This PR was merged into the 2.7 branch.
Discussion
----------
[Security] Fix the retrieval of the last username when using forwarding
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
When using forwarding to render the login page (which is not the default), the info are stored in the subrequest attributes rather than the session. ``getLastAuthenticationError`` was handling this properly but ``getLastUsername`` was not checking the attributes.
This fixes it by checking the attributes (I'm checking them before the session, to be consistent with ``getLastAuthenticationError``)
Commits
-------
e041365 Fix the retrieval of the last username when using forwarding
This PR was squashed before being merged into the 3.1 branch (closes#19352).
Discussion
----------
[Serializer] Include the format in the cache key
| Q | A
| ------------- | ---
| Branch? | 3.1
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
Attributes to normalize can vary by format. For instance in API Platform normalized attributes aren't the same in JSON-LD (all attributes) and HAL (relations are not serialized in the document body).
This PR fixes that.
Commits
-------
282eb9c [Serializer] Include the format in the cache key
This PR was merged into the 3.2-dev branch.
Discussion
----------
[Serializer] Argument objects
| Q | A
| ------------- | ---
| Branch? | 3.1
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | TODO
| Fixed tickets | none
| License | MIT
| Doc PR | TODO
Assuming with have the two following entities:
```php
namespace AppBundle\Entity;
class Dummy
{
public function __construct(int $id, string $name, string $email, AnotherDummy $anotherDummy)
{
$this->id = $id;
$this->name = $name;
$this->email = $email;
$this->anotherDummy = $anotherDummy;
}
}
class AnotherDummy
{
public function __construct(int $id, string $uuid, bool $isEnabled)
{
$this->id = $id;
$this->uuid = $uuid;
$this->isEnabled = $isEnabled;
}
}
```
Doing the following will fail:
```php
$serializer->denormalize(
[
'id' => $i,
'name' => 'dummy',
'email' => 'du@ex.com',
'another_dummy' => [
'id' => 1000 + $i,
'uuid' => 'azerty',
'is_enabled' => true,
],
],
\AppBundle\Entity\Dummy::class
);
```
with a type error, because the 4th argument passed to `Dummy::__construct()` will be an array. The following patch checks if the type of the argument is an object, and if it is tries to denormalize that object as well.
I'm not sure if it's me missing something or this is a use case that has been omitted (willingly or not), but if it's a valuable patch I would be happy to work on finishing it.
Commits
-------
988eba1 fix tests
98bcb91 Merge pull request #1 from dunglas/theofidry-feature/param-object
7b5d55d Prevent BC in instantiateObject
e437e04 fix reflection type
3fe9802 revert CS
5556fa5 fix
d4cdb00 fix CS
93608dc Add deprecation message
f46a176 Apply patch
f361e52 fix tests
4884a2e f1
e64e999 Address comments
e99a90b Add tests
7bd4ac5 Test
This PR was squashed before being merged into the 2.7 branch (closes#19327).
Discussion
----------
[Yaml] Fix PHPDoc of the Yaml class
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
The YAML dumper is able to serialize any PHP type, not just arrays.
Commits
-------
a3fd991 [Yaml] Fix PHPDoc of the Yaml class
This PR was squashed before being merged into the 2.7 branch (closes#19321).
Discussion
----------
[HttpFoundation] Add OPTIONS and TRACE to the list of safe methods
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
According to [RFC 7231](https://tools.ietf.org/html/rfc7231#section-8.1.3) `OPTIONS` and `TRACE` are safe methods.
Commits
-------
1404607 [HttpFoundation] Add OPTIONS and TRACE to the list of safe methods
This PR was merged into the 2.7 branch.
Discussion
----------
[BrowserKit] Update Client::getAbsoluteUri() for query string only URIs
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #19303
| License | MIT
| Doc PR | -
This PR allows BrowserKit to treat a value containing only query string parameters the same way anchor/hash values are treated when passed as a URI argument to the getAbsoluteUri() method. Helps when encountering sites that force a redirect with a location header value containing only a query string.
Commits
-------
965408f Update getAbsoluteUri() for query string uris
This PR was squashed before being merged into the 3.2-dev branch (closes#19322).
Discussion
----------
[HttpFoundation] Add Request::isMethodIdempotent method
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
Addd a new method in the spirit of `isMethodSafe` to know if the current method is idempotent according to RFCs.
Commits
-------
44df6a4 [HttpFoundation] Add Request::isMethodIdempotent method
* 3.1:
[HttpKernel] fixed internal subrequests having an if-modified-since-header
[Security] Fix deprecated usage of DigestAuthenticationEntryPoint::getKey() in DigestAuthenticationListener
[Validator] Added additional MasterCard range to the CardSchemeValidator
Make the exception message more clear.
[Form] fixed bug - name in ButtonBuilder
[DoctrineBridge] added missing error code for constraint.
[ClassLoader] Fix declared classes being computed when not needed
[varDumper] Fix missing usage of ExceptionCaster::$traceArgs
* 3.0:
[HttpKernel] fixed internal subrequests having an if-modified-since-header
[Security] Fix deprecated usage of DigestAuthenticationEntryPoint::getKey() in DigestAuthenticationListener
[Validator] Added additional MasterCard range to the CardSchemeValidator
Make the exception message more clear.
[Form] fixed bug - name in ButtonBuilder
[DoctrineBridge] added missing error code for constraint.
[ClassLoader] Fix declared classes being computed when not needed
[varDumper] Fix missing usage of ExceptionCaster::$traceArgs
* 2.8:
[HttpKernel] fixed internal subrequests having an if-modified-since-header
[Security] Fix deprecated usage of DigestAuthenticationEntryPoint::getKey() in DigestAuthenticationListener
[Validator] Added additional MasterCard range to the CardSchemeValidator
Make the exception message more clear.
[Form] fixed bug - name in ButtonBuilder
[DoctrineBridge] added missing error code for constraint.
[ClassLoader] Fix declared classes being computed when not needed
[varDumper] Fix missing usage of ExceptionCaster::$traceArgs
Conflicts:
src/Symfony/Bridge/Doctrine/Validator/Constraints/UniqueEntityValidator.php
src/Symfony/Component/ClassLoader/ClassCollectionLoader.php
* 2.7:
[HttpKernel] fixed internal subrequests having an if-modified-since-header
[Validator] Added additional MasterCard range to the CardSchemeValidator
Make the exception message more clear.
[Form] fixed bug - name in ButtonBuilder
[ClassLoader] Fix declared classes being computed when not needed
This PR was merged into the 2.7 branch.
Discussion
----------
[ClassLoader] Fix declared classes being computed when not needed
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | no
| Fixed tickets | -
| License | MIT
| Doc PR | -
Commits
-------
d513eae [ClassLoader] Fix declared classes being computed when not needed
This PR was merged into the 2.7 branch.
Discussion
----------
[Validator] Added additional MasterCard range to the CardSchemeValidator
From October 2016 MasterCard will introduce a new card range, 222100 through 272099.
See: https://www.mctestcards.com/ (click the help in top right)
This implements the additional regex for validation to succeed, and some additional unit tests for this new range.
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
Commits
-------
4d68f56 [Validator] Added additional MasterCard range to the CardSchemeValidator
This PR was squashed before being merged into the 2.7 branch (closes#19290).
Discussion
----------
[HttpKernel] fixed internal subrequests having an if-modified-since-header
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
As the InlineFragmentRenderer has no access to a cached copy of a subrequest's target and hence couldn't handle a response with a HTTP status code of 304 (not modified), it makes no sense to send an if-not-modified-since header.
Commits
-------
e90038c [HttpKernel] fixed internal subrequests having an if-modified-since-header
This PR was squashed before being merged into the 2.8 branch (closes#19307).
Discussion
----------
[Security] Fix deprecated usage of DigestAuthenticationEntryPoint::getKey() in DigestAuthenticationListener
| Q | A
| ------------- | ---
| Branch? | 2.8
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
Fix the following deprecation triggered by Symfony when using the `http_digest` authentication:
<details>
<summary>Symfony\Component\Security\Http\EntryPoint\DigestAuthenticationEntryPoint::getKey() is deprecated since version 2.8 and will be removed in 3.0. Use getSecret() instead. </summary>
> DigestAuthenticationEntryPoint::getKey() (called from DigestAuthenticationListener.php at line 81)
DigestAuthenticationListener::handle() (called from classes.php at line 2622)
Firewall::onKernelRequest()
call_user_func() (called from WrappedListener.php at line 61)
WrappedListener::__invoke()
call_user_func() (called from classes.php at line 1858)
EventDispatcher::doDispatch() (called from classes.php at line 1773)
EventDispatcher::dispatch() (called from TraceableEventDispatcher.php at line 140)
TraceableEventDispatcher::dispatch() (called from HttpKernel.php at line 125)
HttpKernel::handleRaw() (called from HttpKernel.php at line 64)
HttpKernel::handle() (called from ContainerAwareHttpKernel.php at line 69)
ContainerAwareHttpKernel::handle() (called from Kernel.php at line 193)
Kernel::handle() (called from app_dev.php at line 36)
</details>
Refs: #16493
Commits
-------
880a392 [Security] Fix deprecated usage of DigestAuthenticationEntryPoint::getKey() in DigestAuthenticationListener
From October 2016 MasterCard will introduce a new card range,
222100 through 272099.
See: https://www.mctestcards.com/ (click the help in top right)
Implements unit tests and validation for this new card range.
This PR was submitted for the master branch but it was merged into the 2.7 branch instead (closes#19310).
Discussion
----------
Make the exception message more clear.
| Q | A
| ------------- | ---
| Branch? | "master"
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
A small change that makes the error message more clear. If your property is named "type", "value" or something similar it is not obvious that we refer to the property name.
See example: https://github.com/schmittjoh/JMSTranslationBundle/issues/373
Commits
-------
6344ccd Make the exception message more clear.
This PR was merged into the 2.8 branch.
Discussion
----------
[varDumper] Fix missing usage of ExceptionCaster::$traceArgs
| Q | A
| ------------- | ---
| Branch? | 2.8
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
Used in 2.7 but lost in 2.8
Commits
-------
6c5237c [varDumper] Fix missing usage of ExceptionCaster::$traceArgs
* 3.1:
[VarDumper] Fix indentation trimming in ExceptionCaster
[HttpKernel] Clarify deprecation of non-scalar values in surrogate renderer
removed @since
[Security] fixed DebugAccessDecisionManager::setVoters()
Remove and change unrelevant comments in Validator and Security components.
[Validator] add missing interface use statement for phpdoc block return type.
[Validator] UuidValidator must accept a Uuid constraint.
[Validator] make UuidValidator class formatting consistent.
Conflicts:
src/Symfony/Component/Validator/Tests/Constraints/AbstractConstraintValidatorTest.php
* 3.0:
[VarDumper] Fix indentation trimming in ExceptionCaster
removed @since
Remove and change unrelevant comments in Validator and Security components.
[Validator] add missing interface use statement for phpdoc block return type.
[Validator] UuidValidator must accept a Uuid constraint.
[Validator] make UuidValidator class formatting consistent.
* 2.7:
removed @since
Remove and change unrelevant comments in Validator and Security components.
[Validator] UuidValidator must accept a Uuid constraint.
[Validator] make UuidValidator class formatting consistent.