This PR was squashed before being merged into the 3.4 branch (closes#22132).
Discussion
----------
[Lock] Automaticaly release lock when user forget it
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
The objective of this PR is to automatically release the Lock when the user forget to call the `release` method (like the `fclose` function does in, php core).
The implementation is comparable to #22115 but the purpose is not the same.
I create a new PR to not mix things.
Commits
-------
2eedc1fd37 [Lock] Automaticaly release lock when user forget it
This PR was squashed before being merged into the 2.7 branch (closes#22586).
Discussion
----------
[Form] Fixed PercentToLocalizedStringTransformer to accept both comma and dot as decimal separator, if possible
| Q | A
| ------------- | ---
| Branch? | 2.7 <!-- see comment below -->
| Bug fix? | yes-ish
| New feature? | no <!-- don't forget updating src/**/CHANGELOG.md files -->
| BC breaks? | no
| Deprecations? | no <!-- don't forget updating UPGRADE-*.md files -->
| Tests pass? | yes
| Fixed tickets | <!-- #-prefixed issue number(s), if any -->
| License | MIT
<!--
- Bug fixes must be submitted against the lowest branch where they apply
(lowest branches are regularly merged to upper ones so they get the fixes too).
- Features and deprecations must be submitted against the master branch.
- Please fill in this template according to the PR you're about to submit.
- Replace this comment by a description of what your PR is solving.
-->
Implements the same behaviour that `NumberToLocalizedStringTransformer` in order to accept both comma and dot implemented in #5941
Commits
-------
f96a7f81b8 [Form] Fixed PercentToLocalizedStringTransformer to accept both comma and dot as decimal separator, if possible
This PR was merged into the 3.4 branch.
Discussion
----------
Bootstrap4 support for Twig form theme
**This PR is a followup from #19648. That PR was closed because GitHub thought my branch contained no commits after a force push...**
| Q | A |
| --- | --- |
| Branch? | master |
| Bug fix? | no |
| New feature? | yes |
| BC breaks? | no |
| Deprecations? | no |
| Tests pass? | yes |
| Fixed tickets | #16289 |
| License | MIT |
| Doc PR | - |
I have made a port of the Twig form theming code for Bootstrap 3 to the α-5 version of Bootstrap 4.
- The (inheritance) structure of the form theming files has changed because a number of blocks are the same between BS 3 and 4. They have been migrated to `bootstrap_base_layout.html.twig`.
The new tree is as follows:
```
bootstrap_base_layout.html.twig
|-- bootstrap_3_layout.html.twig
| `-- bootstrap_3_horizontal_layout.html.twig
`-- bootstrap_4_layout.html.twig
`-- bootstrap_4_horizontal_layout.html.twig
```
- Any occurances of `.form-horizontal` have been removed from the BS 4 code.
- Checkboxes and radio buttons have been stacked using the `.form-check`, `.form-check-label` and `.form-check-input` classes. There is now no distinction between checkboxes and radio buttons in the markdown.
- All layout tests have been added and updated for BS4. The inheritance tree is as follows:
```
AbstractLayoutTest
`-- AbstractBootstrap3LayoutTest
|-- AbstractBootstrap3HorizontalLayoutTest
`-- AbstractBootstrap4LayoutTest
`-- AbstractBootstrap4HorizontalLayoutTest
```
All tests pass. The classes `FormExtensionBootstrap4LayoutTest` and `FormExtensionBootstrap4HorizontalLayoutTest` have been created similarly to the BS 3 versions.
- ~~The label coloring on an validation is not correct. I've made an issue (twbs/bootstrap#20535) of the problem.~~
- No [custom form elements](http://v4-alpha.getbootstrap.com/components/forms/#custom-forms) have been used.
- A docs PR can be created if this PR is accepted.
- The new code might have to be updated if large changes occur in the BS 4 α.
Screenshot of BS3 and 4 comparison for the same form:
![1](https://cloud.githubusercontent.com/assets/1073881/17732594/dfcb50d6-6472-11e6-8e96-c46987809322.PNG)
Commits
-------
f12e5887ff Removed unneeded wrapping quotes around a Twig key
709f134dc8 Removed unneeded wrapping quotes around a Twig key
4222d54a53 Initial commit for Bootstrap 4 form theme, based on Bootstrap 3 form theme
This PR was merged into the 2.7 branch.
Discussion
----------
[Intl] Fixed support of Locale::getFallback
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #24154
| License | MIT
| Doc PR |
Commits
-------
256055218e [Intl] Fixed support of Locale::getFallback
This PR was merged into the 2.7 branch.
Discussion
----------
[HttpFoundation] Fix file upload multiple with no files
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
```php
<form method="post" enctype="multipart/form-data">
<input type="file" multiple name="img[]">
<input type="submit">
</form>
<?php
$loader = require __DIR__ . '/../app/autoload.php';
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
$request = \Symfony\Component\HttpFoundation\Request::createFromGlobals();
var_export($request->files->all()['img']);
}
```
Expected result when I send the form without any files:
```
array ()
```
Actual result:
```
array ( 0 => NULL, )
```
This causes a problem later when using FileType with multiple option - if no files are sent the form data are `[0 => '']` instead of `[]`.
Of course I need to add a test for this.
Commits
-------
d4f6039dcd [HttpFoundation] Fix file upload multiple with no files
This PR was squashed before being merged into the 3.4 branch (closes#24374).
Discussion
----------
[HttpFoundation] Return instance in StreamedResponse
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| License | MIT
<!--
- Bug fixes must be submitted against the lowest branch where they apply
(lowest branches are regularly merged to upper ones so they get the fixes too).
- Features and deprecations must be submitted against the 3.4,
legacy code removals go to the master branch.
- Please fill in this template according to the PR you're about to submit.
- Replace this comment by a description of what your PR is solving.
-->
Commits
-------
2080582a75 [HttpFoundation] Return instance in StreamedResponse
* 3.4:
[FrameworkBundle] Register a NullLogger from test kernels
[SecurityBundle] Deprecate auto picking the first provider
[Security] Add user impersonation support for stateless authentication
This PR was squashed before being merged into the 3.4 branch (closes#24300).
Discussion
----------
[HttpKernel][FrameworkBundle] Add a minimalist default PSR-3 logger
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | yes <!-- don't forget updating src/**/CHANGELOG.md files -->
| BC breaks? | no
| Deprecations? | no <!-- don't forget updating UPGRADE-*.md files -->
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
This PR provides a minimalist PSR-3 logger that is always available when FrameworkBundle is installed.
By default, it writes errors on `stderr`, regular logs on `stdout` and discards debug data (this is configurable).
This approach has several benefits:
- It's what expect from an app logging systems of major containerization and orchestration tools including [Docker](https://docs.docker.com/engine/admin/logging/view_container_logs/) and [Kubernetes](https://kubernetes.io/docs/concepts/cluster-administration/logging/), as well as most cloud providers such as [Heroku](https://devcenter.heroku.com/articles/logging#writing-to-your-log) and [Google Container Engine](https://kubernetes.io/docs/tasks/debug-application-cluster/logging-stackdriver/). If the app follows this standard (and it's not currently the case with Symfony by default) logs will be automatically collected, aggregated and stored.
- It's in sync with the "back to Unix roots" philosophy of Flex
- Logs are directly displayed in the console when running the integrated PHP web server (`bin/console server:start` or Flex's `make serve`), Create React App also do that for instance.
- It fixes a common problem when installing Flex recipes: many bundles expect a logger service but currently there is none available by default, and you usually get a `"logger" service not found error` (because packages depend of the PSR, but the PSR doesn't provide a logger service).
Commits
-------
9a06513ec7 [HttpKernel][FrameworkBundle] Add a minimalist default PSR-3 logger
This PR was merged into the 2.7 branch.
Discussion
----------
[Form] Fix precision of MoneyToLocalizedStringTransformer's divisions and multiplications
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | no
| License | MIT
There is a [PHP Bug](https://bugs.php.net/bug.php?id=75004) with the accuracy of divisions and multiplications when `/=` and `*=` are used.
Here is the proof: https://3v4l.org/u1DkX
It would be better to use `bcmul()` and `bcdiv()` in the `MoneyToLocalizedStringTransformer.php` to prevent this bug.
Commits
-------
ab47c7878e Added improvement for accuracy in MoneyToLocalizedStringTransformer.
* 3.4:
Argon2i Password Encoder
[DI] EnvVarProcessorInterface: fix missing use
[FrameworkBundle] Use PhpExtractor from Translation
[DowCrawler] Default to UTF-8 when possible
This PR was merged into the 3.4 branch.
Discussion
----------
[Security] Argon2i Password Encoder
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR | WIP
Since the [libsodium RFC](https://wiki.php.net/rfc/libsodium) passed with flying colours, I'd like to kick start a discussion about adding Argon2i as a password encoder to the security component. The initial code proposal in this PR supports both the upcoming public API confirmed for PHP 7.2, and the [libsodium PECL extension](https://pecl.php.net/package/libsodium) for those below 7.2 (available for PHP 5.4+).
#### Concerns
- Should the test cover hash length? At the moment the result of Argon2i is 96 characters, but because the hashing parameters are included in the result (`$argon2i$v=19$m=32768,t=4,p=1$...`) this is not guaranteed.
- I've used one password encoder class because the result *should* be the same whether running natively in 7.2 or from the PECL extension, but should the logic be split out into separate private methods (like `Argon2iPasswordEncoder::encodePassword()`) or not (like in `Argon2iPasswordEncoder::isPasswordValid()`)? Since I can't really find anything concrete on Symfony choosing one way over another I'm assuming it's down to personal preference?
#### The Future
Whilst the libsodium RFC has been approved and the public API confirmed, there has been no confirmation of Argon2i becoming an official algorithm for `passhword_hash()`. If that is confirmed, then the implementation should *absolutely* use the native `password_*` functions since the `sodium_*` functions do not have an equivalent to the `password_needs_rehash()` function.
Any feedback would be greatly appreciated 😃
Commits
-------
be093dd79a Argon2i Password Encoder
This PR was merged into the 3.4 branch.
Discussion
----------
[DowCrawler] Default to UTF-8 when possible
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #17258
| License | MIT
| Doc PR | -
This can't be ambiguous, let's use UTF-8 when possible.
Commits
-------
73eda66b99 [DowCrawler] Default to UTF-8 when possible
Add the Argon2i hashing algorithm provided by libsodium as a core encoder in the Security component, and enable it in the SecurityBundle.
Credit to @chalasr for help with unit tests.
* 3.4:
Fix conflicts between Bridge/PhpUnit and Debug fixtures
[DI] Fix typehint
[PhpUnitBridge] Make CoverageListenerTest more robust when xdebug is not available
This PR was merged into the 3.3 branch.
Discussion
----------
[DependencyInjection] include file and line number in deprecation
| Q | A
| ------------- | ---
| Branch? | 3.3
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
In #23108 we removed line numbers from deprecation messages created by the YAML parser because those numbers were quite useless without the file being parsed. I suggest to revert this change and add the file being parsed to the deprecation message.
Commits
-------
cf03552 include file and line number in deprecation
* 3.4:
Moved PhpExtractor and PhpStringTokenParser to Translation component
[Asset] Provide default context
[HttpKernel] Deprecate some compiler passes in favor of tagged iterator args
Add exclusive Twig namespace for bundles path
Share connection factories between cache and lock
This PR was merged into the 3.4 branch.
Discussion
----------
[HttpKernel] Deprecate some compiler passes in favor of tagged iterator args
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | yes
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
More code that we can drop :)
Commits
-------
fa62e5068e [HttpKernel] Deprecate some compiler passes in favor of tagged iterator args
This PR was merged into the 3.4 branch.
Discussion
----------
[Lock] Use cache connection factories in lock
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | no (feature removal)
| BC breaks? | no (if merged in 3.4)
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
An alternative to https://github.com/symfony/symfony/pull/24267 to share code between cache and lock.
Commits
-------
95358ac98f Share connection factories between cache and lock
This PR was squashed before being merged into the 3.4 branch (closes#21027).
Discussion
----------
[Asset] Provide default context
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #19396
| License | MIT
| Doc PR | should be noted somewhere, ill create an issue
Allows configuring the default asset context to make things works on CLI for example. Same approach as the routing component.
Introduces
```yaml
# parameters.yml
asset.request_context.base_path: '/base/path'
asset.request_context.secure: false
```
Commits
-------
9137d57ecd [Asset] Provide default context
This PR was merged into the 3.4 branch.
Discussion
----------
[DI] Reference tagged services in config
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #12269
| License | MIT
| Doc PR | https://github.com/symfony/symfony-docs/issues/8404
This is a proof of concept to reference a sequence of tagged services.
The problem bugs me for some time, and at first i thought the solution was to have some super generic compiler pass. If it could replace a lot of compilers in core.. perhaps worth it, but eventually each tag comes with it's own logic, including how to deal with tag attributes.
However, writing the passes over and over again becomes tedious for the most basic usecase. So given the recent developments, this idea came to mind.
```yml
services:
a:
class: stdClass
properties: { a: true }
tags: [foo]
b:
class: stdClass
properties: { b: true }
tags: [foo]
c:
class: stdClass
properties:
#stds: !tagged_services foo (see #22198)
stds: !tagged_services
foo
```
```
dump(iterator_to_array($this->get('c')->stds));
```
```
array:2 [▼
0 => {#5052 ▼
+"a": true
}
1 => {#4667 ▼
+"b": true
}
]
```
Given the _basic_ example at https://symfony.com/doc/current/service_container/tags.html, this could replace that.
Any thoughts?
Commits
-------
979e58f [DI] Reference tagged services in config
This PR was squashed before being merged into the 3.4 branch (closes#24337).
Discussion
----------
Adding a shortcuts for the main security functionality
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | none
| License | MIT
| Doc PR | Big ol' TODO
I'd like one class that I can inject (especially with autowiring) to get access to the User and `isGranted()` methods. This is *really* important... because to get the User currently, you need to type-hint `TokenStorageInterface`... and there are *two*! That's really bad DX!
Questions:
A) I hi-jacked the existing `Security` class... I wanted a simple class called Security
B) I called the service `security.helper`... for lack of a better id.
C) I did not make `Security` implement the 2 other interfaces (`TokenStorageInterface`, `AuthorizationCheckerInterface`... but I suppose we could?)
Cheers!
Commits
-------
0851189 Adding a shortcuts for the main security functionality
This PR was merged into the 3.4 branch.
Discussion
----------
[Yaml] include file and line no in deprecation message
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
Now that we know the filename being parsed we can improve deprecation messages which is especially useful when trying to find the DI config file that triggers a particular deprecation.
Commits
-------
f618e43234 include file and line no in deprecation message
This PR was merged into the 2.7 branch.
Discussion
----------
[Validator] minor translation text fix
Update validators.cs.xlf - Fix czech translation for "This field was not expected"
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | n/a
| Fixed tickets | none
| License | none
| Doc PR | none
This commit fixes grammatical issue for czech translation only.
Commits
-------
fbe7148000 Fix translation for "This field was not expected"
* 3.4:
[DI] Fix missing use + minor tweaks
[Routing] Enhance PHP DSL traits docblocks
Fix AclSchemaListener deprecation
Set a NullLogger in ApcuAdapter when Apcu is disabled in CLI
Minor reword
[HttpKernel] Make array vs "::" controller definitions consistent
Fix tests
[TwigBundle] Remove profiler related scripting
[TwigBundle][WebProfilerBundle] Switch to DOMContentLoaded event
[WebProfilerBundle] Hide inactive tabs from CSS
[TwigBundle] Make deprecations scream in logs
[TwigBundle] Hide logs if unavailable, i.e. webprofiler
[TwigBundle] Break long lines in exceptions
[WebProfilerBundle] Added missing link to profile token
[DI] Fix decorated service merge in ResolveInstanceofConditionalsPass
Preserve URI fragment in HttpUtils::generateUri()
[PhpUnitBridge] do not require an error context
* 3.3:
Set a NullLogger in ApcuAdapter when Apcu is disabled in CLI
Minor reword
[HttpKernel] Make array vs "::" controller definitions consistent
Fix tests
[TwigBundle] Remove profiler related scripting
[TwigBundle][WebProfilerBundle] Switch to DOMContentLoaded event
[WebProfilerBundle] Hide inactive tabs from CSS
[TwigBundle] Make deprecations scream in logs
[TwigBundle] Hide logs if unavailable, i.e. webprofiler
[TwigBundle] Break long lines in exceptions
[WebProfilerBundle] Added missing link to profile token
[DI] Fix decorated service merge in ResolveInstanceofConditionalsPass
Preserve URI fragment in HttpUtils::generateUri()
[PhpUnitBridge] do not require an error context
This PR was squashed before being merged into the 2.7 branch (closes#24243).
Discussion
----------
HttpCache does not consider ESI resources in HEAD requests
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
Due to this shortcut:
3b42d8859e/src/Symfony/Component/HttpKernel/HttpCache/HttpCache.php (L634-L642)
... the `HttpCache` never looks at the response body for `HEAD` requests. This makes it completely miss ESI-related tweaks like computing the correct TTL, removing validation headers or updating the `Content-Length`.
From RFC2616 (https://www.w3.org/Protocols/rfc2616/rfc2616-sec9.html#sec9.4):
> The HEAD method is identical to GET except that the server MUST NOT return a message-body in the response. The metainformation contained in the HTTP headers in response to a HEAD request SHOULD be identical to the information sent in response to a GET request.
Although it says "SHOULD", I think it can be misleading at best when HEAD requests do, for example, return different (greater) `s-maxage` values than a corresponding GET request.
Commits
-------
4dd0e53171 HttpCache does not consider ESI resources in HEAD requests
* 3.4:
fixed CS
[Serializer] Add Support for in CustomNormalizer
Remove Validator\TypeTestCase and add validator logic to base TypeTestCase
[Lock] Include lock component in framework bundle
[WebProfilerBundle] Render file links for twig templates
CsvEncoder handling variable structures and custom header order
Saltless Encoder Interface
[Serializer] throw more specific exceptions
# Conflicts:
# src/Symfony/Bundle/FrameworkBundle/composer.json
# src/Symfony/Bundle/SecurityBundle/Command/UserPasswordEncoderCommand.php
# src/Symfony/Component/Serializer/Encoder/XmlEncoder.php
# src/Symfony/Component/Serializer/Normalizer/AbstractNormalizer.php
# src/Symfony/Component/Serializer/Serializer.php
This PR was squashed before being merged into the 3.4 branch (closes#21716).
Discussion
----------
[Serializer] Add Support for `object_to_populate` in CustomNormalizer
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #21715
| License | MIT
| Doc PR | n/a
This pulls a trait out of `AbstractNormalizer` with a method to extract the object to populate and adds some tests for it. Then uses that trait in both `AbstractNormalizer` and `CustomNormalizer` so both can support the `object_to_populate` key.
Commits
-------
ec9242d1ee [Serializer] Add Support for in CustomNormalizer
This PR was squashed before being merged into the 3.4 branch (closes#21960).
Discussion
----------
Remove Validator\TypeTestCase and add validator logic to base TypeTestCase
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| BC breaks? | no/possibly
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | N/A
| License | MIT
| Doc PR | symfony/symfony-docs#7587
Based on a discussion in the docs, users should not really extend classes in the `Tests` namespace. This means that if you want to unit test forms, you need to extend the `Test\TypeTestCase` class which doesn't have the validation logic (Not adding the validator extension gives an error if you use the `constraints` option in your forms).
So I propose to remove the `Validator\TypeTestCase` class (or it can possibly be deprecated if it is wrongly used by someone), and add the validator extension logic to the base `TypTestCase` class.
The benefit is that there is only one class to extend (both for internal or userland tests), and it makes it easy to add more core extensions if necessary.
The one part that I don't like too much at the moment, is keeping the extension in the `getExtensions` method. This means that you extend the class and need to register custom extensions, that you would need to do `return array_merge(parent::getExtensions(), ... ` (only in the case when you want core extensions enabled). So I don't know if we rather want to add a private method like `getCoreExtensions`?
Commits
-------
5ab50103ae Remove Validator\TypeTestCase and add validator logic to base TypeTestCase
This PR was merged into the 3.4 branch.
Discussion
----------
[Serializer] throw more specific exceptions
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #20534
| License | MIT
| Doc PR |
Commits
-------
aa30d04243 [Serializer] throw more specific exceptions
This PR was squashed before being merged into the 3.4 branch (closes#24256).
Discussion
----------
CsvEncoder handling variable structures and custom header order
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #23278
| License | MIT
| Doc PR | TBD
This PR improves the CsvEncoder to handle variable nesting structures and adds a context option that allows custom csv header order.
Commits
-------
d173494e48 CsvEncoder handling variable structures and custom header order
This PR was merged into the 3.4 branch.
Discussion
----------
[Security] Saltless Encoder Interface
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
A new interface for encoders that do not require a user-generated salt (generate their own built-in) as suggested by @stof ([comment](https://github.com/symfony/symfony/pull/21604/files#r101225470)), this will become useful as more password encoders are added in the future (such as symfony/symfony#21604).
Commits
-------
7c4aa0bccb Saltless Encoder Interface
* 3.4:
[PhpUnitBridge] Added a CoverageListener to enhance the code coverage report
Add a method to check if any results were found
[SecurityBundle] Deprecate ACL related code
[FrameworkBundle] Enable assets with templates only if the Asset component is installed
This PR was merged into the 3.4 branch.
Discussion
----------
[Finder] Add a method to check if any results were found
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| License | MIT
If I want to know if any results were found, but I don't want to start trawling through them, I have to do the rather ugly:
```php
$found = false;
foreach ($finder as $thing) {
$found = true;
break;
}
if ($found) {
```
This PR enables the much more readable:
```php
if ($finder->found()) {
```
This seemed like an obvious thing to me, so I suspect there might be a reason this doesn't exist already, but I couldn't find any previous discussion. If it'll be accepted then I'll glady create a docs PR
Commits
-------
24dcb5202c Add a method to check if any results were found
* 3.4:
Passing the newly generated security token to the event during user switching.
Fix changelog and minor tweak for #23485
[Config] extracted the xml parsing from XmlUtils::loadFile into XmlUtils::parse
[Security][SecurityBundle] Deprecate the HTTP digest auth
add ability to configure catching exceptions
Extract method refactoring for ResourceCheckerConfigCache
This PR was merged into the 3.4 branch.
Discussion
----------
[Security][Firewall] Passing the newly generated security token to the event during user switching
Event allows listeners to easily switch out the token if custom token updates are required
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
Updated SwitchUserEvent to include the generated security Token. Allows the listeners to replace the token with their own (in case an application has some custom logic for token generation). The SwitchUserListener will now use the token returned by the event, so if token was not changed the self generated token will be used. If token was changed in the event then the new token would get used.
Reasons for this feature
--------------------------
In our current project users can have different Role sets depending on which organization they switch to. Our `User->getRoles()` always returns ["ROLE_USER"] and after login user is presented with choice of organizations they want to work in. Based on selected organization roles get updated with then stored token.
Without the change proposed in this PR. The only way we can setup the proper roles during user switch is by replacing `security.authentication.switchuser_listener` service with our own implementation of the listener.
With the proposed change, we can replace the security token with the one having all the roles we require directly inside our listener for `security.switch_user` event that gets thrown by Symfony's `SwitchUserListener`
Commits
-------
4205f1b Passing the newly generated security token to the event during user switching.
This PR was merged into the 3.4 branch.
Discussion
----------
[HttpKernel] Add ability to configure catching exceptions for Client
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | todo
Debugging exceptions in functional tests is difficult as you need to look at the logs to see which exception was thrown. Disabling catching of exceptions in the client would allow the exception to bubble up to phpunit and make it easier to see what exception was thrown.
Commits
-------
4812e60 add ability to configure catching exceptions
This PR was squashed before being merged into the 3.4 branch (closes#22589).
Discussion
----------
Extract method refactoring for ResourceCheckerConfigCache
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
Improves code readability.
Commits
-------
685c353 Extract method refactoring for ResourceCheckerConfigCache
This PR was squashed before being merged into the 3.4 branch (closes#24239).
Discussion
----------
[HttpFoundation] Deprecate compatibility with PHP <5.4 sessions
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | yes
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
This PR removes functionality added in Symfony 2.1 as a compatibility layer with sessions from PHP <5.4.
- [x] Fix tests
Commits
-------
3deb3940ab [HttpFoundation] Deprecate compatibility with PHP <5.4 sessions
This PR was squashed before being merged into the 3.4 branch (closes#23882).
Discussion
----------
[Security] Deprecated not being logged out after user change
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | yes
| Tests pass? | yes
| Fixed tickets | #17023
| License | MIT
| Doc PR | ~
This PR is an alternative approach to #19033. Due to a behavioral change that could break a lot of applications and websites, I've decided to trigger a deprecation instead of actually changing the behavior as that can be done for 4.0.
Whenever a user object is considered changed (`AbstractToken::hasUserChanged`) when setting a new user object after refreshing, it will now throw a deprecation, paving the way for a behavioral change in 4.0. The idea is that in 4.0 Symfony will simply trigger a logout when this case is encountered.
Commits
-------
22f525b [Security] Deprecated not being logged out after user change
This PR was merged into the 2.7 branch.
Discussion
----------
Added null as explicit return type (?TokenInterface)
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | https://github.com/symfony/symfony/pull/23882#discussion_r140704737
| License | MIT
| Doc PR | ~
This fixes the returntype in the `ContextListener` so it can be merged upwards.
/cc @chalasr
Commits
-------
1ba4dd9 Added null as explicit return type (?TokenInterface)
This PR was merged into the 3.4 branch.
Discussion
----------
[DI] Fix tracking of bound arguments when using autoconfiguration
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
An exception is currently thrown when using arguments bindings on an autoconfigured controller action.
This fixes the issue.
Commits
-------
091f943 [DI] Fix tracking of bound arguments when using autoconfiguration
* 3.4:
use the parseFile() method of the YAML parser
[Yaml] support parsing files
Adding Definition::addError() and a compiler pass to throw errors as exceptions
[DI] Add AutowireRequiredMethodsPass to fix bindings for `@required` methods
[Cache] Add ResettableInterface to allow resetting any pool's local state
[DI][DX] Throw exception on some ContainerBuilder methods used from extensions
added missing @author tag for new class
allow forms without translations and validator
[VarDumper] Make `dump()` a little bit more easier to use
[Form] Add ambiguous & exception debug:form tests
Reset the authentication token between requests.
[Serializer] Getter for extra attributes in ExtraAttributesException
[DI] Dont use JSON_BIGINT_AS_STRING
# Conflicts:
# src/Symfony/Component/Routing/composer.json
# src/Symfony/Component/Translation/composer.json
# src/Symfony/Component/Yaml/Inline.php
# src/Symfony/Component/Yaml/Tests/ParserTest.php
# src/Symfony/Component/Yaml/Yaml.php
This PR was merged into the 3.4 branch.
Discussion
----------
[DI][DX] Throw exception on some ContainerBuilder methods used from extensions
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | yes <!-- don't forget updating src/**/CHANGELOG.md files -->
| BC breaks? | no (unlikely, that would mean there already was an issue in userland code)
| Deprecations? | no <!-- don't forget updating UPGRADE-*.md files -->
| Tests pass? | yes
| Fixed tickets | #24282 <!-- #-prefixed issue number(s), if any -->
| License | MIT
| Doc PR | N/A
Commits
-------
88549fff5b [DI][DX] Throw exception on some ContainerBuilder methods used from extensions
This PR was merged into the 4.0-dev branch.
Discussion
----------
[Lock] Add missing methods in LockInterface
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | yes
| BC breaks? | no (because 3.4 is not yet released)
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | /
| License | MIT
| Doc PR | /
Add methods to the LockInterface
Commits
-------
e66e5381d3 Add missing methods in LockInterface
This PR was merged into the 3.4 branch.
Discussion
----------
[Yaml] support parsing files
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | https://github.com/symfony/symfony/pull/24191#issuecomment-329975423
| License | MIT
| Doc PR | TODO
This PR adds a new flag `PARSE_FILE` which can be passed to the YAML parser. When given, the input will be interpreted as a filename whose contents will then be parsed. We already supported passing filenames in the past. Back then the features was not deterministic as it just relied on the string being an existing file or not. Now that we are able to control the behaviour of the parser by passing flags this can be done in a much cleaner way and allows to properly deal with errors (i.e. non existent or unreadable files).
This change will also allow to improve error/deprecation messages to include the filename being parsed and thus showing more descriptive error messages when people are using the YAML parser with a bunch of files (e.g. as part of the DependencyInjection or Routing component).
Commits
-------
9becb8a [Yaml] support parsing files
This PR was squashed before being merged into the 3.4 branch (closes#24290).
Discussion
----------
Adding Definition::addError() and a compiler pass to throw errors as exceptions
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes & no
| New feature? | yes
| BC breaks? | no
| Deprecations? | yes (very minor)
| Tests pass? | yes
| Fixed tickets | #23606
| License | MIT
| Doc PR | Not needed
Hi guys!
Very simple: when there is an error with a Definition, we can now call `Definition::addError()` instead of throwing an exception. Then, a new compiler pass (after removal) actually throws an exception. The advantage is that we can avoid throwing exceptions for services that are ultimately removed from the container. That's important for auto-registration, where we commonly register all services in `src/`... but then many of them are removed later.
A few interesting notes:
- We can probably convert more things from exceptions to `Definition::addError()`. I've only converted autowiring errors and things in `CheckArgumentsValidityPass` (that was necessary because it was throwing exceptions in some cases due to autowiring failing... which was the true error)
- `Definition` can hold multiple errors, but I'm only showing the first error in the exception message. The reason is clarity: I think usually the first error is the most (or only) important. But having `Definition::addError()` avoids the possibility of a later error overriding an earlier one
Cheers!
Commits
-------
a85b37a Adding Definition::addError() and a compiler pass to throw errors as exceptions
This PR was merged into the 3.4 branch.
Discussion
----------
[DI] Add AutowireRequiredMethodsPass to fix bindings for `@required` methods
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | yes
| BC breaks? | yes
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
Spotted while doing a SF4 workshop :)
Discovery of `@required` methods should be split from AutowirePass so that bindings can apply to these methods also when autowiring is enabled.
Commits
-------
dc55dd2 [DI] Add AutowireRequiredMethodsPass to fix bindings for `@required` methods
This PR was merged into the 3.4 branch.
Discussion
----------
[Cache] Add ResettableInterface to allow resetting any pool's local state
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
To allow pools to leverage #24155 so that they can be used in multi-request loops.
Commits
-------
14c91f2 [Cache] Add ResettableInterface to allow resetting any pool's local state
This PR was submitted for the master branch but it was squashed and merged into the 3.4 branch instead (closes#24280).
Discussion
----------
[VarDumper] Make `dump()` a little bit more easier to use
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
Imagine you have this code:
```php
$object->method();
```
If you want to dump the object, this is currently the way to do that:
```php
dump($object);
$object->method();
```
This PR makes adding (and removing) the `dump` function easier. When using one argument is used, that argument is returned.
```php
dump($object)->method();
```
When dumping multiple things, they all get returned. So you can to this:
```php
$object->someMethod(...dump($arg1, $arg2, $arg3));
```
Commits
-------
42f0984 [VarDumper] Make `dump()` a little bit more easier to use
This PR was squashed before being merged into the 3.4 branch (closes#24277).
Discussion
----------
[Serializer] Getter for extra attributes in ExtraAttributesException
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes (failure unrelated)
| Fixed tickets |
| License | MIT
This PR adds a public getter for the extra attributes in `ExtraAttributesException` and makes it easier to create custom exception messages (e.g. JSON formatted).
Commits
-------
cb935e7 [Serializer] Getter for extra attributes in ExtraAttributesException
This PR was squashed before being merged into the 3.4 branch (closes#24257).
Discussion
----------
[HttpKernel][DI] Enable Kernel to implement CompilerPassInterface
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
In the same spirit as #13761 that allowed DI exts to be also compiler passes, and as #23812 that allowed the kernel to listen to events, in our new bundle-less world, should we allow the kernel to register itself as a compiler pass? That would make some scenario possible (like having a `TestKernel` that turns some services public.)
Commits
-------
6973a1a [HttpKernel][DI] Enable Kernel to implement CompilerPassInterface
This PR was merged into the 3.4 branch.
Discussion
----------
[DI] Add "PHP fluent format" for configuring the container
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #22407
| License | MIT
| Doc PR | -
This PR allows one to write DI configuration using just PHP, with full IDE auto-completion.
Example:
```php
namespace Symfony\Component\DependencyInjection\Loader\Configurator;
use Symfony\Component\DependencyInjection\Tests\Fixtures\Prototype\Foo;
return function (ContainerConfigurator $c) {
$c->import('basic.php');
$s = $c->services()->defaults()
->public()
->private()
->autoconfigure()
->autowire()
->tag('t', array('a' => 'b'))
->bind(Foo::class, ref('bar'))
->private();
$s->set(Foo::class)->args([ref('bar')])->public();
$s->set('bar', Foo::class)->call('setFoo')->autoconfigure(false);
};
```
Commits
-------
814cc31 [DI] Add "PHP fluent format" for configuring the container
This PR was merged into the 3.4 branch.
Discussion
----------
[Routing] Add PHP fluent DSL for configuring routes
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
If we add a PHP DSL for DI config (#23834), we must have a similar one for routing. Here it is. See fixtures.
So, you always start with a `RoutingConfigurator $routes`, which allows you to:
```php
$routes->add($name, $path); // adds a route
$routes->import($resource, $type = null, $ignoreErrors = false); // imports routes
$routes->collection($name = ''); // starts a collection, all *names* might be prefixed
```
then
- for "import" and "collection", you can `->prefix($path)`;
- for "add" and "collection", you can fluently "add" several times;
- for "collection" you add sub"`->collection()`";
- and on all, you can configure the route(s) with:
```php
->defaults(array $defaults)
->requirements(array $requirements)
->options(array $options)
->condition($condition)
->host($pattern)
->schemes(array $schemes)
->methods(array $methods)
->controller($controller)
```
Commits
-------
f433c9a [Routing] Add PHP fluent DSL for configuring routes
This PR was merged into the 2.7 branch.
Discussion
----------
[Console] Preserving line breaks between sentences according to the exception message
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #24212
| License | MIT
| Doc PR | -
Commits
-------
e2d4904 Render all line breaks according to the exception message
This PR was merged into the 3.4 branch.
Discussion
----------
[Serializer] Add local cache to normalizers
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #24206
| License | MIT
| Doc PR | -
Should help making the Serializer a bit faster.
Commits
-------
b0c5cf0 [Serializer] Add local cache to normalizers
* 3.4:
[DI] Turn services and aliases private by default, with BC layer
[WebProfiler] Fix z-index for pinned AJAX block
Require v3.4+ of the var-dumper component