This PR was merged into the 2.8 branch.
Discussion
----------
[TwigBundle] removed usage of Templating classes
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | yes
| BC breaks? | yes (but frankly, I don't see how that would break anything out there)
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
Commits
-------
ff3c107 [TwigBundle] removed usage of Templating classes
7f13f95 [WebProfilerBundle] fixed a template reference
* Restore View Latest button
* In order to fit into the horizontal space available, shorten the names of the Latest Profiles and View Latest buttons and adjust the buttons' margin and padding.
This PR was merged into the 2.8 branch.
Discussion
----------
[2.8] [Ldap] Added support for LDAP (New Component + integration in the Security Component).
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | not yet
| Fixed tickets | -
| License | MIT
| Doc PR | not yet
Current state:
- [x] Implement logic
- [x] Post-review tuning and stabilization
- [x] Fix tests
This PR is a follow-up to #5189, which was in a stand-still for a few years now. It tries to fix the remaining issues which were mentioned in the discussion.
There are still a few issues with the PR, as it is. For example, it introduces two new firewall factories, whereas the base factories (`form_login` and `http_basic`) could simply introduce new configuration options.
Also, for a user to use an LDAP server as an authentication provider, he first needs to define a service which should be an instance of `Symfony\Component\Security\Ldap\Ldap`.
For example:
```yml
services:
my_ldap:
class: Symfony\Component\Security\Ldap\Ldap
arguments: [ "ldap.mydomain.tld" ]
```
Then, in `security.yml`, this service can be used in both the user provider and the firewalls:
```yml
security:
encoders:
Symfony\Component\Security\Core\User\User: plaintext
role_hierarchy:
ROLE_ADMIN: ROLE_USER
ROLE_SUPER_ADMIN: [ROLE_USER, ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH]
providers:
ldap_users:
ldap:
service: my_ldap
base_dn: dc=MyDomain,dc=tld
search_dn: CN=My User,OU=Users,DC=MyDomain,DC=tld
search_password: p455w0rd
filter: (sAMAccountName={username})
default_roles: ROLE_USER
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
demo_login:
pattern: ^/login$
security: false
api:
provider: ldap_users
stateless: true
pattern: ^/api
http_basic_ldap:
service: my_ldap
dn_string: "{username}@MYDOMAIN"
demo_secured_area:
provider: ldap_users
pattern: ^/
logout:
path: logout
target: login
form_login_ldap:
service: my_ldap
dn_string: CN={username},OU=Users,DC=MyDomain,DC=tld
check_path: login_check
login_path: login
```
Commits
-------
60b9f2e Implemented LDAP authentication and LDAP user provider
1c964b9 Introducing the LDAP component
* 2.7:
Detect Mintty for color support on Windows
Detect Mintty for color support on Windows
Add a group for tests of the finder against the FTP server
Fix license headers
Forbid serializing a Crawler
Fix phpdoc block of NativeSessionStorage class
Added exception when setAutoInitialize is called when locked
[FrameworkBundle] Advanced search templates of bundles
[Security] Allow user providers to be defined in many files
Use random_bytes function if it is available for random number generation
* 2.3:
Detect Mintty for color support on Windows
Add a group for tests of the finder against the FTP server
Fix license headers
Forbid serializing a Crawler
Fix phpdoc block of NativeSessionStorage class
Added exception when setAutoInitialize is called when locked
[FrameworkBundle] Advanced search templates of bundles
[Security] Allow user providers to be defined in many files
Use random_bytes function if it is available for random number generation
This PR was merged into the 2.8 branch.
Discussion
----------
[2.8][WebProfilerBundle] Fix search button click listener
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
This fixes an issue when clicking the sidebar "Search" button **text** instead of the **button**. Then the click event target/srcElement is the *span* child-element, instead of the listening *a* element, which causes errors in the listener, since it expects the listening element. In consequence of that the search form isn't shown.
To fix this, the same technique is used, as for the navigation tabs. Traversing the DOM up to the expected *a* element.
Commits
-------
f9ddddb [WebProfilerBundle] Fix search button click listener
This PR was merged into the 2.8 branch.
Discussion
----------
Guard minor tweaks
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
Various completely minor things, most from suggestions on #14673
Commits
-------
869d5a7 tweaking message related to configuration edge case that we want to be helpful with
da4758a Minor tweaks - lowering the required security-http requirement and nulling out a test field
* 2.7:
Fix license headers
Ensure the ClockMock is loaded before using it in the testsuite
Fix with_minutes option in time widget
Fixed properties not explicitily declared
This PR was merged into the 2.7 branch.
Discussion
----------
Fixed properties not explicitily declared
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | n/a
| License | MIT
Commits
-------
d2b3fe4 Fixed properties not explicitily declared
This PR was merged into the 2.8 branch.
Discussion
----------
deprecated the Shell Console class
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | yes
| Tests pass? | yes
| Fixed tickets | one of #11742
| License | MIT
| Doc PR | n/a
Commits
-------
1c17928 deprecated the Shell Console class
This PR was merged into the 2.8 branch.
Discussion
----------
[FrameworkBundle] compatibility with older Form component versions
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #15711
| License | MIT
| Doc PR |
Commits
-------
01ad767 compatibility with older Form component versions
This PR was squashed before being merged into the 2.8 branch (closes#15738).
Discussion
----------
Implement service-based Resource (cache) validation
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | yes
| Tests pass? | yes
| Fixed tickets | #7230, #15692, #7782
| License | MIT
| Doc PR | symfony/symfony-docs#5136
### Overview
Currently, any metadata passed to `ConfigCache` (namely implementations of `ResourceInterface`) is serialized to disk. When the `ConfigCache` is validated, the metadata is unserialized and queried through `ResourceInterface::isFresh()` to determine whether the cache is fresh. That way, `ResourceInterface` implementations cannot interact with services, for example a database connection.
This PR introduces the new concept of `ResourceCheckers`. Services implementing `ResourceCheckerInterface` can be tagged as `config_cache.resource_checker` with an optional priority.
Clients that wish to use `ConfigCache` can then obtain an instance from the `config_cache_factory` service (which implements `ConfigCacheFactoryInterface`). The factory will take care of injecting resource checkers into the `ConfigCache` instance so that they can be used for cache validation.
Checking cache metadata is easy for `ResourceCheckers`:
* First, the `ResourceCheckerInterface::supports()` implementation is passed the metadata object in question. If the checker cannot handle the type of resource passed, `supports()` should return `false`.
* Otherwise, the `ResourceCheckerInterface::isFresh()` method will be called and given the resource as well as the timestamp at which the cache was initialized. If that method returns `false`, the cache is considered stale. If it returns `true`, the resource is considered unchanged and will *not* be passed to any additional checkers.
### BC and migration path
This PR does not (intend to) break BC but it comes with deprecations. The main reason is that `ResourceInterface` contains an `isFresh()` method that does not make sense in the general case of resources.
Thus, `ResourceInterface::isFresh()` is marked as deprecated and should be removed in Symfony 3.0. Resource implementations that can (or wish to) be validated in that simple manner can implement the `SelfCheckingResourceInterface` sub-interface that still contains (and will keep) the `isFresh()` method. The change should be as simple as changing the `extends` list.
Apart from that, `ResourceInterface` will be kept as the base interface for resource implementations. It is used in several `@api` interfaces and thus cannot easily be substituted.
For the Symfony 2.x series, a `BCResourceInterfaceChecker` will be kept that performs validation through `ResourceInterface::isFresh()` but will trigger a deprecation warning. The remedy is to either implement a custom ResourceChecker with a priority higher than -1000; or to switch to the aforementioned `SelfCheckingResourceInterface` which is used at a priority of -990 (without deprecation warning).
The `ConfigCache` and `ConfigCacheFactory` classes can be used as previously but do not feature checker-based cache validation.
### Outlook and closing remarks:
This PR supersedes #7230, #15692 and works at least in parts towards the goal of #7176.
The `ResourceCheckerInterface`, `...ConfigCache` and `...ConfigCacheFactory` no longer need to be aware of the `debug` flag. The different validation rules applied previously are now just a matter of `ResourceChecker` configuration (i. e. "no checkers" in `prod`).
It might be possible to remove the `debug` flag from Symfony's `Router` and/or `Translator` classes in the future as well because it was only passed on to the `ConfigCache` there.
Commits
-------
20d3722 Implement service-based Resource (cache) validation
This PR was merged into the 2.8 branch.
Discussion
----------
New Guard Authentication System (e.g. putting the joy back into security)
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | at least partially: #14300, #11158, #11451, #10035, #10463, #8606, probably more
| License | MIT
| Doc PR | symfony/symfony-docs#5265
Hi guys!
Though it got much easier in 2.4 with `pre_auth`, authentication is a pain in Symfony. This introduces a new authentication provider called guard, with one goal in mind: put everything you need for *any* authentication system into one spot.
### How it works
With guard, you can perform custom authentication just by implementing the [GuardAuthenticatorInterface](https://github.com/weaverryan/symfony/blob/guard/src/Symfony/Component/Security/Guard/GuardAuthenticatorInterface.php) and registering it as a service. It has methods for every part of a custom authentication flow I can think of.
For a working example, see https://github.com/weaverryan/symfony-demo/tree/guard-auth. This uses 2 authenticators simultaneously, creating a system that handles [form login](https://github.com/weaverryan/symfony-demo/blob/guard-auth/src/AppBundle/Security/FormLoginAuthenticator.php) and [api token auth](https://github.com/weaverryan/symfony-demo/blob/guard-auth/src/AppBundle/Security/TokenAuthenticator.php) with a respectable amount of code. The [security.yml](https://github.com/weaverryan/symfony-demo/blob/guard-auth/app/config/security.yml) is also quite simple.
This also supports "manual login" without jumping through hoops: https://github.com/weaverryan/symfony-demo/blob/guard-auth/src/AppBundle/Controller/SecurityController.php#L45
I've also tested with "remember me" and "switch user" - no problems with either.
I hope you like it :).
### What's Needed
1) **Other Use-Cases?**: Please think about the code and try it. What use-cases are we *not* covering? I want Guard to be simple, but cover the 99.9% use-cases.
2) **Remember me** functionality cannot be triggered via manual login. That's true now, and it's not fixed, and it's tricky.
### Deprecations?
This is a new feature, so no deprecations. But, creating a login form with a guard authenticator is a whole heck of a lot easier to understand than `form_login` or even `simple_form`. In a perfect world, we'd either deprecate those or make them use "guard" internally so that we have just **one** way of performing authentication.
Thanks!
Commits
-------
a01ed35 Adding the necessary files so that Guard can be its own installable component
d763134 Removing unnecessary override
e353833 fabbot
dd485f4 Adding a new exception and throwing it when the User changes
302235e Fixing a bug where having an authentication failure would log you out.
396a162 Tweaks thanks to Wouter
c9d9430 Adding logging on this step and switching the order - not for any huge reason
31f9cae Adding a base class to assist with form login authentication
0501761 Allowing for other authenticators to be checked
293c8a1 meaningless author and license changes
81432f9 Adding missing factory registration
7a94994 Thanks again fabbot!
7de05be A few more changes thanks to @iltar
ffdbc66 Splitting the getting of the user and checking credentials into two steps
6edb9e1 Tweaking docblock on interface thanks to @iltar
d693721 Adding periods at the end of exceptions, and changing one class name to LogicException thanks to @iltar
eb158cb Updating interface method per suggestion - makes sense to me, Request is redundant
c73c32e Thanks fabbot!
6c180c7 Adding an edge case - this should not happen anyways
180e2c7 Properly handles "post auth" tokens that have become not authenticated
873ed28 Renaming the tokens to be clear they are "post" and "pre" auth - also adding an interface
a0bceb4 adding Guard tests
05af97c Initial commit (but after some polished work) of the new Guard authentication system
330aa7f Improving phpdoc on AuthenticationEntryPointInterface so people that implement this understand it
This PR was squashed before being merged into the 2.8 branch (closes#15861).
Discussion
----------
Avoid errors when generating the logout URL when there is no firewall key
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #15853
| License | MIT
| Doc PR | -
Commits
-------
a811912 Avoid errors when generating the logout URL when there is no firewall key
This PR was merged into the 2.8 branch.
Discussion
----------
[WebProfilerBundle] fixed cursor as pointer when hovering over link.
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Fixed tickets | ~
| Tests pass? | yes
| License | MIT
Commits
-------
ac7591f [WebProfilerBundle] added btn-link.
* 2.7:
[DomCrawler] Invalid uri created from forms if base tag present
[Console] update param type phpdoc for StreamOutput
[Console] fix typo in OutputInterface
Use stderr by default when a specific output is not injected
[Debug] Fix case mismatch detection
[HttpKernel] fix broken multiline <esi:remove>
[DoctrineBridge] Fixed#14840
[FrameworkBundle] add a suggest for the serializer component
[Yaml] Fix the parsing of float keys
[Console] Ensure the console output is only detected as decorated when both stderr and stdout support colors
[HttpKernel] fix DumpDataCollector compat with Twig 2.0
Improve exception messages.
Fix that two DirectoryResources with different patterns would be deduplicated
Tests fix clockmock
[WebProfilerBundle] Added tabindex="-1" to not interfer with normal UX
missing "YAML" in the exception message.
[Translator][warmup][fallback locales] fixed missing cache file generation.
[framework-bundle] Add Test for TranslationUpdateCommand
Use ObjectManager interface instead of EntityManager
* 2.3:
[DomCrawler] Invalid uri created from forms if base tag present
[Console] update param type phpdoc for StreamOutput
[Console] fix typo in OutputInterface
[HttpKernel] fix broken multiline <esi:remove>
[DoctrineBridge] Fixed#14840
[FrameworkBundle] add a suggest for the serializer component
[Yaml] Fix the parsing of float keys
[Console] Ensure the console output is only detected as decorated when both stderr and stdout support colors
Improve exception messages.
Fix that two DirectoryResources with different patterns would be deduplicated
Tests fix clockmock
[WebProfilerBundle] Added tabindex="-1" to not interfer with normal UX
missing "YAML" in the exception message.
[framework-bundle] Add Test for TranslationUpdateCommand
Use ObjectManager interface instead of EntityManager
This PR was squashed before being merged into the 2.8 branch (closes#14378).
Discussion
----------
[DX] Added a logout link in the security panel of the web debug toolbar
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
While developing applications, it's common to login/logout users continuously to test security features. I usually type `/logout` in the URL, but this is boring and, depending on the application, not always works.
This PR adds a small *Logout* link in the security panel when you are logged in the application:
![logged](https://cloud.githubusercontent.com/assets/73419/7184976/6c66831a-e460-11e4-86a9-eb5a48c9aa4c.png)
Anonymous users won't see anything:
![anonymous](https://cloud.githubusercontent.com/assets/73419/7184982/74a95b60-e460-11e4-8b35-72d8336355fb.png)
Commits
-------
192523a [DX] Added a logout link in the security panel of the web debug toolbar
This PR was squashed before being merged into the 2.8 branch (closes#15620).
Discussion
----------
[WIP] #15502 Make template shortcuts be usable without Templating component
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | ?
| Fixed tickets | #15502
| License | MIT
| Doc PR | -
Commits
-------
d547ec0 [WIP] #15502 Make template shortcuts be usable without Templating component
This PR was merged into the 2.3 branch.
Discussion
----------
[framework-bundle] Add Test for TranslationUpdateCommand
Added the test script as per the discussion in PR #15562
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
Commits
-------
232f6fd [framework-bundle] Add Test for TranslationUpdateCommand
This PR was merged into the 2.8 branch.
Discussion
----------
[HttpKernel] Move required RequestStack args as first arguments
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | yes
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
Since we planned to make RequestStack required, we have to move it as first arguments.
Commits
-------
84ba05b [HttpKernel] Move required RequestStack args as first arguments
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | n/a
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
The change removes the animation in the "sf-toolbar-block-ajax" when the request state was "ok".
When a form type provides a BC layer with old form names (all core types
do), the form registry will ask for type extensions registered on the
legacy name for BC, and trigger a warning if it finds any.
The DependencyInjectionExtension should not trigger warnings on its own
when being asked for such extensions (especially when it has none
registered).
Core extensions are also registered using the proper extended type
rather than legacy names.
This PR was merged into the 2.8 branch.
Discussion
----------
[SecurityBundle] allow more versions of the ACL package
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
This actually is the version that is required when using the Symfony SE
(`symfony/symfony` requires `symfony/security-acl` in version `~2.7`).
Commits
-------
3a15921 allow more versions of the ACL package
This PR was merged into the 2.8 branch.
Discussion
----------
[2.8] Deprecate IntrospectableContainerInterface
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | yes
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
Patch on Security is required for tests compat with 3.0, see #15684
IntrospectableContainerInterface is already deprecated in master.
Commits
-------
c2b94a1 [2.8] Cleanup
This PR was merged into the 2.8 branch.
Discussion
----------
[translation] Deprecated DiffOperation
## Summary:
The ``DiffOperation`` class has been deprecated and ``TargetOperation``
should be used instead, because ``DiffOperation`` has nothing to do
with 'diff', thus its class name is misleading.
Also added detailed documents for all operation interface and classes.
## Background:
The following names should have consistent meanings for all operations:
The name of ``intersection`` is temporarily introduced here to explain this issue.
* [x] ``intersection`` = source ∩ target = {x: x ∈ source ∧ x ∈ target}
* [x] ``all`` = **result of the operation, depends on the operation.**
* [x] ``new`` = all ∖ source = {x: x ∈ all ∧ x ∉ source}
* [x] ``obsolete`` = source ∖ all = {x: x ∈ source ∧ x ∉ all}
The following analysis explains why ``DiffOperation`` should be deprecated.
## Logic of ``MergeOperation``:
* [x] ``all`` = source ∪ target = {x: x ∈ source ∨ x ∈ target}
* [x] ``new`` = all ∖ source = {x: x ∈ target ∧ ∉ source}
* [x] ``obsolete`` = source ∖ all = {x: x ∈ source ∧ x ∉ source ∧ x ∉ target} = ∅
This absolutely makes sense.
## Logic of ``DiffOperation``:
* [ ] ``all`` = intersection ∪ (target ∖ intersection) = target
* [x] ``new`` = all ∖ source = {x: x ∈ target ∧ x ∉ source}
* [x] ``obsolete`` = source ∖ all = source ∖ target = {x: x ∈ source ∧ x ∉ target}
The ``all`` part is confusing because 'diff' should either mean 'relative complement' or 'symmetric difference' operation:
### Relative Complement:
* ``all`` = source ∖ target = {x: x ∈ source ∧ x ∉ target}
### Symmetric Difference:
* ``all`` = (source ∖ target) ∪ (target ∖ source) = {x: x ∈ source ∧ x ∉ target ∨ x ∈ target ∧ x ∉ source}
### Current Logic has Nothing to do with "Diff":
* ``all`` = intersection ∪ (target ∖ intersection) = target
So the name of ``DiffOperation`` is misleading and inappropriate.
Unfortunately, there is no corresponding set operation for this class,
so it's hard to give it an apppriate name.
From my point of view, I believe the most accurate name for this class
should be ``TargetOperation`` because its result is same as the target set.
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | yes
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
Commits
-------
353c94d [translation][framework-bundle] Deprecated DiffOperation
* 2.7:
[travis] Add PHP 7 to allowed failures until segfaults are fixed
[Intl] Fix test
[Translator][fallback catalogues] fixed circular reference.
bumped Symfony version to 2.3.33
updated VERSION for 2.3.32
update CONTRIBUTORS for 2.3.32
updated CHANGELOG for 2.3.32
[FrameworkBundle] Fix templating.helper.code.file_link_format when defined by ini setting
[console] Use the description when no help is available
* 2.3:
[Intl] Fix test
[Translator][fallback catalogues] fixed circular reference.
bumped Symfony version to 2.3.33
updated VERSION for 2.3.32
update CONTRIBUTORS for 2.3.32
updated CHANGELOG for 2.3.32
[FrameworkBundle] Fix templating.helper.code.file_link_format when defined by ini setting
[console] Use the description when no help is available
Conflicts:
src/Symfony/Component/Console/Tests/Fixtures/application_asxml1.txt
src/Symfony/Component/Console/Tests/Fixtures/application_asxml2.txt
src/Symfony/Component/HttpKernel/Kernel.php
Added the test script as per the discussion in PR #15562
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | yes
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
The ``DiffOperation`` class has been deprecated and ``TargetOperation``
should be used instead, because ``DiffOperation`` has nothing to do
with 'diff', thus its class name is misleading.
Also added detailed documents for all operation interface and classes.
The following names should have consistent meanings for all operations:
The name of ``intersection`` is temporarily introduced here to explain this issue.
* [x] ``intersection`` = source ∩ target = {x: x ∈ source ∧ x ∈ target}
* [x] ``all`` = **result of the operation, depends on the operation.**
* [x] ``new`` = all ∖ source = {x: x ∈ all ∧ x ∉ source}
* [x] ``obsolete`` = source ∖ all = {x: x ∈ source ∧ x ∉ all}
The following analysis explains why ``DiffOperation`` should be deprecated.
* [x] ``all`` = source ∪ target = {x: x ∈ source ∨ x ∈ target}
* [x] ``new`` = all ∖ source = {x: x ∈ target ∧ ∉ source}
* [x] ``obsolete`` = source ∖ all = {x: x ∈ source ∧ x ∉ source ∧ x ∉ target} = ∅
This absolutely makes sense.
* [ ] ``all`` = intersection ∪ (target ∖ intersection) = target
* [x] ``new`` = all ∖ source = {x: x ∈ target ∧ x ∉ source}
* [x] ``obsolete`` = source ∖ all = source ∖ target = {x: x ∈ source ∧ x ∉ target}
The ``all`` part is confusing because 'diff' should either mean 'relative complement' or 'symmetric difference' operation:
* ``all`` = source ∖ target = {x: x ∈ source ∧ x ∉ target}
* ``all`` = (source ∖ target) ∪ (target ∖ source) = {x: x ∈ source ∧ x ∉ target ∨ x ∈ target ∧ x ∉ source}
* ``all`` = intersection ∪ (target ∖ intersection) = target
So the name of ``DiffOperation`` is misleading and inappropriate.
Unfortunately, there is no corresponding set operation for this class,
so it's hard to give it an apppriate name.
From my point of view, I believe the most accurate name for this class
should be ``TargetOperation`` because its result is same as the target set.
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | yes
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
* 2.7:
Mark deprecated Twig functions as deprecated with the Twig feature
[appveyor] PHP 5.3.11 for Symfony 2.7
[HttpKernel] Group deprecation notices
Conflicts:
appveyor.yml
* 2.7:
[VarDumper] Fix missing support for dumping PHP7 return type
[travis] disable symfony_debug ext when deps!=no
Do not normalize the kernel root directory path (see symfony/symfony#15474).
Don't trigger deprecation on interfaces
[Debug] Ignore silencing for deprecations
[ci] Run minimal versions on appveyor only
Fix appveyor file
consistently use str_replace to unify directory separators (remaining)
This PR was merged into the 2.7 branch.
Discussion
----------
consistently use str_replace to unify directory separators (2.7)
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR | -
Remaining ones from #15614
Commits
-------
17ce649 consistently use str_replace to unify directory separators (remaining)
* 2.7:
Various fixes esp. on Windows
Fix the validation of form resources to register the default theme
Fix the retrieval of the value with property path when using a loader
[appveyor] minor enhancements
[Process] Disable failing tests on Windows
[Translation] Fix the string casting in the XliffFileLoader
Windows and Intl fixes
Add appveyor.yml for C.I. on Windows
[VarDumper] fixed HtmlDumper to target specific the head tag
[travis] merge php: nightly and deps=high test-matrix lines
consistently use str_replace to unify directory separators
Support omitting the <target> node in an .xlf file.
Fix the handling of values for multiple choice types
moved PHP nightly to PHP 7.0
[Security] Add missing docblock in PreAuthenticatedToken
Conflicts:
.travis.yml
This PR was merged into the 2.3 branch.
Discussion
----------
Fix the validation of form resources to register the default theme
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
https://github.com/symfony/symfony/pull/14173 made some wrong changes, changing the behavior of the code. This reverts to the right behavior in affected places
Commits
-------
ea92610 Fix the validation of form resources to register the default theme
* 2.7:
fixed CS
[DependencyInjection] Add missing file headers
fixed typo
made Symfony compatible with both Twig 1.x and 2.x
[FrameworkBundle] Fix precedence of xdebug.file_link_format
* 2.7:
[Form] fixed BC-break on grouped choice lists
[WebProfilerBundle] add import for Twig macro
made Symfony compatible with both Twig 1.x and 2.x
[Debug/VarDumper] minor cleanups
[Form] only use PropertyPath if not already callable
[Form] fix reworked choice list phpdoc
[DoctrineBridge][Form] Add old tests to legacy group
Fixed warning when command alias is longer than command name
removed _self usage when not needed
Implement the support of timezone objects in the stub IntlDateFormatter
typofix - https://github.com/vlajos/misspell_fixer
make doctrine mappings compiler pass exception message more understandable
fix debug-ext 003.phpt
[Yaml] Nested merge keys
[FrameworkBundle] [Command] removed unused variable.
[Debug] Enhance DebugClassLoader performance on MacOSX
Add support for variadic arguments in the GetSetNormalizer
[DoctrineBridge][Form] Fix IdReader when indexing by primary foreign key
[DoctrineBridge][Form] Fix EntityChoiceList when indexing by primary foreign key
This PR was merged into the 2.7 branch.
Discussion
----------
removed _self usage when not needed
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
As those calls are macros, there are already imported via the `from` call, so accessing them directly is not need, nor desired.
Commits
-------
3d0577d removed _self usage when not needed
* 2.7:
[Locale] Add missing @group legacy annotations
Fix security-acl deps
Fix doctrine mapping validation type error
Remove skipping of tests based on ICU data version whenever possible
Fix the handling of null as locale in the stub intl classes
do not dump leading backslashes in class names
fix issue #15377
Skip ::class constant
[Config] type specific check for emptiness
Conflicts:
src/Symfony/Bridge/Twig/composer.json
src/Symfony/Bundle/SecurityBundle/composer.json
src/Symfony/Component/DependencyInjection/Dumper/GraphvizDumper.php
src/Symfony/Component/Form/Tests/Extension/Core/Type/DateTypeTest.php
src/Symfony/Component/Form/Tests/Extension/Core/Type/TimeTypeTest.php
* 2.3:
Fix security-acl deps
Fix doctrine mapping validation type error
Remove skipping of tests based on ICU data version whenever possible
Fix the handling of null as locale in the stub intl classes
do not dump leading backslashes in class names
Skip ::class constant
[Config] type specific check for emptiness
Conflicts:
src/Symfony/Bridge/Twig/composer.json
src/Symfony/Bundle/SecurityBundle/composer.json
src/Symfony/Component/Config/Tests/Definition/ScalarNodeTest.php
src/Symfony/Component/DependencyInjection/Dumper/GraphvizDumper.php
src/Symfony/Component/DependencyInjection/Dumper/PhpDumper.php
src/Symfony/Component/DependencyInjection/Tests/Fixtures/containers/container9.php
src/Symfony/Component/Form/Tests/Extension/Core/DataTransformer/IntegerToLocalizedStringTransformerTest.php
src/Symfony/Component/Form/Tests/Extension/Core/Type/DateTimeTypeTest.php
src/Symfony/Component/Form/Tests/Extension/Core/Type/DateTypeTest.php
src/Symfony/Component/Locale/Tests/LocaleTest.php
src/Symfony/Component/Locale/Tests/Stub/StubLocaleTest.php
src/Symfony/Component/Validator/Tests/Constraints/CountryValidatorTest.php
src/Symfony/Component/Validator/Tests/Constraints/CurrencyValidatorTest.php
This PR was squashed before being merged into the 2.8 branch (closes#15013).
Discussion
----------
[Security] Removed security-acl from the core
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | part of #14718
| License | MIT
| Doc PR | ~
The `Security\Acl` is removed from the core and is loaded from its own repository. All tests were passing and this is fully backwards compatible. I have removed all but the Test files in the first step and added the dependency to verify the Test were still working with the package dependency. The second step was to remove the remaining test files and tests are still running for both the Bundle and the Framework. Once the Read-Only repository is a full standalone repository, this PR can be merged.
- [x] Remove component from the core
- [ ] Remove read-only from https://github.com/symfony/security-acl
Once this PR is merged, I can start working on splitting the SecurityBundle and extracting the ACL part to the AclBundle.
/cc @fabpot
Commits
-------
b26a449 [Security] Removed security-acl from the core
This PR was merged into the 2.8 branch.
Discussion
----------
[Form] Deprecated FormTypeInterface::getName() and passing of type instances
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | yes
| Tests pass? | yes
| Fixed tickets | #5321, #15008
| License | MIT
| Doc PR | TODO
#### Type Names
This PR deprecates the definition of the `getName()` method of form types. See #15008 for a more detailed description.
Before:
```php
class MyType extends AbstractType
{
public function getName()
{
return 'mytype';
}
// ...
}
```
After:
```php
class MyType extends AbstractType
{
// ...
}
```
You should always reference other types by their fully-qualified class names. Thanks to PHP 5.5, that's easy:
Before:
```php
$form = $this->createFormBuilder()
->add('name', 'text')
->add('age', 'integer')
->getForm();
```
After:
```php
$form = $this->createFormBuilder()
->add('name', TextType::class)
->add('age', IntegerType::class)
->getForm();
```
#### Type Instances
Furthermore, passing of type instances is deprecated.
Before:
```php
$form = $this->createForm(new AuthorType());
```
After:
```php
$form = $this->createForm(AuthorType::class);
```
#### DIC Aliases
When registering a type in the DIC, you should omit the "alias" attribute now.
Before:
```xml
<service id="my.type" class="Vendor\Type\MyType">
<tag name="form.type" alias="mytype" />
<argument type="service" id="some.service.id" />
</service>
```
After:
```xml
<service id="my.type" class="Vendor\Type\MyType">
<tag name="form.type" />
<argument type="service" id="some.service.id" />
</service>
```
Types without dependencies don't need to be registered in the DIC as they can be instantiated right away.
#### Template Block Prefixes
By default, the class name of the type in underscore notation minus "Type" suffix is used as Twig template block prefix (e.g. `UserProfileType` => `user_profile_*`). If you want to customize that, overwrite the new `getBlockPrefix()` method in your type:
```php
class UserProfileType extends AbstractType
{
public function getBlockPrefix()
{
return 'profile';
}
// ...
}
```
Commits
-------
3d9e5de [Form] Deprecated FormTypeInterface::getName() and passing of type instances
This PR was merged into the 2.8 branch.
Discussion
----------
[2.8][FrameworkBundle] Allow parameter use_cookies in session configuration
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #13668
| License | MIT
| Doc PR | none
This PR adds support for the `use_cookies` parameter to the session configuration of Symfony's FrameworkBundle. It is a rebase of #13671 against the 2.8 branch.
Commits
-------
08bf50a Allow parameter use_cookies in session configuration.
This PR was merged into the 2.8 branch.
Discussion
----------
[FrameworkBundle] Change the default value of cookie_httponly
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | yes
| BC breaks? | yes
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #15303
| License | MIT
| Doc PR | symfony/symfony-docs#5561
Commits
-------
a7bef1e Change the default value of cookie_httponly to fix#15303