This PR was merged into the 3.4 branch.
Discussion
----------
[FrameworkBundle][Form] Fix XSS issues in the form theme of the PHP templating engine
Based on #88
Commits
-------
ab4d05358c Fix XSS issues in the form theme of the PHP templating engine
This PR was merged into the 3.4 branch.
Discussion
----------
[Security] Add a separator in the remember me cookie hash
Based on #89
Commits
-------
a29ce2817c [Security] Add a separator in the remember me cookie hash
This PR was merged into the 3.4 branch.
Discussion
----------
[HttpFoundation] reject invalid method override
Based on #86
Commits
-------
944e60f083 [HttpFoundation] reject invalid method override
* 3.4:
bumped Symfony version to 3.4.26
updated VERSION for 3.4.25
update CONTRIBUTORS for 3.4.25
updated CHANGELOG for 3.4.25
Workaround for \DateInterval::createFromDateString()
Missing Lithuanian translations added to validator component.
This PR was merged into the 3.4 branch.
Discussion
----------
[Form] Workaround for \DateInterval::createFromDateString()
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
This patch makes test `Symfony\Component\Form\Tests\Extension\Core\Type\DateIntervalTypeTest::testSubmitNullUsesDateEmptyData()` pass in PHP 7.2.17 and 7.3.4
PHP bug reference : https://bugs.php.net/bug.php?id=77896
See also : https://3v4l.org/sQjh2
Commits
-------
54247ec05f Workaround for \DateInterval::createFromDateString()
This PR was submitted for the master branch but it was merged into the 4.2 branch instead (closes#31047).
Discussion
----------
[DoctrineBridge] [DX] Update exception text in ManagerRegistry to avoid confusion.
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yesish <!-- don't forget to update src/**/CHANGELOG.md files -->
| BC breaks? | no <!-- see https://symfony.com/bc -->
| Deprecations? | no <!-- don't forget to update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| Tests pass? | yes <!-- please add some, will be required by reviewers -->
| Fixed tickets | #29659 <!-- #-prefixed issue number(s), if any -->
| License | MIT
| Doc PR |
<!--
Write a short README entry for your feature/bugfix here (replace this comment block.)
This will help people understand your PR and can be used as a start of the Doc PR.
Additionally:
- Bug fixes must be submitted against the lowest branch where they apply
(lowest branches are regularly merged to upper ones so they get the fixes too).
- Features and deprecations must be submitted against the master branch.
-->
Since the last PR was closed and the ticket is still open, taking it since it was already done by Nicolas in the comments.
Commits
-------
9ade232533 [DoctrineBridge] [DX] Update exception text in ManagerRegistry::resetService to avoid confusion.
This PR was submitted for the master branch but it was merged into the 3.4 branch instead (closes#31099).
Discussion
----------
Missing Lithuanian translations added.
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #
| License | MIT
| Doc PR | symfony/symfony-docs
Missing Lithuanian translations for validator component.
Commits
-------
1c9a9cd9e0 Missing Lithuanian translations added to validator component.
* 3.4:
Skip testing the phpunit-bridge on not-master branches when $deps is empty
more tests
[DI] Fixes: #28326 - Overriding services autowired by name under _defaults bind not working
This PR was merged into the 3.4 branch.
Discussion
----------
Skip testing the phpunit-bridge on not-master branches when $deps is empty
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
Tests are not in sync with the autoloaded code on these jobs.
The bridge is still tested on deps=low/high jobs + master
Commits
-------
b0ee192aaa Skip testing the phpunit-bridge on not-master branches when $deps is empty
This PR was merged into the 4.2 branch.
Discussion
----------
[DI] fix removing non-shared definition while inlining them
| Q | A
| ------------- | ---
| Branch? | 4.2
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #29628
| License | MIT
| Doc PR | -
I didn't manage to create a specific test case but this still has 100% coverage for the added lines and fixed the reproducer (and makes sense also :) )
Commits
-------
317e820694 [DI] fix removing non-shared definition while inlining them
This PR was merged into the 3.4 branch.
Discussion
----------
[DI] Overriding services autowired by name under _defaults bind not working
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #28326
| License | MIT
This is an implementation of ideas and suggestions of @nicolas-grekas and @GuilhemN.
Commits
-------
7e805eae2b more tests
35a40ace6f [DI] Fixes: #28326 - Overriding services autowired by name under _defaults bind not working
This PR was merged into the 4.2 branch.
Discussion
----------
[FrameworkBundle] Fix for Controller DEPRECATED when using composer --optimized
| Q | A |
| --- | --- |
| Branch? | 4.2 |
| Bug fix? | Yes |
| New feature? | No |
| BC breaks? | No |
| Deprecations? | No |
| Tests pass? | Yes |
| Fixed tickets | --- |
| License | MIT |
Using `composer --optimize-autoload` causes `console cache:clear` (without warmup) to give DEPRECATED error, that stays in profiler.
I moved `@trigger_error` from beggining of the file to Controller __consctruct method.
Commits
-------
2ae2fd800d [FrameworkBundle] Fix Controller deprecated when using composer --optimized
This PR was submitted for the 4.2 branch but it was merged into the 3.4 branch instead (closes#31076).
Discussion
----------
[HttpKernel] Fixed LoggerDataCollector crashing on empty file
| Q | A
| ------------- | ---
| Branch? | 4.2
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #31050
| License | MIT
This PR adds a check to the LoggerDataCollector if there's acutal some content in the log file.
Commits
-------
291c73a290 Catch empty deprecation.log silently (fixes#31050)
* 3.4:
minor: the meaning of the data breach was not correct
Optimize SVGs
property normalizer should also pass format and context to isAllowedAttribute
This PR was merged into the 3.4 branch.
Discussion
----------
Optimize SVGs
| Q | A
| ------------- | ---
| Branch? | 3.4 <!-- see below -->
| Bug fix? | yes
| New feature? | no <!-- don't forget to update src/**/CHANGELOG.md files -->
| BC breaks? | no <!-- see https://symfony.com/bc -->
| Deprecations? | no <!-- don't forget to update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| Tests pass? | yes <!-- please add some, will be required by reviewers -->
| Fixed tickets | / <!-- #-prefixed issue number(s), if any -->
| License | MIT
| Doc PR | / <!-- required for new features -->
Used [svgo](https://github.com/svg/svgo) to optimize the svgs. I kept the `viewBox` attribute to keep the aspects when SVGs are rescaled.
I also added `insert_final_newline = false` to the `.editorconfig` file because the newlines are removed from the SVGs and there's only one line left.
Commits
-------
4614cea9d2 Optimize SVGs
This PR was merged into the 3.4 branch.
Discussion
----------
property normalizer should also pass format and context to isAllowedAttribute
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | found while working on https://github.com/symfony/symfony/pull/30888
| License | MIT
| Doc PR | -
the context and format are optional parameters to `isAllowedAttribute`, but should be forwarded. due to this omission, the PropertyNormalizer was ignoring the 'attributes' context option (and does in version 4 also ignore the 'ignore_attributes' context option - that one is a property on the normalizer class in version 3 and therefore not ignored here)
Commits
-------
13e2fb735d property normalizer should also pass format and context to isAllowedAttribute
This PR was merged into the 4.2 branch.
Discussion
----------
CS Fixes: Not double split with one array argument
| Q | A
| ------------- | ---
| Branch? | 4.2
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | none
| License | MIT
| Doc PR | none
Fix for https://github.com/symfony/symfony/pull/31064#issuecomment-481760760
Commits
-------
93dabbc96a CS Fixes: Not double split with one array argument
Nicolas Grekas
Fabien Potencier
Tony Vermeiren
Yonel Ceruto
renanbr
Amrouche Hamza
Rokas Mikalkėnas
Przemysław Bogusz
Matthias Althaus