This PR was submitted for the 3.3 branch but it was merged into the 2.7 branch instead (closes#26091).
Discussion
----------
Update Repository Symlink Helper
The `link` script is super-useful (thanks @dunglas!) for development - but for some it's unusable in its current form due to the use of `GLOB_BRACE` which is [unavailable on certain platforms](https://github.com/zendframework/zend-stdlib/issues/58#issue-147689568) (such as Alpine) and is a platform-specific problem that will not be fixed in future versions of PHP.
I know the code is a little condensed and not the easiest to read, but I thought that wasn't really an issue considering this is just a development helper script and not part of the 'official' Symfony code base.
| Q | A
| ------------- | ---
| Branch? | `3.3`
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | No tests for `/link`
| Fixed tickets |
| License | MIT
| Doc PR | can't find documentation for `/link`
<!--
- Bug fixes must be submitted against the lowest branch where they apply
(lowest branches are regularly merged to upper ones so they get the fixes too).
- Features and deprecations must be submitted against the master branch.
- Replace this comment by a description of what your PR is solving.
-->
Commits
-------
a9568d7 Update Repository Symlink Helper
This PR was merged into the 3.4 branch.
Discussion
----------
Bump default PHPUnit version from 6.3 to 6.5
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | no, but unrelated
| Fixed tickets | N/A
| License | MIT
| Doc PR | N/A
This PR bumps the default PHPUnit version for php ≥ 7.2 from the outdated 6.3 to the currently maintained version 6.5.
Commits
-------
aeffc5f Bump default PHPUnit version from 6.3 to 6.5
This PR was merged into the 3.4 branch.
Discussion
----------
Deterministic time in cache items for reproducible builds
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
Allows setting a deterministic time for cache entries. This can be used to seed builds with a deterministic timestamp for reproducibility.
Parent issue is symfony/symfony#25958
Commits
-------
b4259a6 Use 0 for unlimited expiry
This PR was merged into the 3.4 branch.
Discussion
----------
Make kernel build time optionally deterministic
| Q | A
| ------------- | ---
| Branch? | master for features / 2.7 up to 4.0 for bug fixes <!-- see below -->
| Bug fix? | yes
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
As part of the effort to enable reproducible builds, this PR allows setting a deterministic build time for the dumped kernel. Parent issue is symfony/symfony#25958.
Commits
-------
48e8249 Make kernel build time optionally deterministic
This PR was merged into the 3.4 branch.
Discussion
----------
[HttpKernel] don't try to wire Request argument with controller.service_arguments
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no <!-- don't forget to update UPGRADE-*.md files -->
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
This does not make sense as Request is not a service and it's already handled by RequestValueResolver.
Also it produces alot of logging messages like the following whenever you only use the Request class in an action but no other service.
> Cannot autowire service "service_locator.IXu0y5S": it references class "Symfony\Component\HttpFoundation\Request" but no such service exists. It cannot be auto-registered because it is from a different root namespace.
> Removing service-argument resolver for controller "App\Controller\MyController:myAction": no corresponding services exist for the referenced types.
Commits
-------
09b9eb2 [HttpKernel] don't try to wire Request argument with controller.service_arguments
This PR was merged into the 2.7 branch.
Discussion
----------
do not mock the container builder in tests
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
Commits
-------
dab4222 do not mock the container builder in tests
This PR was submitted for the master branch but it was merged into the 2.7 branch instead (closes#26134).
Discussion
----------
Document explicitly that dotfiles and vcs files are ignored by default
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | ?
| Fixed tickets | None
| License | MIT
| Doc PR | N/A
This change makes it clear whether or not each of those two options are enabled by default.
Without this documentation one has to look into the code.
---
For documentation PRs should I target master or the same branch as bugs?
Commits
-------
e88e1ff Document explicitly that dotfiles and vcs files are ignored by default
* 2.8:
[SecurityBundle] Backport test
[Security] fix merge of 2.7 into 2.8 + add test case
backport regression test from 3.4
Fix misspelling variable
[DI] minor: use a strict comparision in setDecoratedService
Follow-on to #25825: Fix edge case in getParameterOption.
keep the context when validating forms
* 2.7:
[SecurityBundle] Backport test
Fix misspelling variable
[DI] minor: use a strict comparision in setDecoratedService
Follow-on to #25825: Fix edge case in getParameterOption.
keep the context when validating forms
This PR was merged into the 2.8 branch.
Discussion
----------
[PropertyInfo] backport regression test from 3.4
| Q | A
| ------------- | ---
| Branch? | 2.8
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
Commits
-------
a9ab167 backport regression test from 3.4
This PR was submitted for the master branch but it was merged into the 3.4 branch instead (closes#26112).
Discussion
----------
Env var maps to undefined constant.
When I try to use a constant as an environment variable, as described in the blog item,
I run into the following problem.
Env var "SOME_CONST" maps to undefined constant "App\\Util\\SomeClass::SOME_CONST".
The proposed solution works for me, however, I'm not sure if this is the best and conform Symfony standards.
Blog:
https://symfony.com/blog/new-in-symfony-3-4-advanced-environment-variables
| Q | A
| ------------- | ---
| Branch? | master for features / 2.7 up to 4.0 for bug fixes <!-- see below -->
| Bug fix? | yes/no
| New feature? | yes/no <!-- don't forget to update src/**/CHANGELOG.md files -->
| BC breaks? | yes/no
| Deprecations? | yes/no <!-- don't forget to update UPGRADE-*.md files -->
| Tests pass? | yes/no
| Fixed tickets | #... <!-- #-prefixed issue number(s), if any -->
| License | MIT
| Doc PR | symfony/symfony-docs#... <!--highly recommended for new features-->
<!--
- Bug fixes must be submitted against the lowest branch where they apply
(lowest branches are regularly merged to upper ones so they get the fixes too).
- Features and deprecations must be submitted against the master branch.
- Replace this comment by a description of what your PR is solving.
-->
Commits
-------
bdf9efc Env var maps to undefined constant.
When I try to use a constant as an environment variable, as described in the blog item,
I run into the following problem.
Env var "SOME_CONST" maps to undefined constant "App\\Util\\SomeClass::SOME_CONST".
The proposed solution works for me, however, I'm not sure if this is the best and conform Symfony standards.
Blog:
https://symfony.com/blog/new-in-symfony-3-4-advanced-environment-variables
This PR was merged into the 2.7 branch.
Discussion
----------
[SecurityBundle] Backport test
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
<!--
- Bug fixes must be submitted against the lowest branch where they apply
(lowest branches are regularly merged to upper ones so they get the fixes too).
- Features and deprecations must be submitted against the master branch.
- Replace this comment by a description of what your PR is solving.
-->
Commits
-------
d195a6f [SecurityBundle] Backport test
This PR was merged into the 2.8 branch.
Discussion
----------
[Security] fix merge of 2.7 into 2.8 + add test case
| Q | A
| ------------- | ---
| Branch? | 2.8
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | https://github.com/symfony/symfony/issues/26109
| License | MIT
| Doc PR | -
This fixes the merge mistake done in 899bf99879
that caused this fail with the added test case:
```
There was 1 failure:
1) Symfony\Component\Security\Tests\Http\Firewall\UsernamePasswordFormAuthenticationListenerTest::testHandleNonStringUsername with data set #1 (false)
Failed asserting that exception of type "TypeError" matches expected exception "\Symfony\Component\HttpKernel\Exception\BadRequestHttpException". Message was: "Argument 1 passed to Symfony\Component\Security\Http\ParameterBagUtils::getParameterBagValue() must be an instance of Symfony\Component\HttpFoundation\ParameterBag, instance of Symfony\Component\HttpFoundation\Request given, called in /var/www/symfony/src/Symfony/Component/Security/Http/Firewall/UsernamePasswordFormAuthenticationListener.php on line 100" at
/var/www/symfony/src/Symfony/Component/Security/Http/ParameterBagUtils.php:39
/var/www/symfony/src/Symfony/Component/Security/Http/Firewall/UsernamePasswordFormAuthenticationListener.php:100
/var/www/symfony/src/Symfony/Component/Security/Http/Firewall/AbstractAuthenticationListener.php:140
/var/www/symfony/src/Symfony/Component/Security/Http/Tests/Firewall/UsernamePasswordFormAuthenticationListenerTest.php:102
```
Original fix in 2.7: https://github.com/symfony/symfony/pull/25657/files#diff-e07c3e5653e210d017545d47c1bd7e76R111
Commits
-------
51d9008 [Security] fix merge of 2.7 into 2.8 + add test case
This PR was merged into the 3.4 branch.
Discussion
----------
[TwigBundle] do not mock the container builder or definitions
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
Commits
-------
8bba882512 do not mock the container builder or definitions
This PR was merged into the 2.7 branch.
Discussion
----------
[Console] Fix hasParameterOption / getParameterOption when used with multiple flags
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no (Fixes BC break in #24987)
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #25825
| License | MIT
| Doc PR | n/a
Proposed resolution to #25825:
- Back out #24987
- Fix getParameterOption for short options with values, e.g. `-edev`
Commits
-------
35f98e2089 Follow-on to #25825: Fix edge case in getParameterOption.
This PR was squashed before being merged into the 3.4 branch (closes#25756).
Discussion
----------
[TwigBundle] Register TwigBridge extensions first
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | https://github.com/symfony/symfony/issues/25610
| License | MIT
| Doc PR | -
The only extension that is really needed to display the current exception page is the `CodeExtension` so we could only prepend this one. However, prepending all of them seems safer to me in the long term.
Also I deeply looked into why this problem only appeared in 3.4 and found the reason. Before 3.4 it actually never reaches the `ExceptionController` for this kind of error because it cannot be resolved because it needs a twig instance in its constructor. This instance is directly taken from the container. Before 3.4 when an exception is thrown when you try to get a service from the container, the instance stored in the `$services` array is unset which is not the case in further versions. So in 3.4+, the `ExceptionController` can be resolved because the instance of twig is still in the container even after the initial exception.
It also means these kind of exceptions are displayed with bugs on all versions before 3.4 I guess. Actually it shows the message 2 times : one for the initial exception and the other one when it tries to resolve the `ExceptionController`.
Maybe another solution might be to use a dedicated twig instance with the right settings just for the exception page ?
Commits
-------
c8465ed97f [TwigBundle] Register TwigBridge extensions first
This PR was submitted for the 3.3 branch but it was merged into the 3.4 branch instead (closes#26051).
Discussion
----------
[WebProfilerBundle] Fix sub request link
| Q | A
| ------------- | ---
| Branch? | 3.3
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes/no
| Fixed tickets | #... <!-- #-prefixed issue number(s), if any -->
| License | MIT
| Doc PR | symfony/symfony-docs#... <!--highly recommended for new features-->
Split from #25164
before:
```html
<a href="/_profiler/395a5c">
<a href="/_profiler/open?file=symfony/src/Controller/MainController.php&line=20#line20" title="symfony/src/Controller/MainController.php">MainController :: bar</a>
</a>
<small>(token = <a href="/_profiler/395a5c">395a5c</a>)</small>
```
after:
```html
<a href="/_profiler/open?file=symfony/src/Controller/MainController.php&line=20#line20" title="symfony/src/Controller/MainController.php">MainController :: bar</a>
<small>(token = <a href="/_profiler/395a5c">395a5c</a>)</small>
```
Commits
-------
8f0e47f636 [WebProfilerBundle] Fix sub request link
This PR was squashed before being merged into the 3.4 branch (closes#25947).
Discussion
----------
PhpDocExtractor::getTypes() throws fatal error when type omitted
| Q | A
| ------------- | ---
| Branch? | 3.2
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
When omitting a type in a `DocBlock` `Tag`, it will throw a fatal error due to the type being null with a call to `$tag->getType()`.
Commits
-------
54253ecfff PhpDocExtractor::getTypes() throws fatal error when type omitted
This PR was merged into the 2.7 branch.
Discussion
----------
[Form] keep the context when validating forms
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #25542
| License | MIT
| Doc PR |
Commits
-------
317da3bdf8 keep the context when validating forms
This PR was merged into the 2.7 branch.
Discussion
----------
[DI] minor: use a strict comparison in setDecoratedService
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | no
| New feature? | no <!-- don't forget to update src/**/CHANGELOG.md files -->
| BC breaks? | no
| Deprecations? | no <!-- don't forget to update UPGRADE-*.md files -->
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
Commits
-------
f167b50 [DI] minor: use a strict comparision in setDecoratedService
This PR was merged into the 3.4 branch.
Discussion
----------
[SecurityBundle] use libsodium to run Argon2i related tests
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #26038
| License | MIT
| Doc PR |
Commits
-------
5f9471e use libsodium to run Argon2i related tests
This PR was squashed before being merged into the 2.7 branch (closes#25373).
Discussion
----------
Use the PCRE_DOLLAR_ENDONLY modifier in route regexes
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
`UrlMatcher::match($pathinfo)` applies `rawurldecode()` to the `$pathinfo` before trying to match it against the routes.
If the URL contains a percent-encoded trailing newline (like in `/foo%0a`), the default PHP PCRE will still consider `#^/foo$#` a match, as the `$` metacharacter will also match *immediately before* the final character *if it is a newline*. This behavior can be changed by applying the [`PCRE_DOLLAR_ENDONLY` modifier](http://php.net/manual/en/reference.pcre.pattern.modifiers.php).
Without this change, URLs with trailing `%0a` lead to weird notices further down the road, for example when the `RedirectableUrlMatcher` or its equivalent in `PhpMatcherDumper` kick in, look at the last character (this time actually the newline), append a `/` and try to redirect to the resulting URL. Ultimately, PHP will complain with `Warning: Header may not contain more than a single header, new line detected` when sending the `Location` header.
Commits
-------
f713a3e Use the PCRE_DOLLAR_ENDONLY modifier in route regexes