On 32-bit systems the cookie expiration value was not being calculated
correctly as it was being fetched as an integer. When the timestamp exceeded
the PHP_INT_MAX size it would return an invalid value, breaking the cookie
construction.
The BrowserKit cookie has now been updated to get the timestamp as a string
which works around this platform limitation.
This PR was squashed before being merged into the 2.8 branch (closes#19786).
Discussion
----------
Update profiler's layout to use flexbox
| Q | A
| ------------- | ---
| Branch? | 2.8
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
### Problem
The layout of the profiler uses some old CSS tricks to make the sidebar look like a same-height sidebar (`margin-bottom: -99999px;` and `padding-bottom: 99999px;`, a large `min-height` in the content, etc.)
This works most of the time ... but there are some edge cases where the sidebar looks ugly (it doesn't have the same height as the main content).
### Solution
This proposal updates the profiler layout to use CSS flexbox.
* It looks and behaves exactly like before ... but it also fixes all the edge cases.
* flexbox has ~90% of global browser support --> so it should be 100% of Symfony developers
---
~~Sadly **there is one issue that I cannot solve**:~~
~~* The "Performance" panel doesn't work on Chrome and Firefox (but it works on Safari!!)~~
~~* The problem is that the `getContainerWidth()` function in `time.html.twig` template doesn't return the right value and the generated canvas has a wrong width.~~
~~Any clues?~~ It's fixed now!
Commits
-------
d986ac0 Update profiler's layout to use flexbox
This PR was merged into the 2.7 branch.
Discussion
----------
[Yaml] Remove legacy code
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
It looks like these lines were forgotten during the transition to 2.0 as references are already [managed in `Inline`](https://github.com/symfony/symfony/blob/master/src/Symfony/Component/Yaml/Inline.php#L542-L559).
Commits
-------
a88dff3 [Yaml] Remove legacy code
* 2.7:
[VarDumper] Various minor fixes & cleanups
Revert "bug #18935 [Form] Consider a violation even if the form is not submitted (egeloen)"
[HttpKernel] Add missing SsiFragmentRendererTest
Fixes the calendar in constructor to handle null
This PR was merged into the 2.7 branch.
Discussion
----------
[VarDumper] Various minor fixes & cleanups
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| Tests pass? | yes
| License | MIT
Minor fixes & cleanups found while working on a few VarDumper enhancements.
I'm going to merge this one quickly to unlock the other PRs I'm preparing for master.
Commits
-------
a989491 [VarDumper] Various minor fixes & cleanups
This PR was merged into the 2.7 branch.
Discussion
----------
[HttpKernel] Add missing SsiFragmentRendererTest
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
One notable difference between ESI/SSI fragments renderers is that [passing options to the strategy doesn't impact the rendered ssi include tag](d666c64eb0 (diff-98eb5db767a1d6600cff43b74800ae46R37)).
Commits
-------
6c89199 [HttpKernel] Add missing SsiFragmentRendererTest
* 2.7:
[Validator][GroupSequence] fixed GroupSequence validation ignores PropertyMetadata of parent classes
[FrameworkBundle][Security] Remove useless mocks
[DoctrineBridge] Enhance exception message in EntityUserProvider
added friendly exception when constraint validator does not exist or it is not enabled
remove duplicate instruction
[FrameworkBundle] Remove TranslatorBagInterface check
[FrameworkBundle] Remove duplicated code in RouterDebugCommand
[Validator] fixed duplicate constraints with parent class interfaces
SecurityBundle:BasicAuthenticationListener: removed a default argument on getting a header value
This PR was merged into the 2.7 branch.
Discussion
----------
[DoctrineBridge] Enhance exception message in EntityUserProvider
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
Lots of people use the `UserEntityProvider` without having a custom Repository for the user entity configured on the entity provider and in this case, if the `property` key of the provider isn't set, the exception thrown says:
> The Doctrine repository "Doctrine\ORM\EntityRepository" must implement Symfony\Bridge\Doctrine\Security\User\UserLoaderInterface
"Doctrine\ORM\EntityRepository" doesn't feel relevant.
Plus, we can't guess that the exception is thrown first because there is no `property` configured on the corresponding provider, that is useful to have in the trace IMHO.
If accepted, `"Symfony\Component\Security\Core\User\UserProviderInterface"` will need to be replaced by `"Symfony\Bridge\Doctrine\Security\User\UserLoaderInterface"` when merging in newer branches.
Commits
-------
acc0460 [DoctrineBridge] Enhance exception message in EntityUserProvider
This PR was merged into the 2.7 branch.
Discussion
----------
[SecurityBundle] BasicAuthenticationListener: simpler getting value from Request
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| License | MIT
Unless I'm mistaken, the default `null` should be OK. If it's not, I will create a new PR with a test proving that `false` or other "special" value must be used.
Commits
-------
d67f090 SecurityBundle:BasicAuthenticationListener: removed a default argument on getting a header value
* 2.7:
[ClassLoader] Fix tests
[Debug][HttpKernel][VarDumper] Prepare for committed 7.2 changes
[DependencyInjection] PhpDumper::isFrozen inconsistency
[DI] Cleanup array_key_exists
include dynamic services in list of alternatives
[Debug] Swap dumper services at bootstrap
This PR was merged into the 2.7 branch.
Discussion
----------
[ClassLoader] Fix tests
| Q | A
| ------------- | ---
| Branch? | 2.7
| Tests pass? | yes
| License | MIT
As discussed right now on php-internals, this string is ignored and the docs only tells about null.
Commits
-------
0f95708 [ClassLoader] Fix tests
This PR was merged into the 2.7 branch.
Discussion
----------
[Debug] Swap dumper services at bootstrap
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
---
This commit fix a bug when using debug function too soon.
For example, if you call dump function during kernel::boot() the
dump output will be sent to stderr, even in a web context.
With this patch, the data collector is used by default, so the
dump output is send to the WDT. In a CLI context, if dump is used
too soon, the datacollector will buffer it, and release it at the
end of the script. So in this case everything will be visible by the
end used.
Commits
-------
d80589c [Debug] Swap dumper services at bootstrap
This PR was merged into the 2.7 branch.
Discussion
----------
[DI][2.7] Include dynamic services in alternatives
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | comma-separated list of tickets fixed by the PR, if any
| License | MIT
| Doc PR | reference to the documentation PR, if any
Commits
-------
428b5cc include dynamic services in list of alternatives
This PR was merged into the 2.7 branch.
Discussion
----------
[Debug][HttpKernel][VarDumper] Prepare for committed 7.2 changes (aka "small-bc-breaks")
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| Tests pass? | yes
| License | MIT
On PHP 7.2:
- `is_object()` is going to return `true` for `__PHP_Incomplete_Class` instances
- `gettype($closed_resource);` returns "resource (closed)"
ping @nikic FYI
see https://travis-ci.org/symfony/symfony/jobs/154114269 for fixed tests (except the one on ClassLoader which is a BC break on 7.1 that should be fixed there IMHO).
Commits
-------
feb2cd0 [Debug][HttpKernel][VarDumper] Prepare for committed 7.2 changes
This PR was merged into the 2.8 branch.
Discussion
----------
[DependencyInjection] Fix service autowiring inheritance
| Q | A
| ------------- | ---
| Branch? | 2.8
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #19615
| License | MIT
| Doc PR | n/a
This makes services inherit the `autowire` attribute from their parent and fix the ability to override it from the child.
Fixed cases:
- Simple inheritance
```yaml
parent:
class: Foo
abstract: true
autowire: true
child:
class: Foo
```
- Set in the child (only)
```yaml
parent:
class: Foo
abstract: true
child:
class: Foo
autowire: true
```
- Set in the parent, changed in the child
```yaml
parent:
class: Foo
abstract: true
autowire: true
child:
class: Foo
autowire: false
```
Commits
-------
fb95bdc [DIC] Fix service autowiring inheritance
This PR was squashed before being merged into the 2.7 branch (closes#19666).
Discussion
----------
Verify explicitly that the request IP is a valid IPv4 address
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
Take the following base code (the array is based on [CloudFlare IP Ranges](https://www.cloudflare.com/ips/)):
```php
use Symfony\Component\HttpFoundation\IpUtils;
$ips = [
"103.21.244.0/22",
"103.22.200.0/22",
"103.31.4.0/22",
"104.16.0.0/12",
"108.162.192.0/18",
"131.0.72.0/22",
"141.101.64.0/18",
"162.158.0.0/15",
"172.64.0.0/13",
"173.245.48.0/20",
"188.114.96.0/20",
"190.93.240.0/20",
"197.234.240.0/22",
"198.41.128.0/17",
"199.27.128.0/21",
"2400:cb00::/32",
"2405:8100::/32",
"2405:b500::/32",
"2606:4700::/32",
"2803:f800::/32",
"2c0f:f248::/32",
"2a06:98c0::/29",
];
```
Before this PR, the following code would have returned `true` instead of the expected `false` value:
```php
IpUtils::checkIp('blablabla', $ips);
```
This due to the `ip2long` function returning `false` for an invalid IP address, thus returning `"00000000000000000000000000000000"` with the following code:
```php
sprintf('%032b', ip2long('blablabla'));
```
To fix this I simply check if the `$requestIp` variable contains a valid IP address.
Commits
-------
17e418c Verify explicitly that the request IP is a valid IPv4 address
This PR was merged into the 2.7 branch.
Discussion
----------
[HttpKernel] Fix too strict test
| Q | A
| ------------- | ---
| Branch? | 2.7
| Tests pass? | yes
| License | MIT
This test is too strict and prevents adding properties to Data objects for no reason.
Commits
-------
2e7301d [HttpKernel] Fix too strict test
* 2.7:
Disable CLI color for Windows 10 greater than 10.0.10586
Exception details break the layout
[HttpKernel] Remove wrong docblock
[HttpKernel] Fix HttpCache validation HTTP method
Move space from the before 'if' to the after 'if'
[TwigBundle] Add a check for choice's attributes emptiness before calling block('attributes')
This PR was merged into the 2.7 branch.
Discussion
----------
Exception details break the layout
Exception details break the layout
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| License | MIT
By adding `word-wrap: break-word;` the exception details will wrap inside the block.
Commits
-------
00b4ecb Exception details break the layout
This PR was merged into the 2.7 branch.
Discussion
----------
[TwigBundle] Add a check for choice's attributes emptiness before calling block('attributes')
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| License | MIT
Remove unnecessary block calling for choices without "choice_attr" option. This check gain the performance on a large datasets.
Previous Pull to master #19527
Commits
-------
bf6748d Move space from the before 'if' to the after 'if'
d1cf4d1 [TwigBundle] Add a check for choice's attributes emptiness before calling block('attributes')
This commit fix a bug when using debug function too soon.
For example, if you call dump function during kernel::boot() the
dump output will be sent to stderr, even in a web context.
With this patch, the data collector is used by default, so the
dump output is send to the WDT. In a CLI context, if dump is used
too soon, the datacollector will buffer it, and release it at the
end of the script. So in this case everything will be visible by the
end used.
* 2.7:
[Routing] Add missing options in docblock
[VarDumper] Fix dumping continuations
[HttpFoundation] fixed Request::getContent() reusage bug
[Form] Skip CSRF validation on form when POST max size is exceeded
Enhance the phpDoc return types so IDEs can handle the configuration tree.
fixes
Remove 3.0 from branch suggestions for fixes in PR template
[Process] Strengthen Windows pipe files opening (again...)
Fix#19531 [Form] DateType fails parsing when midnight is not a valid time
This PR was squashed before being merged into the 2.7 branch (closes#19549).
Discussion
----------
[HttpFoundation] fixed Request::getContent() reusage bug
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
After calling ```Request::getContent(true)```, subsequent calls to the
same instance method (withouth the ```$asResource``` flag) always returned
```false``` instead of the request body as a plain string.
A unit test already existed to guard against this behaviour (the 'Resource then fetch' case) but it
yielded a false positive because it was comparing ```''``` to ```false``` using
PHPUnit's ```assertEquals``` method instead of ```assertSame```.
For completeness sake I also added the missing usage permutations in
the data provider, which already worked OK.
Commits
-------
c42ac66 [HttpFoundation] fixed Request::getContent() reusage bug
This PR was squashed before being merged into the 2.7 branch (closes#19373).
Discussion
----------
[Form] Skip CSRF validation on form when POST max size is exceeded
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #19140
| License | MIT
| Doc PR | N/A
In #19140 the CSRF validation listener was not aware that the POST max size had exceeded, and was adding a form error message that wasn't relevant to the actual error.
This introduces the `ServerParams` utility class into the `CsrfValidationListener` and checks that the POST max size has not been exceeded. If it has then it won't bother trying to validate the CSRF token.
My main concern with this change is that it opens up an attack vector around tokens, but I've encapsulated the request size validation in a single method in `ServerParams` now so that the request handlers are using the same logic.
Commits
-------
289531f [Form] Skip CSRF validation on form when POST max size is exceeded
This PR was merged into the 2.7 branch.
Discussion
----------
Fix#19531 [Form] DateType fails parsing when midnight is not a valid time
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #19531
| License | MIT
| Doc PR |
Commits
-------
c951bb6Fix#19531 [Form] DateType fails parsing when midnight is not a valid time
* 2.7:
[travis] fix after box updates
Console: Fix indentation of Help: section of txt usage help
[Intl] Update ICU data to 57.1
[Config] Improved test
Added class existence check if is_subclass_of() fails in compiler passes
This PR was squashed before being merged into the 2.7 branch (closes#19468).
Discussion
----------
[Intl] Update ICU data to 57.1
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #19315
| License | MIT
| Doc PR | -
I think the only thing that makes sense with ICU is to always be on the latest available version.
Commits
-------
a48c00b [Intl] Update ICU data to 57.1
This PR was merged into the 2.7 branch.
Discussion
----------
[Config] Improved test
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | ~
| License | MIT
| Doc PR | ~
Commits
-------
456d53a [Config] Improved test
This PR was merged into the 2.7 branch.
Discussion
----------
Added class existence check if is_subclass_of() fails in compiler passes
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | comma-separated list of tickets fixed by the PR, if any
| License | MIT
| Doc PR | no
Backport of #19342 to 2.7 branch
Commits
-------
77adea7 Added class existence check if is_subclass_of() fails in compiler passes
This PR was merged into the 2.7 branch.
Discussion
----------
[Routing] Reorder assert parameters
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
The expected value must be the first parameter.
Commits
-------
7f88796 [Routing] Reorder assert parameters
This PR was merged into the 2.7 branch.
Discussion
----------
Added missing czech validators translation of not expected charset
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| License | MIT
Profiler was complaining about using a not translated message so I translated it.
Not sure if bug or feature. The bug label is probably not apropriate, sorry. But I guess it should be merged to all versions.
Commits
-------
7eacae8 Added missing czech validators translation of not expected charset
This PR was merged into the 2.8 branch.
Discussion
----------
[VarDumper] Relax 1 test failing with latest PHP versions
| Q | A
| ------------- | ---
| Branch? | 2.8
| Bug fix? | no
| New feature? | o
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | N/A
| License | MIT
| Doc PR | reference to the documentation PR, if any
Related to php bug https://bugs.php.net/72646 which is fixed in 5.6.25RC1, 7.0.10RC1, 7.1.0beta2
Detected in Fedora CI, failed since 7.0.10RC1, see
https://apps.fedoraproject.org/koschei/package/php-symfony
Commits
-------
6703b41 Relax 1 test failing with latest PHP versions
eabbcf0 bumped Symfony version to 2.8.10
* 2.7:
Remove usage of __CLASS__ outside of a class
[HttpKernel] Fix variable conflicting name
[Process] Fix double-fread() when reading unix pipes
[Process] Fix AbstractPipes::write() for a situation seen on HHVM (at least)
[Validator] Fix dockblock typehint in XmlFileLoader
bumped Symfony version to 2.7.17
updated VERSION for 2.7.16
update CONTRIBUTORS for 2.7.16
updated CHANGELOG for 2.7.16
Conflicts:
src/Symfony/Component/HttpKernel/Kernel.php
Added error-suppression to the `is_executable($path)` call, too, per the bug noted just above.
The cited issue manifests as such without it:
```
ErrorException in ExecutableFinder.php line 63:
is_executable(): open_basedir restriction in effect. File(/usr/share/php) is not within the allowed path(s): (/usr/share/php:/tmp:/usr/share/phpmyadmin:/etc/phpmyadmin:/var/lib/phpmyadmin:/usr/local/zend/var/zray/extensions:/usr/local/zend/share:/usr/local/zend/var/plugins)
```
This PR was merged into the 2.7 branch.
Discussion
----------
[HttpKernel] Fix variable conflicting name
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
Simply fix a conflicting name (`$bundle` is used for the foreach on line 466 and 476). It works for the moment only because there is nothing after the second foreach inside the first.
Commits
-------
9ac9f55 [HttpKernel] Fix variable conflicting name
This PR was merged into the 2.7 branch.
Discussion
----------
[Process] Fix double-fread() when reading unix pipes
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
While looking at the blackfire profile of a `composer install`, I was able to reduce the number of calls to `fread` from 90k to 60k using this patch (and from 60k to <1k with https://github.com/composer/composer/pull/5569 but that's another story).
In fact, we should continue reading only if there might be something next, which won"t be the case if the buffer has not been filled.
Commits
-------
ac17617 [Process] Fix double-fread() when reading unix pipes
This PR was squashed before being merged into the 2.7 branch (closes#19446).
Discussion
----------
[Console] Overcomplete argument exception message tweak.
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| License | MIT
Updates the exception message when to many arguments are passed.
From;
```php
'Too many arguments.'
```
To:
```php
'No argument expected, got "foo".'
// or
'Too many arguments, expected arguments "foo".'
// or
'Too many arguments, expected arguments "foo, bar".'
// ... turtles all the way down
```
Commits
-------
7af59cd [Console] Overcomplete argument exception message tweak.
* 2.7:
[TwigBundle] Removed redundant return statement.
[TwigBridge] Removed extra arguments in 2 places.
[Process] Fix write access check for pipes on Windows
[HttpKernel] Use flock() for HttpCache's lock files
This PR was merged into the 2.7 branch.
Discussion
----------
[HttpKernel] Use flock() for HttpCache's lock files
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | no
| Fixed tickets | #16777, #15813 and #16312 are also related
| License | MIT
| Doc PR |
When a PHP process crashes or terminates (maybe the OOM killer kicks in or other bad things ™️ happen) while the `HttpCache` holds a `.lck` file, that lock file may not get `unlink()`ed.
The result is that other requests trying to access this cache entry will see a few seconds delay while waiting for the lock; they will eventually continue but send 503 status codes along with the response. The sudden buildup of PHP processes caused by the additional delay may cause further problems (sudden load increase).
As `LockHandler` is using `flock()`-based locking, locks should be released by the OS when the PHP process terminates.
I wrote this as bugfix against 2.7 because every once in a while I encounter situations (not always reproducible) where `.lock` files are left over and keep the cache locked.
Commits
-------
2668edd [HttpKernel] Use flock() for HttpCache's lock files
This PR was merged into the 2.7 branch.
Discussion
----------
[Process] Fix write access check for pipes on Windows
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #19336, #19416
| License | MIT
| Doc PR | -
Commits
-------
66e694e [Process] Fix write access check for pipes on Windows
* 2.7:
[Console] Application update PHPDoc of add and register methods
[Config] Extra tests for Config component
Fixed bugs in names of classes and methods.
[DoctrineBridge] Fixed php doc
[FrameworkBundle] Fixed parameters number mismatch declaration
[BrowserKit] Added test for followRedirect method (POST method)
Fix the money form type render with Bootstrap3
[BrowserKit] Uppercase the "GET" method in redirects
[WebProfilerBundle] Fixed JSDoc parameter definition
[HttpFoundation] HttpCache refresh stale responses containing an ETag
Conflicts:
src/Symfony/Component/BrowserKit/Tests/ClientTest.php
src/Symfony/Component/Security/Acl/Resources/bin/generateSql.php
This PR was squashed before being merged into the 2.7 branch (closes#19389).
Discussion
----------
[Console] Application update PHPDoc of add and register methods
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| License | MIT
The [PHPDoc](https://github.com/symfony/symfony/blob/2.7/src/Symfony/Component/Console/Application.php#L354) states the method will always return a command, but it doesn't. Since [Application::register](https://github.com/symfony/symfony/blob/2.7/src/Symfony/Component/Console/Application.php#L328) returns the result of `add` directly is also doesn't always return the command (as its PHPDoc states).
Commits
-------
6f0474f [Console] Application update PHPDoc of add and register methods
This PR was squashed before being merged into the 2.7 branch (closes#19399).
Discussion
----------
[Config] Extra tests for Config component
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | ~
| License | MIT
| Doc PR | ~
Commits
-------
d0f4434 [Config] Extra tests for Config component
This PR was squashed before being merged into the 2.7 branch (closes#19405).
Discussion
----------
Fixed bugs in names of classes and methods.
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | ~
| License | MIT
| Doc PR | ~
It's related to case sensitive.
I changed only calls of names of called methods but not definition of methods because BC.
Commits
-------
c41aa03 Fixed bugs in names of classes and methods.
This PR was squashed before being merged into the 2.7 branch (closes#19392).
Discussion
----------
[BrowserKit] Added test for followRedirect method (POST method)
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | ~
| License | MIT
| Doc PR | ~
Test covers 'else' branches in these conditions:
```php
if (in_array($this->internalResponse->getStatus(), array(302, 303))) {
$method = 'get';
$files = array();
$content = null;
} else {
$method = $request->getMethod();
$files = $request->getFiles();
$content = $request->getContent();
}
if ('get' === strtolower($method)) {
// Don't forward parameters for GET request as it should reach the redirection URI
$parameters = array();
} else {
$parameters = $request->getParameters();
}
```
Commits
-------
2ace5d8 [BrowserKit] Added test for followRedirect method (POST method)
This PR was merged into the 2.7 branch.
Discussion
----------
[2.7] [HttpFoundation] HttpCache refresh stale responses containing an ETag
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? |no
| BC breaks? |no
| Deprecations? |no
| Tests pass? | yes
| Fixed tickets | #19390, #6746
| License | MIT
| Doc PR |
This PR is the replacement of #19391, which points at the wrong branch.
Commits
-------
96df6b9 [HttpFoundation] HttpCache refresh stale responses containing an ETag
This PR was merged into the 2.7 branch.
Discussion
----------
[Form] Fix the money form type render with Bootstrap3
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | Part fixing https://github.com/symfony/symfony/issues/19424
| License | MIT
| Doc PR | none
There is a confusion between the variable naming, and the result expected.
When prepend variable is false, the currency symbol must be add after the widget.
When the `money_pattern`starts with `{{`, `prepend` variable must be `false`.
Commits
-------
637a441 Fix the money form type render with Bootstrap3
This PR was merged into the 2.8 branch.
Discussion
----------
[DomCrawler] Inherit the namespace cache in subcrawlers
| Q | A
| ------------- | ---
| Branch? | 2.8
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #12298
| License | MIT
| Doc PR | n/a
This inherits any already discovered/registered namespace with subcrawlers, improving performance when using namespaces.
I submitted to 2.8 rather than 2.7, because the namespace mapping feature was actually buggy in 2.x, because of the fact that nodes could belong to different documents in the same Crawler while the namespace map was shared. The fact that the map was not inherited in subcrawler mitigated this issue (by reducing changes to have multiple documents in the same subcrawler). 2.8 deprecated this possibility to have multiple documents, so I'm fine with applying this here.
Note that the subcrawler inherits the namespace cache at the time it is created, but the cache is not shared between instance (so if a subcrawler discovers an additional namespace of the document, it will not be available for the parent crawler of other subcrawlers of the parent). Sharing the cache would be totally possible (as they share the same document anyway) and would make the experience even better (removing the need to ensure that the root crawler discovers namespace before filtering). But it would require moving from an array to an object. I'm not sure we want to do this in a patch release. What do you think @symfony/deciders ?
Commits
-------
e89c758 [DomCrawler] Inherit the namespace cache in subcrawlers
There is a confusion between the variable naming, and the result expected.
When prepend variable is false, the currency symbol must be add after the widget.
When the money_patternstarts with {{, prepend variable must be false.
This PR was merged into the 2.8 branch.
Discussion
----------
Added class existence check if is_subclass_of() fails in compiler passes
| Q | A
| ------------- | ---
| Branch? | 2.8-3.1
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
If you create an event subscriber and make typo in file name it will cause next error:
```
[InvalidArgumentException]
Service "event.notification_subscriber" must implement interface "Symfony\Component\EventDispatcher\EventSubscriberInterface".
```
That's because of `is_subclass_of()` fails on class absentee. I made error message more clear.
Commits
-------
72db6e7 Added class existence check if is_subclass_of() fails in compiler passes
This PR was merged into the 2.7 branch.
Discussion
----------
Fix the DBAL session handler version check for Postgresql
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | no
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
https://github.com/symfony/symfony/pull/19048 broken the DBAL session handler when using Postgresql by using method which does not exist on the main DBAL Connection class.
Commits
-------
e98c584 Fix the DBAL session handler version check for Postgresql
* 2.7:
[VarDumper] Fix dumping jsons casted as arrays
PassConfig::getMergePass is not an array
Revert "bug #19114 [HttpKernel] Dont close the reponse stream in debug (nicolas-grekas)"
Fix the retrieval of the last username when using forwarding
[Yaml] Fix PHPDoc of the Yaml class
[HttpFoundation] Add OPTIONS and TRACE to the list of safe methods
Update getAbsoluteUri() for query string uris
This PR was squashed before being merged into the 2.7 branch (closes#19343).
Discussion
----------
PassConfig::getMergePass is not an array
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
Just a minor glitch my IDE noticed :-)
Commits
-------
edbefac PassConfig::getMergePass is not an array
This PR was squashed before being merged into the 2.7 branch (closes#19321).
Discussion
----------
[HttpFoundation] Add OPTIONS and TRACE to the list of safe methods
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
According to [RFC 7231](https://tools.ietf.org/html/rfc7231#section-8.1.3) `OPTIONS` and `TRACE` are safe methods.
Commits
-------
1404607 [HttpFoundation] Add OPTIONS and TRACE to the list of safe methods
This PR was merged into the 2.7 branch.
Discussion
----------
[BrowserKit] Update Client::getAbsoluteUri() for query string only URIs
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #19303
| License | MIT
| Doc PR | -
This PR allows BrowserKit to treat a value containing only query string parameters the same way anchor/hash values are treated when passed as a URI argument to the getAbsoluteUri() method. Helps when encountering sites that force a redirect with a location header value containing only a query string.
Commits
-------
965408f Update getAbsoluteUri() for query string uris
* 2.7:
[HttpKernel] fixed internal subrequests having an if-modified-since-header
[Validator] Added additional MasterCard range to the CardSchemeValidator
Make the exception message more clear.
[Form] fixed bug - name in ButtonBuilder
[ClassLoader] Fix declared classes being computed when not needed
This PR was merged into the 2.7 branch.
Discussion
----------
[ClassLoader] Fix declared classes being computed when not needed
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | no
| Fixed tickets | -
| License | MIT
| Doc PR | -
Commits
-------
d513eae [ClassLoader] Fix declared classes being computed when not needed
This PR was merged into the 2.7 branch.
Discussion
----------
[Validator] Added additional MasterCard range to the CardSchemeValidator
From October 2016 MasterCard will introduce a new card range, 222100 through 272099.
See: https://www.mctestcards.com/ (click the help in top right)
This implements the additional regex for validation to succeed, and some additional unit tests for this new range.
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
Commits
-------
4d68f56 [Validator] Added additional MasterCard range to the CardSchemeValidator
This PR was squashed before being merged into the 2.7 branch (closes#19290).
Discussion
----------
[HttpKernel] fixed internal subrequests having an if-modified-since-header
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
As the InlineFragmentRenderer has no access to a cached copy of a subrequest's target and hence couldn't handle a response with a HTTP status code of 304 (not modified), it makes no sense to send an if-not-modified-since header.
Commits
-------
e90038c [HttpKernel] fixed internal subrequests having an if-modified-since-header
This PR was squashed before being merged into the 2.8 branch (closes#19307).
Discussion
----------
[Security] Fix deprecated usage of DigestAuthenticationEntryPoint::getKey() in DigestAuthenticationListener
| Q | A
| ------------- | ---
| Branch? | 2.8
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
Fix the following deprecation triggered by Symfony when using the `http_digest` authentication:
<details>
<summary>Symfony\Component\Security\Http\EntryPoint\DigestAuthenticationEntryPoint::getKey() is deprecated since version 2.8 and will be removed in 3.0. Use getSecret() instead. </summary>
> DigestAuthenticationEntryPoint::getKey() (called from DigestAuthenticationListener.php at line 81)
DigestAuthenticationListener::handle() (called from classes.php at line 2622)
Firewall::onKernelRequest()
call_user_func() (called from WrappedListener.php at line 61)
WrappedListener::__invoke()
call_user_func() (called from classes.php at line 1858)
EventDispatcher::doDispatch() (called from classes.php at line 1773)
EventDispatcher::dispatch() (called from TraceableEventDispatcher.php at line 140)
TraceableEventDispatcher::dispatch() (called from HttpKernel.php at line 125)
HttpKernel::handleRaw() (called from HttpKernel.php at line 64)
HttpKernel::handle() (called from ContainerAwareHttpKernel.php at line 69)
ContainerAwareHttpKernel::handle() (called from Kernel.php at line 193)
Kernel::handle() (called from app_dev.php at line 36)
</details>
Refs: #16493
Commits
-------
880a392 [Security] Fix deprecated usage of DigestAuthenticationEntryPoint::getKey() in DigestAuthenticationListener
From October 2016 MasterCard will introduce a new card range,
222100 through 272099.
See: https://www.mctestcards.com/ (click the help in top right)
Implements unit tests and validation for this new card range.
* 2.7:
removed @since
Remove and change unrelevant comments in Validator and Security components.
[Validator] UuidValidator must accept a Uuid constraint.
[Validator] make UuidValidator class formatting consistent.
This PR was merged into the 2.7 branch.
Discussion
----------
[Validator] [Security] Remove unrelevant comments in Security and Validator components
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | ~
| License | MIT
| Doc PR | ~
Commits
-------
2cec4a6 Remove and change unrelevant comments in Validator and Security components.
* 2.7:
[travis] Fix deps=low/high builds
fixed CS
Fix for #19183 to add support for new PHP MongoDB extension in sessions.
bumped Symfony version to 2.7.16
updated VERSION for 2.7.15
update CONTRIBUTORS for 2.7.15
updated CHANGELOG for 2.7.15
Fixed typos in the expectedException annotations
Conflicts:
src/Symfony/Component/HttpKernel/Kernel.php
This PR was merged into the 2.8 branch.
Discussion
----------
[Console] Fix block() padding formatting after #19189
| Q | A
| ------------- | ---
| Branch? | 2.8
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | https://github.com/symfony/symfony/pull/19189#issuecomment-229735157
| License | MIT
| Doc PR | reference to the documentation PR, if any
This fixes the unformatted padding of `block()` output after #19189.
Commits
-------
dc130be [Console] Fix for block() padding formatting after #19189
This PR was squashed before being merged into the 2.8 branch (closes#19218).
Discussion
----------
[Security][Guard] check if session exist before using it
| Q | A
| ------------- | ---
| Branch? | 2.8
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #18958
| License | MIT
| Doc PR | -
As stated by @Shekhovtsovy when the Guard component is used without the Symfony full stack (for instance in Laravel), $request->getSession() may be null.
An additionnal PR will be needed for 3.1 but it may be better to check this one before.
Commits
-------
a3f7510 [Security][Guard] check if session exist before using it
This PR was squashed before being merged into the 2.7 branch (closes#19243).
Discussion
----------
Fixed typos in the expectedException annotations
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | N/A
| License | MIT
| Doc PR | N/A
PHPUnit ignores any imports when resolving these. You must always reference the FQCN.
Commits
-------
b36de36 Fixed typos in the expectedException annotations
* 2.7:
[HttpKernel] Add listener that checks when request has both Forwarded and X-Forwarded-For
[HttpKernel] Move conflicting origin IPs handling to catch block
[travis] Fix deps=low/high patching
This PR was squashed before being merged into the 2.7 branch (closes#18688).
Discussion
----------
[HttpFoundation] Warning when request has both Forwarded and X-Forwarded-For
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR | symfony/symfony-docs#6526
Emit a warning when a request has both a trusted Forwarded header and a trusted X-Forwarded-For header, as this is most likely a misconfiguration which causes security issues.
Commits
-------
ee8842f [HttpFoundation] Warning when request has both Forwarded and X-Forwarded-For
This PR was squashed before being merged into the 2.7 branch (closes#19173).
Discussion
----------
[Console] Decouple SymfonyStyle from TableCell
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | ~
| License | MIT
| Doc PR | ~
Alternative approach, ie BC, for #19136 (i prefer that one though, as it also _fixes_ #19123 )
Commits
-------
51f59d6 [Console] Decouple SymfonyStyle from TableCell
This PR was merged into the 2.8 branch.
Discussion
----------
fixed form tests
| Q | A
| ------------- | ---
| Branch? | 2.8
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | no
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
Commits
-------
d0130d9 fixed form tests
This PR was merged into the 2.7 branch.
Discussion
----------
removed dots at the end of @param and @return
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
For phpdocs, we only add dots for sentences like description, but not for @param and @return for instance. This PR fixes this issue.
This should probably be added to PHP-CS-Fixer as well (/cc @phansys @keradus).
Commits
-------
554303e removed dots at the end of @param and @return
This PR was merged into the 2.8 branch.
Discussion
----------
[Console] Fix formatting of SymfonyStyle::comment()
| Q | A
| ------------- | ---
| Branch? | 2.8
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #19172
| License | MIT
| Doc PR | n/a
This:
```php
$io->comment('Lorem ipsum dolor sit amet, consectetur adipisicing elit, <comment>sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat </comment>cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.');
```
Before outputs:
![](http://image.prntscr.com/image/1d2ea9de42024b53a77120c482be51d4.png)
After:
![](http://image.prntscr.com/image/36de23ec14b64804b0cbae7a431185be.png)
This moves the lines-cutting logic from `block()` into a specific `createBlock`, used from both `comment()` and `block()`, sort as `comment()` can take messages containing nested tags and outputs a correctly formatted block without escaping tags.
Commits
-------
0a53e1d [Console] Fix formatting of SymfonyStyle::comment()
This PR was merged into the 2.7 branch.
Discussion
----------
fixed typo
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
/cc @pborreli This one is for me :)
Commits
-------
e334960 fixed typo
Remove decoration from frameworkbundle test (avoid testing the Console behaviour)
Set background to default
Test output
Adapt test for FrameworkBundle
Use Helper::strlenWithoutDecoration rather than Helper::strlen(strip_tags(..))
Improve logic for align all lines to the first in block()
Tests more block() possible outputs
Avoid calling Helper::strlenWithoutDecoration in loop for prefix, assign it instead
* 2.7:
[CS] Respect PSR2 4.2
[Form] fix `empty_data` option in expanded `ChoiceType`
[Console] removed unneeded private methods
sync min email validator version
[TwigBridge] Fix inconsistency in LintCommand help
explicitly forbid e-mail validator 2.0 or higher
Fixed SymfonyQuestionHelper multi-choice with defaults
[DoctrineBridge] Don't use object IDs in DoctrineChoiceLoader when passing a value closure
Differentiate between the first time a progress bar is displayed and subsequent times
finished previous commit
No more exception for malformed input name
fix post_max_size_message translation
[Process] Fix pipes cleaning on Windows
Avoid phpunit 5.4 warnings on getMock
[Form] Add exception to FormRenderer about non-unique block names
[Form] Consider a violation even if the form is not submitted
This PR was merged into the 2.7 branch.
Discussion
----------
[WIP] [2.7] [Form] fix `empty_data` option in expanded `ChoiceType`
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #17791
| License | MIT
| Doc PR | -
It might happen because in `Form::submit()` the handling of `empty_data` [line 597](https://github.com/symfony/symfony/blob/master/src/Symfony/Component/Form/Form.php#L597) comes after each child of a compound field has been submitted [line 549](https://github.com/symfony/symfony/blob/master/src/Symfony/Component/Form/Form.php#L549).
So when `ChoiceType` is `expanded`, `compound` option is defaulted to `true` and it passes its empty submitted data to its children before handling its own `empty_data` option.
This PR uses the listener already added in `ChoiceType` only when `expanded` is true to handle `empty_data` at `PRE_SUBMIT` [line 539](https://github.com/symfony/symfony/blob/master/src/Symfony/Component/Form/Form.php#L539).
- [ ] Fix FQCN in tests for 2.8
- [ ] Remove `choices_as_values` in tests for 3.0
Commits
-------
d479adf [Form] fix `empty_data` option in expanded `ChoiceType`
This PR was merged into the 2.7 branch.
Discussion
----------
Distinguish between first and subsequent progress bar displays
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #19133
| License | MIT
| Doc PR | reference to the documentation PR, if any
Fixes https://github.com/symfony/symfony/issues/19133
When a progress bar is first displayed, if it is multi-line, previously output lines are erased, depending upon the number of lines in the progress bar.
This patch fixes that be distinguishing between the first display (no erasing of previous output) and subsequent displays of the progress bar.
Commits
-------
3871e1a Differentiate between the first time a progress bar is displayed and subsequent times