: The "format" @param tag variable name is wrong (should be "fileLinkFormat") on "Symfony\Component\Debug\ExceptionHandler::setFileLinkFormat" in src/Symfony/Component/Debug/ExceptionHandler.php:90
ERROR: "2" @param tags are expected but only "3" found on "Symfony\Component\DependencyInjection\Compiler\Compiler::addPass" in src/Symfony/Component/DependencyInjection/Compiler/Compiler.php:73
ERROR: "2" @param tags are expected but only "3" found on "Symfony\Component\DependencyInjection\Compiler\PassConfig::addPass" in src/Symfony/Component/DependencyInjection/Compiler/PassConfig.php:97
ERROR: "2" @param tags are expected but only "3" found on "Symfony\Component\DependencyInjection\ContainerBuilder::addCompilerPass" in src/Symfony/Component/DependencyInjection/ContainerBuilder.php:311
ERROR: "2" @param tags are expected but only "3" found on "Symfony\Component\DependencyInjection\LazyProxy\PhpDumper\DumperInterface::getProxyFactoryCode" in src/Symfony/Component/DependencyInjection/LazyProxy/PhpDumper/DumperInterface.php:41
ERROR: "0" @param tags are expected but only "1" found on "Symfony\Component\HttpFoundation\Request::isMethodSafe" in src/Symfony/Component/HttpFoundation/Request.php:1458
ERROR: "5" @param tags are expected but only "6" found on "Symfony\Component\Serializer\Normalizer\AbstractNormalizer::instantiateObject" in src/Symfony/Component/Serializer/Normalizer/AbstractNormalizer.php:291
If an exception was thrown with line separators in its message the
WebProfiler would cause an exception by passing it through unsanitized
into the X-Debug-Error HTTP header. This commit fixes that by replacing
all whitespace sequences with a single space in the header.
* 3.2:
[Bridge\Doctrine] Fix change breaking doctrine-bundle test suite
[WebProfilerBundle] Include badge status in translation tabs
[FrameworkBundle] Cache pool clear command requires at least 1 pool
[HttpFoundation][bugfix] should always be initialized
MockArraySessionStorage: updated phpdoc for $bags so that IDE autocompletion would work
normalize paths before making them relative
removed test that does not test anything
fixed tests
#21809 [SecurityBundle] bugfix: if security provider's name contains upper cases then container didn't compile
[WebProfilerBundle] Fix for CSS attribute at Profiler Translation Page
Set Date header in Response constructor already
[Validator] fix URL validator to detect non supported chars according to RFC 3986
[Security] Fixed roles serialization on token from user object
This PR was merged into the 3.3-dev branch.
Discussion
----------
[DI] Add "by-id" autowiring: a side-effect free variant of it based on the class<>id convention
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
This PR adds a new autowiring mode, based only on the class <> id convention.
This way of autowiring is free from any conflicting behavior, which is what I was looking for to begin with.
The expected DX is a bit more involving than the current way we do autowiring. But it's worth it to me, because it's plain predictable - a lot less "magic" imho.
So in this mode, for each `App\Foo` type hint, a reference to an "App\Foo" service will be created. If no such service exists, an exception will be thrown. To me, this opens a nice DX: when type hinting interfaces (which is the best practice), this will tell you when you need to create the explicit interface <> id mapping that is missing - thus encourage things to be made explicit, but only when required, and gradually, in a way that will favor discoverability by devs.
Of course, this is opt-in, and BC. You'd need to do eg in yaml: `autowire: by_id`.
For consistency, the current mode (`autowire: true`) can be configured using `autowire: by_type`.
Commits
-------
c298f2a90c [DI] Add "by-id" autowiring: a side-effect free variant of it based on the class<>id convention
This PR was squashed before being merged into the 3.3-dev branch (closes#22046).
Discussion
----------
[Asset] Adding a new version strategy that reads from a manifest JSON file
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | https://github.com/symfony/symfony-docs/issues/7659
Hi guys!
Often, when using a frontend task manager or bundler (e.g. webpack of gulp), the final assets are dumped with a version or content hash in the filename itself (e.g. main.123abc.css). To know what the correct, current hashed filename is, you'll dump a `manifest.json` file - e.g.
```json
{
"main.js": "main.123abc.js",
"css/styles.css": "css/styles.555def.css"
}
```
Examples: [gulp-rev](https://github.com/sindresorhus/gulp-rev) and [webpack-manifest-plugin](https://www.npmjs.com/package/webpack-manifest-plugin).
This PR adds a new version strategy that will look up the asset path (e.g. `main.css`) in that file and return the final, versioned path. Some people may dump manifest files in other formats, but I think this catches the most common use-case (and you can always still create your own version strategy). I've written this to be "forgiving" - if a path doesn't exist in the manifest, the path is simply returned, unaltered.
Another implementation *could* have been to add a new Twig filter (e.g. `{{ asset('main.css|manifest_path) }}`) - but I thought I'd try first using the existing versioning system.
## Usage
```yml
# app/config/config.yml
framework:
# ...
assets:
# added validation prevents you from setting json_manifest_path AND version, for example
json_manifest_path: '%kernel.root_dir%/../web/manifest.json'
```
```twig
{# someTemplate.html.twig #}
{# use asset() just like normal #}
<script src="{{ asset('js/main.js') }}"></script>
```
## TODO
* fabbot hates my invalid json syntax file... even though I tried to be clever and not give it a `.json` suffix :)
Commits
-------
07fec2bbad [Asset] Adding a new version strategy that reads from a manifest JSON file
* 2.8:
removed test that does not test anything
fixed tests
#21809 [SecurityBundle] bugfix: if security provider's name contains upper cases then container didn't compile
[WebProfilerBundle] Fix for CSS attribute at Profiler Translation Page
Set Date header in Response constructor already
[Validator] fix URL validator to detect non supported chars according to RFC 3986
[Security] Fixed roles serialization on token from user object
* 2.7:
removed test that does not test anything
fixed tests
#21809 [SecurityBundle] bugfix: if security provider's name contains upper cases then container didn't compile
[Validator] fix URL validator to detect non supported chars according to RFC 3986
[Security] Fixed roles serialization on token from user object
This PR was squashed before being merged into the 3.3-dev branch (closes#22120).
Discussion
----------
[FrameworkBundle] Multiple services on one Command class
rebased version of #19305
Commits
-------
2b82fcb437 [FrameworkBundle] Multiple services on one Command class
This PR was merged into the 3.3-dev branch.
Discussion
----------
[FrameworkBundle] Add new "controller.service_arguments" tag to inject services into actions
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | (no test yet)
| Fixed tickets | -
| License | MIT
| Doc PR | -
Talking with @simensen and @weaverryan, we wondered if we could leverage the `ArgumentResolver` mechanism to make it inject services on demand, using e.g. autowiring.
```php
class PostController
{
public function indexAction(Request $request, PostRepository $postRepository)
{
// PostRepository comes from the container
$postRepository->findAll(); // ...
}
}
```
This PR achieves that, using a new "controller.service_arguments" tag. Typically:
```yaml
services:
AppBundle\Controller\PostController:
autowire: true
tags:
- name: controller.service_arguments
```
It also supports with explicit wiring (thus doesn't necessarily require autowiring if you don't want to use it):
```yaml
services:
AppBundle\Controller\PostController:
tags:
- name: controller.service_arguments
action: fooAction
argument: logger
id: my_logger
```
~~The attached diff is bigger than strictly required for now, until #21770 is merged.~~
Todo:
- [x] rebase on top of #21770 when merged
- [x] add tests
- [x] add cleaning pass to remove empty service locators
Commits
-------
9c6e672780 [FrameworkBundle] Add new "controller.service_arguments" tag to inject services into actions
* 3.2:
Fixed pathinfo calculation for requests starting with a question mark.
[HttpFoundation] Fix missing handling of for/host/proto info from "Forwarded" header
[Validator] Add object handling of invalid constraints in Composite
[WebProfilerBundle] Remove uneeded directive in the form collector styles
removed usage of $that
HttpCache: New test for revalidating responses with an expired TTL
[Serializer] [XML] Ignore Process Instruction
[Security] simplify the SwitchUserListenerTest
Revert "bug #21841 [Console] Do not squash input changes made from console.command event (chalasr)"
[HttpFoundation] Fix Request::getHost() when having several hosts in X_FORWARDED_HOST
This PR was merged into the 3.3-dev branch.
Discussion
----------
[Security][SecurityBundle] Enhance automatic logout url generation
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | yes
| Tests pass? | yes
| Fixed tickets | N/A
| License | MIT
| Doc PR | N/A
This should help whenever:
- [the token does not implement the `getProviderKey` method](https://github.com/symfony/symfony/blob/master/src/Symfony/Component/Security/Http/Logout/LogoutUrlGenerator.php#L89-L99)
- you've got multiple firewalls sharing a same context but a logout listener only define on one of them.
##### Behavior:
> When not providing the firewall key:
>
>- Try to find the key from the token (unless it's an anonymous token)
>- If found, try to get the listener from the key. If the listener is found, stop there.
>- Try from the injected firewall key. If the listener is found, stop there.
>- Try from the injected firewall context. If the listener is found, stop there.
>
>The behavior remains unchanged when providing explicitly the firewall key. No fallback.
Commits
-------
5b7fe852aa [Security][SecurityBundle] Enhance automatic logout url generation
This PR was squashed before being merged into the 3.3-dev branch (closes#22112).
Discussion
----------
Minor PR fixes
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | yes-ish
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #... <!-- #-prefixed issue number(s), if any -->
| License | MIT
| Doc PR | symfony/symfony-docs#... <!--highly recommended for new features-->
cc @fabpot my bad :)
Commits
-------
0728fb91b8 typo
036b0414d6 Minor PR fixes
This PR was merged into the 3.3-dev branch.
Discussion
----------
[WebProfilerBundle] Improved cookie traffic
| Q | A
| ------------- | ---
| Branch? | "master"
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | comma-separated list of tickets fixed by the PR, if any
| License | MIT
| Doc PR | reference to the documentation PR, if any
![image](https://cloud.githubusercontent.com/assets/1047696/20455635/a033a814-ae60-11e6-8500-e60146f4619e.png)
Relates to #20569 in terms of getting _all_ the cookies.
Commits
-------
171c6d100e [WebProfilerBundle] Improved cookie traffic
* 2.8:
[HttpFoundation] Fix missing handling of for/host/proto info from "Forwarded" header
[Validator] Add object handling of invalid constraints in Composite
[WebProfilerBundle] Remove uneeded directive in the form collector styles
Revert "bug #21841 [Console] Do not squash input changes made from console.command event (chalasr)"
[HttpFoundation] Fix Request::getHost() when having several hosts in X_FORWARDED_HOST
This PR was merged into the 3.3-dev branch.
Discussion
----------
[FrameworkBundle][Serializer] Add option to register a circular_reference_handler
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
---
Right now, it's quite hard (especially for new comers) to register a CircularReferenceHandler:
![screenshot1](https://cloud.githubusercontent.com/assets/408368/23959193/ce19bcec-09a4-11e7-82c7-80abd7b7f602.png)
---
This PR introduce an option to wire a service to the internal Object Normalizer.
Commits
-------
0a638f5352 [FrameworkBundle][Serializer] Add option to register a "circular_reference_handler"
This PR was merged into the 3.3-dev branch.
Discussion
----------
[FrameworkBundle] Add project directory default for installing assets
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #20337
| License | MIT
| Doc PR |
This allows the `assets:install` console command to have a fallback default of the project root directory.
Current behavior is to install assets only in the `target` of the current working directory.
Commits
-------
7a11f3ecf3 [FrameworkBundle] Add project directory default for installing assets
This PR was squashed before being merged into the 3.3-dev branch (closes#20365).
Discussion
----------
[TwigBridge] Handle form label attributes like others
| Q | A |
| --- | --- |
| Branch? | master
| Bug fix? | no
| New feature? | yes
| BC breaks? | no |
| Deprecations? | no |
| Tests pass? | yes
| Fixed tickets | -
| License | MIT |
| Doc PR | -
The HTML for rendering attributes is duplicated in multiple blocks, making it error prone/hard to maintain.
Next, the label attributes followed a different approach. Imo. all should follow the same base rendering, showing the above is actually an issue.
Commits
-------
e317e0aeab [TwigBridge] Handle form label attributes like others
This PR was merged into the 3.3-dev branch.
Discussion
----------
[*Bundle] Add autowiring aliases for common services
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
As spotted while working on #22060, we're missing many aliases to prevent any autowiring ambiguities.
I also removed the "Symfony\Component\EventDispatcher\EventDispatcher" and "Symfony\Component\DependencyInjection\Container" aliases: we'd better encourage using the corresponding interfaces instead.
On ControllerTrait, we need to type hint against SessionInterface, because otherwise, when session support is disabled, autowiring still auto-registers an "autowired.Session" service, which defeats the purpose of being able to enable/disable it.
Commits
-------
08c2ee32f1 [*Bundle] Add autowiring aliases for common services
* 3.2:
Fixes a typo in the form collector styles
[WebProfilerBundle] Fix content-security-policy compatibility
[WebProfilerBundle] Drop dead code
[HttpKernel] Fixed bug with purging of HTTPS URLs
fix some risky tests
[DI] [YamlFileLoader] change error message of a non existing file
[WebProfilerBundle] Handle Content-Security-Policy-Report-Only header correctly
[Security] Added option to return true in the method isRememberMeRequested