This PR was merged into the 4.3 branch.
Discussion
----------
[TwigBridge] Add row_attr to all form themes
| Q | A
| ------------- | ---
| Branch? | 4.3
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | Fix#33552
| License | MIT
| Doc PR | -
The rules I applied:
- Always done on the first HTML tag of the row.
- Current existing row attrs (`class` or `style`) are applied unless they are defined by the `row_attr` override. They can be removed if they are explicitly set to `false`.
Starting from:
```
<div class="form-group">
```
With `row_attr: {foo: "bar"}`:
```
<div foo="bar" class="form-group">
```
With `row_attr: {class: "ccc"}`:
```
<div class="ccc">
```
With `row_attr: {foo: "bar", class: false}`:
```
<div foo="bar">
```
Commits
-------
dfdcbb401e [TwigBridge] Add row_attr to all form themes
This PR was squashed before being merged into the 4.4 branch.
Discussion
----------
[FWBundle] Remove error_renderer.serializer if the Serializer isn't available
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | no <!-- please update src/**/CHANGELOG.md files -->
| Deprecations? | no <!-- please update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| Tickets | n/a
| License | MIT
| Doc PR | n/a
(Should help for https://github.com/hautelook/AliceBundle/pull/485).
Commits
-------
0b4c21b3d2 [FWBundle] Remove error_renderer.serializer if the Serializer isn't available
* 4.4: (38 commits)
reset the kernel cache after each test
[HttpKernel] Ability to define multiple kernel.reset tags
[Routing] Continue supporting single colon in object route loaders
[FWBundle] Remove unused parameter
[Intl] [Workflow] fixes English grammar typos
[Filesystem] [Serializer] fixes English grammar typo
mailer: mailchimp bridge is throwing undefined index _id when setting message id in mandrill http transport
has_roles should be is_granted in upgrade files
[HttpClient] Fix early cleanup of pushed HTTP/2 responses
skip test on incompatible PHP versions
[HttpKernel] Don't cache "not-fresh" state
[FrameworkBundle][Cache] Don't deep-merge cache pools configuration
[Messenger] Adding exception to amqp transport in case amqp ext is not installed
[SecurityBundle] Don't require a user provider for the anonymous listener
[Monolog Bridge] Fixed accessing static property as non static.
Improve Symfony description
[Mailer] Add UPGRADE entries about Envelope and MessageEvent
[FrameworkBundle] fix leftover mentioning "secret:" processor
Add DateTimeZoneNormalizer into Dependency Injection
[Messenger] Error when specified default bus is not among the configured
...
* 4.3:
[FWBundle] Remove unused parameter
[Intl] [Workflow] fixes English grammar typos
[Filesystem] [Serializer] fixes English grammar typo
[Messenger] Adding exception to amqp transport in case amqp ext is not installed
[Monolog Bridge] Fixed accessing static property as non static.
Improve Symfony description
Add DateTimeZoneNormalizer into Dependency Injection
[Messenger] Error when specified default bus is not among the configured
[Validator] Add Japanese translation
[Workflow] Apply the same logic of precedence between the apply() and the buildTransitionBlockerList() method
Remove some unused methods parameters
Avoid empty \"If-Modified-Since\" header in validation request
[Security] Fix SwitchUser is broken when the User Provider always returns a valid user
Fix error message according to the new regex
compatibility with DoctrineBundle 2
[Validator] ConstraintValidatorTestCase: add missing return value to mocked validate method calls
This PR was merged into the 4.4 branch.
Discussion
----------
[SecurityBundle] Don't require a user provider for the anonymous listener
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | Fix#34504
| License | MIT
| Doc PR | -
Forgotten when adding the AnonymousFactory in #33503
Commits
-------
0950cfbc65 [SecurityBundle] Don't require a user provider for the anonymous listener
* 4.4:
[Routing] fix tests
[Form] group constraints when calling the validator
Remove wrong @group legacy annotations
[DependencyInjection] Fix dumping multiple deprecated aliases
allow button names to start with uppercase letter
States that the HttpClient provides a Http Async implementation
* 4.4:
[Messenger] Perform no deep merging of bus middleware
[HttpFoundation] Added possibility to configure expiration time in redis session handler
[FrameworkBundle] Remove project dir from Translator cache vary scanned directories
[HttpFoundation] Allow redirecting to URLs that contain a semicolon
Drop useless executable bit
[DoctrineBridge] Improve queries parameters display in Profiler
catch exceptions when using PDO directly
[SecurityBundle] fix failing test
* 4.3:
[FrameworkBundle] Remove project dir from Translator cache vary scanned directories
[HttpFoundation] Allow redirecting to URLs that contain a semicolon
catch exceptions when using PDO directly
[SecurityBundle] fix failing test
This PR was merged into the 4.4 branch.
Discussion
----------
[Messenger] Perform no deep merging of bus middleware
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | no
| New feature? | yes
| Deprecations? | no
| Tickets | n/a
| License | MIT
| Doc PR | n/a
This change helps in case one needs to configure a bus differently for a custom environment while keeping existing handlers attached by name.
Commits
-------
c264583f28 [Messenger] Perform no deep merging of bus middleware
* 4.4: (23 commits)
[HttpFoundation] fix docblock
[HttpKernel] Flatten "exception" controller argument if not typed
Fix MySQL column type definition.
Link the right file depending on the new version
[Cache] Redis Tag Aware warn on wrong eviction policy
[HttpClient] fix HttpClientDataCollector
[HttpKernel] collect bundle classes, not paths
[Config] fix id-generation for GlobResource
[HttpKernel] dont check cache freshness more than once per process
[Finder] Allow ssh2 stream wrapper for sftp
[FrameworkBundle] fix wiring of httplug client
add FrameworkBundle requirement
[SecurityBundle] add tests with empty authenticator
[Security] always check the token on non-lazy firewalls
[DI] Use reproducible entropy to generate env placeholders
[WebProfilerBundle] Require symfony/twig-bundle
[Mailer] Add UPGRADE entry about the null transport DSN
bumped Symfony version to 4.3.9
updated VERSION for 4.3.8
updated CHANGELOG for 4.3.8
...
* 4.4:
[Console] Constant STDOUT might be undefined.
Add missing conflict with symfony/serializer <4.4
Allow returning null from NormalizerInterface::normalize
bumped Symfony version to 4.4.0
updated VERSION for 4.4.0-BETA1
updated CHANGELOG for 4.4.0-BETA1
[Security\Core] throw AccessDeniedException when switch user fails
[Mime] fix guessing mime-types of files with leading dash
[HttpFoundation] fix guessing mime-types of files with leading dash
[VarExporter] fix exporting some strings
[Cache] forbid serializing AbstractAdapter and TagAwareAdapter instances
Use constant time comparison in UriSigner
* 4.3:
[Console] Constant STDOUT might be undefined.
Allow returning null from NormalizerInterface::normalize
[Security\Core] throw AccessDeniedException when switch user fails
[Mime] fix guessing mime-types of files with leading dash
[HttpFoundation] fix guessing mime-types of files with leading dash
[VarExporter] fix exporting some strings
[Cache] forbid serializing AbstractAdapter and TagAwareAdapter instances
Use constant time comparison in UriSigner
This PR was merged into the 5.0-dev branch.
Discussion
----------
more strict requirements of experimental components
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| Tickets |
| License | MIT
| Doc PR |
Commits
-------
23bc40b764 more strict requirements of experimental components
* 4.4:
[DI] fix locators with numeric keys
Add support for NO_COLOR env var
[DI][FrameworkBundle] add EnvVarLoaderInterface - remove SecretEnvVarProcessor
Fix error when we use VO for the marking property
[DI] Remove LazyString from 4.4, before adding back to the String component
This PR was merged into the 4.4 branch.
Discussion
----------
[DI] Remove LazyString from 4.4, before adding back to the String component
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | -
In #34190 I'm proposing to move LazyString to the Service contracts, but String might be a better fit actually. Let's remove the class from 4.4 where it's not really needed, and add it back on 5.0 in the String component.
Commits
-------
b1a3ee76ac [DI] Remove LazyString from 4.4, before adding back to the String component
* 4.4:
[DI] Dont cache classes with missing parents
[HttpClient] Fix a crash when calling CurlHttpClient::__destruct()
Unallow symfony/http-kernel ^5.0
[FrameworkBundle] fix SodiumVault after stof review
[HttpClient] allow arbitrary JSON values in requests
[DependencyInjection] Added option `ignore_errors: not_found` while importing config files
[Validator] Add the missing translations for the Hebrew (\"he\") locale and fix 2 typos
[FrameworkBundle][Translation] Invalidate cached catalogues when the scanned directories change
This PR was merged into the 4.4 branch.
Discussion
----------
[FrameworkBundle] fix SodiumVault after stof review
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | -
As spotted by @stof in https://github.com/symfony/symfony/pull/34275#pullrequestreview-313355834
Commits
-------
a594599078 [FrameworkBundle] fix SodiumVault after stof review
* 4.3:
[DI] Dont cache classes with missing parents
[HttpClient] Fix a crash when calling CurlHttpClient::__destruct()
[Validator] Add the missing translations for the Hebrew (\"he\") locale and fix 2 typos
[FrameworkBundle][Translation] Invalidate cached catalogues when the scanned directories change
This PR was merged into the 5.0-dev branch.
Discussion
----------
[SecurityBundle] Remove deprecated service and code
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | -
Remove deprecated service in https://github.com/symfony/symfony/pull/25839 and deprecated code in https://github.com/symfony/symfony/pull/33676.
Commits
-------
ad61d6f72b [SecurityBundle] Remove deprecated service and code
This PR was merged into the 4.3 branch.
Discussion
----------
[FrameworkBundle][Translation] Invalidate cached catalogues when the scanned directories change
| Q | A
| ------------- | ---
| Branch? | 4.3
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | https://github.com/symfony/symfony/issues/33992
| License | MIT
| Doc PR | -
The cache file name needs to depend on the scanned directories list. Otherwise, when a new directory is added, even if the container is rebuilt and the `FWB Translator` gets the new scanned directories list, the cached catalogue name is still the same and is resolved accordingly.
An alternative would be to make the `Translation Translator` `getCatalogueCachePath()` method and `fallbackLocales` `@internal` and `protected` to just override everything in the `FWB Translator`. The `cacheVary` argument has the benefit to be reusable by all the `Translation` component users.
Note that there is a negative minor performance impact that increases when the list of scanned directories grows.
Commits
-------
6cbee0944c [FrameworkBundle][Translation] Invalidate cached catalogues when the scanned directories change
* 4.4: (39 commits)
[Console] Fix#33915, Detect dimensions using mode CON if vt100 is supported
[PhpUnitBridge] Also search for composer.phar in git root folder
[HttpKernel][DataCollectorInterface] Ease compatibility
Add tests to ensure defaultLocale is properly passed to the URL generator
[DependencyInjection] Fix broken references in tests
[VarDumper] display the method we're in when dumping stack traces
[HttpClient] Retry safe requests when then fail before the body arrives
[Console] Rename some methods related to redraw frequency
Avoid using of kernel after shutdown
Simplify PHP CS Fixer configuration
[PropertyInfo] Fixed type extraction for nullable collections of non-nullable elements
[FrameworkBundle] [HttpKernel] fixed correct EOL and EOM month
Fix CS
[Serializer] Fix property name usage for denormalization
Name test accordingly to the tested class
Fix MockFileSessionStorageTest::sessionDir being used after it's unset
[Security] Fix SwitchUserToken wrongly deauthenticated
Supporting Bootstrap 4 custom switches
Add new Form WeekType
bumped Symfony version to 4.3.7
...
* 4.3: (26 commits)
[Console] Fix#33915, Detect dimensions using mode CON if vt100 is supported
[HttpKernel][DataCollectorInterface] Ease compatibility
Add tests to ensure defaultLocale is properly passed to the URL generator
[DependencyInjection] Fix broken references in tests
[HttpClient] Retry safe requests when then fail before the body arrives
Avoid using of kernel after shutdown
Simplify PHP CS Fixer configuration
[PropertyInfo] Fixed type extraction for nullable collections of non-nullable elements
[FrameworkBundle] [HttpKernel] fixed correct EOL and EOM month
[Serializer] Fix property name usage for denormalization
Name test accordingly to the tested class
Fix MockFileSessionStorageTest::sessionDir being used after it's unset
bumped Symfony version to 4.3.7
updated VERSION for 4.3.6
updated CHANGELOG for 4.3.6
bumped Symfony version to 3.4.34
updated VERSION for 3.4.33
update CONTRIBUTORS for 3.4.33
updated CHANGELOG for 3.4.33
[HttpClient] Fix perf issue when doing thousands of requests with curl
...
* 3.4:
[DependencyInjection] Fix broken references in tests
Avoid using of kernel after shutdown
Simplify PHP CS Fixer configuration
[FrameworkBundle] [HttpKernel] fixed correct EOL and EOM month
Fix MockFileSessionStorageTest::sessionDir being used after it's unset
bumped Symfony version to 3.4.34
updated VERSION for 3.4.33
update CONTRIBUTORS for 3.4.33
updated CHANGELOG for 3.4.33
[Stopwatch] Fixed a bug in stopwatch event getStartTime
[Stopwatch] Fixed bug in getDuration when counting multiple ongoing periods
Adding some validations tags on validators.et.xlf
add missing translation for 94 (it)
This PR was merged into the 4.4 branch.
Discussion
----------
[ErrorRenderer] Show generic message in non-debug mode
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | -
I agree with @Tobion here https://github.com/symfony/symfony/pull/34158#issuecomment-548181099, so let's always show the detail message, but for 5xx errors we'll send a generic message instead.
/cc @dunglas wdyt?
Commits
-------
45f1a5ee06 Show generic message in non-debug mode
This PR was merged into the 4.4 branch.
Discussion
----------
[DI] Add compiler pass and command to check that services wiring matches type declarations
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #27744
| License | MIT
| Doc PR |
PR replacing https://github.com/symfony/symfony/pull/27825.
It adds a `lint:container` command asserting the type hints used in your code are correct.
Commits
-------
8230a1543e Make it really work on real apps
4b3e9d4c96 Fix comments, improve the feature
a6292b917b [DI] Add compiler pass to check arguments type hint
* Added a hardcoded day 01 in order to output the proper month November
which is the correct EOL and EOM month.
* \DateTime::createFromFormat('mY') will output December for every month
where day 31 exists.
This PR was merged into the 4.4 branch.
Discussion
----------
Add new Form WeekType
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | no
| New feature? | yes <!-- please update src/**/CHANGELOG.md files -->
| BC breaks? | no <!-- see https://symfony.com/bc -->
| Deprecations? | no <!-- please update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| Tests pass? | yes <!-- please add some, will be required by reviewers -->
| Fixed tickets | #32029
| License | MIT
| Doc PR | <!--symfony/symfony-docs#...--> coming soon
----
#### Update
After the first try, I've updated the field to have more options, and be more "straight".
The field acts like the `DateTimeType` or `TimeType`, various fields type (pure text, html5 type, select boxes), data validation, ....
For that I took the choice to update the `DateTimeToStringTransformer` and `DateTimeToArrayTransformer` to make them work with weeks format.
I was not sure if it was better to update them or create new ones, WDYT?
Before addind tests and docs, it would be nice to have your first thoughts/comments 😊
Do you need/want a small test repo?
Commits
-------
c4a2f026e0 Add new Form WeekType
This PR was merged into the 4.4 branch.
Discussion
----------
Fix typo
| Q | A
| ------------- | ---
| Branch? | 4.4 <!-- see below -->
| Bug fix? | yes
| New feature? | no <!-- please update src/**/CHANGELOG.md files -->
| Deprecations? | no <!-- please update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| Tickets | n/a <!-- prefix each issue number with "Fix #", if any -->
| License | MIT
| Doc PR | n/a
<!--
Replace this notice by a short README for your feature/bugfix. This will help people
understand your PR and can be used as a start for the documentation.
Additionally (see https://symfony.com/roadmap):
- Always add tests and ensure they pass.
- Never break backward compatibility (see https://symfony.com/bc).
- Bug fixes must be submitted against the lowest maintained branch where they apply
(lowest branches are regularly merged to upper ones so they get the fixes too.)
- Features and deprecations must be submitted against branch 4.4.
- Legacy code removals go to the master branch.
-->
Commits
-------
327a13cac0 Fix typo
This PR was squashed before being merged into the 4.4 branch (closes#34155).
Discussion
----------
Revert SyncTransport simplification and fix properly
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | Fix#34115 (and also related to #34066)
| License | MIT
| Doc PR | Not needed
In #34069, I made `SyncTransport` simpler by removing that transport class and making the whole things a config trick. I felt GREAT about that solution... until i realized two big problems:
1) It kills using env vars for `sync://` because we read the config values at build time - #34115 - that could probably be fixed by adding a factory, but then there is also the next problem
2) If someone routed a message to `[async, sync]` (weird, but allowed), my #34069 config solution basically maps this internally to `[async]`, which actually causes the message to *not* be handled immediately. Basically, my solution only worked if you route a message ONLY to one sync transport, but fails if you route to multiple transports.
So... this fixes things in a less-cool, but sensible way:
A) The first commit reverts #34069 exactly
B) The second commit solves the issue that we need to know if a message is being handled in a "worker" context or not, so middleware can decide if they should reset things before/after handling things. Previously we were using `ReceivedStamp` to know this. But because `SyncTransport` also "receives" the message and adds this stamp, it's not enough. To fix this, I added a new `ConsumedByWorkerStamp` that clearly means: "This message is being handled by a worker" (and so, you might want to "reset" some things before/after handling).
Thanks!
Commits
-------
01a9fefe77 Adding ConsumedByWorkerStamp as way to mark a message in a "worker context"
38f19a960c Revert "[Messenger] Removing "sync" transport and replacing it with much nicer config trick"
This PR was merged into the 4.3 branch.
Discussion
----------
[4.3] Remove unused local variables
| Q | A
| ------------- | ---
| Branch? | 4.3
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | -
Follow up of https://github.com/symfony/symfony/pull/34105 on 4.3.
Commits
-------
58161b8eec [4.3] Remove unused local variables
* 4.4:
[Config] Disable default alphabet sorting in glob function due of unstable sort
[HttpClient] always return the empty string when the response cannot have a body
[TwigBundle][exception] Added missing css variable to highlight line in trace
[Serializer] Improve messages for unexpected resources values
[SecurityBundle] correct types for default arguments for firewall configs
* 4.3:
[Config] Disable default alphabet sorting in glob function due of unstable sort
[HttpClient] always return the empty string when the response cannot have a body
[TwigBundle][exception] Added missing css variable to highlight line in trace
[Serializer] Improve messages for unexpected resources values
[SecurityBundle] correct types for default arguments for firewall configs
* 3.4:
[Config] Disable default alphabet sorting in glob function due of unstable sort
[Serializer] Improve messages for unexpected resources values
[SecurityBundle] correct types for default arguments for firewall configs
* 4.4:
[HttpFoundation][FrameworkBundle] allow configuring the session handler with a DSN
[Validator] Add AutoMapping constraint to enable or disable auto-validation
[DI] Fix "!tagged" related upgrade/changelog notes
* 4.4:
Re-allow to use "tagged" in service definitions
[HttpFoundation] Allow to not pass a parameter to Request::isMethodSafe()
Add missing lock connection string in FrameworkExtension
[DomCrawler] normalizeWhitespace should be true by default
[DoctrineBridge] Auto-validation must work if no regex are passed
Allows URL DSN in Lock and Cache
* 4.4:
[OptionsResolve] Revert change in tests for a not-merged change in code
[HttpClient] fix handling of 3xx with no Location header - ignore Content-Length when no body is expected
[Workflow] Made the configuration more robust for the 'property' key
[Security/Core] make NativePasswordEncoder use sodium to validate passwords when possible
[FrameworkBundle] make SodiumVault report bad decryption key accurately
cs fix
[Security] Allow to set a fixed algorithm
[Security/Core] make encodedLength computation more generic
[Security/Core] add fast path when encoded password cannot match anything
#30432 fix an error message
fix paths to detect code owners
[HttpClient] ignore the body of responses to HEAD requests
[Validator] Ensure numeric subpaths do not cause errors on PHP 7.4
[SecurityBundle] Fix wrong assertion
Remove unused local variables in tests
[Yaml][Parser] Remove the getLastLineNumberBeforeDeprecation() internal unused method
Make sure to collect child forms created on *_SET_DATA events
[WebProfilerBundle] Improve display in Email panel for dark theme
do not render errors for checkboxes twice
* 4.3:
[OptionsResolve] Revert change in tests for a not-merged change in code
[HttpClient] fix handling of 3xx with no Location header - ignore Content-Length when no body is expected
[Workflow] Made the configuration more robust for the 'property' key
[Security/Core] make NativePasswordEncoder use sodium to validate passwords when possible
#30432 fix an error message
fix paths to detect code owners
[HttpClient] ignore the body of responses to HEAD requests
[Validator] Ensure numeric subpaths do not cause errors on PHP 7.4
[SecurityBundle] Fix wrong assertion
Remove unused local variables in tests
[Yaml][Parser] Remove the getLastLineNumberBeforeDeprecation() internal unused method
Make sure to collect child forms created on *_SET_DATA events
[WebProfilerBundle] Improve display in Email panel for dark theme
do not render errors for checkboxes twice
This PR was merged into the 3.4 branch.
Discussion
----------
[SecurityBundle] correct types for default arguments for firewall configs
| Q | A
| ------------- | ---
| Branch? | 3.4 (and forward)
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | n/a
| License | MIT
| Doc PR | n/a
Up until now, the default template arguments in the `security.firewall.config` abstract service definition have been each defined (aside from the argument for `$listeners` which is given a `collection` type) in the XML as
```xml
<argument />
```
which resolves to an empty string, despite that some of the arguments are typed to being either `bool` or `array|null` on the `Symfony\Bundle\SecurityBundle\Security\FirewallConfig` class itself.
This wouldn't be so much of a problem if the child definitions that use this as a template overrode all the arguments every time, but in the case of firewall configs that mark security as _not_ being enabled, [only the first few arguments are overwritten](https://github.com/symfony/symfony/blob/3.4/src/Symfony/Bundle/SecurityBundle/DependencyInjection/SecurityExtension.php#L349-L352), so firewall config objects that do not have security enabled are instantiated by the DI container with parameters with some of the wrong types.
In general this wouldn't be an issue, as firewalls with security not enabled would not usually be consumed in a context where further security-related config were needed, but there is a case in `Symfony\Bundle\SecurityBundle\DataCollector\SecurityDataCollector` where the method `getSwitchUser()` on the firewall config object [can be called](https://github.com/symfony/symfony/blob/3.4/src/Symfony/Bundle/SecurityBundle/DataCollector/SecurityDataCollector.php#L181) without checking first whether the firewall has security enabled, which leads to an exception being thrown:
```
Symfony\Component\Debug\Exception\ContextErrorException
Warning: Illegal string offset 'parameter'
in vendor/symfony/symfony/src/Symfony/Bundle/SecurityBundle/DataCollector/SecurityDataCollector.php (line 184)
```
which is down to the firewall config being set with an empty string rather than `null` (in which case the logic here would function as expected).
It seemed most appropriate as a fix (especially given possible introduction of scalar type hints in the future) to apply types to the default arguments so that it was no longer possible to instantiate a firewall config object with parameters of unexpected types.
<!--
Replace this notice by a short README for your feature/bugfix. This will help people
understand your PR and can be used as a start for the documentation.
Additionally (see https://symfony.com/roadmap):
- Always add tests and ensure they pass.
- Never break backward compatibility (see https://symfony.com/bc).
- Bug fixes must be submitted against the lowest maintained branch where they apply
(lowest branches are regularly merged to upper ones so they get the fixes too.)
- Features and deprecations must be submitted against branch 4.4.
- Legacy code removals go to the master branch.
-->
Commits
-------
6b7044fc01 [SecurityBundle] correct types for default arguments for firewall configs
* 3.4:
#30432 fix an error message
fix paths to detect code owners
[Validator] Ensure numeric subpaths do not cause errors on PHP 7.4
Remove unused local variables in tests
Make sure to collect child forms created on *_SET_DATA events
do not render errors for checkboxes twice
This PR was merged into the 4.4 branch.
Discussion
----------
[Security] Allow to stick to a specific password hashing algorithm
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | no
| New feature? | yes
| Deprecations? | no
| Tickets | Fix#33054
| License | MIT
| Doc PR | todo
Allows using `argon2i`, `argon2id` and `bcrypt`.
Commits
-------
6712d1e504 [Security] Allow to set a fixed algorithm
This PR was merged into the 4.4 branch.
Discussion
----------
[FrameworkBundle] Remove suffix convention when using env vars to override secrets from the vault
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | -
Right now, env vars that override encrypted secrets must en up with `_SECRET`.
This PR removes this convention. It also enforces that only vars defined in the vault can be overriden locally. This means one cannot set a local-only secret.
Commits
-------
2ec9647e75 [FrameworkBundle] Remove suffix convention when using env vars to override secrets from the vault
* 4.4:
[Validator] Set Length::$allowEmptyString to false when a NotBlank contraint is defined
[FrameworkBundle] Dont reset the test container but the real one instead
Import missing classes
[SecurityBundle] test with doctrine-bundle 2
This PR was merged into the 4.4 branch.
Discussion
----------
[FrameworkBundle] Don't reset the test container but the real one instead
| Q | A
| ------------- | ---
| Branch? | 4.4 for features / 3.4 or 4.3 for bug fixes <!-- see below -->
| Bug fix? | yes/no
| New feature? | yes/no <!-- please update src/**/CHANGELOG.md files -->
| Deprecations? | yes/no <!-- please update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| Tickets | Fix #... <!-- prefix each issue number with "Fix #", if any -->
| License | MIT
| Doc PR | -
After #31202 and #32056, the tearDown method keeps throwing deprecation notices about "Getting the container from a non-booted kernel". The reason is that resetting the test-container calls `$kernel->getContainer()` while the kernel has been shut down.
This fixes it and a few other glitches found meanwhile.
Commits
-------
8e16143256 [FrameworkBundle] Dont reset the test container but the real one instead
This PR was merged into the 4.4 branch.
Discussion
----------
[SecurityBundle] test with doctrine-bundle 2
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | -
Commits
-------
e3261f4f7f [SecurityBundle] test with doctrine-bundle 2
* 4.4:
[Debug] remove return types that break FC badly
[Mailer][MailchimpBridge] Don't send address names if empty string
[ExpressionLanguage][Lexer] Exponential format for number
[Mailer] Fix SES Message Id retrieval
Add .gitignore to .gitattributes
This PR was merged into the 4.4 branch.
Discussion
----------
Add .gitignore to .gitattributes
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | #33946
| License | MIT
Commits
-------
246c5fdf43 Add .gitignore to .gitattributes
* 4.4:
[ErrorRenderer] FlattenException cannot be final
Fixing issue where worker-only middleware were run in all contexts
[Messenger] Removing "sync" transport and replacing it with much nicer config trick
Use port 465 for SES SMTP transport
[DI] made the `%env(base64:...)%` processor able to decode base64url
[VarDumper] improve displaying cut closures
Set ReturnType of LockFactory to LockInterface
[EventDispatcher] handle lazy-callable invokable
* 4.4:
[Console] Revert wrong change
[HttpClient] Add a canceled state to the ResponseInterface
Fix small typo in Exception message
Restrict secrets management to sodium+filesystem
Add secrets management
Proof of concept for encrypted secrets
* 4.4:
extend legacy exception for backwards compatibility
[HttpClient] workaround curl_multi_select() issue
[CI] fix building local packages
Add show-deprecations option to lint:twig command
[HttpClient] try using php-http/discovery when nyholm/psr7 is not installed
[FrameworkBundle] Improve the sorting of tagged services
[HttpClient] add HttpClient::createForBaseUri()
Increase limits for flakey appveyor tests
This PR was merged into the 4.4 branch.
Discussion
----------
[ErrorHandler] Rework fatal errors
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | https://github.com/symfony/symfony/issues/32605
| License | MIT
| Doc PR | -
Built on top of https://github.com/symfony/symfony/pull/33038 so review only the second commit : d5c3f7ed48
The goals of this PR is to replace current "fatal error handlers" with "error enhancers" since all our current fatal error handlers works on \Error since PHP7.
That means we won't use the FatalErrorException anymore, so we will be able to remove it (once we don't need it in the rest of the codebase).
The final goal btw is to handle \Throwable everywhere in the code so we can remove FatalThrowableError & FatalErrorException classes.
Commits
-------
aaa0cdf523 [ErrorHandler] Rework fatal error handlers
* 4.4: (26 commits)
cs fix
[Validator] sync NO and NB translations
[Cache] improve perf of pruning for fs-based adapters
[Cache] cs fix
[Cache] clean tags folder on invalidation
[Cache] remove implicit dependency on symfony/filesystem
Allow to set cookie_samesite to 'none'
[Dotenv] support setting default env var values
[VarDumper] fix array key error for class SymfonyCaster
[Cache] Improve RedisTagAwareAdapter invalidation logic & requirements
Adds missing translations for no nb
[HttpKernel] fix $dotenvVars in data collector
Add the missing translations for the Swedish ("sv") locale
Prevent ProgressBar redraw when message is same
[DI] enable improved syntax for defining method calls in Yaml
bumped Symfony version to 4.3.6
updated VERSION for 4.3.5
updated CHANGELOG for 4.3.5
bumped Symfony version to 3.4.33
updated VERSION for 3.4.32
...
* 4.3:
[Cache] clean tags folder on invalidation
[Cache] remove implicit dependency on symfony/filesystem
Allow to set cookie_samesite to 'none'
[VarDumper] fix array key error for class SymfonyCaster
Adds missing translations for no nb
[HttpKernel] fix $dotenvVars in data collector
Add the missing translations for the Swedish ("sv") locale
bumped Symfony version to 4.3.6
updated VERSION for 4.3.5
updated CHANGELOG for 4.3.5
bumped Symfony version to 3.4.33
updated VERSION for 3.4.32
update CONTRIBUTORS for 3.4.32
updated CHANGELOG for 3.4.32
[Messenger] DoctrineTransport: ensure auto setup is only done once
[Form][DateTimeImmutableToDateTimeTransformer] Preserve microseconds and use \DateTime::createFromImmutable() when available
[Crawler] document $default as string|null
* 4.4:
[travis] Fix build-packages script
Add types to constructors and private/final/internal methods (Batch III)
[HttpClient] Async HTTPlug client
[Messenger] Allow to configure the db index on Redis transport
[HttpClient] bugfix exploding values of headers
[VarDumper] Made all casters final
[VarDumper] Added a support for casting Ramsey/Uuid
Remove useless testCanCheckIfTerminalIsInteractive test case
[Validator] Add the missing translations for the Thai (\"th\") locale
[Routing] gracefully handle docref_root ini setting
[Validator] Fix ValidValidator group cascading usage
This PR was squashed before being merged into the 4.4 branch (closes#33770).
Discussion
----------
Add types to constructors and private/final/internal methods (Batch III)
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| Tickets | #32179, #33228
| License | MIT
| Doc PR | N/A
Followup to #33709, this time with:
* Validator
* VarDumper
* Workflow
* Yaml
* all bridges
* all bundles
That should be the final batch. 😃
Commits
-------
6493902287 Add types to constructors and private/final/internal methods (Batch III)
* 4.4: (27 commits)
[Validator] add notice in UPGRADE file for new Range constraint option
[CssSelector] Support *:only-of-type pseudo class selector
[Intl] Update the ICU data to 65.1 (4.4 branch)
[Intl] Update the ICU data to 65.1 (4.3 branch)
Replace deprecated calls in tests
[Intl] Update the ICU data to 65.1
Delete 5_Security_issue.md
[DI] Whitelist error_renderer.renderer tag in UnusedTagsPass
[DI] Whitelist validator.auto_mapper in UnusedTagsPass
Update CHANGELOG.md
[HttpClient] Fixed#33832 NO_PROXY option ignored in NativeHttpClient::request() method
[EventDispatcher] A compiler pass for aliased userland events.
[Cache] give 100ms before starting the expiration countdown
[Cache] fix logger usage in CacheTrait::doGet()
[VarDumper] fix dumping uninitialized SplFileInfo
Added missing translations.
[Form] Added CountryType option for using alpha3 country codes
Fixed invalid changelog 4.0.0 for VarDumper
[Workflow] Fixed BC break on WorkflowInterface
Fix wrong expression language value
...
This PR was squashed before being merged into the 5.0-dev branch (closes#33868).
Discussion
----------
Skip the intl notice if run with phpunit
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| Tickets | Re #33825
| License | MIT
| Doc PR | -
Commits
-------
25461b358c Skip the intl notice if run with phpunit
* 4.3:
[Intl] Update the ICU data to 65.1 (4.3 branch)
Replace deprecated calls in tests
[Intl] Update the ICU data to 65.1
Delete 5_Security_issue.md
[DI] Whitelist validator.auto_mapper in UnusedTagsPass
[HttpClient] Fixed#33832 NO_PROXY option ignored in NativeHttpClient::request() method
[Cache] give 100ms before starting the expiration countdown
[Cache] fix logger usage in CacheTrait::doGet()
[VarDumper] fix dumping uninitialized SplFileInfo
Added missing translations.
Fixed invalid changelog 4.0.0 for VarDumper
Fixed invalid VarDumper upgrade doc.
[HttpFoundation] Check if data passed to SessionBagProxy::initialize is an array
Don't let falsey usernames slip through
This PR was merged into the 5.0-dev branch.
Discussion
----------
[FrameworkBundle] encourage installing intl when String is available
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | -
Commits
-------
215595be5a [FrameworkBundle] encourage installing intl when String is available
* 4.4: (24 commits)
[Console] Command::execute() should always return int - deprecate returning null
[FrameworkBundle] Fix wrong returned status code in ConfigDebugCommand
[AnnotationCacheWarmer] add RedirectController to annotation cache
[WebProfilerBundle] Try to display the most useful panel by default
Add note about deprecating the XmlEncoder::TYPE_CASE_ATTRIBUTES constant in the upgrade guide
fix merge
[DI] add tests loading calls with returns-clone
[DI] dont mandate a class on inline services with a factory
Fixed Redis Sentinel usage when only one Sentinel specified
[EventDispatcher] Added tests for aliased events.
Sync Twig templateExists behaviors
Fix the :only-of-type pseudo class selector
Deprecate the XmlEncoder::TYPE_CASE_ATTRIBUTES constant
[Mailer] Tweak some code
[Serializer] Add CsvEncoder tests for PHP 7.4
Copy phpunit.xsd to a predictable path
[WebserverBundle] Remove duplicated deprecation message
remove duplicated test
[Security/Http] fix parsing X509 emailAddress
[FrameworkBundle] conflict with VarDumper < 4.4
...
- added deprecation message for non-int return value in Command::execute()
- fixed all core commands to return proper int values
- added proper return type-hint to Command::execute() method in all core Commands
This prevents to exclude the RedirectController from the warmed annotation cache which would lead to warnings when trying to use the warmed cache on read only file systems
See #29357
* 4.3:
Sync Twig templateExists behaviors
Fix the :only-of-type pseudo class selector
[Serializer] Add CsvEncoder tests for PHP 7.4
Copy phpunit.xsd to a predictable path
[Security/Http] fix parsing X509 emailAddress
[Serializer] fix denormalization of string-arrays with only one element #33731
[Cache] fix known tag versions ttl check
* 3.4:
Sync Twig templateExists behaviors
Fix the :only-of-type pseudo class selector
[Serializer] Add CsvEncoder tests for PHP 7.4
Copy phpunit.xsd to a predictable path
[Security/Http] fix parsing X509 emailAddress
[Serializer] fix denormalization of string-arrays with only one element #33731
[Cache] fix known tag versions ttl check
* 4.4:
sync phpunit script with master
[HttpFoundation] allow additinal characters in not raw cookies
[Console] Deprecate abbreviating hidden command names using Application->find()
Do not include hidden commands in suggested alternatives
[Messenger] Improve error message when routing to an invalid transport (closes#31613)
[DependencyInjection] Fix wrong exception when service is synthetic
[Security] add "anonymous: lazy" mode to firewalls
This PR was merged into the 4.4 branch.
Discussion
----------
[DX][Messenger] Improve error message when routing to an invalid transport
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #31613
| License | MIT
| Doc PR | -
Commits
-------
7909092891 [Messenger] Improve error message when routing to an invalid transport (closes#31613)
This PR was merged into the 4.4 branch.
Discussion
----------
[Security] add "anonymous: lazy" mode to firewalls
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | no
| New feature? | yes
| Deprecations? | no
| Tickets | Fixes#26769 et al.
| License | MIT
| Doc PR | -
Contains #33663 until it is merged.
This PR allows defining a firewall as such:
```yaml
security:
firewalls:
main:
anonymous: lazy
```
This means that the corresponding area should not start the session / load the user unless the application actively gets access to it. On pages that don't fetch the user at all, this means the session is not started, which means the corresponding token neither is. Lazily, when the user is accessed, e.g. via a call to `is_granted()`, the user is loaded, starting the session if needed.
See #27817 for previous explanations on the topic also.
Note that thanks to the logic in #33633, this PR doesn't have the drawback spotted in #27817: here, the profiler works as expected.
Recipe update pending at https://github.com/symfony/recipes/pull/649
Commits
-------
5cd1d7b4cc [Security] add "anonymous: lazy" mode to firewalls
* 4.4:
[Form][Validator][Intl] Fix tests
[Messenger] return empty envelopes when RetryableException occurs
[Intl] Excludes locale from language codes (split localized language names)
[FrameworkBundle] WebTestCase KernelBrowser::getContainer null return type
[Intl] Fix compile type errors
[Validator] Accept underscores in the URL validator as the URL will resolve correctly
[Translation] Collect original locale in case of fallback translation
Add types to constructors and private/final/internal methods (Batch I)
[HttpFoundation] optimize normalization of headers
Replace REMOTE_ADDR in trusted proxies with the current REMOTE_ADDR
[ErrorHandler] Forward \Throwable
Fix toolbar load when GET params are present in "_wdt" route
* 4.3:
[Form][Validator][Intl] Fix tests
[Messenger] return empty envelopes when RetryableException occurs
[Validator] Accept underscores in the URL validator as the URL will resolve correctly
[Translation] Collect original locale in case of fallback translation
Fix toolbar load when GET params are present in "_wdt" route
* 3.4:
[Form][Validator][Intl] Fix tests
[Validator] Accept underscores in the URL validator as the URL will resolve correctly
[Translation] Collect original locale in case of fallback translation
Fix toolbar load when GET params are present in "_wdt" route
This PR was merged into the 4.4 branch.
Discussion
----------
[ErrorHandler] Forward \Throwable
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | https://github.com/symfony/symfony/issues/32605
| License | MIT
| Doc PR | -
The goal of this PR is that `ErrorHandler::handleException()` handles `\Throwable` directly and forwards it without altering it.
Commits
-------
62483ed305 [ErrorHandler] Forward \Throwable
This PR was merged into the 3.4 branch.
Discussion
----------
Fix toolbar load when GET params are present in "_wdt" route
When using a custom router that inject GET parameters, eg:
```
# services.yaml
parameters:
# Replace default url generator service
router.options.generator_base_class: Combodo\iTop\Portal\Routing\UrlGenerator
```
The path generated by the toolbar JS is HTML entity encoded which breaks the JS call (`&` becomes `&`).
| Q | A
| ------------- | ---
| Branch? | 4.4 for features / 3.4, 4.2 or 4.3 for bug fixes <!-- see below -->
| Bug fix? | yes
| New feature? | no <!-- please update src/**/CHANGELOG.md files -->
| BC breaks? | no <!-- see https://symfony.com/bc -->
| Deprecations? | no <!-- please update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| Tests pass? | yes <!-- please add some, will be required by reviewers -->
| Fixed tickets | #... <!-- #-prefixed issue number(s), if any -->
| License | MIT
| Doc PR | symfony/symfony-docs#... <!-- required for new features -->
<!--
Replace this notice by a short README for your feature/bugfix. This will help people
understand your PR and can be used as a start for the documentation.
Additionally (see https://symfony.com/roadmap):
- Bug fixes must be submitted against the lowest maintained branch where they apply
(lowest branches are regularly merged to upper ones so they get the fixes too).
- Features and deprecations must be submitted against branch 4.4.
- Legacy code removals go to the master branch.
-->
Commits
-------
5309e64949 Fix toolbar load when GET params are present in "_wdt" route
This PR was squashed before being merged into the 3.4 branch (closes#32925).
Discussion
----------
[Translation] Collect original locale in case of fallback translation
Before, it collected the fallback locale that was used to translate a key. But this information is confusing, as it does not reveal which translation key is missing in the requested language.
So I'd like to propose to track the "requested" locale instead, so that the Symfony profiler gives me the information in which locale the key is missing instead of which locale was used as a fallback.
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| BC breaks? | yes?
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
In principle, this change is a BC break, but imho also a bug. It's really confusing when the Profiler tells you that it uses a translation fallback for an ID and locale that is actually translated. Took some debugging so recognize that this fallback came from another locale. If you think it's better to target 5.0, I'll update the PR.
Commits
-------
5564e149cb [Translation] Collect original locale in case of fallback translation
* 4.4: (28 commits)
[FrameworkBundle] Fix framework bundle lock configuration not working as expected
[Validator] Add the missing translations for the Azerbaijani locale
[HttpClient] workaround bad Content-Length sent by old libcurl
[Cache] dont override native Memcached options
Fix CS
Fix exceptions (PDOException) error code type
[ErrorHandler] fix return-type patching logic
[Messenger] Added support for `from_transport` attribute on `messenger.message_handler` tag
[ErrorHandler] don't throw deprecations for return-types by default
ensure legacy event dispatcher compatibility
ensure legacy event dispatcher compatibility
Fix return type of Process::restart().
[Cache] fail gracefully when locking is not supported
[HttpKernel] compress files generated by the profiler
tweak deprecation messages and changelog
fix version in @deprecated annotation
Use VarCloner data instead of legacy array for query params
[Security] use LegacyEventDispatcherProxy
[HttpClient] fix undefined index access
[HttpClient] fix race condition when reading response with informational status
...
* 4.3:
[FrameworkBundle] Fix framework bundle lock configuration not working as expected
[Validator] Add the missing translations for the Azerbaijani locale
[HttpClient] workaround bad Content-Length sent by old libcurl
[Cache] dont override native Memcached options
Fix CS
Fix exceptions (PDOException) error code type
Fix return type of Process::restart().
[Cache] fail gracefully when locking is not supported
[HttpClient] fix race condition when reading response with informational status
Names for buttons should start with lowercase
* 3.4:
[FrameworkBundle] Fix framework bundle lock configuration not working as expected
[Validator] Add the missing translations for the Azerbaijani locale
[Cache] dont override native Memcached options
Fix return type of Process::restart().
This PR was squashed before being merged into the 3.4 branch (closes#31198).
Discussion
----------
[FrameworkBundle] Fix framework bundle lock configuration not working as expected
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #31197
| License | MIT
| Doc PR | https://github.com/symfony/symfony-docs/pull/11465 & https://github.com/symfony/symfony-docs/pull/11466
This fixes#31197 and makes the lock configuration work with installations that are not full stack ones and configurations that use xml files.
Commits
-------
c7af2df340 [FrameworkBundle] Fix framework bundle lock configuration not working as expected
This PR was merged into the 4.4 branch.
Discussion
----------
[FrameworkBundle] Sort tagged services
| Q | A
| ------------- | ---
| Branch? | 4.4 <!-- see below -->
| Bug fix? | no
| New feature? | yes <!-- please update src/**/CHANGELOG.md files -->
| BC breaks? | no <!-- see https://symfony.com/bc -->
| Deprecations? | no <!-- please update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| Tests pass? | yes <!-- please add some, will be required by reviewers -->
| Fixed tickets | https://github.com/symfony/symfony/issues/32439 <!-- #-prefixed issue number(s), if any -->
| License | MIT
| Doc PR | -
Hi
This PR it's to improve DX when `debug:container` command is use with tag argument by sorting them by priority (More details in linked issue).
Currently they are sort by alphabetical order.
Commits
-------
54cef2a3a3 [FrameworkBundle] Sort tagged service by priority
* 4.4:
[Security/Http] fix typo in deprecation message
[Security] Deprecate isGranted()/decide() on more than one attribute
Fixed a minor typo in the UPGRADE to 5.0 guide
Various tweaks 3.4
Various tweaks 4.3
[Security] Make stateful firewalls turn responses private only when needed
[PhpUnit] Fix usleep mock return value
Revert \"feature #33507 [WebProfiler] Deprecated intercept_redirects in 4.4 (dorumd)\"
[TwigBundle] typo
[TwigBundle] fix test case
[Lock] use Predis\ClientInterface instead of Predis\Client
Allow Twig 3
Minor tweaks
Fix version typo in deprecation notice
[Form][SubmitType] Add "validate" option
hint to the --parse-tags when parsing tags fails
Make legacy "wrong" RFC2047 encoding apply only to one header
This PR was merged into the 4.4 branch.
Discussion
----------
[Security] Make stateful firewalls turn responses private only when needed
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #26769 *et al.*
| License | MIT
| Doc PR | -
Replaces #28089
By taking over session usage tracking and replacing it with token usage tracking, we can prevent responses that don't actually use the token from turning responses private without changing anything to the lifecycle of security listeners. This makes the behavior much more seamless, allowing to still log the user with the monolog processor, and display it in the profiler toolbar.
This works by using two separate token storage services:
- `security.token_storage` now tracks access to the token and increments the session usage tracker when needed. This is the service that is injected in userland.
- `security.untracked_token_storage` is a raw token storage that just stores the token and is disconnected from the session. This service is injected in places where reading the session doesn't impact the generated output in any way (as e.g. in Monolog processors, etc.)
Commits
-------
20df3a125c [Security] Make stateful firewalls turn responses private only when needed
* 4.4:
Re-enable previously failing PHP 7.4 test cases
[PhpUnitBridge] fix uninitialized variable
[ErrorRenderer] fix Cannot use object of type ErrorException as array exception #33631
[Twig] Add missing check
Revert "bug #33618 fix tests depending on other components' tests (xabbuh)"
install from source to include components tests
Fix undefined constant and other minor issues
[Twig] Add NotificationEmail
ensure compatibility with type resolver 0.5
Call AssertEquals with proper parameters
[DependencyInjection] Allow binding iterable and tagged services
[Twig] Fix Twig config extra keys
fix tests depending on other components' tests
Fix lint commands frozen on empty stdin
* 3.4:
Re-enable previously failing PHP 7.4 test cases
Revert "bug #33618 fix tests depending on other components' tests (xabbuh)"
install from source to include components tests
* 4.3:
ensure compatibility with type resolver 0.5
Call AssertEquals with proper parameters
[Twig] Fix Twig config extra keys
fix tests depending on other components' tests
* 3.4:
ensure compatibility with type resolver 0.5
Call AssertEquals with proper parameters
[Twig] Fix Twig config extra keys
fix tests depending on other components' tests
This PR was merged into the 4.4 branch.
Discussion
----------
[Twig] Add NotificationEmail
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | no
| New feature? | yes
| Deprecations? | no
| Tickets | n/a
| License | MIT
| Doc PR | -
This PR is an extract of the new Notifier component. It's a default template to send standardized emails with the Mailer component, which can be used independently of the Notifier component.
Such emails look like the following:
<img width="618" alt="image" src="https://user-images.githubusercontent.com/47313/65018883-694cb780-d92a-11e9-940a-875ea68f9e5d.png">
More info on SpeakerDeck (be warned that names have change since my presentation): https://speakerdeck.com/fabpot/symfony-notifier?slide=7
It requires Twig 1.12 which should be released later this week.
Usage example:
```php
$email = (new NotificationEmail())
->from('fabien@example.com')
->to('fabien@example.org')
->subject('My first notification email via Symfony')
->markdown(<<<EOF
There is a **problem** on your website, you should investigate it right now.
Or just wait, the problem might solves itself automatically, we never know.
EOF
)
->action('More info?', 'https://example.com/')
->importance('high')
//->exception(new \LogicException('That does not work at all...'))
;
```
Instead of `markdown()`, you can also use `content()` for simple emails.
Note that you can use Inky tags in the content:
```php
$email = (new NotificationEmail())
->from('fabien@example.com')
->to('fabien@example.org')
->subject('My first notification email via Symfony')
->markdown(<<<EOF
There is a **problem** on your website, you should investigate it right now.
Or just wait, the problem might solves itself automatically, we never know.
Some Title
==========
<center>
<button href="https://example.com/">Go?</button>
</center>
EOF
);
```
There is also the concept of a theme. By default, it uses the `default` theme, which is an alias for the `zurb_2` theme.
You can use `setTheme()` to override the theme for a given instance, or override the themes globally via the following config in `twig.yaml`:
```yaml
twig:
paths:
templates/email: email
```
Then, create `templates/email/default/notification/body.html.twig` and `templates/email/default/notification/body.txt.twig`. Extends the existing template via `{% extends "@!email/default/notification/body.html.twig" %}` (note the `!`).
Commits
-------
f6c6cf7dc9 [Twig] Add NotificationEmail
This PR was merged into the 3.4 branch.
Discussion
----------
fix tests depending on other components' tests
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| Tickets |
| License | MIT
| Doc PR |
Commits
-------
cd2f3a6056 fix tests depending on other components' tests
This PR was merged into the 4.4 branch.
Discussion
----------
Fix lint commands frozen on empty stdin
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
Running e.g. `lint:yaml -` with no piped content makes the command hangs currently, this makes it fail instead. Also fixes the command help which we forgot to update
Commits
-------
b60e0c1454 Fix lint commands frozen on empty stdin
* 4.3:
[Twig] Remove dead code
Add gitignore file for Symfony 4.3
Add gitignore file for Symfony 3.4
[Inflector] Add .gitignore file
[Messenger] Fix exception message of failed message is dropped on retry
Add default value for Accept header
[HttpClient] Add .gitignore file
[Finder] Adjust regex to correctly match comments in gitignore contents
[Security] Removed unused argument in Test
[Console] Get dimensions from stty on windows if possible
[Inflector] add support 'see' to 'ee' for singularize 'fees' to 'fee'
* 3.4:
[Twig] Remove dead code
Add gitignore file for Symfony 3.4
[Inflector] Add .gitignore file
[Security] Removed unused argument in Test
[Console] Get dimensions from stty on windows if possible
[Inflector] add support 'see' to 'ee' for singularize 'fees' to 'fee'
This PR was merged into the 4.4 branch.
Discussion
----------
[WebProfilerBundle] Clean time.js
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | -
The `classnames` property was removed in https://github.com/symfony/symfony/pull/33535.
Commits
-------
997ca70385 [WebProfilerBundle] Clean time.js
This PR was merged into the 4.4 branch.
Discussion
----------
Adding .gitattributes to remove Tests directory from "dist"
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | no
| New feature? | yes
| Deprecations? | no?
| Tickets |
| License | MIT
| Doc PR |
This is a controversial topic that have been mentioned before. We recently had some discussions on Slack about it and the community not in an agreement. This was asked back in 2014 already.
Im making this PR again, because I think this will help more people than it hurts to keep the tests in the "dist" version.
### Reasons for keeping the tests with the source
* You can look at the tests to understand how the code works
* It is convenient
In the past there were an argument of people might depend on Symfony's classes in Tests. That is no longer the case since we moved reusable classes from Tests to Test.
### Reasons for removing them (merging this PR)
* There should be difference between `composer update --prefer-source` and `composer update --prefer-dist`
* Smaller packages when deploying with Docker or on Serverless.
* Static analysis tools will not complain on PHP syntax errors in our tests ([example](https://github.com/symfony/symfony/blob/4.4/src/Symfony/Component/DependencyInjection/Tests/Fixtures/xml/xml_with_wrong_ext.php))
## How to decide?
Merging this PR or not is tricky because no side has a solid technical argument. It is basically just personal preference. Please give this PR a 👍 or 👎 if you want to give your opinion.
## Other PRs and issues related to this:
Add .gitattributes file (https://github.com/symfony/symfony/pull/29277)
Added .gitattributes files to root and all components (https://github.com/symfony/symfony/pull/26472)
Exclude non-essential files from Composer package (https://github.com/symfony/symfony/issues/25414)
[HttpFoundation] optimize files for distribution (https://github.com/symfony/symfony/pull/24427)
Add .gitattributes files (https://github.com/symfony/symfony/pull/23926)
[Suggestion] Adding .gitattributes to ignore unnecessary folders and files for production env (https://github.com/symfony/symfony/issues/20057)
Add lightweight and root only .gitattributes (https://github.com/symfony/symfony/pull/18004)
Add .gitattributes to exclude tests from ZIPs (https://github.com/symfony/symfony/pull/17995)
[RFC] Move tests out of the source and source out of the tests (https://github.com/symfony/symfony/issues/17749)
Removal of development & testing files using .gitattributes (https://github.com/symfony/symfony/issues/16174)
Please add .gitattributes files and fix line endings (https://github.com/symfony/symfony/issues/13521)
making use of .gitattributes (https://github.com/symfony/symfony/issues/11810)
## Workarounds
There are workarounds for both sides. Example:
### Workaround if merged
* `composer update --prefer-source`
### Workaround if closed
* `find vendor/symfony -name "Tests" -type d -exec rm -r "{}" \;`
* https://github.com/editorconfig/editorconfig/issues/228
* https://github.com/dg/composer-cleaner
Commits
-------
ac7dc24bcb Adding .gitattributes to remove Tests directory from "dist"
* 4.4:
[Mailer] Fix SmtpEnvelope renaming to Envelope
fixed "link" to Contracts packages
[WebProfilerBundle] Fix time panel legend buttons
Some styling tweaks
Fixed cache pools affecting each other due to an overwritten seed variable
don't change state in case of exception
properly catch legacy tag syntax usages
minor tweaks to the welcome page
* 4.3:
fixed "link" to Contracts packages
[WebProfilerBundle] Fix time panel legend buttons
Fixed cache pools affecting each other due to an overwritten seed variable
properly catch legacy tag syntax usages
* 4.4:
[Mailer] Rename an exception class
[Workflow] Use a better exception message when many workflow are found
use debug.file_link_formatter service when possible
This PR was merged into the 4.4 branch.
Discussion
----------
[FrameworkBundle][ErrorRenderer] Use FileLinkFormatter service when possible
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | -
Consistent the way TwigBundle defines the `Symfony\Bridge\Twig\Extension\CodeExtension` service:
789448b65c/src/Symfony/Bundle/TwigBundle/Resources/config/twig.xml (L88)
Commits
-------
d4a6867 use debug.file_link_formatter service when possible
* 4.4:
Re-enable push support for HttpClient
[DependencyInjection] Accept existing interfaces as valid named args
Fixed incompatibility between ServiceSubscriberTrait and classes with protected $container property
[Cache] Added reserved characters constant for CacheItem
[DI] cascade preloading only to public parameters/properties
Move Anonymous config to a SecurityFactory
This PR was merged into the 4.4 branch.
Discussion
----------
[SecurityBundle] Move Anonymous DI integration to new AnonymousFactory
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | n/a
For some reason, all security authentication providers/listeners have a `SecurityFactory` that adds configuration and registers the necessary services, except from anonymous security. I'm not sure why that has not been done. The only thing I can think of is making sure it is added to the end.
I've added a new "internal" factory position, to make sure it is always the last registered provider and moved everything to a new `AnonymousFactory`.
Nothing changes on the usage side, but it makes internal code a bit easier to understand and makes sure we don't break anything while refactoring the `SecurityExtension` in the future.
Commits
-------
0da2761c15 Move Anonymous config to a SecurityFactory
* 4.4:
Update GitHub PR template
[DI] fix related to preloading
[HttpKernel] fix compat with legacy DebugClassLoader
[WebProfilerBundle] Assign automatic colors to custom Stopwatch categories
[DI] use dirname() when possible
Simplify usage of dirname()
Remove Google references when not needed
Simplify usage of dirname()
don't dump a scalar tag value on its own line
Remove Google references when not needed
[DI] fix Preloader
[HttpClient] fix calling the buffer-enabling callback
[HttpClient] fix php notice on push
do not perform string operations on null
Require exact match when reading from stdin with a dash
* 4.4: (21 commits)
[appveyor] exclude tty group
[HttpFoundation] Add types to private/final/internal methods and constructors.
Add types to private/final/internal methods and constructors.
SCA: minor code tweaks
Tweak output
[FrameworkBundle] Added --sort option for TranslationUpdateCommand
[HttpClient] fallbackto CURLMOPT_MAXCONNECTS when CURLMOPT_MAX_HOST_CONNECTIONS is not available
[DI] generate preload.php file for PHP 7.4 in cache folder
Allow version 2 of the contracts package.
[Serializer] Allow multi-dimenstion object array in AbstractObjectNormalizer
fixed typo
[HttpKernel] Fix Apache mod_expires Session Cache-Control issue
deprecated not passing dash symbol (-) to STDIN commands
[VarDumper] display ellipsed FQCN for nested classes
[VarDumper] Display fully qualified title
[Mailer] Change the syntax for DSNs using failover or roundrobin
Removed workaround introduced in 4.3
[Console] Added support for definition list
[OptionsResolver] Display full nested options hierarchy in exceptions
New welcome page
...
* 4.4:
[Debug] disable new DebugClassLoader when testing the legacy one
- updated AbstractToken to compare Roles - Updated isEqualTo method to match roles as default User implements EquatableInterface - added test case - bumped symfony/security-core to 4.4
typos bis
typos
Fix more bad tests
Fix test fixtures with deprecated method signatures.
Fix 4.3 tests forward compat
[Messenger] fix empty amqp body returned as false
[Mailer] Added messenger to dev dependencies.
[Validator] Update "suggest" section in composer.json.
Fix routing cache broken when using generator_class
This PR was merged into the 4.4 branch.
Discussion
----------
[Debug] disable new DebugClassLoader when testing the legacy one
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
Commits
-------
25a683bbeb [Debug] disable new DebugClassLoader when testing the legacy one
* 4.3:
Fix more bad tests
Fix test fixtures with deprecated method signatures.
Fix 4.3 tests forward compat
[Messenger] fix empty amqp body returned as false
Fix routing cache broken when using generator_class
This PR was merged into the 4.3 branch.
Discussion
----------
Fix test fixtures with deprecated method signatures
| Q | A
| ------------- | ---
| Branch? | 4.3
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #33483 (partly)
| License | MIT
| Doc PR | N/A
This PR upgrades two fixtures that implemented deprecated method signatures. As far as I can tell, they are used in tests that do not specifically test legacy behavior, so the fixtures should be up to date. Currently, these fixtures cause failing tests on the 4.4 branch.
Commits
-------
cc3e3d54ea Fix more bad tests
592aacff6f Fix test fixtures with deprecated method signatures.
* 4.4:
[Validator] Deprecated CacheInterface in favor of PSR-6.
Fix wrong namespace
[Mailer] Fix typo
[Mailer] Fix an error message
maintain sender/recipient name in SMTP envelopes
[Mailer] Improve an exception when trying to send a RawMessage without an Envelope
Fix#32148 TransportException was not thrown
Add ErrorController to preview and render errors
This PR was merged into the 4.4 branch.
Discussion
----------
Added new ErrorController + Preview and enabling there the error renderer mechanism
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | yes
| Tests pass? | yes (deps=high failure is normal)
| Fixed tickets | -
| License | MIT
| Doc PR | TODO
After deprecating the `ExceptionController` in TwigBundle (refs https://github.com/symfony/symfony/pull/31398) the `twig.exception_controller` config key becomes useless as feature provided by TwigBundle, while the preview controller is taking more relevance for the error renderer mechanish.
**Proposal**
* Deprecate the `twig.exception_controller` config key in favor of `framework.error_controller` with default `ErrorController` that activates the error renderer mechanism through the current `ExceptionListener`, meaning also that `DebugHandlersListener::onKernelException` method becomes useless too.
* Deprecate the `PreviewErrorController` from TwigBundle in favor of similar in FrameworkBundle.
So you no longer need to install TwigBundle to create a custom error controller or check the preview output of an error renderer (included `TwigHtmlErrorRenderer`).
Btw this would fix https://github.com/symfony/symfony/pull/31398#issuecomment-490081769, removing here workaround in SecurityBundle.
TODO:
- [x] Update CHANGELOG & UPGRADE files
- [x] Add tests
WDYT?
Commits
-------
b79532ab0e Add ErrorController to preview and render errors
* 4.4:
[Bridge/PhpUnit] fix looking for composer
cs fix
[Mailer] fixed Mailgun support when a response is not JSON as expected
[4.3] Cleanup tests
Cleanup tests
[Finder] Prevent unintentional file locks in Windows
[FrameworkBundle] Fix about command not showing .env vars
[DomCrawler] Fix FileFormField PHPDoc
[Mailer] Remove the default dispatcher in AbstractTransport
Fix#33395 PHP 5.3 compatibility
This PR was merged into the 4.4 branch.
Discussion
----------
[Mailer] Add support for multiple mailers
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no <!-- please update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| Tests pass? | yes <!-- please add some, will be required by reviewers -->
| Fixed tickets | closes#32535
| License | MIT
| Doc PR | -
This adds the possibility to define several email transports.
If you only have one email transport, nothing changes:
```yaml
framework:
mailer:
dsn: '%env(MAILER_DSN)%'
```
But if you need more than one, use the `transports` entry instead:
```yaml
framework:
mailer:
transports:
main: '%env(MAILER_DSN)%'
important: '%env(MAILER_DSN_IMPORTANT)%'
```
Then, when sending an email via the `Mailer`, pass the mailer name explicitly (by default, the first one is used):
```php
// use the first "main" transport
$mailer->send($email);
// or use the "important" one (`null` is the envelope)
$mailer->send($email, null, 'important');
```
The web profiler now displays the name and the shorten DSN.
Commits
-------
de5fae4dd8 [Mailer] Add support for multiple mailers
* 4.4:
Revert "bug #31620 [FrameworkBundle] Inform the user when save_path will be ignored (gnat42)"
[Form][PropertyPathMapper] Avoid extra call to get config
[HttpKernel] remove unused fixtures
* 4.3:
Revert "bug #31620 [FrameworkBundle] Inform the user when save_path will be ignored (gnat42)"
[Form][PropertyPathMapper] Avoid extra call to get config
[HttpKernel] remove unused fixtures
* 3.4:
Revert "bug #31620 [FrameworkBundle] Inform the user when save_path will be ignored (gnat42)"
[Form][PropertyPathMapper] Avoid extra call to get config