This PR was merged into the 3.3 branch.
Discussion
----------
[Serializer] Unset attributes when creating child context
| Q | A
| ------------- | ---
| Branch? | 3.3
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
In some cases, the `attributes` key isn't overrode when creating the context passed to nested normalizers.
It's definitely a bug, but an attacker cannot access to non public data (ignored attributes are checked before the `attributes` key). However some data that must be public may be missing as highlighted by the test.
I've introduced the initial bug here: https://github.com/symfony/symfony/pull/18834
Commits
-------
4ff9d99f23 [Serializer] Unset attributes when creating child context
This PR was merged into the 3.3 branch.
Discussion
----------
[DependencyInjection] Prevent a loop in aliases within the `findDefinition` method
| Q | A
| ------------- | ---
| Branch? | 3.3
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #25338
| License | MIT
| Doc PR | ø
This prevents an infinite loop going when aliases reference themselves. This is based on 3.3 as the "normalized ID" changed to allow non-lowercase names. Fixing this in 2.7 would mean a merge conflict that IMO is not worth it.
Commits
-------
22f35239a4 Prevent a loop in aliases within the `findDefinition` method
This PR was submitted for the master branch but it was squashed and merged into the 3.3 branch instead (closes#25304).
Discussion
----------
[Bridge/PhpUnit] Prefer $_SERVER['argv'] over $argv
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
This makes the script usable even if it is wrapped into another script, which is what some IDEs like PHPStorm do.
Commits
-------
1ff22e6acc [Bridge/PhpUnit] Prefer ['argv'] over
This PR was merged into the 3.3 branch.
Discussion
----------
[FrameworkBundle] Fix a bug where a color tag will be shown when passing an antislash
| Q | A
| ------------- | ---
| Branch? | 3.3
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #25193
| License | MIT
| Doc PR | none
You can see in the [reproducer](e6509ffcb4) when running `bin/console debug:container` that there an error in the ouput (like in the issue) when using a class with `\` in the service name.
This PR fix this wrong output. (even if that feels more developer thingy when there are xml everywhere ;)
Commits
-------
890edf7c38 [FrameworkBundle] Fix a bug where a color tag will be shown when passing an antislash
This PR was merged into the 2.7 branch.
Discussion
----------
Fix for missing whitespace control modifier in form layout
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #25252
| License | MIT
| Doc PR | -
That single missing whitespace control modifier results in e.g. new line in `data-prototype` attribute when using CollectionType field type in form.
Commits
-------
369075a282 Fix for missing whitespace control modifier in form layout
This PR was merged into the 3.3 branch.
Discussion
----------
[WebProfiler] Disallow viewing dot-files in Profiler
| Q | A
| ------------- | ---
| Branch? | 3.3
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| License | MIT
The file viewer in the profiler should not open files that were specifically intended to be hidden, like specifically .env files, but similarly files like .htaccess that might expose server configuration knowledge.
Added tests validating both the new and old behavior.
Commits
-------
6a2f518e74 Disallow viewing dot-files in Profiler
This PR was merged into the 3.3 branch.
Discussion
----------
[Form][TwigBridge] Fix collision between view properties and form fields
| Q | A
| ------------- | ---
| Branch? | 3.3
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
Require https://github.com/symfony/symfony/pull/25236 merged in 3.3
Commits
-------
888b48a89c Fix collision between view properties and form fields
The file viewer in the profiler should not open files that were meant
to be hidden, like specifically .env files, but similarly files like
.htaccess that might expose server configuration knowledge.
* 2.8:
[FrameworkBundle] Fix visibility of a test helper
[link] clear the cache after linking
[link] Prevent warnings when running link with 2.7
[Validator] ExpressionValidator should use OBJECT_TO_STRING to allow value in message
* 2.7:
[FrameworkBundle] Fix visibility of a test helper
[link] clear the cache after linking
[link] Prevent warnings when running link with 2.7
[Validator] ExpressionValidator should use OBJECT_TO_STRING to allow value in message
This PR was merged into the 3.3 branch.
Discussion
----------
[Yaml] do not eagerly filter comment lines
| Q | A
| ------------- | ---
| Branch? | 3.3
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
Trying to be clever by filtering commented lines inside
`getNextEmbedBlock()` does not work as expected. The `#` may as well be
part of a multi-line quoted string where it must not be treated as the
beginning of a comment. Thus, we only must ensure that a comment-like
line does not skip the process of getting the next line of the embed
block.
Commits
-------
d594038 do not eagerly filter comment lines
This PR was merged into the 3.3 branch.
Discussion
----------
Fail as early and noisily as possible
| Q | A
| ------------- | ---
| Branch? | 3.3
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n / a
| License | MIT
An alternative would be to use a custom error handler
Commits
-------
3bdeda0 Fail as early and noisily as possible
Today, I tried using SYMFONY_PHPUNIT_VERSION=6 because I don't really
care about the minor version. I got lots of warnings, followed by
hard-to-understand error messages. This will silence the first warning
and will throw an exception instead.
This PR was merged into the 2.7 branch.
Discussion
----------
[FrameworkBundle] Fix visibility of a test helper
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | no
| New feature? | no <!-- don't forget to update src/**/CHANGELOG.md files -->
| BC breaks? | no
| Deprecations? | no <!-- don't forget to update UPGRADE-*.md files -->
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
Commits
-------
23b5758198 [FrameworkBundle] Fix visibility of a test helper
This PR was squashed before being merged into the 2.7 branch (closes#25257).
Discussion
----------
[link] clear the cache after linking
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no <!-- don't forget to update src/**/CHANGELOG.md files -->
| BC breaks? | no
| Deprecations? | no <!-- don't forget to update UPGRADE-*.md files -->
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
Clearing the cache after linking prevents fatal errors when a container already exists.
Commits
-------
05c3c81a20 [link] clear the cache after linking
This PR was merged into the 2.7 branch.
Discussion
----------
[link] Prevent warnings when running link with 2.7
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no <!-- don't forget to update src/**/CHANGELOG.md files -->
| BC breaks? | no
| Deprecations? | no <!-- don't forget to update UPGRADE-*.md files -->
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
Prevent warnings when linking from 2.7 because some directories (like the Bridge/Propel1) don't contain `composer.json` files.
Commits
-------
3e7780cb90 [link] Prevent warnings when running link with 2.7
This PR was merged into the 2.7 branch.
Discussion
----------
[Validator] ExpressionValidator should use OBJECT_TO_STRING
…value in message
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #24595
| License | MIT
| Doc PR | Will do.
Commits
-------
7dac528a86 [Validator] ExpressionValidator should use OBJECT_TO_STRING to allow value in message