This PR was merged into the 3.2-dev branch.
Discussion
----------
Added a SecurityUserValueResolver for controllers
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | yes
| Tests pass? | yes
| Fixed tickets | ~
| License | MIT
| Doc PR | ~
This PR uses the new `ArgumentResolver` to inject a security user when the signature implies so. This is based on the [docs code example](https://github.com/symfony/symfony-docs/pull/6438#issuecomment-208319704) and [existing pr on the SFEB](sensiolabs/SensioFrameworkExtraBundle#327).
With the new example you can do the following:
```php
// when a User is mandatory, e.g. behind firewall
public function fooAction(UserInterface $user)
// when a User is optional, e.g. where it can be anonymous
public function barAction(UserInterface $user = null)
```
This deprecates the `Controller::getUser()` method.
I have added it on a priority of 40 so it falls just under the `RequestValueResolver`. This is because it's already used and the initial performance is less of an impact.
There was a comment asking if the `controller_argument.value_resolver` tag name wasn't too long. If decided this tag should change before 3.1 is released, I will update it in here.
*`RequestValueResolver` contains a small codestyle consistency fix.*
Commits
-------
d341889 Added a SecurityUserValueResolver for controllers
This PR was merged into the 3.2-dev branch.
Discussion
----------
[Bridge/Doctrine] Reset the EM lazy-proxy instead of the EM service
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | yes
| Tests pass? | no
| Fixed tickets | -
| License | MIT
| Doc PR | -
This makes the entity manager resettable by resetting its proxy, which should be more robust than resetting its service.
See first comments in #19192
Ping @stof
Commits
-------
c581cd4 [Bridge/Doctrine] Reset the EM lazy-proxy instead of the EM service
* 3.1:
Fixed BC Layer in DoctrineChoiceLoader
[HttpKernel] Add listener that checks when request has both Forwarded and X-Forwarded-For
[HttpKernel] Move conflicting origin IPs handling to catch block
[travis] Fix deps=low/high patching
Fixed some issues of the AccessDecisionManager profiler
[DoctrineBridge] fixed default parameter value in UniqueEntityValidator
* 3.0:
[HttpKernel] Add listener that checks when request has both Forwarded and X-Forwarded-For
[HttpKernel] Move conflicting origin IPs handling to catch block
[travis] Fix deps=low/high patching
* 2.8:
[HttpKernel] Add listener that checks when request has both Forwarded and X-Forwarded-For
[HttpKernel] Move conflicting origin IPs handling to catch block
[travis] Fix deps=low/high patching
* 2.7:
[HttpKernel] Add listener that checks when request has both Forwarded and X-Forwarded-For
[HttpKernel] Move conflicting origin IPs handling to catch block
[travis] Fix deps=low/high patching
This PR was squashed before being merged into the 3.2-dev branch (closes#19169).
Discussion
----------
Add test for Definition with exeption InvalidArgument
Add test for Definition with exeption InvalidArgument
| Q | A
| ------------- | ---
| Branch? | "master" for new features / 2.7, 2.8, 3.0 or 3.1 for fixes
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| Tests pass? | yes
| License | MIT
Commits
-------
91072e6 Add test for Definition with exeption InvalidArgument
This PR was merged into the 3.2-dev branch.
Discussion
----------
[FrameworkBundle] Show server:run logs by default
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
I propose to change the default for the `server:run` command and show `php -S` logs by default.
I really miss them otherwise. The `-vvv` mode is not suited here, because it adds a useless ` ERR ` red prefix.
I do this through a tty when available, so that the output remains colored.
Ping @javiereguiluz @weaverryan since this is mostly a DX issue.
Commits
-------
7cc6161 [FrameworkBundle] Show server:run logs by default
This PR was squashed before being merged into the 3.1 branch (closes#18934).
Discussion
----------
Fixed some issues of the AccessDecisionManager profiler
| Q | A
| ------------- | ---
| Branch? | 3.1
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #19022https://github.com/symfony/symfony-standard/issues/968https://github.com/schmittjoh/JMSSecurityExtraBundle/issues/207
| License | MIT
| Doc PR | -
Commits
-------
082f1b5 Fixed some issues of the AccessDecisionManager profiler
This PR was squashed before being merged into the 2.7 branch (closes#18688).
Discussion
----------
[HttpFoundation] Warning when request has both Forwarded and X-Forwarded-For
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR | symfony/symfony-docs#6526
Emit a warning when a request has both a trusted Forwarded header and a trusted X-Forwarded-For header, as this is most likely a misconfiguration which causes security issues.
Commits
-------
ee8842f [HttpFoundation] Warning when request has both Forwarded and X-Forwarded-For
This PR was merged into the 3.2-dev branch.
Discussion
----------
[Serializer] Allow to use easily static constructors
| Q | A
| ------------- | ---
| Branch? | "master"
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | https://github.com/symfony/symfony/pull/19027#issuecomment-225527475
| License | MIT
| Doc PR | -
This PR allows to simply use static constructors to instantiate objects with the serializer by extending the default normalizers.
Commits
-------
9be6484 [Serializer] Allow to use easily static constructors
This PR was merged into the 3.2-dev branch.
Discussion
----------
[Yaml] Avoid using both Input/Output and SymfonyStyle in LintCommand
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | ~
| License | MIT
| Doc PR | ~
Fixed some inconsistencies/mistakes from the original YamLintCommand.
Commits
-------
dd84b7f [Yaml] Avoid using both Input/Output and SymfonyStyle in LintCommand
This PR was squashed before being merged into the 3.2-dev branch (closes#19190).
Discussion
----------
[DependencyInjection] Add support for short services configurators syntax
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| License | MIT
This PR adds support for short services configurators syntax in YAML files:
```yaml
services:
app.some_service:
class: ...
# Common syntax
configurator: [ '@app.configurator', 'configure' ]
# Short syntax
configurator: 'app.configurator:configure'
Commits
-------
da2757f [DependencyInjection] Add support for short services configurators syntax
This PR was squashed before being merged into the 2.7 branch (closes#19173).
Discussion
----------
[Console] Decouple SymfonyStyle from TableCell
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | ~
| License | MIT
| Doc PR | ~
Alternative approach, ie BC, for #19136 (i prefer that one though, as it also _fixes_ #19123 )
Commits
-------
51f59d6 [Console] Decouple SymfonyStyle from TableCell
* 3.1:
fixed CS
fixed CS
fixed CS
fixed form tests
[Console] Fix formatting of SymfonyStyle::comment()
[Form] fix post max size translation type extension for >= 2.8
[Security] Allow LDAP loadUser override
removed dots at the end of @param and @return
fixed typo