This PR was merged into the 3.3 branch.
Discussion
----------
[HttpFoundation][FrameworkBundle] Revert "trusted proxies" BC break
| Q | A
| ------------- | ---
| Branch? | 3.3
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
Basically reverts #22238 + cleanups some comments + adds missing syncing logic in setTrustedHeaderName.
The reason for this proposal is that the BC break can go un-noticed until prod, *even if you have proper CI*. That's because your CI may not replicate exactly what your prod have (ie a reverse proxy), so that maybe only prod has a trusted-proxies configuration. I realized this while thinking about #23049: it made this situation even more likely, by removing an opportunity for you to notice the break before prod.
The reasons for the BC break are still valid and all of this is security-related. But the core security issue is already fixed. The remaining issue still exists (an heisenbug related to some people having both Forwarded and X-Forwarded-* set for some reason), but deprecating might still be enough.
WDYT? (I'm sure everyone is going to be happy with the BC break reversal, but I'm asking for feedback from people who actually could take the time to *understand* and *balance* the rationales here, thanks :) )
Commits
-------
2132333059 [HttpFoundation][FrameworkBundle] Revert "trusted proxies" BC break
This PR was merged into the 3.3 branch.
Discussion
----------
[Cache] Fallback to positional when keyed results are broken
| Q | A
| ------------- | ---
| Branch? | 3.3
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
Works around https://github.com/krakjoe/apcu/issues/247 ~~and https://github.com/facebook/hhvm/issues/7867~~
Commits
-------
28aaa8eb05 [Cache] Fallback to positional when keyed results are broken
This PR was squashed before being merged into the 3.3 branch (closes#22981).
Discussion
----------
[DependencyInjection] Fix named args support in ChildDefinition
| Q | A
| ------------- | ---
| Branch? | 3.3
| Bug fix? | yes
| New feature? | no <!-- don't forget updating src/**/CHANGELOG.md files -->
| BC breaks? | no
| Deprecations? | no <!-- don't forget updating UPGRADE-*.md files -->
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
Following @Tobion's review of #21383.
Commits
-------
1ab3e413d4 [DependencyInjection] Fix named args support in ChildDefinition
This PR was submitted for the 3.3 branch but it was merged into the 3.2 branch instead (closes#23063).
Discussion
----------
[Cache] Fix extensibility of TagAwareAdapter::TAGS_PREFIX
| Q | A
| ------------- | ---
| Branch? | 3.3
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
It seems that when MemcachedAdapter is used with TagAwareAdapter, it fails to fetch items, even though I thoroughly tested fetching items with the exact same keys under the same namespace.
Edit: Just to clarify, `CacheItem::isHit()` always returned `false`. This is what I meant with the above.
Turns out the issue lies in `const TAGS_PREFIX = "\0tags\0";` for unknown to me reasons. Hardcoding that to `'__tags__'` in my project did the trick and I've been using it for a couple of days now and it seems fine.
The reason I had to completely copy/paste this file in my local project is `self::` instead of `static::` usage. I am not sure whether that is a mistake or is done on purpose, but in order to have this work for me I need to be able to override that constant. Going with static:: seems like a good solution to me, then I can set whatever prefix I need for the tags.
PS: Not exactly sure what to do with tests. Any help would be appreciated.
Commits
-------
405f64b [Cache] MemcachedAdapter not working with TagAwareAdapter
It seems that when MemcachedAdapter is used with TagAwareAdapter, it fails to fetch items, even though I thoroughly tested fetching items with the exact same keys under the same namespace.
Turns out the issue lies in `const TAGS_PREFIX = "\0tags\0";` for unknown to me reasons. Hardcoding that to '__tags__' in my project did the trick and I've been using it for a couple of days now and it seems fine.
The reason I had to completely copy/paste this file in my local project is self:: instead of static:: usage. I am not sure whether that is a mistake or is done on purpose, but in order to have this work for me I need to be able to override that constant. Going with static:: seems like a good solution to me, then I can set whatever prefix I need for the tags.
This PR was merged into the 3.4 branch.
Discussion
----------
[TwigBundle] fix used class name in deprecation message
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
Commits
-------
a4caa16 fix used class name in deprecation message
This PR was merged into the 3.3 branch.
Discussion
----------
[Form][Profiler] Fixes form collector triggering deprecations
| Q | A
| ------------- | ---
| Branch? | 3.3 <!-- see comment below -->
| Bug fix? | yes
| New feature? | no <!-- don't forget updating src/**/CHANGELOG.md files -->
| BC breaks? | no
| Deprecations? | no <!-- don't forget updating UPGRADE-*.md files -->
| Tests pass? | yes
| Fixed tickets | N/A <!-- #-prefixed issue number(s), if any -->
| License | MIT
| Doc PR | N/A
Since 3.3, if you inspect your logs when accessing the form profiler panel, you'll see some of these:
```sh
php.INFO: User Deprecated: The Symfony\Bundle\WebProfilerBundle\Twig\WebProfilerExtension::dumpValue() method is deprecated since version 3.2 and will be removed in 4.0.
[...] at /src/Symfony/Bundle/WebProfilerBundle/Twig/WebProfilerExtension.php:119
```
The [WebProfilerExtension](https://github.com/symfony/symfony/blob/master/src/Symfony/Bundle/WebProfilerBundle/Twig/WebProfilerExtension.php#L73) is still using a `ValueExporter` instance for BC reasons when the $value ins't an instance of `Data` and this BC layer will be removed in 4.0 (so it'll throw an exception/error when trying to use it with something else than a `Data` instance).
The issue is since #21638, collectors (including forms one) have been drastically simplified to leverage the "seamless usage of Data clones", which is great!... But there is a slightly different implementation between `Data::seek()` and [`Data::__get()`](https://github.com/symfony/symfony/blob/master/src/Symfony/Component/VarDumper/Cloner/Data.php#L123-L130). There are probably good reasons for this, but it prevents from using classic Twig property access when the underlying data may be a scalar (`null`, `false`, ...).
I already spot that while working on the [Validator panel](https://github.com/symfony/symfony/pull/22554/files#diff-deac3c5ce4aa87243093dcd6a3f77a56R84). Perhaps there is a better solution, though.
Anyway, current `master` is currently broken, as it still tries to use the `ValueExporter`, which is already removed. And removing the BC layer in `WebProfilerExtension` isn't enough for now. It needs this fix.
BTW it also fixes rendering of the concerned inlined-dumps:
|Before|After|
|--|--|
|<img width="818" alt="screenshot 2017-06-03 a 13 35 25" src="https://cloud.githubusercontent.com/assets/2211145/26753222/01a692e6-4862-11e7-90d5-9cc9e4832648.PNG">|<img width="817" alt="screenshot 2017-06-03 a 13 35 47" src="https://cloud.githubusercontent.com/assets/2211145/26753224/090d5d6c-4862-11e7-87c1-73d5346f602c.PNG">|
Commits
-------
9de898d69f [Form][Profiler] Fixes form collector triggering deprecations
This PR was merged into the 3.3 branch.
Discussion
----------
[Profiler] Fix code excerpt wrapping
| Q | A
| ------------- | ---
| Branch? | 3.3 <!-- see comment below -->
| Bug fix? | yesish
| New feature? | no <!-- don't forget updating src/**/CHANGELOG.md files -->
| BC breaks? | no
| Deprecations? | no <!-- don't forget updating UPGRADE-*.md files -->
| Tests pass? | yes
| Fixed tickets | N/A <!-- #-prefixed issue number(s), if any -->
| License | MIT
| Doc PR | N/A
|Before|After|
|--|--|
|<img width="1346" alt="screenshot 2017-05-30 a 19 09 03" src="https://cloud.githubusercontent.com/assets/2211145/26595449/b8c4302c-456b-11e7-83c4-3471f915437b.PNG">|<img width="1075" alt="screenshot 2017-05-30 a 19 09 35" src="https://cloud.githubusercontent.com/assets/2211145/26595450/b8c61e64-456b-11e7-8b33-bdbe2e90b160.PNG">|
However, I think my own preference for code excerpts would be to never wrap, at the risk of scrolling horizontally. 1024px is enough to read most of the code excerpt without scrolling, and it feels less messy (to me) when a line is too long. WDYT?
Commits
-------
6c87863a0e [Profiler] Never wrap in code excerpts
This PR was merged into the 3.3 branch.
Discussion
----------
[FrameworkBundle] mitigate BC break with empty trusted_proxies
| Q | A
| ------------- | ---
| Branch? | 3.3
| Bug fix? | kind of
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | https://github.com/symfony/symfony/pull/22238#issuecomment-305932238
| License | MIT
| Doc PR |
Commits
-------
ff055ef7f3 mitigate BC break with empty trusted_proxies
This PR was merged into the 2.7 branch.
Discussion
----------
[Form] Mix attr option between guessed options and user options
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #19871
| License | MIT
Commits
-------
84f5de902d mix attr options between type-guess options and user options
This PR was squashed before being merged into the 3.2 branch (closes#22976).
Discussion
----------
[DependencyInjection] Use more clear message when unused environment variables detected
| Q | A
| ------------- | ---
| Branch? |3.2
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #22955
| License | MIT
Old error message:
```
Incompatible use of dynamic environment variables "DATABASE_URL", "MAILER_URL" found in parameters.
```
New error message:
```
Environment variables "DATABASE_URL", "MAILER_URL" are never used. Please, check your container's configuration.
```
Commits
-------
6dbdb1b750 [DependencyInjection] Use more clear message when unused environment variables detected
This PR was merged into the 3.3 branch.
Discussion
----------
[Security] explain that a role can be an instance of Role
| Q | A
| ------------- | ---
| Branch? | 3.3
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
Only mentioning the RoleInterface seems to be confusing as it is
deprecated since Symfony 3.3.
Commits
-------
0068968 explain that a role can be an instance of Role
* 3.3:
[Yaml] Clarify "incompatible key casting" deprecation message
minor #23043 add \ to PHP_VERSION_ID fixes#22650
[PhpUnitBridge] Fix detection of PHPUnit 5
Adding a new event subscriber that "parses" the _controller attribute in the FW
This PR was squashed before being merged into the 3.3 branch (closes#23031).
Discussion
----------
[Yaml] Clarify "incompatible key casting" deprecation message
| Q | A
| ------------- | ---
| Branch? | 3.3
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | N/A
| License | MIT
| Doc PR | N/A
In the process of upgrading to Symfony 3.3 our Yaml linter tests started throwing errors. The exception was a bit unclear to us, so hope this message will help others with fixing their deprecations as well.
Commits
-------
67895f4dd3 [Yaml] Clarify "incompatible key casting" deprecation message
This PR was merged into the 3.3 branch.
Discussion
----------
Parse the _controller format in sub-requests
| Q | A
| ------------- | ---
| Branch? | 3.3
| Bug fix? | yes
| New feature? | no
| BC breaks? | possibly (edge case)
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #22966
| License | MIT
| Doc PR | n/a
As mentioned on the issue (https://github.com/symfony/symfony/issues/22966#issuecomment-305289227), the new "controller service args" functionality relies on the `_controller` attribute to be in either the service format `App\Controller\Foo:bar` or at least the final parsed format `App\Controller\Foo::bar`. But when you make a sub-request with the `App:Foo:bar` format, the `ControllerResolver` correctly parses this, but the `_controller` request attribute will always contain the original `App:Foo:bar` format. That causes the `ServiceValueResolver` to fail.
The only way I can think to fix this - reliably - is to parse the `_controller` attribute in a listener. And this, works great! Notes:
A) There is a small chance for a BC break: if you were relying on the `_controller` old format in a `kernel.request` format in the framework, in a listener between the priority of 25 and 31 for sub-requests (because normal requests have `_controller` normalized during routing)... then you will see a behavior change.
B) We could load the `ControllerNameParser` lazily via a service locator.
C) We could deprecate calling the parser in the FW's `ControllerResolver`. Along with (B), I think it would (in 4.0) mean that the `ControllerNameParser` is not instantiated at runtime (except for sub-requests).
If someone can think of a different/better solution, please let me know!
Cheers!
Commits
-------
9578fd3eb6 Adding a new event subscriber that "parses" the _controller attribute in the FW
This PR was merged into the 3.3 branch.
Discussion
----------
[PhpUnitBridge] Fix detection of PHPUnit 5
| Q | A
| ------------- | ---
| Branch? | 3.3
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
Codeception 2.3 supports both PHPUnit 5 and PHPUnit 6 by defining [aliases](https://github.com/Codeception/Codeception/blob/2.3/shim.php). This confuses symfony/phpunit-bridge and it tries to load BC code for PHPUnit 5 even though I'm using PHPUnit 6.
Commits
-------
dfb5549f63 [PhpUnitBridge] Fix detection of PHPUnit 5
This PR was squashed before being merged into the 3.3 branch (closes#23043).
Discussion
----------
minor #23043 add \ to PHP_VERSION_ID fixes#22650
| Q | A
| ------------- | ---
| Branch? | 3.3
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #22650
| License | MIT
| Doc PR | n/a
this PR is the last one fixing the \ before PHP_VERSION_ID closes definitively #22650
Commits
-------
d3e6a2d6f6 minor #23043 add \ to PHP_VERSION_ID fixes#22650