* 3.4:
Adds missing translations for no nb
Add the missing translations for the Swedish ("sv") locale
bumped Symfony version to 3.4.33
updated VERSION for 3.4.32
update CONTRIBUTORS for 3.4.32
updated CHANGELOG for 3.4.32
This PR was merged into the 4.3 branch.
Discussion
----------
Allow to set SameSite config to 'none'
| Q | A
| ------------- | ---
| Branch? | 4.3
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | Fix#33926
| License | MIT
| Doc PR | -
Commits
-------
eec7e8cc61 Allow to set cookie_samesite to 'none'
This PR was merged into the 4.4 branch.
Discussion
----------
[EventDispatcher] Allow to omit the event name when registering listeners
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | no
| New feature? | yes
| Deprecations? | no
| Tickets | #33453 (kind of)
| License | MIT
| Doc PR | TODO
After #30801 and #33485, this is another attempt at taking advantage of FQCN events for simplifying the registration of event listeners by inferring the event name from the parameter type declaration of the listener. This is my last attempt, I promise. 🙈
This time, I'd like to make the `event` attribute of the `kernel.event_listener` tag optional. This would allow us to build listeners like the following one without adding any attributes to the `kernel.event_listener` tag.
```php
namespace App\EventListener;
final class MyRequestListener
{
public function __invoke(RequestEvent $event): void
{
// do something
}
}
```
This in turn allows us to register a whole namespace of such listeners without having to configure each listener individually:
```YAML
services:
App\EventListener\:
resource: ../src/EventListener/*
tags: [kernel.event_listener]
```
Commits
-------
6f32584c76 [EventDispatcher] Allow to omit the event name when registering listeners.
This PR was merged into the 4.3 branch.
Discussion
----------
[Form][DateTimeImmutableToDateTimeTransformer] Preserve microseconds and use \DateTime::createFromImmutable() when available
| Q | A
| ------------- | ---
| Branch? | 4.3
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | -
For PHP >= 7.3, we should use [\DateTime::createFromImmutable()](https://www.php.net/manual/en/datetime.createfromimmutable.php) directly.
This patch also preserves the `\DateTime` microseconds when the conversion is done with `\DateTime::createFromFormat()`.
Commits
-------
dfa23034c3 [Form][DateTimeImmutableToDateTimeTransformer] Preserve microseconds and use \DateTime::createFromImmutable() when available
This PR was merged into the 4.4 branch.
Discussion
----------
[Cache] Improve RedisTagAwareAdapter invalidation logic & requirements
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes, _and improvment_
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| License | MIT
| Doc PR |
Changes logic of invalidation in RedisTagAwareAdapter in order to:
- Delete the tag key on invalidation => _avoiding possible left behind empty tag keys that Redis is not allowed to evict, gradually consuming more and more memory_
Positive side effects of no longer using sPOP:
- Lowered requirements to Redis 2.8, and no specific version constraint for phpredis
- Lift limitation of 2 billion keys per tag _(Now only limited by Redis Set datatype: 4 billion)_
Commits
-------
3d38c58b42 [Cache] Improve RedisTagAwareAdapter invalidation logic & requirements
This PR was squashed before being merged into the 4.4 branch (closes#33884).
Discussion
----------
Prevent ProgressBar redraw when message is same
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| Tickets |
| License | MIT
| Doc PR |
This PR prevents ProgressBar from performing unnecessary redrawes if new output is same as current one. This is mostly useful when working with multiple progress bars. Same behavior can enforced by carefully setting redraw frequency, but I don't see any downsides for smarter redrawing by default.
This can be moved to `if ($this->overwrite)` if necessary, so it's applied only in case overwriting is enabled.
Commits
-------
78b515f049 Prevent ProgressBar redraw when message is same
This PR was merged into the 4.3 branch.
Discussion
----------
[Crawler] document $default as string|null
| Q | A
| ------------- | ---
| Branch? | 4.3
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | -
This has been introduced in 4.3
Commits
-------
e96add4787 [Crawler] document $default as string|null
This PR was squashed before being merged into the 4.3 branch (closes#32308).
Discussion
----------
[Messenger] DoctrineTransport: ensure auto setup is only done once
| Q | A
| ------------- | ---
| Branch? | 4.3
| Bug fix? | yes
| New feature? | no <!-- please update src/**/CHANGELOG.md files -->
| BC breaks? | no <!-- see https://symfony.com/bc -->
| Deprecations? |no <!-- please update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| Tests pass? | yes <!-- please add some, will be required by reviewers -->
| Fixed tickets | #... <!-- #-prefixed issue number(s), if any -->
| License | MIT
| Doc PR | symfony/symfony-docs#... <!-- required for new features -->
Setup is done for every invocation of `get`, `find`, and `findAll`.
For `get`, this causes message consumption to be very slow, as slow as 1 message per second on my moderately sized schema, because a schema diff is done in `setup` every `get`.
I'm not sure what the desired behaviour is here, but it seems like we should try performing a query, fail once, `setup`, and retry. This will the same approach taken by the PDO Cache.
However, we still need auto setup in `get`, as `get` starts a transaction, so the auto setup in `executeQuery` won't be called.
Further more, the same problem seems to exist for the AMPQ Transport, but the performance impact should be less there, but i have not tried.
Commits
-------
02414027e1 [Messenger] DoctrineTransport: ensure auto setup is only done once
* 4.3:
[travis] Fix build-packages script
[HttpClient] bugfix exploding values of headers
Remove useless testCanCheckIfTerminalIsInteractive test case
[Validator] Add the missing translations for the Thai (\"th\") locale
[Routing] gracefully handle docref_root ini setting
[Validator] Fix ValidValidator group cascading usage
* 3.4:
[travis] Fix build-packages script
Remove useless testCanCheckIfTerminalIsInteractive test case
[Validator] Add the missing translations for the Thai (\"th\") locale
[Validator] Fix ValidValidator group cascading usage
This PR was squashed before being merged into the 4.4 branch (closes#33770).
Discussion
----------
Add types to constructors and private/final/internal methods (Batch III)
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| Tickets | #32179, #33228
| License | MIT
| Doc PR | N/A
Followup to #33709, this time with:
* Validator
* VarDumper
* Workflow
* Yaml
* all bridges
* all bundles
That should be the final batch. 😃
Commits
-------
6493902287 Add types to constructors and private/final/internal methods (Batch III)
This PR was squashed before being merged into the 4.4 branch (closes#33743).
Discussion
----------
[HttpClient] Async HTTPlug client
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | no
| New feature? | yes
| Deprecations? | no
| Tickets | Fix#33710, Fix#32142
| License | MIT
| Doc PR | https://github.com/symfony/symfony-docs/pull/12389
This PR removes `HttplugClient`'s dependency on `Psr18Client`. It will also add an `HttplugPromise` to make sure we sure we respect the Httplug's `HttpAsyncClient` interface.
It implements `HttpAsyncClient::sendAsyncRequest()` and provides two extensions:
- `HttplugPromise::cancel()` allows cancelling a promise (and the underlying response)
- `HttplugClient::wait()` allows to tick the promise pool, with configurable timeouts.
Commits
-------
4fd593f869 [HttpClient] Async HTTPlug client
This PR was merged into the 4.4 branch.
Discussion
----------
[Messenger] Allow to configure the db index on Redis transport
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | no
| New feature? | yes
| Deprecations? | no
| Tickets | Fix#33724
| License | MIT
| Doc PR | todo
Quite useful for testing.
Commits
-------
115a9bbeda [Messenger] Allow to configure the db index on Redis transport
This PR was squashed before being merged into the 4.3 branch (closes#33871).
Discussion
----------
[HttpClient] bugfix exploding values of headers
| Q | A
| ------------- | ---
| Branch? | 4.3 for bug fixes
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | -
I tried to use CachingHttpClient yesterday and I received an error.
```
explode() expects parameter 2 to be string, array given
C:\PROJEKTY\PHPStorm\symfony\src\Symfony\Component\HttpClient\HttpClientTrait.php:200
C:\PROJEKTY\PHPStorm\symfony\src\Symfony\Component\HttpClient\HttpClientTrait.php:131
C:\PROJEKTY\PHPStorm\symfony\src\Symfony\Component\HttpClient\HttpClientTrait.php:45
C:\PROJEKTY\PHPStorm\symfony\src\Symfony\Component\HttpClient\CurlHttpClient.php:105
C:\PROJEKTY\PHPStorm\symfony\src\Symfony\Component\HttpKernel\HttpClientKernel.php:54
C:\PROJEKTY\PHPStorm\symfony\src\Symfony\Component\HttpKernel\HttpCache\SubRequestHandler.php:85
C:\PROJEKTY\PHPStorm\symfony\src\Symfony\Component\HttpKernel\HttpCache\HttpCache.php:477
C:\PROJEKTY\PHPStorm\symfony\src\Symfony\Component\HttpKernel\HttpCache\HttpCache.php:450
C:\PROJEKTY\PHPStorm\symfony\src\Symfony\Component\HttpKernel\HttpCache\HttpCache.php:347
C:\PROJEKTY\PHPStorm\symfony\src\Symfony\Component\HttpKernel\HttpCache\HttpCache.php:222
C:\PROJEKTY\PHPStorm\symfony\src\Symfony\Component\HttpClient\CachingHttpClient.php:96
C:\PROJEKTY\PHPStorm\symfony\src\Symfony\Component\HttpClient\Tests\CachingHttpClientTest.php:34
```
This PR fix this.
Commits
-------
5cd8895c67 [HttpClient] bugfix exploding values of headers
This PR was squashed before being merged into the 4.4 branch (closes#33881).
Discussion
----------
[VarDumper] Added a support for casting Ramsey/Uuid
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | no
| New feature? | yes
| Deprecations? | no
| Tickets |
| License | MIT
| Doc PR |
I worked on a project using ramsey/uuid and I noticed a dumped uuid does
not contain the uuid. So here we go :)
(Note: don't get me wrong, I still do not recommend this lib)
---
Before / After:
![Before / After](https://user-images.githubusercontent.com/408368/66298080-49892d80-e8f1-11e9-969f-95ae5169adb1.png)
Commits
-------
99247bbd47 [VarDumper] Added a support for casting Ramsey/Uuid
This PR was merged into the 3.4 branch.
Discussion
----------
[Validator] Fix ValidValidator group cascading usage
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | -
`$this->context->getGroup()` returns `string` or `null`.
`ContextualValidatorInterface::validate()` 3rd argument accepts an array but it must not contain `null` (its contract doesn't allow it). If it does, it will fail in `RecursiveContextualValidator::validateInGroup()` for example because of the `string` scalar type on the `$group` argument. (on 4.4)
Note that in our "common" usage of the `Valid` constraint, the group in its validator will never be `null` because this constraint has a special treatment. However, if this validator is reused in a custom way, it can fail.
Commits
-------
72684b001c [Validator] Fix ValidValidator group cascading usage
This PR was merged into the 4.4 branch.
Discussion
----------
[Intl] Update the ICU data to 65.1 (4.4 branch)
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| Tickets | Followup for #33862
| License | MIT
| Doc PR | -
Commits
-------
5b2da724d7 [Intl] Update the ICU data to 65.1 (4.4 branch)
This PR was squashed before being merged into the 3.4 branch (closes#33844).
Discussion
----------
[Validator] Add the missing translations for the Thai ("th") locale
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| Tickets | Fix#30191
| License | MIT
| Doc PR |
I have added the missing translations for the Thai.
Also fixed a typo on trans-unit id=54.
Commits
-------
2315be85d8 [Validator] Add the missing translations for the Thai (\"th\") locale
* 4.3:
[Intl] Update the ICU data to 65.1 (4.3 branch)
Replace deprecated calls in tests
[Intl] Update the ICU data to 65.1
Delete 5_Security_issue.md
[DI] Whitelist validator.auto_mapper in UnusedTagsPass
[HttpClient] Fixed#33832 NO_PROXY option ignored in NativeHttpClient::request() method
[Cache] give 100ms before starting the expiration countdown
[Cache] fix logger usage in CacheTrait::doGet()
[VarDumper] fix dumping uninitialized SplFileInfo
Added missing translations.
Fixed invalid changelog 4.0.0 for VarDumper
Fixed invalid VarDumper upgrade doc.
[HttpFoundation] Check if data passed to SessionBagProxy::initialize is an array
Don't let falsey usernames slip through
This PR was merged into the 4.3 branch.
Discussion
----------
[Cache] give 100ms before starting the expiration countdown
| Q | A
| ------------- | ---
| Branch? | 4.3
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | Fix#31573, Fix#33837
| License | MIT
| Doc PR | -
Because the expiration count-down starts immediately after calling `CachItem::expiresAfter(N)`, it's impossible to actually cache items for more than `N-1` seconds.
This PR adds a 0.1s grace period so that backends that have a second-level resolution can store the items for `N` seconds, provided the time between calling `CachItem::expiresAfter(N)` and saving the value to the backend is lower than 0.1s.
This PR also fixes the calculation of the computation time in `ContractsTrait`.
Commits
-------
ba63e181fd [Cache] give 100ms before starting the expiration countdown
* 3.4:
[Intl] Update the ICU data to 65.1
[VarDumper] fix dumping uninitialized SplFileInfo
Added missing translations.
Fixed invalid VarDumper upgrade doc.
[HttpFoundation] Check if data passed to SessionBagProxy::initialize is an array
Don't let falsey usernames slip through
This PR was merged into the 3.4 branch.
Discussion
----------
[Intl] Update the ICU data to 65.1
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| Tickets | Fix#33548
| License | MIT
| Doc PR | -
Commits
-------
5cc9811fa9 [Intl] Update the ICU data to 65.1
This PR was merged into the 4.4 branch.
Discussion
----------
[Validator] Fix wrong expression language value
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | -
766162c4c7/src/Symfony/Component/Validator/Constraints/ExpressionValidator.php (L28)
```php
(new ExpressionValidator($propertyAccessor))->validate($object, $constraint);
```
Based on the previous method signature (4.3 above), that code would result in an exception in 4.4:
```
Call to undefined method Symfony\Component\PropertyAccess\PropertyAccessor::evaluate()
```
Spotted by @fancyweb in https://github.com/symfony/symfony/pull/33829#discussion_r330995572
Fixed here and updated test case to avoid regression.
Commits
-------
4288f1c9f9 Fix wrong expression language value
This PR was squashed before being merged into the 4.4 branch (closes#33791).
Discussion
----------
[Form] Added CountryType option for using alpha3 country codes
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | no
| New feature? | yes
| Deprecations? | no
| Tickets | Fixes#20313
| License | MIT
| Doc PR | -
In the linked issue #20313 was a proposal to add an alpha3 option to the country type.
Here it is..
Hopefully I've made no mistake, so when the code is fine, I will create a documentation PR.. :-)
Commits
-------
d07f5a33db [Form] Added CountryType option for using alpha3 country codes
I changed CHANGELOG.md to reflect actual changes in the code. The third argument is called $filter, not $context. This mistake was propageted to UPGRADE-4.0.md. I fixed that in https://github.com/symfony/symfony/pull/33821
This PR was merged into the 4.4 branch.
Discussion
----------
[HttpKernel] Inherit Throwable in HttpExceptionInterface
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| **BC BREAKS?**| **YES**
| Tickets | n/a
| License | MIT
| Doc PR | n/a
When using a static analysis tools, it is not possible to do this:
```php
if ($exception instanceof HttpExceptionInterface) {
$exception->getStatusCode();
$exception->getHeaders();
$exception->getMessage(); // ❌ Will fail here
}
```
This is due to `getMessage()` not being a method declared in `HttpExceptionInterface`. Since Symfony now requires PHP 7.1+ to run, it is safe to inherit from the `Throwable` interface (added in PHP 7.0).
### About backward compatibility
Adding new methods to `HttpExceptionInterface` [breaks BC](https://symfony.com/doc/current/contributing/code/bc.html#changing-interfaces), however this interface shouldn't be used on a class other than an exception, so this shouldn't affect much code.
### About tests
I'm not sure this really needs tests, but maybe I'm wrong? Tell me what to test if you think this is required.
Commits
-------
2ac3fbf232 Inherit Throwable in HttpExceptionInterface
This PR was merged into the 3.4 branch.
Discussion
----------
[Security]: Don't let falsy usernames slip through impersonation
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets |
| License | MIT
| Doc PR |
When you try to impersonate users with a falsy username, `SwitchUserListener::handle()` would `return;` and impersonation would fail.
I'm using a third party OAuth provider that allows users to change their usernames with no guaranteed protection against re-use. To overcome that issue, I implemented `UserLoaderInterface::loadUserByUsername()` and query by a `providerId`.
After loading development fixtures, One user has `0` as it's `providerId`.
Commits
-------
64aecab0a7 Don't let falsey usernames slip through
This PR was merged into the 4.4 branch.
Discussion
----------
[DependencyInjection] added Ability to define a priority method for tagged service
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | no
| New feature? | yes
| Deprecations? | no
| Tickets | Fix#32976
| License | MIT
| Doc PR |
Commits
-------
c1917c2999 [DependencyInjection] added Ability to define a priority method for tagged service
- added deprecation message for non-int return value in Command::execute()
- fixed all core commands to return proper int values
- added proper return type-hint to Command::execute() method in all core Commands
This PR was merged into the 4.3 branch.
Discussion
----------
[DI] Add CSV env var processor tests / support PHP 7.4
| Q | A
| ------------- | ---
| Branch? | 4.3
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | Fix #... <!-- prefix each issue number with "Fix #", if any -->
| License | MIT
| Doc PR | symfony/symfony-docs#... <!-- required for new features -->
Similar as #32051
Commits
-------
82f341864c [DI] Add CSV env var processor tests
This PR was merged into the 4.3 branch.
Discussion
----------
[EventDispatcher] Added tests for aliased events
| Q | A
| ------------- | ---
| Branch? | 4.3
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | N/A
| License | MIT
| Doc PR | N/A
While working on #33793 I discovered that I could remove the event alias feature of `RegisterListenersPass` without breaking the component's tests. This PR adds the missing tests.
Commits
-------
8e8a6ed99b [EventDispatcher] Added tests for aliased events.
This PR was merged into the 4.4 branch.
Discussion
----------
[WebProfilerBundle] Try to display the most useful panel by default
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | no
| New feature? | yes
| Deprecations? | yes
| Tickets | -
| License | MIT
| Doc PR | -
Alternative to https://github.com/symfony/symfony/pull/32491, the goal stays the same.
I think reserving a data collector name is fine, isn'it ? It's not likely that end users use this name (that's why I added an underscore) + shouldn't be hard for them to just rename it.
I don't think adding a configuration option to toggle the "_best" behavior is useful, should be by default for DX IMHO.
Not adding an extension point for now (for end users to set their panel as the "best"), maybe later if someone request it?
Commits
-------
a45dd98b73 [WebProfilerBundle] Try to display the most useful panel by default
This prevents to exclude the RedirectController from the warmed annotation cache which would lead to warnings when trying to use the warmed cache on read only file systems
See #29357
This PR was merged into the 4.4 branch.
Discussion
----------
[DI] dont mandate a class on inline services with a factory
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | -
This check is too strict, useless and boring for inline services :)
Commits
-------
a2665d17cd [DI] dont mandate a class on inline services with a factory
* 4.3:
Sync Twig templateExists behaviors
Fix the :only-of-type pseudo class selector
[Serializer] Add CsvEncoder tests for PHP 7.4
Copy phpunit.xsd to a predictable path
[Security/Http] fix parsing X509 emailAddress
[Serializer] fix denormalization of string-arrays with only one element #33731
[Cache] fix known tag versions ttl check
* 3.4:
Sync Twig templateExists behaviors
Fix the :only-of-type pseudo class selector
[Serializer] Add CsvEncoder tests for PHP 7.4
Copy phpunit.xsd to a predictable path
[Security/Http] fix parsing X509 emailAddress
[Serializer] fix denormalization of string-arrays with only one element #33731
[Cache] fix known tag versions ttl check
This PR was merged into the 4.4 branch.
Discussion
----------
[Cache] Fixed Redis Sentinel usage when only one Sentinel specified
Added check for $params['redis_sentinel'] to line 274, as by converting the array of hosts to a single host configuration (as you might in a test environment), this causes the class to initialise incorrectly.
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | Fix#33796
| License | MIT
| Doc PR |
As from Issue #33796
In a Redis Sentinel setup, if only a single Redis Sentinel, or multiple Sentinels with the same host/port are specified (as we're currently doing in a test environment), then the call to `setSentinelTimeout` in `RedisTrait.php` throws an exception, as the wrong interface appears to be initialised as a result.
Adding a check for the `redis_sentinel` parameter, as was done with a check for the `redis_cluster` parameter, avoids this, and the Redis Client is initialised correctly.
Commits
-------
13233fcd8e Fixed Redis Sentinel usage when only one Sentinel specified
This PR was merged into the 4.4 branch.
Discussion
----------
[HttpKernel] wrap compilation of the container in an opportunistic lock
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | no
| New feature? | yes
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | -
https://github.com/symfony/symfony/pull/32764#issuecomment-516924305
This PR adds a lock around the compilation of the container. When two or more concurrent requests want to compile the container, the first one runs the computation and the others wait for its completion. If for any reasons the lock doesn't work, compilation happens as usual.
The effect is visible when developing locally:
Here is what all concurrent requests consume now:
![image](https://user-images.githubusercontent.com/243674/65603626-4e231d00-dfa6-11e9-8b6c-62dbd5eb30fe.png)
And here is what they will consume with this PR (they wait but reuse the just compiled container):
![image](https://user-images.githubusercontent.com/243674/65603733-7f9be880-dfa6-11e9-930b-ce793c3e280c.png)
Commits
-------
0b5b3ed7f9 [HttpKernel] wrap compilation of the container in an opportunistic lock
Added check for $params['redis_sentinel'] to line 274, as by converting the array of hosts to a single host configuration (as you might in a test environment), this causes the class to initialise incorrectly.
This PR was squashed before being merged into the 3.4 branch (closes#33777).
Discussion
----------
Fix the :only-of-type pseudo class selector
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | Fix#33773
| License | MIT
| Doc PR | -
Commits
-------
c2a9bf08f1 Fix the :only-of-type pseudo class selector
This PR was squashed before being merged into the 3.4 branch (closes#32051).
Discussion
----------
[Serializer] Add CsvEncoder tests for PHP 7.4
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | no
| BC breaks? | no <!-- see https://symfony.com/bc -->
| Deprecations? |no
| Tests pass? | yes <!-- please add some, will be required by reviewers -->
| Fixed tickets | #... <!-- #-prefixed issue number(s), if any -->
| License | MIT
| Doc PR | symfony/symfony-docs#... <!-- required for new features -->
Some CSV encoder tests to show the broken behavior of a trailing slash. Spotted in #31867, not sure what to do with it :)
Commits
-------
760354d533 [Serializer] Add CsvEncoder tests for PHP 7.4
This PR was merged into the 3.4 branch.
Discussion
----------
Copy phpunit.xsd to a predictable path
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | yes-ish
| Deprecations? | no
| Tickets | https://github.com/symfony/recipes/pull/652#discussion_r329446277
| License | MIT
| Doc PR | -
In symfony/recipes#652 I would like to make Flex create the `phpunit.xml.dist` file with a local URI for the `phpunit.xsd`. This is doable when using `phpunit/phpunit` standalone because the path to the XSD file is known. This PR aims to allow doing this when using the PHPUnit Bridge, which installs PHPUnit in a path that might change.
Is is simple `@copy()` call ok? Should I add some error handling?
Commits
-------
233dcb4b75 Copy phpunit.xsd to a predictable path
This PR was merged into the 3.4 branch.
Discussion
----------
[Serializer] fix denormalization of string-arrays with only one element
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? |no
| Deprecations? |no
| Tickets | Fix#33731
| License | MIT
| Doc PR |
This PR does almost the same as ac70edf8cd, just not only for arrays of objects.
Commits
-------
8814751b96 [Serializer] fix denormalization of string-arrays with only one element #33731
This PR was merged into the 4.4 branch.
Discussion
----------
[VarDumper] Output the location of calls to dump()
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | not tested yet
| Fixed tickets | #30830
| License | MIT
| Doc PR |
see #30830
Commits
-------
f0a59d3eab [VarDumper] Output the location of calls to dump()
This PR was merged into the 4.4 branch.
Discussion
----------
[DX][Messenger] Improve error message when routing to an invalid transport
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #31613
| License | MIT
| Doc PR | -
Commits
-------
7909092891 [Messenger] Improve error message when routing to an invalid transport (closes#31613)
This PR was merged into the 4.4 branch.
Discussion
----------
[Security] add "anonymous: lazy" mode to firewalls
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | no
| New feature? | yes
| Deprecations? | no
| Tickets | Fixes#26769 et al.
| License | MIT
| Doc PR | -
Contains #33663 until it is merged.
This PR allows defining a firewall as such:
```yaml
security:
firewalls:
main:
anonymous: lazy
```
This means that the corresponding area should not start the session / load the user unless the application actively gets access to it. On pages that don't fetch the user at all, this means the session is not started, which means the corresponding token neither is. Lazily, when the user is accessed, e.g. via a call to `is_granted()`, the user is loaded, starting the session if needed.
See #27817 for previous explanations on the topic also.
Note that thanks to the logic in #33633, this PR doesn't have the drawback spotted in #27817: here, the profiler works as expected.
Recipe update pending at https://github.com/symfony/recipes/pull/649
Commits
-------
5cd1d7b4cc [Security] add "anonymous: lazy" mode to firewalls
This PR was squashed before being merged into the 3.4 branch (closes#33625).
Discussion
----------
[DependencyInjection] Fix wrong exception when service is synthetic
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | #32874
| License | MIT
This fixes wrongfully thrown exception when service is defined as synthetic and some arguments are binded in _defaults
Commits
-------
152dec95bc [DependencyInjection] Fix wrong exception when service is synthetic
* 4.3:
[Form][Validator][Intl] Fix tests
[Messenger] return empty envelopes when RetryableException occurs
[Validator] Accept underscores in the URL validator as the URL will resolve correctly
[Translation] Collect original locale in case of fallback translation
Fix toolbar load when GET params are present in "_wdt" route
* 3.4:
[Form][Validator][Intl] Fix tests
[Validator] Accept underscores in the URL validator as the URL will resolve correctly
[Translation] Collect original locale in case of fallback translation
Fix toolbar load when GET params are present in "_wdt" route
This PR was squashed before being merged into the 4.3 branch (closes#32979).
Discussion
----------
[Messenger] return empty envelopes when RetryableException occurs
| Q | A
| ------------- | ---
| Branch? | 3.4 or 4.3 for bug fixes <!-- see below -->
| Bug fix? | yes
| New feature? | no <!-- please update src/**/CHANGELOG.md files -->
| BC breaks? | no <!-- see https://symfony.com/bc -->
| Deprecations? | no <!-- please update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| Tests pass? | yes <!-- please add some, will be required by reviewers -->
| License | MIT
| ~~Doc PR~~ | ~~symfony/symfony-docs#12109~~
<!--
Replace this notice by a short README for your feature/bugfix. This will help people
understand your PR and can be used as a start for the documentation.
Additionally (see https://symfony.com/roadmap):
- Bug fixes must be submitted against the lowest maintained branch where they apply
(lowest branches are regularly merged to upper ones so they get the fixes too).
- Features and deprecations must be submitted against branch 4.4.
- Legacy code removals go to the master branch.
-->
Problem occurs when you are using more than 1 worker with Doctrine Transport.
`Symfony\Component\Messenger\Transport\Doctrine\Connection::get` does a query `SELECT ... FOR UPDATE` and this locking query could lock table and workers stops. But using locks can result in dead locks or lock timeouts. Doctrine renders these SQL errors as RetryableExceptions. These exceptions are often normal if you are in a high concurrency environment. They can happen very often and your application should handle them properly.
Commits
-------
9add32a9ca [Messenger] return empty envelopes when RetryableException occurs
This PR was merged into the 4.4 branch.
Discussion
----------
[Intl] Excludes locale from language codes (split localized language names)
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | no
| New feature? | yes
| BC breaks? | no <!-- see https://symfony.com/bc -->
| Deprecations? | no
| Tests pass? | yes <!-- please add some, will be required by reviewers -->
| Fixed tickets | #33146
| License | MIT
| Doc PR | symfony/symfony-docs#... <!-- required for new features -->
(includes #33140)
Commits
-------
1a9f517903 [Intl] Excludes locale from language codes (split localized language names)
This PR was merged into the 4.4 branch.
Discussion
----------
[FrameworkBundle] WebTestCase KernelBrowser::getContainer null return type
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | no
| New feature? | no <!-- don't forget to update src/**/CHANGELOG.md files -->
| BC breaks? | no <!-- see https://symfony.com/bc -->
| Deprecations? | yes <!-- don't forget to update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| Tests pass? | yes <!-- please add some, will be required by reviewers -->
| Fixed tickets | #25920 <!-- #-prefixed issue number(s), if any -->
| License | MIT
| Doc PR | <!-- required for new features -->
<!--
Write a short README entry for your feature/bugfix here (replace this comment block.)
This will help people understand your PR and can be used as a start of the Doc PR.
Additionally:
- Bug fixes must be submitted against the lowest branch where they apply
(lowest branches are regularly merged to upper ones so they get the fixes too).
- Features and deprecations must be submitted against the master branch.
-->
As @stof suggested in the #25920 I started deprecating the behaviour of returning null when the container is non booted / null.
If this is not wanted we should close both the PR and the issue ;).
Commits
-------
e169e1a4d5 [FrameworkBundle] WebTestCase KernelBrowser::getContainer null return type
This PR was merged into the 3.4 branch.
Discussion
----------
[Validator] Accept underscores in the URL validator, as the URL will load
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #32506
| License | MIT
| Doc PR | -
As @javiereguiluz mentioned, regardless of convention a URL with an underscore in it will load perfectly fine - so in that respect it must be valid.
Commits
-------
c9c7a1118c [Validator] Accept underscores in the URL validator as the URL will resolve correctly
This PR was merged into the 4.4 branch.
Discussion
----------
[ErrorHandler] Forward \Throwable
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | https://github.com/symfony/symfony/issues/32605
| License | MIT
| Doc PR | -
The goal of this PR is that `ErrorHandler::handleException()` handles `\Throwable` directly and forwards it without altering it.
Commits
-------
62483ed305 [ErrorHandler] Forward \Throwable
This PR was merged into the 3.4 branch.
Discussion
----------
Fix toolbar load when GET params are present in "_wdt" route
When using a custom router that inject GET parameters, eg:
```
# services.yaml
parameters:
# Replace default url generator service
router.options.generator_base_class: Combodo\iTop\Portal\Routing\UrlGenerator
```
The path generated by the toolbar JS is HTML entity encoded which breaks the JS call (`&` becomes `&`).
| Q | A
| ------------- | ---
| Branch? | 4.4 for features / 3.4, 4.2 or 4.3 for bug fixes <!-- see below -->
| Bug fix? | yes
| New feature? | no <!-- please update src/**/CHANGELOG.md files -->
| BC breaks? | no <!-- see https://symfony.com/bc -->
| Deprecations? | no <!-- please update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| Tests pass? | yes <!-- please add some, will be required by reviewers -->
| Fixed tickets | #... <!-- #-prefixed issue number(s), if any -->
| License | MIT
| Doc PR | symfony/symfony-docs#... <!-- required for new features -->
<!--
Replace this notice by a short README for your feature/bugfix. This will help people
understand your PR and can be used as a start for the documentation.
Additionally (see https://symfony.com/roadmap):
- Bug fixes must be submitted against the lowest maintained branch where they apply
(lowest branches are regularly merged to upper ones so they get the fixes too).
- Features and deprecations must be submitted against branch 4.4.
- Legacy code removals go to the master branch.
-->
Commits
-------
5309e64949 Fix toolbar load when GET params are present in "_wdt" route
This PR was squashed before being merged into the 3.4 branch (closes#32925).
Discussion
----------
[Translation] Collect original locale in case of fallback translation
Before, it collected the fallback locale that was used to translate a key. But this information is confusing, as it does not reveal which translation key is missing in the requested language.
So I'd like to propose to track the "requested" locale instead, so that the Symfony profiler gives me the information in which locale the key is missing instead of which locale was used as a fallback.
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| BC breaks? | yes?
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
In principle, this change is a BC break, but imho also a bug. It's really confusing when the Profiler tells you that it uses a translation fallback for an ID and locale that is actually translated. Took some debugging so recognize that this fallback came from another locale. If you think it's better to target 5.0, I'll update the PR.
Commits
-------
5564e149cb [Translation] Collect original locale in case of fallback translation
This PR was merged into the 4.4 branch.
Discussion
----------
[Http][DI] Replace REMOTE_ADDR in trusted proxies with the current REMOTE_ADDR
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | no
| New feature? | yes
| Deprecations? | no
| License | MIT
| Doc PR |
Currently handling trusted ips when deploying behind some CDNs/Load balancers such as ELB is difficult because they dont have a constant IP address, its possible to overcome this as is suggested by the docs - https://symfony.com/doc/current/deployment/proxies.html#but-what-if-the-ip-of-my-reverse-proxy-changes-constantly - by settings trusted proxies to `$request->server->get('REMOTE_ADDR')` - but this has to be done in code, and so becomes dangerous if you code is deployed in different environments.
This change would allow the developer to stick to providing the envvar `TRUSTED_PROXIES`, and in the environment behind a ELB set the value to the literal string `REMOTE_ADDR`, and have it replaced at run time. This way in environments that are not using ELB his app is kept safe.
I think doing this replacement in `Request:: setTrustedProxies` is the best place because it means this feature isn't exposed to other parts of the code that might call `Request::getTrustedProxies`.
Commits
-------
643c9ff257 Replace REMOTE_ADDR in trusted proxies with the current REMOTE_ADDR
This PR was merged into the 4.4 branch.
Discussion
----------
[HttpFoundation] optimize normalization of headers
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | -
I was experimenting with using maps to bypass calls to normalization functions, but that didn't lead to any significant perf improvement.
I still found this, the new call is twice as fast :)
Commits
-------
9c676d37a0 [HttpFoundation] optimize normalization of headers
* 4.3:
[FrameworkBundle] Fix framework bundle lock configuration not working as expected
[Validator] Add the missing translations for the Azerbaijani locale
[HttpClient] workaround bad Content-Length sent by old libcurl
[Cache] dont override native Memcached options
Fix CS
Fix exceptions (PDOException) error code type
Fix return type of Process::restart().
[Cache] fail gracefully when locking is not supported
[HttpClient] fix race condition when reading response with informational status
Names for buttons should start with lowercase
This PR was merged into the 4.3 branch.
Discussion
----------
[HttpClient] fix race condition when reading response with informational status
| Q | A
| ------------- | ---
| Branch? | 4.3
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | -
Spotted by some transiently failing jobs on Travis.
Commits
-------
450c3c4998 [HttpClient] fix race condition when reading response with informational status
This PR was merged into the 4.3 branch.
Discussion
----------
[HttpClient] workaround bad Content-Length sent by old libcurl
| Q | A
| ------------- | ---
| Branch? | 4.3
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | -
Issue described in https://curl.haxx.se/mail/lib-2014-01/0106.html, happens with curl 7.29 at least.
Commits
-------
b8d2496979 [HttpClient] workaround bad Content-Length sent by old libcurl
* 3.4:
[FrameworkBundle] Fix framework bundle lock configuration not working as expected
[Validator] Add the missing translations for the Azerbaijani locale
[Cache] dont override native Memcached options
Fix return type of Process::restart().
This PR was squashed before being merged into the 3.4 branch (closes#31198).
Discussion
----------
[FrameworkBundle] Fix framework bundle lock configuration not working as expected
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #31197
| License | MIT
| Doc PR | https://github.com/symfony/symfony-docs/pull/11465 & https://github.com/symfony/symfony-docs/pull/11466
This fixes#31197 and makes the lock configuration work with installations that are not full stack ones and configurations that use xml files.
Commits
-------
c7af2df340 [FrameworkBundle] Fix framework bundle lock configuration not working as expected
This PR was merged into the 4.4 branch.
Discussion
----------
[DoctrineBridge] Use VarCloner data instead of legacy array for query params
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR |
When I implemented Symfony 4.0 support in DoctrineBundle, I have run into issue that DoctrineBridge does not return VarCloner instance here, so I had to introduce [conversion inside DoctrineBundle](af8ac792c9/DataCollector/DoctrineDataCollector.php (L135-L141)).
We need this because `WebProfilerBundle\Twig\WebProfilerExtension::dumpData()` requires this instance since Symfony 4.0. Not returning this instance here was oversight during work on Symfony 4.0. I did not contribute this sooner, because we can't remove code in DoctrineBundle until we drop Symfony 3.4 support anyways. But not doing this in Symfony 4.4 would mean having to keep transformation code not just during 3.4 LTS lifetime, but 4.4 LTS lifetime too.
Commits
-------
81c6df511d Use VarCloner data instead of legacy array for query params
This PR was merged into the 4.3 branch.
Discussion
----------
[Cache] fail gracefully when locking is not supported
| Q | A
| ------------- | ---
| Branch? | 4.3
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | Fix#33392
| License | MIT
| Doc PR | -
Commits
-------
93485190f9 [Cache] fail gracefully when locking is not supported
This PR was merged into the 4.3 branch.
Discussion
----------
[Form] Names for buttons should start with lowercase
| Q | A
| ------------- | ---
| Branch? | 4.3
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | N/A
| License | MIT
| Doc PR | N/A
This fix changes the messages related to the changes in https://github.com/symfony/symfony/pull/28969 - the message used to state that names should start with a letter, a digit ... - so I got a confusing message:
```
Using names for buttons that do not start with a letter, a digit, or an underscore is deprecated since Symfony 4.3 and will throw an exception in 5.0 ("Search" given).'
```
Which made me find the message, look at the regex that was used, and work out that actually it should start with a lowercase letter, and hence this PR - where I assume there is a reason that the name must start with lowercase letters.
Commits
-------
f65524e4e0 Names for buttons should start with lowercase
This PR was merged into the 4.4 branch.
Discussion
----------
[FrameworkBundle] Sort tagged services
| Q | A
| ------------- | ---
| Branch? | 4.4 <!-- see below -->
| Bug fix? | no
| New feature? | yes <!-- please update src/**/CHANGELOG.md files -->
| BC breaks? | no <!-- see https://symfony.com/bc -->
| Deprecations? | no <!-- please update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| Tests pass? | yes <!-- please add some, will be required by reviewers -->
| Fixed tickets | https://github.com/symfony/symfony/issues/32439 <!-- #-prefixed issue number(s), if any -->
| License | MIT
| Doc PR | -
Hi
This PR it's to improve DX when `debug:container` command is use with tag argument by sorting them by priority (More details in linked issue).
Currently they are sort by alphabetical order.
Commits
-------
54cef2a3a3 [FrameworkBundle] Sort tagged service by priority
This PR was merged into the 4.4 branch.
Discussion
----------
[DI] scope singly-implemented interfaces detection by file
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | no
| BC breaks? | yes
| Deprecations? | no
| Tests pass? | yes
| License | MIT
[DependencyInjection] fixed handling singly implemented interfaces when importing multiple resources
for example:
```yaml
App\Adapter\:
resource: '../src/Adapter/*'
App\Port\:
resource: '../src/Port/*'
```
this configuration wont create service for interface (in other words singly implemented interface wont be autowired) and this chage fixes it
**Also** this will prevent false positives - for example if I had one implementation in \App\Port namespace and another in \App\Adapter then interface service would still be registered
but that could potentially break exisitng code not aware of this bug
Commits
-------
c1f39709ff [DI] add FileLoader::registerAliasesForSinglyImplementedInterfaces()
bec38900d8 [DI] scope singly-implemented interfaces detection by file
This PR was merged into the 4.4 branch.
Discussion
----------
[ErrorHandler] Show fallback error page when default error controller is disabled
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | -
This would avoid a blank page on errors when we've disabled the default error controller. e.g:
```yaml
framework:
error_controller: null
```
So, we will show you the default HTML error page.
Commits
-------
8eea11cc26 Show fallback error page when framework.error_controller is null
This PR was merged into the 4.4 branch.
Discussion
----------
[ErrorHandler] don't throw deprecations for return-types by default
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| Tickets | Fix#33235
| License | MIT
| Doc PR | -
As discussed a few times already, in 4.4, `DebugClassLoader` shouldn't trigger deprecations when return types are missing. We'll enable them back in 5.1.
Commits
-------
2cb419edf4 [ErrorHandler] don't throw deprecations for return-types by default
This PR was merged into the 4.4 branch.
Discussion
----------
[HttpKernel] compress files generated by the profiler
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | no
| New feature? | yes
| Deprecations? | no
| Tickets | #33006
| License | MIT
| Doc PR | -
I've recently seen several reports of fastly growing profiler storages. Let's compress them when possible.
Locally for the skeleton homepage, a single profile goes from 150k to 15k. Level 3 is producing significant compression ratio while being measurably faster than level 6 (the default), that's why I'm using it.
Commits
-------
08f9470556 [HttpKernel] compress files generated by the profiler
This PR was squashed before being merged into the 4.4 branch (closes#33317).
Discussion
----------
[Messenger] Added support for `from_transport` attribute on `messenger.message_handler` tag
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #33306
| License | MIT
| Doc PR | https://github.com/symfony/symfony-docs/pull/12231
Right now, it's only possible to have dynamic `from_transport` when using `MessageSubscriberInterface`. Things like `priority` and `bus` can already be added as attributes on the messenger.message_handler` tag.
With this PR it now also supports `from_transport`.
Commits
-------
c965e4e844 [Messenger] Added support for `from_transport` attribute on `messenger.message_handler` tag
This PR was merged into the 4.3 branch.
Discussion
----------
Add missing row_attr option to FormType
| Q | A
| ------------- | ---
| Branch? | 4.3
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | Fix: #33682 - related issue #33573
| License | MIT
The #33573 modified Symfony's form themes. But the [FormType](https://github.com/symfony/form/blob/master/Extension/Core/Type/FormType.php) don't allow the option `row_attr` so the OptionResolver throw an exception that the option is unknown.
This PR basically add the option and give it to the form view (like `label_attr` do)
Commits
-------
d711ea2b54 Add missing row_attr option to FormType
This PR was merged into the 4.3 branch.
Discussion
----------
[Security] use LegacyEventDispatcherProxy
| Q | A
| ------------- | ---
| Branch? | 4.3
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | -
I ran into an issue on one of my apps that has its own event dispatcher class using the old dispatch method signature
```php
public function dispatch($eventName, Event $event = null)
```
This leads to
```
TypeError: Argument 2 passed to X\Tests\Base\TestEventDispatcher::dispatch() must be an instance of Symfony\Component\EventDispatcher\Event or null, string given, called in /var/www/x/symfony/vendor/symfony/security/Http/Firewall/ContextListener.php on line 230
/var/www/x/symfony/tests/Base/TestEventDispatcher.php:20
/var/www/x/symfony/vendor/symfony/security/Http/Firewall/ContextListener.php:230
/var/www/x/symfony/vendor/symfony/security/Http/Firewall/ContextListener.php:111
```
since the event here is dispatched using the new signature:
https://github.com/symfony/symfony/blob/4.4/src/Symfony/Component/Security/Http/Firewall/ContextListener.php#L259
Commits
-------
7067e48165 [Security] use LegacyEventDispatcherProxy
* 4.3:
[Security/Http] fix typo in deprecation message
Various tweaks 3.4
Various tweaks 4.3
[PhpUnit] Fix usleep mock return value
[Lock] use Predis\ClientInterface instead of Predis\Client
Fix version typo in deprecation notice
Make legacy "wrong" RFC2047 encoding apply only to one header
This PR was merged into the 4.3 branch.
Discussion
----------
[Security/Http] fix typo in deprecation message
| Q | A
| ------------- | ---
| Branch? | 4.3
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | -
spotted by @stof in #33676
Commits
-------
e70057aed4 [Security/Http] fix typo in deprecation message
This PR was squashed before being merged into the 4.4 branch (closes#33584).
Discussion
----------
[Security] Deprecate isGranted()/decide() on more than one attribute
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | no
| New feature? | no
| Deprecations? | yes
| Tickets | -
| License | MIT
| Doc PR | tbd
While I expect it not be used much, it is currently possible to call `isGranted()` on more than one attribute:
```php
if ($this->authorizationChecker->isGranted(['ROLE_USER', 'ROLE_ADMIN'])) {
// ...
}
```
Supporting this includes a couple of problems/questions:
- It is not clear whether this is `OR` or `AND`;
- In fact, this is left over to the voter to decide upon. So it can vary for each voter and writers of new voters need to consider this (otherwise, you get issues like https://github.com/LeaseWeb/LswSecureControllerBundle/issues/4 );
- It promotes to vote over roles instead of actions.
I think we can do better. In the past, we've created all tooling for this to be self-explaining and easier:
```php
// ExpressionLanguage component (also includes other functions, like `is_granted('EDIT')`)
if ($this->authorizationChecker->isGranted("has_role('ROLE_USER') or has_role('ROLE_ADMIN')")) {
// ...
}
// calling it multiple times in PHP (may reduce performance)
if ($this->authorizationChecker->isGranted('ROLE_USER')
|| $this->authorizationChecker->isGranted('ROLE_ADMIN')
) {
// ...
}
// or by using Role Hierarchy, if a user really wants to vote on roles
```
This PR deprecates passing more than one attribute to `isGranted()` and `decide()` to remove this confusing bit in Security usage.
Backwards compatiblity help
---
I need some help in how to approach changing the `VoterInterface::vote(TokenInterface $token, $subject, array $attributes)` method in a backwards compatible way. Removing `array` breaks all Voters, so does changing it to `string` and removed the parameter all together.
Commits
-------
c64b0beffb [Security] Deprecate isGranted()/decide() on more than one attribute
This PR was merged into the 4.4 branch.
Discussion
----------
[Security] Make stateful firewalls turn responses private only when needed
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #26769 *et al.*
| License | MIT
| Doc PR | -
Replaces #28089
By taking over session usage tracking and replacing it with token usage tracking, we can prevent responses that don't actually use the token from turning responses private without changing anything to the lifecycle of security listeners. This makes the behavior much more seamless, allowing to still log the user with the monolog processor, and display it in the profiler toolbar.
This works by using two separate token storage services:
- `security.token_storage` now tracks access to the token and increments the session usage tracker when needed. This is the service that is injected in userland.
- `security.untracked_token_storage` is a raw token storage that just stores the token and is disconnected from the session. This service is injected in places where reading the session doesn't impact the generated output in any way (as e.g. in Monolog processors, etc.)
Commits
-------
20df3a125c [Security] Make stateful firewalls turn responses private only when needed
This PR was merged into the 4.4 branch.
Discussion
----------
[Form][SubmitType] Add "validate" option
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | no
| New feature? | yes
| Deprecations? | no
| Tickets | https://github.com/symfony/symfony/issues/8763
| License | MIT
| Doc PR | TODO
The second part of the ticket requires more work but is kind of unrelated.
Commits
-------
a2bc06d811 [Form][SubmitType] Add "validate" option
This PR was merged into the 4.3 branch.
Discussion
----------
Make legacy "wrong" RFC2047 encoding apply only to one header
| Q | A
| ------------- | ---
| Branch? | 4.3
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| License | MIT
It says in a comment in the code that "We have to go against RFC 2183/2231 in some areas for interoperability". But I would like that to be the exception and not the rule. As the code was, all parameterized headers except from "Content-Disposition" was not encoded according to RFC 2231.
This change is to make it so that the exception (to not follow the RFC) is for the header "Content-Type" only, and all other parameterized headers will follow the rule of RFC 2231.
The code kind of worked before, because in emails we generally only have two parameterized headers; "Content-Disposition" and "Content-Type". But I think it is a good thing that if another parameterized header would happen to be added, by default it should follow the rule of the RFC and not by default be an exception.
Commits
-------
3817a8b036 Make legacy "wrong" RFC2047 encoding apply only to one header
This PR was merged into the 4.4 branch.
Discussion
----------
[Yaml] hint to the --parse-tags when parsing tags fails
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | no
| New feature? | yes
| Deprecations? | no
| Tickets | Fix https://github.com/symfony/symfony/issues/28465#issuecomment-533182079
| License | MIT
| Doc PR |
Commits
-------
012111524b hint to the --parse-tags when parsing tags fails