This PR was merged into the 5.1-dev branch.
Discussion
----------
[DI] deprecate the `inline()` function from the PHP-DSL in favor of `service()`
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | no
| Deprecations? | yes
| Tickets | -
| License | MIT
| Doc PR | -
In the PHP-DSL, the `inline()` function helps declaring ... inline services.
I'm proposing to rename it to `service()`, for consistency with yaml tags. All other helpers but this one have the same name as the yaml tag.
Let's do this while "nobody" uses this format yet :)
Commits
-------
647d971ae4 [DI] deprecate the `inline()` function from the PHP-DSL in favor of `service()`
This PR was merged into the 5.1-dev branch.
Discussion
----------
[DI] allow decorators to reference their decorated service using the special `.inner` id
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | -
Right now, when one wants to decorate a service, one needs to reference the decorated service using `foo.inner`, where `foo` is the id of the decorating service.
There are two issues with this IMHO:
- it's weird to have to repeat the name of declaring service inside of it;
- it doesn't play well with child definitions.
In this PR, I propose to use `.inner` to fix both issues.
Before:
```yaml
services:
decorating_service:
arguments: [@decorating_service.inner]
decorates: decorated_service
```
After:
```yaml
services:
decorating_service:
arguments: [@.inner]
decorates: decorated_service
```
Commits
-------
7b6f767fbe [DI] allow decorators to reference their decorated service using the special `.inner` id
* 5.0:
[appveyor] bump cache
[Twig][Mime] Removed extra quotes in missing package exception message
[DI] µfix
Allowing empty secrets to be set
[DI] add missing property declarations in InlineServiceConfigurator
[DI] fix detecting short service syntax in yaml
Supress error from fread when reading a unix pipe
[HttpClient] Fix scoped client without query option configuration
[Workflow] Use a strict comparison when retrieving raw marking in MarkingStore
[Workflow] Use a strict comparison when retrieving raw markin in MarkingStore
* 4.4:
[appveyor] bump cache
[Twig][Mime] Removed extra quotes in missing package exception message
[DI] µfix
Allowing empty secrets to be set
[DI] add missing property declarations in InlineServiceConfigurator
[DI] fix detecting short service syntax in yaml
Supress error from fread when reading a unix pipe
[HttpClient] Fix scoped client without query option configuration
[Workflow] Use a strict comparison when retrieving raw marking in MarkingStore
[Workflow] Use a strict comparison when retrieving raw markin in MarkingStore
This PR was merged into the 4.4 branch.
Discussion
----------
[DI] fix detecting short service syntax in yaml
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | -
We do allow interfaces/classes as keys in arguments, yet the short syntax fails to know about those.
This fixes it, allowing one to use:
```
services:
App\Foo:
App\BarInterface: '@App\BarClass'
```
As a reminder, by-name is also allowed:
```
services:
App\Foo: {
$bar: '@App\BarClass'
}
```
Commits
-------
bf17165fb1 [DI] fix detecting short service syntax in yaml
This PR was merged into the 4.4 branch.
Discussion
----------
[DI] add missing property declarations in InlineServiceConfigurator
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | -
These are accessed by the traits used by the class.
Commits
-------
a6a4442cd9 [DI] add missing property declarations in InlineServiceConfigurator
This PR was merged into the 4.4 branch.
Discussion
----------
[Process] Fixed input/output error on PHP 7.4
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | Fix#34945
| License | MIT
| Doc PR |
This PR aims to fix the error from #34945, but i'm unsure if this is the best solution. The issue is that on PHP 7.4 the input/output error may come up.
php.net/manual/en/migration74.incompatible.php#migration74.incompatible.core.fread-fwrite
> fread() and fwrite() will now return FALSE if the operation failed. Previously an empty string or 0 was returned. EAGAIN/EWOULDBLOCK are not considered failures. These functions now also raise a notice on failure, such as when trying to write to a read only file resource.
Commits
-------
b98abde65a Supress error from fread when reading a unix pipe
This PR was squashed before being merged into the 5.1-dev branch.
Discussion
----------
Update Connection.php
Get `region` from `host` to prevent error "Credential should be scoped to a valid region, not '...'" and make it easier to setup DSN
| Q | A
| ------------- | ---
| Branch? | master for features / 3.4, 4.4 or 5.0 for bug fixes <!-- see below -->
| Bug fix? | yes/no
| New feature? | yes/no <!-- please update src/**/CHANGELOG.md files -->
| Deprecations? | no <!-- please update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| Tickets | Fix #... <!-- prefix each issue number with "Fix #", if any -->
| License | MIT
| Doc PR | symfony/symfony-docs#... <!-- required for new features -->
<!--
Replace this notice by a short README for your feature/bugfix. This will help people
understand your PR and can be used as a start for the documentation.
Additionally (see https://symfony.com/releases):
- Always add tests and ensure they pass.
- Never break backward compatibility (see https://symfony.com/bc).
- Bug fixes must be submitted against the lowest maintained branch where they apply
(lowest branches are regularly merged to upper ones so they get the fixes too.)
- Features and deprecations must be submitted against branch master.
-->
Commits
-------
af6804828b Update Connection.php
This PR was merged into the 5.1-dev branch.
Discussion
----------
[OptionsResolver] Improve the deprecation feature by handling package and version
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? |no
| New feature? | yes
| Deprecations? | yes
| Tickets |
| License | MIT
| Doc PR | TODO
Commits
-------
c3f5e2c1c8 [OptionsResolver] Improve the deprecation feature by handling package + version
* 5.0:
[PropertyAccess] fix tests
[WebProfilerBundle] fix test
remove assertions that can never be reached
[PropertyAccess] Improve message of unitialized property in php 7.4
[HttpFoundation] Fixed session migration with custom cookie lifetime
[HttpKernel][FrameworkBundle] fix compat with Debug component
[Serializer] Remove unused variable
Allow URL-encoded special characters in basic auth part of URLs
[Serializer] Fix unitialized properties (from PHP 7.4.2) when serializing context for the cache key
[Validator] Add missing Ukrainian and Russian translations
Track session usage when setting the token
[4.4][MonologBridge] Fix $level type
[5.0][MonologBridge] Fix $level type
No need to reconnect the bags to the session
Support for Content Security Policy style-src-elem and script-src-elem in WebProfiler
[PropertyInfo][ReflectionExtractor] Check the array mutator prefixes last when the property is singular
[Security][Http][SwitchUserListener] Ignore all non existent username protection errors
Add installation and minimal example to README
* 4.4:
[PropertyAccess] fix tests
[WebProfilerBundle] fix test
remove assertions that can never be reached
[PropertyAccess] Improve message of unitialized property in php 7.4
[HttpFoundation] Fixed session migration with custom cookie lifetime
[HttpKernel][FrameworkBundle] fix compat with Debug component
[Serializer] Remove unused variable
Allow URL-encoded special characters in basic auth part of URLs
[Serializer] Fix unitialized properties (from PHP 7.4.2) when serializing context for the cache key
[Validator] Add missing Ukrainian and Russian translations
Track session usage when setting the token
[4.4][MonologBridge] Fix $level type
No need to reconnect the bags to the session
Support for Content Security Policy style-src-elem and script-src-elem in WebProfiler
[PropertyInfo][ReflectionExtractor] Check the array mutator prefixes last when the property is singular
[Security][Http][SwitchUserListener] Ignore all non existent username protection errors
Add installation and minimal example to README
* 3.4:
[PropertyAccess] fix tests
[WebProfilerBundle] fix test
remove assertions that can never be reached
[PropertyAccess] Improve message of unitialized property in php 7.4
[HttpFoundation] Fixed session migration with custom cookie lifetime
[Serializer] Remove unused variable
Allow URL-encoded special characters in basic auth part of URLs
[Serializer] Fix unitialized properties (from PHP 7.4.2) when serializing context for the cache key
[Validator] Add missing Ukrainian and Russian translations
No need to reconnect the bags to the session
Support for Content Security Policy style-src-elem and script-src-elem in WebProfiler
[PropertyInfo][ReflectionExtractor] Check the array mutator prefixes last when the property is singular
This PR was merged into the 3.4 branch.
Discussion
----------
[PropertyInfo][ReflectionExtractor] Check the array mutator prefixes last when the property is singular
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | https://github.com/symfony/symfony/issues/36079
| License | MIT
| Doc PR | -
Check the related tickets that have a very descriptive example.
If the property is singular, we should prioritize non array mutator prefixes and do the opposite for plural property. It relies on some guessing but it actually fixes real world scenarios.
Commits
-------
b4df2b9dff [PropertyInfo][ReflectionExtractor] Check the array mutator prefixes last when the property is singular
This PR was squashed before being merged into the 3.4 branch.
Discussion
----------
[PropertyAccess] Improve message of unitialized property in php 7.4
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| Tickets | Fix#36277
| License | MIT
Improve message of unitialized property in php 7.4 ;
Before
You should either initialize it or make it nullable using "?string" instead.
After
You should either initialize it or make it nullable using "?string $var = null" instead.
Commits
-------
3c8bf2d29d [PropertyAccess] Improve message of unitialized property in php 7.4
This PR was merged into the 5.1-dev branch.
Discussion
----------
[HttpFoundation] Add support for all core response http control directives
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| Deprecations? | no
| Tickets | Fix#35720
| License | MIT
| Doc PR | N/A
Add support for all core cache-control directives
see : https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Cache-Control
Commits
-------
011cd38974 [HttpFoundation] Add support for all core http control directives
This PR was squashed before being merged into the 3.4 branch.
Discussion
----------
[HttpFoundation] Fixed session migration with custom cookie lifetime
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | Fix#28577
| License | MIT
| Doc PR |
This PR adds the fix proposed in https://github.com/symfony/symfony/issues/28577#issuecomment-578052397
Commits
-------
3e824de385 [HttpFoundation] Fixed session migration with custom cookie lifetime
This PR was merged into the 5.1-dev branch.
Discussion
----------
[HttpKernel] allow cache warmers to add to the list of preloaded classes and files
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| Deprecations? | yes
| Tickets | -
| License | MIT
| Doc PR | -
This PR makes cache warmers responsible for returning a list of classes or files to preload. It does so by adding the following to `WarmableInterface::warmUp()`:
`@return string[] A list of classes or files to preload on PHP 7.4+`
Of course, this return value is properly implemented so that we can see what this provides in practice. Here are the benchmarks on a simple Hello World rendered with Twig:
- without preloading: 360 req/s
- with preloading in master: 560 req/s (+55%)
- with preloading and this PR: 630 req/s (+75%)
Commits
-------
8ab75d99d4 [HttpKernel] allow cache warmers to add to the list of preloaded classes and files
This PR was merged into the 5.1-dev branch.
Discussion
----------
[Mime] strengthen is_resource() checks
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | -
Improves seekable checks by using
`stream_get_meta_data($h)['seekable'] && 0 === fseek($h, 0, SEEK_CUR)`
instead of just
`stream_get_meta_data($h)['seekable']`
which is better when using userland stream wrappers.
Commits
-------
be9c675710 [Mime] strengthen is_resource() checks
This PR was squashed before being merged into the 5.1-dev branch.
Discussion
----------
[Security] Refactor logout listener to dispatch an event instead
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | yes (sort of...)
| New feature? | yes
| Deprecations? | yes
| Tickets | Fix#25212, Fix#22473
| License | MIT
| Doc PR | tbd
The current `LogoutListener` has some extension points, but they are not really DX-friendly (ref #25212). It requires hacking a `addMethodCall('addHandler')` in the container builder to register a custom logout handler.
Also, it is impossible to overwrite the default logout functionality from a bundle (ref #22473).
This PR introduces a `LogoutEvent` that replaces both the `LogoutSuccessHandlerInterface` and `LogoutHandlerInterface`. This provides a DX-friendly extension point and also cleans up the authentication factories (no more `addMethodCall()`'s).
In order to allow different logout handlers for different firewalls, I created a specific event dispatcher for each firewall (as also shortly discussed in #33558). The `dispatcher` tag attribute allows you to specify which dispatcher it should be registered to (defaulting to the global dispatcher). The `EventBubblingLogoutListener` also dispatches logout events on the global dispatcher, to be used for listeners that should run on all firewalls.
_@weaverryan and I discussed this feature while working on #33558, but figured it was unrelated and could be done while preservering BC. So that's why a separate PR is created._
Commits
-------
a9f096eb1f [Security] Refactor logout listener to dispatch an event instead
This PR was merged into the 4.4 branch.
Discussion
----------
[Routing] Add installation and minimal example to README
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| Tickets | n/a
| License | MIT
| Doc PR | symfony/symfony-docs#13431
Similair to what I did in #35552, this PR updates the README of the Routing component to include a minimal example and installation command.
Commits
-------
be6612060c Add installation and minimal example to README
This PR was squashed before being merged into the 5.1-dev branch.
Discussion
----------
[Messenger] Add a \Throwable argument in RetryStrategyInterface methods
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| Deprecations? | no
| Tickets | Fix#36182
| License | MIT
This allows to define new retry strategies based on the exceptions thrown during the last handling.
Commits
-------
5fa9d68e8b [Messenger] Add a \Throwable argument in RetryStrategyInterface methods
This PR was merged into the 3.4 branch.
Discussion
----------
[HttpFoundation] No need to reconnect the bags to the session after session_regenerate_id
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | -
Bug https://bugs.php.net/70013 was fixed before the release of PHP v7.0
https://3v4l.org/A8YmY
Related to https://github.com/symfony/symfony/pull/15243
Commits
-------
923c24f438 No need to reconnect the bags to the session
This PR was squashed before being merged into the 3.4 branch.
Discussion
----------
[Serializer] Fix unitialized properties (from PHP 7.4.2) when serializing context for the cache key
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | Fix https://github.com/symfony/symfony/issues/35574https://github.com/doctrine/orm/issues/8030
| License | MIT
| Doc PR | N/A
This bug only happens on the following conditions:
- A Doctrine entity (`Book`) having a relation with another entity (`Author`) is used;
- The `Author` entity uses typed properties (PHP 7.4) not initialized;
- The `Serializer` is used with the `Book` in the `OBJECT_TO_POPULATE` key in the context.
For instance:
```php
<?php
declare(strict_types=1);
namespace App\Entity;
use Doctrine\ORM\Mapping as ORM;
/** @ORM\Entity */
class Book
{
/**
* @ORM\ManyToOne(targetEntity="Author")
*/
public Author $author;
public ?string $isbn;
}
```
```php
<?php
declare(strict_types=1);
namespace App\Entity;
use Doctrine\ORM\Mapping as ORM;
/** @ORM\Entity */
class Author
{
public ?string $name;
}
```
Or even:
```php
<?php
declare(strict_types=1);
namespace App\Entity;
use Doctrine\ORM\Mapping as ORM;
/** @ORM\Entity */
class Author
{
private string $name;
public function __construct()
{
$this->name = 'Leo';
}
}
```
If the following is done (it's the case for instance in API Platform when a `PUT` is made):
```php
$serializer->deserialize('{"isbn":"2038717141"}', Book::class, 'json', ['object_to_populate' => $book]);
```
Then there will be the following error:
> Fatal error: Typed property Proxies\__CG__\App\Entity\Author::$ must not be accessed before initialization (in __sleep)
It's because of these lines in the `getCacheKey` method of the `AbstractObjectNormalizer`:
5da141b8d0/src/Symfony/Component/Serializer/Normalizer/AbstractObjectNormalizer.php (L405-L409)
Since the lazy proxyfied relation has a `__sleep` with unitialized properties, the `serialize` method will throw (since https://bugs.php.net/bug.php?id=79002: 846b647953).
I propose to fix this issue by unsetting the `OBJECT_TO_POPULATE` key in the context because I don't think it's useful for determining the attributes of the object.
For the next versions of Symfony, the fix should probably be elsewhere, in the default context.
For instance in Symfony 4.4, instead of:
15edfd39d4/src/Symfony/Component/Serializer/Normalizer/AbstractObjectNormalizer.php (L118)
It should be:
```php
$this->defaultContext[self::EXCLUDE_FROM_CACHE_KEY] = [self::CIRCULAR_REFERENCE_LIMIT_COUNTERS, self::OBJECT_TO_POPULATE];
```
But I'm not sure how it should be merged (another PR maybe?).
Commits
-------
1fafff7c10 [Serializer] Fix unitialized properties (from PHP 7.4.2) when serializing context for the cache key
This PR was squashed before being merged into the 3.4 branch.
Discussion
----------
[Validator] Add missing Ukrainian and Russian translations
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| Tickets | none
| License | MIT
Commits
-------
d43ef4ec92 [Validator] Add missing Ukrainian and Russian translations
This PR was merged into the 5.1-dev branch.
Discussion
----------
[Config] Improve the deprecation features by handling package and version
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| Deprecations? | yes
| Tickets | https://github.com/orgs/symfony/projects/1#card-32681032
| License | MIT
| Doc PR | TODO
Commits
-------
f4de76dba0 [Config] Improve the deprecation features by handling package and version
This PR was merged into the 5.1-dev branch.
Discussion
----------
[DependencyInjection] Fix alias deprecations with package and version
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | -
Firstly, this PR fixes the alias dump by the XmlDumper to be consistent with stof comment in the inital PR (the message is the node content) - it is the case for deprecated services. Otherwise, we need to add the "message" attribute in the XSD.
Secondly, it fixes the arguments when the deprecation is actually triggered as well as two related tests.
Commits
-------
5ee5654171 [DependencyInjection] Fix alias deprecations with package and version
* 5.0:
Fix wrong namespaces
Fix wrong namespaces
Fix the reporting of deprecations in twig:lint
forward multiple attributes voting flag
bumped Symfony version to 5.0.8
updated VERSION for 5.0.7
updated CHANGELOG for 5.0.7
bumped Symfony version to 4.4.8
updated VERSION for 4.4.7
updated CHANGELOG for 4.4.7
[Validator] Fixed calling getters before resolving groups
[HttpKernel][LoggerDataCollector] Prevent keys collisions in the sanitized logs processing
* 4.4:
Fix wrong namespaces
Fix wrong namespaces
Fix the reporting of deprecations in twig:lint
forward multiple attributes voting flag
bumped Symfony version to 4.4.8
updated VERSION for 4.4.7
updated CHANGELOG for 4.4.7
[Validator] Fixed calling getters before resolving groups
[HttpKernel][LoggerDataCollector] Prevent keys collisions in the sanitized logs processing
This PR was merged into the 5.1-dev branch.
Discussion
----------
[HttpFoundation][HttpKernel][Security] Improve UnexpectedSessionUsageException backtrace
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes <!-- please update src/**/CHANGELOG.md files -->
| Deprecations? | no <!-- please update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| Tickets |
| License | MIT
| Doc PR |
Improve `UnexceptedSessionUsageException` backtrace so that it leads to the place in the userland where it was told to use session.
Commits
-------
1e1d332c7c Improve UnexcpectedSessionUsageException backtrace
This PR was squashed before being merged into the 5.1-dev branch.
Discussion
----------
[FrameworkBundle] Dump kernel extension configuration
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| Deprecations? | no
| Tickets | #34756
| License | MIT
If the kernel is a container extension and defines a configuration, the `config:dump-reference` will now be able to dump it.
Commits
-------
2ccafb1eb3 [FrameworkBundle] Dump kernel extension configuration
This PR was merged into the 5.1-dev branch.
Discussion
----------
[DI] dump factory files as classes
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | -
This PR is a performance improvement when using `bin/console` on the command line.
Once upon a time, we advised setting `container.dumper.inline_factories` to `false` so that the container could be chunked into many files. More recently, we turned this setting back to `true` in order to optimize for preloading. But this made `bin/console` back to slow: since the CLI cannot have opcache, PHP has to parse this potentially big file all the time. Previous data already showed this can grow big.
This PR fixes the issue by generating many files again. But instead of generating the inline code within each file, we now wrap this code inside a class. Then we list this class for preloading.
This way, we have the best of both worlds: a `bin/console` that scales no matter the size of the app and top perf when using preloading (I benched a small hello world before/after the patch with preloading enabled, there is no measurable difference.)
This should also fix a memory leak that happens when factory files contain closures.
Commits
-------
cedb5cd429 [DI] dump factory files as classes
This PR was merged into the 3.4 branch.
Discussion
----------
[HttpKernel][LoggerDataCollector] Prevent keys collisions in the sanitized logs processing
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | https://github.com/symfony/symfony/issues/36159
| License | MIT
| Doc PR | -
`$sanitizedLogs` is used with numeric and "associative" keys. To prevent collisions when the message is a number, we can simply prepend all messages with a random letter (so we avoid a behavior refactor). It doesn't matter since they key is only used for the processing, it is dropped at the end.
Commits
-------
79fe888072 [HttpKernel][LoggerDataCollector] Prevent keys collisions in the sanitized logs processing
This PR was squashed before being merged into the 5.1-dev branch.
Discussion
----------
[Uid] Improve the code
Improve the reuse of code, programing for extension and not for modification, create a Trait with similar behavior for getTime method in uuid types. Eliminate duplicate code in Uuid
| Q | A
| ------------- | ---
| Branch? | 5.1
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| Tickets | Fix #...
| License | MIT
| Doc PR | symfony/symfony-docs#...
Keep the same functionality, just improve a little the code, eliminating duplications and reusing some lines.
Commits
-------
106c733bce [Uid] Improve the code
* 5.0:
[HttpFoundation] Do not set the default Content-Type based on the Accept header
[Security] Fix access_control behavior with unanimous decision strategy
* 4.4:
[HttpFoundation] Do not set the default Content-Type based on the Accept header
[Security] Fix access_control behavior with unanimous decision strategy
* 5.0: (27 commits)
Fix versions
[Security/Http] Allow setting cookie security settings for delete_cookies
[DI] fix generating TypedReference from PriorityTaggedServiceTrait
[FrameworkBundle] revert to legacy wiring of the session when circular refs are detected
bumped Symfony version to 3.4.40
updated VERSION for 3.4.39
update CONTRIBUTORS for 3.4.39
updated CHANGELOG for 3.4.39
[DomCrawler] Fix BC break in assertions breaking Panther
[BrowserKit] fixed missing post request parameters in file uploads
update Italian translation
[Validator] Add missing Hungarian translations
[Validator] Add the missing translations for the Arabic (ar) locale
[Validator] Add missing vietnamese translations
[Console] Fix OutputStream for PHP 7.4
add missing gitattributes for phpunit-bridge
add German translations
Bump Symfony version to 5.0.7
Update VERSION for 5.0.6
Update CHANGELOG for 5.0.6
...
* 4.4:
Fix versions
[Security/Http] Allow setting cookie security settings for delete_cookies
[DI] fix generating TypedReference from PriorityTaggedServiceTrait
[FrameworkBundle] revert to legacy wiring of the session when circular refs are detected
bumped Symfony version to 3.4.40
updated VERSION for 3.4.39
update CONTRIBUTORS for 3.4.39
updated CHANGELOG for 3.4.39
[DomCrawler] Fix BC break in assertions breaking Panther
[BrowserKit] fixed missing post request parameters in file uploads
update Italian translation
[Validator] Add missing Hungarian translations
[Validator] Add the missing translations for the Arabic (ar) locale
[Validator] Add missing vietnamese translations
[Console] Fix OutputStream for PHP 7.4
add German translations
bug #36157 [Validator] Assert Valid with many groups
[Validator] Add missing Lithuanian translations
Fixed some typos
Add french "at least" constraint translations
* 3.4:
Fix versions
[Security/Http] Allow setting cookie security settings for delete_cookies
[FrameworkBundle] revert to legacy wiring of the session when circular refs are detected
bumped Symfony version to 3.4.40
updated VERSION for 3.4.39
update CONTRIBUTORS for 3.4.39
updated CHANGELOG for 3.4.39
update Italian translation
[Validator] Add missing Hungarian translations
[Validator] Add the missing translations for the Arabic (ar) locale
[Validator] Add missing vietnamese translations
[Console] Fix OutputStream for PHP 7.4
add German translations
bug #36157 [Validator] Assert Valid with many groups
[Validator] Add missing Lithuanian translations
Fixed some typos
Add french "at least" constraint translations
This PR was merged into the 3.4 branch.
Discussion
----------
[Security/Http] Allow setting cookie security settings for delete_cookies
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | Fix https://github.com/symfony/symfony/pull/36243#discussion_r399646893
| License | MIT
| Doc PR | tbd
Similar to #36173 and #36175. This is needed for Chrome 80 compatibility.
My only question is whether we should introduce these specific settings, or somehow fetch them from `framework.session`?
Commits
-------
a696d1f3af [Security/Http] Allow setting cookie security settings for delete_cookies
This PR was merged into the 3.4 branch.
Discussion
----------
[Validator] Assert Valid with many groups
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | Fix https://github.com/symfony/symfony/issues/36157
| License | MIT
Make a reference object get validated by each group when using the Valid constraint with many groups
Commits
-------
c9aa3a849a bug #36157 [Validator] Assert Valid with many groups
This PR was merged into the 3.4 branch.
Discussion
----------
[Validator] Add missing vietnamese translations
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | no <!-- please update src/**/CHANGELOG.md files -->
| Deprecations? | no <!-- please update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| Tickets | - <!-- prefix each issue number with "Fix #", if any -->
| License | MIT
| Doc PR | - <!-- required for new features -->
<!--
Replace this notice by a short README for your feature/bugfix. This will help people
understand your PR and can be used as a start for the documentation.
Additionally (see https://symfony.com/releases):
- Always add tests and ensure they pass.
- Never break backward compatibility (see https://symfony.com/bc).
- Bug fixes must be submitted against the lowest maintained branch where they apply
(lowest branches are regularly merged to upper ones so they get the fixes too.)
- Features and deprecations must be submitted against branch master.
-->
Commits
-------
25fdc8e580 [Validator] Add missing vietnamese translations
This PR was squashed before being merged into the 3.4 branch.
Discussion
----------
[Console] Fix OutputStream for PHP 7.4
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | Fix#36166
| License | MIT
From PHP 7.4, `fwrite` function now returns false for any failure: https://www.php.net/manual/en/migration74.incompatible.php#migration74.incompatible.core.fread-fwrite
Actually, the note in the PHP documentation is not exact: for PHP 7.3 and lower, `fwrite` function did return false when arguments passed in to the function were invalid, and 0 for other failures. From PHP 7.4, it returns false for any failure.
We can see it in the source code: for PHP 7.3: a1a8d14485/ext/standard/file.c (L1140)
Compare to PHP 7.4: https://github.com/php/php-src/blob/master/ext/standard/file.c#L1136
I update `OutputStream::doWrite()` to keep the same behavior as before.
Commits
-------
b375f93ed7 [Console] Fix OutputStream for PHP 7.4
This PR was squashed before being merged into the 4.4 branch.
Discussion
----------
add missing gitattributes for phpunit-bridge
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | no
| New feature? | no <!-- please update src/**/CHANGELOG.md files -->
| Deprecations? | no <!-- please update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| Tickets |
| License | MIT
| Doc PR |
Seems like the phpunit bridge has been forgotten in https://github.com/symfony/symfony/pull/33579
Commits
-------
d4c052a2fa add missing gitattributes for phpunit-bridge
When using allow_extra_fields feature (and set to false) with an extra_fields_message, this message may now support pluralization regarding count of extra fields (extra data). e.g. "extra field found|extra fields found"
* 5.0:
[Http Foundation] Fix clear cookie samesite
[Security] Check if firewall is stateless before checking for session/previous session
[Form] Support customized intl php.ini settings
[Security] Remember me: allow to set the samesite cookie flag
[Debug] fix for PHP 7.3.16+/7.4.4+
[Validator] Backport translations
[Mailer] Use %d instead of %s for error code in error messages
[HttpKernel] fix locking for PHP 7.4+
[Security] Fixed hardcoded value of SODIUM_CRYPTO_PWHASH_MEMLIMIT_INTERACTIVE
Prevent warning in proc_open()
[FrameworkBundle] Fix Router Cache
Fix deprecation messages
* 4.4:
[Http Foundation] Fix clear cookie samesite
[Security] Check if firewall is stateless before checking for session/previous session
[Form] Support customized intl php.ini settings
[Security] Remember me: allow to set the samesite cookie flag
[Debug] fix for PHP 7.3.16+/7.4.4+
[Validator] Backport translations
[Mailer] Use %d instead of %s for error code in error messages
[HttpKernel] fix locking for PHP 7.4+
[Security] Fixed hardcoded value of SODIUM_CRYPTO_PWHASH_MEMLIMIT_INTERACTIVE
Prevent warning in proc_open()
[FrameworkBundle] Fix Router Cache
Fix deprecation messages
* 3.4:
[Http Foundation] Fix clear cookie samesite
[Security] Check if firewall is stateless before checking for session/previous session
[Form] Support customized intl php.ini settings
[Security] Remember me: allow to set the samesite cookie flag
[Debug] fix for PHP 7.3.16+/7.4.4+
[Validator] Backport translations
Prevent warning in proc_open()