This PR was merged into the 3.4 branch.
Discussion
----------
[Security] Use supportsClass in addition to UnsupportedUserException
| Q | A
| ------------- | ---
| Branch? | 3.4+
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | Fix#35045
| License | MIT
| Doc PR | ~
This PR fixes the issue where user providers rely on just the UnsupportedUserException from `refreshUser()`, causing a flow where users are wrongfully re-authenticated.
There's one issue where `refreshUser()` can do far more sophisticated checks on the user class, which it will never reach if the class is not supported. As far as I know it was never intended to support instances that are rejected by `supportsClass()`, though people could've implemented this (by accident). So the question is more if we should add a BC layer for this; for example:
```php
try {
$refreshedUser = $provider->refreshUser($user);
$newToken = clone $token;
$newToken->setUser($refreshedUser);
if (!$provider->supportsClass($userClass)) {
if ($this->shouldCheckSupportsClass) {
continue;
}
// have to think of a proper deprecation here for 6.0
@trigger_error('Provider %s does not support user class %s via supportsClass() while it does support it via refreshUser .. please set option X and fix %s::supportsUser() ', E_USER_DEPRECATED);
}
```
This would prevent behavior from breaking but also means we can't fix this on anything less than 5.1.
Commits
-------
d3942cbe17 Use supportsClass where possible
* 5.0:
[Filesystem] chown and chgrp should also accept int as owner and group
[DI] Fix EnvVar not loaded when Loader requires an env var
Fixed#34713 Move new messages to intl domain when possible
[FrameworkBundle] Fix small typo in output comment
chown and chgrp should also accept int as owner and group
Revert "Fixed translations file dumper behavior"
Fix RememberMe with null password
[Validator] Fix plurals for sr_Latn (Serbian language written in latin script) validation messages
Set booted flag to false when test kernel is unset
[FrameworkBundle] remove messenger cache if not enabled
[PhpUnitBridge][SymfonyTestsListenerTrait] Remove some unneeded code
[HttpClient] Fix strict parsing of response status codes
fix PHP const mapping keys using the inline notation
[SecurityBundle] Drop duplicated code
[FrameworkBundle] Make sure one can use fragments.hinclude_default_template
Fix that no-cache requires positive validation with the origin, even for fresh responses
Improve upgrading instructions for deprecated router options
[DI] Suggest typed argument when binding fails with untyped argument
* 4.4:
[DI] Fix EnvVar not loaded when Loader requires an env var
Fixed#34713 Move new messages to intl domain when possible
[FrameworkBundle] Fix small typo in output comment
chown and chgrp should also accept int as owner and group
Revert "Fixed translations file dumper behavior"
Fix RememberMe with null password
[Validator] Fix plurals for sr_Latn (Serbian language written in latin script) validation messages
Set booted flag to false when test kernel is unset
[FrameworkBundle] remove messenger cache if not enabled
[PhpUnitBridge][SymfonyTestsListenerTrait] Remove some unneeded code
[HttpClient] Fix strict parsing of response status codes
fix PHP const mapping keys using the inline notation
[SecurityBundle] Drop duplicated code
[FrameworkBundle] Make sure one can use fragments.hinclude_default_template
Fix that no-cache requires positive validation with the origin, even for fresh responses
Improve upgrading instructions for deprecated router options
[DI] Suggest typed argument when binding fails with untyped argument
This PR was squashed before being merged into the 4.4 branch.
Discussion
----------
Revert #34797 "Fixed translations file dumper behavior" and fix#34713
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | Fix#35264
| License | MIT
| Doc PR | -
Revert https://github.com/symfony/symfony/pull/34797
See also https://github.com/symfony/symfony/issues/35328
It's very likely that the new way will be completely different from this one that is being reverted. That's why I'm reverting rather than fixing it.
Commits
-------
9ca872054bFixed#34713 Move new messages to intl domain when possible
56e79fefa1 Revert "Fixed translations file dumper behavior"
This PR was merged into the 4.4 branch.
Discussion
----------
[FrameworkBundle] Fix small typo in output comment
| Q | A
| ------------- | ---
| Branch? | 4.4 <!-- see below -->
| Bug fix? | no
| New feature? | no <!-- please update src/**/CHANGELOG.md files -->
| Deprecations? | no <!-- please update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| Tickets | - <!-- prefix each issue number with "Fix #", if any -->
| License | MIT
| Doc PR | - <!-- required for new features -->
<!--
Replace this notice by a short README for your feature/bugfix. This will help people
understand your PR and can be used as a start for the documentation.
Additionally (see https://symfony.com/roadmap):
- Always add tests and ensure they pass.
- Never break backward compatibility (see https://symfony.com/bc).
- Bug fixes must be submitted against the lowest maintained branch where they apply
(lowest branches are regularly merged to upper ones so they get the fixes too.)
- Features and deprecations must be submitted against branch master.
-->
Commits
-------
d18f5ed851 [FrameworkBundle] Fix small typo in output comment
* 4.3:
chown and chgrp should also accept int as owner and group
Fix RememberMe with null password
[Validator] Fix plurals for sr_Latn (Serbian language written in latin script) validation messages
[PhpUnitBridge][SymfonyTestsListenerTrait] Remove some unneeded code
fix PHP const mapping keys using the inline notation
Fix that no-cache requires positive validation with the origin, even for fresh responses
* 3.4:
chown and chgrp should also accept int as owner and group
Fix RememberMe with null password
[Validator] Fix plurals for sr_Latn (Serbian language written in latin script) validation messages
[PhpUnitBridge][SymfonyTestsListenerTrait] Remove some unneeded code
fix PHP const mapping keys using the inline notation
Fix that no-cache requires positive validation with the origin, even for fresh responses
* 4.3:
[FrameworkBundle] remove messenger cache if not enabled
[HttpClient] Fix strict parsing of response status codes
[DI] Suggest typed argument when binding fails with untyped argument
This PR was merged into the 3.4 branch.
Discussion
----------
[PhpUnitBridge][SymfonyTestsListenerTrait] Remove some unneeded code
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | -
Risky errors when there are no assertions are added before the test end listeners are called (ie, before the code in endTest is executed) so forcing beStrictAboutTestsThatDoNotTestAnything to false when there is a expectedDeprecation annotation is enough.
If the goal is to reset the value to the original value, then I think we should not do it since we basically "lie" to the next listeners. Let's assume that when a test expect a deprecation, it can have 0 assertions. Also this flag is not used anymore by PHPUnit after we reset it.
Ref https://github.com/symfony/symfony/pull/21786 btw
Commits
-------
fb48bbc05b [PhpUnitBridge][SymfonyTestsListenerTrait] Remove some unneeded code
This PR was merged into the 5.0 branch.
Discussion
----------
[Security] Fix RememberMe with null password
| Q | A
| ------------- | ---
| Branch? | 5.0
| Bug fix? | yes
| New feature? | no
| Deprecations? | yes
| Tickets | NA
| License | MIT
| Doc PR | NA
From `UserInterface` the method getPassword may return null, while generateCookieHash requires a string.
This PR changes the signature of the methods to allows null password
Commits
-------
a7d0d82768 Fix RememberMe with null password
This PR was merged into the 4.4 branch.
Discussion
----------
[DI] Fix EnvVar not loaded when Loader requires an env var
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | #35348
| License | MIT
| Doc PR | NA
When an EnvVarLoader has a dependency on an Env Var tried to be loaded (which is the case for SodiumVault that is configured with `default::SYMFONY_DECRYPTION_SECRET`) the Loader is not usable.
What happens:
- when trying to resolve `SYMFONY_DECRYPTION_SECRET`, the EnvVarProcessor iterates over loaders
- given SodiumVaultLoaders requires the same env variable `SYMFONY_DECRYPTION_SECRET`, it throws a `ParameterCircularReferenceException`
- letting the $loaders generator invalid
This PR, refactor the way loaders are iterated in order to rewind on failure.
Commits
-------
e119aa6c48 [DI] Fix EnvVar not loaded when Loader requires an env var
This PR was merged into the 3.4 branch.
Discussion
----------
[Filesystem] chown and chgrp should also accept int as owner and group (3.4)
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| Tickets |
| License | MIT
| Doc PR |
Reference: https://github.com/symfony/symfony/pull/35356#issuecomment-575526299
Commits
-------
6b811e6b4c chown and chgrp should also accept int as owner and group
This PR was merged into the 3.4 branch.
Discussion
----------
[Validator] Fix plurals for sr_Latn validation messages
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | Fix#35276
| License | MIT
validators.sr_Latn.xlf (Serbian, written with latin script) has wrong plurals for all validation message translations that require them (only two where there should be three). This commit fixes that by adding the missing third plural-translation.
Commits
-------
207cdafd54 [Validator] Fix plurals for sr_Latn (Serbian language written in latin script) validation messages
This PR was merged into the 4.3 branch.
Discussion
----------
[DI] Suggest typed argument when binding fails with untyped argument
| Q | A
| ------------- | ---
| Branch? | 4.3
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | #33470
| License | MIT
I've added a condition that looks for arguments and if the typehint doesn’t match, throws an `InvalidArgumentException`
Commits
-------
0e92399daa [DI] Suggest typed argument when binding fails with untyped argument
This PR was merged into the 5.1-dev branch.
Discussion
----------
[Workflow] Added a way to not fire the announce event
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| Deprecations? | no
| Tickets | Fix#35286
| License | MIT
| Doc PR |
Commits
-------
d31939d01d [Workflow] Added a way to not fire the annonce event
This PR was merged into the 5.1-dev branch.
Discussion
----------
[Serializer] Added scalar denormalization
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| Deprecations? | no
| Tickets | Fix#33784
| License | MIT
Was added an ability to deserialize scalar data (single or array).
Commits
-------
dad04d0adf Added scalar denormalization in Serializer + added scalar normalization tests
This PR was merged into the 5.1-dev branch.
Discussion
----------
[FrameworkBundle] Deprecate *not* setting the "framework.router.utf8" option
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | no
| Deprecations? | yes
| Tickets | -
| License | MIT
| Doc PR | -
The goal here is to get rid of the `config/packages/routing.yaml` file in Symfony 6.
This should have no practical impact as all new apps already define this setting for 2 years.
Commits
-------
84849bc96a [FrameworkBundle] Deprecate *not* setting the "framework.router.utf8" option
This PR was merged into the 5.1-dev branch.
Discussion
----------
[Yaml] Added yaml-lint binary
| Q | A
| ------------- | ---
| Branch? | 5.1
| Bug fix? | no
| New feature? | yes
| Deprecations? | no <!-- please update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| Tickets | Fix#18987 <!-- prefix each issue number with "Fix #", if any -->
| License | MIT
| Doc PR | tbd.
<!--
Replace this notice by a short README for your feature/bugfix. This will help people
understand your PR and can be used as a start for the documentation.
Additionally (see https://symfony.com/roadmap):
- Always add tests and ensure they pass.
- Never break backward compatibility (see https://symfony.com/bc).
- Bug fixes must be submitted against the lowest maintained branch where they apply
(lowest branches are regularly merged to upper ones so they get the fixes too.)
- Features and deprecations must be submitted against branch 4.4.
- Legacy code removals go to the master branch.
-->
Commits
-------
2640dfedfa [Yaml] Introduce yaml-lint binary
This PR was merged into the 3.4 branch.
Discussion
----------
[HttpKernel] Fix that no-cache MUST revalidate with the origin
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets |
| License | MIT
| Doc PR |
From [RFC 7234 Section 5.2.2](https://tools.ietf.org/html/rfc7234#section-5.2.2)
> The "no-cache" response directive indicates that the response MUST NOT be used to satisfy a subsequent request without successful validation on the origin server. This allows an origin server to prevent a cache from using it to satisfy a request without contacting it, even by caches that have been configured to send stale responses.
This is unconditional – the response must be revalidated right away.
(`must-revalidate`, to the contrary, requires revalidation only once the response has become stale.)
Commits
-------
c8bdcb3408 Fix that no-cache requires positive validation with the origin, even for fresh responses
This PR was merged into the 5.1-dev branch.
Discussion
----------
[FrameworkBundle] Add missing entry about framework.router.context
| Q | A
| ------------- | ---
| Branch? | master <!-- see below -->
| Bug fix? | no
| New feature? | no <!-- please update src/**/CHANGELOG.md files -->
| Deprecations? | no <!-- please update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| Tickets | Relates to #35281 <!-- prefix each issue number with "Fix #", if any -->
| License | MIT
| Doc PR | N/A
Some minor tweaks about #35281
Commits
-------
5a83b07bf4 [FrameworkBundle] Add missing entry about framework.router.context
* 5.0:
Avoid stale-if-error if kernel.debug = true, because it hides errors
[Console] Fix SymfonyQuestionHelper tests sometimes failing on AppVeyor
[SecurityBundle] Fix collecting traceable listeners info using anonymous: lazy
[Filesystem][FilesystemCommonTrait] Use a dedicated directory when there are no namespace
[Workflow] Fix configuration node reference for "initial_marking"
expand listener in place
[DI] deferred exceptions in ResolveParameterPlaceHoldersPass
Do not throw exception on valut generate key
* 4.4:
Avoid stale-if-error if kernel.debug = true, because it hides errors
[Console] Fix SymfonyQuestionHelper tests sometimes failing on AppVeyor
[SecurityBundle] Fix collecting traceable listeners info using anonymous: lazy
[Filesystem][FilesystemCommonTrait] Use a dedicated directory when there are no namespace
[Workflow] Fix configuration node reference for "initial_marking"
expand listener in place
[DI] deferred exceptions in ResolveParameterPlaceHoldersPass
Do not throw exception on valut generate key
* 4.3:
Avoid stale-if-error if kernel.debug = true, because it hides errors
[Console] Fix SymfonyQuestionHelper tests sometimes failing on AppVeyor
[Workflow] Fix configuration node reference for "initial_marking"
expand listener in place
[DI] deferred exceptions in ResolveParameterPlaceHoldersPass
* 3.4:
Avoid stale-if-error if kernel.debug = true, because it hides errors
[Console] Fix SymfonyQuestionHelper tests sometimes failing on AppVeyor
[DI] deferred exceptions in ResolveParameterPlaceHoldersPass
This PR was squashed before being merged into the 5.1-dev branch (closes#35257).
Discussion
----------
[FrameworkBundle] TemplateController should accept extra arguments to be sent to the template
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| Deprecations? | no
| Tickets | Fix #... <!-- prefix each issue number with "Fix #", if any -->
| License | MIT
| Doc PR | symfony/symfony-docs#... <!-- required for new features -->
<!--
Replace this notice by a short README for your feature/bugfix. This will help people
understand your PR and can be used as a start for the documentation.
Additionally (see https://symfony.com/roadmap):
- Always add tests and ensure they pass.
- Never break backward compatibility (see https://symfony.com/bc).
- Bug fixes must be submitted against the lowest maintained branch where they apply
(lowest branches are regularly merged to upper ones so they get the fixes too.)
- Features and deprecations must be submitted against branch master.
-->
In the official documentation (symfony.com/doc/master/templates.html#rendering-a-template-directly-from-a-route) it says that TemplateController should accept extra arguments. In fact it's not available for instance.
So i added the context argument as an array. Because of deprecation of templating, only the twig instance will apply the context argument.
It will need to be implemented in branch 5.
The following issue has been created in documentation project : https://github.com/symfony/symfony-docs/issues/12897
Commits
-------
e27b417817 [FrameworkBundle] TemplateController should accept extra arguments to be sent to the template
This PR was squashed before being merged into the 5.1-dev branch (closes#34980).
Discussion
----------
[Messenger] remove several messages with command messenger:failed:remove
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| Deprecations? | no
| Tickets | Fix#34940
| License | MIT
command `messenger:failed:remove` now accepts an array of ids. If several provided, they are not displayed unless option `--show-messages` is passed
Commits
-------
903455e463 [Messenger] remove several messages with command messenger:failed:remove
This PR was merged into the 5.1-dev branch.
Discussion
----------
[Validator] Added HostnameValidator
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes <!-- please update src/**/CHANGELOG.md files -->
| BC breaks? | no <!-- see https://symfony.com/bc -->
| Deprecations? | no <!-- please update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| Tests pass? | yes <!-- please add some, will be required by reviewers -->
| Fixed tickets | #10088 <!-- #-prefixed issue number(s), if any -->
| License | MIT
| Doc PR | symfony/symfony-docs#... <!-- required for new features -->
This PR adds HostnameValidator support. I encountered this need in my project and was surprised that this issue has been open for years.
Here is short example:
```
App\Entity\Acme:
properties:
domain:
- Hostname: ~
non_tld_domain:
- Hostname: { requireTld: false }
```
The option `requireTld` is `true` by default and disallows domains like localhost and etc.
Commits
-------
8a08c2090a Added HostnameValidator
This PR was squashed before being merged into the 5.1-dev branch (closes#35284).
Discussion
----------
Simplify UriSigner when working with HttpFoundation's Request
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| Deprecations? | no
| Tickets |
| License | MIT
| Doc PR |
I'm using the `UriSigner` in my own projects from time to time and I've always wondered why I have to manually generate the URI from the `Request` instance in such a way that it is correctly validated.
Let's add a new `checkRequest(Request $request)` method to provide better DX.
Commits
-------
4887b4bee1 Simplify UriSigner when working with HttpFoundation's Request
This PR was merged into the 5.1-dev branch.
Discussion
----------
[FrameworkBundle] Adding better output to secrets:decrypt-to-local command
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| Deprecations? | no
| Tickets | none
| License | MIT
| Doc PR | not needed
Hi!
The `secrets:decrypt-to-local` doesn't give any output. This adds some basic details:
<img width="1280" alt="Screen Shot 2020-01-09 at 11 53 54 AM" src="https://user-images.githubusercontent.com/121003/72087704-ebe0f480-32d6-11ea-950c-c698abde783d.png">
(note the `-vvv` wasn't necessary in the command to show the output). And the `<info>`part is fixed.
Cheers!
Commits
-------
a6aa9781eb Adding better output to secrets:decrypt-to-local command
This PR was merged into the 5.1-dev branch.
Discussion
----------
[HttpClient] Add LoggerAwareInterface to ScopingHttpClient and TraceableHttpClient
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| Deprecations? | no
| Tickets | N/A
| License | MIT
| Doc PR | N/A
This allows changing the logger when using `ScopingHttpClient` (and `TraceableHttpClient` during dev)
Commits
-------
1137bdc3f7 Add LoggerAwareInterface to ScopingHttpClient and TraceableHttpClient
This PR was merged into the 5.1-dev branch.
Discussion
----------
Add support for safe HTTP preference - RFC 8674
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | -
[RFC 8674](https://tools.ietf.org/html/rfc8674) (not a IETF standard at the moment) defines a way for user agents to ask for "safe" content to a server. This PR add helper methods to :
- know if the user agent prefers a safe content
- mark the response as safe
Commits
-------
7f2cef759c Add support for safe preference - RFC8674
This PR was squashed before being merged into the 5.1-dev branch (closes#34880).
Discussion
----------
[Twig][Form] Twig theme for Foundation 6
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| Deprecations? | no
| Tickets |
| License | MIT
| Doc PR | -
Hi,
I propose a form theme for Foundation 6. This layout stylizes buttons, percent / money widgets and permits switch inputs adding a 'switch-input' attribute (as for https://symfony.com/blog/new-in-symfony-4-4-bootstrap-custom-switches).
```php
public function buildForm(FormBuilderInterface $builder, array $options): void
{
$builder
// ...
->add('checkbox-switch', Type\CheckboxType::class, [
'attr' => [
'class' => 'switch-input',
],
])
;
}
```
Commits
-------
e47a134db0 [Twig][Form] Twig theme for Foundation 6
This PR was merged into the 3.4 branch.
Discussion
----------
[DI] deferred exceptions in ResolveParameterPlaceHoldersPass
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | Fix#30428
| License | MIT
| Doc PR | n/a
fixes case #30428
implemented as in AutowiringPass
Commits
-------
b3a2173c8e [DI] deferred exceptions in ResolveParameterPlaceHoldersPass
This PR was merged into the 5.1-dev branch.
Discussion
----------
[FrameworkBundle] Configure RequestContext through router config
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes <!-- please update src/**/CHANGELOG.md files -->
| Deprecations? | no <!-- please update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| Tickets | Fix#35229 <!-- prefix each issue number with "Fix #", if any -->
| License | MIT
| Doc PR | symfony/symfony-docs#... <!-- required for new features -->
<!--
Replace this notice by a short README for your feature/bugfix. This will help people
understand your PR and can be used as a start for the documentation.
Additionally (see https://symfony.com/roadmap):
- Always add tests and ensure they pass.
- Never break backward compatibility (see https://symfony.com/bc).
- Bug fixes must be submitted against the lowest maintained branch where they apply
(lowest branches are regularly merged to upper ones so they get the fixes too.)
- Features and deprecations must be submitted against branch master.
-->
- [ ] PR on symfony/symfony-docs
Commits
-------
6658900703 [FrameworkBundle] Configure RequestContext through router config
