This PR was squashed before being merged into the 2.7 branch (closes#24605).
Discussion
----------
[FrameworkBundle] Do not load property_access.xml if the component isn't installed
| Q | A
| ------------- | ---
| Branch? | 2.7 <!-- see comment below -->
| Bug fix? | yes
| New feature? | no <!-- don't forget to update src/**/CHANGELOG.md files -->
| BC breaks? | no
| Deprecations? | no <!-- don't forget to update UPGRADE-*.md files -->
| Tests pass? | yes
| Fixed tickets | https://github.com/symfony/symfony/pull/24563#issuecomment-337549147 <!-- #-prefixed issue number(s), if any -->
| License | MIT
| Doc PR | N/A
This PR actually aims to fix https://github.com/symfony/symfony/pull/24563#issuecomment-337549147 as the exception introduced in the PR can't be reached anyway when using the FrameworkBundle without the property access component as you'll get:
> Uncaught Symfony\Component\Debug\Exception\ClassNotFoundException: Attempted to load class "PropertyAccessor" from namespace "Symfony\Component\PropertyAccess".
With this fix, you properly get:
> The ObjectNormalizer class requires the "PropertyAccess" component. Install "symfony/property-access" to use it.
Not sure this change really belongs to a patch release, but the original PR was accepted in the 2.7 branch.
Also, I'd rather remove the ObjectNormalizer definition if the component isn't available, as suggested by @xabbuh (https://github.com/symfony/symfony/pull/24563#issuecomment-336795644). But in 2.7, this is the only normalizer registered by default and the [`SerializerPass` throws an exception if no normalizer is registered.](https://github.com/symfony/symfony/blob/2.7/src/Symfony/Bundle/FrameworkBundle/DependencyInjection/Compiler/SerializerPass.php#L46)
To sum up, either:
1. we completly prevent using the FrameworkBundle and the serializer without the property access component, even if you don't really care about the ObjectNormalizer because you only use your owns specific ones. (and you'll get the exception hinting to install the property access component)
2. we allow using the FrameworkBundle and the serializer without the property access component, so we remove the ObjectNormalizer definition, but the user'll get a `You must tag at least one service as "serializer.normalizer" to use the Serializer service` exception until he configures a normalizer (and we don't get the hint about installing the property access component to enable the ObjectNormalizer. We already have a suggest entry in the composer.json file, though).
To me option 2 looks better. WDYT?
Commits
-------
d297e27600 [FrameworkBundle] Do not load property_access.xml if the component isn't installed
This PR was submitted for the 3.3 branch but it was merged into the 2.7 branch instead (closes#24719).
Discussion
----------
Fixed a few spelling mistakes in Luxembourgish translation
Fixed a few spelling mistakes in Luxembourgish translation and also adjusted trans-unit "51" to commit #21335
| Q | A
| ------------- | ---
| Branch? | 3.3
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? |no
| Tests pass? | yes
| License | MIT
Commits
-------
7a81576 Fixed a few spelling mistakes in Luxembourgish translation
This PR was merged into the 2.7 branch.
Discussion
----------
[HttpFoundation] Fix RedirectResponse factory method phpdoc
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| License | MIT
Fix the phpdoc of the factory method on the RedirectResponse (signatures are different between Response and RedirectResponse).
Commits
-------
7cd3049454 fix the phpdoc that is not really inherited from response
This PR was merged into the 2.7 branch.
Discussion
----------
[DI] minor docblock fixes
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
As found in #24611
Commits
-------
0c9edaf [DI] minor docblock fixes
This PR was merged into the 2.7 branch.
Discussion
----------
Escape trailing \ in QuestionHelper autocompletion
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #24652
| License | MIT
Fixessymfony/symfony#24652
Trailing backslash, being unescaped, used to escape closing formatting
tag and, thus, formatting tag appeared in autocompletion
Output of the added test without the fix:
```
./phpunit --filter testAutocompleteWithTrailingBackslash src/Symfony/Component/Console/Tests/Helper/QuestionHelperTest.php
#!/usr/bin/env php
PHPUnit 6.0.13 by Sebastian Bergmann and contributors.
Testing Symfony\Component\Console\Tests\Helper\QuestionHelperTest
F 1 / 1 (100%)
Time: 4.28 seconds, Memory: 6.00MB
There was 1 failure:
1) Symfony\Component\Console\Tests\Helper\QuestionHelperTest::testAutocompleteWithTrailingBackslash
Failed asserting that two strings are equal.
--- Expected
+++ Actual
@@ @@
-'ExampleNamespace\'
+'ExampleNamespace</hl>'
```
`OutputFormatter::escapeTrailingBackslash` is marked as `@internal`; however, this seems to be a valid use without exposing outside of the component. `OutputFormatter::escape`, which is not internal, doesn't fit here because escaping tags in autocompletion options is a deeper topic: there might be a valid use for tags in autocompletion and even if not, taking out the possibility to use them might be considered a BC break (even though it hasn't been advertised anywhere).
Commits
-------
0c0f1da Escape trailing \ in QuestionHelper autocompletion
Fixessymfony/symfony#24652
Trailing backslash, being unescaped, used to escape closing formatting
tag and, thus, formatting tag appeared in autocompletion
This PR was merged into the 2.7 branch.
Discussion
----------
[Security] Fixed auth provider authenticate() cannot return void
| Q | A
| ------------- | ---
| Branch? | 2.7 and up
| Bug fix? | yes
| New feature? | no
| BC breaks? | no (arguably)
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
The `AuthenticationManagerInterface` [requires](https://github.com/symfony/symfony/blob/2.7/src/Symfony/Component/Security/Core/Authentication/AuthenticationManagerInterface.php#L30) that `authenticate()` must return a TokenInterface, never null. Several authentication providers are violating this. Changed to throw exception instead.
See discussion in earlier PR https://github.com/symfony/symfony/pull/24585 which was changing the docblock rather than the implementations.
Commits
-------
6e18b56b77 [Security] Fixed auth provider authenticate() cannot return void
This PR was merged into the 2.7 branch.
Discussion
----------
declare type AcceptHeaderItem for array_map
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
In `array_filter` , argument type is declared.
https://github.com/symfony/symfony/blob/2.7/src/Symfony/Component/HttpFoundation/AcceptHeader.php#L133
So It's natural to do so in `array_map` too.
Commits
-------
ab8f5be40c declare argument type
The AuthenticationManagerInterface requires that authenticate() must return a TokenInterface, never null.
Several authentication providers are violating this. Changed to throw exception instead.
This PR was merged into the 2.7 branch.
Discussion
----------
content can be a resource
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes (bug in a comment)
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
Commits
-------
c63742daef content can be a resource
This PR was squashed before being merged into the 2.7 branch (closes#24626).
Discussion
----------
streamed response should return $this
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | may be yes?
| Deprecations? | no
| Tests pass? | yes
| License | MIT
---
`sendHeaders()` and `sendContent()` should return $this, as in the parent class.
related PRs:
https://github.com/symfony/symfony/pull/2935https://github.com/symfony/symfony/pull/20289
Commits
-------
058fb84 streamed response should return $this
This PR was merged into the 2.7 branch.
Discussion
----------
Username and password in basic auth are allowed to contain '.'
Initially reported by Fede Isas in https://github.com/beberlei/assert/pull/234
| Q | A
| ------------- | ---
| Branch? | 2.3
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
Commits
-------
e5d57dd050 Username and password in basic auth are allowed to contain '.'
This PR was merged into the 2.7 branch.
Discussion
----------
[HttpKernel] Remove obsolete PHPDoc from UriSigner
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | N/A
| License | MIT
| Doc PR | N/A
`_hash` query param does not have to be at the end of the URL ever since https://github.com/symfony/symfony/pull/12574 so this PHPDoc is confusing. I've actually lost couple of hours of work rewriting my URLs to place it at the end before I realized that `UriSigner` doesn't really care.
Commits
-------
45ac192200 Remove obsolete PHPDoc from UriSigner
This PR was merged into the 2.7 branch.
Discussion
----------
[Debug] Fix same vendor detection in class loader
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
Fix about same vendor detection in ClassLoader. Actually, detected namespace for `Doctrine\ORM\Configuration` is `Doctrine\ORM` instead of `Doctrine\`. So deprecations are triggered for classes in same namespace.
Commits
-------
d2ab0d8019 [Debug] Fix same vendor detection in class loader
This PR was merged into the 2.7 branch.
Discussion
----------
[Form] Updated the source text and translation
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
I noticed that the source text had changed. See the [English version](https://github.com/symfony/symfony/blob/master/src/Symfony/Component/Form/Resources/translations/validators.en.xlf)
Ping @magnusnordlander or @vinkla, Is this translation okey?
Commits
-------
7da052f18f Updated the source text and translation
This PR was merged into the 2.7 branch.
Discussion
----------
[Security] Reject remember-me token if UserCheckerInterface::checkPostAuth() fails
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #24525
| License | MIT
| Doc PR | -
I think this is a security hole - a user can remain logged in with a remember me cookie even though they can no longer pass `UserCheckInterface::checkPostAuth()` (could be disabled).
This is a small BC break but shouldn't be an issue as I think it is a bug. I don't think this requires a BC layer but if so, I can add.
Commits
-------
fe190b6ee9 reject remember-me token if user check fails
This PR was submitted for the 3.4 branch but it was merged into the 2.7 branch instead (closes#24519).
Discussion
----------
[Validator] [Twig] added magic method __isset() to File Constraint class
| Q | A
| ------------- | ---
| Branch? | 3.4 or master / 2.7, 2.8 or 3.3 <!-- see comment below -->
| Bug fix? | no
| New feature? | yes <!-- don't forget to update src/**/CHANGELOG.md files -->
| BC breaks? | no
| Deprecations? | no <!-- don't forget to update UPGRADE-*.md files -->
| Tests pass? | yes
| Fixed tickets | #24512 <!-- #-prefixed issue number(s), if any -->
| License | MIT
| Doc PR | symfony/symfony-docs#... <!--highly recommended for new features-->
In my project I get assert constraints from one of my entity and I use this value in my front end via Twig.
I faced a problem with the property $maxSize of the File Constraint.
As this property is protected I cannot access it via Twig because the magic method __isset is missing, as I read in twig documentation.
<!--
- Bug fixes must be submitted against the lowest branch where they apply
(lowest branches are regularly merged to upper ones so they get the fixes too).
- Features and deprecations must be submitted against the 3.4,
legacy code removals go to the master branch.
- Please fill in this template according to the PR you're about to submit.
- Replace this comment by a description of what your PR is solving.
-->
Commits
-------
9efb76572a [Validator] added magic method __isset() to File Constraint class
This PR was squashed before being merged into the 2.7 branch (closes#24532).
Discussion
----------
[DI] Fix possible incorrect php-code when dumped strings contains newlines
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no <!-- don't forget to update src/**/CHANGELOG.md files -->
| BC breaks? | no
| Deprecations? | no <!-- don't forget to update UPGRADE-*.md files -->
| Tests pass? | yes
| Fixed tickets | ?
| License | MIT
| Doc PR | no
See discussion #24517
<!--
- Bug fixes must be submitted against the lowest branch where they apply
(lowest branches are regularly merged to upper ones so they get the fixes too).
- Features and deprecations must be submitted against the 3.4,
legacy code removals go to the master branch.
- Please fill in this template according to the PR you're about to submit.
- Replace this comment by a description of what your PR is solving.
-->
Commits
-------
345f2fc [DI] Fix possible incorrect php-code when dumped strings contains newlines
This PR was merged into the 2.7 branch.
Discussion
----------
[Translation] minor: remove unused variable in test
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | no
| New feature? | no <!-- don't forget to update src/**/CHANGELOG.md files -->
| BC breaks? | no
| Deprecations? | no <!-- don't forget to update UPGRADE-*.md files -->
| Tests pass? | yes
| Fixed tickets | #... <!-- #-prefixed issue number(s), if any -->
| License | MIT
| Doc PR | n/a
Commits
-------
c6ed0e4 [Translation] minor: remove unused variable in test
Nicolas Grekas
Maxime Steinhausser
Fabien Potencier
Maxime Steinhausser
Michel Weimerskirch
Tobias Schultze
Jáchym Toušek
Rudy Onfroy
Alexander Kurilo
Shawn Iwinski
Tyson Andre
Gunnstein Lye
Lesnykh Ilia
DQNEO
Christophe Coevoet
Richard Quadling
Edi Modrić
Kévin Dunglas
Yuriy Potemkin
maryo
hubert.lenoir
Tobias Nyholm
loru88
Artur Eshenbrener
Kevin Bond