This PR was merged into the 3.4 branch.
Discussion
----------
[HttpFoundation][FrameworkBundle] fix support for samesite in session cookies
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | Fix#35520
| License | MIT
| Doc PR | -
This PR cherry-picks #28168 on 3.4, with a rationale given by @ConneXNL in https://github.com/symfony/symfony/issues/35520#issuecomment-582296847:
> I hope I am wrong but I see the impact of not making any changes to Symfony 3.4 will have a tons of sites break if we cannot set the cookie's samesite setting (in the framework session and remember me) before Chrome pushes this update.
>
> Very soon all existing cookies are no longer going to work with cross-domains if you do not specify 'None' for the cookie_samesite. All external APIs that use cookies and are running SF 3.4 will break and devs will have no quick solution to fix their auth process.
>
> If you are using PHP 7.4, yes you can most likely use ini_set to workaround this issue.
>
> However, ini_set('cookie_samesite') does not work in PHP Version <= 7.2.
I am not even sure PHP 7.3 supports the value 'None' as php.watch/articles/PHP-Samesite-cookies says it has support for 'Lax' and 'Scrict'.
>
> This effectively means SF 3.4 on PHP 7.2 (or PHP 7.3) is no longer supported for cross domain APIs with cookies. People would have to either update PHP to 7.4 (if they even can?) or go to Symfony 4 (with a dead live site is going to be a complete disaster).
>
> Since the impact of the change that chrome is about to roll out is so fundamentally changing our way to set cookies, I consider configuring samesite configuration in the framework an absolute requirement, not a feature, especially since SF 3.4 is still supported.
>
> What am i missing?
>
> Note: SF3 HTTPFoundation already supports the new cookie settings, it's just the framework that doesn't support it.
Our BC policy embeds the promise that one should be able to keep the same app on a newest infrastructure (eg that's why supporting a PHP version is a bug fix). I think we can consider this for browsers here also. WDYT?
Commits
-------
f46e6cb8a0 [HttpFoundation][FrameworkBundle] fix support for samesite in session cookies
This PR was merged into the 3.4 branch.
Discussion
----------
[DoctrineBridge] Fixed submitting ids with query limit or offset
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no <!-- please update src/**/CHANGELOG.md files -->
| Deprecations? | no <!-- please update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| Tickets | Fix https://github.com/symfony/symfony/pull/34900#discussion_r375246113 <!-- prefix each issue number with "Fix #", if any -->
| License | MIT
| Doc PR | ~ <!-- required for new features -->
<!--
Replace this notice by a short README for your feature/bugfix. This will help people
understand your PR and can be used as a start for the documentation.
Additionally (see https://symfony.com/roadmap):
- Always add tests and ensure they pass.
- Never break backward compatibility (see https://symfony.com/bc).
- Bug fixes must be submitted against the lowest maintained branch where they apply
(lowest branches are regularly merged to upper ones so they get the fixes too.)
- Features and deprecations must be submitted against branch master.
-->
Commits
-------
9bb194098f [DoctrineBridge] Fixed submitting ids with query limit or offset
This PR was submitted for the master branch but it was merged into the 3.4 branch instead (closes#35628).
Discussion
----------
[Security] Improve info UserPasswordEncoderCommand
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| License | MIT
| Doc PR | n/a
`php bin/console security:encode-password [password] App\Entity\User`
will result in
`No encoder has been configured for account "AppEntityUser". `
If a full class path is used, it either has to be passed in as a string or has to be escaped by double slashes.
Commits
-------
3604bb7018 Update UserPasswordEncoderCommand.php
This PR was merged into the 3.4 branch.
Discussion
----------
[Security] Replace 403 with 401 in `onAuthenticationFailure` method
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| Tickets | N/A
| License | MIT
| Doc PR | N/A
This comment in `onAuthenticationFailure` was misleading since a 401 status code should probably be returned instead of a 403.
Commits
-------
73bc793be2 Replace 403 with 401 in onAuthenticationFailure method
This PR was submitted for the master branch but it was merged into the 4.4 branch instead.
Discussion
----------
[PhpUnitBridge] fix getting the vendor/ dir for tests
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | -
Commits
-------
341dd5dd1d [PhpUnitBridge] fix getting the vendor/ dir for tests
This PR was merged into the 4.4 branch.
Discussion
----------
[PHPunit bridge] Provide current file as file path
I failed to apply perfectly this comment:
https://github.com/symfony/symfony/pull/33820#discussion_r338746158
It should fix one failing test in the bridge.
| Q | A
| ------------- | ---
| Branch? |4.4
| Bug fix? | not for the end user
| New feature? | no
| Deprecations? | no
| Tickets | n/a
| License | MIT
| Doc PR | n/a
<!--
Replace this notice by a short README for your feature/bugfix. This will help people
understand your PR and can be used as a start for the documentation.
Additionally (see https://symfony.com/roadmap):
- Always add tests and ensure they pass.
- Never break backward compatibility (see https://symfony.com/bc).
- Bug fixes must be submitted against the lowest maintained branch where they apply
(lowest branches are regularly merged to upper ones so they get the fixes too.)
- Features and deprecations must be submitted against branch master.
-->
Commits
-------
d5302cb5d2 Provide current file as file path
This PR was submitted for the 4.3 branch but it was merged into the 4.4 branch instead.
Discussion
----------
[DI] Unknown env prefix not recognized as such
| Q | A
| ------------- | ---
| Branch? | 4.3
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | Fix #... <!-- prefix each issue number with "Fix #", if any -->
| License | MIT
| Doc PR | symfony/symfony-docs#... <!-- required for new features -->
This is a failing test to illustrate the difference between real and fake env vars when using an unknown prefix, followed by the `default` prefix.
```
%env(unknown:default::REAL)%
// Unsupported env var prefix "unknown".
%env(unknown:default::FAKE)%
// null
```
For `default::FAKE` we get `null` at
38b9a27976/src/Symfony/Component/DependencyInjection/EnvVarProcessor.php (L103)
which is then preserved at
38b9a27976/src/Symfony/Component/DependencyInjection/EnvVarProcessor.php (L123)
need inspiration for a patch still :)
Commits
-------
550819a655 [DI] Unknown env prefix not regornized as such
This PR was merged into the 4.4 branch.
Discussion
----------
[DI] Fix support for multiple tags for locators and iterators
| Q | A
| ------------- | ---
| Branch? | 4.3
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| Tickets | Fix#34462, Fix#35326
| License | MIT
| Doc PR | none
Fix PriorityTaggedServiceTrait::findAndSortTaggedServices to work with multiple explicitely tagged services as would be expected by !tagged_locator. Also reorganize PriorityTaggedServiceTrait::findAndSortTaggedServices to be simpler and easier to understand.
Commits
-------
6fc91eb192 [DI] Fix support for multiple tags for locators and iterators
This PR was submitted for the 4.3 branch but it was squashed and merged into the 4.4 branch instead.
Discussion
----------
[PhpUnitBridge] Fix some errors when using serialized deprecations
| Q | A
| ------------- | ---
| Branch? | 4.3
| Bug fix? | yes
| New feature? | no <!-- please update src/**/CHANGELOG.md files -->
| Deprecations? | no <!-- please update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| Tickets | n/a
| License | MIT
| Doc PR | n/a
This PR attempts to fix conflicts that arose in #31478
Creating as a draft for now as I think having separate test methods no longer make sense (`isSelf()` and `isIndirect()` have been replaced with `getType()`). @l-vo please review and confirm I did not loose anything valuable from your original contribution.
Commits
-------
056d59824f [PhpUnitBridge] Fix some errors when using serialized deprecations
This PR was merged into the 4.4 branch.
Discussion
----------
Fix HTTP client config handling
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | -
Defining a `key` parameter in the `query` option of a scoped HTTP client triggers an error:
```
Undefined index: value
```
This PR fixes this issue but an edge case still remains with YAML and PHP config. If one wants to define parameters `key=foo`, `value=bar` and nothing else, the query will actually be `foo=bar` instead of `key=foo&value=bar`. Not sure how to fix this case without breaking the tests I added here.
Commits
-------
963d0cce86 Fix HTTP client config handling
This PR was merged into the 4.4 branch.
Discussion
----------
Fix CS
| Q | A
| ------------- | ---
| Branch? | 4.4 <!-- see below -->
| Bug fix? | no
| New feature? | no <!-- please update src/**/CHANGELOG.md files -->
| Deprecations? | no <!-- please update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| Tickets | <!-- prefix each issue number with "Fix #", if any -->
| License | MIT
| Doc PR | n/a
Commits
-------
de8348a033 Fix CS
This PR was merged into the 3.4 branch.
Discussion
----------
Fix CS
| Q | A
| ------------- | ---
| Branch? | 3.4 <!-- see below -->
| Bug fix? | no
| New feature? | no <!-- please update src/**/CHANGELOG.md files -->
| Deprecations? | no <!-- please update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| Tickets | n/a <!-- prefix each issue number with "Fix #", if any -->
| License | MIT
| Doc PR | n/a
Commits
-------
a3e49f30c7 Fix CS
* 3.4:
[Translation] Add missing use statement
[Translation][Debug] Add installation and minimal example to README
[Validator] try to call __get method if property is uninitialized
Fix handling of empty_data's \Closure value in Date/Time form types
This PR was merged into the 4.4 branch.
Discussion
----------
Add missing use statements
| Q | A
| ------------- | ---
| Branch? | 4.4 <!-- see below -->
| Bug fix? | yes
| New feature? | no <!-- please update src/**/CHANGELOG.md files -->
| Deprecations? | no <!-- please update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| Tickets | <!-- prefix each issue number with "Fix #", if any -->
| License | MIT
| Doc PR | n/a
Commits
-------
cd27b9d06f Add missing use statements
This PR was merged into the 4.4 branch.
Discussion
----------
Missing use statement 4.4
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | no <!-- please update src/**/CHANGELOG.md files -->
| Deprecations? | no <!-- please update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| Tickets | <!-- prefix each issue number with "Fix #", if any -->
| License | MIT
| Doc PR | n/a
Commits
-------
00baa290e8 [Translation] Add missing use statement
This PR was merged into the 3.4 branch.
Discussion
----------
[Form] Fix handling of empty_data's \Closure value in Date/Time form types
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | Fix#33188
| License | MIT
| Doc PR | -
Basically this would solve the posibility to pass a `\Closure` to the `empty_data` option for Date/Time form types.
> https://symfony.com/doc/current/reference/forms/types/form.html#empty-data
> If a form is compound, you can set empty_data as an array, object or **closure**. See the [How to Configure empty Data](https://symfony.com/doc/current/form/use_empty_data.html) for a Form Class article for more details about these options.
Also related to https://github.com/symfony/symfony/pull/29182
Commits
-------
4939f0e323 Fix handling of empty_data's \Closure value in Date/Time form types
This PR was merged into the 4.4 branch.
Discussion
----------
[Config][XmlReferenceDumper] Prevent potential \TypeError
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | https://github.com/symfony/symfony/issues/34841
| License | MIT
| Doc PR | -
`$key` can be null and `setName()` is now typed with `string`. Fallbacking on an empty string restores the behavior (and output) of < 5.0.
However, that shows that's a case we don't handle (yet) properly. But that's another task 😃
Commits
-------
e8ba15ed27 [Config][XmlReferenceDumper] Prevent potential \TypeError
This PR was submitted for the 4.3 branch but it was squashed and merged into the 4.4 branch instead (closes#35227).
Discussion
----------
[Mailer] Fix broken mandrill http send for recipients with names
| Q | A
| ------------- | ---
| Branch? | 4.3
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets |
| License | MIT
| Doc PR |
As specified in https://mandrillapp.com/api/docs/messages.JSON.html#method=send-raw, Mandrill API expects array of email addresses for `to` parameter.
Commits
-------
fbfe1ed423 [Mailer] Fix broken mandrill http send for recipients with names
This PR was squashed before being merged into the 4.4 branch (closes#35430).
Discussion
----------
[Translation] prefer intl domain when adding messages to catalogue
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets |
| License | MIT
| Doc PR |
This PR ensures that when adding translations to a catalogue using the `add(array $messages, string $domain = 'messages')` method internally the intl icu domain is checked first.
Otherwise it could happen that existing messages in e.g. `messages+intl-icu` are not updated but the same keys are added to `messages`.
This is a follow-up of #35370, now targeting the `4.4` branch.
Commits
-------
b72b7d3413 [Translation] prefer intl domain when adding messages to catalogue
This PR was merged into the 4.4 branch.
Discussion
----------
[DX][TwigBridge] Show both missing packages for NotificationMail in the same error message
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| Tickets | n/a
| License | MIT
| Doc PR | n/a
I ran `composer req twig` expecting to be ready to use the notification mail feature. After that, it required 2 page refreshes in the browser and 2 composer commands to be ready. This PR merges both missing packages into one error message, to improve developer experience.
Commits
-------
f462285381 Show both missing packages in the same error message
