* 3.1:
Fixed BC Layer in DoctrineChoiceLoader
[HttpKernel] Add listener that checks when request has both Forwarded and X-Forwarded-For
[HttpKernel] Move conflicting origin IPs handling to catch block
[travis] Fix deps=low/high patching
Fixed some issues of the AccessDecisionManager profiler
[DoctrineBridge] fixed default parameter value in UniqueEntityValidator
* 3.0:
[HttpKernel] Add listener that checks when request has both Forwarded and X-Forwarded-For
[HttpKernel] Move conflicting origin IPs handling to catch block
[travis] Fix deps=low/high patching
* 2.8:
[HttpKernel] Add listener that checks when request has both Forwarded and X-Forwarded-For
[HttpKernel] Move conflicting origin IPs handling to catch block
[travis] Fix deps=low/high patching
* 2.7:
[HttpKernel] Add listener that checks when request has both Forwarded and X-Forwarded-For
[HttpKernel] Move conflicting origin IPs handling to catch block
[travis] Fix deps=low/high patching
This PR was squashed before being merged into the 2.7 branch (closes#18688).
Discussion
----------
[HttpFoundation] Warning when request has both Forwarded and X-Forwarded-For
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR | symfony/symfony-docs#6526
Emit a warning when a request has both a trusted Forwarded header and a trusted X-Forwarded-For header, as this is most likely a misconfiguration which causes security issues.
Commits
-------
ee8842f [HttpFoundation] Warning when request has both Forwarded and X-Forwarded-For
* 3.1:
fixed CS
fixed CS
fixed CS
fixed form tests
[Console] Fix formatting of SymfonyStyle::comment()
[Form] fix post max size translation type extension for >= 2.8
[Security] Allow LDAP loadUser override
removed dots at the end of @param and @return
fixed typo
* 3.0:
fixed CS
fixed CS
fixed form tests
[Console] Fix formatting of SymfonyStyle::comment()
[Form] fix post max size translation type extension for >= 2.8
removed dots at the end of @param and @return
fixed typo
* 2.8:
fixed CS
fixed form tests
[Console] Fix formatting of SymfonyStyle::comment()
[Form] fix post max size translation type extension for >= 2.8
removed dots at the end of @param and @return
fixed typo
* 3.1:
[CS] Respect PSR2 4.2
[Form] fix `empty_data` option in expanded `ChoiceType`
[Console] removed unneeded private methods
updated Http-Kernel dependency
[Security] [Guard] Improve comment with working example
sync min email validator version
[TwigBridge] Fix inconsistency in LintCommand help
explicitly forbid e-mail validator 2.0 or higher
Fixed SymfonyQuestionHelper multi-choice with defaults
[DoctrineBridge] Don't use object IDs in DoctrineChoiceLoader when passing a value closure
Differentiate between the first time a progress bar is displayed and subsequent times
finished previous commit
No more exception for malformed input name
fix post_max_size_message translation
[Process] Fix pipes cleaning on Windows
Avoid phpunit 5.4 warnings on getMock
[Form] Add exception to FormRenderer about non-unique block names
[FrameworkBundle] templating can be fully disabled
[Form] Consider a violation even if the form is not submitted
* 3.0:
[CS] Respect PSR2 4.2
[Form] fix `empty_data` option in expanded `ChoiceType`
[Console] removed unneeded private methods
[Security] [Guard] Improve comment with working example
sync min email validator version
[TwigBridge] Fix inconsistency in LintCommand help
explicitly forbid e-mail validator 2.0 or higher
Fixed SymfonyQuestionHelper multi-choice with defaults
[DoctrineBridge] Don't use object IDs in DoctrineChoiceLoader when passing a value closure
Differentiate between the first time a progress bar is displayed and subsequent times
finished previous commit
No more exception for malformed input name
fix post_max_size_message translation
[Process] Fix pipes cleaning on Windows
Avoid phpunit 5.4 warnings on getMock
[Form] Add exception to FormRenderer about non-unique block names
[Form] Consider a violation even if the form is not submitted
* 2.8:
[CS] Respect PSR2 4.2
[Form] fix `empty_data` option in expanded `ChoiceType`
[Console] removed unneeded private methods
[Security] [Guard] Improve comment with working example
sync min email validator version
[TwigBridge] Fix inconsistency in LintCommand help
explicitly forbid e-mail validator 2.0 or higher
Fixed SymfonyQuestionHelper multi-choice with defaults
[DoctrineBridge] Don't use object IDs in DoctrineChoiceLoader when passing a value closure
Differentiate between the first time a progress bar is displayed and subsequent times
finished previous commit
No more exception for malformed input name
fix post_max_size_message translation
[Process] Fix pipes cleaning on Windows
Avoid phpunit 5.4 warnings on getMock
[Form] Add exception to FormRenderer about non-unique block names
[Form] Consider a violation even if the form is not submitted
* 2.7:
[CS] Respect PSR2 4.2
[Form] fix `empty_data` option in expanded `ChoiceType`
[Console] removed unneeded private methods
sync min email validator version
[TwigBridge] Fix inconsistency in LintCommand help
explicitly forbid e-mail validator 2.0 or higher
Fixed SymfonyQuestionHelper multi-choice with defaults
[DoctrineBridge] Don't use object IDs in DoctrineChoiceLoader when passing a value closure
Differentiate between the first time a progress bar is displayed and subsequent times
finished previous commit
No more exception for malformed input name
fix post_max_size_message translation
[Process] Fix pipes cleaning on Windows
Avoid phpunit 5.4 warnings on getMock
[Form] Add exception to FormRenderer about non-unique block names
[Form] Consider a violation even if the form is not submitted
This PR was merged into the 3.1-dev branch.
Discussion
----------
[FrameworkBundle][Serializer] Fix a deprecation triggered by the ClassMetadataFactory
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | yes
| Tests pass? | yes
| Fixed tickets |
| License | MIT
Without apparent reasons, [FOSRestBundle's tests fail](https://travis-ci.org/FriendsOfSymfony/FOSRestBundle/jobs/124384888) since https://github.com/symfony/symfony/pull/18561.
```
Passing a Doctrine Cache instance as 2nd parameter of the "Symfony\Component\Serializer\Mapping\Factory\ClassMetadataFactory" constructor is deprecated. This parameter will be removed in Symfony 4.0. Use the "Symfony\Component\Serializer\Mapping\Factory\CacheClassMetadataFactory" class instead: 6x
1x in ErrorWithTemplatingFormatTest::testSerializeExceptionHtml from FOS\RestBundle\Tests\Functional
1x in SerializerErrorTest::testSerializeExceptionJson from FOS\RestBundle\Tests\Functional
1x in SerializerErrorTest::testSerializeExceptionJsonWithoutDebug from FOS\RestBundle\Tests\Functional
1x in SerializerErrorTest::testSerializeExceptionXml from FOS\RestBundle\Tests\Functional
1x in SerializerErrorTest::testSerializeInvalidFormJson from FOS\RestBundle\Tests\Functional
1x in SerializerErrorTest::testSerializeInvalidFormXml from FOS\RestBundle\Tests\Functional
```
We don't use cache in our tests but some of them are not in ``debug`` mode (will change soon) so the cache is automatically used.
This PR fixes this deprecation by detecting if the cache used by the serializer is psr6 compliant or not (if it is, then it replaces the default metadata factory by an instance of the new class ``CacheClassMetadataFactory``, otherwise the second parameter of the ``ClassMetadataFactory`` is used).
Commits
-------
15579d5 [FrameworkBundle] Deprecate framework.serializer.cache
eccbffb [Serializer] Improve a deprecation message
96e418a Revert "[FrameworkBundle] Fallback to default cache system in production for serializer"
This PR was merged into the 3.1-dev branch.
Discussion
----------
[FrameworkBundle] Fallback to default cache system in production for serializer
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
In the same idea as https://github.com/symfony/symfony/pull/18544, this PR proposes a default fallback to filesystem cache for the serializer if the APC cache is not enabled in production. In other words, if the following part of `config_prod.yml` file is not uncommented, the filesystem will be used:
``` yaml
#framework:
# serializer:
# cache: serializer.mapping.cache.doctrine.apc
```
Commits
-------
4f0b8be [FrameworkBundle] Fallback to default cache system in production for serializer
This PR was merged into the 3.1-dev branch.
Discussion
----------
[FrameworkBundle] Fallback to default cache system in production for validation
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | WIP
| Fixed tickets | -
| License | MIT
| Doc PR | -
This PR proposes a default fallback to filesystem cache for some services if the APC cache is not enabled in production. In other words, if the following part of `config_prod.yml` file is not uncommented, the filesystem will be used:
``` yaml
#framework:
# validation:
# cache: validator.mapping.cache.doctrine.apc
# serializer:
# cache: serializer.mapping.cache.doctrine.apc
#
# ... other services
```
Commits
-------
1a65595 [FrameworkBundle] Fallback to default cache system in production for validation
This PR was merged into the 3.1-dev branch.
Discussion
----------
[3.1] [WebProfilerBundle] [DX] Feature allow forward and redirection detection in wdt
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #14358, #17501
| License | MIT
| Doc PR | ?
This PR allows to :
- track explicit forward from `\Symfony\Bundle\FrameWorkBundle\Controller\Controller` in the web debug toolbar.
- or pass a request attribute `_forwarded` with the current request attributes (an instance of `ParameterBag`) as value to your sub request before handling it.
- see if you've been redirected (require session enabled)
When redirected you will see the name of the route (if any) and a link to the profile of the original request.
In case of forwarding, the name of the controller is a file link and next to it there is a direct link to the profile of the sub request.
This works pretty well in __Silex__ too by registering `SessionServiceProvider()` for redirections or by providing this method for forwarding :
```php
class App extends \Silex\Application
// (php7 bootstrap) $app = new class extends \Silex\Application {
{
public function forward($controller, array $path = array(), array $query = array()
{
if (!$this->booted) {
throw new LogicException(sprintf('Method %s must be called from a controller.', __METHOD__));
}
$this->flush();
$request = $this['request_stack']->getCurrentRequest();
$path['_forwarded'] = $request->attributes;
$path['_controller'] = $controller;
$subRequest = $request->duplicate($query, null, $path);
return $this['kernel']->handle($subRequest, HttpKernelInterface::SUB_REQUEST);
}
}
```
Commits
-------
0a0e8af [WebProfilerBundle] show the http method in wdt if not 'GET'
4f020b5 [FrameworkBundle] Extends the RequestDataCollector
227ac77 [WebProfilerBundle] [FrameworkBundle] profile forward controller action
0a1b284 [WebProfiler] [HttpKernel] profile redirections
* 3.0:
[PhpUnitBridge] Revert 7f62133939
bumped Symfony version to 2.3.40
Fix leftover conflict marker in UPGRADE-3.0.md
set s-maxage only if all responses are cacheable
updated VERSION for 2.3.39
update CONTRIBUTORS for 2.3.39
updated CHANGELOG for 2.3.39
Improved the "branch" row of the PR table
[Debug] Replaced logic for detecting filesystem case sensitivity
[Process] Wait a bit less on Windows
Use debug member variable
Autowiring the concrete class too - consistent with behavior of other services
Fix typos #18090 1. PHPs session design to PHP's session design 2. Symfony HttpKernel offers to Symfony's HttpKernel offers 3. in which case it it should to in which case it should
Fix for Isssue #18091
replace perfom by perform
minor #18088 Fix typo for profiler
[Validator] Fixing inaccurate typehint in docblock
[ci] remove token for composer now that rate limiting is off
* 2.8:
[PhpUnitBridge] Revert 7f62133939
bumped Symfony version to 2.3.40
set s-maxage only if all responses are cacheable
updated VERSION for 2.3.39
update CONTRIBUTORS for 2.3.39
updated CHANGELOG for 2.3.39
Improved the "branch" row of the PR table
[Debug] Replaced logic for detecting filesystem case sensitivity
[Process] Wait a bit less on Windows
Use debug member variable
Autowiring the concrete class too - consistent with behavior of other services
Fix typos #18090 1. PHPs session design to PHP's session design 2. Symfony HttpKernel offers to Symfony's HttpKernel offers 3. in which case it it should to in which case it should
Fix for Isssue #18091
replace perfom by perform
minor #18088 Fix typo for profiler
[Validator] Fixing inaccurate typehint in docblock
[ci] remove token for composer now that rate limiting is off
Conflicts:
CHANGELOG-2.3.md
src/Symfony/Bridge/PhpUnit/composer.json
* 3.0:
[VarDumper] Fix tests on PHP 7
[DomCrawler] Clarify the value returned by getPhpFiles()
[DependencyInjection] Fix#16461 Let Container::set() replace existing aliases
avoid (string) catchable fatal error for instances of __PHP_Incomplete_Class
remove unnecessary retrieval and setting of data
Update validators.fr.xlf
avoid (string) catchable fatal error for __PHP_Incomplete_Class instances
sendContent return as parent.
[DomCrawler] Remove the overridden getHash() method to prevent problems when cloning the crawler
[FrameworkBundle] Fix a typo
Added more exceptions to singularify method
Add width attribute on SVG
[FrameworkBundle] Support autowiring for TranslationInterface
[Validator] remove obsolete context and PropertyAccess code
[WebProfiler] Fixed styles for search block and menu profiler for IE Edge
* 2.8:
[VarDumper] Fix tests on PHP 7
[DomCrawler] Clarify the value returned by getPhpFiles()
[DependencyInjection] Fix#16461 Let Container::set() replace existing aliases
avoid (string) catchable fatal error for instances of __PHP_Incomplete_Class
remove unnecessary retrieval and setting of data
Update validators.fr.xlf
avoid (string) catchable fatal error for __PHP_Incomplete_Class instances
sendContent return as parent.
[DomCrawler] Remove the overridden getHash() method to prevent problems when cloning the crawler
[FrameworkBundle] Fix a typo
Added more exceptions to singularify method
Add width attribute on SVG
[FrameworkBundle] Support autowiring for TranslationInterface
[WebProfiler] Fixed styles for search block and menu profiler for IE Edge
Conflicts:
src/Symfony/Component/DependencyInjection/Tests/ContainerTest.php
src/Symfony/Component/DomCrawler/Crawler.php
This PR was squashed before being merged into the 3.0 branch (closes#17398).
Discussion
----------
[Validator] remove obsolete context and PropertyAccess code
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
Commits
-------
a9d9d62 [Validator] remove obsolete context and PropertyAccess code
This PR was merged into the 2.8 branch.
Discussion
----------
[FrameworkBundle][Validator] Fix apc cache service deprecation
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | yes
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
Related to #16795
I guess the deprecation was on the wrong service.
Also, no deprecation notice was triggered about using `"apc"` as the value of the `framework.validation.cache` configuration option. This PR adds the missing deprecation.
> 📝 _NOTE_: The standard edition will need to be updated [here](https://github.com/symfony/symfony-standard/blob/2.8/app/config/config_prod.yml#L6).
Commits
-------
907bbec [FrameworkBundle][Validator] Fix apc cache service deprecation
* 2.7: (28 commits)
[Process] Use stream based storage to avoid memory issues
Fix upgrade guides concerning erroneous removal of assets helper
[Process] Remove a misleading comment
Fix markdown typo
ChooseBaseUrl should return an index
[Form] ChoiceType: Fix a notice when 'choices' normalizer is replaced
Improve the phpdoc of SplFileInfo methods
[Process] Use stream based storage to avoid memory issues
[FrameworkBundle] Don't log twice with the error handler
Remove useless is_object condition
[Process] Fix typo, no arguments needed anymore
[Serializer] Introduce constants for context keys
Fixed the documentation of VoterInterface::supportsAttribute
Fixed Bootstrap form theme form "reset" buttons
Remove useless duplicated tests
[FrameworkBundle] Optimize framework extension tests
synchronize 2.7 and 3.0 upgrade files
fix merge 2.3 into 2.7 for SecureRandom dependency
Use is_subclass_of instead of reflection
Use is_subclass_of instead of Reflection when possible
...
This PR was merged into the 3.0 branch.
Discussion
----------
[FrameworkBundle] Added the assets helper again
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| License | MIT
This PR is a follow up of #14972, we deprecated and removed the AssetsHelper in 2.7/3.0 doing impossible to use the Asset component and the PHP templates together, I've submitted this PR to be merged in 3.0 because IMO this is a bug fix, but we documented the deprecation and removal of the helper, what we should do here? (https://github.com/symfony/symfony/blob/3.0/UPGRADE-3.0.md#frameworkbundle and https://github.com/symfony/symfony/blob/2.8/UPGRADE-2.7.md#frameworkbundle)
cc/ @WouterJ
Commits
-------
98cb838 Added the assets helper again
* 2.3:
Fixed correct class name in thrown exception
Add gc_mem_caches() call for PHP7 after itoken_get_all() as new memory manager will not release small buckets to OS automatically
Removed a duplicated test in CardSchemeValidatorTest
Fix perf and mem issue when using token_get_all
[SecurityBundle] fix SecureRandom service constructor args
Normalize params only when used.
* 2.8:
[Process] Fix potential race condition
[PhpUnitBridge] Re-enable the garbage collector
typo
[FrameworkBundle] Allow to autowire service_container
[FrameworkBundle] Set the kernel.name properly after a cache warmup
Fix toolbar display when nvd3 is loaded on page
Removed spaces before semicolon
cast arrays to objects after parsing has finished
Conflicts:
src/Symfony/Bridge/PhpUnit/bootstrap.php
src/Symfony/Bundle/FrameworkBundle/Resources/config/services.xml
src/Symfony/Component/Console/Helper/DialogHelper.php
* 2.8:
Fix merge
[Process] Fix running tests on HHVM>=3.8
[Form] Improved performance of ChoiceType and its subtypes
Removed an object as route generator argument
Conflicts:
src/Symfony/Bridge/Doctrine/Tests/Form/Type/EntityTypeTest.php
src/Symfony/Bundle/FrameworkBundle/Resources/config/form.xml
* 2.8:
Fix undefined array $server
Fix call to undefined function json_last_error_message
Fix bug in windows detection
[ProxyManager] Tmp fix composer reqs issue in ZF
Fix PropertyInfo extractor namespace in framework bundle
Add missing exclusions from phpunit.xml.dist
[Serializer] ObjectNormalizer: don't serialize static methods and props
[Form] Enhance some FormRegistry deprecation messages
[Validator] [sl] BIC (SWIFT-BIC) validation constraint
[WebProfilerBundle] correct typo in show stack trace link
bumped Symfony version to 2.8.0
updated VERSION for 2.8.0-BETA1
updated CHANGELOG for 2.8.0-BETA1
Fix the server variables in the router_*.php files
[Validator] Allow an empty path with a non empty fragment or a query
The following change adds support for Armenian pluralization.
[2.3][Process] fix Proccess run with pts enabled
Conflicts:
src/Symfony/Bridge/ProxyManager/composer.json
src/Symfony/Bundle/FrameworkBundle/DependencyInjection/Compiler/FormPass.php
src/Symfony/Component/Form/FormRegistry.php
* 2.7:
Fix undefined array $server
Fix bug in windows detection
[ProxyManager] Tmp fix composer reqs issue in ZF
Add missing exclusions from phpunit.xml.dist
[Serializer] ObjectNormalizer: don't serialize static methods and props
Fix the server variables in the router_*.php files
[Validator] Allow an empty path with a non empty fragment or a query
The following change adds support for Armenian pluralization.
[2.3][Process] fix Proccess run with pts enabled
Conflicts:
composer.json
src/Symfony/Bridge/ProxyManager/composer.json
src/Symfony/Component/Security/phpunit.xml.dist
* 2.3:
Fix undefined array $server
[ProxyManager] Tmp fix composer reqs issue in ZF
Add missing exclusions from phpunit.xml.dist
Fix the server variables in the router_*.php files
[Validator] Allow an empty path with a non empty fragment or a query
The following change adds support for Armenian pluralization.
[2.3][Process] fix Proccess run with pts enabled
Conflicts:
composer.json
src/Symfony/Bridge/ProxyManager/composer.json
src/Symfony/Bundle/DebugBundle/phpunit.xml.dist
src/Symfony/Component/Security/phpunit.xml.dist
* 2.8:
Fix the FrameworkBundle dependencies
[DoctrineBridge] Fix required guess of boolean fields
[DI] don't use array_map to resolve services
Remove dead code in the PropertyPath constructor
[EventDispatcher] fix docblock
[Process] Inherit env vars by default in PhpProcess
Changed one console output style to avoid visual issues
[VarDumper] Fix return type and anonymous classes dumping
[FrameworkBundle] PropertyInfo support
[HttpFoundation] Fixes /0 subnet handling in IpUtils
[Form] Simplify DateTimeToStringTransformer Avoid unneeded catch and re-throw of the same exception.
[Minor] [Serializer] Removed second license header
[TwigBundle] added a Twig templates warmer when templating is disabled
[HttpKernel] Remove a duplicate test for the EsiFragmentRenderer
[Templating] deprecate low-level RouterHelper::generate method as it's cumbersome to use constants in templates
[Templating] introduce path and url methods in php templates to be in line with twig templates
[Routing] deprecate the old url generator reference type values
[Routing] use constant in a test that is new in 2.7
[FrameworkBundle] Add a new ClassCache cache warmer
[Validator] Add expressionLanguage to ExpressionValidator constructor
Conflicts:
src/Symfony/Bundle/FrameworkBundle/Resources/config/services.xml
src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/ConfigurationTest.php
src/Symfony/Bundle/FrameworkBundle/composer.json
src/Symfony/Component/BrowserKit/composer.json
src/Symfony/Component/ClassLoader/ClassCollectionLoader.php
src/Symfony/Component/EventDispatcher/EventDispatcher.php
This PR was squashed before being merged into the 2.8 branch (closes#15966).
Discussion
----------
[FrameworkBundle] PropertyInfo support
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | not yet
Commits
-------
f84a92a [FrameworkBundle] PropertyInfo support
