This PR was merged into the 3.4 branch.
Discussion
----------
[DI] tighten detection of local dirs to prevent false positives
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | Fix#36510 and #37150
| License | MIT
| Doc PR | -
Commits
-------
b746dd900c [DI] tighten detection of local dirs to prevent false positives
This PR was squashed before being merged into the 3.4 branch.
Discussion
----------
[PhpUnitBridge] Streamline ansi/no-ansi of composer according to phpunit --colors option
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| License | MIT
Currently the coloring of composer output is forced in some calls, forced not to be colored in one other call and left for auto in the others.
This change would make it uniform, depending on the --colors option of phpunit provided (or not provided) in the call
Commits
-------
968d6c4276 [PhpUnitBridge] Streamline ansi/no-ansi of composer according to phpunit --colors option
This PR was merged into the 3.4 branch.
Discussion
----------
[VarDumper] Fix CliDumper coloration on light arrays
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets |
| License | MIT
| Doc PR |
When `AbstractDumper::DUMP_LIGHT_ARRAY` is used with the `CliDumper`, the first line (opening bracket) is not colored. When an empty array is dumped (with or without `AbstractDumper::DUMP_LIGHT_ARRAY`) the array is not colored too. This PR aims to fix that.
Commits
-------
7af3469771 [VarDumper] Fix CliDumper coloration
This PR was merged into the 4.4 branch.
Discussion
----------
Reset question validator attempts only for actual stdin
| Q | A
| ------------- | ---
| Branch? | 4/4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no <!-- please update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| Tickets | Fix#37046
| License | MIT
| Doc PR |
Let's see what CI says. Works for me locally with phpunit and when running such command manually
Commits
-------
8fe7be4212 Reset question validator attempts only for actual stdin
This PR was merged into the 4.4 branch.
Discussion
----------
[PropertyInfo] Make PhpDocExtractor compatible with phpDocumentor v5
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | Fix#36049
| License | MIT
| Doc PR | N/A
Version 5 of phpDocumentor introduced some changes to the `getTagsByName()` method that break the `PhpDocExtractor`.
More specific, it now returns an instance of `InvalidTag` instead of `null` when parsing an invalid tag.
Commits
-------
b1f8e5a80a Make PhpDocExtractor compatible with phpDocumentor v5
Version 5 of phpDocumentor introduced some changes to the
`getTagsByName()` method that break the `PhpDocExtractor`.
More specific, it now returns an instance of `InvalidTag` instead of
`null` when parsing an invalid tag.
* 3.4:
switch the context when validating nested forms
Fix typo
[HttpKernel] Fix regression where Store does not return response body correctly
rework form validator tests
Update AbstractController.php
This PR was merged into the 3.4 branch.
Discussion
----------
[Form] switch the context when validating nested forms
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | Fix#37072
| License | MIT
| Doc PR |
Commits
-------
38135de549 switch the context when validating nested forms
This PR was merged into the 4.4 branch.
Discussion
----------
Remove non-existing arg and param from serializer service config
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | no <!-- please update src/**/CHANGELOG.md files -->
| Deprecations? | no <!-- please update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| Tickets |
| License | MIT
| Doc PR |
Leftover from #22741
Commits
-------
d179d71f45 Remove non-existing arg and param from serializer service config
This PR was merged into the 4.4 branch.
Discussion
----------
[DependencyInjection][CheckTypeDeclarationsPass] Always resolve parameters
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | https://github.com/symfony/symfony/issues/37166
| License | MIT
| Doc PR | -
> Only array parameters are not inlined when dumped.
This is true only when the XML debug container is used, not on a live container that can contain unresolved parameters in the `%my_param%` form. That was my mistake. We have to resolve to get the parameter type.
`$value = [];` was just an improvement to avoid useless parameter resolve btw.
Commits
-------
da0e2c36ef [DependencyInjection][CheckTypeDeclarationsPass] Always resolve parameters
This PR was squashed before being merged into the 4.4 branch (closes#37177).
Discussion
----------
[Ldap] fix refreshUser() ignoring extra_fields
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | no
| Deprecations? |no
| Tickets | -
| License | MIT
| Doc PR | -
While #31532 introduced `extra_fields` in general, #32824 later added `LdapUser` & `LdapUserProvider` and ignored `extra_fields` on `refreshUser()`.
This PR fixes `refreshUser()` and adds a test which makes sure, that the refreshed ldap user doesn't lose its default values.
Commits
-------
cb8f12996c [Ldap] fix refreshUser() ignoring extra_fields
This PR was merged into the 4.4 branch.
Discussion
----------
[Mailer] added the reply-to addresses to the API SES transport request.
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| License | MIT
The transport was not sending the reply-to addresses to the SES API when using SendEmail API method.
Commits
-------
ee752f90ed [Mailer] added the reply-to addresses to the API SES transport request.
This PR was merged into the 4.4 branch.
Discussion
----------
[Mime] use fromString when creating a new Address
| Q | A
| ------------- | ---
| Branch? | 4.4 <!-- see below -->
| Bug fix? | yes
| New feature? | no <!-- please update src/**/CHANGELOG.md files -->
| Deprecations? | no <!-- please update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| Tickets | n/a <!-- prefix each issue number with "Fix #", if any -->
| License | MIT
| Doc PR | n/a
When creating an Address, there are two ways right now in 4.4: `Address::create()` which takes an email or an instance of Address and `Address::fromString()` which takes an email or an email+name.
In 4.4, I propose to make `create` supports everything possible. And in 5.2, I will probably propose to deprecate `fromString()`.
Commits
-------
de68787693 [Mime] use fromString when creating a new Adress
This PR was merged into the 5.1 branch.
Discussion
----------
[Messenger] fix forward compatibility with Doctrine DBAL 2.11+
| Q | A
| ------------- | ---
| Branch? | 5.1
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| Tickets |
| License | MIT
| Doc PR |
The methods will be deprecated in 2.11 (see doctrine/dbal#4019), but the forward compatibility layer is only present in 3.0 (see doctrine/dbal#4007).
Commits
-------
bca4f9970b fix forward compatibility with Doctrine DBAL 2.11+
This PR was merged into the 4.4 branch.
Discussion
----------
[HttpClient] fix monitoring timeouts when other streams are active
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | -
Commits
-------
d2a53f0bda [HttpClient] fix monitoring timeouts when other streams are active
* 3.4:
[PhpUnitBridge] fix syntax on PHP 5.3
[PhpUnitBridge] Fix undefined index when output of "composer show" cannot be parsed
properly cascade validation to child forms
[PhpUnitBridge] fix undefined var on version 3.4
bumped Symfony version to 3.4.42
updated VERSION for 3.4.41
update CONTRIBUTORS for 3.4.41
updated CHANGELOG for 3.4.41
This PR was merged into the 4.4 branch.
Discussion
----------
[HttpClient] Throw JsonException instead of TransportException on empty response in Response::toArray()
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | Fix#37064
| License | MIT
Commits
-------
69547d9cfc [HttpClient] Throw JsonException instead of TransportException on empty response in Response::toArray()
This PR was squashed before being merged into the 4.4 branch.
Discussion
----------
[Security] Fixed AbstractToken::hasUserChanged()
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | Fix#36989
| License | MIT
| Doc PR | -
This PR completely reverts #35944.
That PR tried to fix a BC break (ref #35941, #35509) introduced by #31177. However, this broke many authentications (ref #36989), as the User is serialized in the session (as hinted by @stof). Many applications don't include the `roles` property in the serialization (at least, the MakerBundle doesn't include it).
In 5.2, we should probably deprecate having different roles in token and user, which fixes the BC breaks all together.
Commits
-------
f297beb42c [Security] Fixed AbstractToken::hasUserChanged()
This PR was merged into the 3.4 branch.
Discussion
----------
Fix abstract method name in PHP doc block
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| Tickets |
| License | MIT
| Doc PR |
Commits
-------
d6966c3147 Fix abstract method name in PHP doc block
* 3.4:
Fixes sprintf(): Too few arguments in form transformer
[Console] Fix QuestionHelper::disableStty()
validate subforms in all validation groups
Update Hungarian translations
Add meaningful message when Process is not installed (ProcessHelper)
[PropertyAccess] Fix TypeError parsing again.
[Form] add missing Czech validators translation
[Validator] add missing Czech translations
never directly validate Existence (Required/Optional) constraints
This PR was merged into the 3.4 branch.
Discussion
----------
[Validator] never directly validate Existence (Required/Optional) constraints
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | Fix#36637#36723
| License | MIT
| Doc PR |
Using `Optional` or `Required` like "regular" constraints does not make any sense, but doing so didn't break before #36365. I suggest to ignore them for now and deprecate using them outside the `Collection` constraint in 5.2.
Commits
-------
d333aae187 never directly validate Existence (Required/Optional) constraints
This PR was merged into the 3.4 branch.
Discussion
----------
[Console] Fix QuestionHelper::disableStty()
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no>
| Tickets | -
| License | MIT
| Doc PR | -
We broke it when adding `Terminal::hasSttyAvailable()`.
Let's fix it on 3.4 and move it to terminal on master, as suggested in #36977
Commits
-------
5d93b61278 [Console] Fix QuestionHelper::disableStty()
This PR was merged into the 3.4 branch.
Discussion
----------
[PropertyAccess] Fix TypeError parsing again
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | #36872
| License | MIT
| Doc PR | N/A
Apparently, the format of `TypeError`s has changed again in php8. While investigating, I noticed our error message parsing is not handling anonymous classes well, so I've added some test cases for them.
I chose a fuzzier regular expression to parse the expected return type from the error message. Additionally, I'm checking the stack trace if the caught `TypeError` is really caused by the accessor call.
Commits
-------
03b4e98630 [PropertyAccess] Fix TypeError parsing again.
This PR was merged into the 3.4 branch.
Discussion
----------
[Form] validate subforms in all validation groups
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | Fix#36852
| License | MIT
| Doc PR |
Commits
-------
b819d94d14 validate subforms in all validation groups
This PR was merged into the 4.4 branch.
Discussion
----------
[TwigBridge] fix fallback html-to-txt body converter
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | -
Right now, the content of the `<head>` and `<style>` are dumped as text. This fixes it.
Of course, use `league/html-to-markdown` if you need a better parser.
Commits
-------
6f59d60508 [TwigBridge] fix fallback html-to-txt body converter
This PR was merged into the 3.4 branch.
Discussion
----------
[Validator] Add missing translations for cs locale (Czech)
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no <!-- please update src/**/CHANGELOG.md files -->
| Deprecations? | no <!-- please update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| License | MIT
Is it enough to submit this only against 3.4 to have it included also in 5.1 version?
Commits
-------
3d18c1c185 [Validator] add missing Czech translations
This PR was merged into the 4.4 branch.
Discussion
----------
Parse and render anonymous classes correctly on php 8
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | #36872
| License | MIT
| Doc PR | N/A
The format of the value that `get_class()` returns for anonymous classes has changed in php 8. This PR attempts to detect both formats, with the help of the PHP80 polyfill where possible.
Commits
-------
9d702fd94b Parse and render anonymous classes correctly on php 8
This PR was merged into the 4.4 branch.
Discussion
----------
[PropertyAccessor] Added missing property path on php 8
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | #36872
| License | MIT
| Doc PR | N/A
This PR adds the property path to the exception message to fix failing tests on php 8.
Commits
-------
6a73bcdb8e [PropertyAccessor] Added missing property path on php 8.
This PR was merged into the 4.4 branch.
Discussion
----------
[OptionsResolver][Serializer] Remove calls to deprecated ReflectionParameter::getClass()
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | #36872
| License | MIT
| Doc PR | N/A
Following #36891, this PR removes the remaining calls to `ReflectionParameter::getClass()` from the 4.4 branch.
Commits
-------
1575d853f1 Remove calls to deprecated ReflectionParameter::getClass().
This PR was merged into the 3.4 branch.
Discussion
----------
[Cache] Accessing undefined constants raises an Error in php8
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | #36872
| License | MIT
| Doc PR | N/A
Calling `constant()` for an undefined constant will raise an `Error` on php 8. This PR adjust the Memcached tests to this new behavior.
Commits
-------
49fd0efb12 [Cache] Accessing undefined constants raises an Error in php8
* 3.4:
Skip Doctrine DBAL on php 8 until we have a compatible version.
[DomCrawler] Catch expected ValueError.
[Validator] Catch expected ValueError.
[VarDumper] ReflectionFunction::isDisabled() is deprecated.
[PropertyAccess] Parse php 8 TypeErrors correctly.
[Intl] Fix call to ReflectionProperty::getValue() for static properties.
[HttpKernel] Prevent calling method_exists() with non-string values.
[Debug] php 8 does not pass $context to error handlers.
[Config] Removed implicit cast of ReflectionProperty to string.
[Debug] Undefined variables raise a warning in php 8.
[Debug] Skip test that would trigger a fatal error on php 8.
Address deprecation of ReflectionType::getClass().
Properties $originalName and $mimeType are never null in UploadedFile
This PR was merged into the 4.4 branch.
Discussion
----------
[ErrorHandler] Apply php8 fixes from Debug component
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | #36872
| License | MIT
| Doc PR | N/A
The changes of #36898 and #36897 ported to the ErrorHandler component.
Commits
-------
54f18698af [ErrorHandler] Apply php8 fixes from Debug component.
This PR was merged into the 3.4 branch.
Discussion
----------
Address deprecation of ReflectionType::getClass()
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | #36872
| License | MIT
| Doc PR | N/A
Calling `ReflectionType::getClass()` will trigger a deprecation warning on php 8. This PR switches to `getType()` if available.
Commits
-------
53b1677a4e Address deprecation of ReflectionType::getClass().
This PR was merged into the 3.4 branch.
Discussion
----------
[VarDumper] ReflectionFunction::isDisabled() is deprecated
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | #36872
| License | MIT
| Doc PR | N/A
See php/php-src#5473. Calling `ReflectionFunction::isDisabled()` is pointless on php 8 and doing so triggers a deprecation warning.
Someone who is more familiar with that component might want to have a second look on this PR. I'm not really sure if this is the right way to fix the issue.
Commits
-------
1da347e5ba [VarDumper] ReflectionFunction::isDisabled() is deprecated.
This PR was merged into the 3.4 branch.
Discussion
----------
[Validator] Catch expected ValueError
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | #36872
| License | MIT
| Doc PR | N/A
`mb_check_encoding()` raises a `ValueError` on php 8 if an invalid encoding was passed. The validator that was patched here is expected to fail gracefully in that situation. This PR restores that behavior under php 8.
Maybe we can reconsider this behavior for Symfony 5.2. It feels a bit odd to me because we swallow a potential misconfiguration of the validator.
Commits
-------
8f3f67f82a [Validator] Catch expected ValueError.
This PR was merged into the 3.4 branch.
Discussion
----------
[PropertyAccess] Parse php 8 TypeErrors correctly
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | #36872
| License | MIT
| Doc PR | N/A
The wording of `TypeError` messages has changed in php 8. Since `PropertyAccessor` parses those messages, the logic needed some adjustments.
Commits
-------
7100c3ce1b [PropertyAccess] Parse php 8 TypeErrors correctly.
This PR was merged into the 3.4 branch.
Discussion
----------
[Debug] php 8 does not pass $context to error handlers
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | #36872
| License | MIT
| Doc PR | N/A
php 8 will call error handlers without the optional `$context` parameter. Thus, error handlers that make that parameter mandatory will break.
Commits
-------
593897c9e1 [Debug] php 8 does not pass $context to error handlers.
This PR was squashed before being merged into the 4.4 branch.
Discussion
----------
[BrowserKit] Raw body with custom Content-Type header
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| License | MIT
Currently, if you try to send POST/PUT request with custom `Content-Type` header and specified body, the real request will contain `text/plain` content type.
Following code
```php
$client->request(
'POST',
'/url',
[],
[],
[
'CONTENT_TYPE' => 'application/json'
],
'{"foo":"bar"}'
);
```
produces next request
```
POST /
Content-Type: text/plain; charset=utf-8
{"foo":"bar"}
```
With this fix, the request will be
```
POST /
Content-Type: application/json
{"foo":"bar"}
```
Commits
-------
d2dd92be77 [BrowserKit] Raw body with custom Content-Type header
This PR was merged into the 3.4 branch.
Discussion
----------
UploadedFile minor fixes
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no <!-- please update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| Tickets | none <!-- prefix each issue number with "Fix #", if any -->
| License | MIT
| Doc PR | no
According to the [constructor assignments](cb7e78c809/src/Symfony/Component/HttpFoundation/File/UploadedFile.php (L60)), properties `$originalName` and `$mimeType` are never null in `UploadedFile`, so `getClientOriginalName()` and `getClientMimeType()` always return `string`. Also `$test` does not need a default value because it's always set in the constructor.
Commits
-------
eb8d626c27 Properties $originalName and $mimeType are never null in UploadedFile
This PR was merged into the 3.4 branch.
Discussion
----------
[Intl] Fix call to ReflectionProperty::getValue() for static properties
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | #36872
| License | MIT
| Doc PR | N/A
When we call `ReflectionProperty::getValue()` for a static property, we don't need to pass any arguments. The code that was fixed here raised a `TypeError` on php 8 because the argument has to be an object now.
Commits
-------
d4045897d6 [Intl] Fix call to ReflectionProperty::getValue() for static properties.
This PR was merged into the 3.4 branch.
Discussion
----------
[Config] Removed implicit cast of ReflectionProperty to string
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | #36872
| License | MIT
| Doc PR | N/A
PHP 8 does not allow casting `ReflectionProperty` instances to string anymore.
Commits
-------
8adbadede7 [Config] Removed implicit cast of ReflectionProperty to string.
This PR was merged into the 3.4 branch.
Discussion
----------
[Debug] Undefined variables raise a warning in php 8
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | #36872
| License | MIT
| Doc PR | N/A
`ErrorHandlerTest` executes code with undefined variables to test how the error handler handles the triggered errors. In php 8.0, the severity and error message for this class of errors has been changed. I've adjusted the test accordingly.
Commits
-------
1d20b514f2 [Debug] Undefined variables raise a warning in php 8.
This PR was merged into the 3.4 branch.
Discussion
----------
[Debug] Skip test that would trigger a fatal error on php 8
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | #36872
| License | MIT
| Doc PR | N/A
This PR skips a test of `DebugClassLoader`. The test uses incompatible method signatures in class inheritance to provoke a php warning that should be handled by the debug class loader. On php 8 however, this error is not recoverable anymore, so the tested logic will be obsolete there.
Commits
-------
573d0dd493 [Debug] Skip test that would trigger a fatal error on php 8.
* 3.4:
[Validator] Add missing translations of nn locale
[HttpKernel] Fix that the `Store` would not save responses with the X-Content-Digest header present
[Intl] bump icu 67.1
This PR was squashed before being merged into the 3.4 branch.
Discussion
----------
[Validator] Add missing translations of nn locale
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes/no
| New feature? | no
| Deprecations? | no
| Tickets | Fix#30178
| License | MIT
Added missing translations to validator with locale nn
Commits
-------
040d01e53b [Validator] Add missing translations of nn locale
This PR was squashed before being merged into the 3.4 branch.
Discussion
----------
[HttpKernel] Fix that the `Store` would not save responses with the X-Content-Digest header present
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets |
| License | MIT
| Doc PR |
Responses fetched from upstream sources might have a `X-Content-Digest` header, for example if the Symfony Cache is used upstream. This currently prevents the `Store` from saving such responses. In general, the value of this header should not be trusted.
As I consider this header an implementation detail of the `Store`, the fix tries to be local to that class; we should not rely on the `HttpCache` or other classes to remove untrustworthy headers for us.
This fixes the issue that when using the `HttpCache` in combination with the Symfony HttpClient, responses that have also been cached upstream in an instance of `HttpCache` are not cached locally. It adds the overhead of re-computing the content digest every time the `HttpCache` successfully re-validated a response.
Commits
-------
d8964fb8b7 [HttpKernel] Fix that the `Store` would not save responses with the X-Content-Digest header present
This PR was squashed before being merged into the 3.4 branch.
Discussion
----------
[Intl] bump icu 67.1
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| Tickets | Fix #... <!-- prefix each issue number with "Fix #", if any -->
| License | MIT
| Doc PR | symfony/symfony-docs#... <!-- required for new features -->
mainly some new locales+scripts (see 3a3a9ba)
Commits
-------
29eb271184 [Intl] bump icu 67.1
This PR was merged into the 3.4 branch.
Discussion
----------
[BrowserKit] Allow Referer set by history to be overridden
| Q | A
| ------------- | ---
| Branch? | 3.4, see https://github.com/symfony/symfony/pull/36591 for 5.0
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets |
| License | MIT
| Doc PR |
Commits
-------
4774946fbd [BrowserKit] Allow Referer set by history to be overridden (3.4)
This PR was merged into the 4.4 branch.
Discussion
----------
[HttpClient] fix PHP warning + accept status code >= 600
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | Fix#36717
| License | MIT
| Doc PR | -
This fixes the PHP warning reported in the linked issue.
This also relaxes the accepted status codes, with https://www.linkedin.com/company/linkedin/ as an example that returns a non-conformant one (`999`).
These are now handled as 5xx codes, ie they trigger a ServerException.
Commits
-------
c764b5c36e [HttpClient] fix PHP warning + accept status code >= 600
This PR was merged into the 4.4 branch.
Discussion
----------
[Security/Core] fix compat of `NativePasswordEncoder` with pre-PHP74 values of `PASSWORD_*` consts
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | Fix#36451
| License | MIT
| Doc PR | -
Commits
-------
df32171cb2 [Security/Core] fix compat of `NativePasswordEncoder` with pre-PHP74 values of `PASSWORD_*` consts
This PR was merged into the 4.4 branch.
Discussion
----------
[DependencyInjection] Fix register event listeners compiler pass
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets |
| License | MIT
| Doc PR |
I've wanted to use the simpler event listener registration syntax (https://symfony.com/blog/new-in-symfony-4-4-simpler-event-listeners) in my project and it didn't work so I'm sending this fix.
We use the `KnpPaginatorBundle` bundle which also [calls the `RegisterListenersPass` compiler pass](https://github.com/KnpLabs/KnpPaginatorBundle/blob/v5.2.0/src/DependencyInjection/Compiler/PaginatorConfigurationPass.php#L22) in order to register with the event dispatcher their custom tags for listeners and subscribers (`knp_paginator.listener` and `knp_paginator.subscriber`).
Their compiler pass is `TYPE_BEFORE_REMOVING` and priority zero which is the same type and priority as the pass that gets [added by FrameworkBundle](https://github.com/symfony/symfony/blob/v4.4.8/src/Symfony/Bundle/FrameworkBundle/FrameworkBundle.php#L125). Since both the type and priority is the same the order of execution is `undefined` (because [that is how regular sort behaves in PHP which is used by default by `krsort`](https://github.com/symfony/symfony/blob/v4.4.8/src/Symfony/Component/DependencyInjection/Compiler/PassConfig.php#L264)) and the `RegisterListenersPass` currently removes the `eventAliasesParameter` parameter from the container if it is set (which is [set here](https://github.com/symfony/symfony/blob/v4.4.8/src/Symfony/Bundle/FrameworkBundle/Resources/config/services.xml#L9)). So what happens in my app is that the Knp compiler pass runs first, the `event_dispatcher.event_aliases` parameter is removed and then the FrameworkBundle registered compiler pass runs and since the aliases are not present anymore the events do not get aliased properly. The event dispatcher service in the compiled container looks like:
```php
$instance->addListener('Symfony\Component\HttpKernel\Event\RequestEvent', ...);
```
instead of the expected
```php
$instance->addListener('kernel.request', ...);
```
This means that my listener never gets called on the kernel request event.
Another potential fix would be to adjust the Knp compiler pass priority, but seeing as that would fix only that bundle (who knows how many bundles out there have the same problem) and that I don't see any drawback in letting the `event_dispatcher.event_aliases` parameter stay in the container I think that this is better to fix here.
Commits
-------
646878d072 Fix register event listeners compiler pass
* 3.4:
[VarDumper] fix for change in PHP 7.4.6
Added regression test for AccountStatusException behavior (ref #36822)
embed resource name in error message
[Serializer] fix issue with PHP 8
[Yaml] Fix escaped quotes in quoted multi-line string
This PR was merged into the 3.4 branch.
Discussion
----------
[Translator] embed resource name in error message
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| Tickets |
| License | MIT
| Doc PR |
Someone reported on Slack that they accidentally stored a translation file with the `.twig` extension and that the error message was quite confusing.
Commits
-------
507a5963e4 embed resource name in error message
This PR was squashed before being merged into the 4.4 branch.
Discussion
----------
Change priority of KernelEvents::RESPONSE subscriber
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| License | MIT
This PR changes the priority of the `KernelEvents::RESPONSE` subscriber of the `ProfilerListener` so that it is the penultimate to be executed (just before `StreamedResponseListener`).
The reason is that other listeners that were executed after this one CAN change the response (such as `SessionListener` for example). This creates a headache when debugging, with a discrepancy between what is shown in a curl command, and by the Symfony profiler.
Commits
-------
6ed624ad16 Change priority of KernelEvents::RESPONSE subscriber
This PR was merged into the 4.4 branch.
Discussion
----------
[WebProfiler] Remove 'none' when appending CSP tokens
| Q | A
| ------------- | ---
| Branch? | 3.4, 4.4, 5.0
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | Fix#36645
| License | MIT
| Doc PR | n/a
@nicolas-grekas asked me to to have a look at this after #36678.
If a user has a CSP policy of `default-src 'none'`, then the WebProfiler copies `'none'` to `script-src` and `style-src` then adds other sources. This creates an invalid policy since `'none'` is only allowed when it's the only item in the source list.
This will probably need to be merged into 3.4 first, I started on 4.4 so I can test in my current symfony project which requires 4.4.
Commits
-------
967bc4a860 [WebProfiler] Remove 'none' when appending CSP tokens
This PR was merged into the 4.4 branch.
Discussion
----------
[Mime] fix bad method call on `EmailAddressContains`
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | no <!-- please update src/**/CHANGELOG.md files -->
| Deprecations? | no <!-- please update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| Tickets | -
| License | MIT
| Doc PR | -
There is no method `Address` on [`MailboxHeader`](https://github.com/symfony/symfony/blob/4.4/src/Symfony/Component/Mime/Header/MailboxHeader.php), but a method `getAddress`.
Commits
-------
227ebd2fe9 [Mime] fix bad method call on "EmailAddressContains"
* 3.4:
[FrameworkBundle] display actual target for error in AssetsInstallCommand
Remove patches for Doctrine bugs and deprecations
[DI][EventDispatcher] added contract for implementation
This PR was merged into the 3.4 branch.
Discussion
----------
[DI][EventDispatcher] added contract for implementation
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | Fix#36708
| License | MIT
As described in the attached issue a comment in the documentation of the `EventSubscriberInterface` would be helpful to make sure users do not use logic based on runtime state in their implementation of `getSubscribedEvents`.
Commits
-------
88e43d4d4c [DI][EventDispatcher] added contract for implementation
When assets:install fails because the target directory does not exist, it should display the actual directory it wanted to have instead of the configuration directive. In most cases, the target directory is retrieved from the kernel config and thus differs from the argument.
* 3.4:
[PhpUnitBridge] fix PHP 5.3 compat
[PhpUnitBridge] Mark parent class also covered in CoverageListener
prevent notice for invalid octal numbers on PHP 7.4
This PR was merged into the 3.4 branch.
Discussion
----------
[PhpUnitBridge] Mark parent class also covered in CoverageListener
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| Deprecations? | no
| Tickets |
| License | MIT
| Doc PR |
Commits
-------
dcb5653728 [PhpUnitBridge] Mark parent class also covered in CoverageListener
* 3.4:
[Filesystem] Handle paths on different drives
[WebProfiler] Do not add src-elem CSP directives if they do not exist
[Yaml] fix parse error when unindented collections contain a comment
[3.4][Inflector] Improve testSingularize() argument name
[PhpUnitBridge] fix PHP 5.3 compat again
Skip validation when email is an empty object
fix sr_Latn translation
[Validator] fix lazy property usage.
Fix annotation
[PhpUnitBridge] fix compat with PHP 5.3
[DX] Show the ParseException message in YAML file loaders
This PR was merged into the 4.4 branch.
Discussion
----------
[Console] Default hidden question to 1 attempt for non-tty session
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | Fix#36565
| License | MIT
| Doc PR |
### Problem 1
`validateAttempts()` method repeats validation forever by default, until exception extending `RuntimeException` isn't thrown. This currently happens disregarding if user is in tty session where they can actually type input, or non-tty session. This presents a problem when user code throws custom exceptions for hidden questions -> loop doesn't stop. As far as I can tell this issue is in all Symfony versions, but it was uncovered only after we stopped marking interactive flag to false automatically ourselves. Actually, all 3 problems were already existing problems, just hidden until now.
### Problem 2
Infinite loop problem is related to hidden questions, but this one isn't. If validation fails, another attempt to read & validate happens. This means user will get two prompts: 2x same question with 2 different error messages. One error message coming from validator, second error message about inability to read input (because this loop repeats until this kind of error happens, so last output will always be this error). As an example, output in practice would look like following
```
What do you want to do:
>
[ERROR] Action must not be empty.
What do you want to do:
>
Aborted.
```
So even if loop stops, output is more than expected.
### Problem 3
This is purely cosmetic issue, but currently user gets `stty: stdin isn't a terminal` printed additionally when question helper tries to ask a hidden question without having tty. I have fixed this in same fashion as was already done for [getShell() method](ee7fc5544e/src/Symfony/Component/Console/Helper/QuestionHelper.php (L500)).
### More details
Well root of the first problem is that `\Symfony\Component\Console\Helper\QuestionHelper::getHiddenResponse` is inconsistent. In some cases it does throw `MissingInputException` (which extends `RuntimeException`), in others doesn't. This is because in others, `shell_exec` is used, which won't return `false` even in non-tty sessions. Initially I attempted to fix this and make them consistent by checking for empty result + `isTty` call, but during my testing I found that at least last, `bash -c` method returns `\n` as output both when passing empty input and when passing newline as input. This means we cannot differentiate with this technique when input is really empty, or at least I can't currently tell how, maybe someone does. I had also idea to use proc_open and check if `STDERR` cotains message about stdin not being a terminal, but I realized these functions might not be available. In future we should modernize this method to use less hacky techniques. Other solutions, eg. Inquirer.js or [hoa/console](https://github.com/hoaproject/Console/blob/master/Source/Readline/Readline.php) have much more elegant solutions. Anyway, since I encountered this issue and additionally this doesn't solve Problem 2, I stopped trying to fix this on this level.
### Alternative solution
Alternative solution to problem 1 and 3 would be to fallback to default in case of hidden questions when tty is missing. But this still doesn't solve problem 2 and I can't think about solution right now which would fix problem 2 separately. We also didn't really reach consensus if reading passwords via stdin is desired. I tried this in `Inquirer.js` and this library *does read password from stdin*
Commits
-------
ee7fc5544e [Console] Default hidden question to 1 attempt for non-tty session
This PR was squashed before being merged into the 3.4 branch.
Discussion
----------
[Filesystem] Handle paths on different drives
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| License | MIT
`makePathRelative` strips and ignores the drive letters given Windows paths on different drives, resulting in a relative path which does not resolve to the desired target.
This PR makes `makePathRelative` notice paths on different drives, and return the full (absolute) target path in case instead.
Commits
-------
00e727ae4e [Filesystem] Handle paths on different drives
This PR was merged into the 3.4 branch.
Discussion
----------
[WebProfiler] Do not add src-elem CSP directives if they do not exist
| Q | A
| ------------- | ---
| Branch? | 3.4, 4.4, 5.0
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | Fix#36643
| License | MIT
| Doc PR | n/a
In the latest 3.4.*, 4.4.* and 5.0.* branches the `script-src-elem` and `style-src-elem` directives are added to the Content-Security-Policy header if they don't exist by copying the `default-src`. This causes browsers to ignore the `script-src` and `style-src` directives which likely contain scripts and styles the developer wanted to allow.
As mentioned in the fixed ticket, we shouldn't be adding these directives if they don't exist because the browser will automatically fallback to `script-src` and `style-src` which we have already added `unsafe-inlen` and the `nonce-*` to.
This will need to be merged into 3.4, 4.4 and 5.0, but I was unsure which branch I am meant to base it off to start with. I've put it on 4.4 but can move it to another if required.
Commits
-------
d9c47087c9 [WebProfiler] Do not add src-elem CSP directives if they do not exist
This PR was merged into the 3.4 branch.
Discussion
----------
[DX] Show the ParseException message in all YAML file loaders
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | -
This PR synchronizes the exception message in the Routing, Validator and Translation YAML file loaders with the DependencyInjection YAML file loader behavior. Adding the ParseException message is a big DX gain because it highlights the problem directly instead of having to scroll down 7 previous exceptions.
I'm targetting 3.4 because DX can be considered as a bug fix AFAIK.
Commits
-------
fc6cf3d3c6 [DX] Show the ParseException message in YAML file loaders
This PR was merged into the 4.4 branch.
Discussion
----------
Execute docker dependent tests with github actions
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| Tickets | Fixes#36427
| License | MIT
| Doc PR | -
* redis, memcached, rabbitmq and vulcain dependent tests moved to the github action
* run on PHP 7.1 and 7.4 only
* use the `integration` group for all tests that depend on docker services
* do not exclude the `integration` group on Travis, but make sure tests that depend on docker services are skipped properly
[<img width="1222" alt="image" src="https://user-images.githubusercontent.com/190447/80806323-48339100-8bb2-11ea-95cd-5ce773c74ce6.png">](https://github.com/jakzal/symfony/runs/636461875?check_suite_focus=true)
Commits
-------
d710c1b654 Execute docker dependent tests with github actions
This PR was merged into the 3.4 branch.
Discussion
----------
[Validator] Skip validation when email is an empty object
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no <!-- please update src/**/CHANGELOG.md files -->
| Deprecations? | no <!-- please update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| Tickets | <!-- prefix each issue number with "Fix #", if any -->
| License | MIT
| Doc PR | <!-- required for new features -->
When the value passed to the email validator is an empty object the validator is still called and will mark the value as invalid. The object should be skipped in this case, as it is also done in the `UrlValidator`
bfdbb244fe/src/Symfony/Component/Validator/Constraints/UrlValidator.php (L59-L62)
<!--
Replace this notice by a short README for your feature/bugfix. This will help people
understand your PR and can be used as a start for the documentation.
Additionally (see https://symfony.com/releases):
- Always add tests and ensure they pass.
- Never break backward compatibility (see https://symfony.com/bc).
- Bug fixes must be submitted against the lowest maintained branch where they apply
(lowest branches are regularly merged to upper ones so they get the fixes too.)
- Features and deprecations must be submitted against branch master.
-->
Commits
-------
de5d68ef2a Skip validation when email is an empty object
This PR was merged into the 4.4 branch.
Discussion
----------
[Translation] Fix for translation:update command updating ICU messages
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | Fix#36459
| License | MIT
If `translation:update` command executed with option `--domain=messages` – it ignore `messages-intl-icu` file and just create new `messages`
Method `TranslationUpdateCommand::filterCatalogue()` on `MessageCatalogue::all()` method to get all messages for domain
But `MessageCatalogue::all()` method disredard `intl-icu` domains and simply merge all.
[Translation] added $strict parameter for MessageCatalogueInterface::all() to be able to get only defined domain messages
[FrameworkBundle] modified translation:update command to respect intl-icu domain
Commits
-------
567cee5f02 [Translation] Fix for translation:update command updating ICU messages
This PR was squashed before being merged into the 3.4 branch (closes#36627).
Discussion
----------
[Validator] fix lazy property usage.
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | Fix#36343
| License | MIT
| Doc PR |
This attempts to fix a large regression introduced in #36343, which broke recursing values returned from `getter` Constraints, because they are now wrapped in in a `LazyProperty`. The `LazyProperty` needs to be evaluated because some checks are done on the type of `$value`, i.e `is_array` etc... in `validateGenericNode`.
I'm concerned that the original PR didn't really add sufficient test coverage for the introduction of `LazyProperty`, and I'm not 100% sure that I've caught all the cases where the `instanceof` check are needed in this PR.
For the tests, I added the `@dataProvider getConstraintMethods` to every test that hit the problem area of code.
~~The only issue is that my fixed has broken the test introduced in #36343, `testGroupedMethodConstraintValidateInSequence`.~~
~~I think I need @HeahDude to help me work through this. Maybe there is a more simple solution, one that doesn't require doing `instanceof LazyPropery` checks in multiple places, because this feels very brittle.~~
EDIT: fixed that test.
Commits
-------
281861e788 [Validator] fix lazy property usage.
This PR was merged into the 4.4 branch.
Discussion
----------
[Form] provide a useful message when extension types don't match
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| Tickets | Fix#36610
| License | MIT
| Doc PR |
Commits
-------
88d836643a provide a useful message when extension types don't match
This PR was merged into the 4.4 branch.
Discussion
----------
[Serializer] do not transform empty \Traversable to Array
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | no <!-- please update src/**/CHANGELOG.md files -->
| Deprecations? | no <!-- please update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| Tickets | na
| License | MIT
| Doc PR | na
Today, using `PRESERVE_EMPTY_OBJECTS` ([introduced in 4.0](f28e826627)), the JSON serialization of:
```php
<?php
$object = [];
$object['foo'] = new \ArrayObject();
$object['bar'] = new \ArrayObject(['notempty']);
$object['baz'] = new \ArrayObject(['nested' => new \ArrayObject()]);
```
Outputs:
```json
{"foo":[],"bar":["notempty"],"baz":{"nested":[]}}
```
Instead of the expected:
```json
{"foo":{},"bar":["notempty"],"baz":{"nested":{}}}
```
This issue comes from the Serializer that transforms `Traversable` to an Array [here](11a707200d/src/Symfony/Component/Serializer/Serializer.php (L159)). Also, the `AbstractObjectNormalizer` [doesn't support Traversable](11a707200d/src/Symfony/Component/Serializer/Normalizer/AbstractObjectNormalizer.php (L134)), but he allows to preserve empty objects.
I propose this patch where the fix doesn't transform a `Traversable` to an Array. I see another way to patch this in which we could allow empty Traversable in the `AbstractObjectNormalizer` (not sure it's better though). See attached [other-fix.patch](https://github.com/symfony/symfony/files/4539865/other-fix.log) to see the alternative patch.
Commits
-------
e5c20293fa Fix serializer do not transform empty \Traversable to Array
This PR was merged into the 4.4 branch.
Discussion
----------
[Cache] Fixed not supported Redis eviction policies
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | no
| License | MIT
| Doc PR | no
**Steps to reproduce:**
1. Define the following redis service on SymfonyCloud:
```
rediscache:
type: redis:5.0
size: S
configuration:
maxmemory_policy: allkeys-lru
```
2. Deploy the change
**Expected result:**
No redis cache will be populated
**Actual result:**
Following exception is thrown:
```
[2020-04-28T05:35:58.440403-04:00] php.CRITICAL: Uncaught Error: Return value of Symfony\Component\Cache\Adapter\RedisTagAwareAdapter::doSave() must be of the type array, bool returned {"exception":"[object] (TypeError(code: 0): Return value of Symfony\\Component\\Cache\\Adapter\\RedisTagAwareAdapter::doSave() must be of the type array, bool returned at /app/vendor/symfony/cache/Adapter/RedisTagAwareAdapter.php:100)"} []
```
Commits
-------
3d6e942da5 [Cache] Fixed not supported Redis eviction policies
* 3.4:
updated VERSION for 3.4.40
update CONTRIBUTORS for 3.4.40
updated CHANGELOG for 3.4.40
[WebProfilerBundle] changed label of peak memory usage in the time & memory panels (MB into MiB)
add tests for the ConstraintViolationBuilder class
Improve dirname usage
[PhpUnitBridge] Use COMPOSER_BINARY env var if available
[YAML] escape DEL(\x7f)
fix compatibility with phpunit 9
[Cache] skip APCu in chains when the backend is disabled
[Form] apply automatically step=1 for datetime-local input
This PR was merged into the 4.4 branch.
Discussion
----------
[Cache] Allow invalidateTags calls to be traced by data collector
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | #34810
| License | MIT
| Doc PR |
`TraceableTagAwareAdapter` is not used in the fullstack framework since tag aware pools don't have the `cache.pool` tag (it's the decorated adapter that has it). This PR aims to use `TraceableTagAwareAdapter` when a pool is configured with `tags: true`
Commits
-------
28fdb3a879 Allow invalidateTags calls to be traced by data collector
This PR was squashed before being merged into the 3.4 branch.
Discussion
----------
[WebProfilerBundle] changed label of peak memory usage in the time & memory panels (MB into MiB)
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | Fix#36533
| License | MIT
| Doc PR | none
<!--
Replace this notice by a short README for your feature/bugfix. This will help people
understand your PR and can be used as a start for the documentation.
Additionally (see https://symfony.com/releases):
- Always add tests and ensure they pass.
- Never break backward compatibility (see https://symfony.com/bc).
- Bug fixes must be submitted against the lowest maintained branch where they apply
(lowest branches are regularly merged to upper ones so they get the fixes too.)
- Features and deprecations must be submitted against branch master.
-->
This PR changes the label of the peak memory usage from `MB` into `MiB` in the time and memory panels of the web profiler, as discussed in #36533.
The changed file `Resources/views/Collector/time.html.twig` is completely updated by commit c9433b0090 for v4.3. So for correctly displaying the label in 4.4 (& 5.0), the file `Resources/views/Collector/time.js` needs to be updated.
Commits
-------
89fb0799cd [WebProfilerBundle] changed label of peak memory usage in the time & memory panels (MB into MiB)
This PR was merged into the 3.4 branch.
Discussion
----------
[PhpUnitBridge] Use COMPOSER_BINARY env var if available
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | https://github.com/symfony/symfony/issues/36401
| License | MIT
| Doc PR | -
Commits
-------
6dce90d47b [PhpUnitBridge] Use COMPOSER_BINARY env var if available
This PR was merged into the 3.4 branch.
Discussion
----------
[Cache] skip APCu in chains when the backend is disabled
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | Fix#34962
| License | MIT
| Doc PR | -
I think this should do it.
Commits
-------
5a7208481d [Cache] skip APCu in chains when the backend is disabled
This PR was merged into the 4.4 branch.
Discussion
----------
[FrameworkBundle] debug:autowiring: Fix wrong display when using class_alias
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | None
| License | MIT
| Doc PR | not needed
Imagine that `FooInterface` is an alias, but it is deprecated and so has a `class_alias` to `BarInterface`. Currently, `debug:autowiring` will actually print that's the autowiring alias is `BarInterface`, despite there being no such id in the container.
@nicolas-grekas originally (on purpose) made the 2nd argument to `Descriptor::getClassDescription()` be passed by reference *for* this exact feature - 56aab09b01 - but I can't figure out why. This change (which effectively removes the by-reference modifying) made no existing tests fail.
Discovered this because the whole deprecated`Doctrine\Common\Persistence\ManagerRegistry` vs newer `Doctrine\Persistence\ManagerRegistry` causes the issue.
Thanks!
Commits
-------
d34b437ce0 Fixing a bug where class_alias would cause incorrect items in debug:autowiring
This PR was merged into the 4.4 branch.
Discussion
----------
[DependencyInjection][ServiceSubscriber] Support late aliases
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | -
A service subscriber that references a service that is aliased after optimization passes (after ResolveReferencesToAliasesPass technically) end up being dumped with the real service and not the alias.
I would consider it a bug but @nicolas-grekas told me it's a feature for him, this is why I'm submitting this on master.
@nicolas-grekas, feel free to close this one and open with your solution since you definitely know the subject better.
Commits
-------
24150370c3 [DependencyInjection][ServiceSubscriber] Support late aliases
This PR was merged into the 3.4 branch.
Discussion
----------
[Security/Core] fix escape for username in LdapBindAuthenticationProvider.php
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| License | MIT
I think that when we call `ldap_search()` as definitely it will do the `$this->ldap->query()` call, the proper filter applied should be `LdapInterface::ESCAPE_FILTER` as documented in
https://www.php.net/manual/en/function.ldap-escape.php while `LdapInterface::ESCAPE_DN` should be used for `dn` only
This simple change should fix, I'm sorry if I'm wrong.
Commits
-------
4bda68a9a2 Update LdapBindAuthenticationProvider.php
This PR was merged into the 4.4 branch.
Discussion
----------
[Cache] CacheItem with tag is never a hit after expired
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes/no
| New feature? | no
| Deprecations? | no
| Tickets | Fix#36458
| License | MIT
| Doc PR | symfony/symfony-docs#... <!-- required for new features -->
It seems like a tag cacheItem is never a hit again. Not sure how fix this but the cache component is really hard to debug 🙈 .
It need to be somewhere generally as all TagAware caches are effected:
```
1) Symfony\Component\Cache\Tests\Adapter\FilesystemTagAwareAdapterTest::testRefreshAfterExpires
Failed asserting that false is true.
/home/travis/build/symfony/symfony/src/Symfony/Component/Cache/Tests/Traits/TagAwareTestTrait.php:194
2) Symfony\Component\Cache\Tests\Adapter\PredisTagAwareClusterAdapterTest::testRefreshAfterExpires
Failed asserting that true is false.
/home/travis/build/symfony/symfony/src/Symfony/Component/Cache/Tests/Traits/TagAwareTestTrait.php:183
3) Symfony\Component\Cache\Tests\Adapter\RedisTagAwareAdapterTest::testRefreshAfterExpires
Failed asserting that true is false.
/home/travis/build/symfony/symfony/src/Symfony/Component/Cache/Tests/Traits/TagAwareTestTrait.php:183
4) Symfony\Component\Cache\Tests\Adapter\RedisTagAwareClusterAdapterTest::testRefreshAfterExpires
Failed asserting that true is false.
/home/travis/build/symfony/symfony/src/Symfony/Component/Cache/Tests/Traits/TagAwareTestTrait.php:183
```
Commits
-------
d082eca7dd Add reproducer to for hit after update expire cacheItem
f815b011c3 [Cache] fix FilesystemTagAwareAdapter failing when a tag link preexists
This PR was merged into the 3.4 branch.
Discussion
----------
[SecurityBundle] fix accepting env vars in remember-me configurations
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | Fix#36271
| License | MIT
| Doc PR | -
As @wouterj explained we cannot use env variables after #35910 merged.
> Hmm, so I'm guessing this is what happens:
>
> * `lifetime` is now an `integerNode()`
> * For the Config component (which IIRC doesn't know anything about env variables), you're passing a string: `"%env(int:REMEMBER_ME_COOKIE_LIFETIME)%"`
> * This throws an error, although if it wouldn't, the DI component would sucessfully process the string into a integer before it's used by any PHP class.
>
> So we either make Config aware of environment variables (that's probably a huge feature) or we revert the `integerNode()` changes (as you suggested).
>
> @HeahDude am I mislooking something, or would reverting these 2 lines not result in much harm? (only a little less strict config processor)
Commits
-------
46c278316c [SecurityBundle] fix accepting env vars in remember-me configurations
This PR was merged into the 3.4 branch.
Discussion
----------
[Form] Fixed handling groups sequence validation
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | FIx https://github.com/symfony/symfony/issues/9939#issuecomment-607459505, Fix#35556
| License | MIT
| Doc PR | ~
This is not the same as the original issue fixed by #36245, that was reported in https://github.com/symfony/symfony/issues/9939#issuecomment-607459505.
The form also fails to cascade sequence validation properly because each nested field is validated against the sequence, and one can fail at a step independently from another which could failed in another step. I've added a lot of tests to ensure this is working properly and tested in a website skeleton too.
This PR aims to close#35556 which tries to fix the same issue but afterwards in its implementation as said in https://github.com/symfony/symfony/pull/35556#discussion_r379289230.
Commits
-------
dfb61c204c [Form] Fixed handling groups sequence validation
This PR was merged into the 3.4 branch.
Discussion
----------
[Cache] Avoid memory leak in TraceableAdapter::reset()
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets |
| License | MIT
| Doc PR |
When we call `ServicesResetter::reset()`, we want to reset the
application to its initial states. We don't want a memory leak :p
Commits
-------
15a8610c0c [Cache] Avoid memory leak in TraceableAdapter::reset()
This PR was squashed before being merged into the 4.4 branch.
Discussion
----------
[PhpUnitBridge] add PolyfillTestCaseTrait::expectExceptionMessageMatches to provide FC with recent phpunit versions
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | no <!-- please update src/**/CHANGELOG.md files -->
| Deprecations? | no <!-- please update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| Tickets | na
| License | MIT
| Doc PR | na
expectExceptionMessageRegExp is deprecated coming phpunit 8.5.3 see https://github.com/sebastianbergmann/phpunit/issues/4133
Not sure if I need to add something else lmk.
Commits
-------
cfd5a29eaf [PhpUnitBridge] add PolyfillTestCaseTrait::expectExceptionMessageMatches to provide FC with recent phpunit versions
This PR was merged into the 4.4 branch.
Discussion
----------
Remove return type for Twig function workflow_metadata()
Technically it is allowed to have metadata other than string, even data that does not cast to string, like an array.
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | Fix#36391
| License | MIT
| Doc PR | n/a
The workflow metadata store can contain not only strings, but setting nested metadata results in an error when workflow_metadata() is used in Twig.
Also see #36391
Commits
-------
55664c5a17 Remove return type for Twig function workflow_metadata()
This PR was merged into the 3.4 branch.
Discussion
----------
[Form] RepeatedType should always have inner types mapped
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Doc PR| https://github.com/symfony/symfony-docs/pull/13519 |
| Tickets | Fix#36410
| License | MIT
Always set mapped=true to override inner type mapped setting.
Throw an exception if inner types of RepeatedType has mapped=false
Commits
-------
728cd66a13 RepeatedType should always have inner types mapped
* 3.4:
Revert "[travis][appveyor] don't cache .phpunit"
silence E_NOTICE triggered since PHP 7.4
[Form] Removed legacy check in `ValidationListener`
do not merge constraints within interfaces
[Validator] Fixed default group for nested composite constraints
This PR was merged into the 3.4 branch.
Discussion
----------
[Validator] Fixed default group for nested composite constraints
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | Fix#33986
| License | MIT
| Doc PR | ~
Take a breath: when composite constraints are nested in a parent composite constraint without having non composite nested constraints (i.e empty), then the default group is not added, making the validator failing to validate in any group (including default), because there is no group at all, which should never happen.
Commits
-------
117ee34698 [Validator] Fixed default group for nested composite constraints
This PR was merged into the 4.4 branch.
Discussion
----------
[HttpClient] fix HTTP/2 support on non-SSL connections - CurlHttpClient only
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | Fix#36419
| License | MIT
| Doc PR | -
Commits
-------
a5b884cd94 [HttpClient] fix HTTP/2 support on non-SSL connections - CurlHttpClient only
This PR was merged into the 4.4 branch.
Discussion
----------
Force ping after transport exception
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | Fix#36301
| License | MIT
| Doc PR |
SMTP transport fails for long running processes after tranport exception, if stream is closed all messages will throw a transport exception until $lastMessageTime exceds $pingThreshold.
With this PR, after transport expception the transport will ping the server to check if the connection is still alive.
Commits
-------
7ccbef62f6 Force ping after transport Exception
This PR was merged into the 3.4 branch.
Discussion
----------
[Validator] do not merge constraints within interfaces
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | Fix#22538
| License | MIT
| Doc PR |
This fix disables merge constraints within interfaces.
There is no reason to merge constraints from one interface to another because each class merges the constraints of all its interfaces. Only one check is needed is to eliminate all interfaces that comes from parent class to avoid duplication.
Commits
-------
67f336b808 do not merge constraints within interfaces
This PR was merged into the 3.4 branch.
Discussion
----------
[Form] Removed legacy check in `ValidationListener`
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| Tickets | ~
| License | MIT
| Doc PR | ~
A left over of #13198, should have been removed in 3.0. The tests don't use `null` anymore, no update needed here, this is just about removing dead code.
Commits
-------
e479e51f7c [Form] Removed legacy check in `ValidationListener`
This PR was merged into the 4.4 branch.
Discussion
----------
[HttpClient] Fix scoped client without query option configuration
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets |
| License | MIT
| Doc PR |
The `query` key default value is an [empty array](https://github.com/symfony/symfony/blob/v4.4.7/src/Symfony/Component/Config/Definition/PrototypedArrayNode.php#L30) and because of that it is always set. Processing a configuration for a scoped HTTP client (which has a `scope` and does not have a `base_uri`) results in the configuration being invalid. The error message says that query parameters cannot be aplied to the base URI since it is not defined (which doesn't make sense since the query parameters don't exist because they are empty).
Commits
-------
a07578dba3 [HttpClient] Fix scoped client without query option configuration
This PR was merged into the 4.4 branch.
Discussion
----------
[DI] fix detecting short service syntax in yaml
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | -
We do allow interfaces/classes as keys in arguments, yet the short syntax fails to know about those.
This fixes it, allowing one to use:
```
services:
App\Foo:
App\BarInterface: '@App\BarClass'
```
As a reminder, by-name is also allowed:
```
services:
App\Foo: {
$bar: '@App\BarClass'
}
```
Commits
-------
bf17165fb1 [DI] fix detecting short service syntax in yaml
This PR was merged into the 4.4 branch.
Discussion
----------
[DI] add missing property declarations in InlineServiceConfigurator
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | -
These are accessed by the traits used by the class.
Commits
-------
a6a4442cd9 [DI] add missing property declarations in InlineServiceConfigurator
This PR was merged into the 4.4 branch.
Discussion
----------
Allowing empty secrets to be set
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | None
| License | MIT
| Doc PR | Not needed
Setting secrets to an empty string is a valid value - you can already do this by consuming from an empty file or `stdin` with no input. But it's *not* currently possible to use the interactive prompt to set a secret to an empty string. This fixes that.
Commits
-------
c9bf0c8683 Allowing empty secrets to be set
This PR was merged into the 4.4 branch.
Discussion
----------
[Process] Fixed input/output error on PHP 7.4
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | Fix#34945
| License | MIT
| Doc PR |
This PR aims to fix the error from #34945, but i'm unsure if this is the best solution. The issue is that on PHP 7.4 the input/output error may come up.
php.net/manual/en/migration74.incompatible.php#migration74.incompatible.core.fread-fwrite
> fread() and fwrite() will now return FALSE if the operation failed. Previously an empty string or 0 was returned. EAGAIN/EWOULDBLOCK are not considered failures. These functions now also raise a notice on failure, such as when trying to write to a read only file resource.
Commits
-------
b98abde65a Supress error from fread when reading a unix pipe
* 3.4:
[PropertyAccess] fix tests
[WebProfilerBundle] fix test
remove assertions that can never be reached
[PropertyAccess] Improve message of unitialized property in php 7.4
[HttpFoundation] Fixed session migration with custom cookie lifetime
[Serializer] Remove unused variable
Allow URL-encoded special characters in basic auth part of URLs
[Serializer] Fix unitialized properties (from PHP 7.4.2) when serializing context for the cache key
[Validator] Add missing Ukrainian and Russian translations
No need to reconnect the bags to the session
Support for Content Security Policy style-src-elem and script-src-elem in WebProfiler
[PropertyInfo][ReflectionExtractor] Check the array mutator prefixes last when the property is singular
This PR was merged into the 3.4 branch.
Discussion
----------
[PropertyInfo][ReflectionExtractor] Check the array mutator prefixes last when the property is singular
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | https://github.com/symfony/symfony/issues/36079
| License | MIT
| Doc PR | -
Check the related tickets that have a very descriptive example.
If the property is singular, we should prioritize non array mutator prefixes and do the opposite for plural property. It relies on some guessing but it actually fixes real world scenarios.
Commits
-------
b4df2b9dff [PropertyInfo][ReflectionExtractor] Check the array mutator prefixes last when the property is singular
This PR was squashed before being merged into the 3.4 branch.
Discussion
----------
[PropertyAccess] Improve message of unitialized property in php 7.4
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| Tickets | Fix#36277
| License | MIT
Improve message of unitialized property in php 7.4 ;
Before
You should either initialize it or make it nullable using "?string" instead.
After
You should either initialize it or make it nullable using "?string $var = null" instead.
Commits
-------
3c8bf2d29d [PropertyAccess] Improve message of unitialized property in php 7.4
This PR was squashed before being merged into the 3.4 branch.
Discussion
----------
[HttpFoundation] Fixed session migration with custom cookie lifetime
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | Fix#28577
| License | MIT
| Doc PR |
This PR adds the fix proposed in https://github.com/symfony/symfony/issues/28577#issuecomment-578052397
Commits
-------
3e824de385 [HttpFoundation] Fixed session migration with custom cookie lifetime
This PR was merged into the 4.4 branch.
Discussion
----------
[Routing] Add installation and minimal example to README
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| Tickets | n/a
| License | MIT
| Doc PR | symfony/symfony-docs#13431
Similair to what I did in #35552, this PR updates the README of the Routing component to include a minimal example and installation command.
Commits
-------
be6612060c Add installation and minimal example to README
This PR was merged into the 3.4 branch.
Discussion
----------
[WebProfilerBundle] Support for Content Security Policy style-src-elem and script-src-elem in WebProfiler
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no <!-- please update src/**/CHANGELOG.md files -->
| Deprecations? | no <!-- please update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| License | MIT
If a `style-src-elem` or `script-src-elem` Content Security Policy exist, the WebProfiler Styles or Scripts will be rejected as the nonce is missing.
Commits
-------
7f33f1fa3a Support for Content Security Policy style-src-elem and script-src-elem in WebProfiler
This PR was merged into the 3.4 branch.
Discussion
----------
[HttpFoundation] No need to reconnect the bags to the session after session_regenerate_id
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | -
Bug https://bugs.php.net/70013 was fixed before the release of PHP v7.0
https://3v4l.org/A8YmY
Related to https://github.com/symfony/symfony/pull/15243
Commits
-------
923c24f438 No need to reconnect the bags to the session
This PR was merged into the 4.4 branch.
Discussion
----------
[Security] Track session usage whenever a new token is set
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | Fix#36208
| License | MIT
| Doc PR | -
When using `anonymous: lazy`, the programatic login using the guard handler is broken. As the `setToken()` does not track usage, the index remains equal.
I tried fixing this more properly in e.g. the `SessionStrategy::onAuthentication` class, but I couldn't get it working (as `$request->hasPreviousSession()` returns false, the session strategy isn't called). `setToken()` can also not be made usage tracking afaics, because it would directly break (`setToken(null)` is called in `ContextListener`).
The current fix does however look really ugly, but I can't find anything better with my minor knowledge of this session usage tracking feature. I'm open for all ideas :)
Commits
-------
8d96dbd08b Track session usage when setting the token
This PR was squashed before being merged into the 3.4 branch.
Discussion
----------
[Serializer] Fix unitialized properties (from PHP 7.4.2) when serializing context for the cache key
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | Fix https://github.com/symfony/symfony/issues/35574https://github.com/doctrine/orm/issues/8030
| License | MIT
| Doc PR | N/A
This bug only happens on the following conditions:
- A Doctrine entity (`Book`) having a relation with another entity (`Author`) is used;
- The `Author` entity uses typed properties (PHP 7.4) not initialized;
- The `Serializer` is used with the `Book` in the `OBJECT_TO_POPULATE` key in the context.
For instance:
```php
<?php
declare(strict_types=1);
namespace App\Entity;
use Doctrine\ORM\Mapping as ORM;
/** @ORM\Entity */
class Book
{
/**
* @ORM\ManyToOne(targetEntity="Author")
*/
public Author $author;
public ?string $isbn;
}
```
```php
<?php
declare(strict_types=1);
namespace App\Entity;
use Doctrine\ORM\Mapping as ORM;
/** @ORM\Entity */
class Author
{
public ?string $name;
}
```
Or even:
```php
<?php
declare(strict_types=1);
namespace App\Entity;
use Doctrine\ORM\Mapping as ORM;
/** @ORM\Entity */
class Author
{
private string $name;
public function __construct()
{
$this->name = 'Leo';
}
}
```
If the following is done (it's the case for instance in API Platform when a `PUT` is made):
```php
$serializer->deserialize('{"isbn":"2038717141"}', Book::class, 'json', ['object_to_populate' => $book]);
```
Then there will be the following error:
> Fatal error: Typed property Proxies\__CG__\App\Entity\Author::$ must not be accessed before initialization (in __sleep)
It's because of these lines in the `getCacheKey` method of the `AbstractObjectNormalizer`:
5da141b8d0/src/Symfony/Component/Serializer/Normalizer/AbstractObjectNormalizer.php (L405-L409)
Since the lazy proxyfied relation has a `__sleep` with unitialized properties, the `serialize` method will throw (since https://bugs.php.net/bug.php?id=79002: 846b647953).
I propose to fix this issue by unsetting the `OBJECT_TO_POPULATE` key in the context because I don't think it's useful for determining the attributes of the object.
For the next versions of Symfony, the fix should probably be elsewhere, in the default context.
For instance in Symfony 4.4, instead of:
15edfd39d4/src/Symfony/Component/Serializer/Normalizer/AbstractObjectNormalizer.php (L118)
It should be:
```php
$this->defaultContext[self::EXCLUDE_FROM_CACHE_KEY] = [self::CIRCULAR_REFERENCE_LIMIT_COUNTERS, self::OBJECT_TO_POPULATE];
```
But I'm not sure how it should be merged (another PR maybe?).
Commits
-------
1fafff7c10 [Serializer] Fix unitialized properties (from PHP 7.4.2) when serializing context for the cache key
This PR was squashed before being merged into the 3.4 branch.
Discussion
----------
[Validator] Add missing Ukrainian and Russian translations
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| Tickets | none
| License | MIT
Commits
-------
d43ef4ec92 [Validator] Add missing Ukrainian and Russian translations
This PR was merged into the 3.4 branch.
Discussion
----------
[HttpKernel][LoggerDataCollector] Prevent keys collisions in the sanitized logs processing
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | https://github.com/symfony/symfony/issues/36159
| License | MIT
| Doc PR | -
`$sanitizedLogs` is used with numeric and "associative" keys. To prevent collisions when the message is a number, we can simply prepend all messages with a random letter (so we avoid a behavior refactor). It doesn't matter since they key is only used for the processing, it is dropped at the end.
Commits
-------
79fe888072 [HttpKernel][LoggerDataCollector] Prevent keys collisions in the sanitized logs processing
This PR was merged into the 4.4 branch.
Discussion
----------
Fix the reporting of deprecations in twig:lint
| Q | A
| ------------- | ---
| Branch? | 4.4 (the `--show-deprecations` option does not exist in 3.4)
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | n/a
| License | MIT
| Doc PR | n/a
- ensure that the message is rendered when the line detection fails and we end up with 0 as line number (the implementation also deals with -1 which is sometimes used by Twig for errors when it does not know the line, even though this should not happen for compile-time errors).
- fix the detection of the line number when the number is at the end of the sentence, which happens for the deprecation of filters for instance.
Commits
-------
c329ca7e01 Fix the reporting of deprecations in twig:lint
- ensure that the message is rendered when the line detection fails and
we end up with 0 as line number (the implementation also deals with -1
which is sometimes used by Twig for errors when it does not know the
line, even though this should not happen for compile-time errors).
- fix the detection of the line number when the number is at the end of
the sentence, which happens for the deprecation of filters for
instance.
* 3.4:
Fix versions
[Security/Http] Allow setting cookie security settings for delete_cookies
[FrameworkBundle] revert to legacy wiring of the session when circular refs are detected
bumped Symfony version to 3.4.40
updated VERSION for 3.4.39
update CONTRIBUTORS for 3.4.39
updated CHANGELOG for 3.4.39
update Italian translation
[Validator] Add missing Hungarian translations
[Validator] Add the missing translations for the Arabic (ar) locale
[Validator] Add missing vietnamese translations
[Console] Fix OutputStream for PHP 7.4
add German translations
bug #36157 [Validator] Assert Valid with many groups
[Validator] Add missing Lithuanian translations
Fixed some typos
Add french "at least" constraint translations
This PR was merged into the 3.4 branch.
Discussion
----------
[Security/Http] Allow setting cookie security settings for delete_cookies
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | Fix https://github.com/symfony/symfony/pull/36243#discussion_r399646893
| License | MIT
| Doc PR | tbd
Similar to #36173 and #36175. This is needed for Chrome 80 compatibility.
My only question is whether we should introduce these specific settings, or somehow fetch them from `framework.session`?
Commits
-------
a696d1f3af [Security/Http] Allow setting cookie security settings for delete_cookies
This PR was merged into the 3.4 branch.
Discussion
----------
[Validator] Assert Valid with many groups
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | Fix https://github.com/symfony/symfony/issues/36157
| License | MIT
Make a reference object get validated by each group when using the Valid constraint with many groups
Commits
-------
c9aa3a849a bug #36157 [Validator] Assert Valid with many groups
This PR was merged into the 3.4 branch.
Discussion
----------
[Validator] Add missing vietnamese translations
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | no <!-- please update src/**/CHANGELOG.md files -->
| Deprecations? | no <!-- please update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| Tickets | - <!-- prefix each issue number with "Fix #", if any -->
| License | MIT
| Doc PR | - <!-- required for new features -->
<!--
Replace this notice by a short README for your feature/bugfix. This will help people
understand your PR and can be used as a start for the documentation.
Additionally (see https://symfony.com/releases):
- Always add tests and ensure they pass.
- Never break backward compatibility (see https://symfony.com/bc).
- Bug fixes must be submitted against the lowest maintained branch where they apply
(lowest branches are regularly merged to upper ones so they get the fixes too.)
- Features and deprecations must be submitted against branch master.
-->
Commits
-------
25fdc8e580 [Validator] Add missing vietnamese translations
This PR was squashed before being merged into the 3.4 branch.
Discussion
----------
[Console] Fix OutputStream for PHP 7.4
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | Fix#36166
| License | MIT
From PHP 7.4, `fwrite` function now returns false for any failure: https://www.php.net/manual/en/migration74.incompatible.php#migration74.incompatible.core.fread-fwrite
Actually, the note in the PHP documentation is not exact: for PHP 7.3 and lower, `fwrite` function did return false when arguments passed in to the function were invalid, and 0 for other failures. From PHP 7.4, it returns false for any failure.
We can see it in the source code: for PHP 7.3: a1a8d14485/ext/standard/file.c (L1140)
Compare to PHP 7.4: https://github.com/php/php-src/blob/master/ext/standard/file.c#L1136
I update `OutputStream::doWrite()` to keep the same behavior as before.
Commits
-------
b375f93ed7 [Console] Fix OutputStream for PHP 7.4
This PR was squashed before being merged into the 4.4 branch.
Discussion
----------
add missing gitattributes for phpunit-bridge
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | no
| New feature? | no <!-- please update src/**/CHANGELOG.md files -->
| Deprecations? | no <!-- please update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| Tickets |
| License | MIT
| Doc PR |
Seems like the phpunit bridge has been forgotten in https://github.com/symfony/symfony/pull/33579
Commits
-------
d4c052a2fa add missing gitattributes for phpunit-bridge
* 3.4:
[Http Foundation] Fix clear cookie samesite
[Security] Check if firewall is stateless before checking for session/previous session
[Form] Support customized intl php.ini settings
[Security] Remember me: allow to set the samesite cookie flag
[Debug] fix for PHP 7.3.16+/7.4.4+
[Validator] Backport translations
Prevent warning in proc_open()
This PR was merged into the 3.4 branch.
Discussion
----------
[Security/Http] Remember me: allow to set the samesite cookie flag
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | -
Similar to #35605, since Chrome 80 is going to require the `samesite` attribute.
This is a cherry-pick of #27976
Commits
-------
f0ceb73397 [Security] Remember me: allow to set the samesite cookie flag
This PR was squashed before being merged into the 3.4 branch.
Discussion
----------
[Http Foundation] Fix clear cookie samesite
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | Fix#36107
| License | MIT
With Chrome Update 80, Cookies are required to be `secure` and `samesite=none` for cross site requests. However they are defaulted to `samesite=lax` if the samesite attribute is not set. In other words: developer has to explicitely opt-in for `samesite=none` in the case of a cross site request.
More details: https://chromestatus.com/feature/5088147346030592
We add the `samesite` argument to `clearCookie` method to allow developer to explicitely set this value.
Commits
-------
4bdea1f2e7 [Http Foundation] Fix clear cookie samesite
`IntlDateParser->parse()` behaves differently when `intl.error_level` and/or `intl.use_exceptions` are not 0.
This change makes sure `\IntlException` is caught when `intl.use_exceptions` is 1 and warnings thrown when `intl.error_level` is not 0 are ignored.
This PR was merged into the 4.4 branch.
Discussion
----------
[FrameworkBundle] Fix deprecation message for booting a kernel twice
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | no
| New feature? | no <!-- please update src/**/CHANGELOG.md files -->
| Deprecations? | no <!-- please update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| Tickets | - <!-- prefix each issue number with "Fix #", if any -->
| License | MIT
| Doc PR | - <!-- required for new features -->
<!--
Replace this notice by a short README for your feature/bugfix. This will help people
understand your PR and can be used as a start for the documentation.
Additionally (see https://symfony.com/releases):
- Always add tests and ensure they pass.
- Never break backward compatibility (see https://symfony.com/bc).
- Bug fixes must be submitted against the lowest maintained branch where they apply
(lowest branches are regularly merged to upper ones so they get the fixes too.)
- Features and deprecations must be submitted against branch master.
-->
Commits
-------
a0a6243a21 Fix deprecation messages
This PR was merged into the 4.4 branch.
Discussion
----------
[DI] fix preloading script generation
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | -
(fabbot failure is a false positive)
On master, we should work on being able to preload more classes (esp. all cache-warmup artifacts).
But for 4.4, this is good enough. Submitted as a bug fix because 1. the current code that deals with preloading kinda-works, but only on "dev" mode... and 2. fixing it provides a nice boost!
Small bench on a hello world:
- before: 380 req/s
- after: 580 req/s
That's +50%!
Pro-tip: adding a few `class_exists()` as done in this PR for the classes that are always used in the implementations (e.g. `new Foo()` in the constructor) will help the preload-script generator to work optimally. Without them, it will discover the symbols to preload only if they're found on methods.
Some of those `class_exists()` are mandatory, in relation to anonymous classes and https://bugs.php.net/79349
Commits
-------
a10fc4da5d [DI] fix preloading script generation
This PR was merged into the 4.4 branch.
Discussion
----------
[Security/Http] don't require the session to be started when tracking its id
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | -
`$session->getId()` returns the empty string when the session is not yet started.
When this happens, the session tracking logic wrongly detects that a new session was created and thus disables HTTP caching.
This fixes the issue by looking at the value of the session cookie instead.
(the case for `true` is when using `MockArraySessionStorage` as done in tests)
Commits
-------
c39188a7cc [Security/Http] don't require the session to be started when tracking its id
This PR was squashed before being merged into the 4.4 branch.
Discussion
----------
[DI] Fix CheckTypeDeclarationPass
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | Fix#35863 and #35972
| License | MIT
| Doc PR |
Bug 1: The lint container threw an error if a class buit with a factory was declared as callable while this factory method returne a callabe (#35863)
Bug 2: Sodium Exception was not caught in the CheckTypeDeclarationsPass. We have extended the exception caught to \Exception, instead of EnvNotFoundException and RuntimeException only.
Commits
-------
cbf4dfd10f [DI] Fix CheckTypeDeclarationPass
This PR was merged into the 3.4 branch.
Discussion
----------
[PropertyAccess][DX] Improved errors when reading uninitialized properties
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | kinda
| New feature? | no
| Deprecations? | no
| Tickets | Fix#36051
| License | MIT
| Doc PR | ~
An attempt to fix#36051 by providing better error messages when trying to read uninitialized properties either via calling a return-type-hinted method from PHP 7.0 or by accessing public-typed properties from PHP 7.4.
It would be nice to have a proper exception class in master.
Commits
-------
a71023ba65 [PropertyAccess] Improved errors when reading uninitialized properties
This PR was squashed before being merged into the 3.4 branch.
Discussion
----------
[FrameworkBundle] start session on flashbag injection
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | Fix [#33084](https://github.com/symfony/symfony/issues/33084)
| License | MIT
This PR addresses an issue whereby if the FlashBag is injected into the application using the default service configuration, we cannot rely that the session has been started. This behaviour is in contradiction to [the docs](https://symfony.com/doc/current/session.html#avoid-starting-sessions-for-anonymous-users):
> Sessions are automatically started whenever you read, write or even check for the existence of data in the session.
This is because symfony ensures the session has been started on calls to getFlashBag() which is normally how the flashbag will be accessed but this is not called if you inject the FlashBag directly into the container.
I have addressed this issue by changing the way the Flashbag service is built so that it uses Session as a factory service and getFlashBag as a factory method. This means that anywhere in symfony where FlashBag is injected can now rely on the fact the session is started.
I have also added a new functional test to verify this behaviour.
Commits
-------
e8b4d35616 [FrameworkBundle] start session on flashbag injection
This PR was merged into the 4.4 branch.
Discussion
----------
[Console] Fallback to default answers when unable to read input
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | Fix#36027, Fix#35988
| License | MIT
| Doc PR |
Alternative to https://github.com/symfony/symfony/pull/36027.
This fixes linked issues without having to revert fix for #30726. Successfully tested with composer script, `docker run` and `docker run -it`.
Commits
-------
8ddaa20b29 [Console] Fallback to default answers when unable to read input
This PR was squashed before being merged into the 3.4 branch.
Discussion
----------
[Validator] Remove commas in translations
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| License | MIT
These translations were originally modified in #21335.
Commits
-------
5688f97bad [Validator] Remove commas in translations
This PR was squashed before being merged into the 4.4 branch.
Discussion
----------
[Mime] Fix boundary header
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | Fix#35443 (fixes the second problem described in this ticket)
| License | MIT
The boundary value of Content-Type header was enclosed in quotes, cause of the "=" symbol.
Commits
-------
453078ff37 [Mime] Fix boundary header
* 3.4:
[Config] fix test
[Intl][3.4] Bump ICU 66.1
fix import from config file using type: glob
[DoctrineBridge][DoctrineExtractor] Fix wrong guessed type for "json" type
This PR was merged into the 3.4 branch.
Discussion
----------
fix import from config file using type: glob
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no <!-- please update src/**/CHANGELOG.md files -->
| Deprecations? | no <!-- please update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| Tickets |
| License | MIT
| Doc PR |
If you try to import configs with glob using
```
imports:
- { resource: '../dev/*.{php,xml,yaml,yml}', type: 'glob' }
```
it didn't work because the FileLoader resolves the glob pattern but forwards the glob type. This meant the resolver then choses the GlobFilerLoader again for each already resolved file which does not find the files. So in the end the glob was resolved but the files never imported.
The workaround is to remove the `type: glob` from the import above. But the real fix should be to not forward the glob type when it's already resolved.
Commits
-------
6b70511bc6 fix import from config file using type: glob
This PR was merged into the 3.4 branch.
Discussion
----------
[DoctrineBridge][DoctrineExtractor] Fix wrong guessed type for "json" type
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | https://github.com/symfony/symfony/issues/35968
| License | MIT
| Doc PR | -
After checking the code, it appears that `json` have a different behavior than `json_array`.
> In json_array doctrine was converting null or empty value to array, but json type doesn't do that
@norkunas is right about this. Consequently, we cannot safely guess a built in type for the `json` Doctrine type.
Commits
-------
f9f5f8df3e [DoctrineBridge][DoctrineExtractor] Fix wrong guessed type for "json" type
This PR was merged into the 3.4 branch.
Discussion
----------
[Intl][3.4] Bump ICU 66.1
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| Tickets | Fix #... <!-- prefix each issue number with "Fix #", if any -->
| License | MIT
| Doc PR | symfony/symfony-docs#... <!-- required for new features -->
<!--
Replace this notice by a short README for your feature/bugfix. This will help people
understand your PR and can be used as a start for the documentation.
Additionally (see https://symfony.com/releases):
- Always add tests and ensure they pass.
- Never break backward compatibility (see https://symfony.com/bc).
- Bug fixes must be submitted against the lowest maintained branch where they apply
(lowest branches are regularly merged to upper ones so they get the fixes too.)
- Features and deprecations must be submitted against branch master.
-->
See https://github.com/unicode-org/icu/releases/tag/release-66-1 (no data changes for us)
Commits
-------
2275689cf8 [Intl][3.4] Bump ICU 66.1
This PR was merged into the 4.4 branch.
Discussion
----------
[DI] Fix container lint command when a synthetic service is used in an expression
Fix container lint command when a synthetic service is used in combination with the expression language.
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | Fix#35691
| License | MIT
| Doc PR | -
Commits
-------
e7fa73a32b Fix container lint command when a synthetic service is used in combination with the expression language
This PR was merged into the 3.4 branch.
Discussion
----------
[Form] Handle false as empty value on expanded choices
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | https://github.com/symfony/symfony/issues/31572
| License | MIT
| Doc PR | -
This is the 3.4 version of https://github.com/symfony/symfony/pull/32747. The tests are the same. The added code has to be removed from master (if accepted).
Commits
-------
1a366bc378 [Form] Handle false as empty value on expanded choices
This PR was merged into the 3.4 branch.
Discussion
----------
[FrameworkBundle] remove redundant PHPDoc in console Descriptor
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | no <!-- please update src/**/CHANGELOG.md files -->
| Deprecations? | no <!-- please update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| Tickets | None <!-- prefix each issue number with "Fix #", if any -->
| License | MIT
| Doc PR | N/A
The PHPDoc for some `describeXXX` methods in the abstract `Symfony\Bundle\FrameworkBundle\Console\Descriptor\Descriptor` was inaccurate or redundant.
I remove the PHPDoc in the superclass and the `{@inheritdoc}` in the child class as suggested by @chalasr in this PR comment https://github.com/symfony/symfony/pull/35995#discussion_r389846487
I keep the PHPDoc when it adds some explanation about the method or its params.
For exemple :
### inaccurate:
```php
/**
* Describes an InputArgument instance.
*/
abstract protected function describeRouteCollection(RouteCollection $routes, array $options = []);
/**
* Describes an InputOption instance.
*/
abstract protected function describeRoute(Route $route, array $options = []);
```
### redundant
```php
/**
* Describes container parameters.
*/
abstract protected function describeContainerParameters(ParameterBag $parameters, array $options = []);
/**
* Describes container tags.
*/
abstract protected function describeContainerTags(ContainerBuilder $builder, array $options = []);
```
### kept
```php
/**
* Describes event dispatcher listeners.
*
* Common options are:
* * name: name of listened event
*/
abstract protected function describeEventDispatcherListeners(EventDispatcherInterface $eventDispatcher, array $options = []);
/**
* Describes a callable.
*
* @param mixed $callable
*/
abstract protected function describeCallable($callable, array $options = []);
```
<!--
Replace this notice by a short README for your feature/bugfix. This will help people
understand your PR and can be used as a start for the documentation.
Additionally (see https://symfony.com/releases):
- Always add tests and ensure they pass.
- Never break backward compatibility (see https://symfony.com/bc).
- Bug fixes must be submitted against the lowest maintained branch where they apply
(lowest branches are regularly merged to upper ones so they get the fixes too.)
- Features and deprecations must be submitted against branch master.
-->
Commits
-------
e535e7d2ff [FrameworkBundle] remove redundant PHPDoc in console Descriptor and subclass
This PR was merged into the 4.4 branch.
Discussion
----------
[SecurityBundle] Minor fix in LDAP config tree builder
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | ~
| License | MIT
| Doc PR | ~
Continuation of #35910 for 4.4.
Commits
-------
468a201d34 [SecurityBundle] Minor fix in LDAP config tree builder
* 3.4:
[Yaml] fix dumping strings containing CRs
[DI] Fix XmlFileLoader bad error message
Tweak message
improve PlaintextPasswordEncoder docBlock summary
[Validator] Add two missing translations for the Arabic (ar) locale
Use some PHP 5.4 constants unconditionally
Revert "bug symfony#28179 [DomCrawler] Skip disabled fields processing in Form"
Add Spanish translation
Fix typo
[Validator] add Japanese translation
Fix typo
Add Polish translation
[SecurityBundle] Minor fixes in configuration tree builder
bumped Symfony version to 3.4.39
updated VERSION for 3.4.38
update CONTRIBUTORS for 3.4.38
updated CHANGELOG for 3.4.38
This PR was merged into the 4.4 branch.
Discussion
----------
[DI] ignore extra tags added by autoconfiguration in PriorityTaggedServiceTrait
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | Fix#35916, Fix#35953
| License | MIT
| Doc PR | -
Commits
-------
09770aa930 [DI] ignore extra tags added by autoconfiguration in PriorityTaggedServiceTrait
This PR was squashed before being merged into the 3.4 branch.
Discussion
----------
improve PlaintextPasswordEncoder docBlock summary
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| Tickets |
| License | MIT
| Doc PR |
Updates class summary as suggested in tkt #35927 & pr #35929 to suggest the encoder is for test usage.
Commits
-------
622facfe94 Tweak message
a56d262639 improve PlaintextPasswordEncoder docBlock summary