This PR was submitted for the 4.2 branch but it was squashed and merged into the 4.3 branch instead (closes#32455).
Discussion
----------
[HttpFoundation] Clear invalid session cookie
| Q | A
| ------------- | ---
| Branch? | 4.2 (actually maybe should also go to 3.4, see below)
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | TODO
| Fixed tickets |
| License | MIT
| Doc PR | not required
Currently, invalid session cookies are not cleaned up.
If the session is empty, the `AbstractSessionHandler::write()` destroys the session. If a new session has been started in the current process (meaning `session_start()` has sent the `Set-Cookie` header) then the `AbstractSessionHandler` will make sure this cookie is not sent to the client. If, however, `session_start()` did not send a cookie (meaning there was already a valid session ID in your request cookie), the `AbstractSessionHandler` will clear the session cookie (send a 0-lifetime cookie).
If, however, the request does contain a session ID cookie but it is not valid, `session_start()` will send a new cookie which is then again cleared by the `AbstractSessionHandler`. But it will not clear the old cookie sent by the request.
Here's a more complex example of what happens in the code flow when a user logs out and we regenerate a new session id for security reasons:
1. You have no `PHPSESSID` cookie yet.
2. You log into the system, you get a new `PHPSESSID` assigned. Let's go for session ID `1`.
3. You log out of the system, for security reasons you get session ID `2` regenerated.
4. The `AbstractSessionListener` pops in and calls `->save()` on your session handler.
5. The `NativeSessionStorage` calls the `StrictSessionHandler` (in fact the abstract parent, `AbstractSessionHandler`) which `write()`s the session data. In case the session data is empty, it will actually `destroy()` the session which means it will invalidate the session cookie. In that case, however, it won't send a 0-lifetime cookie because `$cookie = SessionUtils::popSessionCookie($this->sessionName, $sessionId);` will **not** return `null`. That is because after regeneration we actually do have a `Set-Cookie: PHPSESSID=2` header present.
6. This means, our `PHPSESSID=1` cookie is never deleted.
Why is this a problem?
Well, we have an invalid cookie that remains floating around forever. Loads of reverse proxies consider requests with cookies as being private and thus disable caching.
I'm not sure this is the correct fix here but it felt like the only place we can do this because it has to happen during or after `$session->save()`.
Looking for feedback first before we finish this with tests etc.
Regarding Symfony 3.4: Not sure how this is affected because there's not even a `SessionUtils` class so I'd prefer to leave that fix to somebody who feels more comfortable with that code base 😄
/cc @aschempp
Commits
-------
b22a7263b9 [HttpFoundation] Clear invalid session cookie
This PR was merged into the 3.4 branch.
Discussion
----------
[Serializer] Fix negative DateInterval
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #33052
| License | MIT
| Doc PR | NA
This PR adds support for negative and signed DateInterval
Commits
-------
abb8a676ba Fix negative DateInterval
This PR was merged into the 4.3 branch.
Discussion
----------
[VarDumper] Fix test patern to handle callstack with/without return typehint
| Q | A
| ------------- | ---
| Branch? | 4.3
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #32844
| License | MIT
| Doc PR | NA
The TestCase::tearDownAfterClass methods does not always have the same signature which change the output of the reflection. This use another methods for testing
Commits
-------
feaadd1c0b Fix tst patern to handle callstack with/without return typehint
This PR was merged into the 3.4 branch.
Discussion
----------
Replace warning by isolated test
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #32844
| License | MIT
| Doc PR | symfony/symfony-docs#... <!-- required for new features -->
Failing test introduced in PHP 7.4 (fatal error) were skiped with a warning exception.
This PR un tests is isolated process in order to correctly flag the test without stoping the test suite.
I kept a comment to the original bug in order to easily remove theme
Commits
-------
9c45a8e093 Replace warning by isolated test
This PR was merged into the 3.4 branch.
Discussion
----------
[HttpKernel] Fix s-maxage=3 transient test
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | NA
| License | MIT
| Doc PR | NA
sometime the http server returns a `s-maxage=3` header (https://travis-ci.org/symfony/symfony/jobs/569326531)
This PR fixes tests to allow both 2 and 3
Commits
-------
f019b5214d Fix s-maxage=3 transient test
This PR was squashed before being merged into the 3.4 branch (closes#32800).
Discussion
----------
Improve some URLs
| Q | A
| ------------- | ---
| Branch? | 3.4 <!-- see below -->
| Bug fix? | no
| New feature? | no <!-- please update src/**/CHANGELOG.md files -->
| BC breaks? | no <!-- see https://symfony.com/bc -->
| Deprecations? | no <!-- please update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| Tests pass? | yes <!-- please add some, will be required by reviewers -->
| Fixed tickets | N/A <!-- #-prefixed issue number(s), if any -->
| License | MIT
| Doc PR | N/A <!-- required for new features -->
<!--
Replace this notice by a short README for your feature/bugfix. This will help people
understand your PR and can be used as a start for the documentation.
Additionally (see https://symfony.com/roadmap):
- Bug fixes must be submitted against the lowest maintained branch where they apply
(lowest branches are regularly merged to upper ones so they get the fixes too).
- Features and deprecations must be submitted against branch 4.4.
- Legacy code removals go to the master branch.
-->
Commits
-------
fab17a4487 Improve some URLs
This PR was merged into the 3.4 branch.
Discussion
----------
[FrameworkBundle][TwigBridge] Fix test compatibility with 4.x components
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | NA
| License | MIT
| Doc PR | NA
our symfony Tests extends other component's tests. By being compatible with symfony 4.x we now extends class that have return type signature which is not doable in branch 3.4 because of support of php 5.5. (see https://travis-ci.org/symfony/symfony/jobs/569345176)
This PR replaces setup and teardown by `@after` and `@before` annotation in order to keep the same behavior and compatibility
Commits
-------
bb3cb64e64 Fix test compatibility with 4.x components
This PR was merged into the 4.3 branch.
Discussion
----------
Fix deprecations on 4.3
| Q | A
| ------------- | ---
| Branch? | 4.3
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #32844
| License | MIT
| Doc PR | NA
Fix deprecations in branch 4.3
note: remaining deprecation `assertStringContainsString` will be fixed in #32977
* [ ] fix tests in branch 3.4 in #32981
Commits
-------
8fd16a6bee Fix deprecation on 4.3
This PR was merged into the 4.3 branch.
Discussion
----------
Disable typehint patch on PHPUnit
| Q | A
| ------------- | ---
| Branch? | 4.3
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #32844
| License | MIT
| Doc PR | NA
This PR removes the `SYMFONY_PHPUNIT_REMOVE_RETURN_TYPEHINT` patch and adds a `: void` typehint on `setup` and `tearDown` methods in order to be compatible with PHPUnit 8
Commits
-------
a5af6c4cd7 Disable phpunit typehint patch on 4.3 branch
This PR was merged into the 4.3 branch.
Discussion
----------
Make HttpClientTestCase compatible with PHPUnit8
| Q | A
| ------------- | ---
| Branch? | 4.3
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #32844
| License | MIT
| Doc PR | NA
the abstract class `HttpClientTestCase` may be extends by end user and execute by both PHPUnit 8 and bellow. Adding a return typehint on it will force all users extending it to add it too and would be a BC Break.
Note. I don't know how to trigger a deprecation here and help user to add it.
Commits
-------
55daf15353 Fix compatibility with PHPUnit 8
* 3.4:
consistently throw NotSupportException
[HttpKernel] Clarify error handler restoring process again
[Intl] fix nullable phpdocs and useless method visibility of internal class
Resilience against file_get_contents() race conditions.
This PR was merged into the 3.4 branch.
Discussion
----------
[Intl] fix nullable phpdocs and useless method visibility of internal class
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | no <!-- please update src/**/CHANGELOG.md files -->
| BC breaks? | no <!-- see https://symfony.com/bc -->
| Deprecations? | no <!-- please update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| Tests pass? | yes <!-- please add some, will be required by reviewers -->
| Fixed tickets |
| License | MIT
| Doc PR |
Fix stuff found in #32525
Commits
-------
63b71b5ade [Intl] fix nullable phpdocs and useless method visibility of internal class
This PR was merged into the 3.4 branch.
Discussion
----------
[HttpKernel] Clarify error handler restoring process again
| Q | A
| ------------- | ---
| Branch? | 4.3
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |https://github.com/symfony/symfony/issues/33024
| License | MIT
| Doc PR | -
Commits
-------
4ee54f0e84 [HttpKernel] Clarify error handler restoring process again
This PR was merged into the 3.4 branch.
Discussion
----------
[FrameworkBundle][Config] Ignore exceptions thrown during reflection classes autoload
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | https://github.com/symfony/symfony/issues/32499 with PHP 7.3+
| License | MIT
| Doc PR | -
The behavior when an exception is thrown in a class loader changed in PHP 7.3 (cf https://3v4l.org/OQPk9). That means that the `throwOnRequiredClass` trick that is done in the parent class of these cache warmers (`AbstractPhpFileCacheWarmer`) does not work anymore with PHP7.3+.
Commits
-------
dbd9b75d86 [FrameworkBundle][Config] Ignore exeptions thrown during reflection classes autoload
This PR was merged into the 3.4 branch.
Discussion
----------
Fix some return type annotations
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | N/A
| License | MIT
| Doc PR | N/A
This PR fixed some incorrect return type declarations I discovered while working on #32993.
Commits
-------
0a78dc0f6f Fix some return type annotations.
This PR was merged into the 4.3 branch.
Discussion
----------
[TwigBridge] pass translation parameters to the trans filter
| Q | A
| ------------- | ---
| Branch? | 4.3
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
This was reported by @voltel on the Symfony Slack.
Commits
-------
daac024057 pass translation parameters to the trans filter
This PR was merged into the 3.4 branch.
Discussion
----------
Fix inconsistent return points
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #17201 (partly)
| License | MIT
| Doc PR | N/A
This PR fixes some inconsistent return points I've discovered while working on #32993. Adding return types made fixing these inconsistencies necessary, see also [this comment](https://github.com/symfony/symfony/issues/17201#issuecomment-519038719).
Commits
-------
1a83f9beed Fix inconsistent return points.
This PR was squashed before being merged into the 4.3 branch (closes#32986).
Discussion
----------
[Mime] fixed wrong mimetype
| Q | A
| ------------- | ---
| Branch? | 4.3
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #32816
| License | MIT
When creating a datapart from an odt file (and some other extensions), the explode function for the picked mimetype gives a wrong result since there's no `application/` prefix for the first mimetype of this extension.
In this PR, all mimetypes without a prefix are removed.
Commits
-------
e1722c529a [Mime] fixed wrong mimetype
