This PR was merged into the 3.4 branch.
Discussion
----------
[DI] Handle container.autowiring.strict_mode to opt-out from legacy autowiring
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
To preserve BC, autowiring still wires things in hybrid 2.8/3.3 modes.
But 2.8 mode is really a foot gun.
I propose to add a new parameter in SF3.4, to opt-out of this 2.8 mode, and enable this strict mode for all new projects.
WDYT?
(see https://github.com/symfony/recipes/pull/221 for corresponding change on Flex recipe)
Commits
-------
a4a0ae2 [DI] Handle container.autowiring.strict_mode to opt-out from legacy autowiring
This PR was merged into the 3.4 branch.
Discussion
----------
[Security] Fix missing BC layer for AbstractGuardAuthenticator::getCredentials()
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
If a guard authenticator extends `AbstractGuardAuthenticator` and returns `null` from `getCredentials()`, an `\UnexpectedValueException` is thrown when upgrading to 3.4 because the abstract already implements the new interface.
This triggers a deprecation notice instead.
Commits
-------
b6bb84b [Security] Fix BC layer for AbstractGuardAuthenticator subclasses
Fixessymfony/symfony#24652
Trailing backslash, being unescaped, used to escape closing formatting
tag and, thus, formatting tag appeared in autocompletion
* 3.4: (26 commits)
[Routing] Fix resource miss
[Security] Fixed auth provider authenticate() cannot return void
[FrameworkBundle][Serializer] Move DateIntervalNormalizer definition to xml
declare argument type
Improving annotation loader message
[FrameworkBundle][Serializer] Move normalizer/encoders definitions to xml file & remove unnecessary checks
Update UPGRADE-4.0.md
streamed response should return $this
$isClientIpsVali is not used
[WebServerBundle] Prevent commands from being registered by convention
content can be a resource
Adding the Form default theme files to be warmed up in Twig's cache
Remove BC Break label from `NullDumper` class
Username and password in basic auth are allowed to contain '.'
Remove obsolete PHPDoc from UriSigner
[Serializer] YamlEncoder: throw if the Yaml component isn't installed
[Serializer] ObjectNormalizer: throw if PropertyAccess isn't installed
[PropertyInfo] Add support for the iterable type
pdo session fix
Fixed pathinfo calculation for requests starting with a question mark. - fix bad conflict resolving issue - port symfony/symfony#21968 to 3.3+
...
* 3.3: (22 commits)
[Routing] Fix resource miss
[Security] Fixed auth provider authenticate() cannot return void
declare argument type
[FrameworkBundle][Serializer] Move normalizer/encoders definitions to xml file & remove unnecessary checks
streamed response should return $this
$isClientIpsVali is not used
content can be a resource
Adding the Form default theme files to be warmed up in Twig's cache
Remove BC Break label from `NullDumper` class
Username and password in basic auth are allowed to contain '.'
Remove obsolete PHPDoc from UriSigner
[Serializer] YamlEncoder: throw if the Yaml component isn't installed
[Serializer] ObjectNormalizer: throw if PropertyAccess isn't installed
[PropertyInfo] Add support for the iterable type
pdo session fix
Fixed pathinfo calculation for requests starting with a question mark. - fix bad conflict resolving issue - port symfony/symfony#21968 to 3.3+
Fixed unsetting from loosely equal keys OrderedHashMap
add DOMElement as return type in Crawler::getIterator to support foreach support in ide
Fixed mistake in exception expectation
[Debug] Fix same vendor detection in class loader
...
* 2.8:
[Routing] Fix resource miss
[Security] Fixed auth provider authenticate() cannot return void
declare argument type
streamed response should return $this
content can be a resource
Adding the Form default theme files to be warmed up in Twig's cache
* 2.7:
[Security] Fixed auth provider authenticate() cannot return void
declare argument type
streamed response should return $this
content can be a resource
This PR was merged into the 2.7 branch.
Discussion
----------
[Security] Fixed auth provider authenticate() cannot return void
| Q | A
| ------------- | ---
| Branch? | 2.7 and up
| Bug fix? | yes
| New feature? | no
| BC breaks? | no (arguably)
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
The `AuthenticationManagerInterface` [requires](https://github.com/symfony/symfony/blob/2.7/src/Symfony/Component/Security/Core/Authentication/AuthenticationManagerInterface.php#L30) that `authenticate()` must return a TokenInterface, never null. Several authentication providers are violating this. Changed to throw exception instead.
See discussion in earlier PR https://github.com/symfony/symfony/pull/24585 which was changing the docblock rather than the implementations.
Commits
-------
6e18b56b77 [Security] Fixed auth provider authenticate() cannot return void
This PR was merged into the 2.7 branch.
Discussion
----------
declare type AcceptHeaderItem for array_map
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
In `array_filter` , argument type is declared.
https://github.com/symfony/symfony/blob/2.7/src/Symfony/Component/HttpFoundation/AcceptHeader.php#L133
So It's natural to do so in `array_map` too.
Commits
-------
ab8f5be40c declare argument type
The AuthenticationManagerInterface requires that authenticate() must return a TokenInterface, never null.
Several authentication providers are violating this. Changed to throw exception instead.
This PR was merged into the 2.7 branch.
Discussion
----------
content can be a resource
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes (bug in a comment)
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
Commits
-------
c63742daef content can be a resource
This PR was merged into the 4.0-dev branch.
Discussion
----------
[Form] Fix FormEvents::* constant and value matching
| Q | A
| ------------- | ---
| Branch? | 4.0
| Bug fix? | no
| New feature? | no
| BC breaks? | yes (ppl rely on const value directly, very weird)
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | https://github.com/symfony/symfony/issues/24615
| License | MIT
| Doc PR | -
> https://github.com/symfony/symfony/issues/24615#issuecomment-337945875 by @stof:
Yeah, I think we could change this in 4.0 without a big impact (btw, I think our BC policy even allows it for this case).
There is one case where people will use the event name rather than the constant: the kernel.event_listener tag (and recent versions can even use the constant in YAML files). But this won't be the case for this event, as form events are not dispatched in the main dispatcher anyway.
Commits
-------
944931af63 Minor reword
0ee856add1 Update UPGRADE-4.0.md
0fc2282fc2 fix the constant value to be consistent with the name
This PR was merged into the 4.0-dev branch.
Discussion
----------
[Session] remove lazy_write polyfill for php < 7.0
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | no <!-- don't forget to update src/**/CHANGELOG.md files -->
| BC breaks? |no
| Deprecations? | no <!-- don't forget to update UPGRADE-*.md files -->
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
Remove the session.lazy_write fallback implementation for php < 7 introduced in #24523 as we don't need it in sf 4
Commits
-------
1f84b1fd81 [Session] remove lazy_write polyfill for php < 7.0
* 3.4:
bumped Symfony version to 3.4.0
updated VERSION for 3.4.0-BETA1
updated CHANGELOG for 3.4.0-BETA1
Do not process bindings in AbstractRecursivePass
don't bind scalar values to controller method arguments
Add extra autowiring aliases
adding AdapterInterface alias for cache.app
Adding a new debug:autowiring command
[HttpFoundation] Make sessions secure and lazy
[Routing] Ensure uniqueness without repeated check
[Console] Sync ConsoleLogger::interpolate with the one in HttpKernel
* 2.8:
Username and password in basic auth are allowed to contain '.'
Remove obsolete PHPDoc from UriSigner
[Serializer] ObjectNormalizer: throw if PropertyAccess isn't installed
[PropertyInfo] Add support for the iterable type
pdo session fix
Fixed unsetting from loosely equal keys OrderedHashMap
[Debug] Fix same vendor detection in class loader
Updated the source text and translation
reject remember-me token if user check fails
* 2.7:
Username and password in basic auth are allowed to contain '.'
Remove obsolete PHPDoc from UriSigner
[Serializer] ObjectNormalizer: throw if PropertyAccess isn't installed
pdo session fix
Fixed unsetting from loosely equal keys OrderedHashMap
[Debug] Fix same vendor detection in class loader
Updated the source text and translation
reject remember-me token if user check fails
This PR was merged into the 3.4 branch.
Discussion
----------
[HttpKernel] Don't bind scalar values to controller method arguments
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | https://github.com/symfony/symfony/issues/24555#issuecomment-337071029
| License | MIT
| Doc PR | -
See linked issue.
Let's suppose we have this configuration:
```yaml
services:
_defaults:
# ...
bind:
$foo: '%foobar%'
```
`$foo` was successfully bound to any controller constructor, but in another controller I have this edit action (nothing to do with the intention of bind such a parameter, but it has the same name):
```php
/**
* @Route("/{foo}/edit")
*/
public function editAction(string $foo) {}
```
triggering:
> Type error: Argument 1 passed to Symfony\Component\DependencyInjection\Argument\ServiceClosureArgument::__construct() must be an instance of Symfony\Component\DependencyInjection\Reference, string given, called in /home/yceruto/github/symfony/symfony-demo/vendor/symfony/dependency-injection/Compiler/ServiceLocatorTagPass.php on line 81
or after https://github.com/symfony/symfony/pull/24582:
> Invalid service locator definition: only services can be referenced, "string" found for key "foo". Inject parameter values using constructors instead.
Commits
-------
a1df9af20f don't bind scalar values to controller method arguments
This PR was merged into the 2.7 branch.
Discussion
----------
Username and password in basic auth are allowed to contain '.'
Initially reported by Fede Isas in https://github.com/beberlei/assert/pull/234
| Q | A
| ------------- | ---
| Branch? | 2.3
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
Commits
-------
e5d57dd050 Username and password in basic auth are allowed to contain '.'
This PR was merged into the 3.4 branch.
Discussion
----------
[DI] Do not process bindings in AbstractRecursivePass
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #24559
| License | MIT
| Doc PR | n/a
Commits
-------
6a6256c6a8 Do not process bindings in AbstractRecursivePass
This PR was merged into the 3.3 branch.
Discussion
----------
add DOMElement as return type in Crawler::getIterator to support foreach support in ide
| Q | A
| ------------- | ---
| Branch? | 3.3
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| License | MIT
In `Crawler::getIterator` return type is missing so ide (PhpStorm) is not able to provide completion inside foreach statements. This PR adds `DOMElement[]` to it
```php
$crawler = new Crawler('foobar');
foreach($crawler->filter('a') as $link) {
# support completion
$link->...
}
```
Commits
-------
2350597288 add DOMElement as return type in Crawler::getIterator to support foreach support in ide
This PR was merged into the 2.7 branch.
Discussion
----------
[Debug] Fix same vendor detection in class loader
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
Fix about same vendor detection in ClassLoader. Actually, detected namespace for `Doctrine\ORM\Configuration` is `Doctrine\ORM` instead of `Doctrine\`. So deprecations are triggered for classes in same namespace.
Commits
-------
d2ab0d8019 [Debug] Fix same vendor detection in class loader
This PR was merged into the 3.4 branch.
Discussion
----------
[HttpFoundation] Make sessions secure and lazy
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | yes
| Tests pass? | not yet
| Fixed tickets | #6388, #6036, #12375, #12325
| License | MIT
| Doc PR | -
The `SessionUpdateTimestampHandlerInterface` (new to PHP 7.0) is mostly undocumented, and just not implemented anywhere. Yet, it's required to implement session fixation preventions and lazy write in userland session handlers (there is https://wiki.php.net/rfc/session-read_only-lazy_write which describes the behavior.)
By implementing it, we would make Symfony session handling much better and stronger. Meanwhile, doing some cookie headers management, this also gives the opportunity to fix the "don't start if session is only read issue".
So, here we are for the general idea. Now needs more (and green) tests, and review of course.
Commits
-------
347939c9b3 [HttpFoundation] Make sessions secure and lazy
This PR was merged into the 3.3 branch.
Discussion
----------
[3.3] Fixed pathinfo calculation for requests starting with a question mark.
| Q | A
| ------------- | ---
| Branch? | 3.3
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #24487
| License | MIT
| Doc PR | no
Fix of bad merge conflict resolving as mentioned in #24487. Port #21968 to 3.3+
Commits
-------
c17a92259a Fixed pathinfo calculation for requests starting with a question mark. - fix bad conflict resolving issue - port symfony/symfony#21968 to 3.3+
This PR was squashed before being merged into the 3.4 branch (closes#24556).
Discussion
----------
[Routing] Ensure uniqueness without repeated check
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
The RouteCollection ensures uniqueness of resources by using array_unique. The current implementation suffers from the following problems.
1. The array_unique method calls __toString for every element in the array but it is very inefficient in terms of the number of calls made. I.e. if the array has 50 elements it does not do 50 __toString calls. I did some tests with Blackfire in PHP 7.1 and found the following numbers.
25 elements => 240 calls
50 elements => 607 calls
100 elements => 1382 calls
200 elements => 3333 calls
2. The array_unique function is called every time the getResources() method is called, even when the resources did not change in the mean time. Combined with the above this leads to lower performance.
Many applications have a low number of routes so this is not a big issue. But for larger applications or bundles that generate routes (i.e. for CRUD or API / doc generation) this will have a bigger impact.
Commits
-------
16f7281178 [Routing] Ensure uniqueness without repeated check
This PR was merged into the 3.3 branch.
Discussion
----------
Fixed mistake in exception expectation
| Q | A
| ------------- | ---
| Branch? | 3.3
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
In some cases, (5 to be exact), the `expectException` is misused while attempting to provide compatibility with the older `setExpectedException` by making use of a non-existent parameter.
Firstly, this makes the tests inconsistent (old PHPUnit version test exception message, while newer one doesn't). Secondly, if PHPUnit interface suddenly starts making use of a 2nd parameter in `expectException`, the existing code might break or cause unexpected side-effects.
Original report: 87bb726712 (commitcomment-24848315)
Commits
-------
03be003 Fixed mistake in exception expectation
This PR was merged into the 2.7 branch.
Discussion
----------
[Security] Reject remember-me token if UserCheckerInterface::checkPostAuth() fails
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #24525
| License | MIT
| Doc PR | -
I think this is a security hole - a user can remain logged in with a remember me cookie even though they can no longer pass `UserCheckInterface::checkPostAuth()` (could be disabled).
This is a small BC break but shouldn't be an issue as I think it is a bug. I don't think this requires a BC layer but if so, I can add.
Commits
-------
fe190b6ee9 reject remember-me token if user check fails
* 3.4:
[TwigBridge] fix BC for FormExtension if renderer is FormRenderer
[Form] Fix 5.5 compatibility for ResizeFormListener
[BrowserKit] Handle deprecations triggered in insulated requests
[Bridge\PhpUnit] Handle deprecations triggered in separate processes
Fix LogLevel::DEBUG as min level
[Validator] added magic method __isset() to File Constraint class
Support array of types in allowed type
[DI] Fix possible incorrect php-code when dumped strings contains newlines
[Translation] minor: remove unused variable in test
added ability to handle parent classes for PropertyNormalizer
replace parameters in dummy identity translator
never match invalid IP addresses
* 3.3:
[BrowserKit] Handle deprecations triggered in insulated requests
[Bridge\PhpUnit] Handle deprecations triggered in separate processes
[Validator] added magic method __isset() to File Constraint class
[DI] Fix possible incorrect php-code when dumped strings contains newlines
[Translation] minor: remove unused variable in test
never match invalid IP addresses
* 2.8:
[Validator] added magic method __isset() to File Constraint class
[DI] Fix possible incorrect php-code when dumped strings contains newlines
[Translation] minor: remove unused variable in test
never match invalid IP addresses
* 2.7:
[Validator] added magic method __isset() to File Constraint class
[DI] Fix possible incorrect php-code when dumped strings contains newlines
[Translation] minor: remove unused variable in test
never match invalid IP addresses
This PR was squashed before being merged into the 3.4 branch (closes#24321).
Discussion
----------
added ability to handle parent classes for PropertyNormalizer
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | yes <!-- don't forget updating src/**/CHANGELOG.md files -->
| BC breaks? | no
| Deprecations? | no <!-- don't forget updating UPGRADE-*.md files -->
| Tests pass? | yes
| Fixed tickets | #24152 <!-- #-prefixed issue number(s), if any -->
| License | MIT
| Doc PR | symfony/symfony-docs#... <!--highly recommended for new features-->
<!--
- Bug fixes must be submitted against the lowest branch where they apply
(lowest branches are regularly merged to upper ones so they get the fixes too).
- Features and deprecations must be submitted against the 3.4,
legacy code removals go to the master branch.
- Please fill in this template according to the PR you're about to submit.
- Replace this comment by a description of what your PR is solving.
-->
This adds the ability for PropertyNormalizer to normalize/denormalize properties from parent classes.
Commits
-------
5ecafc5e25 added ability to handle parent classes for PropertyNormalizer
This PR was merged into the 3.4 branch.
Discussion
----------
[Console][HttpKernel] Handle new SHELL_VERBOSITY env var, also configures the default logger
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
On the CLI, the behavior of the new default logger is not nice: it's verbosity is controlled by `kernel.debug`, where I would expect to be able to control it by mean of verbosity.
To achieve this, I propose to handle a new `SHELL_VERBOSITY` env var, and use it to control both commands' verbosity, and the logger's log level.
Commits
-------
87bd741f2d [Console][HttpKernel] Handle new SHELL_VERBOSITY, also configures the default logger
This PR was merged into the 2.7 branch.
Discussion
----------
[HttpFoundation] never match invalid IP addresses
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #24424
| License | MIT
| Doc PR |
Commits
-------
8ad32f0ef5 never match invalid IP addresses
* 3.4:
fix merge
fix merge
[FORM] Prevent forms from extending itself as a parent
fix merge
Fix 7.2 compat layer
[DI] Prefixed env vars and load time inlining are incompatible
bug #24499 [Bridge\PhpUnit] Fix infinite loop when running isolated method (bis) (nicolas-grekas)
Fix PHP 7.2 support
[HttpFoundation] Add missing session.lazy_write config option
[DI] Exclude inline services declared in XML from autowiring candidates
[HttpFoundation] Combine Cache-Control headers
[Form] fix parsing invalid floating point numbers
Escape command usage when displaying it in the text descriptor
[DI] Throw accurate failures when accessing removed services
[DI] Turn private defs to non-public ones before removing passes
Use for=ID on radio/checkbox label.
* the `phpdocumentor/type-resolver` package was not PHP 7.2 compatible
before release 0.2.1 (see see phpDocumentor/TypeResolver@e224fb2)
* the validator must not call `get_class()` if no object but a class
name was passed to the `validatePropertyValue()` method
* 2.8:
fix merge
Fix 7.2 compat layer
Fix PHP 7.2 support
[HttpFoundation] Add missing session.lazy_write config option
[HttpFoundation] Combine Cache-Control headers
[Form] fix parsing invalid floating point numbers
Escape command usage when displaying it in the text descriptor
Use for=ID on radio/checkbox label.
* 2.7:
Fix 7.2 compat layer
Fix PHP 7.2 support
[HttpFoundation] Add missing session.lazy_write config option
[HttpFoundation] Combine Cache-Control headers
[Form] fix parsing invalid floating point numbers
Escape command usage when displaying it in the text descriptor
Use for=ID on radio/checkbox label.
This PR was merged into the 2.7 branch.
Discussion
----------
[HttpFoundation] Combine Cache-Control headers
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
If multiple `Cache-Control` headers are added to a `ResponseHeaderBag`, only the first is returned by `$bag->get('Cache-Control')`.
Commits
-------
1f76a70b6f [HttpFoundation] Combine Cache-Control headers
This PR was merged into the 3.4 branch.
Discussion
----------
[DI] Throw accurate failures when accessing removed services
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #24444
| License | MIT
| Doc PR | -
See linked issue.
This will throw a useful message when accessing a removed service.
When setting a removed service, a deprecation notice will be thrown also so that in master we can throw an exception then.
Commits
-------
fe7f26d4f3 [DI] Throw accurate failures when accessing removed services
This PR was merged into the 3.4 branch.
Discussion
----------
[DI] Prefixed env vars and load time inlining are incompatible
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
That's because env var processors are not registered yet.
Commits
-------
91c9287c55 [DI] Prefixed env vars and load time inlining are incompatible
This PR was merged into the 3.4 branch.
Discussion
----------
[DI] Turn private defs to non-public ones before removing passes
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #24465
| License | MIT
| Doc PR | -
As spotted by @stof in https://github.com/symfony/symfony/issues/24465#issuecomment-334786670.
Commits
-------
e5d0934b87 [DI] Turn private defs to non-public ones before removing passes
This PR was merged into the 2.7 branch.
Discussion
----------
Fix support for PHP 7.2
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | no
| Fixed tickets | #23671
| License | MIT
| Doc PR | -
There are still the deprecation problem with phpunit since it use `each()`.
There are 3 tests linked to session that I don't know how to fix / what to do, do you have any idea @nicolas-grekas ?
Commits
-------
fdf285b5c9 Fix 7.2 compat layer
e229dd0302 Fix PHP 7.2 support
This PR was merged into the 3.4 branch.
Discussion
----------
[DI] Exclude inline services declared in XML from autowiring candidates
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| BC breaks? | yes
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #24311
| License | MIT
| Doc PR | -
As reported in #24311, inline services should not be candidates for autowiring.
This PR fixes the issue, but is submitted against 3.4 because there is a potential BC break here, for ppl that didn't realize they relied on this (already deprecated) behavior.
We *could* not merge this PR and consider the deprecation is fine - but in practice, the WTF is hitting several ppl already AFAIK, so we should close that door IMHO.
Commits
-------
d90e7212ea [DI] Exclude inline services declared in XML from autowiring candidates
* 3.4:
Clarify the exceptions are going to be rendered just after
[DI] Remove colon from env placeholders
fixed CS
[Yaml] initialize inline line numbers
[Workflow] Added tests for the is_valid() guard expression
[Workflow] Added guard 'is_valid()' method support
Add & use OptionResolverIntrospector
Add debug:form type option
This PR was merged into the 4.0-dev branch.
Discussion
----------
[HttpKernel] minor: add ability to construct with headers on http exceptions
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
This adds the ability to set the headers for the exception within the constructor.
With alot of the following exceptions its sometimes very useful to be able to set the headers. For example with a reverse proxy cache (Varnish) if you want to match the `Retry-After` with a Varnish cache header to protect the backend.
I see that `setHeaders()` did get added 6a1080f899 but that means the exception needs to be assigned to a variable and set and then thrown, it also doesn't merge with the existing header set in some of the constructors.
~~I've chosen to `array_merge()` where key/values~~ were being set within the constructor as I think this is the most useful and 'correct' whereas `setHeaders` is explicit that its setting not amending or adding to.
Commits
-------
612fb59b32 [HttpKernel] minor: add ability to construct with headers on http exceptions
This PR was merged into the 3.3 branch.
Discussion
----------
[DependencyInjection] remove unused fixtures file
| Q | A
| ------------- | ---
| Branch? | 3.3
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
I was wondering why the conflict markers in the `master` branch (see b6e9471ded/src/Symfony/Component/DependencyInjection/Tests/Fixtures/php/services31.php (L43-L52)) did not cause any issues. Turned out that this fixtures file was not used anymore (it was only partially removed in #23022).
Commits
-------
3702e5ff37 remove unused fixtures file
This PR was merged into the 3.4 branch.
Discussion
----------
[Workflow] add guard is_valid() method support
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | Yes
| License | MIT
Workflow guard configuration support expression language like **is_fully_authenticated()**, **has_role()** or **is_granted()**, etc...
I would like to add the support for a new **is_valid()** expression.
Configuration allow to validate subject against specific validation groups to check if a transition can be applied.
In the next configuration exemple, my issue must validate "affectable" validation group to apply "affect" transistion:
```yaml
framework:
workflows:
issue:
marking_store:
type: single_state
arguments:
- state
supports: AppBundle\Entity\Issue
initial_place: created
places:
- created
- affected
- closed
transitions:
affect:
guard: "is_valid(subject, ['affectable'])"
from: created
to: affected
close:
from: completed
to: closed
```
Commits
-------
06d8198714 [Workflow] Added tests for the is_valid() guard expression
9499bc291c [Workflow] Added guard 'is_valid()' method support
* 3.4: (26 commits)
bumped Symfony version to 3.3.11
updated VERSION for 3.3.10
updated CHANGELOG for 3.3.10
bumped Symfony version to 2.8.29
updated VERSION for 2.8.28
updated CHANGELOG for 2.8.28
bumped Symfony version to 2.7.36
updated VERSION for 2.7.35
update CONTRIBUTORS for 2.7.35
updated CHANGELOG for 2.7.35
Added deprecation to cwd not existing Fixes#18249
[Session] fix MongoDb session handler to gc all expired sessions
Add changelog for deprecated DbalSessionHandler
[Security] Look at headers for switch user username parameter
Updated Test name and exception name to be more accurate
newline at end of file
changed exception message
Ahh, I see. It actually wants a newline!
Removed newline
Created new Exception to throw and modified tests.
...
* 3.3: (23 commits)
bumped Symfony version to 3.3.11
updated VERSION for 3.3.10
updated CHANGELOG for 3.3.10
bumped Symfony version to 2.8.29
updated VERSION for 2.8.28
updated CHANGELOG for 2.8.28
bumped Symfony version to 2.7.36
updated VERSION for 2.7.35
update CONTRIBUTORS for 2.7.35
updated CHANGELOG for 2.7.35
[Session] fix MongoDb session handler to gc all expired sessions
Updated Test name and exception name to be more accurate
newline at end of file
changed exception message
Ahh, I see. It actually wants a newline!
Removed newline
Created new Exception to throw and modified tests.
Created new Exception to throw and modified tests
Code standard fixes
Changed automatic token generation to throw an exception instead
...
* 2.8:
bumped Symfony version to 2.7.36
updated VERSION for 2.7.35
update CONTRIBUTORS for 2.7.35
updated CHANGELOG for 2.7.35
[Session] fix MongoDb session handler to gc all expired sessions
This PR was merged into the 3.4 branch.
Discussion
----------
[Security] Look at headers for switch_user username
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #24260
| License | MIT
| Doc PR | n/a
Allowing `switch_user.parameter` config node to be a header name.
It's supported by SwitchUserStatelessBundle and I think it makes sense.
Forgotten in #24260 so targets 3.4 but not a blocker.
Commits
-------
3c801951c8 [Security] Look at headers for switch user username parameter
* 2.7:
bumped Symfony version to 2.7.36
updated VERSION for 2.7.35
update CONTRIBUTORS for 2.7.35
updated CHANGELOG for 2.7.35
[Session] fix MongoDb session handler to gc all expired sessions
This PR was merged into the 3.3 branch.
Discussion
----------
Added support for guards when advancing workflow from a command
| Q | A
| ------------- | ---
| Branch? | 3.3
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #23904
| License | MIT
| Doc PR | symfony/symfony-docs
Added support for advancing a workflow from the command line when the transition has guards.
Commits
-------
15fd863112 Updated Test name and exception name to be more accurate
fefc20233b newline at end of file
8f2fa6b047 changed exception message
49839e3c28 Ahh, I see. It actually wants a newline!
2c9d1e2d42 Removed newline
92308b4815 Created new Exception to throw and modified tests.
2ebc71a616 Created new Exception to throw and modified tests
3a8b2eded1 Code standard fixes
22b44e251f Changed automatic token generation to throw an exception instead
8ab59cb1c2 Updated if statement
324c208e12 Code standards update
b044ffb4a2 Added support for guards when advancing workflow from a command
This PR was merged into the 3.4 branch.
Discussion
----------
[Session] deprecate MemcacheSessionHandler
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | no <!-- don't forget to update src/**/CHANGELOG.md files -->
| BC breaks? | no
| Deprecations? | yes
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
memcache extension didn't get a release since 4.5 years and is not compatible with PHP 7. see https://pecl.php.net/package/memcache
also the cache and lock components only provide adapters for memcached as well, no memcache
Commits
-------
989326b988 [Session] deprecate MemcacheSessionHandler
* 3.4:
[Bridge\Doctrine][FrameworkBundle] Deprecate some remaining uses of ContainerAwareTrait
[FrameworkBundle] Fix bad interface hint in AbstractController
[VarDumper] deprecate MongoCaster
[HttpFoundation] deprecate using with the legacy mongo extension; use it with the mongodb/mongodb package and ext-mongodb instead
Fix BC layer
Reset profiler.
[DI] Improve some deprecation messages
[DI] remove inheritdoc from dumped container
[Config] Fix dumped files invalidation by OPCache
[Security] Add Guard authenticator <supports> method
[Cache] Fix race condition in TagAwareAdapter
[DI] Allow setting any public non-initialized services
[Yaml] parse references on merge keys
treat trailing backslashes in multi-line strings
[FrameworkBundle] Expose dotenv in bin/console about
fix refreshing line numbers for the inline parser
fix version in changelog
[FrameworkBundle] Make Controller helpers final
[DoctrineBridge] Deprecate DbalSessionHandler
* 3.3:
[FrameworkBundle] Fix bad interface hint in AbstractController
[DI] Improve some deprecation messages
[Cache] Fix race condition in TagAwareAdapter
[Yaml] parse references on merge keys
treat trailing backslashes in multi-line strings
This PR was merged into the 3.4 branch.
Discussion
----------
[Bridge\Doctrine][FrameworkBundle] Deprecate some remaining uses of ContainerAwareTrait
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | yes
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
With this PR, the last two remaining uses of ContainerAwareTrait will be `Symfony\Component\HttpKernel\Bundle\Bundle` and `Symfony\Bundle\FrameworkBundle\Controller\Controller`.
For Bundle, I think it's legitimate, for Controller, I think it's not, but that we should wait for 4.1 before considering its deprecation, alongside with `ContainerAwareCommand` (maybe).
Commits
-------
df9c8748e3 [Bridge\Doctrine][FrameworkBundle] Deprecate some remaining uses of ContainerAwareTrait
This PR was squashed before being merged into the 3.4 branch (closes#24438).
Discussion
----------
[Session][VarDumper] Deprecate accepting legacy mongo extension
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | no <!-- don't forget to update src/**/CHANGELOG.md files -->
| BC breaks? | no
| Deprecations? | yes
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
The old ext-mongo is deprecated and does not work with PHP 7. See http://php.net/manual/en/mongo.setup.php
People should use mongodb/mongodb and ext-mongodb instead. This deprecates functionality using the old ext-mongo classes.
Commits
-------
d535ff60c2 [VarDumper] deprecate MongoCaster
6651af07c2 [HttpFoundation] deprecate using with the legacy mongo extension; use it with the mongodb/mongodb package and ext-mongodb instead
This PR was merged into the 4.0-dev branch.
Discussion
----------
[Process] Removed dead code in the start method
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
Commits
-------
1eee2a461c [Process] Removed dead code in the start method
This PR was merged into the 3.3 branch.
Discussion
----------
[Cache] Fix race condition in TagAwareAdapter
| Q | A
| ------------- | ---
| Branch? | 3.3
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #24240
| License | MIT
| Doc PR | -
This code is not needed, and might create a race condition (see linked issue). Let's drop it.
When no tags are set on an item, this stores an empty tags array, instead of deleting the tags array entry at all.
Commits
-------
fa24fa8a3c [Cache] Fix race condition in TagAwareAdapter
This PR was merged into the 3.4 branch.
Discussion
----------
[Security] Add Guard authenticator <supports> method
This method will be called before starting an authentication against a guard authenticator.
The authentication will be tried only if the supports method returned `true`
This improves understanding of code, increase consistency and removes responsability for `getCredentials` method to decide if the current request should be supported or not.
| Q | A |
| --- | --- |
| Bug fix? | no |
| New feature? | yes |
| BC breaks? | yes |
| Deprecations? | yes |
| Tests pass? | yes |
| Fixed tickets | none |
| License | MIT |
| Doc PR | |
Commits
-------
78eecba780 Fix BC layer
a7a6f8a678 [Security] Add Guard authenticator <supports> method
This method will be called before starting an authentication against a guard authhenticator.
The authentication will be tried only if the supports method returned <true>
This improves understanding of code, increase consistency and removes responsability for <getCredentials> method
To decide if the current request should be supported or not.
This PR was merged into the 4.0-dev branch.
Discussion
----------
[Intl] fix return type value
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
Commits
-------
0e1ce34102 [Intl] fix return type value
This PR was merged into the 3.4 branch.
Discussion
----------
[Yaml] fix refreshing line numbers for the inline parser
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
Commits
-------
5518896c26 fix refreshing line numbers for the inline parser
* 3.4: (33 commits)
Remove remaining `@experimental` annotations
Tests and fix for issue in array model data in EntityType field with multiple=true
[Validator] Add unique entity violation cause
[Lock] Automaticaly release lock when user forget it
[Form] Fixed PercentToLocalizedStringTransformer to accept both comma and dot as decimal separator, if possible
fixed CS
[FrameworkBundle] Don't clear app pools on cache:clear
Hide label button when its setted to false
removed useless PHPDoc
[HttpFoundation] Return instance in StreamedResponse
[Form] Fix FormInterface::submit() annotation
[PHPUnitBridge] don't remove when set to empty string
PdoSessionHandler: fix advisory lock for pgsql when session.sid_bits_per_character > 4
HttpCache does not consider ESI resources in HEAD requests
Fix translation for "This field was not expected"
[Routing] Enhance Route(Collection) docblocks
Added improvement for accuracy in MoneyToLocalizedStringTransformer.
Removed unused private property
Use correct verb form in the pull request template
Use PHP_MAXPATHLEN in Filesystem.
...
* 3.3: (23 commits)
Tests and fix for issue in array model data in EntityType field with multiple=true
[Form] Fixed PercentToLocalizedStringTransformer to accept both comma and dot as decimal separator, if possible
removed useless PHPDoc
[Form] Fix FormInterface::submit() annotation
[PHPUnitBridge] don't remove when set to empty string
PdoSessionHandler: fix advisory lock for pgsql when session.sid_bits_per_character > 4
HttpCache does not consider ESI resources in HEAD requests
Fix translation for "This field was not expected"
[Routing] Enhance Route(Collection) docblocks
Added improvement for accuracy in MoneyToLocalizedStringTransformer.
Removed unused private property
Use correct verb form in the pull request template
Use PHP_MAXPATHLEN in Filesystem.
Added null as explicit return type (?TokenInterface)
[FrameworkBundle] Fix Routing\DelegatingLoader
Render all line breaks according to the exception message
[Form] Fix phpdoc
[DI] remove confusing code
[Form] Fixed GroupSequence with "constraints" option
[Validator] Clarify UUID validator behavior
...
* 2.8: (22 commits)
Tests and fix for issue in array model data in EntityType field with multiple=true
[Form] Fixed PercentToLocalizedStringTransformer to accept both comma and dot as decimal separator, if possible
removed useless PHPDoc
[Form] Fix FormInterface::submit() annotation
PdoSessionHandler: fix advisory lock for pgsql when session.sid_bits_per_character > 4
HttpCache does not consider ESI resources in HEAD requests
Fix translation for "This field was not expected"
[Routing] Enhance Route(Collection) docblocks
Added improvement for accuracy in MoneyToLocalizedStringTransformer.
Removed unused private property
Use correct verb form in the pull request template
Use PHP_MAXPATHLEN in Filesystem.
Added null as explicit return type (?TokenInterface)
[FrameworkBundle] Fix Routing\DelegatingLoader
Render all line breaks according to the exception message
[Form] Fix phpdoc
[DI] remove confusing code
[Form] Fixed GroupSequence with "constraints" option
[Validator] Clarify UUID validator behavior
[Filesystem] Fixed makePathRelative
...
* 2.7: (22 commits)
Tests and fix for issue in array model data in EntityType field with multiple=true
[Form] Fixed PercentToLocalizedStringTransformer to accept both comma and dot as decimal separator, if possible
removed useless PHPDoc
[Form] Fix FormInterface::submit() annotation
PdoSessionHandler: fix advisory lock for pgsql when session.sid_bits_per_character > 4
HttpCache does not consider ESI resources in HEAD requests
Fix translation for "This field was not expected"
[Routing] Enhance Route(Collection) docblocks
Added improvement for accuracy in MoneyToLocalizedStringTransformer.
Removed unused private property
Use correct verb form in the pull request template
Use PHP_MAXPATHLEN in Filesystem.
Added null as explicit return type (?TokenInterface)
[FrameworkBundle] Fix Routing\DelegatingLoader
Render all line breaks according to the exception message
[Form] Fix phpdoc
[DI] remove confusing code
[Form] Fixed GroupSequence with "constraints" option
[Validator] Clarify UUID validator behavior
[Filesystem] Fixed makePathRelative
...
This PR was squashed before being merged into the 2.7 branch (closes#23980).
Discussion
----------
Tests and fix for issue in array model data in EntityType field with multiple=true
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| License | MIT
| Fixed tickets | #23927
Provided some tests and the fix for #23927.
Rebased to 2.7, replaces #23930
Commits
-------
aaba6b4c2b Tests and fix for issue in array model data in EntityType field with multiple=true
This PR was squashed before being merged into the 3.4 branch (closes#22132).
Discussion
----------
[Lock] Automaticaly release lock when user forget it
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
The objective of this PR is to automatically release the Lock when the user forget to call the `release` method (like the `fclose` function does in, php core).
The implementation is comparable to #22115 but the purpose is not the same.
I create a new PR to not mix things.
Commits
-------
2eedc1fd37 [Lock] Automaticaly release lock when user forget it
This PR was squashed before being merged into the 2.7 branch (closes#22586).
Discussion
----------
[Form] Fixed PercentToLocalizedStringTransformer to accept both comma and dot as decimal separator, if possible
| Q | A
| ------------- | ---
| Branch? | 2.7 <!-- see comment below -->
| Bug fix? | yes-ish
| New feature? | no <!-- don't forget updating src/**/CHANGELOG.md files -->
| BC breaks? | no
| Deprecations? | no <!-- don't forget updating UPGRADE-*.md files -->
| Tests pass? | yes
| Fixed tickets | <!-- #-prefixed issue number(s), if any -->
| License | MIT
<!--
- Bug fixes must be submitted against the lowest branch where they apply
(lowest branches are regularly merged to upper ones so they get the fixes too).
- Features and deprecations must be submitted against the master branch.
- Please fill in this template according to the PR you're about to submit.
- Replace this comment by a description of what your PR is solving.
-->
Implements the same behaviour that `NumberToLocalizedStringTransformer` in order to accept both comma and dot implemented in #5941
Commits
-------
f96a7f81b8 [Form] Fixed PercentToLocalizedStringTransformer to accept both comma and dot as decimal separator, if possible
This PR was merged into the 3.4 branch.
Discussion
----------
Bootstrap4 support for Twig form theme
**This PR is a followup from #19648. That PR was closed because GitHub thought my branch contained no commits after a force push...**
| Q | A |
| --- | --- |
| Branch? | master |
| Bug fix? | no |
| New feature? | yes |
| BC breaks? | no |
| Deprecations? | no |
| Tests pass? | yes |
| Fixed tickets | #16289 |
| License | MIT |
| Doc PR | - |
I have made a port of the Twig form theming code for Bootstrap 3 to the α-5 version of Bootstrap 4.
- The (inheritance) structure of the form theming files has changed because a number of blocks are the same between BS 3 and 4. They have been migrated to `bootstrap_base_layout.html.twig`.
The new tree is as follows:
```
bootstrap_base_layout.html.twig
|-- bootstrap_3_layout.html.twig
| `-- bootstrap_3_horizontal_layout.html.twig
`-- bootstrap_4_layout.html.twig
`-- bootstrap_4_horizontal_layout.html.twig
```
- Any occurances of `.form-horizontal` have been removed from the BS 4 code.
- Checkboxes and radio buttons have been stacked using the `.form-check`, `.form-check-label` and `.form-check-input` classes. There is now no distinction between checkboxes and radio buttons in the markdown.
- All layout tests have been added and updated for BS4. The inheritance tree is as follows:
```
AbstractLayoutTest
`-- AbstractBootstrap3LayoutTest
|-- AbstractBootstrap3HorizontalLayoutTest
`-- AbstractBootstrap4LayoutTest
`-- AbstractBootstrap4HorizontalLayoutTest
```
All tests pass. The classes `FormExtensionBootstrap4LayoutTest` and `FormExtensionBootstrap4HorizontalLayoutTest` have been created similarly to the BS 3 versions.
- ~~The label coloring on an validation is not correct. I've made an issue (twbs/bootstrap#20535) of the problem.~~
- No [custom form elements](http://v4-alpha.getbootstrap.com/components/forms/#custom-forms) have been used.
- A docs PR can be created if this PR is accepted.
- The new code might have to be updated if large changes occur in the BS 4 α.
Screenshot of BS3 and 4 comparison for the same form:
Commits
-------
f12e5887ff Removed unneeded wrapping quotes around a Twig key
709f134dc8 Removed unneeded wrapping quotes around a Twig key
4222d54a53 Initial commit for Bootstrap 4 form theme, based on Bootstrap 3 form theme
This PR was merged into the 2.7 branch.
Discussion
----------
[Intl] Fixed support of Locale::getFallback
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #24154
| License | MIT
| Doc PR |
Commits
-------
256055218e [Intl] Fixed support of Locale::getFallback
This PR was merged into the 2.7 branch.
Discussion
----------
[HttpFoundation] Fix file upload multiple with no files
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
```php
<form method="post" enctype="multipart/form-data">
<input type="file" multiple name="img[]">
<input type="submit">
</form>
<?php
$loader = require __DIR__ . '/../app/autoload.php';
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
$request = \Symfony\Component\HttpFoundation\Request::createFromGlobals();
var_export($request->files->all()['img']);
}
```
Expected result when I send the form without any files:
```
array ()
```
Actual result:
```
array ( 0 => NULL, )
```
This causes a problem later when using FileType with multiple option - if no files are sent the form data are `[0 => '']` instead of `[]`.
Of course I need to add a test for this.
Commits
-------
d4f6039dcd [HttpFoundation] Fix file upload multiple with no files
This PR was squashed before being merged into the 3.4 branch (closes#24374).
Discussion
----------
[HttpFoundation] Return instance in StreamedResponse
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| License | MIT
<!--
- Bug fixes must be submitted against the lowest branch where they apply
(lowest branches are regularly merged to upper ones so they get the fixes too).
- Features and deprecations must be submitted against the 3.4,
legacy code removals go to the master branch.
- Please fill in this template according to the PR you're about to submit.
- Replace this comment by a description of what your PR is solving.
-->
Commits
-------
2080582a75 [HttpFoundation] Return instance in StreamedResponse
* 3.4:
[FrameworkBundle] Register a NullLogger from test kernels
[SecurityBundle] Deprecate auto picking the first provider
[Security] Add user impersonation support for stateless authentication
This PR was squashed before being merged into the 3.4 branch (closes#24300).
Discussion
----------
[HttpKernel][FrameworkBundle] Add a minimalist default PSR-3 logger
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | yes <!-- don't forget updating src/**/CHANGELOG.md files -->
| BC breaks? | no
| Deprecations? | no <!-- don't forget updating UPGRADE-*.md files -->
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
This PR provides a minimalist PSR-3 logger that is always available when FrameworkBundle is installed.
By default, it writes errors on `stderr`, regular logs on `stdout` and discards debug data (this is configurable).
This approach has several benefits:
- It's what expect from an app logging systems of major containerization and orchestration tools including [Docker](https://docs.docker.com/engine/admin/logging/view_container_logs/) and [Kubernetes](https://kubernetes.io/docs/concepts/cluster-administration/logging/), as well as most cloud providers such as [Heroku](https://devcenter.heroku.com/articles/logging#writing-to-your-log) and [Google Container Engine](https://kubernetes.io/docs/tasks/debug-application-cluster/logging-stackdriver/). If the app follows this standard (and it's not currently the case with Symfony by default) logs will be automatically collected, aggregated and stored.
- It's in sync with the "back to Unix roots" philosophy of Flex
- Logs are directly displayed in the console when running the integrated PHP web server (`bin/console server:start` or Flex's `make serve`), Create React App also do that for instance.
- It fixes a common problem when installing Flex recipes: many bundles expect a logger service but currently there is none available by default, and you usually get a `"logger" service not found error` (because packages depend of the PSR, but the PSR doesn't provide a logger service).
Commits
-------
9a06513ec7 [HttpKernel][FrameworkBundle] Add a minimalist default PSR-3 logger
This PR was merged into the 2.7 branch.
Discussion
----------
[Form] Fix precision of MoneyToLocalizedStringTransformer's divisions and multiplications
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | no
| License | MIT
There is a [PHP Bug](https://bugs.php.net/bug.php?id=75004) with the accuracy of divisions and multiplications when `/=` and `*=` are used.
Here is the proof: https://3v4l.org/u1DkX
It would be better to use `bcmul()` and `bcdiv()` in the `MoneyToLocalizedStringTransformer.php` to prevent this bug.
Commits
-------
ab47c7878e Added improvement for accuracy in MoneyToLocalizedStringTransformer.
* 3.4:
Argon2i Password Encoder
[DI] EnvVarProcessorInterface: fix missing use
[FrameworkBundle] Use PhpExtractor from Translation
[DowCrawler] Default to UTF-8 when possible
This PR was merged into the 3.4 branch.
Discussion
----------
[Security] Argon2i Password Encoder
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR | WIP
Since the [libsodium RFC](https://wiki.php.net/rfc/libsodium) passed with flying colours, I'd like to kick start a discussion about adding Argon2i as a password encoder to the security component. The initial code proposal in this PR supports both the upcoming public API confirmed for PHP 7.2, and the [libsodium PECL extension](https://pecl.php.net/package/libsodium) for those below 7.2 (available for PHP 5.4+).
#### Concerns
- Should the test cover hash length? At the moment the result of Argon2i is 96 characters, but because the hashing parameters are included in the result (`$argon2i$v=19$m=32768,t=4,p=1$...`) this is not guaranteed.
- I've used one password encoder class because the result *should* be the same whether running natively in 7.2 or from the PECL extension, but should the logic be split out into separate private methods (like `Argon2iPasswordEncoder::encodePassword()`) or not (like in `Argon2iPasswordEncoder::isPasswordValid()`)? Since I can't really find anything concrete on Symfony choosing one way over another I'm assuming it's down to personal preference?
#### The Future
Whilst the libsodium RFC has been approved and the public API confirmed, there has been no confirmation of Argon2i becoming an official algorithm for `passhword_hash()`. If that is confirmed, then the implementation should *absolutely* use the native `password_*` functions since the `sodium_*` functions do not have an equivalent to the `password_needs_rehash()` function.
Any feedback would be greatly appreciated 😃
Commits
-------
be093dd79a Argon2i Password Encoder
This PR was merged into the 3.4 branch.
Discussion
----------
[DowCrawler] Default to UTF-8 when possible
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #17258
| License | MIT
| Doc PR | -
This can't be ambiguous, let's use UTF-8 when possible.
Commits
-------
73eda66b99 [DowCrawler] Default to UTF-8 when possible
Add the Argon2i hashing algorithm provided by libsodium as a core encoder in the Security component, and enable it in the SecurityBundle.
Credit to @chalasr for help with unit tests.
* 3.4:
Fix conflicts between Bridge/PhpUnit and Debug fixtures
[DI] Fix typehint
[PhpUnitBridge] Make CoverageListenerTest more robust when xdebug is not available
This PR was merged into the 3.3 branch.
Discussion
----------
[DependencyInjection] include file and line number in deprecation
| Q | A
| ------------- | ---
| Branch? | 3.3
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
In #23108 we removed line numbers from deprecation messages created by the YAML parser because those numbers were quite useless without the file being parsed. I suggest to revert this change and add the file being parsed to the deprecation message.
Commits
-------
cf03552 include file and line number in deprecation
* 3.4:
Moved PhpExtractor and PhpStringTokenParser to Translation component
[Asset] Provide default context
[HttpKernel] Deprecate some compiler passes in favor of tagged iterator args
Add exclusive Twig namespace for bundles path
Share connection factories between cache and lock
This PR was merged into the 3.4 branch.
Discussion
----------
[HttpKernel] Deprecate some compiler passes in favor of tagged iterator args
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | yes
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
More code that we can drop :)
Commits
-------
fa62e5068e [HttpKernel] Deprecate some compiler passes in favor of tagged iterator args
This PR was merged into the 3.4 branch.
Discussion
----------
[Lock] Use cache connection factories in lock
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | no (feature removal)
| BC breaks? | no (if merged in 3.4)
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
An alternative to https://github.com/symfony/symfony/pull/24267 to share code between cache and lock.
Commits
-------
95358ac98f Share connection factories between cache and lock
This PR was squashed before being merged into the 3.4 branch (closes#21027).
Discussion
----------
[Asset] Provide default context
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #19396
| License | MIT
| Doc PR | should be noted somewhere, ill create an issue
Allows configuring the default asset context to make things works on CLI for example. Same approach as the routing component.
Introduces
```yaml
# parameters.yml
asset.request_context.base_path: '/base/path'
asset.request_context.secure: false
```
Commits
-------
9137d57ecd [Asset] Provide default context
This PR was merged into the 3.4 branch.
Discussion
----------
[DI] Reference tagged services in config
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #12269
| License | MIT
| Doc PR | https://github.com/symfony/symfony-docs/issues/8404
This is a proof of concept to reference a sequence of tagged services.
The problem bugs me for some time, and at first i thought the solution was to have some super generic compiler pass. If it could replace a lot of compilers in core.. perhaps worth it, but eventually each tag comes with it's own logic, including how to deal with tag attributes.
However, writing the passes over and over again becomes tedious for the most basic usecase. So given the recent developments, this idea came to mind.
```yml
services:
a:
class: stdClass
properties: { a: true }
tags: [foo]
b:
class: stdClass
properties: { b: true }
tags: [foo]
c:
class: stdClass
properties:
#stds: !tagged_services foo (see #22198)
stds: !tagged_services
foo
```
```
dump(iterator_to_array($this->get('c')->stds));
```
```
array:2 [▼
0 => {#5052 ▼
+"a": true
}
1 => {#4667 ▼
+"b": true
}
]
```
Given the _basic_ example at https://symfony.com/doc/current/service_container/tags.html, this could replace that.
Any thoughts?
Commits
-------
979e58f [DI] Reference tagged services in config
This PR was squashed before being merged into the 3.4 branch (closes#24337).
Discussion
----------
Adding a shortcuts for the main security functionality
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | none
| License | MIT
| Doc PR | Big ol' TODO
I'd like one class that I can inject (especially with autowiring) to get access to the User and `isGranted()` methods. This is *really* important... because to get the User currently, you need to type-hint `TokenStorageInterface`... and there are *two*! That's really bad DX!
Questions:
A) I hi-jacked the existing `Security` class... I wanted a simple class called Security
B) I called the service `security.helper`... for lack of a better id.
C) I did not make `Security` implement the 2 other interfaces (`TokenStorageInterface`, `AuthorizationCheckerInterface`... but I suppose we could?)
Cheers!
Commits
-------
0851189 Adding a shortcuts for the main security functionality
This PR was merged into the 3.4 branch.
Discussion
----------
[Yaml] include file and line no in deprecation message
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
Now that we know the filename being parsed we can improve deprecation messages which is especially useful when trying to find the DI config file that triggers a particular deprecation.
Commits
-------
f618e43234 include file and line no in deprecation message
This PR was merged into the 2.7 branch.
Discussion
----------
[Validator] minor translation text fix
Update validators.cs.xlf - Fix czech translation for "This field was not expected"
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | n/a
| Fixed tickets | none
| License | none
| Doc PR | none
This commit fixes grammatical issue for czech translation only.
Commits
-------
fbe7148000 Fix translation for "This field was not expected"
* 3.4:
[DI] Fix missing use + minor tweaks
[Routing] Enhance PHP DSL traits docblocks
Fix AclSchemaListener deprecation
Set a NullLogger in ApcuAdapter when Apcu is disabled in CLI
Minor reword
[HttpKernel] Make array vs "::" controller definitions consistent
Fix tests
[TwigBundle] Remove profiler related scripting
[TwigBundle][WebProfilerBundle] Switch to DOMContentLoaded event
[WebProfilerBundle] Hide inactive tabs from CSS
[TwigBundle] Make deprecations scream in logs
[TwigBundle] Hide logs if unavailable, i.e. webprofiler
[TwigBundle] Break long lines in exceptions
[WebProfilerBundle] Added missing link to profile token
[DI] Fix decorated service merge in ResolveInstanceofConditionalsPass
Preserve URI fragment in HttpUtils::generateUri()
[PhpUnitBridge] do not require an error context
* 3.3:
Set a NullLogger in ApcuAdapter when Apcu is disabled in CLI
Minor reword
[HttpKernel] Make array vs "::" controller definitions consistent
Fix tests
[TwigBundle] Remove profiler related scripting
[TwigBundle][WebProfilerBundle] Switch to DOMContentLoaded event
[WebProfilerBundle] Hide inactive tabs from CSS
[TwigBundle] Make deprecations scream in logs
[TwigBundle] Hide logs if unavailable, i.e. webprofiler
[TwigBundle] Break long lines in exceptions
[WebProfilerBundle] Added missing link to profile token
[DI] Fix decorated service merge in ResolveInstanceofConditionalsPass
Preserve URI fragment in HttpUtils::generateUri()
[PhpUnitBridge] do not require an error context
This PR was squashed before being merged into the 2.7 branch (closes#24243).
Discussion
----------
HttpCache does not consider ESI resources in HEAD requests
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
Due to this shortcut:
3b42d8859e/src/Symfony/Component/HttpKernel/HttpCache/HttpCache.php (L634-L642)
... the `HttpCache` never looks at the response body for `HEAD` requests. This makes it completely miss ESI-related tweaks like computing the correct TTL, removing validation headers or updating the `Content-Length`.
From RFC2616 (https://www.w3.org/Protocols/rfc2616/rfc2616-sec9.html#sec9.4):
> The HEAD method is identical to GET except that the server MUST NOT return a message-body in the response. The metainformation contained in the HTTP headers in response to a HEAD request SHOULD be identical to the information sent in response to a GET request.
Although it says "SHOULD", I think it can be misleading at best when HEAD requests do, for example, return different (greater) `s-maxage` values than a corresponding GET request.
Commits
-------
4dd0e53171 HttpCache does not consider ESI resources in HEAD requests
* 3.4:
fixed CS
[Serializer] Add Support for in CustomNormalizer
Remove Validator\TypeTestCase and add validator logic to base TypeTestCase
[Lock] Include lock component in framework bundle
[WebProfilerBundle] Render file links for twig templates
CsvEncoder handling variable structures and custom header order
Saltless Encoder Interface
[Serializer] throw more specific exceptions
# Conflicts:
# src/Symfony/Bundle/FrameworkBundle/composer.json
# src/Symfony/Bundle/SecurityBundle/Command/UserPasswordEncoderCommand.php
# src/Symfony/Component/Serializer/Encoder/XmlEncoder.php
# src/Symfony/Component/Serializer/Normalizer/AbstractNormalizer.php
# src/Symfony/Component/Serializer/Serializer.php
This PR was squashed before being merged into the 3.4 branch (closes#21716).
Discussion
----------
[Serializer] Add Support for `object_to_populate` in CustomNormalizer
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #21715
| License | MIT
| Doc PR | n/a
This pulls a trait out of `AbstractNormalizer` with a method to extract the object to populate and adds some tests for it. Then uses that trait in both `AbstractNormalizer` and `CustomNormalizer` so both can support the `object_to_populate` key.
Commits
-------
ec9242d1ee [Serializer] Add Support for in CustomNormalizer
This PR was squashed before being merged into the 3.4 branch (closes#21960).
Discussion
----------
Remove Validator\TypeTestCase and add validator logic to base TypeTestCase
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| BC breaks? | no/possibly
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | N/A
| License | MIT
| Doc PR | symfony/symfony-docs#7587
Based on a discussion in the docs, users should not really extend classes in the `Tests` namespace. This means that if you want to unit test forms, you need to extend the `Test\TypeTestCase` class which doesn't have the validation logic (Not adding the validator extension gives an error if you use the `constraints` option in your forms).
So I propose to remove the `Validator\TypeTestCase` class (or it can possibly be deprecated if it is wrongly used by someone), and add the validator extension logic to the base `TypTestCase` class.
The benefit is that there is only one class to extend (both for internal or userland tests), and it makes it easy to add more core extensions if necessary.
The one part that I don't like too much at the moment, is keeping the extension in the `getExtensions` method. This means that you extend the class and need to register custom extensions, that you would need to do `return array_merge(parent::getExtensions(), ... ` (only in the case when you want core extensions enabled). So I don't know if we rather want to add a private method like `getCoreExtensions`?
Commits
-------
5ab50103ae Remove Validator\TypeTestCase and add validator logic to base TypeTestCase
This PR was merged into the 3.4 branch.
Discussion
----------
[Serializer] throw more specific exceptions
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #20534
| License | MIT
| Doc PR |
Commits
-------
aa30d04243 [Serializer] throw more specific exceptions
This PR was squashed before being merged into the 3.4 branch (closes#24256).
Discussion
----------
CsvEncoder handling variable structures and custom header order
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #23278
| License | MIT
| Doc PR | TBD
This PR improves the CsvEncoder to handle variable nesting structures and adds a context option that allows custom csv header order.
Commits
-------
d173494e48 CsvEncoder handling variable structures and custom header order
This PR was merged into the 3.4 branch.
Discussion
----------
[Security] Saltless Encoder Interface
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
A new interface for encoders that do not require a user-generated salt (generate their own built-in) as suggested by @stof ([comment](https://github.com/symfony/symfony/pull/21604/files#r101225470)), this will become useful as more password encoders are added in the future (such as symfony/symfony#21604).
Commits
-------
7c4aa0bccb Saltless Encoder Interface
* 3.4:
[PhpUnitBridge] Added a CoverageListener to enhance the code coverage report
Add a method to check if any results were found
[SecurityBundle] Deprecate ACL related code
[FrameworkBundle] Enable assets with templates only if the Asset component is installed
This PR was merged into the 3.4 branch.
Discussion
----------
[Finder] Add a method to check if any results were found
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| License | MIT
If I want to know if any results were found, but I don't want to start trawling through them, I have to do the rather ugly:
```php
$found = false;
foreach ($finder as $thing) {
$found = true;
break;
}
if ($found) {
```
This PR enables the much more readable:
```php
if ($finder->found()) {
```
This seemed like an obvious thing to me, so I suspect there might be a reason this doesn't exist already, but I couldn't find any previous discussion. If it'll be accepted then I'll glady create a docs PR
Commits
-------
24dcb5202c Add a method to check if any results were found
* 3.4:
Passing the newly generated security token to the event during user switching.
Fix changelog and minor tweak for #23485
[Config] extracted the xml parsing from XmlUtils::loadFile into XmlUtils::parse
[Security][SecurityBundle] Deprecate the HTTP digest auth
add ability to configure catching exceptions
Extract method refactoring for ResourceCheckerConfigCache
This PR was merged into the 3.4 branch.
Discussion
----------
[Security][Firewall] Passing the newly generated security token to the event during user switching
Event allows listeners to easily switch out the token if custom token updates are required
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
Updated SwitchUserEvent to include the generated security Token. Allows the listeners to replace the token with their own (in case an application has some custom logic for token generation). The SwitchUserListener will now use the token returned by the event, so if token was not changed the self generated token will be used. If token was changed in the event then the new token would get used.
Reasons for this feature
--------------------------
In our current project users can have different Role sets depending on which organization they switch to. Our `User->getRoles()` always returns ["ROLE_USER"] and after login user is presented with choice of organizations they want to work in. Based on selected organization roles get updated with then stored token.
Without the change proposed in this PR. The only way we can setup the proper roles during user switch is by replacing `security.authentication.switchuser_listener` service with our own implementation of the listener.
With the proposed change, we can replace the security token with the one having all the roles we require directly inside our listener for `security.switch_user` event that gets thrown by Symfony's `SwitchUserListener`
Commits
-------
4205f1b Passing the newly generated security token to the event during user switching.
This PR was merged into the 3.4 branch.
Discussion
----------
[HttpKernel] Add ability to configure catching exceptions for Client
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | todo
Debugging exceptions in functional tests is difficult as you need to look at the logs to see which exception was thrown. Disabling catching of exceptions in the client would allow the exception to bubble up to phpunit and make it easier to see what exception was thrown.
Commits
-------
4812e60 add ability to configure catching exceptions
This PR was squashed before being merged into the 3.4 branch (closes#22589).
Discussion
----------
Extract method refactoring for ResourceCheckerConfigCache
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
Improves code readability.
Commits
-------
685c353 Extract method refactoring for ResourceCheckerConfigCache
This PR was squashed before being merged into the 3.4 branch (closes#24239).
Discussion
----------
[HttpFoundation] Deprecate compatibility with PHP <5.4 sessions
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | yes
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
This PR removes functionality added in Symfony 2.1 as a compatibility layer with sessions from PHP <5.4.
- [x] Fix tests
Commits
-------
3deb3940ab [HttpFoundation] Deprecate compatibility with PHP <5.4 sessions
This PR was squashed before being merged into the 3.4 branch (closes#23882).
Discussion
----------
[Security] Deprecated not being logged out after user change
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | yes
| Tests pass? | yes
| Fixed tickets | #17023
| License | MIT
| Doc PR | ~
This PR is an alternative approach to #19033. Due to a behavioral change that could break a lot of applications and websites, I've decided to trigger a deprecation instead of actually changing the behavior as that can be done for 4.0.
Whenever a user object is considered changed (`AbstractToken::hasUserChanged`) when setting a new user object after refreshing, it will now throw a deprecation, paving the way for a behavioral change in 4.0. The idea is that in 4.0 Symfony will simply trigger a logout when this case is encountered.
Commits
-------
22f525b [Security] Deprecated not being logged out after user change
This PR was merged into the 2.7 branch.
Discussion
----------
Added null as explicit return type (?TokenInterface)
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | https://github.com/symfony/symfony/pull/23882#discussion_r140704737
| License | MIT
| Doc PR | ~
This fixes the returntype in the `ContextListener` so it can be merged upwards.
/cc @chalasr
Commits
-------
1ba4dd9 Added null as explicit return type (?TokenInterface)
This PR was merged into the 3.4 branch.
Discussion
----------
[DI] Fix tracking of bound arguments when using autoconfiguration
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
An exception is currently thrown when using arguments bindings on an autoconfigured controller action.
This fixes the issue.
Commits
-------
091f943 [DI] Fix tracking of bound arguments when using autoconfiguration
