This PR was merged into the 5.1-dev branch.
Discussion
----------
[Validator] Add a constraint to sequentially validate a set of constraints
| Q | A
| ------------- | ---
| Branch? | master <!-- see below -->
| Bug fix? | no
| New feature? | yes <!-- please update src/**/CHANGELOG.md files -->
| Deprecations? | no <!-- please update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| Tickets | N/A <!-- prefix each issue number with "Fix #", if any -->
| License | MIT
| Doc PR | Todo
Follows https://github.com/symfony/symfony/issues/20017#issuecomment-331276007 given some feedbacks about the suggested feature.
```php
/**
* @var string
*
* @Assert\Sequentially({
* @Assert\Type("string"),
* @Assert\Length(min="4"),
* @Assert\Regex("[a-z]"),
* @SomeCustomConstraintWithHeavyExternalCalls(),
* })
*/
public $foo;
```
This new `Sequentially` constraint solves - with less power but better DX - some of the use-cases of the `GroupSequence` feature, allowing to interrupt the validation of some constraints if a previous one in the list failed before. Constraints are validated in given order, and the first violation raised will prevent other constraint validators to be executed.
It can either prevent unexpected type exceptions thrown by further constraints or heavy & unnecessary calls to a database or external services if the value to validate already doesn't match some of the basic requirements.
Commits
-------
dfd9038d28 [Validator] Add a constraint to sequentially validate a set of constraints
This PR was squashed before being merged into the 5.1-dev branch (closes#34334).
Discussion
----------
[Validator] Allow to define a reusable set of constraints
| Q | A
| ------------- | ---
| Branch? | 5.1 <!-- see below -->
| Bug fix? | no
| New feature? | yes <!-- please update src/**/CHANGELOG.md files -->
| Deprecations? | no <!-- please update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| Tickets | N/A <!-- prefix each issue number with "Fix #", if any -->
| License | MIT
| Doc PR | TODO
The goal of this feature is to simplify writing a set of validation constraints to be reused consistently across the application. Which is especially useful with DTOs, as a same set of constraints can be used in different places.
For instance, given multiple DTOs containing the new user password in for different use-cases (register, forgot pwd, change pwd), the same rules apply on the property. Hence with this PR, you can write a single constraint class to be reused:
```php
/**
* @Annotation
*/
class MatchesPasswordRequirements extends Compound
{
protected function getConstraints(array $options): array
{
return [
new NotBlank(),
new Type('string'),
new Length(['min' => 12]),
new NotCompromisedPassword(),
];
}
}
```
I'm open to better naming and ways to expose the options to the `Compound::getConstraints` method, so options can be forwarded to the nested constraints for most specific use-cases.
Commits
-------
8f1b0dfdb7 [Validator] Allow to define a reusable set of constraints
This PR was merged into the 4.4 branch.
Discussion
----------
[Process] throw when PhpProcess::fromShellCommandLine() is used
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | Fix#35637
| License | MIT
| Doc PR | None
Close#35638
Final PR (rebased and tests added)
Commits
-------
7f6d71c2a3 refactor(Process): fromShellCommandLine
This PR was merged into the 5.1-dev branch.
Discussion
----------
[HttpFoundation] Make dependency on Mime component optional
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| Deprecations? | no
| Tickets |
| License | MIT
| Doc PR |
Make the Mime component dependency optional
/cc @nicolas-grekas
Commits
-------
11cef32ff7 [HttpFoundation] Make dependency on Mime component optional
This PR was merged into the 4.4 branch.
Discussion
----------
[ErrorHandler] Never throw on warnings triggered by assert() and set assert.exception=1 in Debug::enable()
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | -
Because we don't use `assert()`, this is something we completely overlooked, but warnings triggered should not throw as there is already a dedicated exception mode when using `assert()`.
This turns this exception mode to 1 in debug mode and logs the assert() warnings in prod.
Commits
-------
f18ef6ca08 [ErrorHandler] Never throw on warnings triggered by assert() and set assert.exception=1 in Debug::enable()
This PR was merged into the 5.1-dev branch.
Discussion
----------
[HttpKernel] Make ErrorListener unaware of the event dispatcher
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| Tickets | N/A
| License | MIT
| Doc PR | N/A
Under certain circumstances, HttpKernel's `ErrorListener` class might dynamically register and unregister a listener with the dispatcher. If our goal is to make the dispatcher immutable, that specific behavior would be in our way. Also, #34988 would break this workflow.
This PR provides an alternative. The listener is always registered, but I'm using the request to piggyback a flag that activates/deactivates the listener.
Commits
-------
a9d1dede44 [HttpKernel] Make ErrorListener unaware of the event dispatcher.
This PR was squashed before being merged into the 4.4 branch (closes#35633).
Discussion
----------
[Mailer] Do not ping the SMTP server before sending every message
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | Fix#35515
| License | MIT
This pull request changes the SMTP transport to only ping the server if the last message was sent more than a specified number of seconds ago (instead of pinging the server before every message). By default, it will ping the server if 100 or more seconds since the last message have passed.
This should make sending emails with the SMTP transport more robust with many emails, as SMTP servers will often drop the connection if too many non-mail commands are sent (like pinging the server with NOOP commands).
Commits
-------
28178108d3 [Mailer] Do not ping the SMTP server before sending every message
This PR was merged into the 5.1-dev branch.
Discussion
----------
[YAML] Improve performance of YAML parser
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| License | MIT
Optimise various methods and conditions to use best
performing alternatives where possible. Roughly:
* Uses methods that do not copy memory, e.g. strncmp
as alternative for strpos matching beginning of string.
* Switches order of some conditions to put the cheapest
checks first in order.
* Checks input before calling trim() - despite the function
returning the same string as input, it still costs memory
and introduces unnecessary overhead.
* Extracts variables for repeated identical function calls.
* Uses negative substring offsets instead of strlen + substr.
* Replaces single-char substr usages with substring access.
Profiling method
-----------------
Profiled using a custom script which splits and parses all provided `fixture` files from the YAML component's test directory, then profiled this through Blackfire and identified frequent method calls.
Refactoring strategy
--------------------
Most important change: switching strpos to strncmp to avoid scanning a full (and potentially very long) YAML line for occurrence of a substring.
Whenever possible, I've gone for PHP methods that do not copy memory and replaced some instances of function calls which could be replaced with substring access.
In methods which are called frequently I've gone for guard clauses to prevent further processing if a YAML line is, for example, empty. Such as avoiding trim() on already empty lines.
Profiling results
----------------
A Blackfire profiling delta can be seen on https://blackfire.io/profiles/compare/90fd3005-8b9f-4534-8bd8-1e66832bf247/graph. Taken with 200 samples which render every YAML fixture from the component's test dir.
Commits
-------
7a7c9665da [YAML] Improve performance of YAML parser
Optimise various methods and conditions to use best
performing alternatives where possible. Roughly:
* Uses methods that do not copy memory, e.g. strncmp
as alternative for strpos matching beginning of string.
* Switches order of some conditions to put the cheapest
checks first in order.
* Checks input before calling trim() - despite the function
returning the same string as input, it still costs memory
and introduces unnecessary overhead.
* Extracts variables for repeated identical function calls.
* Uses negative substring offsets instead of strlen + substr.
* Replaces single-char substr usages with substring access.
* 5.0:
[FrameworkBundle] fix "samesite" in XSD
[Console] Consider STDIN interactive
Update UserPasswordEncoderCommand.php
[HttpFoundation][FrameworkBundle] fix support for samesite in session cookies
[DoctrineBridge] Fixed submitting ids with query limit or offset
* 4.4:
[FrameworkBundle] fix "samesite" in XSD
[Console] Consider STDIN interactive
Update UserPasswordEncoderCommand.php
[HttpFoundation][FrameworkBundle] fix support for samesite in session cookies
[DoctrineBridge] Fixed submitting ids with query limit or offset
* 3.4:
[FrameworkBundle] fix "samesite" in XSD
Update UserPasswordEncoderCommand.php
[HttpFoundation][FrameworkBundle] fix support for samesite in session cookies
[DoctrineBridge] Fixed submitting ids with query limit or offset
This PR was merged into the 5.1-dev branch.
Discussion
----------
[Cache] add SodiumMarshaller
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | no
| New feature? | yes
| Deprecations? | no
| Tickets |
| License | MIT
| Doc PR |
Add `SodiumMarshaller` to encrypt cache values
To use the `SodiumMarshaller` we can decorate the `cache.default_marshaller`:
```yaml
Symfony\Component\Cache\Marshaller\SodiumMarshaller:
decorates: cache.default_marshaller
arguments:
- ['%env(CACHE_DECRYPTION_KEY)%', '%env(OLD_CACHE_DECRYPTION_KEY)%']
- '@Symfony\Component\Cache\Marshaller\SodiumMarshaller.inner'
```
The first provided key is used to encrypt and decrypt cached values.
In order to allow rotating keys, more keys can be provided - they will be used only to decrypt values.
/cc @nicolas-grekas
Commits
-------
540d7eb174 [Cache] add SodiumMarshaller
This PR was submitted for the master branch but it was merged into the 4.4 branch instead.
Discussion
----------
[Console] Consider STDIN interactive
| Q | A
| ------------- | ---
| Branch? |4.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | Fix#30726, supersedes #30796
| License | MIT
| Doc PR | -
As demonstrated with `yes | bin/console foo` in #30726, original assumption made in #1699 was wrong. Then, #8452 was merged which solved bug #8079 -> this was a use case when application hangs with `--no-interaction` flag - nobody probably realized that application can be in "non-interactive" mode, without using this flag and not hang. Then, there was #14102 which was poor man's fix for problem caused by this. So already plenty issues this behaviour causes. Looks like a mess to me. Application should be considered non-interactive only when explicitly specified so (--no-interactive flag), otherwise it doesn't hang.
### What this change means?
It only changes one case: When doing `echo foo | bin/console bar`, `yes | bin/console bar`, `bin/console bar < foo`, etc. Redirecting stdout is not affected, as application in that case was considered interactive before too. With stdin, this opens possibility to control symfony/console based application by default via stdin, including via `proc_open`.
Additionally, not only it allows to control the input for questions, it also makes the question and answers to display on screen. So before, user had no idea what questions are happening and what answers (defaults) are being used.
### About a BC break
I'm not really aware of a valid use case this can break. Can you help find any?
1. Since symfony/console components were NOT interactive with stdin before, stdin couldn't be used to control them - so there this change breaks nothing, because it didn't make sense to pass stdin there instead of specifying -n flag.
1. If application uses internal logic where it relies on STDIN disregarding `Output::isInteractive` flag, this doesn't change anything for these either - they will keep using STDIN disregarding result of this flag.
1. What if application uses internal logic for stdin AND console components like QuestionHelper? To me, that doesn't make much sense, because with previous behaviour, such questions would result always into defaults. It might make sense in case application supports both modes - either stdin, or user supplied input and just use default answers with stdin. But I cannot figure out example of such use - what would be the case where application allows user to control something via stdin, but at the same time forbids them to set certain aspects (answers to questions given)?
1. What about `SHELL_INTERACTIVE` env variable? Only way to utilize it was to force enable interactive mode, but since it will be interactive now by default, it will do nothing and no behaviour changes.
1. Preventing stdin control was much bigger potential BC break. Despite that, it was disallowed in minor Symfony version. And as far as I can see, I saw no backlash.
Finally, this targets Symfony 5.0 to be extra sure anyways, so I think it's ok, but feel free to suggest documenting this in upgrade guide or changelog. I would even target 4.4, but chose 5.0 as it's easier to push through there.
Commits
-------
ef157d5b3f [Console] Consider STDIN interactive
This PR was merged into the 5.1-dev branch.
Discussion
----------
[String] Add the s() helper method
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| Deprecations? | no
| Tickets | https://github.com/symfony/symfony/pull/35578#discussion_r374512887
| License | MIT
| Doc PR | -
This method will be useful in our code base, and to anyone that doesn't really understand the differences between UnicodeString and ByteString.
Commits
-------
659cdf1871 [String] Add the s() helper method
This PR was merged into the 3.4 branch.
Discussion
----------
[HttpFoundation][FrameworkBundle] fix support for samesite in session cookies
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | Fix#35520
| License | MIT
| Doc PR | -
This PR cherry-picks #28168 on 3.4, with a rationale given by @ConneXNL in https://github.com/symfony/symfony/issues/35520#issuecomment-582296847:
> I hope I am wrong but I see the impact of not making any changes to Symfony 3.4 will have a tons of sites break if we cannot set the cookie's samesite setting (in the framework session and remember me) before Chrome pushes this update.
>
> Very soon all existing cookies are no longer going to work with cross-domains if you do not specify 'None' for the cookie_samesite. All external APIs that use cookies and are running SF 3.4 will break and devs will have no quick solution to fix their auth process.
>
> If you are using PHP 7.4, yes you can most likely use ini_set to workaround this issue.
>
> However, ini_set('cookie_samesite') does not work in PHP Version <= 7.2.
I am not even sure PHP 7.3 supports the value 'None' as php.watch/articles/PHP-Samesite-cookies says it has support for 'Lax' and 'Scrict'.
>
> This effectively means SF 3.4 on PHP 7.2 (or PHP 7.3) is no longer supported for cross domain APIs with cookies. People would have to either update PHP to 7.4 (if they even can?) or go to Symfony 4 (with a dead live site is going to be a complete disaster).
>
> Since the impact of the change that chrome is about to roll out is so fundamentally changing our way to set cookies, I consider configuring samesite configuration in the framework an absolute requirement, not a feature, especially since SF 3.4 is still supported.
>
> What am i missing?
>
> Note: SF3 HTTPFoundation already supports the new cookie settings, it's just the framework that doesn't support it.
Our BC policy embeds the promise that one should be able to keep the same app on a newest infrastructure (eg that's why supporting a PHP version is a bug fix). I think we can consider this for browsers here also. WDYT?
Commits
-------
f46e6cb8a0 [HttpFoundation][FrameworkBundle] fix support for samesite in session cookies
This PR was merged into the 3.4 branch.
Discussion
----------
[DoctrineBridge] Fixed submitting ids with query limit or offset
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no <!-- please update src/**/CHANGELOG.md files -->
| Deprecations? | no <!-- please update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| Tickets | Fix https://github.com/symfony/symfony/pull/34900#discussion_r375246113 <!-- prefix each issue number with "Fix #", if any -->
| License | MIT
| Doc PR | ~ <!-- required for new features -->
<!--
Replace this notice by a short README for your feature/bugfix. This will help people
understand your PR and can be used as a start for the documentation.
Additionally (see https://symfony.com/roadmap):
- Always add tests and ensure they pass.
- Never break backward compatibility (see https://symfony.com/bc).
- Bug fixes must be submitted against the lowest maintained branch where they apply
(lowest branches are regularly merged to upper ones so they get the fixes too.)
- Features and deprecations must be submitted against branch master.
-->
Commits
-------
9bb194098f [DoctrineBridge] Fixed submitting ids with query limit or offset
This PR was submitted for the master branch but it was merged into the 3.4 branch instead (closes#35628).
Discussion
----------
[Security] Improve info UserPasswordEncoderCommand
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| License | MIT
| Doc PR | n/a
`php bin/console security:encode-password [password] App\Entity\User`
will result in
`No encoder has been configured for account "AppEntityUser". `
If a full class path is used, it either has to be passed in as a string or has to be escaped by double slashes.
Commits
-------
3604bb7018 Update UserPasswordEncoderCommand.php
This PR was merged into the 5.1-dev branch.
Discussion
----------
[String] Remove the @experimental status
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| Tickets | https://github.com/symfony/symfony/pull/35578#discussion_r375955786
| License | MIT
| Doc PR | -
Commits
-------
3d15f91723 [String] Remove the @experimental status
This PR was merged into the 5.1-dev branch.
Discussion
----------
[OptionsResolver] Add new OptionConfigurator class to define options with fluent interface
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| Deprecations? | no
| Tickets | Fix#33735
| License | MIT
| Doc PR | https://github.com/symfony/symfony-docs/pull/12426
- [x] submit changes to the documentation
This PR adds OptionConfigurator to the OptionsResolver
Commits
-------
1ff56407e1 [OptionsResolver] Add new OptionConfigurator class to define options with fluent interface
This PR was squashed before being merged into the 5.0 branch (closes#35616).
Discussion
----------
[Workflow] Make method signature compatible with 4.4
| Q | A
| ------------- | ---
| Branch? | 5.0 <!-- see below -->
| Bug fix? | yes
| New feature? | no <!-- please update src/**/CHANGELOG.md files -->
| Deprecations? | no <!-- please update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| Tickets | Fix#35615 <!-- prefix each issue number with "Fix #", if any -->
| License | MIT
| Doc PR | symfony/symfony-docs#... <!-- required for new features -->
<!--
Replace this notice by a short README for your feature/bugfix. This will help people
understand your PR and can be used as a start for the documentation.
Additionally (see https://symfony.com/roadmap):
- Always add tests and ensure they pass.
- Never break backward compatibility (see https://symfony.com/bc).
- Bug fixes must be submitted against the lowest maintained branch where they apply
(lowest branches are regularly merged to upper ones so they get the fixes too.)
- Features and deprecations must be submitted against branch master.
-->
A method signature changed in a non-backwards-compatible way in 5.0.0 - and in only one class. This commit fixes that - and has been tested.
For full details see ticket #35615.
Commits
-------
474be9613b [Workflow] Make method signature compatible with 4.4