This PR was squashed before being merged into the 2.7 branch (closes#18971).
Discussion
----------
Do not inject web debug toolbar on attachments
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #18965
| License | MIT
| Doc PR | -
Commits
-------
4a7d836 Do not inject web debug toolbar on attachments
* 2.7:
[BrowserKit] Bump dom-crawler minimum version requirement
Make one call to "OutputInterface::write" method per table row
[HttpKernel] Fix context dependent test
[Debug] Fix context dependent test
This PR was merged into the 2.7 branch.
Discussion
----------
[HttpKernel] Fix context dependent test
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
Class `Foo` exists when the ClassLoader component is tested alongside with HttpKernel
Commits
-------
065dee8 [HttpKernel] Fix context dependent test
* 2.7:
`@throws` annotations should go after `@return`
Fix merge
updated VERSION for 2.3.42
update CONTRIBUTORS for 2.3.42
updated CHANGELOG for 2.3.42
Revert "bug #18908 [DependencyInjection] force enabling the external XML entity loaders (xabbuh)"
Partial revert of previous PR
[DependencyInjection] Skip deep reference check for 'service_container'
Catch \Throwable
[Serializer] Add missing @throws annotations
Fix for #18843
force enabling the external XML entity loaders
Removed UTC specification with timestamp
Conflicts:
src/Symfony/Component/DependencyInjection/Tests/Dumper/PhpDumperTest.php
src/Symfony/Component/Finder/Finder.php
src/Symfony/Component/Security/Acl/Dbal/MutableAclProvider.php
src/Symfony/Component/Security/Acl/Domain/ObjectIdentity.php
src/Symfony/Component/Security/Acl/Model/AclInterface.php
src/Symfony/Component/Security/Acl/Model/MutableAclProviderInterface.php
src/Symfony/Component/Security/Acl/Permission/MaskBuilder.php
src/Symfony/Component/Translation/Loader/XliffFileLoader.php
src/Symfony/Component/Yaml/Tests/InlineTest.php
* 2.3:
updated VERSION for 2.3.42
update CONTRIBUTORS for 2.3.42
updated CHANGELOG for 2.3.42
Revert "bug #18908 [DependencyInjection] force enabling the external XML entity loaders (xabbuh)"
Partial revert of previous PR
[DependencyInjection] Skip deep reference check for 'service_container'
Catch \Throwable
[Serializer] Add missing @throws annotations
Fix for #18843
force enabling the external XML entity loaders
Removed UTC specification with timestamp
* 2.7:
[travis] Don't use parallel on HHVM
[appveyor] Ignore STATUS_HEAP_CORRUPTION errors on Windows
Skip some tests on HHVM due to a PHPunit bug
Use the Trusty Travis infrastructure for HHVM builds
Add 3.1 to PR template branch row, remove 2.3
Improve memory efficiency
This PR was merged into the 2.7 branch.
Discussion
----------
Improve memory efficiency
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
This avoids concatenating `$message` and `PHP_EOL` (if necessary) as a new value, greatly improving memory efficiency for large `$message`s.
Commits
-------
c1df9f2 Improve memory efficiency
This PR was merged into the 2.7 branch.
Discussion
----------
Run an uptodate version of HHVM on Travis
| Q | A
| ------------- | ---
| Branch? |2.7
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR | n/a
Using the Trusty infrastructure allows running an uptodate version of HHVM rather than running the latest version supporting Precise, which is very old.
It relies on an undocumented feature of the Travis config file, namely the fact that ``matrix.include`` actually allows to overwrite everything from the config file (it is merged with the main config), even though the Travis linter complains about it. I think it is fine to use this and to replace it with an official approach once there is one.
Refs #18922
Commits
-------
e6956c9 Skip some tests on HHVM due to a PHPunit bug
e041da0 Use the Trusty Travis infrastructure for HHVM builds
This PR was merged into the 2.3 branch.
Discussion
----------
[DependencyInjection] force enabling the external XML entity loaders
| Q | A
| ------------- | ---
| Branch? | 2.3
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #18876
| License | MIT
| Doc PR |
Commits
-------
142b1a4 force enabling the external XML entity loaders
This PR was merged into the 2.3 branch.
Discussion
----------
[DependencyInjection] Skip deep reference check for 'service_container'
| Q | A
| ------------- | ---
| Branch? | 2.3
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
The "hasReference" check when dumping the container fails in the case where a service has a method call which includes a reference to a private/inlined service when either that service, or a dependency of it, references the service_container. This because service_container isn't defined while it still tries to check the references of it. So the service_container must be skipped in this case, this shouldn't break anything as the service_container doesn't reference any services, and thus can't reference the service which it is checking for.
Commits
-------
6f36733 [DependencyInjection] Skip deep reference check for 'service_container'
Deep checks on whether a service references another service need to
exclude the 'service_container' service as it doesn't exist. Without this
dumping the container will fail if a service definition references an
inlined service which has a direct or indirect dependency to the
service_container.
This PR was merged into the 2.3 branch.
Discussion
----------
[2.3][Form] Removed UTC specification with timestamp
| Q | A
| ------------- | ---
| Branch? | 2.3
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
The function `date_parse()` indicates a warning if a timezone is used with the timestamp: `Double timezone specification`. I removed the UTC specification and this time it's more faster!
Commits
-------
0d14aac Removed UTC specification with timestamp
This PR was squashed before being merged into the 2.3 branch (closes#18861).
Discussion
----------
Fix for #18843
| Q | A
| ------------- | ---
| Branch? | 2.3
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #18843
| License | MIT
| Doc PR | -
Commits
-------
7d78196 Fix for #18843
* 2.7:
[Routing] Finish annotation loader taking a class constant as a beginning of a class name
[Routing] Fix the annotation loader taking a class constant as a beginning of a class name
* 2.3:
[Routing] Finish annotation loader taking a class constant as a beginning of a class name
[Routing] Fix the annotation loader taking a class constant as a beginning of a class name
This PR was merged into the 2.3 branch.
Discussion
----------
[Routing] Fix the annotation loader taking a class constant as a beginning of a class name
| Q | A
| ------------- | ---
| Branch? | 2.3
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #18633
| License | MIT
| Doc PR | -
Code copy/pasted from ClassMapGenerator.php
Commits
-------
8d4f35d [Routing] Finish annotation loader taking a class constant as a beginning of a class name
43c7f9b [Routing] Fix the annotation loader taking a class constant as a beginning of a class name
* 2.7:
[Yaml] fix exception contexts
People - person singularization
[Yaml] properly handle unindented collections
[Serializer] Add test for ignored attributes during denormalization
chomp newlines only at the end of YAML documents
Fixed server status command when port has been omitted
Update UPGRADE FROM 2.x to 3.0
Catch \Throwable
Use levenshtein level for better Bundle matching
[WebProfilerBundle] Fix CORS ajax security issues
* 2.3:
[Yaml] fix exception contexts
People - person singularization
[Yaml] properly handle unindented collections
chomp newlines only at the end of YAML documents
This PR was merged into the 2.8 branch.
Discussion
----------
Catch \Throwable
| Q | A
| ------------- | ---
| Branch? | 2.8, 3.0
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | Mostly!
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
The first commit is based on symfony/symfony#15949
Depends on symfony/symfony#18813, symfony/symfony#18812
----
I'm new to symfony, so I'm not sure where are all the places where it makes sense to actually catch the throwable and where not. I added most places that seemed logical and when I wasn't sure, I added it anyway. I'm hoping you guys (and girls?) can point out the places where the catch should not be added, I'll fix it and then I can create several PR's for the older branches. A lot of this IMHO should go also to 3.0.
Commits
-------
de671f4 Catch \Throwable
This PR was merged into the 2.7 branch.
Discussion
----------
Use levenshtein level for better Bundle matching
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
_I've targetted 2.7 branch since this was introduced in the 2.6 version but the 2.6 isn't maintain anymore._
**TL;DR:** I found unused code in bad bundle exception when Symfony try to find the best bundle to fix the typo. Should we remove that code (and got a potential lower matching bundle name) or keep it and make it work?
-----
I've noticed that a part of the code wasn't used when determining which bundle typo was written on _bad bundle exception_, from https://github.com/symfony/symfony/pull/11210.
```php
$alternative = null;
$shortest = null;
foreach ($bundleNames as $bundleName) {
// if there's a partial match, return it immediately
if (false !== strpos($bundleName, $nonExistentBundleName)) {
return $bundleName;
}
$lev = levenshtein($nonExistentBundleName, $bundleName);
if ($lev <= strlen($nonExistentBundleName) / 3 && ($alternative === null || $lev < $shortest)) {
$alternative = $bundleName;
}
}
```
In this snippet, the `$shortest` wasn't update in the `foreach`. Reading the code, I guess it was supposed to add an even better accuracy when multiple bundle matche the typo'd bundle name.
Which mean when an alternative is found, we have to assign the level `$lev` from that match to `$shortest`.
```php
if ($lev <= strlen($nonExistentBundleName) / 3 && ($alternative === null || $lev < $shortest)) {
$alternative = $bundleName;
$shortest = $lev;
}
```
Let say you have these bundles: `FoooooBundle` and `FooBundle` and you request the bundle `FoodBundle`.
- Without `$shortest` updated, you'll got a suggestion with `FoooooBundle` (first matching bundle found)
- With `$shortest` upadted, you'll got a suggestion with `FooBundle` (because it has a better level than `FoooooBundle`)
This isn't a _bug fix_ since this is only supposed to help developper but not the final user.
**Question is**: should we keep that level comparison or just remove it?
Commits
-------
ac7f74e Use levenshtein level for better Bundle matching
* 2.7:
Fix computation of PR diffs for component matrix lines
[BUG] Delete class 'control-group' in bootstrap 3
[2.8] [Form] Modified iterator_to_array's 2nd parameter to false in ViolationMapper
* 2.7:
added missing constant in Response
Update HTTP statuses list
[Console][#18619] Prevent fatal error when calling Command#getHelper() without helperSet
added StaticVerionStrategyTest
Add SplFileInfo array doc on Finder iterator methods so that IDE will know what it returns
[2.3] [Form] Modified iterator_to_array's 2nd parameter to false in ViolationMapper
Updated the link to the list of currency codes
[console][table] adjust width of colspanned cell.
* 2.3:
Update HTTP statuses list
[Console][#18619] Prevent fatal error when calling Command#getHelper() without helperSet
Add SplFileInfo array doc on Finder iterator methods so that IDE will know what it returns
[2.3] [Form] Modified iterator_to_array's 2nd parameter to false in ViolationMapper
Updated the link to the list of currency codes
This PR was squashed before being merged into the 2.3 branch (closes#18761).
Discussion
----------
[2.3] [Form] Modified iterator_to_array's 2nd parameter to false in ViolationMapper
| Q | A
| ------------- | ---
| Branch? | 2.3
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
For https://github.com/symfony/symfony/pull/18747
Commits
-------
7101cab [2.3] [Form] Modified iterator_to_array's 2nd parameter to false in ViolationMapper
This PR was merged into the 2.3 branch.
Discussion
----------
Updated the link to the list of currency codes
| Q | A
| ------------- | ---
| Branch? | 2.3
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #18758
| License | MIT
| Doc PR | -
Commits
-------
09b70a1 Updated the link to the list of currency codes
* 2.7:
Drop hirak/prestissimo
bumped Symfony version to 2.7.14
updated VERSION for 2.7.13
updated CHANGELOG for 2.7.13
bumped Symfony version to 2.3.42
[Debug] Fix fatal error handlers on PHP 7
updated VERSION for 2.3.41
update CONTRIBUTORS for 2.3.41
updated CHANGELOG for 2.3.41
Conflicts:
src/Symfony/Component/HttpKernel/Kernel.php
This PR was merged into the 2.8 branch.
Discussion
----------
Fixed issue with blank password with Ldap
| Q | A
| ------------- | ---
| Branch? | 1.8
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
Commits
-------
c7d9c62 Fixed issue with blank password with Ldap
The bind operation of LDAP, as described in RFC 4513, provides a method
which allows for authentication of users. For the Simple Authentication
Method a user may use the anonymous authentication mechanism, the
unauthenticated authentication mechanism, or the name/password
authentication mechanism. The unauthenticated authentication mechanism
is used when a client who desires to establish an anonymous
authorization state passes a non-zero length distinguished name and a
zero length password. Most LDAP servers either can be configured to
allow this mechanism or allow it by default.
_Web-based applications which perform the simple bind operation with the
client's credentials are at risk when an anonymous authorization state is
established. This can occur when the web-based application passes a
distinguished name and a zero length password to the LDAP server._
Thus, misconfiguring a server with simple bind can trick Symfony into
thinking the username/password tuple as valid, potentially leading to
unauthorized access.
* 2.7:
[2.3][Component/Security] Fixed phpdoc in AnonymousToken constructor for user param
prevent calling get() for service_container service
call get() after the container was compiled
Fixed readme of OptionsResolver
[DependencyInjection] Suggest ExpressionLanguage in composer.json
* 2.3:
[2.3][Component/Security] Fixed phpdoc in AnonymousToken constructor for user param
call get() after the container was compiled
Fixed readme of OptionsResolver
This PR was merged into the 2.7 branch.
Discussion
----------
[FrameworkBundle] prevent calling get() for service_container service
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
This change will simply fix the tests once #18728 gets merged. An alternative approach would be to compile the container so that the code would still work even for services that have been set directly using `set()`. However, compiling the container in a descriptor imo is an unexpected side effect which I tried to avoid here.
Commits
-------
2d46bd4 prevent calling get() for service_container service
This PR was merged into the 2.3 branch.
Discussion
----------
call get() after the container was compiled
| Q | A
| ------------- | ---
| Branch? | 2.3
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
This will prevent future issues when calling `ContainerBuilder::get()` before compiling the container will be deprecated (see #18728).
Commits
-------
954126b call get() after the container was compiled
This PR was merged into the 2.7 branch.
Discussion
----------
[DependencyInjection] Suggest ExpressionLanguage in composer.json
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
As the DependencyInjection component has lots of classes containing uses of the ExpressionLanguage component, I propose to add it to the composer.json suggests.
Commits
-------
d6c9073 [DependencyInjection] Suggest ExpressionLanguage in composer.json
This PR was squashed before being merged into the 2.3 branch (closes#18727).
Discussion
----------
[2.3][Component/Security] Fixed phpdoc in AnonymousToken constructor for user param
| Q | A
| ------------- | ---
| Branch? | 2.3
| Bug fix? | yes, phpdoc one
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
Updated phpdoc of AnonymousToken $user param from string to string|object since an object is allowed to in the parent AbstractToken: https://github.com/symfony/symfony/blob/2.3/src/Symfony/Component/Security/Core/Authentication/Token/AbstractToken.php#L91
Commits
-------
b1c60b4 [2.3][Component/Security] Fixed phpdoc in AnonymousToken constructor for user param
This PR was merged into the 2.8 branch.
Discussion
----------
[EventDispatcher] check for method to exist
| Q | A
| ------------- | ---
| Branch? | 2.8
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | https://github.com/symfony/symfony/pull/16301#issuecomment-193150055
| License | MIT
| Doc PR |
This change must be reverted after being merged into the `3.0` branch (the `getListenerPriority()` method was added to the interface in Symfony 3.0).
Commits
-------
78ae2ad [EventDispatcher] check for method to exist
This PR was merged into the 2.8 branch.
Discussion
----------
[DX][DI] Make failed autowiring error messages more explicit
| Q | A
| ------------- | ---
| Branch? | 2.8
| Bug fix? | no (better DX integration)
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #18658
| License | MIT
| Doc PR | N/A
This is the PR improving the auto wiring error messages.
Two errors messages have augmented:
If a type-hint does not match any existing type and a service for this type cannot be automatically created, the error message now says so, instead of simply saying the type cannot be autowired.
If a type-hint matches multiple services and none of them provides an autowiringType for it, the error message now says so and list the candidate services, instead of simply saying the type cannot be autowired.
Commits
-------
2ac81f9 Make failed autowiring error messages more explicit
This PR was merged into the 2.8 branch.
Discussion
----------
[DependencyInjection] Use the priority of service decoration on service with parent
| Q | A
| ------------- | ---
| Branch? | 2.8
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
Commits
-------
d1ad43c [DependencyInjection] Fixed the priority of service decoration on service with parent
* 2.7:
add @Event annotation for AuthenticationEvents
add @Event annotation for KernelEvents
bumped Symfony version to 2.7.13
updated VERSION for 2.7.12
update CONTRIBUTORS for 2.7.12
updated CHANGELOG for 2.7.12
bumped Symfony version to 2.3.41
updated VERSION for 2.3.40
update CONTRIBUTORS for 2.3.40
updated CHANGELOG for 2.3.40
Revert "minor #18257 [Routing] Don't needlessly execute strtr's as they are fairly expensive (arjenm)"
Revert "fixed CS"
[FrameworkBundle] Remove misleading comment
bug #17460 [DI] fix ambiguous services schema
* 2.3:
add @Event annotation for AuthenticationEvents
bumped Symfony version to 2.3.41
updated VERSION for 2.3.40
update CONTRIBUTORS for 2.3.40
updated CHANGELOG for 2.3.40
bug #17460 [DI] fix ambiguous services schema
This PR was merged into the 2.8 branch.
Discussion
----------
[Security] Normalize "symfony/security-acl" dependency versions across all composer.json files
| Q | A
| ------------- | ---
| Branch? | 2.8
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
There are some inconsistencies in the Symfony 2.8 `symfony/security-acl` dependency versions that would help downstream if we could just package `symfony/security-acl` 3.0.0 instead of having to package both versions 2.8.0 (for Symfony 2.8) and 3.0.0 (for Symfony 3.0).
```
$ git clone https://github.com/symfony/symfony.git
Cloning into 'symfony'...
cd remote: Counting objects: 319438, done.
nyReceiving objects: 4% (12778/319438), 2.06 MiB | 4.12 MiB/s
4Receiving objects: 41% (130970/319438), 40.80 MiB | 7.86 MiB/s
remote: Total 319438 (delta 0), reused 0 (delta 0), pack-reused 319437
Receiving objects: 100% (319438/319438), 68.46 MiB | 8.21 MiB/s, done.
Resolving deltas: 100% (204691/204691), done.
Checking connectivity... done.
$ cd symfony
$ git checkout v2.8.4
Previous HEAD position was 4e17cb2... Merge branch '2.8' into 3.0
HEAD is now at 9e14f9f... Merge branch '2.7' into 2.8
$ find . -name 'composer.json' | xargs grep 'symfony/security-acl'
./src/Symfony/Bundle/SecurityBundle/composer.json: "symfony/security-acl": "~2.7|~3.0.0",
./src/Symfony/Bridge/Twig/composer.json: "symfony/security-acl": "~2.6|~3.0.0",
./src/Symfony/Component/Security/composer.json: "symfony/security-acl": "~2.7",
./composer.json: "symfony/security-acl": "~2.7",
```
Commits
-------
e249bc3 [Security] Normalize "symfony/security-acl" dependency versions across all composer.json files
This PR was merged into the 2.7 branch.
Discussion
----------
[FrameworkBundle] Remove misleading comment
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
This is not true for service_container anymore.
Commits
-------
9f2f858 [FrameworkBundle] Remove misleading comment
