This PR was squashed before being merged into the 3.4 branch (closes#25014).
Discussion
----------
Move deprecation under use statements
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | none
| License | MIT
| Doc PR | n/a
Commits
-------
0a5b016 Move deprecation under use statements
* 3.4: (26 commits)
[Bridge\PhpUnit] Disable broken auto-require mechanism of phpunit
[Console] Fix disabling lazy commands
[DI] Remove scalar typehint in class used in test case
Remove the `server:log` command if monolog is not loaded
[SecurityBundle] Fix syntax error in test
[Console] Remove remaining dead code
Throw on service:method factory notation in PHP-based DI configuration
Test that named arguments are prioritized over typehinted
bumped Symfony version to 3.3.14
bumped Symfony version to 2.8.32
bumped Symfony version to 2.7.39
Prove that change is working with tests
updated VERSION for 3.3.13
updated CHANGELOG for 3.3.13
updated VERSION for 2.8.31
updated CHANGELOG for 2.8.31
updated VERSION for 2.7.38
updated CHANGELOG for 2.7.38
Replace array|\Traversable by iterable
[DI] Fix by-type args injection
...
* 3.3:
[Bridge\PhpUnit] Disable broken auto-require mechanism of phpunit
[SecurityBundle] Fix syntax error in test
[Console] Remove remaining dead code
bumped Symfony version to 3.3.14
bumped Symfony version to 2.8.32
bumped Symfony version to 2.7.39
updated VERSION for 3.3.13
updated CHANGELOG for 3.3.13
updated VERSION for 2.8.31
updated CHANGELOG for 2.8.31
updated VERSION for 2.7.38
updated CHANGELOG for 2.7.38
Replace array|\Traversable by iterable
Fix ambiguous pattern
* 2.8:
[SecurityBundle] Fix syntax error in test
[Console] Remove remaining dead code
bumped Symfony version to 2.8.32
bumped Symfony version to 2.7.39
updated VERSION for 2.8.31
updated CHANGELOG for 2.8.31
updated VERSION for 2.7.38
updated CHANGELOG for 2.7.38
Replace array|\Traversable by iterable
Fix ambiguous pattern
* 2.7:
[SecurityBundle] Fix syntax error in test
[Console] Remove remaining dead code
bumped Symfony version to 2.7.39
updated VERSION for 2.7.38
updated CHANGELOG for 2.7.38
Replace array|\Traversable by iterable
Fix ambiguous pattern
This PR was merged into the 3.4 branch.
Discussion
----------
[Console] Fix ability to disable lazy commands
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
Properly throw when running them and don't show them in the list, as for non lazy ones.
Commits
-------
6787d8e [Console] Fix disabling lazy commands
This PR was merged into the 2.7 branch.
Discussion
----------
Replace array|\Traversable by iterable
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #... <!-- #-prefixed issue number(s), if any -->
| License | MIT
| Doc PR | symfony/symfony-docs#... <!--highly recommended for new features-->
Replace `array|\Traversable` by `iterable`, favoring pure API (or less mixed at least :)) and be clear whenever phpdoc is replaced.
https://secure.php.net/manual/en/language.types.iterable.php
Commits
-------
278088931b Replace array|\Traversable by iterable
This PR was merged into the 2.7 branch.
Discussion
----------
[Console] Remove remaining dead code
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
Since they are always re-thrown, no need to catch `\Error` instances at all.
Commits
-------
3822c07f65 [Console] Remove remaining dead code
This PR was merged into the 3.4 branch.
Discussion
----------
[DependencyInjection] Single typed argument can be applied on multiple parameters
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | ø
| License | MIT
| Doc PR | ø
I'm @nicolas-grekas' test writer today. This makes the argument resolution working when injecting the same type multiple times (sub-set of PR #24978)
Commits
-------
d51265447d Test that named arguments are prioritized over typehinted
bf7eeef3fb Prove that change is working with tests
2176be74d8 [DI] Fix by-type args injection
This PR was merged into the 3.4 branch.
Discussion
----------
[Validator] enter the context in which to validate
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #24246
| License | MIT
| Doc PR |
Commits
-------
7359cbe063 [Validator] enter the context in which to validate
This PR was merged into the 2.7 branch.
Discussion
----------
Fix ambiguous pattern
[Validator][Constraints][UrlValidator] Fix domain name pattern.
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
`\pS` is a unicode character class, `\pS-\.` pretends to be a range which is not. This pattern fails with PCRE2.
Thanks.
Commits
-------
059f59a106 Fix ambiguous pattern
This PR was merged into the 3.4 branch.
Discussion
----------
[HttpKernel] remove services resetter even when it's an alias
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
All the other places in the compiler pass do not care whether the
resetter service is aliased or not. Let's just also properly deal with
the case that the services resetter service was aliased by another
bundle.
Commits
-------
f7e634b remove services resetter even when it's an alias
This PR was merged into the 3.4 branch.
Discussion
----------
[HttpKernel] Fix service arg resolver for controllers as array callables
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #24970
| License | MIT
| Doc PR | ø
Replacing #24970 as I can't push tests directly to @nicolas-grekas' PR.
> As spotted today during a Symfony 4 workshop at SymfonyCon Cluj, setting a controller as an array [SomeController::class, 'helloAction'] works, it is defined as a service, BUT the actions don't get the services as arguments. This is fixing it.
Commits
-------
fc3d3bb [HttpKernel] Fix service arg resolver for controllers as array callables
a9e9f36 Add service value resolver tests Prove that the service value resolver will not work with the array notation
* 3.4:
fixed CS
fixed CS
[Security] Namespace generated CSRF tokens depending of the current scheme
ensure that submitted data are uploaded files
[Console] remove dead code
bumped Symfony version to 3.3.13
updated VERSION for 3.3.12
updated CHANGELOG for 3.3.12
bumped Symfony version to 2.8.31
updated VERSION for 2.8.30
updated CHANGELOG for 2.8.30
bumped Symfony version to 2.7.38
updated VERSION for 2.7.37
updated CHANGELOG for 2.7.37
[Security] Validate redirect targets using the session cookie domain
prevent bundle readers from breaking out of paths
* 3.3:
fixed CS
fixed CS
[Security] Namespace generated CSRF tokens depending of the current scheme
ensure that submitted data are uploaded files
[Console] remove dead code
bumped Symfony version to 3.3.13
updated VERSION for 3.3.12
updated CHANGELOG for 3.3.12
bumped Symfony version to 2.8.31
updated VERSION for 2.8.30
updated CHANGELOG for 2.8.30
bumped Symfony version to 2.7.38
updated VERSION for 2.7.37
updated CHANGELOG for 2.7.37
[Security] Validate redirect targets using the session cookie domain
prevent bundle readers from breaking out of paths
* 2.8:
fixed CS
fixed CS
[Security] Namespace generated CSRF tokens depending of the current scheme
ensure that submitted data are uploaded files
[Console] remove dead code
bumped Symfony version to 2.8.31
updated VERSION for 2.8.30
updated CHANGELOG for 2.8.30
bumped Symfony version to 2.7.38
updated VERSION for 2.7.37
updated CHANGELOG for 2.7.37
[Security] Validate redirect targets using the session cookie domain
prevent bundle readers from breaking out of paths
* 2.7:
fixed CS
fixed CS
[Security] Namespace generated CSRF tokens depending of the current scheme
ensure that submitted data are uploaded files
[Console] remove dead code
bumped Symfony version to 2.7.38
updated VERSION for 2.7.37
updated CHANGELOG for 2.7.37
[Security] Validate redirect targets using the session cookie domain
prevent bundle readers from breaking out of paths
This PR was merged into the 2.7 branch.
Discussion
----------
Validate redirect targets using the session cookie domain
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
<!--
- Bug fixes must be submitted against the lowest branch where they apply
(lowest branches are regularly merged to upper ones so they get the fixes too).
- Features and deprecations must be submitted against the master branch.
- Please fill in this template according to the PR you're about to submit.
- Replace this comment by a description of what your PR is solving.
-->
Commits
-------
52b06f1c21 [Security] Validate redirect targets using the session cookie domain
This PR was merged into the 2.7 branch.
Discussion
----------
Prevent bundle readers from breaking out of paths
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
<!--
- Bug fixes must be submitted against the lowest branch where they apply
(lowest branches are regularly merged to upper ones so they get the fixes too).
- Features and deprecations must be submitted against the master branch.
- Please fill in this template according to the PR you're about to submit.
- Replace this comment by a description of what your PR is solving.
-->
Commits
-------
c8f9f916b4 prevent bundle readers from breaking out of paths
This PR was merged into the 2.7 branch.
Discussion
----------
Ensure that submitted data are uploaded files
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | yes
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
<!--
- Bug fixes must be submitted against the lowest branch where they apply
(lowest branches are regularly merged to upper ones so they get the fixes too).
- Features and deprecations must be submitted against the master branch.
- Please fill in this template according to the PR you're about to submit.
- Replace this comment by a description of what your PR is solving.
-->
Commits
-------
f9e210cc7b ensure that submitted data are uploaded files
All the other places in the compiler pass do not care whether the
resetter service is aliased or not. Let's just also properly deal with
the case that the services resetter service was aliased by another
bundle.
This PR was merged into the 2.7 branch.
Discussion
----------
[Console] remove dead code
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | no
| New feature? | no <!-- don't forget to update src/**/CHANGELOG.md files -->
| BC breaks? | no
| Deprecations? | no <!-- don't forget to update UPGRADE-*.md files -->
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
Part of #24961 for 2.7
Commits
-------
65f2b13 [Console] remove dead code
* 3.4:
[DI] Fix dumping with custom base class
fixed typo
[HttpFoundation] Add test
[HttpFoundation] Fix session-related BC break
[Process] Workaround PHP bug #75515 in ProcessTest::testSimpleInputStream()
[FrameworkBundle] Wire the translation.reader service instead of deprecated translation.loader in commands
fix method name
* 3.3:
[DI] Fix dumping with custom base class
[HttpFoundation] Add test
[HttpFoundation] Fix session-related BC break
[Process] Workaround PHP bug #75515 in ProcessTest::testSimpleInputStream()
fix method name
This PR was merged into the 3.3 branch.
Discussion
----------
[DI] Fix dumping with custom base class
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #24948
| License | MIT
| Doc PR | -
ping @kbond please confirm it's OK for you
Commits
-------
2dd74ab [DI] Fix dumping with custom base class
This PR was merged into the 2.7 branch.
Discussion
----------
[Form] fix method name
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
Commits
-------
b862168 fix method name
This PR was squashed before being merged into the 3.4 branch (closes#24928).
Discussion
----------
[Filesystem] toIterable() in favor of toIterator()
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #... <!-- #-prefixed issue number(s), if any -->
| License | MIT
| Doc PR | symfony/symfony-docs#... <!--highly recommended for new features-->
Enables to leverage iterable type as of 4.0, but really to avoid any useless `ArrayObject` inits.
Commits
-------
36462d678b [Filesystem] toIterable() in favor of toIterator()
* 3.4:
[TwigBridge] Fixed the .form-check-input class in the bs4 templates
[Console] Fix traversable autocomplete values
[SecurityBundle] Improve deprecations
[DI] Friendlier name for generated container in "as_files" mode
[Debug] Remove false-positive deprecation from DebugClassLoader
[SecurityBundle] Add missing quotes in deprecation messages
[ExpressionLanguage] Fix PhpDoc type-hints on Token value
bumped Symfony version to 3.3.12
Add default translations path option and convention
updated VERSION for 3.3.11
updated CHANGELOG for 3.3.11
bumped Symfony version to 2.8.30
updated VERSION for 2.8.29
updated CHANGELOG for 2.8.29
bumped Symfony version to 2.7.37
updated VERSION for 2.7.36
update CONTRIBUTORS for 2.7.36
updated CHANGELOG for 2.7.36
* 3.3:
[Console] Fix traversable autocomplete values
[ExpressionLanguage] Fix PhpDoc type-hints on Token value
bumped Symfony version to 3.3.12
updated VERSION for 3.3.11
updated CHANGELOG for 3.3.11
bumped Symfony version to 2.8.30
updated VERSION for 2.8.29
updated CHANGELOG for 2.8.29
bumped Symfony version to 2.7.37
updated VERSION for 2.7.36
update CONTRIBUTORS for 2.7.36
updated CHANGELOG for 2.7.36
* 2.8:
[Console] Fix traversable autocomplete values
[ExpressionLanguage] Fix PhpDoc type-hints on Token value
bumped Symfony version to 2.8.30
updated VERSION for 2.8.29
updated CHANGELOG for 2.8.29
bumped Symfony version to 2.7.37
updated VERSION for 2.7.36
update CONTRIBUTORS for 2.7.36
updated CHANGELOG for 2.7.36
* 2.7:
[Console] Fix traversable autocomplete values
[ExpressionLanguage] Fix PhpDoc type-hints on Token value
bumped Symfony version to 2.7.37
updated VERSION for 2.7.36
update CONTRIBUTORS for 2.7.36
updated CHANGELOG for 2.7.36
This PR was squashed before being merged into the 3.4 branch (closes#24874).
Discussion
----------
[TwigBridge] Fixed the .form-check-input class in the bs4 templates
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
If I am not mistaken, the `form-check-input` class should always be present in inputs of checkboxes and radios
Commits
-------
95a90e4231 [TwigBridge] Fixed the .form-check-input class in the bs4 templates
This PR was merged into the 3.4 branch.
Discussion
----------
[DI] Friendlier name for generated container in "as_files" mode
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
Noticed while looking at Blackfire profiles of a 3.4 app.
Gives friendlier profiles/stack traces.
Commits
-------
7db5d40a26 [DI] Friendlier name for generated container in "as_files" mode
This PR was merged into the 2.7 branch.
Discussion
----------
[Console] Fix traversable autocomplete values
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #... <!-- #-prefixed issue number(s), if any -->
| License | MIT
| Doc PR | symfony/symfony-docs#... <!--highly recommended for new features-->
`Question::setAutocompleterValues` implies passing a `\Traversable` value is allowed, yet it doesnt work :) It also restricts the traversable to be countable, which is not really needed (blocking pure API / iterable type as of 4.0).
Commits
-------
965b5b5f8d [Console] Fix traversable autocomplete values
* 3.4: (21 commits)
fixed CS
HttpCache lock update
[Intl] Update ICU data to 60.1
[YAML] Allow to parse custom tags when linting yaml files
[HttpKernel][Debug] Remove noise from stack frames of deprecations
[WebServerBundle] prevent console.terminate from being fired after stopping server
[Validator] Fix Costa Rica IBAN format
[Bridge/ProxyManager] Remove direct reference to value holder property
[Validator] Add Belarus IBAN format
[Config] Fix cannotBeEmpty()
[Debug] More aggressively aggregate silenced notices per file+line
[HttpFoundation] minor session-related fix
[Cache][Lock] Add RedisProxy for lazy Redis connections
[TwigBridge] [Bootstrap 4] Fix validation error design for expanded choiceType
[FrameworkBundle] Specifically inject the debug dispatcher in the collector
[WebserverBundle] fixed the bug that caused that the webserver would …
update the pull request template
[Stopwatch] minor fix
Add default mapping path for validator component
Add default mapping path for serializer component
...
* 3.3:
[Intl] Update ICU data to 60.1
[YAML] Allow to parse custom tags when linting yaml files
[HttpKernel][Debug] Remove noise from stack frames of deprecations
[Validator] Fix Costa Rica IBAN format
[Bridge/ProxyManager] Remove direct reference to value holder property
[Validator] Add Belarus IBAN format
[FrameworkBundle] Specifically inject the debug dispatcher in the collector
[WebserverBundle] fixed the bug that caused that the webserver would …
update the pull request template
[Stopwatch] minor fix
* 2.8:
[Intl] Update ICU data to 60.1
[Validator] Fix Costa Rica IBAN format
[Bridge/ProxyManager] Remove direct reference to value holder property
[Validator] Add Belarus IBAN format
[FrameworkBundle] Specifically inject the debug dispatcher in the collector
update the pull request template
[Stopwatch] minor fix
* 2.7:
[Intl] Update ICU data to 60.1
[Validator] Fix Costa Rica IBAN format
[Bridge/ProxyManager] Remove direct reference to value holder property
[Validator] Add Belarus IBAN format
[FrameworkBundle] Specifically inject the debug dispatcher in the collector
update the pull request template
[Stopwatch] minor fix
This PR was squashed before being merged into the 2.7 branch (closes#24909).
Discussion
----------
[Intl] Update ICU data to 60.1
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
http://site.icu-project.org/download/60
All tests are passing, including those from the intl-data group.
Commits
-------
cf04e7cefe [Intl] Update ICU data to 60.1
This PR was squashed before being merged into the 3.3 branch (closes#24870).
Discussion
----------
[YAML] Allow to parse custom tags when linting yaml files
| Q | A
| ------------- | ---
| Branch? | 3.3
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | N/A
| License | MIT
| Doc PR | N/A
When using custom tags in yaml, currently the `lint:yaml` command fails since the flag `Yaml::PARSE_CUSTOM_TAGS` is not passed through
Commits
-------
d8dd91d919 [YAML] Allow to parse custom tags when linting yaml files
This PR was merged into the 3.4 branch.
Discussion
----------
[Debug] More aggressively aggregate silenced notices per file+line
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #24625
| License | MIT
| Doc PR | -
By aggregating silenced notices (deprecations mostly) per file+line instead of just per message, we loose some accuracy, but gain performance.
Commits
-------
9ab7559fb5 [Debug] More aggressively aggregate silenced notices per file+line
This PR was merged into the 3.4 branch.
Discussion
----------
[Cache][Lock] Add RedisProxy for lazy Redis connections
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #24865
| License | MIT
| Doc PR | -
That's the only provider that is not lazy by default, leading to bad DX (see linked issue.)
Best reviewed [ignoring whitespaces](https://github.com/symfony/symfony/pull/24887/files?w=1).
Commits
-------
1f5e3538d8 [Cache][Lock] Add RedisProxy for lazy Redis connections
This PR was squashed before being merged into the 2.7 branch (closes#24900).
Discussion
----------
[Validator] Fix Costa Rica IBAN format
| Q | A
| ------------- | ---
| Branch? | 2.8
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | no
| License | MIT
| Doc PR | no
Fix Costa Rica IBAN format: https://bank.codes/iban/structure/costa-rica/
Commits
-------
b9b5e18f8b [Validator] Fix Costa Rica IBAN format
* 3.4:
[DI] Add "container.hot_path" tag to flag the hot path and inline related services
[FrameworkBundle] Fine-tune generated annotations.php cache
[HttpFoundation] Prevent PHP from sending Last-Modified on session start
Micro optim using explicit root namespaces
This PR was merged into the 3.4 branch.
Discussion
----------
[DI] Add "container.hot_path" tag to flag the hot path and inline related services
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
This PR is the result of my quest to squeeze some performance out of 3.4/4.0.
It builds on two ideas:
- a new `container.inline` tag that identifies the services that are *always* needed. This tag is only applied to a very short list of bootstrapping services (`router`, `event_dispatcher`, `http_kernel` and `request_stack` only). Then, it is propagated to all dependencies of these services, with a special case for event listeners, where only listed events are propagated to their related listeners.
- replacing the PHP autoloader by plain inlined `require_once` in generated service factories, with the benefit of completely bypassing the autoloader for services and their class hierarchy.
The end result is significant, even on a simple Hello World.
Here is the Blackfire profile, results are consistent with `ab` benchmarks:
https://blackfire.io/profiles/compare/b5fa5ef0-755c-4967-b990-572305f8f381/graph
![capture du 2017-11-08 16-54-28](https://user-images.githubusercontent.com/243674/32558666-a3f439b2-c4a5-11e7-83a3-db588c3e21e5.png)
Commits
-------
f7cb559a06 [DI] Add "container.hot_path" tag to flag the hot path and inline related services
* 3.4:
[3.4] Remove useless docblocks
[3.3] More docblock fixes
[2.7] More docblock fixes
[TwigBridge] Fix BC break due required twig environment
Random fixes
Docblock fixes
[DI] Fix cannot bind env var
Fix some signatures in PHP-DSLs
[HttpKernel] Enhance deprecation message
bumped Symfony version to 3.4.0
updated VERSION for 3.4.0-BETA3
updated CHANGELOG for 3.4.0-BETA3
[SecurityBundle] Fix the datacollector to properly support decision.object being null
This PR was merged into the 3.4 branch.
Discussion
----------
[DI] Fix cannot bind env var
| Q | A
| ------------- | ---
| Branch? | 3.4 <!-- see comment below -->
| Bug fix? | yes
| New feature? | no <!-- don't forget to update src/**/CHANGELOG.md files -->
| BC breaks? | no
| Deprecations? | no <!-- don't forget to update UPGRADE-*.md files -->
| Tests pass? | yes
| Fixed tickets | #24845 <!-- #-prefixed issue number(s), if any -->
| License | MIT
| Doc PR | N/A
In #24602 we removed the processing of bindings from the `AbstractRecursivePass`. But there is actually one case where we want a recursive pass to process them: to resolve env param placeholders.
Commits
-------
f8f3a15 [DI] Fix cannot bind env var
This PR was merged into the 3.4 branch.
Discussion
----------
Fix some signatures in PHP-DSLs
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
Commits
-------
af85431 Fix some signatures in PHP-DSLs
* 3.3:
Random fixes
Docblock fixes
[HttpKernel] Enhance deprecation message
[SecurityBundle] Fix the datacollector to properly support decision.object being null
This PR was squashed before being merged into the 3.3 branch (closes#24610).
Discussion
----------
[HttpKernel] Enhance deprecation message
Q | A
-- | --
Branch? | 3.4
Bug fix? | no
New feature? | no
BC breaks? | no
Deprecations? | no (Docblock with info on how to handle deprecation)
Tests pass? | yes
Fixed tickets | NA
License | MIT
Doc PR | symfony/symfony-docs#...
Commits
-------
9e9d01684e [HttpKernel] Enhance deprecation message
* 3.4:
[HttpFoundation] refactoring: calculate when need
[Serializer] Fix extra attributes when no group specified
[Intl] Make intl-data tests pass and save language aliases again
[FrameworkBundle][Config] fix: do not add resource checkers for debug=false
[DI] Fix "almost-circular" dependencies handling
[Console] Fix CommandTester::setInputs() docblock
Only enabling validation if it is present
Fix displaying errors for bootstrap 4
[Serializer] readd default argument value
Fix reference dump for deprecated nodes
[PhpUnitBridge] Fixed fatal error in CoverageListener when something goes wrong in Test::setUpBeforeClass
[HttpKernel] Let the storage manage the session starts
[VarDumper] fix trailling comma when dumping an exception
[Validator] Fix TraceableValidator is reset on data collector instantiation
Remove useless docblocks
[FrameworkBundle] Fix docblocks
[PropertyInfo] Remove useless docblocks
This PR was merged into the 2.8 branch.
Discussion
----------
Fix dump panel hidden when closing a dump
| Q | A
| ------------- | ---
| Branch? | 2.8
| Bug fix? | yes-ish
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
In the dump panel of the debug bar, when closing a dump the panel sometimes get hidden:
![before](https://user-images.githubusercontent.com/1736542/31867025-615e9c48-b788-11e7-8329-96716c211523.gif)
This is because when the size of the panel is reduced, if the mouse is not over it anymore, the `:hover` pseudo-class does not apply anymore.
I "fixed" it by setting a min-height on the panel when closing a dump. The min-height is removed when leaving the panel _on purpose_:
![after](https://user-images.githubusercontent.com/1736542/31867054-d01a01cc-b788-11e7-9ef7-8418ae2b3094.gif)
For now I only tested it on Firefox 56 on Arch Linux.
Commits
-------
2e0b263d9c Fix dump panel hidden when closing a dump
* 3.3:
[Serializer] Fix extra attributes when no group specified
[Intl] Make intl-data tests pass and save language aliases again
[Console] Fix CommandTester::setInputs() docblock
[Serializer] readd default argument value
[VarDumper] fix trailling comma when dumping an exception
Remove useless docblocks
[FrameworkBundle] Fix docblocks
[PropertyInfo] Remove useless docblocks
This PR was merged into the 2.7 branch.
Discussion
----------
[Form] Nullable FormInterface::getPropertyPath()
| Q | A
| ------------- | ---
| Branch? | 4.0
| Bug fix? | yes
| New feature? | no
| BC breaks? | yes
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #24560
| License | MIT
| Doc PR |
`Symfony\Component\Form\Form::getPropertyPath()` returns `null` when the form has an empty name. It allows for unprefixed children.
```php
<?php
namespace App\Controller;
use Sensio\Bundle\FrameworkExtraBundle\Configuration\Route;
use Sensio\Bundle\FrameworkExtraBundle\Configuration\Template;
use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
use Symfony\Component\Form\Extension\Core\Type\TextType;
class IndexController extends AbstractController
{
/**
* @Route(name="index")
* @Template()
*/
public function indexAction()
{
$form = $this->get('form.factory')
->createNamedBuilder('')
->add('text', TextType::class)
->getForm();
return [
'form' => $form->createView(),
];
}
}
```
```html
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<title>Welcome!</title>
</head>
<body>
<form name="" method="post">
<label for="text">Text</label>
<input type="text" id="text" name="text">
</form>
</body>
</html>
```
But the return type of the `Symfony\Component\Form\FormInterface::getPropertyPath()` is not nullable.
We cannot change the behaviour, obviously. At least it's useful in API controllers.
So I decided to change the doc block of the interface.
Commits
-------
d56632a45f FormInterface::getPropertyPath(): PropertyPathInterface|null
This PR was merged into the 3.3 branch.
Discussion
----------
[Serializer] Fix extra attributes when no group specified
| Q | A
| ------------- | ---
| Branch? | 3.3 <!-- see comment below -->
| Bug fix? | yes
| New feature? | no <!-- don't forget to update src/**/CHANGELOG.md files -->
| BC breaks? | no
| Deprecations? | no <!-- don't forget to update UPGRADE-*.md files -->
| Tests pass? | yes
| Fixed tickets | #24783 <!-- #-prefixed issue number(s), if any -->
| License | MIT
| Doc PR | N/A
~~Two commits, for two possible solutions, but I think the last one is probably the most efficient one, as the first one will also impact normalization and systematically try to intersect allowedAttributes and extractedAttributes.~~
Commits
-------
d1b343c015 [Serializer] Fix extra attributes when no group specified
This PR was merged into the 3.4 branch.
Discussion
----------
[DI] Fix "almost-circular" dependencies handling
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #19362, #24775
| License | MIT
| Doc PR | -
In a situation like the following one, we used to trigger a circular reference exception. But this was a false positive, as the reference is resolvable without hitting the circle. Fixing this exception could be considered as a new feature (because no existing config needs it, since it fails). But for 3.4, this should be considered a bug fix, as reported in #24775: not handling this situation now means creating broken service trees.
``` php
$containerBuilder = new ContainerBuilder();
$container->register('foo', FooCircular::class)->setPublic(true)
->addArgument(new Reference('bar'));
$container->register('bar', BarCircular::class)
->addMethodCall('addFoobar', array(new Reference('foobar')));
$container->register('foobar', FoobarCircular::class)
->addArgument(new Reference('foo'));
$foo = $containerBuilder->get('foo');
```
Commits
-------
beb4df712c [DI] Fix "almost-circular" dependencies handling
This PR was squashed before being merged into the 2.7 branch (closes#24814).
Discussion
----------
[Intl] Make intl-data tests pass and save language aliases again
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
Due to changes in ICU 5.5 aliases were not being saved since that version.
Commits
-------
661a4b6 [Intl] Make intl-data tests pass and save language aliases again
This PR was squashed before being merged into the 3.4 branch (closes#24774).
Discussion
----------
[HttpKernel] Let the storage manage the session starts
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #24730
| License | MIT
| Doc PR | ø
HttpKernel's request collector should not really care if the session has started or not, be let the storage decide. Without the session, it is not possible to track the redirected pages.
I don't think the consideration of "we should not start the session if not needed by the user's code" applies here as if this is running, that is very likely that the user is running the dev environment anyway.
Commits
-------
95d0b7235f [HttpKernel] Let the storage manage the session starts
* 3.4:
removed extra whitespace
Removes \n or space when / are empty
[HttpFoundation] add Early Hints in Reponse to fix test
bumped Symfony version to 3.4.0
updated VERSION for 3.4.0-BETA2
updated CHANGELOG for 3.4.0-BETA2
Throwing exception if redis and predis unavailable
* 3.3:
removed extra whitespace
Removes \n or space when / are empty
[HttpFoundation] add Early Hints in Reponse to fix test
Throwing exception if redis and predis unavailable
This PR was squashed before being merged into the 3.4 branch (closes#24728).
Discussion
----------
[Bridge\Twig] fix bootstrap checkbox_row to render properly & remove spaceless
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #24711
| License | MIT
| Doc PR | -
As discussed in #24711 i reverted the change i did in `bootstrap_3_layout.html.twig` (which caused an unnecessary empty div-container in the vertical-layout), added the `checkbox_row` block to the `bootstrap_3_horizontal_layout.html.twig` and removed `spaceless` (as proposed in #24727).
since i added `{#--#}` in bootstrap 3, i did the same for the same horizontal blocks in bootstrap 4 as well.
I moved the `form_label_class` & `form_group_class` blocks to the top of `bootstrap_3_horizontal_layout.html.twig` & `bootstrap_4_horizontal_layout.html.twig`, this should improve DX as they were spreaded across the file.
#24702 affected the bootstrap 4 horizontal layout as well, so i added the `checkbox_row` block to bootstrap 4 too.
ping @fabpot @nicolas-grekas
Commits
-------
f84749f745 [Bridge\Twig] fix bootstrap checkbox_row to render properly & remove spaceless
This PR was merged into the 3.4 branch.
Discussion
----------
[HttpKernel] Move services reset to Kernel::handle()+boot()
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #24552
| License | MIT
| Doc PR | -
This is an alternative to #24697 (which uses middlewares).
This PR adds a new `services_resetter` service that the Kernel calls on 2nd root requests to reset services.
Instead of #24697 which plans for optional enabling of the services reset, this approach moves the responsibility of calling the services resetter to the core Kernel class, so that no configuration/middleware/etc. is required at all, and no overhead exists at all for regular requests.
Commits
-------
4501a3688b [HttpKernel] Move services reset to Kernel
* 3.4:
[TwigBridge] Bootstrap 4 form theme fixes
[VarDumper] HtmlDumper: fix collapsing nodes with depth <= maxDepth
Fixing a bug where non-existent classes would cause issues
Do not activate the cache if Doctrine's cache is not present
[SecurityBundle] hotfix: update phpdocs on logout url
[FrameworkBundle] Do not load property_access.xml if the component isn't installed
[HttpFoundation] Mark new methods on Response as final
Fixed a few spelling mistakes in Luxembourgish translation
[TwigBridge] Fix template paths in profiler
* 3.3:
Fixing a bug where non-existent classes would cause issues
[SecurityBundle] hotfix: update phpdocs on logout url
[FrameworkBundle] Do not load property_access.xml if the component isn't installed
Fixed a few spelling mistakes in Luxembourgish translation
* 2.8:
[SecurityBundle] hotfix: update phpdocs on logout url
[FrameworkBundle] Do not load property_access.xml if the component isn't installed
Fixed a few spelling mistakes in Luxembourgish translation
This PR was merged into the 3.4 branch.
Discussion
----------
[HttpFoundation] Mark new methods on Response as final
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
Commits
-------
a913f70583 [HttpFoundation] Mark new methods on Response as final
* 3.4:
Ensure DeprecationErrorHandler::collectDeprecations() is triggered
Config: mark builder property deprecated
fix CachePoolPrunerPass to use correct command service id
[TwigBridge] Re-add Bootstrap 3 Checkbox Layout
[FrameworkBundle] Allow to disable assets via framework:assets xml configuration
fixed $_ENV/$_SERVER precedence in test framework
[HttpFoundation] Fix FileBag issue with associative arrays
[DI] Throw when a service name or an alias contains dynamic values (prevent an infinite loop)
[HttpFoundation] Fix caching of session-enabled pages
[Guard] remove invalid deprecation notice
fix the phpdoc that is not really inherited from response
Minor docblock cleanup
Remove redundant sprintf arguments.
* 3.3:
Ensure DeprecationErrorHandler::collectDeprecations() is triggered
[FrameworkBundle] Allow to disable assets via framework:assets xml configuration
fixed $_ENV/$_SERVER precedence in test framework
[HttpFoundation] Fix FileBag issue with associative arrays
[DI] Throw when a service name or an alias contains dynamic values (prevent an infinite loop)
fix the phpdoc that is not really inherited from response
Minor docblock cleanup
Remove redundant sprintf arguments.
* 2.8:
[HttpFoundation] Fix FileBag issue with associative arrays
fix the phpdoc that is not really inherited from response
Minor docblock cleanup
Remove redundant sprintf arguments.
* 2.7:
[HttpFoundation] Fix FileBag issue with associative arrays
fix the phpdoc that is not really inherited from response
Minor docblock cleanup
Remove redundant sprintf arguments.
This PR was squashed before being merged into the 3.4 branch (closes#24701).
Discussion
----------
Config: mark builder property deprecated
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | yes
| Tests pass? | yes
| Fixed tickets | none
| License | MIT
| Doc PR |
`builder` protected property is not used at all in class. Mark as deprecated to enable removing asap. This is to avoid keeping dead code up to symfony `5.0` and still having this dead code in the `4.4` LTS version
Commits
-------
206fb74 Config: mark builder property deprecated
This PR was merged into the 3.3 branch.
Discussion
----------
Fix $_ENV/$_SERVER precedence in test framework
| Q | A
| ------------- | ---
| Branch? | 3.3
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
When defining env vars values in `phpunit.xml.dist`, we are using `<env ...>`. PHPUnit registers those env vars in `$_ENV`, but not in `$_SERVER`. This means that those values might not be used by Symfony if env vars defined in `.env` are automatically registered (which is my case).
In any case, I think it makes sense to make `$_ENV` take precedence as this is how we register them in `phpunit.xml.dist`.
Commits
-------
6ed9919d24 fixed $_ENV/$_SERVER precedence in test framework
This PR was merged into the 4.0-dev branch.
Discussion
----------
[HttpFoundation] Allow DateTimeImmutable in Response setters
| Q | A
| ------------- | ---
| Branch? | 4.1
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | none
| License | MIT
| Doc PR | TODO
## Proposal
This PR adds the ability to use `DateTimeImmutable` objects instead of `DateTime` in the following setters of HttpFoundation's `Response` class.
* `setDate()`
* `setExpires()`
* `setLastModified()`
The corresponding getters are not touched, meaning they will still return good old `DateTime` instances.
## BC considerations
* Calling code using `DateTime` objects will still work as before.
* Classes derived from `Response` will break if they override one of the methods above. Since all of them are considered final in Symfony 4, none of them should be overridden, though.
Commits
-------
cc7cceef9b Allow DateTimeImmutable in Response setters.
This PR was merged into the 4.0-dev branch.
Discussion
----------
Remove some visual debt by adding type hints on final methods/classes
| Q | A
| ------------- | ---
| Branch? | 4.0
| Bug fix? | no
| New feature? | no
| BC breaks? | yes
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
Commits
-------
5eab353 Remove some visual debt by adding type hints on final methods/classes
This PR was merged into the 2.7 branch.
Discussion
----------
[DI] minor docblock fixes
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
As found in #24611
Commits
-------
0c9edaf [DI] minor docblock fixes
This PR was merged into the 3.4 branch.
Discussion
----------
[DI] Handle container.autowiring.strict_mode to opt-out from legacy autowiring
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
To preserve BC, autowiring still wires things in hybrid 2.8/3.3 modes.
But 2.8 mode is really a foot gun.
I propose to add a new parameter in SF3.4, to opt-out of this 2.8 mode, and enable this strict mode for all new projects.
WDYT?
(see https://github.com/symfony/recipes/pull/221 for corresponding change on Flex recipe)
Commits
-------
a4a0ae2 [DI] Handle container.autowiring.strict_mode to opt-out from legacy autowiring
This PR was merged into the 3.4 branch.
Discussion
----------
[Security] Fix missing BC layer for AbstractGuardAuthenticator::getCredentials()
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
If a guard authenticator extends `AbstractGuardAuthenticator` and returns `null` from `getCredentials()`, an `\UnexpectedValueException` is thrown when upgrading to 3.4 because the abstract already implements the new interface.
This triggers a deprecation notice instead.
Commits
-------
b6bb84b [Security] Fix BC layer for AbstractGuardAuthenticator subclasses
Fixessymfony/symfony#24652
Trailing backslash, being unescaped, used to escape closing formatting
tag and, thus, formatting tag appeared in autocompletion
* 3.4: (26 commits)
[Routing] Fix resource miss
[Security] Fixed auth provider authenticate() cannot return void
[FrameworkBundle][Serializer] Move DateIntervalNormalizer definition to xml
declare argument type
Improving annotation loader message
[FrameworkBundle][Serializer] Move normalizer/encoders definitions to xml file & remove unnecessary checks
Update UPGRADE-4.0.md
streamed response should return $this
$isClientIpsVali is not used
[WebServerBundle] Prevent commands from being registered by convention
content can be a resource
Adding the Form default theme files to be warmed up in Twig's cache
Remove BC Break label from `NullDumper` class
Username and password in basic auth are allowed to contain '.'
Remove obsolete PHPDoc from UriSigner
[Serializer] YamlEncoder: throw if the Yaml component isn't installed
[Serializer] ObjectNormalizer: throw if PropertyAccess isn't installed
[PropertyInfo] Add support for the iterable type
pdo session fix
Fixed pathinfo calculation for requests starting with a question mark. - fix bad conflict resolving issue - port symfony/symfony#21968 to 3.3+
...
* 3.3: (22 commits)
[Routing] Fix resource miss
[Security] Fixed auth provider authenticate() cannot return void
declare argument type
[FrameworkBundle][Serializer] Move normalizer/encoders definitions to xml file & remove unnecessary checks
streamed response should return $this
$isClientIpsVali is not used
content can be a resource
Adding the Form default theme files to be warmed up in Twig's cache
Remove BC Break label from `NullDumper` class
Username and password in basic auth are allowed to contain '.'
Remove obsolete PHPDoc from UriSigner
[Serializer] YamlEncoder: throw if the Yaml component isn't installed
[Serializer] ObjectNormalizer: throw if PropertyAccess isn't installed
[PropertyInfo] Add support for the iterable type
pdo session fix
Fixed pathinfo calculation for requests starting with a question mark. - fix bad conflict resolving issue - port symfony/symfony#21968 to 3.3+
Fixed unsetting from loosely equal keys OrderedHashMap
add DOMElement as return type in Crawler::getIterator to support foreach support in ide
Fixed mistake in exception expectation
[Debug] Fix same vendor detection in class loader
...
* 2.8:
[Routing] Fix resource miss
[Security] Fixed auth provider authenticate() cannot return void
declare argument type
streamed response should return $this
content can be a resource
Adding the Form default theme files to be warmed up in Twig's cache
* 2.7:
[Security] Fixed auth provider authenticate() cannot return void
declare argument type
streamed response should return $this
content can be a resource
This PR was merged into the 2.7 branch.
Discussion
----------
[Security] Fixed auth provider authenticate() cannot return void
| Q | A
| ------------- | ---
| Branch? | 2.7 and up
| Bug fix? | yes
| New feature? | no
| BC breaks? | no (arguably)
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
The `AuthenticationManagerInterface` [requires](https://github.com/symfony/symfony/blob/2.7/src/Symfony/Component/Security/Core/Authentication/AuthenticationManagerInterface.php#L30) that `authenticate()` must return a TokenInterface, never null. Several authentication providers are violating this. Changed to throw exception instead.
See discussion in earlier PR https://github.com/symfony/symfony/pull/24585 which was changing the docblock rather than the implementations.
Commits
-------
6e18b56b77 [Security] Fixed auth provider authenticate() cannot return void
This PR was merged into the 2.7 branch.
Discussion
----------
declare type AcceptHeaderItem for array_map
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
In `array_filter` , argument type is declared.
https://github.com/symfony/symfony/blob/2.7/src/Symfony/Component/HttpFoundation/AcceptHeader.php#L133
So It's natural to do so in `array_map` too.
Commits
-------
ab8f5be40c declare argument type
The AuthenticationManagerInterface requires that authenticate() must return a TokenInterface, never null.
Several authentication providers are violating this. Changed to throw exception instead.
This PR was merged into the 2.7 branch.
Discussion
----------
content can be a resource
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes (bug in a comment)
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
Commits
-------
c63742daef content can be a resource
This PR was merged into the 4.0-dev branch.
Discussion
----------
[Form] Fix FormEvents::* constant and value matching
| Q | A
| ------------- | ---
| Branch? | 4.0
| Bug fix? | no
| New feature? | no
| BC breaks? | yes (ppl rely on const value directly, very weird)
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | https://github.com/symfony/symfony/issues/24615
| License | MIT
| Doc PR | -
> https://github.com/symfony/symfony/issues/24615#issuecomment-337945875 by @stof:
Yeah, I think we could change this in 4.0 without a big impact (btw, I think our BC policy even allows it for this case).
There is one case where people will use the event name rather than the constant: the kernel.event_listener tag (and recent versions can even use the constant in YAML files). But this won't be the case for this event, as form events are not dispatched in the main dispatcher anyway.
Commits
-------
944931af63 Minor reword
0ee856add1 Update UPGRADE-4.0.md
0fc2282fc2 fix the constant value to be consistent with the name
This PR was merged into the 4.0-dev branch.
Discussion
----------
[Session] remove lazy_write polyfill for php < 7.0
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | no <!-- don't forget to update src/**/CHANGELOG.md files -->
| BC breaks? |no
| Deprecations? | no <!-- don't forget to update UPGRADE-*.md files -->
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
Remove the session.lazy_write fallback implementation for php < 7 introduced in #24523 as we don't need it in sf 4
Commits
-------
1f84b1fd81 [Session] remove lazy_write polyfill for php < 7.0
* 3.4:
bumped Symfony version to 3.4.0
updated VERSION for 3.4.0-BETA1
updated CHANGELOG for 3.4.0-BETA1
Do not process bindings in AbstractRecursivePass
don't bind scalar values to controller method arguments
Add extra autowiring aliases
adding AdapterInterface alias for cache.app
Adding a new debug:autowiring command
[HttpFoundation] Make sessions secure and lazy
[Routing] Ensure uniqueness without repeated check
[Console] Sync ConsoleLogger::interpolate with the one in HttpKernel
* 2.8:
Username and password in basic auth are allowed to contain '.'
Remove obsolete PHPDoc from UriSigner
[Serializer] ObjectNormalizer: throw if PropertyAccess isn't installed
[PropertyInfo] Add support for the iterable type
pdo session fix
Fixed unsetting from loosely equal keys OrderedHashMap
[Debug] Fix same vendor detection in class loader
Updated the source text and translation
reject remember-me token if user check fails
* 2.7:
Username and password in basic auth are allowed to contain '.'
Remove obsolete PHPDoc from UriSigner
[Serializer] ObjectNormalizer: throw if PropertyAccess isn't installed
pdo session fix
Fixed unsetting from loosely equal keys OrderedHashMap
[Debug] Fix same vendor detection in class loader
Updated the source text and translation
reject remember-me token if user check fails
This PR was merged into the 3.4 branch.
Discussion
----------
[HttpKernel] Don't bind scalar values to controller method arguments
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | https://github.com/symfony/symfony/issues/24555#issuecomment-337071029
| License | MIT
| Doc PR | -
See linked issue.
Let's suppose we have this configuration:
```yaml
services:
_defaults:
# ...
bind:
$foo: '%foobar%'
```
`$foo` was successfully bound to any controller constructor, but in another controller I have this edit action (nothing to do with the intention of bind such a parameter, but it has the same name):
```php
/**
* @Route("/{foo}/edit")
*/
public function editAction(string $foo) {}
```
triggering:
> Type error: Argument 1 passed to Symfony\Component\DependencyInjection\Argument\ServiceClosureArgument::__construct() must be an instance of Symfony\Component\DependencyInjection\Reference, string given, called in /home/yceruto/github/symfony/symfony-demo/vendor/symfony/dependency-injection/Compiler/ServiceLocatorTagPass.php on line 81
or after https://github.com/symfony/symfony/pull/24582:
> Invalid service locator definition: only services can be referenced, "string" found for key "foo". Inject parameter values using constructors instead.
Commits
-------
a1df9af20f don't bind scalar values to controller method arguments
This PR was merged into the 2.7 branch.
Discussion
----------
Username and password in basic auth are allowed to contain '.'
Initially reported by Fede Isas in https://github.com/beberlei/assert/pull/234
| Q | A
| ------------- | ---
| Branch? | 2.3
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
Commits
-------
e5d57dd050 Username and password in basic auth are allowed to contain '.'
This PR was merged into the 3.4 branch.
Discussion
----------
[DI] Do not process bindings in AbstractRecursivePass
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #24559
| License | MIT
| Doc PR | n/a
Commits
-------
6a6256c6a8 Do not process bindings in AbstractRecursivePass
This PR was merged into the 3.3 branch.
Discussion
----------
add DOMElement as return type in Crawler::getIterator to support foreach support in ide
| Q | A
| ------------- | ---
| Branch? | 3.3
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| License | MIT
In `Crawler::getIterator` return type is missing so ide (PhpStorm) is not able to provide completion inside foreach statements. This PR adds `DOMElement[]` to it
```php
$crawler = new Crawler('foobar');
foreach($crawler->filter('a') as $link) {
# support completion
$link->...
}
```
Commits
-------
2350597288 add DOMElement as return type in Crawler::getIterator to support foreach support in ide
This PR was merged into the 2.7 branch.
Discussion
----------
[Debug] Fix same vendor detection in class loader
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
Fix about same vendor detection in ClassLoader. Actually, detected namespace for `Doctrine\ORM\Configuration` is `Doctrine\ORM` instead of `Doctrine\`. So deprecations are triggered for classes in same namespace.
Commits
-------
d2ab0d8019 [Debug] Fix same vendor detection in class loader
This PR was merged into the 3.4 branch.
Discussion
----------
[HttpFoundation] Make sessions secure and lazy
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | yes
| Tests pass? | not yet
| Fixed tickets | #6388, #6036, #12375, #12325
| License | MIT
| Doc PR | -
The `SessionUpdateTimestampHandlerInterface` (new to PHP 7.0) is mostly undocumented, and just not implemented anywhere. Yet, it's required to implement session fixation preventions and lazy write in userland session handlers (there is https://wiki.php.net/rfc/session-read_only-lazy_write which describes the behavior.)
By implementing it, we would make Symfony session handling much better and stronger. Meanwhile, doing some cookie headers management, this also gives the opportunity to fix the "don't start if session is only read issue".
So, here we are for the general idea. Now needs more (and green) tests, and review of course.
Commits
-------
347939c9b3 [HttpFoundation] Make sessions secure and lazy
This PR was merged into the 3.3 branch.
Discussion
----------
[3.3] Fixed pathinfo calculation for requests starting with a question mark.
| Q | A
| ------------- | ---
| Branch? | 3.3
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #24487
| License | MIT
| Doc PR | no
Fix of bad merge conflict resolving as mentioned in #24487. Port #21968 to 3.3+
Commits
-------
c17a92259a Fixed pathinfo calculation for requests starting with a question mark. - fix bad conflict resolving issue - port symfony/symfony#21968 to 3.3+
This PR was squashed before being merged into the 3.4 branch (closes#24556).
Discussion
----------
[Routing] Ensure uniqueness without repeated check
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
The RouteCollection ensures uniqueness of resources by using array_unique. The current implementation suffers from the following problems.
1. The array_unique method calls __toString for every element in the array but it is very inefficient in terms of the number of calls made. I.e. if the array has 50 elements it does not do 50 __toString calls. I did some tests with Blackfire in PHP 7.1 and found the following numbers.
25 elements => 240 calls
50 elements => 607 calls
100 elements => 1382 calls
200 elements => 3333 calls
2. The array_unique function is called every time the getResources() method is called, even when the resources did not change in the mean time. Combined with the above this leads to lower performance.
Many applications have a low number of routes so this is not a big issue. But for larger applications or bundles that generate routes (i.e. for CRUD or API / doc generation) this will have a bigger impact.
Commits
-------
16f7281178 [Routing] Ensure uniqueness without repeated check
This PR was merged into the 3.3 branch.
Discussion
----------
Fixed mistake in exception expectation
| Q | A
| ------------- | ---
| Branch? | 3.3
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
In some cases, (5 to be exact), the `expectException` is misused while attempting to provide compatibility with the older `setExpectedException` by making use of a non-existent parameter.
Firstly, this makes the tests inconsistent (old PHPUnit version test exception message, while newer one doesn't). Secondly, if PHPUnit interface suddenly starts making use of a 2nd parameter in `expectException`, the existing code might break or cause unexpected side-effects.
Original report: 87bb726712 (commitcomment-24848315)
Commits
-------
03be003 Fixed mistake in exception expectation
This PR was merged into the 2.7 branch.
Discussion
----------
[Security] Reject remember-me token if UserCheckerInterface::checkPostAuth() fails
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #24525
| License | MIT
| Doc PR | -
I think this is a security hole - a user can remain logged in with a remember me cookie even though they can no longer pass `UserCheckInterface::checkPostAuth()` (could be disabled).
This is a small BC break but shouldn't be an issue as I think it is a bug. I don't think this requires a BC layer but if so, I can add.
Commits
-------
fe190b6ee9 reject remember-me token if user check fails
* 3.4:
[TwigBridge] fix BC for FormExtension if renderer is FormRenderer
[Form] Fix 5.5 compatibility for ResizeFormListener
[BrowserKit] Handle deprecations triggered in insulated requests
[Bridge\PhpUnit] Handle deprecations triggered in separate processes
Fix LogLevel::DEBUG as min level
[Validator] added magic method __isset() to File Constraint class
Support array of types in allowed type
[DI] Fix possible incorrect php-code when dumped strings contains newlines
[Translation] minor: remove unused variable in test
added ability to handle parent classes for PropertyNormalizer
replace parameters in dummy identity translator
never match invalid IP addresses
* 3.3:
[BrowserKit] Handle deprecations triggered in insulated requests
[Bridge\PhpUnit] Handle deprecations triggered in separate processes
[Validator] added magic method __isset() to File Constraint class
[DI] Fix possible incorrect php-code when dumped strings contains newlines
[Translation] minor: remove unused variable in test
never match invalid IP addresses
* 2.8:
[Validator] added magic method __isset() to File Constraint class
[DI] Fix possible incorrect php-code when dumped strings contains newlines
[Translation] minor: remove unused variable in test
never match invalid IP addresses
* 2.7:
[Validator] added magic method __isset() to File Constraint class
[DI] Fix possible incorrect php-code when dumped strings contains newlines
[Translation] minor: remove unused variable in test
never match invalid IP addresses