This PR was squashed before being merged into the 3.3 branch (closes#23799).
Discussion
----------
[Dotenv][WebServerBundle] Override previously loaded variables
| Q | A
| ------------- | ---
| Branch? | 3.3
| Bug fix? | yes
| New feature? | no
| BC breaks? | yes
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #23723
| License | MIT
This PR implements @nicolas-grekas's idea about how we could refresh loaded environment variables. See his comment https://github.com/symfony/symfony/issues/23723#issuecomment-320455669
Commits
-------
c5a1218555 [Dotenv][WebServerBundle] Override previously loaded variables
This PR was merged into the 3.3 branch.
Discussion
----------
[DI] Use GlobResource for non-tracked directories
| Q | A
| ------------- | ---
| Branch? | 3.3
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
I noticed that some of my excluded directories are still tracked by the container and changes to files inside them make it recompile. This brought me to the `$trackContents || is_dir($path)` line introduced in #21505.
Commits
-------
048eb18 [DI] Use GlobResource for non-tracked directories
This PR was merged into the 3.3 branch.
Discussion
----------
[DI] Fix merging of env vars in configs
| Q | A
| ------------- | ---
| Branch? | 3.3
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #22561, #23520
| License | MIT
| Doc PR | -
Commits
-------
00b9273 [DI] Fix merging of env vars in configs
This PR was merged into the 3.3 branch.
Discussion
----------
[DI] Fix reading env vars from fastcgi params
| Q | A
| ------------- | ---
| Branch? | 3.3
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #23348
| License | MIT
| Doc PR | -
Values in fastcgi_param populate `$_SERVER`, never `$_ENV`.
This PR makes `$container->getEnv()` read from `$_SERVER`, excluding any vars whose name start by `HTTP_` as that would be a security issue (values injection via HTTP headers.)
Embeds a few other fixes found meanwhile.
Commits
-------
adff65a [DI] Fix reading env vars from fastcgi params
This PR was merged into the 3.3 branch.
Discussion
----------
[VarDumper] play nice with open_basedir when looking for composer.json
| Q | A
| ------------- | ---
| Branch? | 3.3
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #23661
| License | MIT
| Doc PR | -
ping @pounard, can you please confirm this fixes the issue you reported?
Commits
-------
1bea774 [VarDumper] play nice with open_basedir when looking for composer.json
This PR was merged into the 3.3 branch.
Discussion
----------
Allow phpdocumentor/reflection-docblock 4
| Q | A
| ------------- | ---
| Branch? | 3.3
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | none
| License | MIT
| Doc PR | N/A
The PHPDocumentor team bumped their reflection-docblock library to version 4 due to a breaking change that should not affect Symfony, as far as I can tell. This PR indicates compatibility with the new major version.
Commits
-------
1a5fd79 Allow phpdocumentor/reflection-docblock 4.
This PR was merged into the 2.7 branch.
Discussion
----------
[HttpKernel] Clean test directory on tear down
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
I've been bitten by this leftover too often.
Commits
-------
0a3dc11 [HttpKernel] Clean test directory on tear down
This PR was merged into the 3.3 branch.
Discussion
----------
[Console] Remove useless http-kernel dev dep
| Q | A
| ------------- | ---
| Branch? | 3.3
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
Commits
-------
8cbf094 [Console] Remove useless http-kernel dev dep
This PR was merged into the 3.3 branch.
Discussion
----------
restrict reflection doc block
| Q | A
| ------------- | ---
| Branch? | 3.1, 3.2, 3.3, master
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| License | MIT
I think we should have same behavior on 2.8 and 3.0 but there `phpdocumentor/reflection` is required and i whanted to avoid conflicts.
### Reason:
The version 3.2.0 and 3.2.1 of phpdocumentor/reflection-docblock is really broken. All Annotations lide `@api`, means without any bracket, leads to errors like `Uninitialized string offset: 0`. We in the CMF do not require that bundle directly, but symfony does and so we get braking builds.
Commits
-------
6760127 restrict reflection doc block
* 3.2:
[DebugBundle] Reword an outdated comment about var dumper wiring
Ignore memcached missing key error on dession destroy
bumped Symfony version to 3.2.14
updated VERSION for 3.2.13
updated CHANGELOG for 3.2.13
* 2.8:
fixed CS
[2.8] Modify 2.8 upgrade doc - key option is deprecated.
[DebugBundle] Reword an outdated comment about var dumper wiring
[DI] Fix some docblocks
Ignore memcached missing key error on dession destroy
Github template: Remove EOM 3.2 from branch suggestion
[Security] Fix security.interactive_login event const doc block
Avoid infinite loops when profiler data is malformed
[Bridge\ProxyManager] Dont call __destruct() on non-instantiated services
Docblock improvement
bumped Symfony version to 2.8.27
updated VERSION for 2.8.26
updated CHANGELOG for 2.8.26
bumped Symfony version to 2.7.34
updated VERSION for 2.7.33
update CONTRIBUTORS for 2.7.33
updated CHANGELOG for 2.7.33
[HttpFoundation] Generate safe fallback filename for wrongly encoded filename
This PR was merged into the 2.7 branch.
Discussion
----------
Ignore memcached missing key error on session destroy
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #18574
| License | MIT
| Doc PR | NA
Since PHP 7 session_regenerate_id triggers a warning when the session is not started.
This PR, changes the behaviours of session_destroy in the `MemcachedSessionHandler` by returning true when the user try to delete a non-existing session.
Other handler:
- LegacyPdoSessionHandler => don't check if key exists
- MongoDbSessionHandler => don't check if key exists
- NullSessionHandler => always true
- PdoSessionHandler => don't check if key exists
Commits
-------
29538b621c Ignore memcached missing key error on dession destroy
This PR was merged into the 3.3 branch.
Discussion
----------
Fixed the exception page design in responsive mode
| Q | A
| ------------- | ---
| Branch? | 3.3
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
I broke the design of the exception pages in responsive mode between Symfony 3.3.5 and 3.3.6:
### Symfony 3.3.5
![sf-335](https://user-images.githubusercontent.com/73419/29074568-127cbf92-7c50-11e7-9e4e-51ad1c61e03c.png)
### Symfony 3.3.6
![sf-336](https://user-images.githubusercontent.com/73419/29074567-11d38b48-7c50-11e7-9114-036cbe4d07e9.png)
---
This PR fixes the issue and also removes some CSS leftovers used during the redesign.
Commits
-------
cd8af2284d Fixed the exception page design in responsive mode
This PR was merged into the 3.3 branch.
Discussion
----------
[Cache] Hash cache key on save
| Q | A
| ------------- | ---
| Branch? | 3.3
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | ye
| Fixed tickets | n.A.
| License | MIT
| Doc PR | n.A.
Cache keys are not hashed right now in adapters extending from `AbstractAdapter`. This PR fixes this. I am not familiar enough with the cache test suite so I don't know where to add an regression test.
Commits
-------
94b1b12 Hash cache keys on save
This PR was merged into the 3.3 branch.
Discussion
----------
[HttpKernel] Remove isset call used for legacy
| Q | A
| ------------- | ---
| Branch? | 3.3 <!-- see comment below -->
| Bug fix? | no
| New feature? | no <!-- don't forget updating src/**/CHANGELOG.md files -->
| BC breaks? | no
| Deprecations? | no <!-- don't forget updating UPGRADE-*.md files -->
| Tests pass? | yes
| Fixed tickets | N/A <!-- #-prefixed issue number(s), if any -->
| License | MIT
| Doc PR | N/A
Added in #9628 in which the request stack dependency was nullable. Forgotten to be removed in #14634.
Commits
-------
e0a6010 [HttpKernel] Remove isset call used for legacy
This PR was merged into the 2.7 branch.
Discussion
----------
[HttpFoundation] Generate safe fallback filename for wrongly encoded filename
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
This handles the case where the encoding of a random string cannot be detected. Until now this causes a PHP Warning `mb_strlen(): Unknown encoding ""`.
Commits
-------
8fd5569 [HttpFoundation] Generate safe fallback filename for wrongly encoded filename
* 2.8:
[Bridge\ProxyManager] Dont call __destruct() on non-instantiated services
Docblock improvement
bumped Symfony version to 2.8.27
updated VERSION for 2.8.26
updated CHANGELOG for 2.8.26
bumped Symfony version to 2.7.34
updated VERSION for 2.7.33
update CONTRIBUTORS for 2.7.33
updated CHANGELOG for 2.7.33
This PR was merged into the 3.3 branch.
Discussion
----------
Bump minimal PHP version to ^5.5.9|>=7.0.8
| Q | A
| ------------- | ---
| Branch? | 3.3
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #22973
| License | MIT
| Doc PR | -
As spotted in the linked issue, because of https://bugs.php.net/72229.
Commits
-------
2282a6f Bump minimal PHP version to ^5.5.9|>=7.0.8
This PR was merged into the 3.3 branch.
Discussion
----------
[Form] Removed useless argument $definition
| Q | A
| ------------- | ---
| Branch? | 3.3
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
After https://github.com/symfony/symfony/pull/22175/files this argument is not used anymore.
Commits
-------
81396c7fac Removed useless argument $definition
This PR was merged into the 2.7 branch.
Discussion
----------
[Console] Fix passing options with defaultCommand
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
Seems like overwriting input for the default command is not needed (anymore?). I don't know where the removed comment comes from originally.
Use case: i want to call default command and use options at the same time:
app/console --abc=true
Commits
-------
761de99552 Fix passing options with defaultCommand
* 3.2:
[DI] Remove unused props from the PhpDumper
[ProxyManager] Cleanup fixtures
[Debug] HTML-escape array key
Add some phpdocs for IDE autocompletion and better SCA
Fixed typo in docblock
* 2.8:
[DI] Remove unused props from the PhpDumper
[ProxyManager] Cleanup fixtures
[Debug] HTML-escape array key
Add some phpdocs for IDE autocompletion and better SCA
Fixed typo in docblock
* 2.7:
[DI] Remove unused props from the PhpDumper
[ProxyManager] Cleanup fixtures
[Debug] HTML-escape array key
Add some phpdocs for IDE autocompletion and better SCA
This PR was merged into the 2.8 branch.
Discussion
----------
Fixed typo in docblock in AuthenticationExpiredException
| Q | A
| ------------- | ---
| Branch? | 2.8
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | ~
| License | MIT
| Doc PR | ~
Found a small typo, applied it in the lowest branch possible.
Commits
-------
432d2de Fixed typo in docblock
This PR was merged into the 2.7 branch.
Discussion
----------
[Form] Add some phpdocs for IDE autocompletion and better SCA
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
@ogizanagi I've tryed add single phpdoc `@method FormInterface[] getIterator()` to `FormInterface` but it not works correctly in PHPStorm. Have you any ideas?
<!--
- Bug fixes must be submitted against the lowest branch where they apply
(lowest branches are regularly merged to upper ones so they get the fixes too).
- Features and deprecations must be submitted against the 3.4,
legacy code removals go to the master branch.
- Please fill in this template according to the PR you're about to submit.
- Replace this comment by a description of what your PR is solving.
-->
Commits
-------
d30c751781 Add some phpdocs for IDE autocompletion and better SCA
This PR was merged into the 2.7 branch.
Discussion
----------
[Debug] Missing escape in debug output
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
When pretty-printing an exception, the debug handler does not properly escape array keys.
The problem only occurs when debug output is enabled, so this is not considered a [security issue](http://symfony.com/doc/current/contributing/code/security.html) (according to @fabpot), because the debug tools [should not be used in production](https://symfony.com/doc/current/components/debug.html#usage).
A test for this is included in my patch for #18722.
Commits
-------
636777d [Debug] HTML-escape array key
This PR was merged into the 3.3 branch.
Discussion
----------
[VarDumper] Dont use Stub objects for arrays - lower GC pressure
| Q | A
| ------------- | ---
| Branch? | 3.3
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #23644
| License | MIT
| Doc PR | -
Several recent profiles have shown that VarDumper triggers the garbage collector quite often, leading to high CPU usage. The reason for this is that internally, VarCloner creates one Stub object per array+object+resource.
This PR removes the need for Stub objects for each arrays, replacing them with stub arrays. This should almost remove the GC pressure, since the number of Stub objects now has the same magnitude than the number of dumped objects.
Meanwhile, this PR removes any use of the `symfony_debug` extension, which is mostly useless anyway. This helps make the code simpler (really :) ), thus helps maintenance (eg merging up to master.)
I also changed the values of the constants defined in the Stub class, and removed the corresponding Data::mapStubConsts() method. Since the serialized format has changed (and we have to do it as there is no other way to fix this GC issue), there is no need to keep any sort of compat mapping there.
Commits
-------
0d5012d20e [VarDumper] Dont use Stub objects for arrays
* 3.2:
[DI] use assertStringEqualsFile when possible
[VarDumper] Adapt to php 7.2 changes
[DI] Fix using private services in expressions
[Form][TwigBridge] Don't render _method in form_rest() for a child form
[Form] Static call TimezoneType::getTimezones
Removed references for non existent validator constraints
Remove unused mocks/vars
[DoctrineBridge][PropertyInfo] Added support for Doctrine Embeddables
[Validator] Fix IbanValidator for ukrainian IBANs
* 2.8:
[DI] use assertStringEqualsFile when possible
[VarDumper] Adapt to php 7.2 changes
[Form][TwigBridge] Don't render _method in form_rest() for a child form
[DoctrineBridge][PropertyInfo] Added support for Doctrine Embeddables
[Validator] Fix IbanValidator for ukrainian IBANs
* 2.7:
[DI] use assertStringEqualsFile when possible
[VarDumper] Adapt to php 7.2 changes
[Form][TwigBridge] Don't render _method in form_rest() for a child form
[Validator] Fix IbanValidator for ukrainian IBANs
This PR was merged into the 2.7 branch.
Discussion
----------
[DI] use assertStringEqualsFile when possible
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
To make failure reporting more accurate, and maintaining tests easier (assertStringEqualsFile is already heavily used in the same file.)
Commits
-------
eebae7e [DI] use assertStringEqualsFile when possible
This PR was merged into the 3.3 branch.
Discussion
----------
[Cache] Handle serialization failures for Memcached
| Q | A
| ------------- | ---
| Branch? | 3.3
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
Fixes two issues with serialization + memcached: with the memcached extension, the default serializer is automatically selected as igbinary when possible, native php otherwise. That creates obvious migration/portability issues (ie just installing igbinary wipes out the value of your cache.)
Then, handling unserializing failures (esp. "php_incomplete_class") is a paramount feature of the component. You must be able to deal with migrating you code base without being blocked by some legacy serialized data.
Commits
-------
cccc88f [Cache] Handle unserialization failures for Memcached
This PR was merged into the 3.2 branch.
Discussion
----------
[DI] Fix using private services in expressions
| Q | A
| ------------- | ---
| Branch? | 3.2
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
Since 3.2, fetching private services via `$container->get()` is deprecated.
This makes it impossible to use a private service in an expression.
Until this PR :)
Commits
-------
f3da6cf [DI] Fix using private services in expressions
This PR was merged into the 3.3 branch.
Discussion
----------
[DI][Bug] Autowiring thinks optional args on core classes are required
| Q | A
| ------------- | ---
| Branch? | 3,3
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | none
| License | MIT
| Doc PR | n/a
Currently, the following fails:
```yml
services:
PDO:
class: PDO
arguments:
- 'sqlite:/foo.db'
```
The error:
> Cannot autowire service "PDO": argument "$username" of method "__construct()" must have a type-hint or be given a value explicitly
`$username` is the second argument to `PDO`, and it's optional. Here's the reason: it appears that `$parameter->isDefaultValueAvailable()` returns false for optional arguments of core classes. But, `$parameter->isOptional()` returns true.
This allows optional arguments to not throw an exception. I can't think of any edge cases this will cause - but it's possible I'm not thinking of something :).
Cheers!
Commits
-------
178a0f73b7 Fixing a bug where if a core class was autowired, autowiring tried to autowire optional args as if they were required
* 3.2:
use Precise on Travis to keep PHP LDAP support
Fix case sensitive sameSite cookie
[PropertyInfo] Use rawurlencode to escape PSR-6 keys
fix(security): ensure the 'route' index is set before attempting to use it
[WebProfilerBundle] Fix full sized dump hovering in toolbar
* 2.8:
use Precise on Travis to keep PHP LDAP support
fix(security): ensure the 'route' index is set before attempting to use it
[WebProfilerBundle] Fix full sized dump hovering in toolbar
This PR was merged into the 3.3 branch.
Discussion
----------
[Config] Minor fix
| Q | A
| ------------- | ---
| Branch? | 3.3
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
My bad.
BTW @javiereguiluz I confirm my diagnosis on #23573
Here is the last exception in that error page:
![capture du 2017-07-19 09-37-41](https://user-images.githubusercontent.com/243674/28355877-2bc71b5e-6c66-11e7-8e53-a88c42bec4e5.png)
Commits
-------
fa0b942 [Config] Minor fix
This PR was merged into the 3.3 branch.
Discussion
----------
[Config] Make ClassExistenceResource throw on invalid parents
| Q | A
| ------------- | ---
| Branch? | 3.3
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #23564
| License | MIT
| Doc PR | -
Let's throw a more specific exception when a parent class/interface/trait is missing.
Fine tunes #23041
Commits
-------
53b01903ce [Config] Make ClassExistenceResource throw on invalid parents
This PR was merged into the 3.2 branch.
Discussion
----------
[DI] Change "this" to "that" in `findAndSortTaggedServices` doc to reduce confusion
Continuation of PR #23578 which I royally messed up.....
| Q | A
| ------------- | ---
| Branch? | 3.2
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| License | MIT
| Doc PR | None
I know this is extremely minor, but reading the description of this method, I got confused. Wondering if it's just me.
Where it says:
> The order of additions must be respected for services having the same priority, and knowing that the \SplPriorityQueue class does not respect the FIFO method, we should not use **this** class.
Should it not say "we should not use **that** class"?
Commits
-------
04b7b04b65 Change "this" to "that" to avoid confusion
* 3.2:
[DI] Resolve aliases earlier
[DI] Mark Container::$privates as internal
bumped Symfony version to 3.2.13
updated VERSION for 3.2.12
updated CHANGELOG for 3.2.12
bumped Symfony version to 2.8.26
updated VERSION for 2.8.25
updated CHANGELOG for 2.8.25
bumped Symfony version to 2.7.33
updated VERSION for 2.7.32
update CONTRIBUTORS for 2.7.32
updated CHANGELOG for 2.7.32
* 2.8:
[DI] Resolve aliases earlier
bumped Symfony version to 2.8.26
updated VERSION for 2.8.25
updated CHANGELOG for 2.8.25
bumped Symfony version to 2.7.33
updated VERSION for 2.7.32
update CONTRIBUTORS for 2.7.32
updated CHANGELOG for 2.7.32
* 2.7:
[DI] Resolve aliases earlier
bumped Symfony version to 2.7.33
updated VERSION for 2.7.32
update CONTRIBUTORS for 2.7.32
updated CHANGELOG for 2.7.32
This PR was merged into the 2.7 branch.
Discussion
----------
[DI] Resolve aliases earlier
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
Not a bug fix because a compiler pass already resolves aliases, but makes reasoning locally about the code easier.
Commits
-------
9922827cc2 [DI] Resolve aliases earlier
phpdocumentor/reflection-docblock included a change in release 3.2.0
which required a tag to be followed by a space. This conflicts with our
use of the `@Group` annotation:
```php
/**
* @var \DateTime[]
* @Groups({"a", "b"})
*/
public $collection;
```
* 3.2:
[Security] Fix wrong term in UserProviderInterface
[HttpFoundation] Set meta refresh time to 0 in RedirectResponse content
disable inlining deprecated services
[Cache] add constructor docblocks for clarity
[Security] validate empty passwords again
[DI] Remove irrelevant comment from container
[TwigBridge] cleaner implementation of the TwigRenderer
* 2.8:
[Security] Fix wrong term in UserProviderInterface
[HttpFoundation] Set meta refresh time to 0 in RedirectResponse content
disable inlining deprecated services
[Security] validate empty passwords again
[DI] Remove irrelevant comment from container
[TwigBridge] cleaner implementation of the TwigRenderer
* 2.7:
[Security] Fix wrong term in UserProviderInterface
[HttpFoundation] Set meta refresh time to 0 in RedirectResponse content
[Security] validate empty passwords again
[DI] Remove irrelevant comment from container
[TwigBridge] cleaner implementation of the TwigRenderer
This PR was merged into the 2.7 branch.
Discussion
----------
[Security] validate empty passwords again
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | https://github.com/symfony/symfony/pull/23341#issuecomment-315341226
| License | MIT
| Doc PR |
It looks like this part of #23341 causes serious security issues for some users who rely on the validator to also compare the empty string with their user's password (see for example https://github.com/symfony/symfony/pull/23341#issuecomment-315341226). Thus I suggest to revert this part of #23341.
Commits
-------
878198cefa [Security] validate empty passwords again
This PR was merged into the 2.7 branch.
Discussion
----------
[DI] Remove irrelevant comment from container
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes-ish
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #... <!-- #-prefixed issue number(s), if any -->
| License | MIT
| Doc PR | symfony/symfony-docs#... <!--highly recommended for new features-->
Spotted in #22811
Commits
-------
595a225a0f [DI] Remove irrelevant comment from container
* 3.2:
[DI] Handle root namespace in service definitions
Use rawurlencode() to transform the Cookie into a string
[Security] Fix authentication.failure event not dispatched on AccountStatusException
* 2.8:
[DI] Handle root namespace in service definitions
Use rawurlencode() to transform the Cookie into a string
[Security] Fix authentication.failure event not dispatched on AccountStatusException
* 2.7:
[DI] Handle root namespace in service definitions
Use rawurlencode() to transform the Cookie into a string
[Security] Fix authentication.failure event not dispatched on AccountStatusException
This PR was squashed before being merged into the 2.7 branch (closes#23468).
Discussion
----------
[DI] Handle root namespace in service definitions
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #... <!-- #-prefixed issue number(s), if any -->
| License | MIT
| Doc PR | symfony/symfony-docs#... <!--highly recommended for new features-->
Fixes
```
Cannot dump definition because of invalid class name ('\\stdClass')
```
for
```yaml
services:
foo: {class: '\stdClass' }
```
`ContainerBuilder` allows it, so `PhpDumper` should as well.
Commits
-------
05170c8 [DI] Handle root namespace in service definitions
This PR was merged into the 3.3 branch.
Discussion
----------
[Process] Fix parsing args on Windows
| Q | A
| ------------- | ---
| Branch? | 3.3
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #23455
| License | MIT
| Doc PR | -
Commits
-------
8826da1 [Process] Fix parsing args on Windows
This PR was merged into the 2.7 branch.
Discussion
----------
[Security] Fix authentication.failure event not dispatched on AccountStatusException
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | https://github.com/symfony/symfony/issues/18807
| License | MIT
| Doc PR | n/a
Authentication fails if the user exists but its account is disabled/expired/locked, the failure event should be dispatched in this case, so that you can hook into as for any authentication exception.
Commits
-------
64c2efd [Security] Fix authentication.failure event not dispatched on AccountStatusException
* 3.2:
Don't display the Symfony debug toolbar when printing the page
do not wire namespaces for the ArrayAdapter
[Cache] Added test for ApcuAdapter when using in CLI
allow to configure custom formats in XML configs
[HttpKernel] fix DumpDataCollector tests
[FrameworkBundle] fix changelog
[WebProfilerBundle] Cleanup profiler leftover
require the XML PHP extension
Fix phpdoc for serializer normalizers exceptions
Fixed absolute url generation for query strings and hash urls
bumped Symfony version to 2.8.25
updated VERSION for 2.8.24
updated CHANGELOG for 2.8.24
bumped Symfony version to 2.7.32
[Filesystem] Dont copy perms when origin is remote
updated VERSION for 2.7.31
update CONTRIBUTORS for 2.7.31
updated CHANGELOG for 2.7.31
* 2.8:
Don't display the Symfony debug toolbar when printing the page
allow to configure custom formats in XML configs
require the XML PHP extension
Fixed absolute url generation for query strings and hash urls
bumped Symfony version to 2.8.25
updated VERSION for 2.8.24
updated CHANGELOG for 2.8.24
bumped Symfony version to 2.7.32
[Filesystem] Dont copy perms when origin is remote
updated VERSION for 2.7.31
update CONTRIBUTORS for 2.7.31
updated CHANGELOG for 2.7.31
* 2.7:
allow to configure custom formats in XML configs
require the XML PHP extension
Fixed absolute url generation for query strings and hash urls
bumped Symfony version to 2.7.32
[Filesystem] Dont copy perms when origin is remote
updated VERSION for 2.7.31
update CONTRIBUTORS for 2.7.31
updated CHANGELOG for 2.7.31
The normalizers throw exceptions. They need to be documented for DX
in the normalizer/denormalizer interfaces.
[Serializer] fit Symfony phpdoc standard
It also adds meaning of each exception throw.
Fix grammary in phpdoc
* 3.2:
[DI][Security] Prevent unwanted deprecation notices when using Expression Languages
bumped Symfony version to 3.2.12
updated VERSION for 3.2.11
updated CHANGELOG for 3.2.11
This PR was merged into the 2.7 branch.
Discussion
----------
[Filesystem] Dont copy perms when origin is remote
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #23312
| License | MIT
| Doc PR | -
Commits
-------
7b442211dc [Filesystem] Dont copy perms when origin is remote
* 3.2:
fixed bad merge
[Cache] Handle APCu failures gracefully
[FrameworkBundle] Do not remove files from assets dir
bumped Symfony version to 3.2.11
updated VERSION for 3.2.10
updated CHANGELOG for 3.2.10
bumped Symfony version to 2.8.24
updated VERSION for 2.8.23
updated CHANGELOG for 2.8.23
bumped Symfony version to 2.7.31
updated VERSION for 2.7.30
update CONTRIBUTORS for 2.7.30
updated CHANGELOG for 2.7.30
* 2.7:
[FrameworkBundle] Do not remove files from assets dir
bumped Symfony version to 2.7.31
updated VERSION for 2.7.30
update CONTRIBUTORS for 2.7.30
updated CHANGELOG for 2.7.30
* 3.2:
Misspelled word
Display a better error design when the toolbar cannot be displayed
do not validate empty values
[Cache] fix cleanup of expired items for PdoAdapter
[Console] fix description of INF default values
[PropertyAccess] Fix TypeError discard
[Validator] Throw exception on Comparison constraints null options
Identify tty tests in Component/Process
[Workflow] Added more events to the announce function
[Validator] Remove property path suggestion for using the Expression validator
[WebProfilerBundle] Fix css trick used for offsetting html anchor from fixed header
[Security] Fix annotation
* 2.8:
Misspelled word
Display a better error design when the toolbar cannot be displayed
do not validate empty values
[Console] fix description of INF default values
[PropertyAccess] Fix TypeError discard
[Validator] Throw exception on Comparison constraints null options
Identify tty tests in Component/Process
[Security] Fix annotation
* 2.7:
Misspelled word
Display a better error design when the toolbar cannot be displayed
do not validate empty values
[Console] fix description of INF default values
[PropertyAccess] Fix TypeError discard
[Validator] Throw exception on Comparison constraints null options
Identify tty tests in Component/Process
[Security] Fix annotation
This PR was merged into the 2.7 branch.
Discussion
----------
[DoctrineBridge][Security][Validator] do not validate empty values
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #23319
| License | MIT
| Doc PR |
Nearly all validators operating on scalar values (except for some special constraints) do ignore empty values. If you want to forbid them, you have to use the `NotBlank` constraint instead.
Commits
-------
fd7ad234bc do not validate empty values
This PR was merged into the 3.3 branch.
Discussion
----------
[Security] Fix Firewall ExceptionListener priority
| Q | A
| ------------- | ---
| Branch? | 3.3
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #23253
| License | MIT
| Doc PR | n/a
When making EventDispatcher able to lazy load listeners, we stopped using `ContainerAwareEventDispatcher::addListenerService/addSubcriberService`, we use `EventDispatcher::addListener()` instead. This change makes that the order of listeners is different than before, because `ContainerAwareEventDispatcher` calls `addListener()` tardily so that factories are never stored in `EventDispatcher::$listeners`.
Example diff due to the behavior change in 3.3 (registering an `AppBundle\ExceptionListener::doCatch()` exception listener in the fullstack):
3.2
----
```php
array:5
0 => "Symfony\Component\Security\Http\Firewall\ExceptionListener::onKernelException"
1 => "AppBundle\ExceptionListener::doCatch"
2 => "Symfony\Component\HttpKernel\EventListener\ProfilerListener::onKernelException"
3 => "Symfony\Bundle\SwiftmailerBundle\EventListener\EmailSenderListener::onException"
4 => "Symfony\Component\HttpKernel\EventListener\ExceptionListener::onKernelException"
]
```
3.3
----
```php
array:5 [
0 => "AppBundle\ExceptionListener::doCatch"
1 => "Symfony\Component\HttpKernel\EventListener\ProfilerListener::onKernelException"
2 => "Symfony\Bundle\SwiftmailerBundle\EventListener\EmailSenderListener::onException"
3 => "Symfony\Component\Security\Http\Firewall\ExceptionListener::onKernelException"
4 => "Symfony\Component\HttpKernel\EventListener\ExceptionListener::onKernelException"
]
```
(that is what breaks #23253, the lazy listener is called before the runtime firewall exception listener on dispatch).
This fixes the order by increasing the security exception listener priority.
Commits
-------
8014b38055 [Security] Fix Firewall ExceptionListener priority
This PR was merged into the 3.2 branch.
Discussion
----------
[Validator] Remove property path suggestion for using the Expression validator
| Q | A
| ------------- | ---
| Branch? | 3.2 <!-- see comment below -->
| Bug fix? | no
| New feature? | no <!-- don't forget updating src/**/CHANGELOG.md files -->
| BC breaks? | no
| Deprecations? | no <!-- don't forget updating UPGRADE-*.md files -->
| Tests pass? | yes
| Fixed tickets | N/A <!-- #-prefixed issue number(s), if any -->
| License | MIT
| Doc PR | N/A
This suggestion is erroneous since #17398 removed any usage of the PropertyAccess component within the Validator one, so it's not even required anymore by the ExpressionValidator.
Commits
-------
e9e1534cde [Validator] Remove property path suggestion for using the Expression validator
This PR was merged into the 2.7 branch.
Discussion
----------
[Validator] Throw exception on Comparison constraints null options
| Q | A
| ------------- | ---
| Branch? | 2.7 <!-- see comment below -->
| Bug fix? | no. There is no bug, but the constraint can be silently created in an invalid state.
| New feature? | no <!-- don't forget updating src/**/CHANGELOG.md files -->
| BC breaks? | no
| Deprecations? | no <!-- don't forget updating UPGRADE-*.md files -->
| Tests pass? | yes (failure unrelated)
| Fixed tickets | N/A <!-- #-prefixed issue number(s), if any -->
| License | MIT
| Doc PR | N/A
Commits
-------
2de59a7381 [Validator] Throw exception on Comparison constraints null options
* 3.2:
fixed tests
swiftmailer bridge is gone
[TwigBundle] add back exception check
Dont call count on non countable object
Fix undefined variable $filesystem
* 3.2: (42 commits)
Show exception is checked twice in ExceptionController of twig
allow SSI fragments configuration in XML files
Display a better error message when the toolbar cannot be displayed
render hidden _method field in form_rest()
Add Doctrine Cache to dev dependencies to fix failing unit tests.
return fallback locales whenever possible
[Console] Fix catching exception type in QuestionHelper
[WebProfilerBundle] Eliminate line wrap on count columnt (routing)
[Routing] Fix XmlFileLoader exception message
[Translation] Fix FileLoader::loadResource() php doc
Sessions: configurable "use_strict_mode" option for NativeSessionStorage
[FrameworkBundle] [Command] Clean bundle directory, fixes#23177
Reset redirectCount when throwing exception
[TwigBundle] Remove template.xml services when templating is disabled
add content-type header on exception response
Embedding a response that combines expiration and validation, that should not defeat expiration on the combined response
fixed bad merge
Fix two edge cases in ResponseCacheStrategy
[Routing] Expose request in route conditions, if needed and possible
[Routing] Expose request in route conditions, if needed and possible
...
* 2.8: (40 commits)
Show exception is checked twice in ExceptionController of twig
allow SSI fragments configuration in XML files
Display a better error message when the toolbar cannot be displayed
render hidden _method field in form_rest()
return fallback locales whenever possible
[Console] Fix catching exception type in QuestionHelper
[WebProfilerBundle] Eliminate line wrap on count columnt (routing)
[Routing] Fix XmlFileLoader exception message
[Translation] Fix FileLoader::loadResource() php doc
Sessions: configurable "use_strict_mode" option for NativeSessionStorage
[FrameworkBundle] [Command] Clean bundle directory, fixes#23177
Reset redirectCount when throwing exception
[TwigBundle] Remove template.xml services when templating is disabled
add content-type header on exception response
Embedding a response that combines expiration and validation, that should not defeat expiration on the combined response
Fix two edge cases in ResponseCacheStrategy
[Routing] Expose request in route conditions, if needed and possible
[Routing] Expose request in route conditions, if needed and possible
[Translation][FrameworkBundle] Fix resource loading order inconsistency reported in #23034
[Filesystem] added workaround in Filesystem::rename for PHP bug
...
* 2.7:
Show exception is checked twice in ExceptionController of twig
allow SSI fragments configuration in XML files
Display a better error message when the toolbar cannot be displayed
render hidden _method field in form_rest()
return fallback locales whenever possible
This PR was merged into the 2.8 branch.
Discussion
----------
[Console] Fix catching exception type in QuestionHelper
| Q | A
| ------------- | ---
| Branch? | 2.8
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| License | MIT
When generic exceptions were replaced by domain exceptions in dd17dc00ee one catch statement was missed. The existing code works fine because a `RuntimeException` extends a `\RuntimeException`.
Commits
-------
1c091eb703 [Console] Fix catching exception type in QuestionHelper
* 2.7:
[Routing] Fix XmlFileLoader exception message
Sessions: configurable "use_strict_mode" option for NativeSessionStorage
[FrameworkBundle] [Command] Clean bundle directory, fixes#23177
Reset redirectCount when throwing exception
[TwigBundle] Remove template.xml services when templating is disabled
add content-type header on exception response
Embedding a response that combines expiration and validation, that should not defeat expiration on the combined response
Fix two edge cases in ResponseCacheStrategy
[Routing] Expose request in route conditions, if needed and possible
[Routing] Expose request in route conditions, if needed and possible
[Translation][FrameworkBundle] Fix resource loading order inconsistency reported in #23034
[Filesystem] added workaround in Filesystem::rename for PHP bug
Add tests for ResponseCacheStrategy to document some more edge cases
[HttpFoundation] added missing docs
fixes#21606
[VarDumper] fixes
[Security] fix switch user _exit without having current token
This PR was merged into the 2.7 branch.
Discussion
----------
[Security] fix switch user _exit without having current token
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #22729
| License | MIT
| Doc PR | -
Attempting to `_exit` from a switched user caused an error when not having any token in the storage (for example happens when not logged in + disallowing anonymous users on that firewall):
`[1] Symfony\Component\Debug\Exception\FatalThrowableError: Type error: Argument 1 passed to Symfony\Component\Security\Http\Firewall\SwitchUserListener::getOriginalToken()
must be an instance of Symfony\Component\Security\Core\Authentication\Token\TokenInterface, null given, called in
symfony/symfony/src/Symfony/Component/Security/Http/Firewall/SwitchUserListener.php on line 164`
Commits
-------
16da6861be [Security] fix switch user _exit without having current token
This PR was merged into the 2.7 branch.
Discussion
----------
[Routing] Fix XmlFileLoader exception message
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| License | MIT
When an `XmlFileLoader` encounters an unknown tag it throws an exception with message like `Unknown tag "foo" used in file "bar". Expected "default", "requirement" or "option".`. A proper message should be `Unknown tag "foo" used in file "bar". Expected "default", "requirement", "option" or "condition".`
Commits
-------
f6a94cb56f [Routing] Fix XmlFileLoader exception message
This PR was squashed before being merged into the 2.7 branch (closes#23129).
Discussion
----------
Fix two edge cases in ResponseCacheStrategy
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
While reviewing how `ResponseCacheStrategy` calculates the caching-related headers for responses that embed subrequests, I came across two cases that I think are currently implemented incorrectly.
a) When the main response is public and cacheable with an expiration time, but it embeds (via ESI) a controller that does not set any caching-related headers, this embedded response is more constrained. So, the resulting (combined) response must not be cacheable, especially it may not keep the s-maxage.
b) When the main response is public and cacheable with an expiration time, but it embeds (via ESI) a controller that explicitly creates a "private" response, the resulting (combined) response must be private as well.
Commits
-------
c6e8c07e4d Fix two edge cases in ResponseCacheStrategy
* 3.2:
[SecurityBundle] Move cache of the firewall context into the request parameters
Fix Usage with anonymous classes
[Workflow] Added more keywords in the composer.json
[Cache] APCu isSupported() should return true when apc.enable_cli=Off
[PropertyAccess] Do not silence TypeErrors from client code.
This PR was squashed before being merged into the 3.3 branch (closes#23088).
Discussion
----------
[FrameworkBundle] Dont set pre-defined esi/ssi services
| Q | A
| ------------- | ---
| Branch? | 3.3
| Bug fix? | yes
| New feature? | no
| BC breaks? | not sure
| Deprecations? | no
| Tests pass? | yes/no
| Fixed tickets | #23080
| License | MIT
| Doc PR | symfony/symfony-docs#... <!--highly recommended for new features-->
It fixes the issue, but im not sure what's expected if you dont use http cache (solely enabled ssi/esi in config). Before the services were initialized, now they are synthetic as http cache sets them, but thats optional =/
Commits
-------
8c26aab0fe [FrameworkBundle] Dont set pre-defined esi/ssi services
This PR was squashed before being merged into the 2.7 branch (closes#23092).
Discussion
----------
[Filesystem] added workaround in Filesystem::rename for PHP bug
[Filesystem] added workaround in Filesystem::rename for https://bugs.php.net/bug.php?id=54097
Standard PHP rename() of dirs across devices/mounted filesystems produces confusing copy error & throws IOException in Filesystem::rename. I got it during console cache:clear in the Docker environment. This PR possible fixes https://github.com/symfony/symfony/issues/19851 and other environment related issues.
Workaround is on \rename() fails try to Filesystem::mirror & Filesystem::remove if $origin is directory
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
Commits
-------
3ccbc479da [Filesystem] added workaround in Filesystem::rename for PHP bug
This PR was squashed before being merged into the 2.7 branch (closes#23123).
Discussion
----------
Add tests for ResponseCacheStrategy to document some more edge cases
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
Adds some test cases for possible combinations of master/subrequest responses to better document behaviour in edge cases. Should now cover the entire `ResponseCacheStrategy`.
I hope 2.7 is the right target branch because having more tests for all releases should be a good thing™️.
Commits
-------
69e84633dd Add tests for ResponseCacheStrategy to document some more edge cases
This PR was merged into the 3.3 branch.
Discussion
----------
[HttpFoundation] add back support for legacy constant values
| Q | A
| ------------- | ---
| Branch? | 3.3
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
Due to the data type change of the `Request::HEADER_` constants in Symfony 3.3 #23067 introduced a small BC break if someone used the old constant values statically instead of referring to the constants themselves.
Commits
-------
fddd754c0a add back support for legacy constant values
This PR was merged into the 2.7 branch.
Discussion
----------
[HttpFoundation] fix for Support for new 7.1 session options
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #21606
| License | MIT
| Doc PR | n/a
Commits
-------
71c1b6f5bffixes#21606
This PR was merged into the 3.2 branch.
Discussion
----------
[PropertyAccess] Do not silence TypeErrors from client code.
| Q | A
| ------------- | ---
| Branch? | 3.2
| Bug fix? | yes
| New feature? | no <!-- don't forget updating src/**/CHANGELOG.md files -->
| BC breaks? | no
| Deprecations? | no <!-- don't forget updating UPGRADE-*.md files -->
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
Fixes TypeError silencing in `setValue()` when said error is thrown inside setter/adder/etc.
An example is given in the included test, but more real-life story is botched accessors for a many-to-one association on a Doctrine entity:
```php
class B {
function setA(A $a) { ... } // forgotten "= null" here
}
class A {
function removeB(B $b) {
if ($this->bs->contains($b)) {
$this->bs->removeElement($b);
$b->setA(null); // TypeError thrown
}
return $this;
}
}
```
No error is shown to the user, even though removing doesn't work.
This bug is not present in 2.7 & 2.8.
Commits
-------
45b961de2e [PropertyAccess] Do not silence TypeErrors from client code.
This PR was merged into the 3.2 branch.
Discussion
----------
[PropertyAccess] Fix Usage with anonymous classes
| Q | A
| ------------- | ---
| Branch? | 3.2
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #23136
| License | MIT
Replace forbidden characters in the the class names of Anonymous Classes in form of
"class@anonymous /symfony/src/Symfony/Component/PropertyAccess/Tests/PropertyAccessorTest.php0x7f3f5f267ad5"
Wrapped in eval to avoid PHP parsing errors < 7 and using `rawurlenceode` for perf reasons
Thanks @nicolas-grekas for the help and patience. Let me know if anything is missing.
Commits
-------
3f7fd432df Fix Usage with anonymous classes
This PR was merged into the 3.3 branch.
Discussion
----------
[Config] Fix ** GlobResource on Windows
| Q | A
| ------------- | ---
| Branch? | 3.3
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #23103
| License | MIT
| Doc PR | -
We cannot tell Finder to use RecursiveDirectoryIterator::UNIX_PATHS so we have to fix paths on Windows.
Commits
-------
44955bea53 [Config] Fix ** GlobResource on Windows
Replace forbidden characters in the the class names of Anonymous Classes in form of
"class@anonymous /symfony/src/Symfony/Component/PropertyAccess/Tests/PropertyAccessorTest.php0x7f3f5f267ad5"
Wrapped in eval to avoid PHP parsing errors < 7
This PR was merged into the 2.7 branch.
Discussion
----------
[FormBuilderInterface] Fixed PHPdoc return references
| Q | A
| ------------- | ---
| Branch? | 2.7 and higher
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | N/A (phpdoc)
| License | MIT
In a case where the method `createFormBuilder()` was used where the methods `add()` and `getForm()` were chained onto it, the final resulting object was no longer a FormBuilder object as the `add()` and `remove()` methods was using a return variable that didn't work.
Should reference `self` as interfaces do not have a `$this` object.
Commits
-------
2f350d1d38 Fixed PHPdoc return references in FormBuilderInterface
This PR was squashed before being merged into the 2.7 branch (closes#22931).
Discussion
----------
SCA with Php Inspections (EA Extended): 2.7
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
Static Code Analysis with Php Inspections (EA Extended): dead code and control flow tweaks.
Commits
-------
598ae56cc9 SCA with Php Inspections (EA Extended): 2.7
* 2.7:
bumped Symfony version to 2.7.30
Cache ipCheck
updated VERSION for 2.7.29
update CONTRIBUTORS for 2.7.29
updated CHANGELOG for 2.7.29
show unique inherited roles
This PR was merged into the 2.7 branch.
Discussion
----------
Cache ipCheck (2.7)
In our app we use trusted proxies. Using Blackfire we found `IpUtils::checkIp` was being called 454 times taking 3.15ms.
Caching the result saves those 3ms.
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
Commits
-------
bcb80569cb Cache ipCheck
* 3.2:
[TwigBridge] Fix namespaced classes
[Cache] MemcachedAdapter not working with TagAwareAdapter
[DependencyInjection] Use more clear message when unused environment variables detected
mix attr options between type-guess options and user options
This PR was merged into the 3.3 branch.
Discussion
----------
[HttpFoundation][FrameworkBundle] Revert "trusted proxies" BC break
| Q | A
| ------------- | ---
| Branch? | 3.3
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
Basically reverts #22238 + cleanups some comments + adds missing syncing logic in setTrustedHeaderName.
The reason for this proposal is that the BC break can go un-noticed until prod, *even if you have proper CI*. That's because your CI may not replicate exactly what your prod have (ie a reverse proxy), so that maybe only prod has a trusted-proxies configuration. I realized this while thinking about #23049: it made this situation even more likely, by removing an opportunity for you to notice the break before prod.
The reasons for the BC break are still valid and all of this is security-related. But the core security issue is already fixed. The remaining issue still exists (an heisenbug related to some people having both Forwarded and X-Forwarded-* set for some reason), but deprecating might still be enough.
WDYT? (I'm sure everyone is going to be happy with the BC break reversal, but I'm asking for feedback from people who actually could take the time to *understand* and *balance* the rationales here, thanks :) )
Commits
-------
2132333059 [HttpFoundation][FrameworkBundle] Revert "trusted proxies" BC break
This PR was merged into the 3.3 branch.
Discussion
----------
[Cache] Fallback to positional when keyed results are broken
| Q | A
| ------------- | ---
| Branch? | 3.3
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
Works around https://github.com/krakjoe/apcu/issues/247 ~~and https://github.com/facebook/hhvm/issues/7867~~
Commits
-------
28aaa8eb05 [Cache] Fallback to positional when keyed results are broken
This PR was squashed before being merged into the 3.3 branch (closes#22981).
Discussion
----------
[DependencyInjection] Fix named args support in ChildDefinition
| Q | A
| ------------- | ---
| Branch? | 3.3
| Bug fix? | yes
| New feature? | no <!-- don't forget updating src/**/CHANGELOG.md files -->
| BC breaks? | no
| Deprecations? | no <!-- don't forget updating UPGRADE-*.md files -->
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
Following @Tobion's review of #21383.
Commits
-------
1ab3e413d4 [DependencyInjection] Fix named args support in ChildDefinition
It seems that when MemcachedAdapter is used with TagAwareAdapter, it fails to fetch items, even though I thoroughly tested fetching items with the exact same keys under the same namespace.
Turns out the issue lies in `const TAGS_PREFIX = "\0tags\0";` for unknown to me reasons. Hardcoding that to '__tags__' in my project did the trick and I've been using it for a couple of days now and it seems fine.
The reason I had to completely copy/paste this file in my local project is self:: instead of static:: usage. I am not sure whether that is a mistake or is done on purpose, but in order to have this work for me I need to be able to override that constant. Going with static:: seems like a good solution to me, then I can set whatever prefix I need for the tags.
This PR was merged into the 2.7 branch.
Discussion
----------
[Form] Mix attr option between guessed options and user options
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #19871
| License | MIT
Commits
-------
84f5de902d mix attr options between type-guess options and user options
This PR was squashed before being merged into the 3.2 branch (closes#22976).
Discussion
----------
[DependencyInjection] Use more clear message when unused environment variables detected
| Q | A
| ------------- | ---
| Branch? |3.2
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #22955
| License | MIT
Old error message:
```
Incompatible use of dynamic environment variables "DATABASE_URL", "MAILER_URL" found in parameters.
```
New error message:
```
Environment variables "DATABASE_URL", "MAILER_URL" are never used. Please, check your container's configuration.
```
Commits
-------
6dbdb1b750 [DependencyInjection] Use more clear message when unused environment variables detected
This PR was squashed before being merged into the 3.3 branch (closes#23031).
Discussion
----------
[Yaml] Clarify "incompatible key casting" deprecation message
| Q | A
| ------------- | ---
| Branch? | 3.3
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | N/A
| License | MIT
| Doc PR | N/A
In the process of upgrading to Symfony 3.3 our Yaml linter tests started throwing errors. The exception was a bit unclear to us, so hope this message will help others with fixing their deprecations as well.
Commits
-------
67895f4dd3 [Yaml] Clarify "incompatible key casting" deprecation message
* 3.2:
Fix optional cache warmers are always instantiated whereas they should be lazy-loaded
add some \ on PHP_VERSION_ID for 2.8
[PropertyInfo][DoctrineBridge] The bigint Doctrine's type must be converted to string
* 2.8:
Fix optional cache warmers are always instantiated whereas they should be lazy-loaded
add some \ on PHP_VERSION_ID for 2.8
[PropertyInfo][DoctrineBridge] The bigint Doctrine's type must be converted to string
This PR was merged into the 2.8 branch.
Discussion
----------
add some \ on PHP_VERSION_ID for 2.8
| Q | A
| ------------- | ---
| Branch? | 2.8
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #22650
| License | MIT
| Doc PR | symfony/symfony-docs#... <!--highly recommended for new features-->
Commits
-------
7f4824c add some \ on PHP_VERSION_ID for 2.8
This PR was merged into the 3.3 branch.
Discussion
----------
[Di] Remove closure-proxy arguments
| Q | A
| ------------- | ---
| Branch? | 3.3
| Bug fix? | no
| New feature? | no
| BC breaks? | yes
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
With #23008, we don't need this in core anymore.
Let's drop it now.
Technically that's a BC break, but for a feature that is very new, and still quite hidden.
Doing this now would save us from maintaining this code, and help reduce the overall complexity.
Basically reverts #20953
Commits
-------
57daadb [Di] Remove closure-proxy arguments
* 3.2:
Using FQ name for PHP_VERSION_ID
[Form] Fix \IntlDateFormatter timezone parameter usage to bypass PHP bug #66323
Harden the debugging of Twig filters and functions
bumped Symfony version to 3.2.10
updated VERSION for 3.2.9
updated CHANGELOG for 3.2.9
bumped Symfony version to 2.8.22
updated VERSION for 2.8.21
updated CHANGELOG for 2.8.21
bumped Symfony version to 2.7.29
updated VERSION for 2.7.28
update CONTRIBUTORS for 2.7.28
updated CHANGELOG for 2.7.28
* 2.8:
Using FQ name for PHP_VERSION_ID
[Form] Fix \IntlDateFormatter timezone parameter usage to bypass PHP bug #66323
Harden the debugging of Twig filters and functions
bumped Symfony version to 2.8.22
updated VERSION for 2.8.21
updated CHANGELOG for 2.8.21
bumped Symfony version to 2.7.29
updated VERSION for 2.7.28
update CONTRIBUTORS for 2.7.28
updated CHANGELOG for 2.7.28
* 2.7:
Using FQ name for PHP_VERSION_ID
[Form] Fix \IntlDateFormatter timezone parameter usage to bypass PHP bug #66323
Harden the debugging of Twig filters and functions
bumped Symfony version to 2.7.29
updated VERSION for 2.7.28
update CONTRIBUTORS for 2.7.28
updated CHANGELOG for 2.7.28
This PR was merged into the 3.3 branch.
Discussion
----------
[EventDispatcher] Handle laziness internally instead of relying on ClosureProxyArgument
| Q | A
| ------------- | ---
| Branch? | 3.3
| Bug fix? | yes
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #22970
| License | MIT
| Doc PR | -
If we decide to go this way, we might drop ClosureProxyArgument entirely because we won't need it internally. I'll propose it in another PR for discussion if this one is accepted.
This PR allows "high-order" listeners, as `array(Closure, method)`. Closure is called to get the actual instance when needed only.
How does it look to you? (I'll add tests once confirmed)
Commits
-------
c17a009d66 [EventDispatcher] Handle laziness internally instead of relying on ClosureProxyArgument
This PR was merged into the 3.3 branch.
Discussion
----------
[Routing] Allow GET requests to be redirected. Fixes#23004
| Q | A
| ------------- | ---
| Branch? | 3.3
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #23004
| License | MIT
| Doc PR | NA
GET requests didn't get the same redirect treatment as HEAD requests. I've also added tests cases for all the different trailing/non-trailing slash situations.
Commits
-------
71d4e366a9 [Routing] Allow GET requests to be redirected. Fixes#23004
This PR was squashed before being merged into the 3.3 branch (closes#22965).
Discussion
----------
[Cache] Ignore missing annotations.php
| Q | A
| ------------- | ---
| Branch? | 3.3
| Bug fix? | yes (different in 3.2)
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #... <!-- #-prefixed issue number(s), if any -->
| License | MIT
| Doc PR | symfony/symfony-docs#... <!--highly recommended for new features-->
Avoids the following notices if cache is not warmed up (i.e. `cache:clear --no-warmup` > hit the browser).
```
Warning: include(<base-path>/app/cache/<env>/annotations.php): failed to open stream: No such file or directory
Warning: include(): Failed opening '<base-path>/app/cache/<env>/annotations.php' for inclusion (include_path='.:/usr/share/pear:/usr/share/php')
```
Commits
-------
e8f70c75b9 [Cache] Ignore missing annotations.php
This PR was squashed before being merged into the 3.3 branch (closes#22993).
Discussion
----------
[DI] Autowiring exception thrown when inlined service is removed
| Q | A
| ------------- | ---
| Branch? | 3.3
| Bug fix? | yes
| New feature? | no
| BC breaks? | yes
| Deprecations? | yes (on a new & internal method)
| Tests pass? | yes
| Fixed tickets | #22977
| License | MIT
| Doc PR | n/a
We suppress autowiring exceptions if a service is ultimately removed from the container. This fixes a bug where we incorrectly report that a service was NOT removed, when really, it WAS removed. This happens when `ServiceA` is inlined in `ServiceB`... but then `ServiceB` is removed from the container for being unused.
Commits
-------
793b9a001f [DI] Autowiring exception thrown when inlined service is removed
This PR was merged into the 3.3 branch.
Discussion
----------
Better DI type deprecation message
| Q | A
| ------------- | ---
| Branch? | 3,3
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #22951
| License | MIT
| Doc PR | n/a
This is the most common autowiring deprecation:
```php
public function __construct(UserPasswordEncoder $encoder)
```
You *should* type-hint `UserPasswordEncoderInterface`
Current deprecation message:
> Autowiring services based on the types they implement is deprecated since Symfony 3.3 and won’t be supported in version 4.0. You should rename (or alias) the "security.user_password_encoder.generic" service to "Symfony\Component\Security\Core\Encoder\UserPasswordEncoder" instead.
Updated message:
> Autowiring services based on the types they implement is deprecated since Symfony 3.3 and won't be supported in version 4.0. Try changing the type-hint for argument "$encoder" of method "AppBundle\Service\TestServiceSubscriber::__construct()" to "Symfony\Component\Security\Core\Encoder\UserPasswordEncoderInterface" instead.
This only happens if we detect that there is a service/alias in the container (e.g. `...\UserPasswordEncoderInterface`) for the type-hint (`...\UserPasswordEncoder)`. Otherwise, if there is no correct type-hint in the container, we give the old recommendation (about aliasing).
The only complex case (of giving good directions on *where* to fix things) is with a class that implements `ServiceSubscriberInterface` (where the type-hint is in the `getSusbcribedServices()` method). In that case, the notice is:
> Autowiring services based on the types they implement is deprecated since Symfony 3.3 and won't be supported in version 4.0. Try changing the type-hint for "Symfony\Component\Security\Core\Encoder\UserPasswordEncoder" in "AppBundle\Service\TestServiceSubscriber" to "Symfony\Component\Security\Core\Encoder\UserPasswordEncoderInterface" instead.
Commits
-------
a990d5c558 Improving deprecation message when hitting the "deprecated type" lookup, but an alias is available
This PR was merged into the 3.3 branch.
Discussion
----------
[Config] Allow empty globs
| Q | A
| ------------- | ---
| Branch? | 3.3
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #22950
| License | MIT
| Doc PR | -
This considers globs as valid even if they return no matches when they have a prefix (and when that prefix exists, according to `$ignoreErrors`).
This means there is an edge-case:
`*.abc` with at least one match is OK, but when it has no match, it falls back to regular import, then usually will fil.
But rewriting this to `./*.abc` resolves the ambiguity and turns this into a glob that won't fail if no matches are found.
This should provide the expected behavior in most cases (but ambiguous described one of course).
Commits
-------
c5b9c1a8c8 [Config] Allow empty globs
This PR was merged into the 3.3 branch.
Discussion
----------
[HttpKernel] Support unknown format in LoggerDataCollector
| Q | A
| ------------- | ---
| Branch? | 3.3
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #22952
| License | MIT
| Doc PR | ~
The new expected format for the compiler log is `CompilerPassClass: Message`. However, this is not enforced by the old logging method as seen in schmittjoh/JMSDiExtraBundle#276
This PR adds the ability to read those lines without crashing with `Uncaught Notice: Undefined offset: 1`.
Please note that I have not tested this in an application so testers are welcome to confirm this fix!
Commits
-------
a8dfbb1180 Support unknown compiler log format
This PR was merged into the 3.3 branch.
Discussion
----------
[DI] Don't throw Autowire exception for removed service with private __construct
| Q | A
| ------------- | ---
| Branch? | 3.3
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | none (was talking to a user)
| License | MIT
| Doc PR | n/a
Suppose you have:
```php
class A
{
private function construct() {}
}
```
This service will fail to be autowired. But, like other autowiring failures, if this service will ultimately be removed from the container, this exception should be ignored. This fixes that. Unless someone is using the `AutowirePass` directly inside a `try/catch`, there is no BC break (the behavior change is that the exception is now stored, instead of being thrown).
This also clarifies (in the test & phpdoc) that `AutowirePass` always throws `AutowiringFailedException`s.
Thanks!
Commits
-------
2d3e44e11e Fixing a bug where an autowiring exception was thrown even when that service was removed
This PR was squashed before being merged into the 3.3 branch (closes#22968).
Discussion
----------
[Profiler] Fix text selection & click on file links on exception pages
| Q | A
| ------------- | ---
| Branch? | 3.3 <!-- see comment below -->
| Bug fix? | yes
| New feature? | no <!-- don't forget updating src/**/CHANGELOG.md files -->
| BC breaks? | no
| Deprecations? | no <!-- don't forget updating UPGRADE-*.md files -->
| Tests pass? | yes
| Fixed tickets | #22957, #22978 <!-- #-prefixed issue number(s), if any -->
| License | MIT
| Doc PR | N/A
I don't really know the purpose of this css rule here, but I admit it's quite frustrating not to be able to select something here.
This PR also prevents the following annoying behavior (selecting text collapses/uncollapses traces):
![mai-30-2017 18-26-29](https://cloud.githubusercontent.com/assets/2211145/26593977/3afbc510-4566-11e7-9114-8934ba6126a2.gif)
About the trick used, I think the browser support is safe enough: https://caniuse.com/#search=window.getSelection
EDIT: new commit added which allows to fix#22978
Commits
-------
8618399e42 [Profiler] Fix clicking on links inside toggle
ff6151b15f [Profiler] Fix text selection on exception pages
The specific report was for a service with a private constructor. This also clarifies
that the AutowirePass throws AutowiringFailedException for all situations. And a bug
was fixed in the constructor of AutowiringFailedException
* 3.2:
[Console] ChoiceQuestion must have choices
[Filesystem] improve error handling in lock()
[FrameworkBundle][Console] Fix the override of a command registered by the kernel
* 2.8:
[Console] ChoiceQuestion must have choices
[Filesystem] improve error handling in lock()
[FrameworkBundle][Console] Fix the override of a command registered by the kernel
* 2.7:
[Console] ChoiceQuestion must have choices
[Filesystem] improve error handling in lock()
[FrameworkBundle][Console] Fix the override of a command registered by the kernel
This PR was squashed before being merged into the 2.7 branch (closes#22847).
Discussion
----------
[Console] ChoiceQuestion must have choices
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #22842
| License | MIT
| Doc PR | symfony/symfony-docs#... <!--highly recommended for new features-->
<!--
![image](https://cloud.githubusercontent.com/assets/1047696/26301309/1bfa52ca-3ee1-11e7-883b-f627f16e9d2f.png)
-->
Commits
-------
96e307fd5c [Console] ChoiceQuestion must have choices
* 3.2:
typo
[Console] Fix tests
[Console] Fixed different behaviour of key and value user inputs in multiple choice question
[Cache] Dont use pipelining with RedisCluster
[Yaml] fix colon without space deprecation
[Intl] Fix intl tests for PHP < 5.5.10
This PR was merged into the 3.2 branch.
Discussion
----------
[Cache] Dont use pipelining with RedisCluster
| Q | A
| ------------- | ---
| Branch? | 3.é
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #22922
| License | MIT
| Doc PR | -
phpredis doesn't support pipelining with RedisCluster
see https://github.com/phpredis/phpredis/blob/develop/cluster.markdown#pipelining
and multiple operations (MSET/MGET) work but only "per-shard".
We have to fetch keys one by one for now at least.
Commits
-------
eb93ac9 [Cache] Dont use pipelining with RedisCluster
This PR was squashed before being merged into the 2.7 branch (closes#22718).
Discussion
----------
[Console] Fixed different behaviour of key and value user inputs in multiple choice question
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #22706
| License | MIT
| Doc PR | -
Fixed a bug when value from multiple choice list could not be selected by user's input
while it could be selected by typing its index in the list.
Commits
-------
2861bd7b01 [Console] Fixed different behaviour of key and value user inputs in multiple choice question
This PR was merged into the 3.3 branch.
Discussion
----------
[FrameworkBundle][Validator] Move the PSR-11 factory to the component
| Q | A
| ------------- | ---
| Branch? | 3.3 <!-- see comment below -->
| Bug fix? | no
| New feature? | no <!-- don't forget updating src/**/CHANGELOG.md files -->
| BC breaks? | no
| Deprecations? | yes <!-- don't forget updating UPGRADE-*.md files -->
| Tests pass? | yes
| Fixed tickets | https://github.com/symfony/symfony/pull/22887#issuecomment-303765795 <!-- #-prefixed issue number(s), if any -->
| License | MIT
| Doc PR | N/A
Instead of the 3 following deprecations:
* The `ConstraintValidatorFactory::$validators` and `$container` properties
have been deprecated and will be removed in 4.0.
* Extending `ConstraintValidatorFactory` is deprecated and won't be supported in 4.0.
* Passing an array of validators or validator aliases as the second argument of
`ConstraintValidatorFactory::__construct()` is deprecated since 3.3 and will
be removed in 4.0. Use the service locator instead.
I'd suggest simply deprecating the FrameworkBundle's class in favor of using a new `ContainerConstraintValidatorFactory`. To me, there is no reason anyone using the validator component without the framework bundle cannot use this PSR-11 compliant implementation, nor I see a reason to make it final.
Commits
-------
68c1917af9 [FrameworkBundle][Validator] Move the PSR-11 factory to the component
This PR was merged into the 3.3 branch.
Discussion
----------
[HttpKernel] Fix kernel.project_dir extensibility
| Q | A
| ------------- | ---
| Branch? | 3.3
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | https://github.com/symfony/symfony/pull/22727
| License | MIT
| Doc PR | n/a
Alternative to #22727 that makes use of the existing public api.
Commits
-------
3230fc7e70 Fix kernel.project_dir extensibility
This PR was merged into the 3.2 branch.
Discussion
----------
[Yaml] fix colon without space deprecation
| Q | A
| ------------- | ---
| Branch? | 3.2
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
A colon after a mapping key that is not followed by a space is valid if the mapping key is quoted.
Commits
-------
57f6941e25 [Yaml] fix colon without space deprecation
* 3.2:
[DI] Avoid private call to Container::has()
Fixing missing abstract attribute in XmlDumper
[Form] Remove DateTimeToStringTransformer $parseUsingPipe option
Fix file perms
Fixed filename in help text for update-data.php
* 2.8:
Fixing missing abstract attribute in XmlDumper
[Form] Remove DateTimeToStringTransformer $parseUsingPipe option
Fix file perms
Fixed filename in help text for update-data.php
* 2.7:
Fixing missing abstract attribute in XmlDumper
[Form] Remove DateTimeToStringTransformer $parseUsingPipe option
Fix file perms
Fixed filename in help text for update-data.php
This PR was merged into the 2.7 branch.
Discussion
----------
Fix missing abstract key in XmlDumper
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | none
| License | MIT
| Doc PR | n/a
Unless I'm missing something, the abstract key was missing in the XmlDumper. I noticed it when using `debug:container some_abstract_service` and was seeing "no" for abstract.
When this merges to 3.3, the `services-abstract.xml` will need to change to this:
```xml
<?xml version="1.0" encoding="utf-8"?>
<container xmlns="http://symfony.com/schema/dic/services" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://symfony.com/schema/dic/serviceshttp://symfony.com/schema/dic/services/services-1.0.xsd">
<services>
<service id="service_container" class="Symfony\Component\DependencyInjection\ContainerInterface" synthetic="true"/>
<service id="foo" class="Foo" abstract="true"/>
<service id="Psr\Container\ContainerInterface" alias="service_container" public="false"/>
<service id="Symfony\Component\DependencyInjection\ContainerInterface" alias="service_container" public="false"/>
</services>
</container>
```
Commits
-------
40f60ec60d Fixing missing abstract attribute in XmlDumper
This PR was merged into the 3.3 branch.
Discussion
----------
[HttpFoundation] Add Request::HEADER_X_FORWARDED_AWS_ELB const
| Q | A
| ------------- | ---
| Branch? | 3.3
| Bug fix? | yes (a missing part of a 3.3 feat.)
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
See https://github.com/symfony/symfony-docs/issues/7045
Commits
-------
9ba12b0d2a [HttpFoundation] Add Request::HEADER_X_FORWARDED_AWS_ELB const
This PR was merged into the 3.3 branch.
Discussion
----------
[HttpKernel] don't call getTrustedHeaderName() if possible
| Q | A
| ------------- | ---
| Branch? | 3.3
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | https://travis-ci.org/symfony/symfony/jobs/235008102 (failing tests of #22863)
| License | MIT
| Doc PR |
Commits
-------
6350dab don't call getTrustedHeaderName() if possible
This PR was merged into the 3.3 branch.
Discussion
----------
[ProxyManager] Add FC layer
| Q | A
| ------------- | ---
| Branch? | 3.3
| Bug fix? | no
| New feature? | no
| BC breaks? | yes - minor
| Deprecations? | yes - made a class final
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
This makes PRoxyDumper compatible with DumperInterface v4.0.
Technically, this is a BC break, but since I really don't expect anyone to extend ProxyDumper, I think we should do it - on 3.3 to close the gap as early as possible.
Commits
-------
4aeb6d8 [ProxyManager] Add FC layer
This PR was merged into the 3.2 branch.
Discussion
----------
[DI] Check for privates before shared services
| Q | A
| ------------- | ---
| Branch? | 3.2
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | https://github.com/symfony/symfony/pull/22801#discussion_r117732213, https://github.com/symfony/symfony/pull/22801#discussion_r117732599
| License | MIT
| Doc PR | symfony/symfony-docs#... <!--highly recommended for new features-->
cc @stof
Commits
-------
4f683a9a5b [DI] Check for privates before shared services
This PR was submitted for the 3.4 branch but it was merged into the 3.3 branch instead (closes#22818).
Discussion
----------
[DependencyInjection] prepare for signature change in 4.0
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
see failing tests in #22785
Commits
-------
c4b6e20 [DI] prepare for signature change in 4.0
This PR was squashed before being merged into the 3.3 branch (closes#22857).
Discussion
----------
[DI] Fix autowire error for inlined services
| Q | A
| ------------- | ---
| Branch? | 3.3
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #22848
| License | MIT
| Doc PR | n/a
The `AutowirePass` defers autowiring exceptions until later so that we don't throw autowiring exceptions for services that are ultimately removed. But, if a service is *inlined*, then it appears to be removed, and so we don't throw the exception. This fixes that.
It's an easy fix - but it's a bit ugly. We're adding a bit more "state" to the passes... simply because there is some information that needs to be shared through the compiler process. There might be a better way of doing this in the future (e.g. storing some metadata on the `Compiler`), but this *does* work well.
Commits
-------
4bcef3d [DI] Fix autowire error for inlined services
This PR was merged into the 3.3 branch.
Discussion
----------
[Process] Fixed escaping arguments on Windows when inheritEnvironmentVariables is set to false
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | no
| Fixed tickets |
| License | MIT
| Doc PR |
I've added a FAILING testcase on Windows. It incorrectly substitutes an argument containing a quotation mark probably assuming it's an env var needed to backup when inheritEnvironmentVariables is set to false.
Commits
-------
26032ef [Process] Fixed incorrectly escaping arguments on Windows when inheritEnvironmentVariables is set to false
This PR was merged into the 3.3 branch.
Discussion
----------
[FrameworkBundle][Translation] fix docblock position
| Q | A
| ------------- | ---
| Branch? | 3.3
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #22822
| License | MIT
| Doc PR |
The `$defaultLocale` argument is present in the `Translator` class of
the FrameworkBundle, but is not part of the Translation component.
Commits
-------
0829964 fix docblock position
This PR was merged into the 3.3 branch.
Discussion
----------
[DI] Remove dead service_container checks
| Q | A
| ------------- | ---
| Branch? | 3.3
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #... <!-- #-prefixed issue number(s), if any -->
| License | MIT
| Doc PR | symfony/symfony-docs#... <!--highly recommended for new features-->
Since #21627
Commits
-------
9a8ea93 [DI] Remove dead service_container checks
This PR was merged into the 3.3 branch.
Discussion
----------
[Security][Serializer][DI] Add new arguments typehints in preparation for 4.0
| Q | A
| ------------- | ---
| Branch? | 3.3
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | https://github.com/symfony/symfony/pull/22743#pullrequestreview-38950305
| License | MIT
| Doc PR | N/A
See https://github.com/symfony/symfony/pull/22743#pullrequestreview-38950305 discussion for the motivations.
Commits
-------
b973b30 [Security][Serializer][DI] Add new arguments typehints in preparation for 4.0
This PR was merged into the 3.2 branch.
Discussion
----------
[DI] Added missing deprecation in changelog
| Q | A
| ------------- | ---
| Branch? | 3.2
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #... <!-- #-prefixed issue number(s), if any -->
| License | MIT
| Doc PR | symfony/symfony-docs#... <!--highly recommended for new features-->
See #20113
Commits
-------
b3d58c5 [DI] Added missing deprecation in changelog
This PR was squashed before being merged into the 2.7 branch (closes#22748).
Discussion
----------
[Intl] Fix bin/common.php PHP7 compatibility
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #22735
| License | MIT
Created for Symfony 2.7 version which is the oldest maintained impacted branch.
Commits
-------
c2ccf36 [Intl] Fix bin/common.php PHP7 compatibility
* 3.2:
removed unneeded annotation in tests
[Intl][Form] Update tests, TimeZoneTransformer, and DateTimeToLocalizedStringTransformer for the GMT and UTC split in ICU
remove Security deps from the require section
[Intl] Update ICU data to 59.1
* 2.8:
[Intl][Form] Update tests, TimeZoneTransformer, and DateTimeToLocalizedStringTransformer for the GMT and UTC split in ICU
[Intl] Update ICU data to 59.1
* 2.7:
[Intl][Form] Update tests, TimeZoneTransformer, and DateTimeToLocalizedStringTransformer for the GMT and UTC split in ICU
[Intl] Update ICU data to 59.1
This PR was squashed before being merged into the 2.7 branch (closes#22627).
Discussion
----------
[Intl] Update ICU data to 59.1
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
The [GMT timezone has been split from the UTC](http://site.icu-project.org/download/59) timezone [in CLDR](http://cldr.unicode.org/index/downloads/cldr-31) (which ICU is based on).
For example, the code blow:
* before ICU 59.1 would return "GMT" in all cases
* with ICU 59.1 it returns "UTC" for the first three ('z', 'zz', 'zzz')
and "Coordinated Universal Time" for the last two ('zzzz', 'zzzzz').
```php
foreach (['z', 'zz', 'zzz', 'zzzz', 'zzzzz'] as $pattern) {
$formatter = new \IntlDateFormatter('en', IntlDateFormatter::MEDIUM, IntlDateFormatter::SHORT, new \DateTimeZone('UTC'), IntlDateFormatter::GREGORIAN, $pattern);
var_dump($formatter->format(new \DateTime('@0')));
}
```
Similarly Form's `DateTimeToLocalizedStringTransformer` is also affected:
```php
$transformer = new DateTimeToLocalizedStringTransformer('UTC', 'UTC', null, \IntlDateFormatter::FULL);
var_dump($transformer->transform(new \DateTime('2010-02-03 04:05:06 UTC')));
// ICU 58.2: '03.02.2010, 04:05:06 GMT'
// ICU 59.1: '03.02.2010, 04:05:06 Koordinierte Weltzeit'
```
Refer to added and modified test cases for more changes. I split this PR in two commits for easier review. First commit updates ICU data (generated files), the second updates code and test cases to be compatible with updated data.
Commits
-------
5d3d1b25e0 [Intl][Form] Update tests, TimeZoneTransformer, and DateTimeToLocalizedStringTransformer for the GMT and UTC split in ICU
00acb37205 [Intl] Update ICU data to 59.1
The [GMT timezone has been split from the UTC](http://site.icu-project.org/download/59) timezone [in CLDR](http://cldr.unicode.org/index/downloads/cldr-31) (which ICU is based on).
For example, the code blow:
* before ICU 59.1 would return "GMT" in all cases
* with ICU 59.1 it returns "UTC" for the first three ('z', 'zz', 'zzz')
and "Coordinated Universal Time" for the last two ('zzzz', 'zzzzz').
```php
foreach (['z', 'zz', 'zzz', 'zzzz', 'zzzzz'] as $pattern) {
$formatter = new \IntlDateFormatter('en', IntlDateFormatter::MEDIUM, IntlDateFormatter::SHORT, new \DateTimeZone('UTC'), IntlDateFormatter::GREGORIAN, $pattern);
var_dump($formatter->format(new \DateTime('@0')));
}
```
Similarly Form's `DateTimeToLocalizedStringTransformer` is also affected:
```php
$transformer = new DateTimeToLocalizedStringTransformer('UTC', 'UTC', null, \IntlDateFormatter::FULL);
var_dump($transformer->transform(new \DateTime('2010-02-03 04:05:06 UTC')));
// ICU 58.2: '03.02.2010, 04:05:06 GMT'
// ICU 59.1: '03.02.2010, 04:05:06 Koordinierte Weltzeit'
```
Refer to added and modified test cases for more changes. I split this PR in two commits for easier review. First commit updates ICU data (generated files), the second updates code and test cases to be compatible with updated data.
* 3.2:
Fix errors not rethrown even if not handled by console.error listeners
[VarDumper] Fix dumping of non-nested stubs
[Security] Avoid unnecessary route lookup for empty logout path
respect inline level when dumping objects as maps
Test case for not in-lined map-objects
* 2.8:
Fix errors not rethrown even if not handled by console.error listeners
[VarDumper] Fix dumping of non-nested stubs
[Security] Avoid unnecessary route lookup for empty logout path
* 2.7:
Fix errors not rethrown even if not handled by console.error listeners
[VarDumper] Fix dumping of non-nested stubs
[Security] Avoid unnecessary route lookup for empty logout path
This PR was merged into the 3.3-dev branch.
Discussion
----------
[Process] Fix incorrectly calling PHP process when path contains space
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #22556
| License | MIT
I have PHP installed at "D:\Program Files\PHP" which contains a space. `PhpExecutableFinder` found it but then `PhpProcess` splitted the path by space. This PR fixes it. I wanted to write a test but I don't know ho to do it properly since it is dependent on the location where PHP is installed and I can't even mock `PhpExecutableFinder` because it is hardcoded dependency and an implementation detail.
Commits
-------
9c08109 Fix incorrectly calling PHP process on Windows when path contains space
This PR was merged into the 3.3-dev branch.
Discussion
----------
[DI] Fixing missing "exclude" functionality from PSR4 loader
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | yes
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | none
| License | MIT
| Doc PR | TODO
When the PSR4 loader was added in #21289, @nicolas-grekas said this:
> given that glob() is powerful enough to include/exclude dirs, I removed the Test special exclusion (source: https://github.com/symfony/symfony/pull/21289#issuecomment-272821106)
But, I don't believe that's true! [Glob is all about inclusion, not exclusion](https://en.wikipedia.org/wiki/Glob_(programming)#Syntax) - the maximum you can exclude is a single character. Thus, I've marked this as a bug.
My motivation came from upgrading KnpU to the new 3.3 DI stuff. We have many directories (40) in `src/`, and listing them all one-by-one in `resource:` is crazy - the `resource` line would be ~350 characters long and quite unreadable. What I really want to do is include *everything* and then exclude few directories. I tried to do this with `glob`, but it's not possible.
This PR allows for something like this:
```yml
services:
_defaults:
public: false
# ...
AppBundle\:
resource: '../../src/AppBundle/*'
exclude: '../../src/AppBundle/{AppBundle.php,Entity}'
```
This works *beautifully* in practice. And even if I forget to exclude a directory - since the services are private - **they're ultimately removed from the container anyways**. In fact, the *only* reason I need to exclude *anything* is because of the new "service argument resolver", which causes entities to not be properly removed from the compiled container.
Thanks!
Commits
-------
7d07f19459 Allowing prototype/PSR4 service loading ability to exclude, because glob doesn't support this
Security-core no longer directly depends upon polyfill-util since #16382.
This does not change the existing dependancy tree as polyfill-util is
transitivly depended on via polyfill-php56.
This PR was merged into the 3.2 branch.
Discussion
----------
[Yaml] respect inline level when dumping objects as maps
| Q | A
| ------------- | ---
| Branch? | 3.2
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #22392
| License | MIT
| Doc PR |
Commits
-------
3cca48c715 respect inline level when dumping objects as maps
4f5c149798 Test case for not in-lined map-objects
This PR was merged into the 2.7 branch.
Discussion
----------
[Security] Avoid unnecessary route lookup for empty logout path
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no-ish
| Deprecations? | no
| Tests pass? | yes/no
| Fixed tickets | #... <!-- #-prefixed issue number(s), if any -->
| License | MIT
| Doc PR | symfony/symfony-docs#... <!--highly recommended for new features-->
i first included this with #22572 where having `logout: { path: ~ }` makes more sense for disabling logout path matching/generation. But currently it's already allowed and causes an unneeded route lookup and url generation.
Commits
-------
2967807b14 [Security] Avoid unnecessary route lookup for empty logout path
This PR was merged into the 3.3-dev branch.
Discussion
----------
[DX] Making the RegisterControllerArgumentLocatorsPass throw exception on bad types
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | maybe
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | none
| License | MIT
| Doc PR | n/a
Suppose you type-hint a controller arg with a non-existent class:
```php
public function fooAction(FakeClass $foo)
```
Current error:
> Class AppBundle\Controller\FakeClass does not exist
(from `ParamConverterListener`, and only when you hit that route)
New error:
> Cannot determine controller argument for "AppBundle\Controller\BlogController::indexAction()
": the $foo argument is type-hinted with the non-existent class or interface: "AppBundle\Con
troller\FakeClass". Did you forget to add a use statement?
(at build time)
The extra `Did you forget to add a use statement?` only shows up if it appears you likely forgot a `use` statement.
I think this will be a really common error (especially forgetting the `use` statement)... so let's make it a *really* nice error! An alternative would be to enhance the args resolver to throw a clearer exception when no arg can be wired and the type-hint is bad (we would also need to make the `ParamConverterListener` stop throwing the current error... so that the args resolver would have the opportunity to do that. Disadvantage would be that this error would only happen when you hit the route, not at build time.
Cheers!
Commits
-------
22b905226d Making the RegisterControllerArgumentLocatorsPass throw an exception on a bad type-hint
This PR was merged into the 3.3-dev branch.
Discussion
----------
[Security] Fix TraceableAccessDecisionManager / DebugAccessDecisionManager BC layer
| Q | A
| ------------- | ---
| Branch? | 3.3
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | https://github.com/symfony/symfony/pull/22657#issuecomment-299728726
| License | MIT
| Doc PR | N/A
Same as #22657 for the renaming of `DebugAccessDecisionManager` into `TraceableAccessDecisionManager`. Indeed, I think we also require to redeclare the old `DebugAccessDecisionManager` for composer `classmap-authoritative` autoloading strategy & classmap dumper.
AppVeyor failures unrelated.
Edit: Re-thinking about it, it's probably not very common to dump the classmap and use the `classmap-authoritative` strategy when using those classes... That's to say: in debug mode/dev env. So it may be the reason why the class wasn't redeclared on contrary of `DefinitionDecorator`.
Commits
-------
5b123b9674 [Security] Fix TraceableAccessDecisionManager / DebugAccessDecisionManager BC layer
This PR was merged into the 3.3-dev branch.
Discussion
----------
Fixing a bug where abstract classes were wired with the prototype loader
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | none
| License | MIT
| Doc PR | n/a
The prototype/PSR-4 loader currently tries to wire abstract classes. The problem is if, for example, you have, for example:
```php
abstract class BaseCommand extends Command
{
}
```
If this is registered as a service, and you have `autoconfigure`, then the console `Application` will try to use this a command.
Was there some reason abstract classes were originally allowed to be registered as services with the PSR4/prototype loader? I don't know if there is a real use-case for registering abstract classes. If you wanted to use that service as a parent service... then you'll probably be configuring it yourself anyways. We could also fix this by changing all tags compiler passes to skip classes that are abstract... *if* there is a use-case for Abstract classes being auto-registered.
Cheers!
Commits
-------
5326bab10a Fixing a bug where abstract classes were wired
This PR was merged into the 3.3-dev branch.
Discussion
----------
[DI] Do not throw autowiring exceptions for a service that will be removed
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | yes
| New feature? | no (arguable)
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
Hi guys!
tl;dr Do no throw a "Cannot autowire service id foo_bar" if that service (`foo_bar`) is private and is ultimately removed from the container.
I ran into a problem with the new PSR-4 service loader: our existing projects often contains directories with a mixture of services and model classes. In reality, that's not a problem: since the services are private, if any "extra" classes are registered as service, they're removed from the container because they're not referenced. In other words, the system is great: model classes do *not* become services naturally... because nobody tries to inject them as services.
However, if your model classes have constructor args... then things blow up on compilation. This fixes that: it delays autowiring errors until after `RemoveUnusedDefinitionsPass` runs and then does *not* throw those exceptions if the service is gone.
Cheers!
Commits
-------
f4913feaa8 Fixing a bug where services that were eventually removed could cause autowire errors