This PR was merged into the 4.2-dev branch.
Discussion
----------
[HttpFoundation] make cookies auto-secure when passing them $secure=null + plan to make it and samesite=lax the defaults in 5.0
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | yes
| Tests pass? | yes
| Fixed tickets | #26731
| License | MIT
| Doc PR | -
By creating Cookie instances using `null` for the `$secure` argument, this PR allows making cookies inherit their "secure" attribute from the request.
This PR also adds a forward to make $secure=null and samesite=lax the defaults in Symfony 5.0:
- either define all constructor's arguments explicitly
- or use the new `Cookie::create()` factory
Commits
-------
9493cfd5f2 [HttpFoundation] make cookies auto-secure when passing them $secure=null + plan to make it and samesite=lax the defaults in 5.0
* 4.1:
Fix CS
Allow reuse of Session between requests
[MonologBridge] Re-add option option to ignore empty context and extra data
[Lock] remove useless code
[PhpUnitBridge] fix disabling DeprecationErrorHandler using phpunit.xml file
Provide debug_backtrace with proper args
[DI] fix infinite loop involving self-references in decorated services
forward false label option to nested types
[DI] fix dumping lazy services
forward the invalid_message option in date types
* 3.4:
Fix CS
Allow reuse of Session between requests
[MonologBridge] Re-add option option to ignore empty context and extra data
[Lock] remove useless code
[PhpUnitBridge] fix disabling DeprecationErrorHandler using phpunit.xml file
Provide debug_backtrace with proper args
[DI] fix infinite loop involving self-references in decorated services
forward false label option to nested types
forward the invalid_message option in date types
* 2.8:
Fix CS
Allow reuse of Session between requests
Provide debug_backtrace with proper args
forward false label option to nested types
forward the invalid_message option in date types
Uses `session.cookie_samesite` for PHP >= 7.3. For PHP < 7.3 it first
does a session_start(), find the emitted header, changes it, and emits
it again with the value for SameSite added.
* 4.1:
bumped Symfony version to 2.8.46
updated VERSION for 2.8.45
update CONTRIBUTORS for 2.8.45
updated CHANGELOG for 2.8.45
[PhpUnitBridge] keep compat with composer 1.0
Instantiate $offset and $maxlen at definition
[Cache] minor code update to leverage PHP 7.1
* 3.4:
bumped Symfony version to 2.8.46
updated VERSION for 2.8.45
update CONTRIBUTORS for 2.8.45
updated CHANGELOG for 2.8.45
[PhpUnitBridge] keep compat with composer 1.0
Instantiate $offset and $maxlen at definition
* 2.8:
bumped Symfony version to 2.8.46
updated VERSION for 2.8.45
update CONTRIBUTORS for 2.8.45
updated CHANGELOG for 2.8.45
Instantiate $offset and $maxlen at definition
This PR was merged into the 2.8 branch.
Discussion
----------
[HttpFoundation] Fix unprepared BinaryFileResponse sends empty file
| Q | A
| ------------- | ---
| Branch? | 2.8
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes, with the exception of preexisting, unrelated failures
| Fixed tickets | #28237
| License | MIT
| Doc PR |
When you call `BinaryFileResponse#sendContent()` without first calling `prepare()` the response is sent but the contents are empty. `prepare()` properly initializes the `$maxlen` and `$offset` properties. However, `sendContent()` doesn't do any sanity checking, and so, uses the uninitialized properties. This causes `stream_copy_to_stream()` to copy empty contents and the file that is sent, to contain nothing.
This change initializes the properties at definition instead of in `prepare()`.
> Additionally:
> - Bug fixes must be submitted against the lowest branch where they apply
~I'm not sure how early this bug exists, or how far back to go. I'll check to see if 2.7 and 2.8 are affected and report back.~
Commits
-------
dba8687a5d Instantiate $offset and $maxlen at definition
* 4.1:
[HttpFoundation] fix false-positive ConflictingHeadersException
[DI] Fix false-positive circular ref leading to wrong exceptions or infinite loops at runtime
* 3.4:
[HttpFoundation] fix false-positive ConflictingHeadersException
[DI] Fix false-positive circular ref leading to wrong exceptions or infinite loops at runtime
* 4.1:
[travis] fix CI for sigchild+Process
fix merge
[travis] merge "same Symfony version" jobs in one
fix merge
🐛 Fix typo
Remove the Expires header when calling Response::expire()
Allow multidimensional collection in property info
Allow multidimensional collection in property info
* 3.4:
[travis] fix CI for sigchild+Process
fix merge
[travis] merge "same Symfony version" jobs in one
fix merge
Remove the Expires header when calling Response::expire()
Allow multidimensional collection in property info
Allow multidimensional collection in property info
This PR was merged into the 2.8 branch.
Discussion
----------
Remove the Expires header when calling Response::expire()
| Q | A
| ------------- | ---
| Branch? | 2.8
| Bug fix? | yes
| New feature? | no <!-- don't forget to update src/**/CHANGELOG.md files -->
| BC breaks? | no <!-- see https://symfony.com/bc -->
| Deprecations? | no <!-- don't forget to update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| Tests pass? | yes <!-- please add some, will be required by reviewers -->
| Fixed tickets | #13341 <!-- #-prefixed issue number(s), if any -->
| License | MIT
| Doc PR | -
Commits
-------
ac0cd15402 Remove the Expires header when calling Response::expire()
This PR was merged into the 2.8 branch.
Discussion
----------
[HttpFoundation] Remove support for legacy and risky HTTP headers
| Q | A
| ------------- | ---
| Branch? | 2.8
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
Commits
-------
e447e8b921 [HttpFoundation] Remove support for legacy and risky HTTP headers
* 4.1:
[HttpKernel] Fixed invalid REMOTE_ADDR in inline subrequest when configuring trusted proxy with subnet
[FrameworkBundle] fixed guard event names for transitions
[DI] Improve class named servics error message
remove unnecessary instanceof in MongoDbSessionHandler
[HttpFoundation] fixed using _method parameter with invalid type
Renaming internal test class to help auto-completion
[Intl] Replace svn with git in the icu data update script
[Messenger] Fix error message on undefined message class for non-subscriber handler
[HttpFoundation] Fix Cookie::isCleared
* 4.0:
[HttpKernel] Fixed invalid REMOTE_ADDR in inline subrequest when configuring trusted proxy with subnet
[FrameworkBundle] fixed guard event names for transitions
[DI] Improve class named servics error message
[HttpFoundation] fixed using _method parameter with invalid type
[Intl] Replace svn with git in the icu data update script
[HttpFoundation] Fix Cookie::isCleared
* 3.4:
[HttpKernel] Fixed invalid REMOTE_ADDR in inline subrequest when configuring trusted proxy with subnet
[FrameworkBundle] fixed guard event names for transitions
[DI] Improve class named servics error message
[HttpFoundation] fixed using _method parameter with invalid type
[Intl] Replace svn with git in the icu data update script
[HttpFoundation] Fix Cookie::isCleared
* 2.8:
[HttpKernel] Fixed invalid REMOTE_ADDR in inline subrequest when configuring trusted proxy with subnet
[HttpFoundation] fixed using _method parameter with invalid type
[Intl] Replace svn with git in the icu data update script
[HttpFoundation] Fix Cookie::isCleared
This PR was merged into the 2.8 branch.
Discussion
----------
[HttpFoundation] Fix Cookie::isCleared
| Q | A
| ------------- | ---
| Branch? | 2.8
| Bug fix? | yes
| New feature? | no
| BC breaks? | no <!-- see https://symfony.com/bc -->
| Deprecations? | no
| Tests pass? | yes <!-- please add some, will be required by reviewers -->
| Fixed tickets | #27946
| License | MIT
| Doc PR | symfony/symfony-docs#... <!-- required for new features -->
<!--
Write a short README entry for your feature/bugfix here (replace this comment block.)
This will help people understand your PR and can be used as a start of the Doc PR.
Additionally:
- Bug fixes must be submitted against the lowest branch where they apply
(lowest branches are regularly merged to upper ones so they get the fixes too).
- Features and deprecations must be submitted against the master branch.
-->
Commits
-------
d3d7766874 [HttpFoundation] Fix Cookie::isCleared
* 4.1:
Fix Clidumper tests
Enable the fixer enforcing fully-qualified calls for compiler-optimized functions
Apply fixers
Disable the native_constant_invocation fixer until it can be scoped
Update the list of excluded files for the CS fixer
* 4.0:
Fix Clidumper tests
Enable the fixer enforcing fully-qualified calls for compiler-optimized functions
Apply fixers
Disable the native_constant_invocation fixer until it can be scoped
Update the list of excluded files for the CS fixer
* 3.4:
Fix Clidumper tests
Enable the fixer enforcing fully-qualified calls for compiler-optimized functions
Apply fixers
Disable the native_constant_invocation fixer until it can be scoped
Update the list of excluded files for the CS fixer
* 2.8:
Fix Clidumper tests
Enable the fixer enforcing fully-qualified calls for compiler-optimized functions
Apply fixers
Disable the native_constant_invocation fixer until it can be scoped
Update the list of excluded files for the CS fixer
* 4.1:
fixed typo
[FrameworkBundle] fixed brackets position in method calls
Add placeholder support in bootstrap 4 file fields
[Form] Improve rendering of `file` field in bootstrap 4
[Form] Fix PHPDoc for FormConfigBuilder $dataClass argument
[Security] Update user phpdoc on tokens
[WebProfilerBundle] Fixed icon alignment issue using Bootstrap 4.1.2
suppress side effects in 'get' or 'has' methods of NamespacedAttributeBag
[HttpFoundation] reset callback on StreamedResponse when setNotModified() is called
[HttpFoundation] Fixed phpdoc for get method of HeaderBag
fix typo in ContainerBuilder docblock
[Form/Profiler] Massively reducing memory footprint of form profiling pages by removing redundant 'form' variable from view variables.
[Console] correctly return parameter's default value on "--"
[DependencyInjection] add missing test for #27710
[EventDispatcher] Clear orphaned events on TraceableEventDispatcher::reset
Fix serialization of abstract items with groups across multiple entities
* 4.0:
fixed typo
[FrameworkBundle] fixed brackets position in method calls
[Form] Fix PHPDoc for FormConfigBuilder $dataClass argument
[Security] Update user phpdoc on tokens
[WebProfilerBundle] Fixed icon alignment issue using Bootstrap 4.1.2
suppress side effects in 'get' or 'has' methods of NamespacedAttributeBag
[HttpFoundation] reset callback on StreamedResponse when setNotModified() is called
[HttpFoundation] Fixed phpdoc for get method of HeaderBag
fix typo in ContainerBuilder docblock
[Form/Profiler] Massively reducing memory footprint of form profiling pages by removing redundant 'form' variable from view variables.
[Console] correctly return parameter's default value on "--"
* 3.4:
[FrameworkBundle] fixed brackets position in method calls
[Form] Fix PHPDoc for FormConfigBuilder $dataClass argument
[Security] Update user phpdoc on tokens
[WebProfilerBundle] Fixed icon alignment issue using Bootstrap 4.1.2
suppress side effects in 'get' or 'has' methods of NamespacedAttributeBag
[HttpFoundation] reset callback on StreamedResponse when setNotModified() is called
[HttpFoundation] Fixed phpdoc for get method of HeaderBag
fix typo in ContainerBuilder docblock
[Form/Profiler] Massively reducing memory footprint of form profiling pages by removing redundant 'form' variable from view variables.
[Console] correctly return parameter's default value on "--"
* 2.8:
[Form] Fix PHPDoc for FormConfigBuilder $dataClass argument
[Security] Update user phpdoc on tokens
[WebProfilerBundle] Fixed icon alignment issue using Bootstrap 4.1.2
suppress side effects in 'get' or 'has' methods of NamespacedAttributeBag
[HttpFoundation] reset callback on StreamedResponse when setNotModified() is called
[HttpFoundation] Fixed phpdoc for get method of HeaderBag
fix typo in ContainerBuilder docblock
This PR was merged into the 2.8 branch.
Discussion
----------
[HttpFoundation] reset callback on StreamedResponse when setNotModified() is called
| Q | A
| ------------- | ---
| Branch? | 2.8
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #27924
| License | MIT
| Doc PR | No
Commits
-------
51a49c7f78 [HttpFoundation] reset callback on StreamedResponse when setNotModified() is called
* 4.1:
[DomCrawler] Fix ChoiceFormField::select() PHPDoc
[Security] LdapUserProvider uidKey could be null
[HttpFoundation] add tests for FlashBagInterface::setAll()
Check for Hyper terminal on all operating systems.
[DI] Don't show internal service id on binding errors
Fix a bug when having more than one named handler per message subscriber
Prevent toolbar links color override by css
add conflict for non-compatible TwigBridge version
* 4.0:
[DomCrawler] Fix ChoiceFormField::select() PHPDoc
[Security] LdapUserProvider uidKey could be null
[HttpFoundation] add tests for FlashBagInterface::setAll()
Check for Hyper terminal on all operating systems.
[DI] Don't show internal service id on binding errors
Prevent toolbar links color override by css
* 3.4:
[DomCrawler] Fix ChoiceFormField::select() PHPDoc
[HttpFoundation] add tests for FlashBagInterface::setAll()
Check for Hyper terminal on all operating systems.
[DI] Don't show internal service id on binding errors
Prevent toolbar links color override by css
* 2.8:
[DomCrawler] Fix ChoiceFormField::select() PHPDoc
[HttpFoundation] add tests for FlashBagInterface::setAll()
Check for Hyper terminal on all operating systems.
Prevent toolbar links color override by css
* 4.1:
[HttpFoundation] update phpdoc of FlashBagInterface::add()
[ProxyManagerBridge] Fix support of private services (bis)
bug #27701 [SecurityBundle] Dont throw if "security.http_utils" is not found (nicolas-grekas)
[Form] relax fixtures for forward compat
[Validator] Fix the namespace of RegexTest
[Lock] fix locale dependent test case
* 4.0:
[HttpFoundation] update phpdoc of FlashBagInterface::add()
[ProxyManagerBridge] Fix support of private services (bis)
bug #27701 [SecurityBundle] Dont throw if "security.http_utils" is not found (nicolas-grekas)
[Form] relax fixtures for forward compat
[Validator] Fix the namespace of RegexTest
[Lock] fix locale dependent test case
* 3.4:
[HttpFoundation] update phpdoc of FlashBagInterface::add()
[ProxyManagerBridge] Fix support of private services (bis)
bug #27701 [SecurityBundle] Dont throw if "security.http_utils" is not found (nicolas-grekas)
[Form] relax fixtures for forward compat
[Validator] Fix the namespace of RegexTest
[Lock] fix locale dependent test case
* 2.8:
[HttpFoundation] update phpdoc of FlashBagInterface::add()
bug #27701 [SecurityBundle] Dont throw if "security.http_utils" is not found (nicolas-grekas)
[Validator] Fix the namespace of RegexTest
This PR was squashed before being merged into the 2.8 branch (closes#27765).
Discussion
----------
[HttpFoundation] update phpdoc of FlashBagInterface::add()
| Q | A
| ------------- | ---
| Branch? | 2.8
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
**Reason why I propose to change the docblock like this: **
The `FlashBagInterface::add()` function does not work only with the `string` type in second parameter
Commits
-------
9135e18ded [HttpFoundation] update phpdoc of FlashBagInterface::add()
* 4.1:
[Routing] Disallow object usage inside Route
[HttpFoundation] missing namespace for RedisProxy
[Routing] fix too much greediness in host-matching regex
[HttpFoundation] fix registration of session proxies
failing test to reproduce session problem
[HttpFoundation] fix session tracking counter
* 2.8:
[HttpKernel] fix test compat with PHP 5.3
fix file lock on SunOS
change `evaluate()` docblock return type from string to mixed
Set serialize_precision explicitly to avoid fancy float rounding
* 4.0:
[HttpKernel] Fix restoring trusted proxies in tests
Update UPGRADE-4.0.md
CODEOWNERS: some more rules
removed unneeded comments in tests
removed unneeded comments in tests
Change PHPDoc in ResponseHeaderBag::getCookies() to help IDEs
[HttpKernel] fix registering IDE links
[HttpKernel] Set first trusted proxy as REMOTE_ADDR in InlineFragmentRenderer.
[Process] Consider \"executable\" suffixes first on Windows
Triggering RememberMe's loginFail() when token cannot be created
[Serializer] Fix serializer tries to denormalize null values on nullable properties
[FrameworkBundle] Change priority of AddConsoleCommandPass to TYPE_BEFORE_REMOVING
* 3.4:
[HttpKernel] Fix restoring trusted proxies in tests
Update UPGRADE-4.0.md
CODEOWNERS: some more rules
removed unneeded comments in tests
removed unneeded comments in tests
Change PHPDoc in ResponseHeaderBag::getCookies() to help IDEs
[HttpKernel] fix registering IDE links
[HttpKernel] Set first trusted proxy as REMOTE_ADDR in InlineFragmentRenderer.
[Process] Consider \"executable\" suffixes first on Windows
Triggering RememberMe's loginFail() when token cannot be created
[Serializer] Fix serializer tries to denormalize null values on nullable properties
[FrameworkBundle] Change priority of AddConsoleCommandPass to TYPE_BEFORE_REMOVING
* 4.0:
[HttpKernel] reset kernel start time on reboot
Add code of Conduct links in our README
bumped Symfony version to 4.0.12
[DI] never inline lazy services
updated VERSION for 4.0.11
updated CHANGELOG for 4.0.11
bumped Symfony version to 3.4.12
updated VERSION for 3.4.11
updated CHANGELOG for 3.4.11
Default testsuite to latest PHPUnit 6.*
[Github] Update the pull-request template
bumped Symfony version to 2.8.42
updated VERSION for 2.8.41
updated CHANGELOG for 2.8.41
[HttpFoundation] Fix cookie test with xdebug
[Serializer] Check the value of enable_max_depth if defined
[DI] remove dead code
[PhpUnitBridge] silence some stderr outputs
[Validator] Update sl translation
* 3.4:
[HttpKernel] reset kernel start time on reboot
Add code of Conduct links in our README
[DI] never inline lazy services
bumped Symfony version to 3.4.12
updated VERSION for 3.4.11
updated CHANGELOG for 3.4.11
Default testsuite to latest PHPUnit 6.*
[Github] Update the pull-request template
bumped Symfony version to 2.8.42
updated VERSION for 2.8.41
updated CHANGELOG for 2.8.41
[HttpFoundation] Fix cookie test with xdebug
[Serializer] Check the value of enable_max_depth if defined
[DI] remove dead code
[PhpUnitBridge] silence some stderr outputs
[Validator] Update sl translation
* 4.0:
use brace-style regex delimiters
Fixed typo RecursiveIterator -> RecursiveIteratorIterator
[Cache] fix logic for fetching tag versions on TagAwareAdapter
[FrameworkBundle] Remove dead code
[FrameworkBundle] Use the correct service id for CachePoolPruneCommand in its compiler pass
Hide short exception trace by default
[Doctrine Bridge] fix priority for doctrine event listeners
[Validator] make phpdoc of ObjectInitializerInterface interface more accurate
[Validator] fixes phpdoc reference to an interface that was removed in Symfony 3.0
* 3.4:
use brace-style regex delimiters
Fixed typo RecursiveIterator -> RecursiveIteratorIterator
[Cache] fix logic for fetching tag versions on TagAwareAdapter
[FrameworkBundle] Use the correct service id for CachePoolPruneCommand in its compiler pass
Hide short exception trace by default
[Doctrine Bridge] fix priority for doctrine event listeners
[Validator] make phpdoc of ObjectInitializerInterface interface more accurate
[Validator] fixes phpdoc reference to an interface that was removed in Symfony 3.0
* 2.8:
use brace-style regex delimiters
Fixed typo RecursiveIterator -> RecursiveIteratorIterator
[Validator] make phpdoc of ObjectInitializerInterface interface more accurate
