* 2.7:
[TwigBridge] removed deprecations added in Twig 1.27
PHP CS Fixer: use php_unit_dedicate_assert
fixed Filesystem:makePathRelative and added 2 more testcases
no 304 response if method is not cacheable
move tags from decorated to decorating service
* 2.7:
Fixed expectedException annotations
Security and validators messages translation to Latvian
[Form] FormView->isRendered() remove dead code and simplify the flow
* 2.7:
[Form] Fix typo in doc comment
[Config] Handle open_basedir restrictions in FileLocator
[bugfix] [Console] Set `Input::$interactive` to `false` when command is executed with `--quiet` as verbosity level
Use JSON_UNESCAPED_SLASHES for lint commands output
Fixed collapsed ChoiceType options attributes
Fixed the nullable support for php 7.1 and below
* 2.7:
[travis/appveyor] Wire simple-phpunit
[Console] fixed PHP7 Errors are now handled and converted to Exceptions
Fix#19721
bumped Symfony version to 2.7.19
updated VERSION for 2.7.18
update CONTRIBUTORS for 2.7.18
updated CHANGELOG for 2.7.18
[Security] Optimize RoleHierarchy's buildRoleMap method
* 2.7:
[FrameworkBundle] Fix Incorrect line break in exception message (500 debug page)
Minor cleanups and improvements
[form] lazy trans `post_max_size_message`.
[DI] Fix setting synthetic services on ContainerBuilder
[ClassLoader] Fix ClassCollectionLoader inlining with declare(strict_types=1)
* 2.7:
[FrameworkBundle] Check for class existence before is_subclass_of
Update GroupSequence.php
Code enhancement and cleanup
[DI] Add anti-regression test
Revert "minor #19689 [DI] Cleanup array_key_exists (ro0NL)"
[BrowserKit] Fix cookie expiration on 32 bit systems
bumped Symfony version to 2.7.18
updated VERSION for 2.7.17
update CONTRIBUTORS for 2.7.17
updated CHANGELOG for 2.7.17
Update misleading comment about RFC4627
* 2.7:
[VarDumper] Various minor fixes & cleanups
Revert "bug #18935 [Form] Consider a violation even if the form is not submitted (egeloen)"
[HttpKernel] Add missing SsiFragmentRendererTest
Fixes the calendar in constructor to handle null
* 2.7:
[Routing] Add missing options in docblock
[VarDumper] Fix dumping continuations
[HttpFoundation] fixed Request::getContent() reusage bug
[Form] Skip CSRF validation on form when POST max size is exceeded
Enhance the phpDoc return types so IDEs can handle the configuration tree.
fixes
Remove 3.0 from branch suggestions for fixes in PR template
[Process] Strengthen Windows pipe files opening (again...)
Fix#19531 [Form] DateType fails parsing when midnight is not a valid time
This PR was squashed before being merged into the 2.7 branch (closes#19373).
Discussion
----------
[Form] Skip CSRF validation on form when POST max size is exceeded
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #19140
| License | MIT
| Doc PR | N/A
In #19140 the CSRF validation listener was not aware that the POST max size had exceeded, and was adding a form error message that wasn't relevant to the actual error.
This introduces the `ServerParams` utility class into the `CsrfValidationListener` and checks that the POST max size has not been exceeded. If it has then it won't bother trying to validate the CSRF token.
My main concern with this change is that it opens up an attack vector around tokens, but I've encapsulated the request size validation in a single method in `ServerParams` now so that the request handlers are using the same logic.
Commits
-------
289531f [Form] Skip CSRF validation on form when POST max size is exceeded
* 2.7:
[Console] Application update PHPDoc of add and register methods
[Config] Extra tests for Config component
Fixed bugs in names of classes and methods.
[DoctrineBridge] Fixed php doc
[FrameworkBundle] Fixed parameters number mismatch declaration
[BrowserKit] Added test for followRedirect method (POST method)
Fix the money form type render with Bootstrap3
[BrowserKit] Uppercase the "GET" method in redirects
[WebProfilerBundle] Fixed JSDoc parameter definition
[HttpFoundation] HttpCache refresh stale responses containing an ETag
Conflicts:
src/Symfony/Component/BrowserKit/Tests/ClientTest.php
src/Symfony/Component/Security/Acl/Resources/bin/generateSql.php
* 2.7:
[HttpKernel] fixed internal subrequests having an if-modified-since-header
[Validator] Added additional MasterCard range to the CardSchemeValidator
Make the exception message more clear.
[Form] fixed bug - name in ButtonBuilder
[ClassLoader] Fix declared classes being computed when not needed
* 2.7:
removed @since
Remove and change unrelevant comments in Validator and Security components.
[Validator] UuidValidator must accept a Uuid constraint.
[Validator] make UuidValidator class formatting consistent.
This PR was merged into the 2.7 branch.
Discussion
----------
removed dots at the end of @param and @return
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
For phpdocs, we only add dots for sentences like description, but not for @param and @return for instance. This PR fixes this issue.
This should probably be added to PHP-CS-Fixer as well (/cc @phansys @keradus).
Commits
-------
554303e removed dots at the end of @param and @return
* 2.7:
[CS] Respect PSR2 4.2
[Form] fix `empty_data` option in expanded `ChoiceType`
[Console] removed unneeded private methods
sync min email validator version
[TwigBridge] Fix inconsistency in LintCommand help
explicitly forbid e-mail validator 2.0 or higher
Fixed SymfonyQuestionHelper multi-choice with defaults
[DoctrineBridge] Don't use object IDs in DoctrineChoiceLoader when passing a value closure
Differentiate between the first time a progress bar is displayed and subsequent times
finished previous commit
No more exception for malformed input name
fix post_max_size_message translation
[Process] Fix pipes cleaning on Windows
Avoid phpunit 5.4 warnings on getMock
[Form] Add exception to FormRenderer about non-unique block names
[Form] Consider a violation even if the form is not submitted
This PR was merged into the 2.7 branch.
Discussion
----------
[Form] Consider a violation even if the form is not submitted
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | yes (only for the behavior)
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #11493
| License | MIT
| Doc PR |
Hey!
I'm currently implementing an API using the form component in order to validate the payload sent (in conjonction with the FOSRestBundle). Unfortunatelly, we dig into an issue about the PATCH request which don't map some of our validation rules to the form. Basically, the violations are lost in the middle of the process.
### Use case
We have an entity with the following fields "type", "image" & "video". The field "type"can be either "default", "image" or "video" and then accordingly we use the appropriate field (none for the "default" type, video for the "video" type and image for the "image" type. Then, in our form, we change the validation groups according to our entity type in order to make the "image" field mandatory if the type is "image" and the same for the video field if the type is "video".
### Current behavior
The current behavior (since 2.5) seems to not propages a violation to a form if this form is not submitted but in our use case, changing the field "type" via a PATCH request triggers some new validation which should be reported to end user (inform that a field (video or image) is missing in the PATCH request).
### Expected behavior
The current behavior was introduced in #10567 but IMO, this update is a bug as suggested by @webmozart in https://github.com/symfony/symfony/issues/11493#issuecomment-59549054 Instead, the form component should still map validation errors to the form even if the field was not submitted. If the initial data is not valid, then your initial data was buggy from the beginning but the form should not accept it and instead of silently ignoring the errors, end users should be informed and fix it.
WDYT?
Commits
-------
c483a0f [Form] Consider a violation even if the form is not submitted
* 2.7:
fixed CS
tweaked default CS fixer config
[HttpKernel] Dont close the output stream in debug
move HttpKernel component to require section
Fixed oci and sqlsrv merge queries when emulation is disabled - fixes#17284
[Session] fix PDO transaction aborted under PostgreSQL
[Console] Use InputInterface inherited doc as possible
add docblock type elements to support newly added IteratorAggregate::getIterator PhpStorm support
FormBuilderInterface: fix getForm() return type.
Fixed typo in PHPDoc
This PR was merged into the 2.7 branch.
Discussion
----------
FormBuilderInterface: fix getForm() return type.
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
FormBuilderInterface->getForm() should depend on abstractions and
not implementations as a return type.
Commits
-------
3fa081c FormBuilderInterface: fix getForm() return type.
This PR was merged into the 2.7 branch.
Discussion
----------
add docblock type elements to support newly added IteratorAggregate::getIterator PhpStorm support
| Q | A
| ------------- | ---
| Branch | 2.7
| Bug fix | no
| New feature | no
| BC breaks | no
| Deprecations | no
| Tests pass | yes
| License | MIT
In additional to #16965 PhpStorm supports `IteratorAggregate::getIterator` now. see https://blog.jetbrains.com/phpstorm/2016/06/phpstorm-2016-2-eap-162-844/
example
```
$collection = new \Symfony\Component\Routing\RouteCollection();
foreach ($collection as $route) {
$route->getHost();
}
```
Commits
-------
ede3556 add docblock type elements to support newly added IteratorAggregate::getIterator PhpStorm support
* 2.7:
[HttpFoundation] Fix UPSERT for PgSql >= 9.5
[Form] fixed DateTime transformers
[PropertyAccess][DX] Enhance exception that say that some methods are missing if they don't
* 2.7:
[HttpFoundation] Use UPSERT for sessions stored in PgSql >= 9.5
[Console] fixed PHPDoc
[travis] HHVM 3.12 LTS
Fix feature detection for IE
[Form] Fixed collapsed choice attributes
[Console] added explanation of messages usage in a progress bar
force enabling the external XML entity loaders
[Yaml] properly count skipped comment lines
Conflicts:
src/Symfony/Component/Translation/Loader/XliffFileLoader.php
* 2.7:
`@throws` annotations should go after `@return`
Fix merge
updated VERSION for 2.3.42
update CONTRIBUTORS for 2.3.42
updated CHANGELOG for 2.3.42
Revert "bug #18908 [DependencyInjection] force enabling the external XML entity loaders (xabbuh)"
Partial revert of previous PR
[DependencyInjection] Skip deep reference check for 'service_container'
Catch \Throwable
[Serializer] Add missing @throws annotations
Fix for #18843
force enabling the external XML entity loaders
Removed UTC specification with timestamp
Conflicts:
src/Symfony/Component/DependencyInjection/Tests/Dumper/PhpDumperTest.php
src/Symfony/Component/Finder/Finder.php
src/Symfony/Component/Security/Acl/Dbal/MutableAclProvider.php
src/Symfony/Component/Security/Acl/Domain/ObjectIdentity.php
src/Symfony/Component/Security/Acl/Model/AclInterface.php
src/Symfony/Component/Security/Acl/Model/MutableAclProviderInterface.php
src/Symfony/Component/Security/Acl/Permission/MaskBuilder.php
src/Symfony/Component/Translation/Loader/XliffFileLoader.php
src/Symfony/Component/Yaml/Tests/InlineTest.php
* 2.3:
updated VERSION for 2.3.42
update CONTRIBUTORS for 2.3.42
updated CHANGELOG for 2.3.42
Revert "bug #18908 [DependencyInjection] force enabling the external XML entity loaders (xabbuh)"
Partial revert of previous PR
[DependencyInjection] Skip deep reference check for 'service_container'
Catch \Throwable
[Serializer] Add missing @throws annotations
Fix for #18843
force enabling the external XML entity loaders
Removed UTC specification with timestamp
* 2.7:
Fix computation of PR diffs for component matrix lines
[BUG] Delete class 'control-group' in bootstrap 3
[2.8] [Form] Modified iterator_to_array's 2nd parameter to false in ViolationMapper
* 2.7:
added missing constant in Response
Update HTTP statuses list
[Console][#18619] Prevent fatal error when calling Command#getHelper() without helperSet
added StaticVerionStrategyTest
Add SplFileInfo array doc on Finder iterator methods so that IDE will know what it returns
[2.3] [Form] Modified iterator_to_array's 2nd parameter to false in ViolationMapper
Updated the link to the list of currency codes
[console][table] adjust width of colspanned cell.
* 2.3:
Update HTTP statuses list
[Console][#18619] Prevent fatal error when calling Command#getHelper() without helperSet
Add SplFileInfo array doc on Finder iterator methods so that IDE will know what it returns
[2.3] [Form] Modified iterator_to_array's 2nd parameter to false in ViolationMapper
Updated the link to the list of currency codes
fixes#14712 and #17789.
`ChoiceType` now always use `ChoiceToValueTransformer` or
`ChoicesToValuesTransformer` depending on `multiple` option.
Hence `CheckboxListMapper` and `RadioListMapper` don’t handle
the transformation anymore.
Fixes pre selection of choice with model values such as `null`,
`false` or empty string.
* reference form type by its FQCN instead of its string name
* use the `entry_type` and `entry_options` options instead of the
deprecated `type` and `options` options
* 2.7:
[HttpFoundation] Improve phpdoc
[Logging] Add support for firefox in ChromePhpHandler
Windows 10 version check in just one line
Detect CLI color support for Windows 10 build 10586
[Security] Fixed SwitchUserListener when exiting an impersonication with AnonymousToken
[EventDispatcher] Try first if the event is Stopped
[FrameworkBundle] fixes grammar in container:debug command manual.
[Form] fix "prototype" not required when parent form is not required
* 2.3:
[HttpFoundation] Improve phpdoc
[Logging] Add support for firefox in ChromePhpHandler
[Security] Fixed SwitchUserListener when exiting an impersonication with AnonymousToken
[Form] fix "prototype" not required when parent form is not required
* 2.7:
[travis] Disable hirak/prestissimo for deps=low/high tests
[HttpFoundation] fix phpdoc of UploadedFile
Lower complexity of Form:isValid()
skipped dns-sensitive tests when DnsMock is not found
[FrameworkBundle] Return the invokable service if its name is the class name
[ci] Skip dns-sensitive tests when DnsMock is not found
Exclude Bridge\PhpUnit from composer.json by default
fixed CS
Optimize ReplaceAliasByActualDefinitionPass
[Process] use __METHOD__ where applicable
[Routing] Don't needlessly execute strtr's as they are fairly expensive
* 2.7:
[Process] Fix stream_select priority when writing to stdin
[Form] NumberToLocalizedStringTransformer should return floats when possible
[Form] remove useless code in ChoiceType
[DependencyInjection] Enabled alias for service_container
Conflicts:
src/Symfony/Component/Form/Extension/Core/DataTransformer/NumberToLocalizedStringTransformer.php
* 2.3:
[Form] NumberToLocalizedStringTransformer should return floats when possible
[DependencyInjection] Enabled alias for service_container
Conflicts:
src/Symfony/Component/DependencyInjection/Tests/Compiler/ReplaceAliasByActualDefinitionPassTest.php
* 2.7:
[ci] Get ICU/intl from github instead of nebm.ist.utl.pt/~glopes
[Debug] Fix case sensitivity checks
[Debug] Fix handling of php7 throwables
fix high deps tests
[Process] remove dead code
[WebProfilerBundle] Add missing use statement.
[ClassLoader] Fix storing not-found classes in APC cache
[Form] cs fixes in date types
[phpunit] disable prophecy
* 2.3:
[ci] Get ICU/intl from github instead of nebm.ist.utl.pt/~glopes
[Debug] Fix handling of php7 throwables
[Process] remove dead code
[ClassLoader] Fix storing not-found classes in APC cache
[Form] cs fixes in date types
`ChoiceListFactoryInterface` expected `$group_by` to be a callable or
null not an array.
The factory defaults `group_by` to
`ChoiceListInterface::getStructuredValues`.
* check for existance of `setMetadataFactory()` method (this is needed
for tests run with deps=high as the method was removed in Symfony
3.0)
* fix mock testing the `EngineInterface` as the `stream()` method cannot
be mocked when it is does not exist in the mocked interface