This PR was merged into the 2.6-dev branch.
Discussion
----------
[Debug] add some file link format handling
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
Commits
-------
c6923af [Debug] add some file link format handling
This PR was merged into the 2.6-dev branch.
Discussion
----------
[DependencyInjection] Removed unreachable code
| Q | A
| ------------- | ---
| Bug fix? | not really
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
According to undefined $e, this is an unreachable code. As I can see, circular references are handled by parent method.
Commits
-------
ecedea2 [DependencyInjection] Removed unreachable code
* 2.5:
fixed deps
[Debug] fixed class lookup when using PSR-0 with a target dir
fixed standalone tests
fixed standalone tests
[Validator] fixed component standalone tests
fixed standalone component tests depending on Validator and Form
fixed some composer.json to make standalone component tests pass
[SecurityBundle] fixed tests when used in standalone
* 2.4:
[Debug] fixed class lookup when using PSR-0 with a target dir
fixed standalone tests
fixed standalone tests
[Validator] fixed component standalone tests
fixed standalone component tests depending on Validator and Form
fixed some composer.json to make standalone component tests pass
[SecurityBundle] fixed tests when used in standalone
Conflicts:
src/Symfony/Component/HttpKernel/Tests/Bundle/BundleTest.php
src/Symfony/Component/Validator/composer.json
This PR was merged into the 2.6-dev branch.
Discussion
----------
Expression language extensibility
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #10512
| License | MIT
| Doc PR | not yet
The way we can add functions to an ExpressionLanguage instance is by using inheritance. #10512 tries to make the expression language in the routing flexible but using inheritance won't work when several bundles want to add functions.
So, this PR takes another approach to solve the problem globally.
Todo:
* [x] add some more tests
* [ ] add some docs
Commits
-------
7c24188 [FrameworkBundle] added a compiler pass for expression language providers
4195a91 [Routing] added support for custom expression language functions
1a39046 [Security] added support for custom expression language functions
79bcd52b [DependencyInjection] added support for custom expression language functions
184742c [ExpressionLanguage] added ExpressionFunction and ExpressionFunctionProviderInterface
This PR was merged into the 2.6-dev branch.
Discussion
----------
[Security] Fix BC break introduced in #10694
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #12034
| License | MIT
Not sure about this fix, @stof 'ing welcome
Commits
-------
b2183aa [Security] Fix BC break introduces in #10694
* 2.5:
Make Doctrine's dependency injection test less fragile.
[Finder] [Iterator] Make the tests less fragile
[Form][DateTime] Propagate invalid_message & invalid_message parameters to date & time sub widgets
Fix expression language in the container when using the "container" variable
Conflicts:
src/Symfony/Component/Form/Extension/Core/Type/DateTimeType.php
* 2.4:
Make Doctrine's dependency injection test less fragile.
[Finder] [Iterator] Make the tests less fragile
[Form][DateTime] Propagate invalid_message & invalid_message parameters to date & time sub widgets
Fix expression language in the container when using the "container" variable
* 2.3:
Make Doctrine's dependency injection test less fragile.
[Finder] [Iterator] Make the tests less fragile
[Form][DateTime] Propagate invalid_message & invalid_message parameters to date & time sub widgets
This PR was merged into the 2.6-dev branch.
Discussion
----------
fixed translator locale when dealing with sub-requests
| Q | A
| ------------- | ---
| Bug fix? | yes, kinda
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
This fixes the (edge) case where the locale of a sub-requests is different from the locale of the master request. The listener synchronizes the translator locale with the one from the request.
Commits
-------
0e65af2 fixed translator locale when dealing with sub-requests
This PR was merged into the 2.6-dev branch.
Discussion
----------
[DependencyInjection] made some perf improvements
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | yes
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
This PR optimizes the creation of dumped containers drastically (thanks @jpauli for the hint).
The Container class generated by the PHP dumper does not include the `getDefaultParameters()` method anymore. It does not seem like a big deal to me as I fail to see a use case where someone would override this method.
Commits
-------
e1a3ef8 [DependencyInjection] made some perf improvements
This PR was merged into the 2.6-dev branch.
Discussion
----------
[2.3] Update src/Symfony/Component/HttpFoundation/Request.php
This makes `getContentType()` work when a regular form is submitted. It would return `"form"`
Commits
-------
c81ec4d Update src/Symfony/Component/HttpFoundation/Request.php
This PR was squashed before being merged into the 2.6-dev branch (closes#11453).
Discussion
----------
[Config] Allow extra hint in exception message
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #1666
| License | MIT
| Doc PR | symfony/symfony-docs#4047
Commits
-------
3062b3e [Config] Allow extra hint in exception message
* 2.5:
[Validator] Added ConstraintValidator::buildViolation() helper for BC with 2.4 API
[Validator] Fixed LegacyValidator when only a constraint is validated
Conflicts:
src/Symfony/Component/Form/Extension/Validator/Constraints/FormValidator.php
src/Symfony/Component/Validator/Constraints/AbstractComparisonValidator.php
src/Symfony/Component/Validator/Constraints/RangeValidator.php
This PR was merged into the 2.6-dev branch.
Discussion
----------
[Security] make it possible to override the default success/failure handler
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #5432, #9272, #10417, #11926
| License | MIT
| Doc PR | symfony/symfony-docs#4258
Overriding the default success/failure handler of the security firewalls is possible via the `success_handler` and `failure_handler` setting but this approach is not flexible as it does not allow you to get the options/provider key.
To sum up the problem:
* Overriding the default success/failure handler is possible via a service;
* When not overridden, the default success/failure handler gets options and the provider key;
* Those options and the provider key are injected by the factory as they are dynamic (they depend on the firewall and the provider key), so getting those options/provider key is not possible for a custom service that is only configured via the container configuration;
* Extending the default handler does not help as the injection mechanism is only triggered when no custom provider is set;
* Wrapping the default handler is not possible as the service id is dynamic.
... and of course we need to keep BC and make it work for people extending the default handler but also for people just using the interface.
Instead of the current PR, I propose this slightly different approach. It's not perfect, but given the above constraint, I think this is an acceptable trade-of.
So, several use cases:
* Using the default handler (no change);
* Using a custom handler that implements `AuthenticationSuccessHandlerInterface` directly and does not need any options (no change);
* Using a custom handler that needs the options/provider key (that's the new use case this PR supports).
This PR introduces 2 new classes that wrap custom handlers. If those classes define the `setOptions()` and/or `setProviderKey()` methods, they are automatically called with the correct arguments. Yours handler does not need to extend the default handler `DefaultAuthentication*Handler`, but doing so helps as the setters are already defined there.
Commits
-------
810eeaf [Security] made it possible to override the default success/failure handler (take 2)
36116fc [Security] made it possible to override the default success/failure handler
This PR was merged into the 2.5 branch.
Discussion
----------
[Validator] Added ConstraintValidator::buildViolation() helper for BC with the 2.4 API
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
This PR adds a `buildViolation()` helper method to the base `ConstraintValidator` to remove the API checks (2.4 vs. 2.5) from the constraint validator implementations. Once the 2.4 API is removed, this helper method will be removed as well.
**Todos**
- [x] Backport changes from #12021
Commits
-------
6b0c24a [Validator] Added ConstraintValidator::buildViolation() helper for BC with 2.4 API
This PR was merged into the 2.5 branch.
Discussion
----------
[Validator] Fixed LegacyValidator when only a constraint is validated
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
The 2.5-BC API is currently broken for the following use case:
```php
$validator->validate($value, $constraint);
```
This is fixed now.
Commits
-------
1d48206 [Validator] Fixed LegacyValidator when only a constraint is validated
This PR was merged into the 2.6-dev branch.
Discussion
----------
[Form] Choice children can be template customized like collection
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | yes
| BC breaks? | yes?
| Deprecations? | no
| Tests pass? | No ?
| Fixed tickets |
| License | MIT
| Doc PR | None
I wanted to customize the template of a children of a choice field. I learned it was not currently possible, though it is with the collection type. So this should let people be able to customize the template for all the choice children at once.
Ie:
```jinja
{% block _user_colors_entry_widget %}
```
Still have to fix the tests
Commits
-------
4e6b27f [Form] Choice children can be template customized like collection
* 2.5:
[Command] Set the process title as late as possible
[Form] Removed constructor argument from FormTypeHttpFoundationExtension for forward compatibility with 2.5
[Validator] Simplified testing of violations
remove obsolete test file
[FrameworkBundle] output failed matched path for clarification
bug #10242 Missing checkPreAuth from RememberMeAuthenticationProvider
[Validator] Fixed StaticMethodLoaderTest to actually test something
[Form] Fixed ValidatorTypeGuesser to guess properties without constraints not to be required
Use request format from request in twig ExceptionController
fixed bug
added the possibility to return null from SimplePreAuthenticationListener
[Form] Moved POST_MAX_SIZE validation from FormValidator to request handler
[Form] Add a form error if post_max_size has been reached.
Response::isNotModified returns true when If-Modified-Since is later than Last-Modified
[WebProfilerBundle] turbolinks compatibility
Conflicts:
src/Symfony/Component/Form/Tests/Extension/Validator/Constraints/FormValidatorTest.php
This PR was squashed before being merged into the 2.4 branch (closes#12030).
Discussion
----------
Fix expression language in the container when using the "container" variable
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #11995
| License | MIT
| Doc PR | n/a
See #11995 for the description of the problem.
Commits
-------
2b2f0df Fix expression language in the container when using the "container" variable
* 2.4:
[Form] Removed constructor argument from FormTypeHttpFoundationExtension for forward compatibility with 2.5
[Validator] Simplified testing of violations
remove obsolete test file
[FrameworkBundle] output failed matched path for clarification
bug #10242 Missing checkPreAuth from RememberMeAuthenticationProvider
[Validator] Fixed StaticMethodLoaderTest to actually test something
[Form] Fixed ValidatorTypeGuesser to guess properties without constraints not to be required
Use request format from request in twig ExceptionController
fixed bug
added the possibility to return null from SimplePreAuthenticationListener
[Form] Moved POST_MAX_SIZE validation from FormValidator to request handler
[Form] Add a form error if post_max_size has been reached.
Response::isNotModified returns true when If-Modified-Since is later than Last-Modified
[WebProfilerBundle] turbolinks compatibility
Conflicts:
src/Symfony/Component/Form/Extension/Core/Type/FormType.php
src/Symfony/Component/Form/Extension/Validator/Constraints/FormValidator.php
src/Symfony/Component/Form/Extension/Validator/Util/ServerParams.php
src/Symfony/Component/Security/Core/Tests/Authentication/Provider/RememberMeAuthenticationProviderTest.php
src/Symfony/Component/Validator/Tests/Constraints/AbstractConstraintValidatorTest.php
* 2.3:
[Form] Removed constructor argument from FormTypeHttpFoundationExtension for forward compatibility with 2.5
[Validator] Simplified testing of violations
This PR was merged into the 2.3 branch.
Discussion
----------
[Validator] Simplified testing of violations
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
I simplified the assertion of violations in preparation of a replacement PR for #7276.
Commits
-------
8e5537b [Validator] Simplified testing of violations
* 2.3:
remove obsolete test file
[FrameworkBundle] output failed matched path for clarification
bug #10242 Missing checkPreAuth from RememberMeAuthenticationProvider
[Validator] Fixed StaticMethodLoaderTest to actually test something
[Form] Fixed ValidatorTypeGuesser to guess properties without constraints not to be required
Use request format from request in twig ExceptionController
[Form] Moved POST_MAX_SIZE validation from FormValidator to request handler
[Form] Add a form error if post_max_size has been reached.
Response::isNotModified returns true when If-Modified-Since is later than Last-Modified
[WebProfilerBundle] turbolinks compatibility
Conflicts:
src/Symfony/Component/Form/CHANGELOG.md
src/Symfony/Component/HttpFoundation/Tests/ResponseTest.php
src/Symfony/Component/Security/Core/Tests/Authentication/Provider/RememberMeAuthenticationProviderTest.php
This PR was squashed before being merged into the 2.6-dev branch (closes#11949).
Discussion
----------
[Console] More consistent application description
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | none
| License | MIT
| Doc PR | none
Commits
-------
28edd30 [Console] More consistent application description
This PR was merged into the 2.6-dev branch.
Discussion
----------
New php library structure made easier
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
[This article](https://medium.com/@christophewillemsen/stop-making-bundles-think-bundles-deadd27b88c0) from @ikwattro gives some good ideas on how to ease the creation of a PHP package:
- which is not a bundle usable only on a symfony full stack framework
- without requiring to maintain 2 repos (one for the lib and the other for the bundle)
The only drawback is that Symfony requires the DI extension to be on a given location. So I created a new method Bundle#getContainerExtensionClass than can be easily overwritten if you want to move the Extension class in another directory.
Commits
-------
8eda6b5 New php library structure made easier
This PR was merged into the 2.3 branch.
Discussion
----------
[Validator] Fixed StaticMethodLoaderTest to actually test something
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
This test is not testing anything, except for whether PHP throws a strict standards error when invalid code is loaded.
I disabled error reporting for this test, so that the actual functionality (ignoring static+abstract functions) is tested.
Commits
-------
1b1303a [Validator] Fixed StaticMethodLoaderTest to actually test something
This PR was merged into the 2.6-dev branch.
Discussion
----------
[HttpKernel] Extract method to instantiate controller in ControllerResolver
Replaces #10814 to merge into `master` instead of `2.3`.
---
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
Currently it's required to duplicate the entirety of the `getController()` and `createController()` methods just to replace the call to `new` (e.g. with container resolution, instead).
Now it's possible to just override the `instantiateController()` method.
Commits
-------
88274df [HttpKernel] Extract method to make callable controller in ControllerResolver
This PR was merged into the 2.6-dev branch.
Discussion
----------
[Serializer] PropertyNormalizer: a new normalizer that maps an object's properties to an array
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR | if PR is deemed mergeable, I'll write the docs
This PR adds a new Normalizer for the Serializer component: **`PropertyNormalizer`**.
Currently the only normalizer is `GetSetMethodNormalizer`, which calls getters and setters. This new serializer uses the properties values directly.
This is especially useful if you write a webservice and take/return very simple DTO (Data Transfer Objects) which role is only to act like a "named" `stdClass`. Every property is public (the class doesn't contain any logic), and mapping that to an array is pretty easy.
This normalizer takes into account public, but also *private* and *protected* properties.
FYI I've based most of the code of `GetSetMethodNormalizer`.
Commits
-------
78ceed1 [Serializer] Added PropertyNormalizer, a new normalizer that maps an object's properties to an array
This PR was merged into the 2.3 branch.
Discussion
----------
[Form] Fixed ValidatorTypeGuesser to guess properties without constraints not to be required
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #6645
| License | MIT
| Doc PR | -
Consider the following entity:
```php
class Author
{
/**
* @Assert\NotBlank
*/
private $name;
private $age;
}
```
Right now, the "required" HTML attribute is set for both fields (since the default value of the "required" option is true). IMO this is wrong.
With this fix, the ValidatorTypeGuesser guesses `false` for the "required" option unless a NotNull/NotBlank constraint is present.
Commits
-------
fd77b09 [Form] Fixed ValidatorTypeGuesser to guess properties without constraints not to be required
This PR was merged into the 2.6-dev branch.
Discussion
----------
[Validator] Added "payload" option to all constraints for attaching domain-specific data
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #7273
| License | MIT
| Doc PR | TODO
The "payload" option can be used to pass whatever data should be attached to a constraint for an application:
```php
/**
* Domain-specific error codes
* @NotNull(payload="100")
*/
/**
* Structured domain-specific data
* @NotNull(payload={"display": "inline", "highlight": false})
*/
```
The term "payload" is borrowed from JSR-303.
Commits
-------
e8b7c6d [Validator] Added "payload" option to all constraints for attaching domain-specific data
This PR was merged into the 2.6-dev branch.
Discussion
----------
[DependencyInjection] Add a new Syntax to define factories as callables
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | yes
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
From the original PR #9839:
"This pull requests adds a new syntax to define factories based on the syntax for configurators. This is more flexible than the old syntax (factoryMethod and either of factoryClass or factoryService), as it also allows for functions as factories.
Since the service is now a Reference to a Definition it also allows us to inline factories for a small performance improvement and better encapsulation.
Lastly this prevents a bug where a private factory is simple removed because it's not referenced in the graph.
I did not change any of the existing definitions (there's one use of a factory in FrameworkBundle) or automatically use the new internal representation when parsing YAML or XML definitions because this could introduce subtle B/C issues.
"
Commits
-------
187aeee fixed CS
bd8531d added a new Syntax to define factories as callables.
This PR was merged into the 2.3 branch.
Discussion
----------
[Form] Moved POST_MAX_SIZE validation from FormValidator to request handler
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #11729, #11877
| License | MIT
| Doc PR | -
Commits
-------
759ae1a [Form] Moved POST_MAX_SIZE validation from FormValidator to request handler
4780210 [Form] Add a form error if post_max_size has been reached.
This PR was merged into the 2.6-dev branch.
Discussion
----------
[Form] Renamed the option "empty_value" to "placeholder"
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | yes
| Tests pass? | yes
| Fixed tickets | #5791
| License | MIT
| Doc PR | TODO
This PR is changing the "empty_value" option to the more understandable name "placeholder".
In a subsequent PR, the "placeholder" option should also be added to all types that support the "placeholder" HTML5 attribute.
Commits
-------
2b440f3 [Form] Renamed the option "empty_value" to "placeholder"
This PR was merged into the 2.6-dev branch.
Discussion
----------
VarDumper and DebugBundle
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | none
| License | MIT
| Doc PR | none
From a user land point of view, this PR creates a global `dump()` function that is to be used instead of `var_dump()`. The component can be used standalone in any dev workflow. Please see the [provided README](https://github.com/symfony/symfony/pull/10640/files?short_path=52d526f#diff-52d526f19bc9e3825c80e7694755409c) for details.
When used with the Framework bundle, variables passed to `dump()` are dumped in a new dedicated panel in the web toolbar. The function is also available in twig templates.
Regarding the implementation, I'm pretty sure you'll find a lot to comment. As I'm sure of nothing else, not even the names of things, please do.
I tried to organize this PR in several commits, from the most fundamental algorithm to pure Symfony glue.
I suggest you follow this order while progressing in the review and the discussion around this PR, so that we can together validate commits one after the other.
Don't hesitate to fork the PR and submit PR on it, I'll cherry-pick your patches.
TODO:
- [x] open a doc PR: https://github.com/symfony/symfony-docs/pull/4243
- [x] open a PR on the Standard edition: https://github.com/symfony/symfony-standard/pull/710
- [x] prefix the CSS classes
- [x] tests for the DebugBundle + other Symfony glue classes
- [x] inline css and js for compat with e.g. Silex
- [x] finish and merge nicolas-grekas/Patchwork-Dumper#5 for better UX
- [x] show a dump excerpt on hovering the icon in the toolbar
- [x] verify README and comments
- [x] validate interfaces/names (Caster / Cloner / Dumper)
- [x] validate new VarDumper component + DebugBundle
- [x] validate Resource/ext/ vs independent repos.
- [x] test and define behavior after KernelEvents::RESPONSE
- [x] update dependencies between components/bundles and composer.json files
- [x] no hard dep on iconv
Not for this PR but might be worth later:
- show a light stack trace + timing + memory at debug() calls
- create a "theme" concept for custom colors/UX
Commits
-------
80fd736 [DebugBundle] Enhance some comments
2e167ba [TwigBridge] add Twig dump() function + tests and fixes
0f8d30f [VarDumper] Replace \e with \x1B in CliDumper to support colour in PHP < 5.4
d43ae82 [VarDumper] Add workaround to https://bugs.php.net/65967a8d81e4 [DebugBundle] Inlined assets to avoid installation issues
5f59811 [DebugBundle] Add doc example for Twig usage
e4e00ef [TwigBridge] DumpNode and Token parser
de05cd9 [DebugBundle] enhance dump excerpts
49f13c6 [HttpKernel] add tests for DumpDataCollector
081363c [HttpKernel] tests for DumpListener
0d8a942 [VarDumper] add Stub objects for cutting cleanly and dumping consts
c8746a4 [DebugBundle] add tests for twig and for the bundle
8d5d970 [DebugBundle] adjust after review
eb98c81 [DebugBundle] dump() + better Symfony glue
9dea601 [DebugBundle] global dump() function for daily use
297d373 [VarDumper] README, LICENSE and composer.json
a69e962 [VarDumper] tests for HtmlDumper
5eaa187 [VarDumper] tests for CliDumper
e6dde33 [VarDumper] HTML variant of the CLI dumper
fa81544 [VarDumper] CLI dedicated dumper and related abstract
1d5e3f4 [VarDumper] interface for dumping collected variables
0266072 [VarDumper] casters for DOM objects
c426d8b [VarDumper] casters for Doctrine objects
0a92c08 [VarDumper] casters for PDO related objects
da3e50a [VarDumper] casters for SPL data structures
c91bc83 [VarDumper] casters for exceptions representation
3ddbf4b [VarDumper] add casters for per class/resource custom state extraction
5b7ae28 [VarDumper] symfony_debug ext. fast and memory efficient cloning algo
07135a0 [VarDumper] algo to clone any PHP variable to a breadth-first queue
4bf9300 [Debug] a README for the debug extension
eec5c92 [Debug] Symfony debug extension
This PR was merged into the 2.6-dev branch.
Discussion
----------
[OptionsResolver] Added a light-weight, low-level API for basic option resolving
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #11705
| License | MIT
| Doc PR | symfony/symfony-docs#4159
See [the updated documentation](https://github.com/webmozart/symfony-docs/blob/issue11705/components/options_resolver.rst) for details on the usage of the simple API.
The most important motivation for this change is DX and speed. The basic features of the component should be easily usable in a wide variety of use cases without impacting performance.
For DX reasons, I added the static methods to the `Options` class, which makes the code concise and easy to read and understand:
```php
use Symfony\Component\OptionsResolver\Options;
$options = Options::validateRequired($options, 'format');
$options = Options::validateTypes($options, array(
'format' => array('string', 'int'),
'calendar' => 'int',
));
$options = Options::validateValues($options, array(
'calendar' => array(
\IntlDateFormatter::GREGORIAN,
\IntlDateFormatter::TRADITIONAL,
),
));
$options = Options::resolve($options, array(
'format' => null,
'calendar' => \IntlDateFormatter::GREGORIAN,
));
```
If you need to distribute the option configuration, this PR also extracts the configuration part of the `OptionsResolver` class into a new class `OptionsConfig`, which can be passed around. When the configuration is complete, pass the config object to `Options::resolve()` as second argument:
```php
$config = new OptionsConfig();
$config->setDefaults(array(
'format' => \IntlDateFormatter::MEDIUM,
'calendar' => \IntlDateFormatter::GREGORIAN,
));
$options = Options::resolve($options, $config);
```
Consequently - since `OptionsResolver` extends `OptionsConfig` - the two following statements now become identical:
```php
$options = $resolver->resolve($options);
$options = Options::resolve($options, $resolver);
```
Commits
-------
9066025 [OptionsResolver] Added a light-weight, low-level API for basic option resolving
This PR was squashed before being merged into the 2.6-dev branch (closes#10698).
Discussion
----------
[Security] Added a REMOTE_USER based listener to security firewalls
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | /
| License | MIT
| Doc PR | symfony/symfony-docs#3912
TODO
- [x] submit changes to the documentation
I've seen myself implementing a few times a REMOTE_USER based authentication listener, as a large part of security modules for Apache (Kerberos, CAS, and more) are providing the username via an environment variable.
So I thought this could benefit the whole community if directly included in the framework. It is very similar to the X509AuthenticationListener, and basing the RemoteUserAuthenticationListener on the AbstractPreAuthenticatedListener is relevant and very convenient.
Using the X509AuthenticationListener could be possible, but it is confusing to use it directly when your authentication is not certificate based.
Please let me know if I need to update anything.
Regards
Commits
-------
a2872f2 [Security] Added a REMOTE_USER based listener to security firewalls
This PR was squashed before being merged into the 2.6-dev branch (closes#11183).
Discussion
----------
[Security] add an AbstractVoter implementation
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| License | MIT
| Doc PR | https://github.com/symfony/symfony-docs/pull/4257
The idea is to reduce boilerplate required to create custom Voter, doing most of the work for the developer and guiding him on the path by providing simple requirements via abstract methods that will be called by the AbstractVoter.
P.S. This is meant to be a [DX Initiative](https://github.com/symfony/symfony/issues?labels=DX&state=open) improvement.
Commits
-------
d3bafc6 [Security] add an AbstractVoter implementation
This PR was merged into the 2.6-dev branch.
Discussion
----------
[Form] Add allow_html5 option to date and time FormType to disable HTML5 input type
[Form] added allow_html5 option to date and time FormType to disable HTML5 input type when widget is set to single_text
| Q | A
| --------------------- | ---
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #6927#7123
| License | MIT
| Doc PR |
With this little patch we can have a single text widget without HTML5 date input type which is required when using some javascript date or time picker .
Commits
-------
392d6c7 add allow_html5 option to date and time FormType to disable HTML5 date input when widget is set to single_text
* 2.5:
typo fixed in AbstractProcessTest (getoutput() => getOutput())
Avoid question mark and asterisk in folder names to prevent windows filesystem issues.
[Translation] [Config] Clear libxml errors after parsing XML file
check for the Validator if forms are enabled
Clear json_last_error
Fix JsonSerializable namespace
Catch exceptions to restore the error handler
[HttpFoundation] Silent only JSON errors
* 2.4:
typo fixed in AbstractProcessTest (getoutput() => getOutput())
Avoid question mark and asterisk in folder names to prevent windows filesystem issues.
[Translation] [Config] Clear libxml errors after parsing XML file
* 2.3:
typo fixed in AbstractProcessTest (getoutput() => getOutput())
Avoid question mark and asterisk in folder names to prevent windows filesystem issues.
[Translation] [Config] Clear libxml errors after parsing XML file
Conflicts:
src/Symfony/Component/Config/Util/XmlUtils.php
This PR was merged into the 2.3 branch.
Discussion
----------
[Finder][Urgent] Remove asterisk and question mark from folder name in test to prevent windows file system issues.
Bugfix: Yes
Fixed tickets: #11984 , #11985
Related tickets: #11970
Commit #11970 prevented Symphony from being checked out via windows due to invalid characters in a folder name within the tests.
The issue was reported in #11984 and was attempted to be fixed in #11985 but wasn't due to still including the question mark.
Please accept this ASAP as it entirely breaks any composer that relies on it.
Commits
-------
5fbb278 Avoid question mark and asterisk in folder names to prevent windows filesystem issues.
This PR was merged into the 2.3 branch.
Discussion
----------
[Translation] [Config] Clear libxml errors after parsing xliff file
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
If libxml_use_internal_errors is set to `true` before parsing xliff file, the libxml errors are not cleared correctly. An error `Validation failed: no DTD found !` occurs in libxml errors after parsing and it's available outside the xliff parser (can break other functionality that use `libxml_get_errors` function).
Commits
-------
fab61ef [Translation] [Config] Clear libxml errors after parsing XML file
A previous commit introduced a folder with a question mark and an asterisk which are invalid NTFS folder name characters and prevented checkout on those systems.
This PR was merged into the 2.6-dev branch.
Discussion
----------
[Filesystem] Check number of bytes copied.
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #10838
| License | MIT
| Doc PR | n/a
This only test local files (because of `filesize`), wonder if we should include the remote files using `get_headers` in order to get the Content-length for example. However, it will perform an additional request...
Here's a little benchmark for 500 copy from a remote origin file :
- Standard without check -> Time: 47.34 seconds, Memory: 3.75Mb
- Check with `get_headers` ->Time: 1.32 minutes, Memory: 3.75Mb
Commits
-------
81eca38 [Filesystem] Check number of bytes copied.
This PR was merged into the 2.6-dev branch.
Discussion
----------
[DependencyInjection] Added exception to avoid fatal during compile in a frozen dumped container
Q | A
------------- | ------------- | -----
Bug fix? | yes
New feature? | no
BC breaks? | no
Deprecations? | no
Tests pass? | yes
Fixed tickets | #10428
License | MIT
Doc PR | N/A
Commits
-------
2356eaa [DependencyInjection] Added exception to avoid fatal during compile in a frozen dumped container
* 2.5:
[2.3] Add missing development dependencies
Fix @return docs on HttpCache::restoreResponseBody()
[Finder] Escape location for regex searches
Make sure HttpCache is a trusted proxy
Conflicts:
src/Symfony/Component/Form/composer.json
* 2.4:
[2.3] Add missing development dependencies
Fix @return docs on HttpCache::restoreResponseBody()
[Finder] Escape location for regex searches
Make sure HttpCache is a trusted proxy
* 2.3:
[2.3] Add missing development dependencies
Fix @return docs on HttpCache::restoreResponseBody()
[Finder] Escape location for regex searches
Make sure HttpCache is a trusted proxy
Conflicts:
src/Symfony/Bridge/Doctrine/composer.json
src/Symfony/Bundle/FrameworkBundle/composer.json
src/Symfony/Bundle/SecurityBundle/composer.json
src/Symfony/Component/Form/composer.json
This PR was squashed before being merged into the 2.3 branch (closes#11340).
Discussion
----------
[2.3] Add missing development dependencies
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
I've also added a run of the test suite in every component scope.
Commits
-------
3b02af9 [2.3] Add missing development dependencies
This PR was squashed before being merged into the 2.6-dev branch (closes#11312).
Discussion
----------
Make assets:install smarter with symlinks
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | -
| Fixed tickets | #11297
| License | MIT
| Doc PR | -
Commits
-------
6537333 Make assets:install smarter with symlinks
This PR was merged into the 2.6-dev branch.
Discussion
----------
[Console] add overwrite flag to ProgressBar helper to allow non-decorated output
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | yes
| BC breaks? | yes, but not critical
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #11542, #10011
| License | MIT
| Doc PR | symfony/symfony-docs#4206
By default, the `ProgressBar` helper overwrites the output to give the nice progress bar look. To prevent the output from blowing up in non-decorated environments, the output was hidden in these environments (see #9846).
This PR enables using the `ProgressBar` in non-decorated environments by adding an `overwrite` flag. When `false`, instead of overwriting the bar, it is rendered on a new line. To prevent flooding the output, you can adjust the `redrawFrequency`.
By default, when using the `ProgressBar` in a non-decorated environment, the `overwrite` flag is set to false. If a `max` is set, the `redrawFrequency` is set to a sensible default (10% of the max). If a `max` isn't set, the bar is output for every advance so to prevent flooding, a sensible `redrawFrequency` should be manually set.
The only BC break is that output will now display where it didn't before.
Commits
-------
cdee6f6 add overwrite flag to allow non-decorated output
This PR was merged into the 2.3 branch.
Discussion
----------
[HttpKernel] Make sure HttpCache is a trusted proxy
| Q | A
| ------------- | ---
| Bug fix? | yes (of sorts)
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #9292
| License | MIT
| Doc PR | https://github.com/symfony/symfony-docs/pull/4239Fixes#9292 by adding `127.0.0.1` as a trusted proxy when using `HttpCache` (assuming it hasn't been already).
Commits
-------
ca65362 Make sure HttpCache is a trusted proxy
This PR was squashed before being merged into the 2.3 branch (closes#11970).
Discussion
----------
[Finder] Escape location for regex searches
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
If the location to start searching in contains a regex special char
like + or ? and the path restriction is a regular expresion with a start
limitation. No results will be found wtih at least GnuFindAdapter - e.g.:
```
use Symfony\Component\Finder\Finder;
use Symfony\Component\Finder\Adapter;
mkdir('/tmp/reg+ex/dir/subdir', 0777, true);
$finder = Finder::create()
->removeAdapters()
->addAdapter(new Adapter\GnuFindAdapter());
$finder->in('/tmp/reg+ex')->path('/^dir/');
print count($finder)."\n";
```
Expected result: 2
Actual result is: 0
This pull request consists of:
* a new test checking for this bug (0e81086a49425d0e12cff4f479fabeb97e9ed757)
* the actual fix (6595b6b2b71afc57ef08686b4584713c0e4e48ed)
* changes to comply with the coding standard (7f199c5b53b3c1f38b36dcc286d3b20ae877425b)
## How to reproduce
### Fastest way
1. Move or copy your local symfony clone into a location containing special regex chars:
* `mv symfony symfony+regex`
2. Run tests in there
* `cd symfony+regex && phpunit`
> Result: Some tests in the finder component will fail.
### Alternative: A new clone
1. Clone symfony in a directory containing at least one regex special char
* `git clone https://github.com/symfony/symfony.git /tmp/symfony+regexchar`
2. As usual get composer, install dependencies and get phpunit
* You might simply want to follow [this guide](http://symfony.com/doc/current/contributing/code/tests.html)
3. Run tests in there
* `cd /tmp/symfony+regexchar && phpunit`
> Result: Some tests in the finder component will fail.
### Alternative: Apply the new test
1. Apply commit a29d1207ced2949c918357cf271200523960caef to your symfony clone
2. Run tests
> Result: The new test will fail.
Commits
-------
b63926b [Finder] Escape location for regex searches
This PR was merged into the 2.3 branch.
Discussion
----------
[HttpFoundation] fixed some volatile tests
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | see #11588
| License | MIT
| Doc PR | n/a
Commits
-------
00c1b75 [Process] fixed some volatile tests
974bf01 [HttpKernel] fixed a volatile test
6020c43 [HttpFoundation] fixed some volatile tests
* 2.5:
[Debug] Restoring error handler before assertions
Unit test fixes
Fixed merge conflict in .travis.yml introduced in 687703a75e
Conflicts:
src/Symfony/Component/Debug/Tests/ErrorHandlerTest.php
* 2.5: (43 commits)
[Form] Fix PHPDoc for builder setData methods The underlying data variable is typed as mixed whereas the methods paramers where typed as array.
fixed CS
[Intl] Improved bundle reader implementations
[Console] guarded against invalid aliases
switch before_script to before_install and script to install
fixed typo
[HttpFoundation] Request - URI - comment improvements
[Validator] The ratio of the ImageValidator is rounded to two decimals now
[Security] Added more tests
remove `service` parameter type from XSD
[Intl] Added exception handler to command line scripts
[Intl] Fixed a few bugs in TextBundleWriter
[Intl] Updated icu.ini up to ICU 53
[Intl] Removed non-working $fallback argument from ArrayAccessibleResourceBundle
Use separated function to resolve command and related arguments
[SwiftmailerBridge] Bump allowed versions of swiftmailer
[FrameworkBundle] Remove invalid markup
[Intl] Added "internal" tag to all classes under Symfony\Component\Intl\ResourceBundle
Remove routes for removed WebProfiler actions
[Security] Fix usage of unexistent method in DoctrineAclCache.
...
Conflicts:
src/Symfony/Bundle/FrameworkBundle/Command/ServerRunCommand.php
src/Symfony/Component/HttpKernel/HttpCache/Esi.php
src/Symfony/Component/HttpKernel/Kernel.php
src/Symfony/Component/Translation/Tests/Dumper/XliffFileDumperTest.php
src/Symfony/Component/Yaml/Parser.php
src/Symfony/Component/Yaml/Tests/InlineTest.php
* 2.4: (39 commits)
[Form] Fix PHPDoc for builder setData methods The underlying data variable is typed as mixed whereas the methods paramers where typed as array.
fixed CS
[Intl] Improved bundle reader implementations
[Console] guarded against invalid aliases
switch before_script to before_install and script to install
fixed typo
[HttpFoundation] Request - URI - comment improvements
[Validator] The ratio of the ImageValidator is rounded to two decimals now
[Security] Added more tests
remove `service` parameter type from XSD
[Intl] Added exception handler to command line scripts
[Intl] Fixed a few bugs in TextBundleWriter
[Intl] Updated icu.ini up to ICU 53
[Intl] Removed non-working $fallback argument from ArrayAccessibleResourceBundle
Use separated function to resolve command and related arguments
[SwiftmailerBridge] Bump allowed versions of swiftmailer
[FrameworkBundle] Remove invalid markup
[Intl] Added "internal" tag to all classes under Symfony\Component\Intl\ResourceBundle
Remove routes for removed WebProfiler actions
[Security] Fix usage of unexistent method in DoctrineAclCache.
...
Conflicts:
.travis.yml
src/Symfony/Bundle/FrameworkBundle/Command/ServerRunCommand.php
src/Symfony/Component/HttpKernel/Kernel.php
src/Symfony/Component/Process/PhpExecutableFinder.php
* 2.3: (35 commits)
[Form] Fix PHPDoc for builder setData methods The underlying data variable is typed as mixed whereas the methods paramers where typed as array.
fixed CS
[Intl] Improved bundle reader implementations
[Console] guarded against invalid aliases
switch before_script to before_install and script to install
fixed typo
[HttpFoundation] Request - URI - comment improvements
[Security] Added more tests
remove `service` parameter type from XSD
[Intl] Added exception handler to command line scripts
[Intl] Fixed a few bugs in TextBundleWriter
[Intl] Updated icu.ini up to ICU 53
[Intl] Removed non-working $fallback argument from ArrayAccessibleResourceBundle
Use separated function to resolve command and related arguments
[SwiftmailerBridge] Bump allowed versions of swiftmailer
[FrameworkBundle] Remove invalid markup
[Intl] Added "internal" tag to all classes under Symfony\Component\Intl\ResourceBundle
Remove routes for removed WebProfiler actions
[Security] Fix usage of unexistent method in DoctrineAclCache.
backport more error information from 2.6 to 2.3
...
Conflicts:
.travis.yml
src/Symfony/Component/DependencyInjection/Loader/YamlFileLoader.php
src/Symfony/Component/DependencyInjection/Tests/Loader/XmlFileLoaderTest.php
src/Symfony/Component/HttpKernel/Kernel.php
src/Symfony/Component/Process/PhpExecutableFinder.php
This PR was merged into the 2.3 branch.
Discussion
----------
[Security] Uniform AccessDecisionManager decide behaviour
| Q | A
| --------------------|---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #10170
| License | MIT
| Doc PR | none
This PR uniforms the way the 3 decision policies (affirmative, consensus, unanimous) are handled in the Security\Core\Authoritzation\AccessDecisionManager.php
See #10170
Commits
-------
938ae4b [Security] Added more tests
This PR was merged into the 2.3 branch.
Discussion
----------
[Translation] made XliffFileDumper support CDATA sections.
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | maybe
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #11256
| License | MIT
Commits
-------
9926845 [Translation] made XliffFileDumper support CDATA sections.
This PR was merged into the 2.3 branch.
Discussion
----------
[Intl] Improved bundle reader implementations
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
This PR extracts bundle reader improvements from #9206.
The code is internal and used for resource bundle generation only, so I did not care about BC too much.
Commits
-------
c3cce5c [Intl] Improved bundle reader implementations
This PR was merged into the 2.3 branch.
Discussion
----------
[YAML] fix handling of empty sequence items
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #11798
| License | MIT
| Doc PR |
When a line contains only a dash it cannot safely be assumed that it contains a nested list or an embedded mapping. If the next line starts with a dash at the same indentation, the current line's item is to be treated as `null`.
Commits
-------
fc85435 fix handling of empty sequence items
This PR was merged into the 2.3 branch.
Discussion
----------
[Intl] Fixed a few bugs in TextBundleWriter
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
See the included test cases for more information. This code was extracted from #9206.
Commits
-------
7b4a35a [Intl] Fixed a few bugs in TextBundleWriter
This PR was merged into the 2.3 branch.
Discussion
----------
[Form][Validator] All index items after children are to be considered grand-children when resolving ViolationPath
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | unsure, see note below
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #11458
| License | MIT
| Doc PR | -
#### Possible BC Break
The old behavior had unit test cases specifically testing the case of a grand-children form. However, this behavior is not documented anywhere and the fix seems to have no adverse effects on form validation. `Symfony\Component\Form\FormInterface` implements `ArrayAccess`, therefore, semantically speaking, `children[direct_child].children[grand_children]` and `children[direct_child][grand_children]` are equivalent. `offsetGet` is expected to fetch an element from `children`. I do not see why both were not considered equivalent when resolving the ViolationPath.
This commit will indeed change how some errors are mapped. However since the old mapping is (in my opinion) a bug...
Commits
-------
c64a75f [Form][Validator] All index items after children are to be considered grand-children when resolving ViolationPath (fixes#11458)
This PR was merged into the 2.3 branch.
Discussion
----------
[Form] FormBuilder::getIterator() now deals with resolved children
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
I think FormBuilder::getIterator() should resolve children before makes an iterator because it seems to be used in same purpose with FormBuilder::all().
What do you think?
Commits
-------
0deb505 [Form] FormBuilder::getIterator() now deals with resolved children
This PR was squashed before being merged into the 2.6-dev branch (closes#11917).
Discussion
----------
[Validator] Add ClassMetadata plural methods for convinience
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #4143
| License | MIT
| Doc PR | -
I realised there's no specific place to document this methods, as the code examples always include all the formats. I think it's enough if IDE autocompletes these methods.
Commits
-------
0fd6769 [Validator] Add ClassMetadata plural methods for convinience
This PR was merged into the 2.3 branch.
Discussion
----------
[DependencyInjection] remove `service` parameter type from XSD
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR | symfony/symfony-docs#4222
Referencing a service in a parameter doesn't work and will lead to an error when the configuration is loaded (see symfony/symfony-docs#4211).
Commits
-------
7333c2d remove `service` parameter type from XSD
This PR was merged into the 2.3 branch.
Discussion
----------
[Intl] Updated icu.ini up to ICU 53
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
Extracted from #9206.
Commits
-------
260e2fe [Intl] Updated icu.ini up to ICU 53
This PR was merged into the 2.3 branch.
Discussion
----------
[Intl] Removed non-working $fallback argument from ArrayAccessibleResourceBundle
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
The code in question didn't actually work. This was extracted from #9206.
Commits
-------
5feda5e [Intl] Removed non-working $fallback argument from ArrayAccessibleResourceBundle
This PR was merged into the 2.3 branch.
Discussion
----------
[Security] Use hash_equals for constant-time string comparison (again)
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
Use the `hash_equals` function (introduced in PHP 5.6) for timing attack safe string comparison when available.
Add in the DocBlock that length will leak (https://github.com/symfony/symfony/pull/11797#issuecomment-53990712).
Commits
-------
3071557 [Security] Add more tests for StringUtils::equals
03bd74b [Security] Use hash_equals for constant-time string comparison
This PR was merged into the 2.3 branch.
Discussion
----------
[DI] Added safeguards against invalid config in the YamlFileLoader
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #11333
| License | MIT
| Doc PR | n/a
Exceptions explaining the mistake are better than fatal errors or weird notices appearing when trying to deal with such invalid data.
The XML file loader is not affected by this because the data are validated with the XSD before being processed
Commits
-------
5183501 [DI] Added safeguards against invalid config in the YamlFileLoader
We didn't have this tag yet when this component was first written. The code in that
namespace is only used for resource bundle generation and was never meant for public
use.
Fixed phpdoc
Aligned variables and description
Removed enableCache and added cache setup in constructor
Added tests for locales with . and @ with caching
This PR was merged into the 2.5 branch.
Discussion
----------
[Process] add missing exceptions to docblock
| Q | A
| ------------- | ---
| Fixed tickets |
| License | MIT
Commits
-------
1be80c6 add missing exceptions to docblock
This PR was merged into the 2.6-dev branch.
Discussion
----------
[HttpKernel] Escape SSI virtual in generated response
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR | NA
If a template with an `<!--#inlude -->` tag is configured with an "virtual" containing a `'` ; the HttpCache will generate invalide php code.
See #11845 for the same issue on `<esi>` tags
Commits
-------
b50a434 Fix CS
1862427 Escape SSI virtual in generated response
This PR was merged into the 2.3 branch.
Discussion
----------
[HttpKernel] Escape ESI url in generated response
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR | NA
If a template with an `<esi>` tag is configured with an URL containing a `'` (in `src` or `alt`) ; the HttpCache will generate invalide php code.
It's not a security issue, given the template and the `<esi>` tag is written by the developper, but, as the character quote is allowed in URL (https://tools.ietf.org/html/rfc3986) it coud be a potential bug.
Commits
-------
b044c45 Escape parameter on generated response
This PR was merged into the 2.3 branch.
Discussion
----------
[Yaml] improve error message when detecting unquoted asterisks
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #11835
| License | MIT
| Doc PR |
Asterisks in unquoted strings are used in YAML to reference variables. Before Symfony 2.3.19, Symfony 2.4.9 and Symfony 2.5.4, unquoted asterisks in inlined YAML code were treated as regular strings. This was fixed for the inline parser in #11677. However, an unquoted * character now led to an error message like this:
```
PHP Warning: array_key_exists(): The first argument should be either a string or an integer in vendor/symfony/symfony/src/Symfony/Component/Yaml/Inline.php on line 409
[Symfony\Component\Yaml\Exception\ParseException]
Reference "" does not exist at line 171 (near "- { foo: * }").
```
Commits
-------
854e07b improve error when detecting unquoted asterisks
Asterisks in unquoted strings are used in YAML to reference
variables. Before Symfony 2.3.19, Symfony 2.4.9 and Symfony 2.5.4,
unquoted asterisks in inlined YAML code were treated as regular
strings. This was fixed for the inline parser in #11677. However, an
unquoted * character now led to an error message like this:
```
PHP Warning: array_key_exists(): The first argument should be either a string or an integer in vendor/symfony/symfony/src/Symfony/Component/Yaml/Inline.php on line 409
[Symfony\Component\Yaml\Exception\ParseException]
Reference "" does not exist at line 171 (near "- { foo: * }").
```
