This PR was squashed before being merged into the 2.8 branch (closes#14721).
Discussion
----------
[Security] Configuring a user checker per firewall
_Changed my base branch to avoid issues, closed old PR_
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed ticket | #11090 and helps #14673
| License | MIT
| Doc PR | symfony/symfony-docs/pull/5530
This pull request adds support for a configurable user checker per firewall. An example could be:
```yml
services:
app.user_checker:
class: App\Security\UserChecker
arguments:
- "@request_stack"
security:
firewalls:
secured_area:
pattern: ^/
anonymous: ~
basic_auth: ~
user_checker: app.user_checker
```
The above example will use the `UserChecker` defined as `app.user_checker`. If the `user_checker` option is left empty, `security.user_checker` will be used. If the `user_checkers` option is not defined, it will fall back to the original behavior to not break backwards compatibility and will validate using the existing `UserChecker`: `security.user_checker`.
I left the default argument in the service definitions to be `security.user_checker` to include backwards compatibility for people who for some reason don't have the extension executed. You can obtain the checker for a specific firewall by appending the firewall name to it. For the firewall `secured_area`, this would be `security.user_checker.secured_area`.
Commits
-------
76bc662 [Security] Configuring a user checker per firewall
This PR was merged into the 2.3 branch.
Discussion
----------
[Console] use PHP_OS instead of php_uname('s')
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #15058
| License | MIT
| Doc PR |
The php_uname() function may be disabled for security reasons.
Commits
-------
40e0dc8 use PHP_OS instead of php_uname('s')
This PR was merged into the 2.8 branch.
Discussion
----------
[PropertyInfo] Test behavior when an extractor returns null
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #16064
| License | MIT
| Doc PR | n/a
Add a test as suggested by @stof in https://github.com/symfony/symfony/pull/16064#issuecomment-144975004
Commits
-------
73ee226 [PropertyInfo] Test behavior when an extractor return null.
This PR was merged into the 2.8 branch.
Discussion
----------
[WebProfilerBundle] Move AjaxCollector to HttpKernel for use with Silex
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | yes
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
This PR moves the AjaxDataCollector from the FrameworkBundle to the HttpKernel Component where most of the other DataCollectors are. This would allow applications which are not base on symfony/framework-bundle to use the collector. Like for instance applications based on silex or symfony components.
Commits
-------
3841f46 added missing a deprecated notice
c227806 Move AjaxCollector for use without framework bundle
This PR was merged into the 2.8 branch.
Discussion
----------
[VarDumper] Add $this->getDump($var) when using VarDumperTestTrait
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
So useful when writing/updating dump fixtures!
Commits
-------
aa1d578 [VarDumper] Add $this->getDump($var) when using VarDumperTestTrait
This PR was merged into the 2.8 branch.
Discussion
----------
Prevent adding non-DOMElement elements in DomCrawler
| Q | A
| ------------- | ---
| Bug fix? | kind of
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
Many methods of the DomCrawler component are relying on the DOMElement API, not only on the DOMNode API. All the typehints in the Form and Link APIs were already fixed in 2.5 because they are unusable with other kinds of nodes (fatal errors). However, the Crawler itself was not fixed. and this means that a bunch of its APIs can trigger fatal errors when passing other kinds of nodes.
Thus, there is a case where the code was allowing such nodes to be injected in the Crawler for some XPath queries. I fixed it to avoid it, adding the same kind of filtering than in other places.
Commits
-------
9f362a1 Prevent adding non-DOMElement elements in DomCrawler
This PR was merged into the 2.8 branch.
Discussion
----------
Deprecate loading multiple documents in the same crawler
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | yes
| Tests pass? | yes
| Fixed tickets | #15849
| License | MIT
| Doc PR | n/a
Note that loading multiple documents in the same crawler already creates weird things when working with namespaces (the list of mapping of aliases to namespaces is shared between documents, which was flawed).
As said in the issue, this opens the door to optimizations in the future (sharing the DOMXpath instance for instance, including with subcrawler)
Commits
-------
0d1cb3b Deprecate loading multiple documents in the same crawler
This PR was merged into the 2.3 branch.
Discussion
----------
[Yaml] Fix improper comments removal
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #15857
| License | MIT
| Doc PR | -
This tries to fix#15857 .
Honestly, I don't have any idea of the regressions it might introduce. Tests are passing, so if this code had any reason to exist, tests covering it are certainly missing :/
Any hint ?
Commits
-------
0e24fc5 [Yaml] Fix improper comments removal inside strings
This PR was squashed before being merged into the 2.8 branch (closes#15742).
Discussion
----------
Using a service as a router resource
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | almost
| Fixed tickets | n/a
| License | MIT
| Doc PR | not yet...
Hi guys!
This adds the ability to use a service as a routing resource. In other words, instead of loading `routing.yml`, you could load `my_route_loader`, and then a method would be called on your service to return a RouteCollection.
Specifically, I'm interested in this because it would allow a user to point their main router resource to the kernel itself, making it possible to load routes inside the kernel (making a single-file full-stack app more possible).
Thanks!
Commits
-------
79e210f Using a service as a router resource
This PR was squashed before being merged into the 2.8 branch (closes#15778).
Discussion
----------
Fluid interface for building routes in PHP
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | not yet...
This - along with #15742 - attempts to making adding routes in PHP (via an actual class+method) not only possible, but also useful.
The two classes - `Route` and `RouteCollectionBuilder` are based off of Silex's `Controller` and `ControllerCollection`. The `RouteCollectionBuilder` is basically a `RouteCollection` that's able to import other resources. Here are the goals:
A) Import routes easily
```php
$routes->import('routing.yml');
```
B) Fluid addition of routes into the collection
```php
$routes->add('/admin', 'AppBundle:Admin:index', 'admin_index')
->setMethods(['GET']);
```
C) Ability to create routes with auto-generating names
D) Ability to add a "sub-collection" (kind of like an import, without pointing to another file). Included is the ability to set the controller class:
```php
$blogRoutes = $routes->createBuilder('/blog')
->setControllerClass('AppBundle\Controller\BlogController');
$blogRoutes->add('/', 'indexAction');
$blogRoutes->add('/{id}', 'editAction');
$routes->addBuilder($blogRoutes);
```
E) The collection options can be set before or after the routes. With `RouteCollection`, if you set something - e.g. a prefix or a default - and THEN add more routes, those options are not passed to those routes. This is by design, but not ideal for building routes (e.g. in the previous code example, the controllerClass would not be applied using the opposite logic, since it's set before adding the routes).
Thanks!
Commits
-------
15ba2e8 Fluid interface for building routes in PHP
This PR was merged into the 2.8 branch.
Discussion
----------
[CssSelector] synchronize tests for static and non-static API
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
Synchronizing the classes ensures that no tests are lost when the legacy
API is removed in #16020 for Symfony 3.0, thus mitigating the risk of
future regressions.
Commits
-------
2b29a40 synchronize tests for static and non-static API
Synchronizing the classes ensures that no tests are lost when the legacy
API is removed in #16020 for Symfony 3.0, thus mitigating the risk of
future regressions.
This PR was merged into the 2.8 branch.
Discussion
----------
[DomCrawler] fix deprecation triggers
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
On HHVM, the SplObjectStorage class performs calls to its method
internally. These method calls must not lead to triggered deprecation
notices.
Commits
-------
aca6bd9 [DomCrawler] fix deprecation triggers
This PR was merged into the 2.8 branch.
Discussion
----------
[Form] made the tests compatible with 3.0
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
Commits
-------
795da85 [Form] made the tests compatible with 3.0
This PR was merged into the 2.8 branch.
Discussion
----------
[Security] add dependency required by a replaced package
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
Since #16007, the Security HTTP component requires the PropertyAccess
component to access nested parameter bag values. Since the Security
component replaces the Security HTTP component, all dependencies of the
replaced packages must be mirrored here.
Commits
-------
d7034db add dependency required by a replaced package
This PR was merged into the 2.8 branch.
Discussion
----------
[Console] Bind input before executing the COMMAND event
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #10695 (problem 1)
| License | MIT
| Doc PR | -
Previously, `$input` wasn't very usefull in the `console.command` event, as the input was not yet bound to the command definition.
With this PR, the input is now bound twice: Once before the event is dispatched (to make it usefull in the listeners) and once at the original location in `Command#run()` (to allow changing the input definition in an event listener).
Commits
-------
0af1676 Bind input before executing the COMMAND event
Since #16007, the Security HTTP component requires the PropertyAccess
component to access nested parameter bag values. Since the Security
component replaces the Security HTTP component, all dependencies of the
replaced packages must be mirrored here.
Make sure that all relevant information is passed to created crawlers.
To avoid future regressions, this commit backports the approach taken by
@stof in #15934 to have a single place in the class that is responsible
to create subcrawler instances.
This PR was merged into the 2.8 branch.
Discussion
----------
[VarDumper] Dump PHP+Twig code excerpts in backtraces
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | yes
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
ExceptionCaster::filterTrace() is deprecated and replaced by a more flexible backtrace processing that allows one to register casters for amending/changing dumped backtraces. This is especially useful for dumping source map information/excerpts (like e.g. twig template source).
Here is a comparison generated with this code snippet (see also the expected output in testThrowingCaster):
```php
namespace Symfony\Component\VarDumper\Caster;
require 'vendor/autoload.php';
function bar()
{
return foo();
}
function foo()
{
dump(new \Exception('baz'));
}
bar('aaaaarg');
```
Before:
After:
Commits
-------
89578f1 [VarDumper] Dump PHP+Twig code excerpts in backtraces
This PR was merged into the 2.8 branch.
Discussion
----------
[Config] Fix ArrayNode extra keys "ignore" and "remove" behaviors
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
Due to #14238 , no more exception is thrown when submitting extra keys to an `ArrayNode`.
For instance:
```php
$builder = new TreeBuilder();
$nodeDefinition = $builder->root('root')
->children()
->scalarNode('foo')
->end()
->end();
$node = $nodeDefinition->getNode(true);
$node->normalize(array(
'foo' => 'ok',
'bar' => 'ko',
));
```
will not throw a
> Symfony\Component\Config\Definition\Exception\InvalidConfigurationException: Unrecognized option "bar" under "root"`
anymore, as it does in 2.7.
I think the expected behavior is:
`Submitted data: ['bar' => 'ko']`
Ignore | Remove | Expected | OK | Comment
---------| ------------ | ------------- | ------ | ----------
true | true | `[ ]` | ✔︎ | Previous behavior when ignoring.
true | false | `['bar' => 'ko']` | ✔︎ | This is the result targeted by #14238.
false | true | exception | ✘ | Removing makes no sense when not ignoring extra keys. <br/>The exception should still be thrown.
false | false | exception | ✘ | Previous behavior (2.7). <br/>Should not have changed
Commits
-------
d961f7f [Config] Fix ArrayNode extra keys "ignore" and "remove" behaviors
