* 2.8:
asset test coverage
[HttpKernel] PostResponseEvent should extend the KernelEvent
[travis] session.gc_probability=0 to fix transient tests on hhvm
Write the log message on a single line againn
[DI] Deprecate ContainerAware in favor of ContainerAwareTrait
[VarDumper] Deprecate VarDumperTestCase in favor of the trait
Check whether $this->logger is not null on GuardAuthenticationListener
[Console] Add progress indicator helper
Conflicts:
.travis.yml
This PR was merged into the 2.8 branch.
Discussion
----------
[VarDumper] Deprecate VarDumperTestCase in favor of the trait
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | yes
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
Because people must upgrade to PHP 5.5 before upgrading to Sf 3.0, this can be done on the 2.8 branch.
Commits
-------
31e51ba [VarDumper] Deprecate VarDumperTestCase in favor of the trait
This PR was merged into the 2.8 branch.
Discussion
----------
[DI] Deprecate ContainerAware in favor of ContainerAwareTrait
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | yes
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | -
To be merged before #16411 (that then should be rebased) if we agree that this is the right approach (which I believe personally).
The deprecation notice will be triggered by the existing mechanism in the DebugClassLoader (it can't be added inline because that would make symfony itself trigger it).
PHP 5.3 users migrating to 3.0 must already move to 2.8+5.5 beforehand so this is really on the CUP (Continuous Upgrade Path).
Commits
-------
807ebac [DI] Deprecate ContainerAware in favor of ContainerAwareTrait
This PR was merged into the 2.8 branch.
Discussion
----------
[Security][Guard] Check whether $this->logger is not null on GuardAuthenticationListener
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #16415
| License | MIT
| Doc PR |
Commits
-------
ebc751d Write the log message on a single line againn
713b99f Check whether $this->logger is not null on GuardAuthenticationListener
This PR was merged into the 2.8 branch.
Discussion
----------
[HttpKernel] PostResponseEvent should extend the KernelEvent
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #16342
| License | MIT
| Doc PR | -
Technically the `PostResponseEvent` is a `KernelEvent`.
Commits
-------
b9863d5 [HttpKernel] PostResponseEvent should extend the KernelEvent
* 2.8:
[Security] Clean deps
[Security][2.7] Clean deps
[HttpKernel] Fix time-sensitive test case
[travis] Fail early when an invalid composer.json is found
Conflicts:
src/Symfony/Component/Security/Core/composer.json
src/Symfony/Component/Security/composer.json
* 2.7:
[Security][2.7] Clean deps
[HttpKernel] Fix time-sensitive test case
[travis] Fail early when an invalid composer.json is found
Conflicts:
src/Symfony/Component/Security/Core/composer.json
src/Symfony/Component/Security/composer.json
This PR was merged into the 2.8 branch.
Discussion
----------
[VarDumper] Casters for Generator, ReflectionGenerator and ReflectionType
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
I had this on a local branch since a few days:
- on PHP7, using ReflectionGenerator allows dumping interesting state info about generators (see test case for example output)
- caster for ReflectionType added
- source code excerpts are now left-trimmed (see adjusted test cases)
Commits
-------
d6c2d75 [VarDumper] Casters for Generator, ReflectionGenerator and ReflectionType
* 2.8:
removed @covers annotations in tests
removed @covers annotations in tests
removed all @covers annotations
checkCredentials() force it to be an affirmative yes!
[PropertyAccess] Major performance improvement
This PR was merged into the 2.3 branch.
Discussion
----------
removed all @covers annotations
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
Some unit tests have a `@covers` PHPUnit annotations. Most of them were added a very long time ago, but since then, we did not use them anymore and the existing ones are not maintained (see #16413). So, I propose to remove them all.
Commits
-------
1e0af36 removed all @covers annotations
This PR was squashed before being merged into the 2.8 branch (closes#16395).
Discussion
----------
checkCredentials() force it to be an affirmative yes!
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no (because 2.8 isn't released)
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
This changes `GuardAuthenticatorInterface::checkCredentials()`: you now *must* return true in order for authentication to pass.
Before: You could do nothing (i.e. return null) and authentication would pass. You threw an AuthenticationException to cause a failure.
New: You *must* return `true` for authentication to pass. If you do nothing, we will throw a `BadCredentialsException` on your behalf. You can still throw your own exception.
This was a suggestion at symfony_live to make things more secure. I think it makes sense.
Commits
-------
14acadd checkCredentials() force it to be an affirmative yes!
This PR was merged into the 3.0-dev branch.
Discussion
----------
[3.0] [VarDumper] Tests fixed
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
Fixes broken test after merge.
Original 2.8 commit: 303f05baaf (diff-c45f29f2b7f10a6e3583f92526da067dR55)
Fixes Travis failure of VarDumper: https://travis-ci.org/symfony/symfony/jobs/88382131#L2413
Commits
-------
358fb2d HtmlDumperTest fixed after merge
* 2.8:
added the new Composer exclude-from-classmap option
added the new Composer exclude-from-classmap option
fix docblock description for the build() method
fix expected argument type docblock
Set back libxml settings after testings.
fixed Twig deprecation notices
This PR was squashed before being merged into the 2.3 branch (closes#16294).
Discussion
----------
[PropertyAccess] Major performance improvement
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #16179
| License | MIT
| Doc PR | n/a
This PR improves performance of the PropertyAccess component of ~70%.
The two main changes are:
* caching the `PropertyPath` initialization
* caching the guessed access strategy
This is especially important for the `ObjectNormalizer` (Symfony Serializer) and the JSON-LD normalizer ([API Platform](https://api-platform.com)) because they use the `PropertyAccessor` class in large loops (ex: normalization of a list of entities).
Here is the Blackfire comparison: https://blackfire.io/profiles/compare/c42fd275-2b0c-4ce5-8bf3-84762054d31e/graph
The code of the benchmark I've used (with Symfony 2.3 as dependency):
```php
<?php
require 'vendor/autoload.php';
class Foo
{
private $baz;
public $bar;
public function getBaz()
{
return $this->baz;
}
public function setBaz($baz)
{
$this->baz = $baz;
}
}
use Symfony\Component\PropertyAccess\PropertyAccess;
$accessor = PropertyAccess::createPropertyAccessor();
$start = microtime(true);
for ($i = 0; $i < 10000; ++$i) {
$foo = new Foo();
$accessor->setValue($foo, 'bar', 'Lorem');
$accessor->setValue($foo, 'baz', 'Ipsum');
$accessor->getValue($foo, 'bar');
$accessor->getValue($foo, 'baz');
}
echo 'Time: '.(microtime(true) - $start).PHP_EOL;
```
This PR also adds an optional support for Doctrine cache to keep access information across requests and improve the overall application performance (even outside of loops).
Commits
-------
284dc75 [PropertyAccess] Major performance improvement
* 2.7:
added the new Composer exclude-from-classmap option
added the new Composer exclude-from-classmap option
fix expected argument type docblock
Set back libxml settings after testings.
fixed Twig deprecation notices
* 2.3:
added the new Composer exclude-from-classmap option
fix expected argument type docblock
Set back libxml settings after testings.
fixed Twig deprecation notices
This PR was merged into the 2.3 branch.
Discussion
----------
added the new Composer exclude-from-classmap option
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
Commits
-------
65bef75 added the new Composer exclude-from-classmap option
This PR was merged into the 3.0-dev branch.
Discussion
----------
remove polyfills for unsupported php versions
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
Remove obsolete polyfills in master as introduced in #16317
Commits
-------
78512cc remove polyfills for unsupported php versions
This PR was merged into the 2.3 branch.
Discussion
----------
[HttpFoundation] fix expected argument type docblock
| Q | A
| ------------- | ---
| Fixed tickets |
| License | MIT
Commits
-------
1c01ebc fix expected argument type docblock
This PR was merged into the 2.8 branch.
Discussion
----------
[Routing] fix docblock description for the build() method
| Q | A
| ------------- | ---
| Fixed tickets | #15778
| License | MIT
Commits
-------
ca32ed4 fix docblock description for the build() method
This PR was merged into the 2.8 branch.
Discussion
----------
Add the PHP 7 polyfill for the random_bytes function
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
Some classes (like the `SecureRandom` class) currently depends on the `random_bytes` function, which is only available in the PHP 7 polyfill
Commits
-------
8ab8ca0 Add the PHP 7 polyfill for the random_bytes function
Calling the parent constructor of the mocked `Mongo` class tries to
connect to a local MongoDB server which fails in case no local server
was configured.
Similarly, when the parent constructor of the mocked `MongoCollection`
class is called it performs checks on the passed arguments which fails
again when a connection was not established successfully before.
* 2.7:
added missing quotes in YAML files
[HttpKernel] Add `@group time-sensitive` on some transient tests
[DoctrineBridge] Fix issue which prevent the profiler to explain a query
Use mb_detect_encoding with $strict = true
don't allow to install the split Security packages
bumped Symfony version to 2.3.35
updated VERSION for 2.3.34
update CONTRIBUTORS for 2.3.34
updated CHANGELOG for 2.3.34
* 2.3:
added missing quotes in YAML files
[HttpKernel] Add `@group time-sensitive` on some transient tests
[DoctrineBridge] Fix issue which prevent the profiler to explain a query
Use mb_detect_encoding with $strict = true
don't allow to install the split Security packages
bumped Symfony version to 2.3.35
updated VERSION for 2.3.34
update CONTRIBUTORS for 2.3.34
updated CHANGELOG for 2.3.34
This PR was merged into the 2.3 branch.
Discussion
----------
Use mb_detect_encoding with $strict = true
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
Otherwise, UTF-8 can be returned for non-UTF8 strings...
See e.g. https://3v4l.org/oMMnX
Commits
-------
e6c89f1 Use mb_detect_encoding with $strict = true
This PR was merged into the 2.3 branch.
Discussion
----------
[Security] don't allow to install the split Security packages
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #16134
| License | MIT
| Doc PR |
Currently, you would be able to install the Security component fromm
Symfony 2.3 together with one of the split packages from a higher
Symfony vesion like this:
```json
{
"require": {
"symfony/symfony": "2.3.*",
"symfony/security-core": "~2.7"
}
}
```
However, you will end up with classes being present twice.
This must be reverted after merging up in the `2.7` branch.
Commits
-------
0d14064 don't allow to install the split Security packages
Currently, you would be able to install the Security component fromm
Symfony 2.3 together with one of the split packages from a higher
Symfony vesion like this:
```json
{
"require": {
"symfony/symfony": "2.3.*",
"symfony/security-core": "~2.7"
}
}
```
However, you will end up with classes being present twice.
This must be reverted after merging up in the `2.7` branch.
* 2.7:
fixed YAML files missing quotes when a string starts with @
[VarDumper] Fix anonymous class dumping
[Routing] mark internal classes
[Translation][Csv file] remove unnecessary statements, for better readability.
[Form] remove validation of FormRegistry::getType as FormRegistry::hasType does not validate either
* 2.3:
fixed YAML files missing quotes when a string starts with @
[Routing] mark internal classes
[Translation][Csv file] remove unnecessary statements, for better readability.
[Form] remove validation of FormRegistry::getType as FormRegistry::hasType does not validate either
This PR was merged into the 2.3 branch.
Discussion
----------
fixed YAML files missing quotes when a string starts with @
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
Commits
-------
e36fea8 fixed YAML files missing quotes when a string starts with @
This PR was merged into the 2.3 branch.
Discussion
----------
[Translation][Csv loader] remove unnecessary statements, for better readability.
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Fixed tickets | ~
| Tests pass? | yes
| License | MIT
Commits
-------
47b8c3e [Translation][Csv file] remove unnecessary statements, for better readability.
This PR was merged into the 2.3 branch.
Discussion
----------
[Form] remove type check in FormRegistry::getType
| Q | A
| ------------- | ---
| Bug fix? | yes (consistency)
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
remove validation of `FormRegistry::getType` as `FormRegistry::hasType` does not validate either. So `hasType` currently triggers a PHP warning with a wrong argument.
also developers do not work with the registry directly anyway but through the factory. and the factory already validates the value. So this validation is useless in reality.
Commits
-------
d37b9e6 [Form] remove validation of FormRegistry::getType as FormRegistry::hasType does not validate either
* 2.8:
Fix the FrameworkBundle dependencies
[DoctrineBridge] Fix required guess of boolean fields
[DI] don't use array_map to resolve services
Remove dead code in the PropertyPath constructor
[EventDispatcher] fix docblock
[Process] Inherit env vars by default in PhpProcess
Changed one console output style to avoid visual issues
[VarDumper] Fix return type and anonymous classes dumping
[FrameworkBundle] PropertyInfo support
[HttpFoundation] Fixes /0 subnet handling in IpUtils
[Form] Simplify DateTimeToStringTransformer Avoid unneeded catch and re-throw of the same exception.
[Minor] [Serializer] Removed second license header
[TwigBundle] added a Twig templates warmer when templating is disabled
[HttpKernel] Remove a duplicate test for the EsiFragmentRenderer
[Templating] deprecate low-level RouterHelper::generate method as it's cumbersome to use constants in templates
[Templating] introduce path and url methods in php templates to be in line with twig templates
[Routing] deprecate the old url generator reference type values
[Routing] use constant in a test that is new in 2.7
[FrameworkBundle] Add a new ClassCache cache warmer
[Validator] Add expressionLanguage to ExpressionValidator constructor
Conflicts:
src/Symfony/Bundle/FrameworkBundle/Resources/config/services.xml
src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/ConfigurationTest.php
src/Symfony/Bundle/FrameworkBundle/composer.json
src/Symfony/Component/BrowserKit/composer.json
src/Symfony/Component/ClassLoader/ClassCollectionLoader.php
src/Symfony/Component/EventDispatcher/EventDispatcher.php
* 2.7:
[DoctrineBridge] Fix required guess of boolean fields
[DI] don't use array_map to resolve services
Remove dead code in the PropertyPath constructor
[Process] Inherit env vars by default in PhpProcess
Changed one console output style to avoid visual issues
[VarDumper] Fix return type and anonymous classes dumping
[HttpFoundation] Fixes /0 subnet handling in IpUtils
[Form] Simplify DateTimeToStringTransformer Avoid unneeded catch and re-throw of the same exception.
[HttpKernel] Remove a duplicate test for the EsiFragmentRenderer
Conflicts:
src/Symfony/Component/BrowserKit/composer.json
src/Symfony/Component/VarDumper/Tests/Caster/ReflectionCasterTest.php
* 2.3:
[DoctrineBridge] Fix required guess of boolean fields
[DI] don't use array_map to resolve services
Remove dead code in the PropertyPath constructor
[Process] Inherit env vars by default in PhpProcess
[HttpFoundation] Fixes /0 subnet handling in IpUtils
[Form] Simplify DateTimeToStringTransformer Avoid unneeded catch and re-throw of the same exception.
[HttpKernel] Remove a duplicate test for the EsiFragmentRenderer
Conflicts:
src/Symfony/Component/Process/Process.php
src/Symfony/Component/PropertyAccess/Tests/PropertyAccessorCollectionTest.php
src/Symfony/Component/PropertyAccess/Tests/PropertyAccessorTest.php
This PR was merged into the 2.3 branch.
Discussion
----------
[Process] Inherit env vars by default in PhpProcess
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
This is the cause of our failures on Windows, where the SYSTEMROOT env var is mandatory for mcrypt_create_iv to work.
I don't know why the browserkit client is run with no env inheritance and this looks like a bug.
Same for PhpProcess emptying the env by default, this looks like a bug, esp. since the parent `Process` class defaults to inheriting the env.
Tests are not broken by this change.
Commits
-------
ab8cc29 [Process] Inherit env vars by default in PhpProcess
This PR was merged into the 2.3 branch.
Discussion
----------
Remove dead code in the PropertyPath constructor
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
Custom singulars have been removed from the component before merging it in Symfony, but the code parsing them was only removed partially.
Commits
-------
ad4d0eb Remove dead code in the PropertyPath constructor
This PR was squashed before being merged into the 3.0-dev branch (closes#12119).
Discussion
----------
[Console] Add progress indicator helper
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | *todo*
This is an alternative to the `ProgressBar` helper *without a max* inspired by the `npm` cli. You can use the `ProgressBar` but IMO it doesn't look great or fallback nicely in non-ansi environments.
A lot of work needs to be done still but thought I would get some comments on this idea.
##### Example code
```php
$progress = new ProgressIndicator($output);
$progress->start('Starting...');
for ($i = 0; $i < 100; $i++) {
usleep(25000);
$progress->advance();
switch ($i) {
case 20:
$progress->setMessage('Just started...');
break;
case 50:
$progress->setMessage('Half way...');
break;
case 90:
$progress->setMessage('Almost Done...');
break;
}
}
$progress->finish('Done.');
```
##### Screenshot
![output](https://cloud.githubusercontent.com/assets/127811/4511167/95302026-4b31-11e4-824e-5cb26f96e4cb.gif)
Commits
-------
abf389c [Console] Add progress indicator helper
This PR was squashed before being merged into the 2.3 branch (closes#16177).
Discussion
----------
[HttpFoundation] Fixes /0 subnet handling in IpUtils
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #16055
| License | MIT
| Doc PR | Not needed
Fixes bug #16055. For IP addresses with CIDR subnet length 0, the IP address must be valid - IPs with subnet masks greater than zero are implicitly validated due to the use of `ip2long` and `substr_compare` (although it's not particularly robust - there could be some future work to improve this here).
Commits
-------
d9ac571 [HttpFoundation] Fixes /0 subnet handling in IpUtils
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | none
| License | MIT
| Doc PR | none
PR #15918 added a second license header to the `ArrayDenormalizer` file. One license header is probably enough.
This PR was merged into the 2.3 branch.
Discussion
----------
[HttpKernel] Remove a duplicate test for the EsiFragmentRenderer
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
Since the request was made a required argument to the `render()` method in #6829, this [test became a duplicate](23f51450bd/src/Symfony/Component/HttpKernel/Tests/RenderingStrategy/EsiRenderingStrategyTest.php (L28-L38)) of `testRenderFallbackToInlineStrategyIfEsiNotSupported()`.
Commits
-------
44d57a3 [HttpKernel] Remove a duplicate test for the EsiFragmentRenderer
Since the request was made a required argument to the `render()` method in #6829, this test became a duplicate of `testRenderFallbackToInlineStrategyIfEsiNotSupported()`.
* 2.8:
[Routing] use constants in tests
[Process] tweaked README
[TwigBundle] Fix Twig cache is not properly warmed
[Validator] Allow an empty path in a URL with only a fragment or a query
[Security] Use SessionAuthenticationStrategy on RememberMe login
[HttpFoundation] Fix some typo in the Request doc
fixed CS
Added separated handling of root paths
* 2.7:
[Routing] use constants in tests
[Process] tweaked README
[Validator] Allow an empty path in a URL with only a fragment or a query
[HttpFoundation] Fix some typo in the Request doc
fixed CS
Added separated handling of root paths
* 2.3:
[Routing] use constants in tests
[Validator] Allow an empty path in a URL with only a fragment or a query
[HttpFoundation] Fix some typo in the Request doc
fixed CS
Added separated handling of root paths
This PR was merged into the 2.3 branch.
Discussion
----------
[filesystem] makeRelativePath does not work correctly from root
| Q | A
| ------------- | ---
| Bug fix? | yes/no
| New feature? | yes/no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #1234
| License | MIT
| Doc PR | #14066, #14067
When using `makeRelativePath`, it returns an incorrect path when trying to fetch an entry from the root:
$fs->makePathRelative('/foo/bar/baz', '/');
Actual result:
../foo/bar/baz
Expected result:
foo/bar/baz
As we have specified an absolute path, there is no point on having an `..` added. It works, because a root directory has a `..` which points to itself, but it could result in issues when the relative path is actually prefixed or concatted.
Commits
-------
791b124 fixed CS
7bb394e Added separated handling of root paths
* 2.8:
Added UserLoaderInterface for loading users through Doctrine.
Fix the detection of the deprecated usage of the ValidationListener
Use entry_type instead of type
[Form] Fix missing notice for deprecated `type`
[DI] Autowiring: w/a https://bugs.php.net/62715
* 2.8:
[PhpUnit] exit gracefully to workaround segfaults at shutdown time
[ExpressionLanguage] marked node classes as being internal
[Yaml] marked some classes as being internal
This PR was merged into the 3.0-dev branch.
Discussion
----------
[Yaml] removed YAML parser \ escaping in double-quotes
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
Should be rebased when #16201 is merged.
Commits
-------
5dbf6bc [Yaml] removed parsing of non-escaped backslash in a double-quoted string
This PR was merged into the 2.8 branch.
Discussion
----------
[ExpressionLanguage] marked node classes as being internal
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
Adds `@internal` on some classes, would it make sense to also make them final?
Commits
-------
7d6bc48 [ExpressionLanguage] marked node classes as being internal
This PR was merged into the 2.8 branch.
Discussion
----------
[Yaml] marked some classes as being internal
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
Adds `@internal` on some YAML classes.
Commits
-------
29e7893 [Yaml] marked some classes as being internal
This PR was merged into the 2.8 branch.
Discussion
----------
[PhpUnit] Mock clock on @group time-sensitive annotations
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
Instead of spreading the same clock mock code everywhere, let's create a test case that helps mocking the time related functions.
Commits
-------
34a0846 [PhpUnit] Mock clock on @group time-sensitive annotations
This PR was merged into the 2.8 branch.
Discussion
----------
[Yaml] deprecated non-escaped \ in double-quoted strings when parsing
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | yes
| BC breaks? | no
| Deprecations? | yes
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
According to the YAML specs, backslashes must be escaped when used in a double-quoted string. So, `"Foo\Var"` is not valid, `"Foo\\Var"` is.
This PR deprecates the old ways so that we can throw an exception in 3.0 when parsing a non-compliant YAML string in 3.0.
ping @nicolas-grekas @tucksaun
Commits
-------
e599a72 [Yaml] deprecated non-escaped \ in double-quoted strings when parsing
This PR was merged into the 2.8 branch.
Discussion
----------
[EventDispatcher] added EventDispatcher::getListenerPriority()
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #14563, #15825
| License | MIT
| Doc PR | n/a
In #14563, we added a way to get the priorities of listeners, but as noted by @Tobion in #15825, the implementation is sub-optimal because of two main reasons: the change is not part of the interface but more importantly, the added boolean changes the return value of `getListeners()`.
This PR reverts most of #14563 to add a `getListenerPriority()` method. This method is quite slow, but as it should only be used for debugging purposes (on the CLI or the WDT), I think it's not really a problem.
In 3.0, this method should probably be added to `EventDispatcherInterface`.
ping @Tobion
Commits
-------
068e955 [EventDispatcher] added EventDispatcher::getListenerPriority()
* 2.8:
Fix merge
[ci] Fix tests requirements
[ci] SymfonyTestsListener is now auto-registered
adds validation messages missing italian translations
[Console] fixed progress bar format on edge cases
fix bug with set max count, by start method in progress bar
Rename CollectionType options for entries
Conflicts:
appveyor.yml
src/Symfony/Component/ClassLoader/Tests/LegacyApcUniversalClassLoaderTest.php
src/Symfony/Component/Console/Helper/ProgressBar.php
src/Symfony/Component/Form/Tests/Extension/Core/Type/CollectionTypeTest.php
src/Symfony/Component/HttpKernel/Tests/Profiler/MongoDbProfilerStorageTest.php
src/Symfony/Component/HttpKernel/Tests/Profiler/SqliteProfilerStorageTest.php
src/Symfony/Component/Validator/Tests/Mapping/Cache/LegacyApcCacheTest.php
* 2.7:
[ci] Fix tests requirements
[ci] SymfonyTestsListener is now auto-registered
adds validation messages missing italian translations
[Console] fixed progress bar format on edge cases
fix bug with set max count, by start method in progress bar
Conflicts:
src/Symfony/Component/Form/Tests/Extension/Core/EventListener/TrimListenerTest.php
src/Symfony/Component/HttpKernel/Tests/Profiler/MongoDbProfilerStorageTest.php
src/Symfony/Component/HttpKernel/Tests/Profiler/SqliteProfilerStorageTest.php
src/Symfony/Component/Security/Acl/Tests/Dbal/AclProviderTest.php
src/Symfony/Component/Security/Acl/Tests/Dbal/MutableAclProviderTest.php
This PR was merged into the 2.8 branch.
Discussion
----------
[2.8] [Form] Rename CollectionType options for entries
Description
---
Replaces #13820 for the 2.8 branch.
Original description:
> `type` and `options` are extremely generic. Prefixing them with `entry_` makes it clear what they are configuring.
> About the property deprecation it is the same story as https://github.com/symfony/symfony/pull/13717 and I don't know which direction you want me to go.
I've tried to apply the comments in the previous PR, but got a bit lost in the normalizers/default closure stuff. I hope I did everything correctly, but please review :)
PR Info Table
---
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | yes
| Tests pass? | yes
| Fixed tickets | #7831
| License | MIT
| Doc PR | https://github.com/symfony/symfony-docs/pull/5051
Commits
-------
942a237 Rename CollectionType options for entries
* 2.8:
[PhpUnit] Auto-register SymfonyTestsListener
[phpunit] Upgrade when a change is detected and when install subcommand is used
[Filesystem] Fix test on Windows
Fix merge
[HttpFoundation] Extend ClockMock to session storage tests
[Process] Don't use @requires on abstract class
[VarDumper] Fix wordwrap with Bootstrap
Fix the BC layer for the key->secret renaming for remember_me
Fix potential access to undefined index
Conflicts:
src/Symfony/Bundle/SecurityBundle/DependencyInjection/Security/Factory/RememberMeFactory.php
src/Symfony/Component/HttpFoundation/Tests/Session/Storage/Handler/LegacyPdoSessionHandlerTest.php
src/Symfony/Component/Locale/phpunit.xml.dist
This PR was merged into the 2.8 branch.
Discussion
----------
[PhpUnit] Auto-register SymfonyTestsListener
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
This allows removing the copy/pasted `<listeners>` tags in our phpunit.xml.dist files and opens for future enhancements (like #16194)
Commits
-------
9e2bb00 [PhpUnit] Auto-register SymfonyTestsListener
This PR was merged into the 2.8 branch.
Discussion
----------
Fix potential access to undefined index
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
Fixes @tobion's comment in https://github.com/symfony/symfony/pull/14563/files#r39705270
Commits
-------
de41002 Fix potential access to undefined index
* 2.7:
[Filesystem] Fix test on Windows
Fix merge
[HttpFoundation] Extend ClockMock to session storage tests
[Process] Don't use @requires on abstract class
[VarDumper] Fix wordwrap with Bootstrap
* 2.3:
[HttpFoundation] Extend ClockMock to session storage tests
[Process] Don't use @requires on abstract class
Conflicts:
src/Symfony/Component/HttpFoundation/Tests/Session/Storage/Handler/PdoSessionHandlerTest.php
This PR was merged into the 2.8 branch.
Discussion
----------
[2.8][tests] Use @requires annotation when possible
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
Commits
-------
814d961 [tests] Use @requires annotation when possible
This PR was merged into the 2.7 branch.
Discussion
----------
[2.7][tests] Use @requires annotation when possible
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
Commits
-------
b028aea [tests] Use @requires annotation when possible
This PR was squashed before being merged into the 2.3 branch (closes#16095).
Discussion
----------
[Console] Add additional ways to detect OS400 platform
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #16053
| License | MIT
| Doc PR | None
This PR adds support for detecting the OS400 platform when the PHP function `php_uname()` is disabled. OS400 platform detection was added in #15058 to fix character encoding issues present on OS400. See that PR for more info.
This PR fixes regression introduced in #16053, which did not work on the IBM OS400 server I have access to. The constant `PHP_OS` being checked outputs "AIX" on my IBM OS400 server. I can't say for sure if it works on other IBM platforms... but I preserved this check just in case.
User @eloigranado [commented here](https://github.com/symfony/symfony/pull/15058#issuecomment-130743928) asking if we could switch to using `PHP_OS` constant instead of `php_uname()` because he claims some admins might "[hide] the exact kernel build from any attacker who discovers a remote PHP code execution vulnerability". I personally don't think we should accommodate this use case, but I was able to find alternate approaches.
### Why use case insensitive string matching stristr() instead of in_array()?
Here are the various outputs on my OS400 server:
echo PHP_OS; // "AIX"
echo getenv('OSTYPE'); // "os400"
echo php_uname('s'); // "OS400"
So we have various case issues here, and possible blank values on platforms where OSTYPE var doesn't exist or php_uname() is disabled. Concatenating these optional values together delimited by ; then case-insensitive searching the string for "OS400" seemed like a fair compromise. I would've probably done `in_array()` if case wasn't an issue.
Commits
-------
96a4071 [Console] Add additional ways to detect OS400 platform
This PR was merged into the 2.7 branch.
Discussion
----------
Added more tests for PropertyAccess
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
This is a follow up for [16090#issuecomment-145183635](https://github.com/symfony/symfony/pull/16090#issuecomment-145183635)
Commits
-------
378db75 Added more tests for PropertyAccess
This PR was merged into the 2.3 branch.
Discussion
----------
[Yaml] Allow tabs before comments at the end of a line
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
If a yml file has a tab character before a line ending comment the comment will be included in the parsed value. Yaml spec allows tab or space as whitespace characters so we need to check for tab as well. See included test.
Recently caused an odd and hard to find bug in our project.
See spec:
http://www.yaml.org/spec/1.2/spec.html#s-b-commenthttp://www.yaml.org/spec/1.2/spec.html#s-separate-in-linehttp://www.yaml.org/spec/1.2/spec.html#s-white
This is a new PR replacing https://github.com/symfony/symfony/pull/15747
@fabpot
Commits
-------
d040be7 [Yaml] Allow tabs before comments at the end of a line
This PR was merged into the 2.8 branch.
Discussion
----------
[DI] Warn when a definition relies on a deprecated class in ContainerBuilder::createService()
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | yes
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
The new feature is in the DI component and it enlighten a deprecation from Doctrine that we ignored in FrameworkBundle, that is also fixed in this PR.
See https://github.com/symfony/symfony/pull/16001/files?w=1
Commits
-------
ca69fa3 [DI] Warn when a definition relies on a deprecated class in ContainerBuilder::createService()
This PR was merged into the 2.8 branch.
Discussion
----------
[VarDumper] consistent signature of getDump() in class + trait
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #16126
| License | MIT
| Doc PR |
Commits
-------
48a9e83 consistent signature of getDump() in class + trait
This PR was merged into the 2.7 branch.
Discussion
----------
[2.7] Fix docblocks about callables
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
Commits
-------
7b12fe9 [2.7] Fix docblocks about callables
This PR was merged into the 2.3 branch.
Discussion
----------
Fix docblocks about callables
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
Commits
-------
a25beb6 Fix docblocks about callables
This PR was merged into the 3.0-dev branch.
Discussion
----------
Replace is_callable checks with type hints
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #14330
| License | MIT
| Doc PR | -
Also removes tests checking the exceptions thrown from
the removed is_callable checks.
Commits
-------
7685cdd Add more callable type hints
4e0c6e1 Replace is_callable checks with type hints
This PR was merged into the 2.3 branch.
Discussion
----------
Command list ordering fix
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
Makes sure that global commands are always first.
Commits
-------
2984f8e fixed previous commit
70f2b3e global commands are always first in command list
* 2.8: (21 commits)
[Security][bugfix] "Remember me" cookie cleared on logout with custom "secure"/"httponly" config options [1]
[ci] Use current PHP_BINARY when running ./phpunit
Fixed typos
[UPGRADE-3.0] fix bullet indentation
Throw exception if tempnam returns false in ProcessPipes
[DomCrawler] Deprecated using /_root/ in XPath expressions
Pass missing request template variables
Simplify AbstractVoter
[Form] add missing deprecation triggers
Throw exception if tempnam returns false
Fix PropertyAccessor modifying array in object when array key does not exist
[DependencyInjection] Add autowiring capabilities
Fixing typo in variable name
Add a few additional tests for the Crawler
[Form] remove obsolete deprecation comments
Updated the style of the event commands
[Debug] Deprecate providing $fileLinkFormat as second argument
[Form] minor CS fix
Updated PHPDoc of the AbstractVoter class
[Security] InMemoryUserProvider now concerns whether user's password is changed when refreshing
...
* 2.7:
[Security][bugfix] "Remember me" cookie cleared on logout with custom "secure"/"httponly" config options [1]
[ci] Use current PHP_BINARY when running ./phpunit
Fixed typos
[UPGRADE-3.0] fix bullet indentation
Fix PropertyAccessor modifying array in object when array key does not exist
[Security] InMemoryUserProvider now concerns whether user's password is changed when refreshing
* 2.3:
[Security][bugfix] "Remember me" cookie cleared on logout with custom "secure"/"httponly" config options [1]
[ci] Use current PHP_BINARY when running ./phpunit
Fixed typos
[UPGRADE-3.0] fix bullet indentation
[Security] InMemoryUserProvider now concerns whether user's password is changed when refreshing
This PR was merged into the 2.8 branch.
Discussion
----------
Include working directory in ProcessFailedException
... because quite often the Exception is a result of the `www-data` user not having the appropriate rights at that working path. Maybe @schmittjoh can confirm this?
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
Commits
-------
dbaefb4 Include working directory in ProcessFailedException
This PR was squashed before being merged into the 2.3 branch (closes#14842).
Discussion
----------
[Security][bugfix] "Remember me" cookie cleared on logout with custom "secure"/"httponly" config options [1]
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #14822
| License | MIT
| Doc PR | ~
* test now always pass "secure" and "httponly" options, as they are required
* could be considered BC, but [`RememberMeFactory` passes them](https://github.com/symfony/symfony/blob/2.3/src/Symfony/Bundle/SecurityBundle/DependencyInjection/Security/Factory/RememberMeFactory.php#L21), so they should've always been treated as required
* I can squash the commits before merging
* Alternative solution: #14843
Commits
-------
18b1c6a [Security][bugfix] "Remember me" cookie cleared on logout with custom "secure"/"httponly" config options [1]
This PR was merged into the 2.3 branch.
Discussion
----------
[Security] InMemoryUserProvider now concerns whether user's password is changed when refreshing
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
When a user has changed own password, I want to logout any sessions which is authenticated by its user except changer itself.
[DaoAuthenticationManager::checkAuthentication()](https://github.com/symfony/symfony/blob/2.3/src/Symfony/Component/Security/Core/Authentication/Provider/DaoAuthenticationProvider.php#L59) method seems to concern about it.
But, this situation actually never happens because both users that will be passed to this method are always identical in re-authentication.
It's because the token refreshes own user via [ContextListener](https://github.com/symfony/symfony/blob/2.3/src/Symfony/Component/Security/Http/Firewall/ContextListener.php#L90) before re-authentication.
Commits
-------
729902a [Security] InMemoryUserProvider now concerns whether user's password is changed when refreshing
This PR was merged into the 3.0-dev branch.
Discussion
----------
[HttpFoundation] change precedence of parameters in Request::get
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | yes
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
Allowing the request attributes to be overwritten via GET parameters is risky and made #8966 even worse.
It is even more risky because it skips the requirements checks as configured in routing. So people that set requirements for routing placeholders like `\d+` or `html|json` can be sure it is validated when using the routing variables. But if developers use `$request->get()` to retrieve them, anybody from outside can set any value for those.
Commits
-------
e8d6764 [HttpFoundation] change precedence of parameters in Request::get
This PR was merged into the 2.3 branch.
Discussion
----------
Fix PropertyAccessor modifying array in object when array key does no…
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #16056
| License | MIT
| Doc PR |
Commits
-------
f24c678 Fix PropertyAccessor modifying array in object when array key does not exist
This PR was merged into the 2.8 branch.
Discussion
----------
Simplify AbstractVoter
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no, just simplification
| BC breaks? | no, because 2.8 is not yet released
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
Commits
-------
93de659 Simplify AbstractVoter
This PR was merged into the 2.8 branch.
Discussion
----------
[DomCrawler] Deprecated using /_root/ in XPath expressions
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | yes
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
Commits
-------
6042e86 [DomCrawler] Deprecated using /_root/ in XPath expressions
This PR was merged into the 2.3 branch.
Discussion
----------
Throw exception if tempnam returns false in ProcessPipes
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #15215
| License | MIT
| Doc PR |
Related to #16092
Commits
-------
1425b8a Throw exception if tempnam returns false in ProcessPipes
Passing implementations of the pre 2.5 validator API to the constructors
of the `ValidatorExtension` and the `ValidationListener` must trigger a
deprecation.
This PR was squashed before being merged into the 2.8 branch (closes#15613).
Discussion
----------
[DependencyInjection] Add autowiring capabilities
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | not yet
This PR adds autowiring capabilities to the Dependency Injection component. It eases service registration by letting the component guessing dependencies to inject and even (under certain conditions) registering them using typehints of the constructor parameters.
The following usages are supported:
# Automatic dependency registration
```php
class Foo
{
}
class Bar
{
public function __construct(Foo $f)
{
}
}
```
```yaml
services:
bar:
class: Bar
autowire: true
```
It will register `Foo` as a private service (`autowired.foo`) and injects it as the first argument of the `bar` constructor.
This method works only for typehints corresponding to instantiable classes (interfaces and abstract classes are not supported).
# Autocompletion of definition arguments
```php
interface A
{
}
interface B extends A
{
}
class Foo implements B
{
}
class Bar
{
}
class Baz extends Bar
{
}
class LesTilleuls
{
public function __construct(A $a, Bar $bar)
{
}
}
```
```yaml
services:
foo:
class: Foo
baz:
class: Baz
les_tilleuls:
class: LesTilleuls
autowire: true
```
The autowiring system will find types of all services and completes constructor arguments of the `les_tilleuls` service definition using typehints.
It works only if there is one service registered for a given type (if there are several services available for the same type and no explicit type definition, a `RuntimeException` is thrown).
# Explicit type definition
```php
interface A
{
}
class A1 implements A
{
}
class A2 implements A
{
}
class B
{
public function __construct(A $a)
{
}
}
```
```yaml
services:
a1:
class: A1
types: [ A ]
a2:
class: A2
# Will be autowired with A1
class b:
class: B
autowire: true
# Not autowired
class another_b:
class: B
arguments: [ @a2 ]
autowire: true
```
When a service is explicitly associated with a type, it is always used to fill a definition depending of this type, even if several services have this type. If several services are associated with the same type, the last definition takes the priority.
Of course explicit definitions are still supported.
YAML, XML and PHP loaders have been updated to supports the new `type` parameter.
Commits
-------
aee5731 [DependencyInjection] Add autowiring capabilities
This PR was merged into the 3.0-dev branch.
Discussion
----------
Fix the crawler refactoring
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
This fixes a few mistakes I spotted in #16075 for the DomCrawler component.
Regression tests are added separately in https://github.com/symfony/symfony/pull/16093 to be included in older branches too.
Commits
-------
d128735 Fix the crawler refactoring
This condition is always `true` because `$attributesMetadata` does not exists in this `foreach` context and could overwrite values in the `$attributesMetadata` variable.
This PR was merged into the 2.8 branch.
Discussion
----------
[Debug] Deprecate providing $fileLinkFormat as second argument
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | yes
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
Commits
-------
ed3611d [Debug] Deprecate providing $fileLinkFormat as second argument
This PR was merged into the 3.0-dev branch.
Discussion
----------
[3.0] Clean Form, Validator, DowCrawler and some more
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
Commits
-------
abca2d6 [3.0] Clean Form, Validator, DowCrawler and some more
* 2.8:
Updated the stlyes of the YAML commands
[Security] Configuring a user checker per firewall
[PropertyInfo] Test behavior when an extractor return null.
This PR was squashed before being merged into the 2.8 branch (closes#14721).
Discussion
----------
[Security] Configuring a user checker per firewall
_Changed my base branch to avoid issues, closed old PR_
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed ticket | #11090 and helps #14673
| License | MIT
| Doc PR | symfony/symfony-docs/pull/5530
This pull request adds support for a configurable user checker per firewall. An example could be:
```yml
services:
app.user_checker:
class: App\Security\UserChecker
arguments:
- "@request_stack"
security:
firewalls:
secured_area:
pattern: ^/
anonymous: ~
basic_auth: ~
user_checker: app.user_checker
```
The above example will use the `UserChecker` defined as `app.user_checker`. If the `user_checker` option is left empty, `security.user_checker` will be used. If the `user_checkers` option is not defined, it will fall back to the original behavior to not break backwards compatibility and will validate using the existing `UserChecker`: `security.user_checker`.
I left the default argument in the service definitions to be `security.user_checker` to include backwards compatibility for people who for some reason don't have the extension executed. You can obtain the checker for a specific firewall by appending the firewall name to it. For the firewall `secured_area`, this would be `security.user_checker.secured_area`.
Commits
-------
76bc662 [Security] Configuring a user checker per firewall
This PR was merged into the 2.3 branch.
Discussion
----------
[Console] use PHP_OS instead of php_uname('s')
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #15058
| License | MIT
| Doc PR |
The php_uname() function may be disabled for security reasons.
Commits
-------
40e0dc8 use PHP_OS instead of php_uname('s')
This PR was merged into the 2.8 branch.
Discussion
----------
[PropertyInfo] Test behavior when an extractor returns null
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #16064
| License | MIT
| Doc PR | n/a
Add a test as suggested by @stof in https://github.com/symfony/symfony/pull/16064#issuecomment-144975004
Commits
-------
73ee226 [PropertyInfo] Test behavior when an extractor return null.
This PR was merged into the 3.0-dev branch.
Discussion
----------
[3.0][Security] Remove deprecated features (follow up of #15899)
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | yes
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #15899
| License | MIT
| Doc PR | -
- updated UPGRADE-3.0.md
- removed unused `supportsClass` methods
- changed visibility of `supportsAttribute` methods from public to private, removed `inheritdoc` annotation from them because there is no definition for this methods in parent interface
- removed tests for `supportsClass` and `supportsAttribute` method
- removed unused mock creation
Commits
-------
437398d [3.0][Security] Remove deprecated features (follow up of #15899)
This PR was squashed before being merged into the 3.0-dev branch (closes#8967).
Discussion
----------
[HttpFoundation] Request->getRequestFormat should only rely on the request attributes
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | possibly
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #8966
| License | MIT
| Doc PR |
Added test case and fix for #8966. Is this functionality relied on somewhere?
Commits
-------
7115c1e [HttpFoundation] Request->getRequestFormat should only rely on the request attributes
* 2.8:
added missing a deprecated notice
Move AjaxCollector for use without framework bundle
Deprecate loading multiple documents in the same crawler
[VarDumper] Add $this->getDump($var) when using VarDumperTestTrait
Prevent adding non-DOMElement elements in DomCrawler
[appveyor] Fix command line
Using a service as a router resource
Fluid interface for building routes in PHP
Updated the styles of the container commands
fix tests after twig commands style changes
synchronize tests for static and non-static API
[DomCrawler] fix deprecation triggers
[Yaml] Fix improper comments removal inside strings
This PR was merged into the 2.8 branch.
Discussion
----------
[WebProfilerBundle] Move AjaxCollector to HttpKernel for use with Silex
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | yes
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
This PR moves the AjaxDataCollector from the FrameworkBundle to the HttpKernel Component where most of the other DataCollectors are. This would allow applications which are not base on symfony/framework-bundle to use the collector. Like for instance applications based on silex or symfony components.
Commits
-------
3841f46 added missing a deprecated notice
c227806 Move AjaxCollector for use without framework bundle
This PR was merged into the 2.8 branch.
Discussion
----------
[VarDumper] Add $this->getDump($var) when using VarDumperTestTrait
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
So useful when writing/updating dump fixtures!
Commits
-------
aa1d578 [VarDumper] Add $this->getDump($var) when using VarDumperTestTrait
This PR was merged into the 2.8 branch.
Discussion
----------
Prevent adding non-DOMElement elements in DomCrawler
| Q | A
| ------------- | ---
| Bug fix? | kind of
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
Many methods of the DomCrawler component are relying on the DOMElement API, not only on the DOMNode API. All the typehints in the Form and Link APIs were already fixed in 2.5 because they are unusable with other kinds of nodes (fatal errors). However, the Crawler itself was not fixed. and this means that a bunch of its APIs can trigger fatal errors when passing other kinds of nodes.
Thus, there is a case where the code was allowing such nodes to be injected in the Crawler for some XPath queries. I fixed it to avoid it, adding the same kind of filtering than in other places.
Commits
-------
9f362a1 Prevent adding non-DOMElement elements in DomCrawler
This PR was merged into the 2.8 branch.
Discussion
----------
Deprecate loading multiple documents in the same crawler
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | yes
| Tests pass? | yes
| Fixed tickets | #15849
| License | MIT
| Doc PR | n/a
Note that loading multiple documents in the same crawler already creates weird things when working with namespaces (the list of mapping of aliases to namespaces is shared between documents, which was flawed).
As said in the issue, this opens the door to optimizations in the future (sharing the DOMXpath instance for instance, including with subcrawler)
Commits
-------
0d1cb3b Deprecate loading multiple documents in the same crawler
This PR was merged into the 2.3 branch.
Discussion
----------
[Yaml] Fix improper comments removal
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #15857
| License | MIT
| Doc PR | -
This tries to fix#15857 .
Honestly, I don't have any idea of the regressions it might introduce. Tests are passing, so if this code had any reason to exist, tests covering it are certainly missing :/
Any hint ?
Commits
-------
0e24fc5 [Yaml] Fix improper comments removal inside strings
This PR was merged into the 3.0-dev branch.
Discussion
----------
[CssSelector] removed the deprecated CssSelector class
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
Commits
-------
3ffa422 [CssSelector] removed the deprecated CssSelector class
This PR was squashed before being merged into the 2.8 branch (closes#15742).
Discussion
----------
Using a service as a router resource
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | almost
| Fixed tickets | n/a
| License | MIT
| Doc PR | not yet...
Hi guys!
This adds the ability to use a service as a routing resource. In other words, instead of loading `routing.yml`, you could load `my_route_loader`, and then a method would be called on your service to return a RouteCollection.
Specifically, I'm interested in this because it would allow a user to point their main router resource to the kernel itself, making it possible to load routes inside the kernel (making a single-file full-stack app more possible).
Thanks!
Commits
-------
79e210f Using a service as a router resource
This PR was squashed before being merged into the 2.8 branch (closes#15778).
Discussion
----------
Fluid interface for building routes in PHP
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | not yet...
This - along with #15742 - attempts to making adding routes in PHP (via an actual class+method) not only possible, but also useful.
The two classes - `Route` and `RouteCollectionBuilder` are based off of Silex's `Controller` and `ControllerCollection`. The `RouteCollectionBuilder` is basically a `RouteCollection` that's able to import other resources. Here are the goals:
A) Import routes easily
```php
$routes->import('routing.yml');
```
B) Fluid addition of routes into the collection
```php
$routes->add('/admin', 'AppBundle:Admin:index', 'admin_index')
->setMethods(['GET']);
```
C) Ability to create routes with auto-generating names
D) Ability to add a "sub-collection" (kind of like an import, without pointing to another file). Included is the ability to set the controller class:
```php
$blogRoutes = $routes->createBuilder('/blog')
->setControllerClass('AppBundle\Controller\BlogController');
$blogRoutes->add('/', 'indexAction');
$blogRoutes->add('/{id}', 'editAction');
$routes->addBuilder($blogRoutes);
```
E) The collection options can be set before or after the routes. With `RouteCollection`, if you set something - e.g. a prefix or a default - and THEN add more routes, those options are not passed to those routes. This is by design, but not ideal for building routes (e.g. in the previous code example, the controllerClass would not be applied using the opposite logic, since it's set before adding the routes).
Thanks!
Commits
-------
15ba2e8 Fluid interface for building routes in PHP
This PR was merged into the 2.8 branch.
Discussion
----------
[CssSelector] synchronize tests for static and non-static API
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
Synchronizing the classes ensures that no tests are lost when the legacy
API is removed in #16020 for Symfony 3.0, thus mitigating the risk of
future regressions.
Commits
-------
2b29a40 synchronize tests for static and non-static API
Synchronizing the classes ensures that no tests are lost when the legacy
API is removed in #16020 for Symfony 3.0, thus mitigating the risk of
future regressions.
This PR was merged into the 2.8 branch.
Discussion
----------
[DomCrawler] fix deprecation triggers
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
On HHVM, the SplObjectStorage class performs calls to its method
internally. These method calls must not lead to triggered deprecation
notices.
Commits
-------
aca6bd9 [DomCrawler] fix deprecation triggers
This PR was merged into the 3.0-dev branch.
Discussion
----------
[HttpFoundation] removed the ParameterBag::get() deep argument
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
Commits
-------
317f7b4 [HttpFoundation] removed the ParameterBag::get() deep argument
This PR was merged into the 2.8 branch.
Discussion
----------
[Form] made the tests compatible with 3.0
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
Commits
-------
795da85 [Form] made the tests compatible with 3.0
* 2.8:
add dependency required by a replaced package
Add a way to group toolbar info pieces
Added general sf-toolbar-block-right class
Bind input before executing the COMMAND event
This PR was merged into the 2.8 branch.
Discussion
----------
[Security] add dependency required by a replaced package
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
Since #16007, the Security HTTP component requires the PropertyAccess
component to access nested parameter bag values. Since the Security
component replaces the Security HTTP component, all dependencies of the
replaced packages must be mirrored here.
Commits
-------
d7034db add dependency required by a replaced package
This PR was merged into the 2.8 branch.
Discussion
----------
[Console] Bind input before executing the COMMAND event
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #10695 (problem 1)
| License | MIT
| Doc PR | -
Previously, `$input` wasn't very usefull in the `console.command` event, as the input was not yet bound to the command definition.
With this PR, the input is now bound twice: Once before the event is dispatched (to make it usefull in the listeners) and once at the original location in `Command#run()` (to allow changing the input definition in an event listener).
Commits
-------
0af1676 Bind input before executing the COMMAND event
Since #16007, the Security HTTP component requires the PropertyAccess
component to access nested parameter bag values. Since the Security
component replaces the Security HTTP component, all dependencies of the
replaced packages must be mirrored here.
Make sure that all relevant information is passed to created crawlers.
To avoid future regressions, this commit backports the approach taken by
@stof in #15934 to have a single place in the class that is responsible
to create subcrawler instances.
This PR was merged into the 2.8 branch.
Discussion
----------
[VarDumper] Dump PHP+Twig code excerpts in backtraces
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | yes
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
ExceptionCaster::filterTrace() is deprecated and replaced by a more flexible backtrace processing that allows one to register casters for amending/changing dumped backtraces. This is especially useful for dumping source map information/excerpts (like e.g. twig template source).
Here is a comparison generated with this code snippet (see also the expected output in testThrowingCaster):
```php
namespace Symfony\Component\VarDumper\Caster;
require 'vendor/autoload.php';
function bar()
{
return foo();
}
function foo()
{
dump(new \Exception('baz'));
}
bar('aaaaarg');
```
Before:
![before](https://cloud.githubusercontent.com/assets/243674/9976794/88f0259a-5eef-11e5-81a8-3cb9b44cfb00.png)
After:
![after](https://cloud.githubusercontent.com/assets/243674/9976747/6bbac068-5eed-11e5-99dc-a4fd5d3172b5.png)
Commits
-------
89578f1 [VarDumper] Dump PHP+Twig code excerpts in backtraces
This PR was merged into the 2.8 branch.
Discussion
----------
[Config] Fix ArrayNode extra keys "ignore" and "remove" behaviors
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
Due to #14238 , no more exception is thrown when submitting extra keys to an `ArrayNode`.
For instance:
```php
$builder = new TreeBuilder();
$nodeDefinition = $builder->root('root')
->children()
->scalarNode('foo')
->end()
->end();
$node = $nodeDefinition->getNode(true);
$node->normalize(array(
'foo' => 'ok',
'bar' => 'ko',
));
```
will not throw a
> Symfony\Component\Config\Definition\Exception\InvalidConfigurationException: Unrecognized option "bar" under "root"`
anymore, as it does in 2.7.
I think the expected behavior is:
`Submitted data: ['bar' => 'ko']`
Ignore | Remove | Expected | OK | Comment
---------| ------------ | ------------- | ------ | ----------
true | true | `[ ]` | ✔︎ | Previous behavior when ignoring.
true | false | `['bar' => 'ko']` | ✔︎ | This is the result targeted by #14238.
false | true | exception | ✘ | Removing makes no sense when not ignoring extra keys. <br/>The exception should still be thrown.
false | false | exception | ✘ | Previous behavior (2.7). <br/>Should not have changed
Commits
-------
d961f7f [Config] Fix ArrayNode extra keys "ignore" and "remove" behaviors
* 2.8:
Remove profiler storages
deprecate finding deep items in request parameters
[CssSelector] updated README
[CssSelector] remove ConverterInterface
[DependencyInjection] improved a comment for reading fluency
[HttpKernel] change a class in tests to avoid depending on SQLite
[FrameworkBundle] Fix tests
[Bridge\Twig] Fix form lowest version
[ci] Display fastest results first when running tests in parallel
[Yaml] Improve newline handling in folded scalar blocks
* 2.7:
[DependencyInjection] improved a comment for reading fluency
[HttpKernel] change a class in tests to avoid depending on SQLite
[Bridge\Twig] Fix form lowest version
[ci] Display fastest results first when running tests in parallel
[Yaml] Improve newline handling in folded scalar blocks
* 2.3:
[DependencyInjection] improved a comment for reading fluency
[HttpKernel] change a class in tests to avoid depending on SQLite
[ci] Display fastest results first when running tests in parallel
[Yaml] Improve newline handling in folded scalar blocks
This PR was merged into the 2.8 branch.
Discussion
----------
[HttpFoundation] deprecate finding deep items in request parameters
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | yes
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
This is the same as #14203 but using the PropertyAccess component in the Security HTTP component to query nested request parameters and is rebased on the `2.8` branch.
Commits
-------
47fba88 deprecate finding deep items in request parameters
This PR was merged into the 2.3 branch.
Discussion
----------
[HttpKernel] change a class in tests to avoid depending on SQLite
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
Commits
-------
d6a7517 [HttpKernel] change a class in tests to avoid depending on SQLite
This PR was merged into the 2.3 branch.
Discussion
----------
[ci] Display fastest results first when running tests in parallel
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
Keeping order prevents seeing failures early as they happen. I propose to display tests results asap instead.
Best viewed with: https://github.com/symfony/symfony/pull/15993/files?w=1
Commits
-------
3d6c864 [ci] Display fastest results first when running tests in parallel
This PR was merged into the 2.3 branch.
Discussion
----------
remove api tags from code
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #15977
| License | MIT
| Doc PR | n/a
Commits
-------
f1c7c65 remove api tags from code
This PR was squashed before being merged into the 2.8 branch (closes#15964).
Discussion
----------
Symfony Console Style tweaks
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
This PR will contain some minor tweaks found while updating all the Symfony commands. Don't merge yet. Thanks!
Commits
-------
64e7b6f Symfony Console Style tweaks
This PR was squashed before being merged into the 3.0-dev branch (closes#15929).
Discussion
----------
[3.0][Config] Remove ResourceInterface::getResource() which was deprecated in 2.8
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | yes
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
Deprecated in #15719.
Commits
-------
7cef180 [3.0][Config] Remove ResourceInterface::getResource() which was deprecated in 2.8
This PR was merged into the 2.8 branch.
Discussion
----------
Add a non-static API for the CssSelector component
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | yes
| Tests pass? | yes
| Fixed tickets | #15850, #8404
| License | MIT
| Doc PR | todo
This implements a non-static API for the CssSelector component.
I decided to keep the static API too, as it is convenient when you just need a one-shot conversion (if you need lots of conversions, keeping a reference to the Converter and all its internal object graph may be faster than releasing it all the time and rebuilding it).
I deprecated the global state to choose between HTML and XML conversion. The static API would always enable the HTML extension in 3.0. Dealing with XML would be done by using the Converter class.
A second commit also tags all internal classes of the component as ``@internal``, as there is really no reason for a user to deal with them (btw, we already considered them fully internal in the past, as we broke BC on them in a patch release to fix memory performance of the component in the past).
TODOs:
- [x] Validate whether we keep the static facade to the component
- [ ] send a PR on the documentation to document this new API.
- [x] handle usage of the deprecated API in the DomCrawler testsuite
The DomCrawler component does not use the new API yet. I will do it in a separate PR, as distinguishing between HTML and XML modes for a crawler will be easier once I deprecate the possibility to load multiple documents (which I will do tomorrow).
Commits
-------
9e51279 [CssSelector] Tag all internal classes as internal ones
f4563c3 Add a non-static API for the CssSelector component
This PR was merged into the 2.8 branch.
Discussion
----------
[Security] fix tests for the `AbstractVoter` class
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #15961, #15968
| License | MIT
| Doc PR |
* The `LegacyAbstractVoterTest` class is not needed anymore, tests have
been moved to the `AbstractVoterTest` class tagging them with the
legacy group.
* Tests are applied on `stdClass` object instances. Thus, the legacy
voter fixture class must not support `AbstractVoterTest_Object`
instances, but support `stdClass` objects instead.
* Remove a test that checked for a `BadMethodCallException` being
thrown. This seems to have been added accidentally in #15961.
Commits
-------
9fe3b76 fix tests for the `AbstractVoter` class
This PR was merged into the 2.8 branch.
Discussion
----------
added logging of unused tags
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #11511, #11744
| License | MIT
| Doc PR | -
This is the same as #11744 but with some minor tweaks and some unit tests for the compiler pass.
Commits
-------
95c9f50 added some tests
d3271e1 missing tags in whitelist
f51fe4a [FrameworkBundle] [DependencyInjection] added logging of unused tags during container compilation
* The `LegacyAbstractVoterTest` class is not needed anymore, tests have
been moved to the `AbstractVoterTest` class tagging them with the
legacy group.
* Tests are applied on `stdClass` object instances. Thus, the legacy
voter fixture class must not support `AbstractVoterTest_Object`
instances, but support `stdClass` objects instead.
This PR was merged into the 3.0-dev branch.
Discussion
----------
use try-finally when possible
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | I hope
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
Found those with regex `catch \(\\Exception[^\}]+throw \$`
Commits
-------
49edef2 use try-finally when possible
This PR was merged into the 2.8 branch.
Discussion
----------
[2.8] [Ldap] Added support for LDAP (New Component + integration in the Security Component).
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | not yet
| Fixed tickets | -
| License | MIT
| Doc PR | not yet
Current state:
- [x] Implement logic
- [x] Post-review tuning and stabilization
- [x] Fix tests
This PR is a follow-up to #5189, which was in a stand-still for a few years now. It tries to fix the remaining issues which were mentioned in the discussion.
There are still a few issues with the PR, as it is. For example, it introduces two new firewall factories, whereas the base factories (`form_login` and `http_basic`) could simply introduce new configuration options.
Also, for a user to use an LDAP server as an authentication provider, he first needs to define a service which should be an instance of `Symfony\Component\Security\Ldap\Ldap`.
For example:
```yml
services:
my_ldap:
class: Symfony\Component\Security\Ldap\Ldap
arguments: [ "ldap.mydomain.tld" ]
```
Then, in `security.yml`, this service can be used in both the user provider and the firewalls:
```yml
security:
encoders:
Symfony\Component\Security\Core\User\User: plaintext
role_hierarchy:
ROLE_ADMIN: ROLE_USER
ROLE_SUPER_ADMIN: [ROLE_USER, ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH]
providers:
ldap_users:
ldap:
service: my_ldap
base_dn: dc=MyDomain,dc=tld
search_dn: CN=My User,OU=Users,DC=MyDomain,DC=tld
search_password: p455w0rd
filter: (sAMAccountName={username})
default_roles: ROLE_USER
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
demo_login:
pattern: ^/login$
security: false
api:
provider: ldap_users
stateless: true
pattern: ^/api
http_basic_ldap:
service: my_ldap
dn_string: "{username}@MYDOMAIN"
demo_secured_area:
provider: ldap_users
pattern: ^/
logout:
path: logout
target: login
form_login_ldap:
service: my_ldap
dn_string: CN={username},OU=Users,DC=MyDomain,DC=tld
check_path: login_check
login_path: login
```
Commits
-------
60b9f2e Implemented LDAP authentication and LDAP user provider
1c964b9 Introducing the LDAP component
* 2.8:
[Finder] simplified code
Fix tests in 2.8
[Validator] Sync polish translation file
Adding a class to make it easier to set custom authentication error messages
Readd the correct tests
This PR was squashed before being merged into the 2.3 branch (closes#15799).
Discussion
----------
[HttpFoundation] NativeSessionStorage `regenerate` method wrongly sets storage as started
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
This PR fixes an error when regenerating session IDs for non-active sessions.
Right now, the session is flagged as _started_, no matter if the session ID was successfully regenerated or not, making the storage [unable to _start the session_](6393ec3169/src/Symfony/Component/HttpFoundation/Session/Storage/NativeSessionStorage.php (L130-L132)) later on.
This also fixes a future error with PHP 7, which throws an error if a regeneration is attempted for non-active sessions.
```
session_regenerate_id(): Cannot regenerate session id - session is not active
```
Commits
-------
8e6ef9c [HttpFoundation] NativeSessionStorage method wrongly sets storage as started
This PR was merged into the 2.7 branch.
Discussion
----------
[property-access] Improvement for Accessing Reference Chain
Improve performance for the following scenarios:
- Example 1:
```php
$a = array(
'a' => array(
'b' => array(
'c' => 'old-value'
)
)
);
$pa->setValue($a, '[a][b][c]', 'new-value');
// The PropertyAccessor will try to set values for
// $a['a']['b']['c'], $a['a']['b'] and $a['a'],
// but in fact it may terminate the loop
// right after the value of $a[a][b][c] is set,
// because $a, $[a], $[a][b] and $[a][b][c]
// are all passed as reference - the reference chain is not broken.
```
- Example 2
```php
$b = array(
'a' => array(
'b' => array(
'c' => 'old-value'
)
)
)
$a = new Foo($b);
// In this example, the reference chain of $b is broken,
// because it's passed to $a.value as value
// But its elements are all passed as reference,
// so after setting the value for $b[a][b][c], there is no need
// to set value for $b[a][b] and $b[a]
$pa->setValue($a, 'value[a][b][c]', 'new-value');
```
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
Commits
-------
e24a798 [property-access] Improvement for Accessing Reference Chain
IBAN is an acronym. The term 'IBAN-Kontonummer' is redundant, since the 'AN' part (Account Number) already translates to 'Kontonummer'. It's like saying 'International Bank Account Number Account Number'.
"Fiş" is a correct translation for "token", however "bilet" is also used, I fixed that inconsistency. Moreover, "kimlik bilgileri" is a better translation for "credentials" than "girdiler". "Girdiler" is the translation of "inputs", so I fixed sentences with "credentials". "Hesap engellenmiş" is better than "Hesap devre dışı bırakılmış" for "Account is disabled.". "Digest nonce has expired" can be translated better as "Derleme zaman aşımına uğradı." because "Derleme zaman aşımı gerçekleşti" has a confirmation sense like user requested it to expire and it has expired.
References:
token: http://tureng.com/search/token (3rd entry)
credentials: http://www2.zargan.com/tr/q/credentials-ceviri-nedir (1st entry)
disable: http://tureng.com/search/disable (15th entry)
This PR was merged into the 2.8 branch.
Discussion
----------
Easier Custom Authentication errors
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | not yet
This makes failing authentication with a custom message much easier:
```php
throw CustomAuthenticationException::createWithSafeMessage(
'That was a ridiculous username'
);
// or
$e = new CustomAuthenticationException();
$e->setSafeMessage('That was a ridiculous username');
throw $e;
```
Currently, to do this, you'd need to create a new sub-class of `AuthenticationException`, which is way more work than it needs to be. The original design was so that all messages exposed are safe, which is why I've named the methods like I have.
Thanks!
Commits
-------
d7c1463 Adding a class to make it easier to set custom authentication error messages
This PR was merged into the 2.7 branch.
Discussion
----------
[Security] Improve AbstractVoter tests
Applying the improved tests from https://github.com/symfony/symfony/pull/15932 into the oldest possible branch.
Merge conflicts from 2.7 into 2.8 caused by this PR do not need to be done carefully, I'll create a new PR for 2.8 updating the tests as soon as these changes are merged up.
| Q | A
| ------------- | ---
| Fixed tickets | -
| License | MIT
Commits
-------
5ff741d Readd the correct tests
This PR was merged into the 2.8 branch.
Discussion
----------
[Console] don't rely on internal sort implementation om test
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #14894
| License | MIT
| Doc PR |
PHP does not guarantuee how array elements with the same value will be
sorted when applying `asort()`. Since all namespaces used in the test
produce the same Levenshtein value, we should only check for presence of
these namespaces instead of comparing the exact order.
Commits
-------
3011fa0 don't rely on internal sort implementation in test
PHP does not guarantuee how array elements with the same value will be
sorted when applying `asort()`. Since all namespaces used in the test
produce the same Levenshtein value, we should only check for presence of
these namespaces instead of comparing the exact order.
This PR was merged into the 2.3 branch.
Discussion
----------
[Console] Fix input validation when required arguments are missing
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #15505
| License | MIT
| Doc PR | -
The rule that was here in place previously only works when arguments are passed from command line, as in command line there is no way of skipping an argument. The rule does not work for arguments set on the Input after a command is run.
Commits
-------
4982b02 [Console] Add the command name to input arguments if it's missing
f12a4c1 [Console] Fix input validation when required arguments are missing
* 2.8: (28 commits)
Detect Mintty for color support on Windows
Detect Mintty for color support on Windows
[WebProfilerBundle] Fix search button click listener
[Form][Type Date/Time] added choice_translation_domain option.
Massively simplifying the BC and deprecated-throwing code thanks to suggestions by stof in #15870
Making all "debug" messages use the debug router
Making GuardTokenInterface extend TokenInterface
Updating behavior to not continue after an authenticator has set the response
Add a group for tests of the finder against the FTP server
Fix trigger_error calls
Fix legacy security tests
tweaking message related to configuration edge case that we want to be helpful with
Minor tweaks - lowering the required security-http requirement and nulling out a test field
Fix license headers
Fix license headers
Fix license headers
Ensure the ClockMock is loaded before using it in the testsuite
Allow serializer 3.0 in the PropertyInfo component
Add the replace rules for the security-guard component
Forbid serializing a Crawler
...
* 2.7:
Detect Mintty for color support on Windows
Detect Mintty for color support on Windows
Add a group for tests of the finder against the FTP server
Fix license headers
Forbid serializing a Crawler
Fix phpdoc block of NativeSessionStorage class
Added exception when setAutoInitialize is called when locked
[FrameworkBundle] Advanced search templates of bundles
[Security] Allow user providers to be defined in many files
Use random_bytes function if it is available for random number generation
Mintty is now the default terminal in GitBash, and it supports ANSI
colors without the need of ANSICON (it even supports 256 colors rather
than the 16 colors supported by ANSICON).
* 2.3:
Detect Mintty for color support on Windows
Add a group for tests of the finder against the FTP server
Fix license headers
Forbid serializing a Crawler
Fix phpdoc block of NativeSessionStorage class
Added exception when setAutoInitialize is called when locked
[FrameworkBundle] Advanced search templates of bundles
[Security] Allow user providers to be defined in many files
Use random_bytes function if it is available for random number generation
Mintty is now the default terminal in GitBash, and it supports ANSI
colors without the need of ANSICON (it even supports 256 colors rather
than the 16 colors supported by ANSICON).
This PR was merged into the 2.8 branch.
Discussion
----------
Updating behavior to not continue after an authenticator has set the response
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | https://github.com/symfony/symfony/pull/14673/files#r40492765
| License | MIT
| Doc PR | n/a
This mirrors the behavior in core: *if* a listener sets a response (on success or failure),
then the other listeners are not called. But if a response is *not* set
(which is sometimes the case for success, like in BasicAuthenticationListener),
then the other listeners are called, and can even fail.
It's all a bit of an edge-case, as only one authenticator (like authentication listener) would normally be doing any work on a request, but I think matching the other listeners (since I'm not aware of anyone having issues with its behavior) is best.
Commits
-------
5fa2684 Making all "debug" messages use the debug router
f403444 Updating behavior to not continue after an authenticator has set the response
This PR was merged into the 2.3 branch.
Discussion
----------
Add a group for tests of the finder against the FTP server
This allows to skip them easily when running the testsuite, as they represent a significant part of the testsuite time. These 2 tests together represent 42% of the execution time of the testsuite (all the time being spent connecting to the FTP server).
I also remove the usage of the data provider as a data provider with a single dataset (and used only partially) only makes tests harder to read. and does not save any duplication.
Commits
-------
51147e3 Add a group for tests of the finder against the FTP server
This PR was merged into the 2.8 branch.
Discussion
----------
Abstract voter tweaks
| Q | A
| ------------- | ---
| Bug fix? | yes (a little)
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
Based on suggestions from stof in #15870, this simplifies the BC and deprecation throwing code. This also adds a BadMethodCallException in case the user doesn't override `isGranted` *or* `voteOnAttribute`, because that's just plain wrong (as is calling `isGranted()` on the parent class directly, since that was formerly abstract).
Commits
-------
c03f5c2 Massively simplifying the BC and deprecated-throwing code thanks to suggestions by stof in #15870
This PR was merged into the 2.8 branch.
Discussion
----------
Making GuardTokenInterface extend TokenInterface
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #15884
| License | MIT
| Doc PR | n/a
See #15884
Commits
-------
7f04fbb Making GuardTokenInterface extend TokenInterface
This PR was merged into the 2.8 branch.
Discussion
----------
[Validator] Add Hungarian translation for the BIC constraint
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
Commits
-------
f26425b [Validator] Add Hungarian translation for the BIC constraint
This PR was merged into the 2.8 branch.
Discussion
----------
Guard minor tweaks
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
Various completely minor things, most from suggestions on #14673
Commits
-------
869d5a7 tweaking message related to configuration edge case that we want to be helpful with
da4758a Minor tweaks - lowering the required security-http requirement and nulling out a test field
This PR was merged into the 2.3 branch.
Discussion
----------
Forbid serializing a Crawler
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
Unserializing a Crawler instance creates DOM elements in an invalid state, making the Crawler unusable.
While working on #15849, I figured out that DomCrawler actually inherits ``Serializable`` from its ``SplObjectStorage`` parent, and so I tried to serialize and unserialize one. The answer is that it does not work. This is what happens when trying to call ``parents`` on it for instance:
```
Symfony\Component\DomCrawler\Crawler::parents(): Invalid State Error
```
Commits
-------
12733cb Forbid serializing a Crawler
This PR was merged into the 2.8 branch.
Discussion
----------
Allow serializer 3.0 in the PropertyInfo component
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
This makes the component consistent with other components.
Commits
-------
0d72411 Allow serializer 3.0 in the PropertyInfo component
This PR was merged into the 2.8 branch.
Discussion
----------
Add the replace rules for the security-guard component
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
The update of composer replacements was forgotten in #14673
Commits
-------
5ef8abc Add the replace rules for the security-guard component
This PR was squashed before being merged into the 2.8 branch (closes#15301).
Discussion
----------
[Form][Type Date/Time] added choice_translation_domain option.
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #15222 and #15298
| License | MIT
- [x] add test
Commits
-------
1f3af26 [Form][Type Date/Time] added choice_translation_domain option.
* 2.7:
Fix license headers
Ensure the ClockMock is loaded before using it in the testsuite
Fix with_minutes option in time widget
Fixed properties not explicitily declared
This PR was merged into the 2.7 branch.
Discussion
----------
Ensure the ClockMock is loaded before using it in the testsuite
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
The ``ProgressBarTest`` is passing in 2.7 and 2.8 on Travis only because the ``LegacyProgressHelperTest`` is running first, and so the clock mock is loaded. It would not pass when running it standalone. And the testsuite is currently broken in the master branch because LegacyProgressHelperTest is gone there, and so the clock mock was not loaded before the test.
Commits
-------
0e5aa0e Ensure the ClockMock is loaded before using it in the testsuite
This PR was merged into the 2.8 branch.
Discussion
----------
Fix legacy security tests
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
when merging legacy test classes together in #15893, use statements where not copied, making the tests fail.
Commits
-------
8b615bb Fix legacy security tests
This mirrors the behavior in core: *if* a listener sets a response (on success or failure),
then the other listeners are not called. But if a response is *not* set
(which is sometimes the case for success, like in BasicAuthenticationListener),
then the other listeners are called, and can even fail.
* 2.8:
[BrowserKit] Added isFollowingRedirects and getMaxRedirects methods
[PropertyInfo] Import the component
deprecated the Shell Console class
Deprecate ResourceInterface::getResource()
Merged LegacySecurityContext tests
[WebProfilerBundle] Added collapsed sidebar on small screens
This PR was merged into the 2.8 branch.
Discussion
----------
Deprecate ResourceInterface::getResource()
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | yes
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR | n/a
The return value of this method does not make sense if you do not exactly know about the type of resource at hand. For example, it may be [an array](b49fa129bd/src/Symfony/Component/HttpKernel/Config/EnvParametersResource.php (L57)) or a [file path](87800ae47e/src/Symfony/Component/Config/Resource/FileResource.php (L51)).
As all usages of getResource() within Symfony are in tests of particular Resource implementations anyway, deprecating and later removing this method helps us with simplifying the ResourceInterface (https://github.com/symfony/symfony/issues/7176).
Commits
-------
87c0c7d Deprecate ResourceInterface::getResource()
This PR was merged into the 2.7 branch.
Discussion
----------
Fixed properties not explicitily declared
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | n/a
| License | MIT
Commits
-------
d2b3fe4 Fixed properties not explicitily declared
This PR was squashed before being merged into the 2.8 branch (closes#15858).
Discussion
----------
[PropertyInfo] Import the component
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | symfony/symfony-docs#5717
As discussed with @fabpot (see #14844), this PR moves [dunglas/php-property-info](https://github.com/dunglas/php-property-info) under the Symfony umbrella.
Rationale behind this new component (extracted from README.md):
PHP doesn't support explicit type definition. This is annoying, especially when doing meta programming.
Various libraries including but not limited to Doctrine ORM and the Symfony Validator provide their own type managing
system.
This library extracts various information including the type and documentation from PHP class property from metadata of popular sources:
* Setter method with type hint
* PHPDoc DocBlock
* Doctrine ORM mapping (annotation, XML, YML or custom format)
* PHP 7 scalar typehint and return type
* Serializer metadata
**Usage:**
```php
<?php
// Use Composer autoload
require 'vendor/autoload.php';
use Doctrine\ORM\EntityManager;
use Doctrine\ORM\Tools\Setup;
use Doctrine\ORM\Mapping\Column;
use Doctrine\ORM\Mapping\Entity;
use Doctrine\ORM\Mapping\Id;
use Symfony\Component\PropertyInfo\Extractors\DoctrineExtractor;
use Symfony\Component\PropertyInfo\Extractors\PhpDocExtractor;
use Symfony\Component\PropertyInfo\Extractors\ReflectionExtractor;
use Symfony\Component\PropertyInfo\PropertyInfo;
/**
* @Entity
*/
class MyTestClass
{
/**
* @Id
* @Column(type="integer")
*/
public $id;
/**
* This is a date (short description).
*
* With a long description.
*
* @var \DateTime
*/
public $foo;
private $bar;
public function setBar(\SplFileInfo $bar)
{
$this->bar = $bar;
}
}
// Doctrine initialization (necessary only to use the Doctrine Extractor)
$config = Setup::createAnnotationMetadataConfiguration([__DIR__], true);
$entityManager = EntityManager::create([
'driver' => 'pdo_sqlite',
// ...
], $config);
$doctrineExtractor = new DoctrineExtractor($entityManager->getMetadataFactory());
$phpDocExtractor = new PhpDocExtractor();
$reflectionExtractor = new ReflectionExtractor();
$propertyInfo = new PropertyInfo(
array($reflectionExtractor),
array($doctrineExtractor, $phpDocExtractor, $reflectionExtractor),
array($phpDocExtractor),
array($reflectionExtractor)
);
var_dump($propertyInfo->getProperties('MyTestClass'));
var_dump($propertyInfo->getTypes('MyTestClass', 'foo'));
var_dump($propertyInfo->getTypes('MyTestClass', 'id'));
var_dump($propertyInfo->getTypes('MyTestClass', 'bar'));
var_dump($propertyInfo->isReadable('MyTestClass', 'id'));
var_dump($propertyInfo->isReadable('MyTestClass', 'bar'));
var_dump($propertyInfo->isWritable('MyTestClass', 'foo'));
var_dump($propertyInfo->isWritable('MyTestClass', 'bar'));
var_dump($propertyInfo->getShortDescription('MyTestClass', 'foo'));
var_dump($propertyInfo->getLongDescription('MyTestClass', 'foo'));
```
Output:
```
array(3) {
[0] =>
string(2) "id"
[1] =>
string(3) "foo"
[2] =>
string(3) "Bar"
}
array(1) {
[0] =>
class Symfony\Component\PropertyInfo\Type#36 (6) {
private $builtinType =>
string(6) "object"
private $nullable =>
bool(false)
private $class =>
string(8) "DateTime"
private $collection =>
bool(false)
private $collectionKeyType =>
NULL
private $collectionValueType =>
NULL
}
}
array(1) {
[0] =>
class Symfony\Component\PropertyInfo\Type#36 (6) {
private $builtinType =>
string(3) "int"
private $nullable =>
bool(false)
private $class =>
NULL
private $collection =>
bool(false)
private $collectionKeyType =>
NULL
private $collectionValueType =>
NULL
}
}
array(1) {
[0] =>
class Symfony\Component\PropertyInfo\Type#245 (6) {
private $builtinType =>
string(6) "object"
private $nullable =>
bool(false)
private $class =>
string(11) "SplFileInfo"
private $collection =>
bool(false)
private $collectionKeyType =>
NULL
private $collectionValueType =>
NULL
}
}
bool(true)
bool(false)
bool(true)
bool(true)
string(35) "This is a date (short description)."
string(24) "With a long description."
```
Commits
-------
f1eb185 [PropertyInfo] Import the component
This PR was merged into the 2.3 branch.
Discussion
----------
Use random_bytes function if it is available for random number generation
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #15239
| License | MIT
| Doc PR |
This is an attempt to use the random_bytes function when generating secure random numbers. This function is included in PHP 7 or through the "paragonie/random_compat" library.
This PR only adds support to use the function if it is available. Changes that can be added is to add a hard dependency on the paragonie/random_compat library, so all current functionality can be deprecated.
Commits
-------
6a217dc Use random_bytes function if it is available for random number generation
This PR was merged into the 2.8 branch.
Discussion
----------
Merged LegacySecurityContext tests
I've no idea why this test was introduced in the wrong namespace in 2.8, but I merged it in the correct test case now.
Commits
-------
2c4da3c Merged LegacySecurityContext tests
This PR was merged into the 2.8 branch.
Discussion
----------
deprecated the Shell Console class
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | yes
| Tests pass? | yes
| Fixed tickets | one of #11742
| License | MIT
| Doc PR | n/a
Commits
-------
1c17928 deprecated the Shell Console class
* 2.8: (23 commits)
[Validator] added BIC (SWIFT-BIC) validation constraint
[TwigBridge] Foundation form layout integration
[Security] Deprecated supportsAttribute and supportsClass methods
bumped Symfony version to 2.7.6
updated VERSION for 2.7.5
updated CHANGELOG for 2.7.5
bumped Symfony version to 2.3.34
updated VERSION for 2.3.33
update CONTRIBUTORS for 2.3.33
updated CHANGELOG for 2.3.33
[Console] Fix transient HHVM test
[OptionsResolver] Fix catched exception along the dependency tree mistakenly detects cyclic dependencies
fixed tests
[DI] Support deprecated definitions in decorators
[DI] Allow to change the deprecation message in Definition
[DI] Trigger a deprecated error on the container builder
[DI] Dump the deprecated status
[DI] Supports the deprecated tag in loaders
[DI] Add a deprecated status to definitions
Fixing test locations
...
This PR was squashed before being merged into the 2.8 branch (closes#15519).
Discussion
----------
[Validator] added BIC (SWIFT-BIC) validation constraint
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | none
| License | MIT
| Doc PR | https://github.com/symfony/symfony-docs/pull/5623
I've added the BIC validator, because we do often need validation for IBAN and BIC values. Since the IBAN validation was already included into Symfony, I was asking myself: why not contribute my BIC validator to the community? So here we go ...
It depends on ISO 9362 as described on [Wikipedia](https://en.wikipedia.org/wiki/ISO_9362#Structure). It validates the structure based on alphabetic/alphanumeric values and the value's length.
Todo-list:
- [x] submit changes to the documentation
Commits
-------
d6471b3 [Validator] added BIC (SWIFT-BIC) validation constraint
This PR was squashed before being merged into the 2.8 branch (closes#15151).
Discussion
----------
[Security] Deprecated supportsAttribute and supportsClass methods
These methods aren't used at all in a Symfony application and don't make sense to use in the application. They are only used internally in the voters. This means the voter interface can be made much easier.
I'm not sure how we do these deprecations, should we remove the methods from the interface now already? Also, I don't think it's possible to trigger deprecation notices for the voter methods?
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | yes
| Tests pass? | yes
| Fixed tickets | one of #11742
| License | MIT
| Doc PR | -
Abstract Voter
---
There is one remaining question about the abstract voter. This currently has abstract `getSupportedAttributes()` and `getSupportedClass()` methods. One of the reasons to remove the methods for the interface was that these methods are not flexible. Does it make sense to deprecate these methods as well and replace them by an abstract `protected vote(array $attributes, $class)` method in the `AbstractVoter` (which is called from `AbstractVoter#vote()`) ?
Commits
-------
6588708 [Security] Deprecated supportsAttribute and supportsClass methods
This PR was merged into the 2.8 branch.
Discussion
----------
Add support for deprecated definitions
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #14307
| License | MIT
| Doc PR | symfony/symfony-docs#5689
This add a sort of marker in the Definition of a service that marks it as "deprecated". This is useful when we have a bunch of service and a bunch of where it is used, and we need to track if there are any uses before removing it (in a later version or right now). I was not sure if the `trigger_error` would be enough, or if I should log them instead.
I'm first gathering some feedback, and then I'll try to update the doc.
I was not sure if it should target 2.8 or master (3.0) though.
What's left ?
==========
- [x] Make a POC
- [x] Gather some feedbacks
- [x] Dump the tag in XML, YAML and PHP
- [x] Load the definition from XML, YAML and PHP
- [x] Fix some forgotten things such as the key existence check
- [x] Work on inline services in the php dumper
- [x] Handle deprecations for decorators
- ~~Possibility to overwrite the deprecated flag in the decorators in `XmlFileLoader` ?~~ Nope, and this behavior is also ported to the `YamlFileLoader`.
Commits
-------
83f4e9c [DI] Support deprecated definitions in decorators
0b3d0a0 [DI] Allow to change the deprecation message in Definition
954247d [DI] Trigger a deprecated error on the container builder
2f37cb1 [DI] Dump the deprecated status
8f6c21c [DI] Supports the deprecated tag in loaders
4b6fab0 [DI] Add a deprecated status to definitions
* 2.7:
[Console] Fix transient HHVM test
[OptionsResolver] Fix catched exception along the dependency tree mistakenly detects cyclic dependencies
fixed tests
Fixing test locations
[VarDumper] Fix dump comparison on large arrays
[expression-language] Code Cleanup for GetAttrNode
This PR was merged into the 2.7 branch.
Discussion
----------
[VarDumper] Fix dump comparison on large arrays
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | N/A
| License | MIT
Commits
-------
6a6e7f3 [VarDumper] Fix dump comparison on large arrays
This PR was merged into the 2.7 branch.
Discussion
----------
Fixing security test locations
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | none
| License | MIT
| Doc PR | n/a
There were just missed on sha: 0601ed33c4 probably because there were on a different branch.
Cheers!
Commits
-------
16e09d3 Fixing test locations
This PR was squashed before being merged into the 2.8 branch (closes#14894).
Discussion
----------
[Console] Add domain exceptions to replace generic exceptions
Creates domain specific exception classes for the case where a user type an invalid command name or option name.
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #14873
| License | MIT
| Doc PR | N/A
TODO:
* [x] Replace `\InvalidArgumentException` by `Symfony\Component\Console\Exception\InvalidArgumentException`
* [x] Add `Symfony\Component\Console\Exception\ExceptionInterface`
Commits
-------
dd17dc0 [Console] Add domain exceptions to replace generic exceptions
This PR was squashed before being merged into the 2.8 branch (closes#15738).
Discussion
----------
Implement service-based Resource (cache) validation
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | yes
| Tests pass? | yes
| Fixed tickets | #7230, #15692, #7782
| License | MIT
| Doc PR | symfony/symfony-docs#5136
### Overview
Currently, any metadata passed to `ConfigCache` (namely implementations of `ResourceInterface`) is serialized to disk. When the `ConfigCache` is validated, the metadata is unserialized and queried through `ResourceInterface::isFresh()` to determine whether the cache is fresh. That way, `ResourceInterface` implementations cannot interact with services, for example a database connection.
This PR introduces the new concept of `ResourceCheckers`. Services implementing `ResourceCheckerInterface` can be tagged as `config_cache.resource_checker` with an optional priority.
Clients that wish to use `ConfigCache` can then obtain an instance from the `config_cache_factory` service (which implements `ConfigCacheFactoryInterface`). The factory will take care of injecting resource checkers into the `ConfigCache` instance so that they can be used for cache validation.
Checking cache metadata is easy for `ResourceCheckers`:
* First, the `ResourceCheckerInterface::supports()` implementation is passed the metadata object in question. If the checker cannot handle the type of resource passed, `supports()` should return `false`.
* Otherwise, the `ResourceCheckerInterface::isFresh()` method will be called and given the resource as well as the timestamp at which the cache was initialized. If that method returns `false`, the cache is considered stale. If it returns `true`, the resource is considered unchanged and will *not* be passed to any additional checkers.
### BC and migration path
This PR does not (intend to) break BC but it comes with deprecations. The main reason is that `ResourceInterface` contains an `isFresh()` method that does not make sense in the general case of resources.
Thus, `ResourceInterface::isFresh()` is marked as deprecated and should be removed in Symfony 3.0. Resource implementations that can (or wish to) be validated in that simple manner can implement the `SelfCheckingResourceInterface` sub-interface that still contains (and will keep) the `isFresh()` method. The change should be as simple as changing the `extends` list.
Apart from that, `ResourceInterface` will be kept as the base interface for resource implementations. It is used in several `@api` interfaces and thus cannot easily be substituted.
For the Symfony 2.x series, a `BCResourceInterfaceChecker` will be kept that performs validation through `ResourceInterface::isFresh()` but will trigger a deprecation warning. The remedy is to either implement a custom ResourceChecker with a priority higher than -1000; or to switch to the aforementioned `SelfCheckingResourceInterface` which is used at a priority of -990 (without deprecation warning).
The `ConfigCache` and `ConfigCacheFactory` classes can be used as previously but do not feature checker-based cache validation.
### Outlook and closing remarks:
This PR supersedes #7230, #15692 and works at least in parts towards the goal of #7176.
The `ResourceCheckerInterface`, `...ConfigCache` and `...ConfigCacheFactory` no longer need to be aware of the `debug` flag. The different validation rules applied previously are now just a matter of `ResourceChecker` configuration (i. e. "no checkers" in `prod`).
It might be possible to remove the `debug` flag from Symfony's `Router` and/or `Translator` classes in the future as well because it was only passed on to the `ConfigCache` there.
Commits
-------
20d3722 Implement service-based Resource (cache) validation
This PR was merged into the 2.7 branch.
Discussion
----------
[expression-language] Code Cleanup for GetAttrNode
Use ``$this->nodes['attribute']->attributes['value']`` to
replace ``$this->nodes['attribute']->evaluate($functions, $values)``
for method call and property call.
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
Commits
-------
166e175 [expression-language] Code Cleanup for GetAttrNode
* 2.8: (29 commits)
Updating AbstractVoter so that the method receives the TokenInterface
Adding the necessary files so that Guard can be its own installable component
Fix syntax in a test
Normalize the way we check versions
Avoid errors when generating the logout URL when there is no firewall key
Removing unnecessary override
fabbot
Adding a new exception and throwing it when the User changes
Fixing a bug where having an authentication failure would log you out.
Tweaks thanks to Wouter
Adding logging on this step and switching the order - not for any huge reason
Adding a base class to assist with form login authentication
Allowing for other authenticators to be checked
meaningless author and license changes
Adding missing factory registration
Thanks again fabbot!
A few more changes thanks to @iltar
Splitting the getting of the user and checking credentials into two steps
Tweaking docblock on interface thanks to @iltar
Adding periods at the end of exceptions, and changing one class name to LogicException thanks to @iltar
...
Conflicts:
UPGRADE-2.8.md
src/Symfony/Bridge/Twig/Tests/Node/DumpNodeTest.php
src/Symfony/Bundle/FrameworkBundle/Command/ServerCommand.php
src/Symfony/Component/Validator/Tests/Constraints/AbstractComparisonValidatorTestCase.php
src/Symfony/Component/Validator/Tests/Constraints/IdenticalToValidatorTest.php
src/Symfony/Component/Validator/Tests/Constraints/RangeValidatorTest.php
This PR was merged into the 2.8 branch.
Discussion
----------
New Guard Authentication System (e.g. putting the joy back into security)
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | at least partially: #14300, #11158, #11451, #10035, #10463, #8606, probably more
| License | MIT
| Doc PR | symfony/symfony-docs#5265
Hi guys!
Though it got much easier in 2.4 with `pre_auth`, authentication is a pain in Symfony. This introduces a new authentication provider called guard, with one goal in mind: put everything you need for *any* authentication system into one spot.
### How it works
With guard, you can perform custom authentication just by implementing the [GuardAuthenticatorInterface](https://github.com/weaverryan/symfony/blob/guard/src/Symfony/Component/Security/Guard/GuardAuthenticatorInterface.php) and registering it as a service. It has methods for every part of a custom authentication flow I can think of.
For a working example, see https://github.com/weaverryan/symfony-demo/tree/guard-auth. This uses 2 authenticators simultaneously, creating a system that handles [form login](https://github.com/weaverryan/symfony-demo/blob/guard-auth/src/AppBundle/Security/FormLoginAuthenticator.php) and [api token auth](https://github.com/weaverryan/symfony-demo/blob/guard-auth/src/AppBundle/Security/TokenAuthenticator.php) with a respectable amount of code. The [security.yml](https://github.com/weaverryan/symfony-demo/blob/guard-auth/app/config/security.yml) is also quite simple.
This also supports "manual login" without jumping through hoops: https://github.com/weaverryan/symfony-demo/blob/guard-auth/src/AppBundle/Controller/SecurityController.php#L45
I've also tested with "remember me" and "switch user" - no problems with either.
I hope you like it :).
### What's Needed
1) **Other Use-Cases?**: Please think about the code and try it. What use-cases are we *not* covering? I want Guard to be simple, but cover the 99.9% use-cases.
2) **Remember me** functionality cannot be triggered via manual login. That's true now, and it's not fixed, and it's tricky.
### Deprecations?
This is a new feature, so no deprecations. But, creating a login form with a guard authenticator is a whole heck of a lot easier to understand than `form_login` or even `simple_form`. In a perfect world, we'd either deprecate those or make them use "guard" internally so that we have just **one** way of performing authentication.
Thanks!
Commits
-------
a01ed35 Adding the necessary files so that Guard can be its own installable component
d763134 Removing unnecessary override
e353833 fabbot
dd485f4 Adding a new exception and throwing it when the User changes
302235e Fixing a bug where having an authentication failure would log you out.
396a162 Tweaks thanks to Wouter
c9d9430 Adding logging on this step and switching the order - not for any huge reason
31f9cae Adding a base class to assist with form login authentication
0501761 Allowing for other authenticators to be checked
293c8a1 meaningless author and license changes
81432f9 Adding missing factory registration
7a94994 Thanks again fabbot!
7de05be A few more changes thanks to @iltar
ffdbc66 Splitting the getting of the user and checking credentials into two steps
6edb9e1 Tweaking docblock on interface thanks to @iltar
d693721 Adding periods at the end of exceptions, and changing one class name to LogicException thanks to @iltar
eb158cb Updating interface method per suggestion - makes sense to me, Request is redundant
c73c32e Thanks fabbot!
6c180c7 Adding an edge case - this should not happen anyways
180e2c7 Properly handles "post auth" tokens that have become not authenticated
873ed28 Renaming the tokens to be clear they are "post" and "pre" auth - also adding an interface
a0bceb4 adding Guard tests
05af97c Initial commit (but after some polished work) of the new Guard authentication system
330aa7f Improving phpdoc on AuthenticationEntryPointInterface so people that implement this understand it