* 2.7:
[Security] Fix logout
#27250 limiting GET_LOCK key up to 64 char due to changes in MySQL 5.7.5 and later
[Profiler] Remove propel & event_listener_loading category identifiers
[Filesystem] Fix usages of error_get_last()
[Debug] Fix populating error_get_last() for handled silent errors
Suppress warnings when open_basedir is non-empty
* 2.7:
Clean calls to http_build_query()
[HttpFoundation] Fix missing "throw" in JsonResponse
Improve the documentation of
Suppress warning from sapi_windows_vt100_support on stream other than STDIO
removed extra-verbose comments
Fixes#26136: Avoid emitting warning in hasParameterOption()
Added a README entry to the PR template
[HttpFoundation] Add x-zip-compressed to MimeTypeExtensionGuesser.
[DI] Add null check for removeChild
* 2.7:
[SecurityBundle] Backport test
Fix misspelling variable
[DI] minor: use a strict comparision in setDecoratedService
Follow-on to #25825: Fix edge case in getParameterOption.
keep the context when validating forms
* 2.7:
[appveyor] set memory_limit=-1
[Router] Skip anonymous classes when loading annotated routes
Fixed Request::__toString ignoring cookies
[Security] Fix fatal error on non string username
This PR was merged into the 2.7 branch.
Discussion
----------
[appveyor] set memory_limit=-1
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
Commits
-------
10e33ac [appveyor] set memory_limit=-1
This PR was merged into the 2.7 branch.
Discussion
----------
[Security] Fix fatal error on non string username
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | https://github.com/symfony/symfony/issues/25612
| License | MIT
| Doc PR | n/a
That's consistent with what #22569 did for the `json_login` listener.
Commits
-------
8f095683d0 [Security] Fix fatal error on non string username
* 2.7:
[Serializer] Fixed throwing exception with option JSON_PARTIAL_OUTPUT_ON_ERROR
[Security] Fail gracefully if the security token cannot be unserialized from the session
[Form] AbstractLayoutTest - fix DOMDocument casing
bumped Symfony version to 2.7.41
updated VERSION for 2.7.40
update CONTRIBUTORS for 2.7.40
updated CHANGELOG for 2.7.40
* 2.7:
fixed CS
fixed CS
[Security] Namespace generated CSRF tokens depending of the current scheme
ensure that submitted data are uploaded files
[Console] remove dead code
bumped Symfony version to 2.7.38
updated VERSION for 2.7.37
updated CHANGELOG for 2.7.37
[Security] Validate redirect targets using the session cookie domain
prevent bundle readers from breaking out of paths
This PR was merged into the 2.7 branch.
Discussion
----------
Validate redirect targets using the session cookie domain
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
<!--
- Bug fixes must be submitted against the lowest branch where they apply
(lowest branches are regularly merged to upper ones so they get the fixes too).
- Features and deprecations must be submitted against the master branch.
- Please fill in this template according to the PR you're about to submit.
- Replace this comment by a description of what your PR is solving.
-->
Commits
-------
52b06f1c21 [Security] Validate redirect targets using the session cookie domain
* 2.7: (22 commits)
Tests and fix for issue in array model data in EntityType field with multiple=true
[Form] Fixed PercentToLocalizedStringTransformer to accept both comma and dot as decimal separator, if possible
removed useless PHPDoc
[Form] Fix FormInterface::submit() annotation
PdoSessionHandler: fix advisory lock for pgsql when session.sid_bits_per_character > 4
HttpCache does not consider ESI resources in HEAD requests
Fix translation for "This field was not expected"
[Routing] Enhance Route(Collection) docblocks
Added improvement for accuracy in MoneyToLocalizedStringTransformer.
Removed unused private property
Use correct verb form in the pull request template
Use PHP_MAXPATHLEN in Filesystem.
Added null as explicit return type (?TokenInterface)
[FrameworkBundle] Fix Routing\DelegatingLoader
Render all line breaks according to the exception message
[Form] Fix phpdoc
[DI] remove confusing code
[Form] Fixed GroupSequence with "constraints" option
[Validator] Clarify UUID validator behavior
[Filesystem] Fixed makePathRelative
...
* 2.7:
Revert "bug #24105 [Filesystem] check permissions if dump target dir is missing (xabbuh)"
[Filesystem] skip tests if not applicable
[Fabbot] Do not run php-cs-fixer if there are no change in src/
[Security] Fix exception when use_referer option is true and referer is not set or empty
Get KERNEL_DIR through $_ENV too for KernelTestCase
check permissions if dump target dir is missing
