Uses `session.cookie_samesite` for PHP >= 7.3. For PHP < 7.3 it first
does a session_start(), find the emitted header, changes it, and emits
it again with the value for SameSite added.
* 4.0:
Fix Clidumper tests
Enable the fixer enforcing fully-qualified calls for compiler-optimized functions
Apply fixers
Disable the native_constant_invocation fixer until it can be scoped
Update the list of excluded files for the CS fixer
* 3.4:
Fix Clidumper tests
Enable the fixer enforcing fully-qualified calls for compiler-optimized functions
Apply fixers
Disable the native_constant_invocation fixer until it can be scoped
Update the list of excluded files for the CS fixer
* 2.8:
Fix Clidumper tests
Enable the fixer enforcing fully-qualified calls for compiler-optimized functions
Apply fixers
Disable the native_constant_invocation fixer until it can be scoped
Update the list of excluded files for the CS fixer
This PR was squashed before being merged into the 3.4 branch (closes#26193).
Discussion
----------
Fix false-positive deprecation notices for TranslationLoader and WriteCheckSessionHandler
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #25518
| License | MIT
Symfony 3.4 emits deprecation warnings for `TranslationLoader` and `WriteCheckSessionHandler` as soon as these classes are loaded, yet at the same time these classes are part of the default services defined in Symfony 3.4, so if these classes are loaded during container compilation a deprecation warning is emitted, even if these classes are never actually used.
An example would be the following within a compiler pass:
foreach ($containerBuilder->getDefinitions() as $definition) {
if (is_subclass_of($definition->getClass(), SomeClass::class)) {
$definition->addMethodCall('setSomething', [new Reference('someservice')]);
}
}
This will load both `TranslationLoader` and `WriteCheckSessionHandler` in order to check their definition. No instance of the classes are ever used and the classes are not loaded after compilation ever, yet the deprecation notices are shown on every single page. More details are provided in issue #25518 .
By moving the deprecation notices to the class constructors false-positives are avoided while actual usage of the classes should still generate the deprecation warnings.
Commits
-------
1a427b181d Fix false-positive deprecation notices for TranslationLoader and WriteCheckSessionHandler
* 4.0:
fixed typo
[FrameworkBundle] fixed brackets position in method calls
[Form] Fix PHPDoc for FormConfigBuilder $dataClass argument
[Security] Update user phpdoc on tokens
[WebProfilerBundle] Fixed icon alignment issue using Bootstrap 4.1.2
suppress side effects in 'get' or 'has' methods of NamespacedAttributeBag
[HttpFoundation] reset callback on StreamedResponse when setNotModified() is called
[HttpFoundation] Fixed phpdoc for get method of HeaderBag
fix typo in ContainerBuilder docblock
[Form/Profiler] Massively reducing memory footprint of form profiling pages by removing redundant 'form' variable from view variables.
[Console] correctly return parameter's default value on "--"
* 3.4:
[FrameworkBundle] fixed brackets position in method calls
[Form] Fix PHPDoc for FormConfigBuilder $dataClass argument
[Security] Update user phpdoc on tokens
[WebProfilerBundle] Fixed icon alignment issue using Bootstrap 4.1.2
suppress side effects in 'get' or 'has' methods of NamespacedAttributeBag
[HttpFoundation] reset callback on StreamedResponse when setNotModified() is called
[HttpFoundation] Fixed phpdoc for get method of HeaderBag
fix typo in ContainerBuilder docblock
[Form/Profiler] Massively reducing memory footprint of form profiling pages by removing redundant 'form' variable from view variables.
[Console] correctly return parameter's default value on "--"
* 2.8:
[Form] Fix PHPDoc for FormConfigBuilder $dataClass argument
[Security] Update user phpdoc on tokens
[WebProfilerBundle] Fixed icon alignment issue using Bootstrap 4.1.2
suppress side effects in 'get' or 'has' methods of NamespacedAttributeBag
[HttpFoundation] reset callback on StreamedResponse when setNotModified() is called
[HttpFoundation] Fixed phpdoc for get method of HeaderBag
fix typo in ContainerBuilder docblock
* 4.0:
[HttpFoundation] update phpdoc of FlashBagInterface::add()
[ProxyManagerBridge] Fix support of private services (bis)
bug #27701 [SecurityBundle] Dont throw if "security.http_utils" is not found (nicolas-grekas)
[Form] relax fixtures for forward compat
[Validator] Fix the namespace of RegexTest
[Lock] fix locale dependent test case
* 3.4:
[HttpFoundation] update phpdoc of FlashBagInterface::add()
[ProxyManagerBridge] Fix support of private services (bis)
bug #27701 [SecurityBundle] Dont throw if "security.http_utils" is not found (nicolas-grekas)
[Form] relax fixtures for forward compat
[Validator] Fix the namespace of RegexTest
[Lock] fix locale dependent test case
* 2.8:
[HttpFoundation] update phpdoc of FlashBagInterface::add()
bug #27701 [SecurityBundle] Dont throw if "security.http_utils" is not found (nicolas-grekas)
[Validator] Fix the namespace of RegexTest
This PR was squashed before being merged into the 2.8 branch (closes#27765).
Discussion
----------
[HttpFoundation] update phpdoc of FlashBagInterface::add()
| Q | A
| ------------- | ---
| Branch? | 2.8
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
**Reason why I propose to change the docblock like this: **
The `FlashBagInterface::add()` function does not work only with the `string` type in second parameter
Commits
-------
9135e18ded [HttpFoundation] update phpdoc of FlashBagInterface::add()
This PR was merged into the 3.4 branch.
Discussion
----------
[HttpFoundation] fix session tracking counter
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | no
| Fixed tickets | -
| License | MIT
| Doc PR | -
As just discussed with @nicolas-grekas I found this issue today while upgrading my app to 3.4.12. Somehow its not possible anymore to set caching headers correctly since this commit: 146e01cb44 (diff-5350dc763df30ada9d00563c115f6652)
Commits
-------
89ed756462 failing test to reproduce session problem
26fc4e683f [HttpFoundation] fix session tracking counter
* 4.0:
[HttpKernel] fix PHP 5.4 compat
Fix surrogate not using original request
[Finder] Update RealIteratorTestCase
[Routing] remove unneeded dev dep on doctrine/common
[minor] SCA
[Validator] Remove BOM in some xlf files
Fix#27378: Error when rendering a DateIntervalType form with exactly 0 weeks
[HttpKernel] fix session tracking in surrogate master requests
* 3.4:
[HttpKernel] fix PHP 5.4 compat
Fix surrogate not using original request
[Finder] Update RealIteratorTestCase
[Routing] remove unneeded dev dep on doctrine/common
[minor] SCA
[Validator] Remove BOM in some xlf files
Fix#27378: Error when rendering a DateIntervalType form with exactly 0 weeks
[HttpKernel] fix session tracking in surrogate master requests
* 3.4:
migrating session for UsernamePasswordJsonAuthenticationListener
Adding session authentication strategy to Guard to avoid session fixation
Adding session strategy to ALL listeners to avoid *any* possible fixation
[HttpFoundation] Break infinite loop in PdoSessionHandler when MySQL is in loose mode
* 2.8:
Adding session authentication strategy to Guard to avoid session fixation
Adding session strategy to ALL listeners to avoid *any* possible fixation
[HttpFoundation] Break infinite loop in PdoSessionHandler when MySQL is in loose mode
* 3.4:
fix merge
[Security] Fix logout
Cleanup 2 tests for the HttpException classes
#27250 limiting GET_LOCK key up to 64 char due to changes in MySQL 5.7.5 and later
[Config] Fix tests when path contains UTF chars
[DI] Shared services should not be inlined in non-shared ones
[Profiler] Remove propel & event_listener_loading category identifiers
[Filesystem] Fix usages of error_get_last()
[Cache][Lock] Fix usages of error_get_last()
[Debug] Fix populating error_get_last() for handled silent errors
[DI] Display previous error messages when throwing unused bindings
Suppress warnings when open_basedir is non-empty
* 2.8:
[Security] Fix logout
#27250 limiting GET_LOCK key up to 64 char due to changes in MySQL 5.7.5 and later
[Profiler] Remove propel & event_listener_loading category identifiers
[Filesystem] Fix usages of error_get_last()
[Debug] Fix populating error_get_last() for handled silent errors
Suppress warnings when open_basedir is non-empty
* 4.0:
PhpDoc: There is no attempt to create the directory
Avoiding an error when an unused service has a missing base class
Add an implementation just for php 7.0
bumped Symfony version to 2.7.47
Fix#27011: Session ini_set bug
[Cache] TagAwareAdapterInterface::invalidateTags() should commit deferred items
updated VERSION for 2.7.46
update CONTRIBUTORS for 2.7.46
updated CHANGELOG for 2.7.46
bug #25844 [HttpKernel] Catch HttpExceptions when templating is not installed
* 3.4:
PhpDoc: There is no attempt to create the directory
Avoiding an error when an unused service has a missing base class
Add an implementation just for php 7.0
bumped Symfony version to 2.7.47
Fix#27011: Session ini_set bug
[Cache] TagAwareAdapterInterface::invalidateTags() should commit deferred items
updated VERSION for 2.7.46
update CONTRIBUTORS for 2.7.46
updated CHANGELOG for 2.7.46
bug #25844 [HttpKernel] Catch HttpExceptions when templating is not installed
* 2.8:
bumped Symfony version to 2.7.47
Fix#27011: Session ini_set bug
updated VERSION for 2.7.46
update CONTRIBUTORS for 2.7.46
updated CHANGELOG for 2.7.46