This PR was submitted for the master branch but it was merged into the 3.4 branch instead (closes#36192).
Discussion
----------
[Validator] Add french "at least" constraint translations
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| License | MIT
Completion of PR https://github.com/symfony/symfony/pull/36165 by adding french translation for "at least" constraint.
Commits
-------
f885822350 Add french "at least" constraint translations
This PR was merged into the 3.4 branch.
Discussion
----------
[Security/Http] Remember me: allow to set the samesite cookie flag
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | -
Similar to #35605, since Chrome 80 is going to require the `samesite` attribute.
This is a cherry-pick of #27976
Commits
-------
f0ceb73397 [Security] Remember me: allow to set the samesite cookie flag
This PR was squashed before being merged into the 3.4 branch.
Discussion
----------
[Http Foundation] Fix clear cookie samesite
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | Fix#36107
| License | MIT
With Chrome Update 80, Cookies are required to be `secure` and `samesite=none` for cross site requests. However they are defaulted to `samesite=lax` if the samesite attribute is not set. In other words: developer has to explicitely opt-in for `samesite=none` in the case of a cross site request.
More details: https://chromestatus.com/feature/5088147346030592
We add the `samesite` argument to `clearCookie` method to allow developer to explicitely set this value.
Commits
-------
4bdea1f2e7 [Http Foundation] Fix clear cookie samesite
This PR was submitted for the 4.4 branch but it was squashed and merged into the 3.4 branch instead.
Discussion
----------
[Security] Check if firewall is stateless before checking for session/previous session
| Q | A
| ------------- | ---
| Branch? | 4.4 <!-- see below -->
| Bug fix? | yes
| New feature? | no <!-- please update src/**/CHANGELOG.md files -->
| Deprecations? | no <!-- please update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| Tickets | - <!-- prefix each issue number with "Fix #", if any -->
| License | MIT
| Doc PR | -
For one of our applications we had the issue that the session was always initialized, even for routes behind stateless firewalls. Using the redis session adapter this sometimes lead to exceptions if the connection failed. This change prevents the session from being initialized in the guard authentication handler for stateless firewalls
Commits
-------
9bb1230525 [Security] Check if firewall is stateless before checking for session/previous session
This PR was merged into the 3.4 branch.
Discussion
----------
[Form] Support customized intl php.ini settings
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | no
| License | MIT
| Doc PR | no
`IntlDateParser->parse()` behaves differently when `intl.error_level` and/or `intl.use_exceptions` are not 0.
This change makes sure `\IntlException` is caught when `intl.use_exceptions` is 1 and warnings thrown when `intl.error_level` is not 0 are ignored.
Commits
-------
61025d1d1b [Form] Support customized intl php.ini settings
`IntlDateParser->parse()` behaves differently when `intl.error_level` and/or `intl.use_exceptions` are not 0.
This change makes sure `\IntlException` is caught when `intl.use_exceptions` is 1 and warnings thrown when `intl.error_level` is not 0 are ignored.
This PR was merged into the 3.4 branch.
Discussion
----------
[Debug] fix for PHP 7.3.16+/7.4.4+
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | -
Should make tests green.
Follows https://github.com/php/php-src/pull/5206, which is part of PHP 7.4.4 and 7.3.16.
The same patch is needed on the ErrorHandler component in 4.4 of course.
Commits
-------
b3d9a8ac30 [Debug] fix for PHP 7.3.16+/7.4.4+
This PR was squashed before being merged into the 3.4 branch.
Discussion
----------
Prevent warning in proc_open()
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | none
| License | MIT
| Doc PR | none
In addition to returning `false`, `proc_open()` triggers a warning when it fails. For example:
> Warning: proc_open(): fork failed - Cannot allocate memory
When using the `ErrorHandler`, the warning gets promoted to an exception, and the next line, `if (! is_resource(...`, is not executed. This mutes the warning and ensures that the next line is always executed and the proper exception is thrown.
Commits
-------
d43833a821 Prevent warning in proc_open()
This PR was merged into the 3.4 branch.
Discussion
----------
[VarDumper] fix side-effect by not using mt_rand()
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | -
Reported by @bobthecow on Twitter: using `mt_rand()` breaks inspecting seeded calls to `mt_rand()`.
Should be replaced by a call to `md5(random_bytes(6))` on 4.4.
Commits
-------
8c85f91b9c [VarDumper] fix side-effect by not using mt_rand()
This PR was merged into the 3.4 branch.
Discussion
----------
Fix more quotes in exception messages
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | no <!-- please update src/**/CHANGELOG.md files -->
| Deprecations? | no <!-- please update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| Tickets | n/a <!-- prefix each issue number with "Fix #", if any -->
| License | MIT
| Doc PR | n/a
Commits
-------
4ab6156c5a Fix more quotes in exception messages
This PR was merged into the 3.4 branch.
Discussion
----------
[PropertyAccess][DX] Improved errors when reading uninitialized properties
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | kinda
| New feature? | no
| Deprecations? | no
| Tickets | Fix#36051
| License | MIT
| Doc PR | ~
An attempt to fix#36051 by providing better error messages when trying to read uninitialized properties either via calling a return-type-hinted method from PHP 7.0 or by accessing public-typed properties from PHP 7.4.
It would be nice to have a proper exception class in master.
Commits
-------
a71023ba65 [PropertyAccess] Improved errors when reading uninitialized properties
This PR was merged into the 3.4 branch.
Discussion
----------
[3.4] Minor fixes
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | -
Commits
-------
019350022c [3.4] Minor fixes
This PR was merged into the 3.4 branch.
Discussion
----------
Fix quotes in exception messages
| Q | A
| ------------- | ---
| Branch? | 3.4 <!-- see below -->
| Bug fix? | no
| New feature? | no <!-- please update src/**/CHANGELOG.md files -->
| Deprecations? | no <!-- please update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| Tickets | Fix#36067 <!-- prefix each issue number with "Fix #", if any -->
| License | MIT
| Doc PR | n/a
Commits
-------
48102d96f3 Fix quotes in exception messages
This PR was squashed before being merged into the 3.4 branch.
Discussion
----------
[FrameworkBundle] start session on flashbag injection
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | Fix [#33084](https://github.com/symfony/symfony/issues/33084)
| License | MIT
This PR addresses an issue whereby if the FlashBag is injected into the application using the default service configuration, we cannot rely that the session has been started. This behaviour is in contradiction to [the docs](https://symfony.com/doc/current/session.html#avoid-starting-sessions-for-anonymous-users):
> Sessions are automatically started whenever you read, write or even check for the existence of data in the session.
This is because symfony ensures the session has been started on calls to getFlashBag() which is normally how the flashbag will be accessed but this is not called if you inject the FlashBag directly into the container.
I have addressed this issue by changing the way the Flashbag service is built so that it uses Session as a factory service and getFlashBag as a factory method. This means that anywhere in symfony where FlashBag is injected can now rely on the fact the session is started.
I have also added a new functional test to verify this behaviour.
Commits
-------
e8b4d35616 [FrameworkBundle] start session on flashbag injection
This PR was squashed before being merged into the 3.4 branch.
Discussion
----------
[Validator] Remove commas in translations
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| License | MIT
These translations were originally modified in #21335.
Commits
-------
5688f97bad [Validator] Remove commas in translations
This PR was merged into the 3.4 branch.
Discussion
----------
Add missing dots at the end of exception messages
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | no <!-- please update src/**/CHANGELOG.md files -->
| Deprecations? | no <!-- please update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| Tickets | n/a <!-- prefix each issue number with "Fix #", if any -->
| License | MIT
| Doc PR | n/a
Commits
-------
bb8a66e3fc Add missing dots at the end of exception messages
This PR was merged into the 3.4 branch.
Discussion
----------
[Security/Core] fix some annotations
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | -
`RoleInterface` is deprecated, and we don't document deprecated ways in docblocks/exceptions.
Commits
-------
8e873d0b5b [Security/Core] fix some annotations
This PR was merged into the 3.4 branch.
Discussion
----------
fix import from config file using type: glob
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no <!-- please update src/**/CHANGELOG.md files -->
| Deprecations? | no <!-- please update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| Tickets |
| License | MIT
| Doc PR |
If you try to import configs with glob using
```
imports:
- { resource: '../dev/*.{php,xml,yaml,yml}', type: 'glob' }
```
it didn't work because the FileLoader resolves the glob pattern but forwards the glob type. This meant the resolver then choses the GlobFilerLoader again for each already resolved file which does not find the files. So in the end the glob was resolved but the files never imported.
The workaround is to remove the `type: glob` from the import above. But the real fix should be to not forward the glob type when it's already resolved.
Commits
-------
6b70511bc6 fix import from config file using type: glob
This PR was merged into the 3.4 branch.
Discussion
----------
[DoctrineBridge][DoctrineExtractor] Fix wrong guessed type for "json" type
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | https://github.com/symfony/symfony/issues/35968
| License | MIT
| Doc PR | -
After checking the code, it appears that `json` have a different behavior than `json_array`.
> In json_array doctrine was converting null or empty value to array, but json type doesn't do that
@norkunas is right about this. Consequently, we cannot safely guess a built in type for the `json` Doctrine type.
Commits
-------
f9f5f8df3e [DoctrineBridge][DoctrineExtractor] Fix wrong guessed type for "json" type
This PR was merged into the 3.4 branch.
Discussion
----------
[Intl][3.4] Bump ICU 66.1
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| Tickets | Fix #... <!-- prefix each issue number with "Fix #", if any -->
| License | MIT
| Doc PR | symfony/symfony-docs#... <!-- required for new features -->
<!--
Replace this notice by a short README for your feature/bugfix. This will help people
understand your PR and can be used as a start for the documentation.
Additionally (see https://symfony.com/releases):
- Always add tests and ensure they pass.
- Never break backward compatibility (see https://symfony.com/bc).
- Bug fixes must be submitted against the lowest maintained branch where they apply
(lowest branches are regularly merged to upper ones so they get the fixes too.)
- Features and deprecations must be submitted against branch master.
-->
See https://github.com/unicode-org/icu/releases/tag/release-66-1 (no data changes for us)
Commits
-------
2275689cf8 [Intl][3.4] Bump ICU 66.1
This PR was merged into the 3.4 branch.
Discussion
----------
[Form] Handle false as empty value on expanded choices
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | https://github.com/symfony/symfony/issues/31572
| License | MIT
| Doc PR | -
This is the 3.4 version of https://github.com/symfony/symfony/pull/32747. The tests are the same. The added code has to be removed from master (if accepted).
Commits
-------
1a366bc378 [Form] Handle false as empty value on expanded choices
This PR was merged into the 3.4 branch.
Discussion
----------
[FrameworkBundle] remove redundant PHPDoc in console Descriptor
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | no <!-- please update src/**/CHANGELOG.md files -->
| Deprecations? | no <!-- please update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| Tickets | None <!-- prefix each issue number with "Fix #", if any -->
| License | MIT
| Doc PR | N/A
The PHPDoc for some `describeXXX` methods in the abstract `Symfony\Bundle\FrameworkBundle\Console\Descriptor\Descriptor` was inaccurate or redundant.
I remove the PHPDoc in the superclass and the `{@inheritdoc}` in the child class as suggested by @chalasr in this PR comment https://github.com/symfony/symfony/pull/35995#discussion_r389846487
I keep the PHPDoc when it adds some explanation about the method or its params.
For exemple :
### inaccurate:
```php
/**
* Describes an InputArgument instance.
*/
abstract protected function describeRouteCollection(RouteCollection $routes, array $options = []);
/**
* Describes an InputOption instance.
*/
abstract protected function describeRoute(Route $route, array $options = []);
```
### redundant
```php
/**
* Describes container parameters.
*/
abstract protected function describeContainerParameters(ParameterBag $parameters, array $options = []);
/**
* Describes container tags.
*/
abstract protected function describeContainerTags(ContainerBuilder $builder, array $options = []);
```
### kept
```php
/**
* Describes event dispatcher listeners.
*
* Common options are:
* * name: name of listened event
*/
abstract protected function describeEventDispatcherListeners(EventDispatcherInterface $eventDispatcher, array $options = []);
/**
* Describes a callable.
*
* @param mixed $callable
*/
abstract protected function describeCallable($callable, array $options = []);
```
<!--
Replace this notice by a short README for your feature/bugfix. This will help people
understand your PR and can be used as a start for the documentation.
Additionally (see https://symfony.com/releases):
- Always add tests and ensure they pass.
- Never break backward compatibility (see https://symfony.com/bc).
- Bug fixes must be submitted against the lowest maintained branch where they apply
(lowest branches are regularly merged to upper ones so they get the fixes too.)
- Features and deprecations must be submitted against branch master.
-->
Commits
-------
e535e7d2ff [FrameworkBundle] remove redundant PHPDoc in console Descriptor and subclass