* 3.1:
fix typo
add "provides" for psr/cache-implementation
[Validator][GroupSequence] fixed GroupSequence validation ignores PropertyMetadata of parent classes
[FrameworkBundle][Security] Remove useless mocks
Add symfony/inflector to composer.json "replaces"
[DoctrineBridge] Enhance exception message in EntityUserProvider
added friendly exception when constraint validator does not exist or it is not enabled
remove duplicate instruction
[FrameworkBundle] Remove TranslatorBagInterface check
[FrameworkBundle] Remove duplicated code in RouterDebugCommand
[Validator] fixed duplicate constraints with parent class interfaces
SecurityBundle:BasicAuthenticationListener: removed a default argument on getting a header value
* 2.8:
[Validator][GroupSequence] fixed GroupSequence validation ignores PropertyMetadata of parent classes
[FrameworkBundle][Security] Remove useless mocks
[DoctrineBridge] Enhance exception message in EntityUserProvider
added friendly exception when constraint validator does not exist or it is not enabled
remove duplicate instruction
[FrameworkBundle] Remove TranslatorBagInterface check
[FrameworkBundle] Remove duplicated code in RouterDebugCommand
[Validator] fixed duplicate constraints with parent class interfaces
SecurityBundle:BasicAuthenticationListener: removed a default argument on getting a header value
* 2.7:
[Validator][GroupSequence] fixed GroupSequence validation ignores PropertyMetadata of parent classes
[FrameworkBundle][Security] Remove useless mocks
[DoctrineBridge] Enhance exception message in EntityUserProvider
added friendly exception when constraint validator does not exist or it is not enabled
remove duplicate instruction
[FrameworkBundle] Remove TranslatorBagInterface check
[FrameworkBundle] Remove duplicated code in RouterDebugCommand
[Validator] fixed duplicate constraints with parent class interfaces
SecurityBundle:BasicAuthenticationListener: removed a default argument on getting a header value
This PR was merged into the 3.2-dev branch.
Discussion
----------
[FrameworkBundle] Use relative paths in templates paths cache
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | yes
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #3079
| License | MIT
| Doc PR | -
This implements the usage of relative paths instead of absolute ones in `var/cache/*/templates.php`, important for ability to build the cache in a different context than where it will be used.
This PR transforms the following `templates.php`:
``` php
<?php return array (
':default:index.html.twig' => '/home/tgalopin/www/symfony-standard/app/Resources/views/default/index.html.twig',
'::base.html.twig' => '/home/tgalopin/www/symfony-standard/app/Resources/views/base.html.twig',
);
```
Into:
``` php
<?php return array (
':default:index.html.twig' => __DIR__.'/../../../app/Resources/views/default/index.html.twig',
'::base.html.twig' => __DIR__.'/../../../app/Resources/views/base.html.twig',
);
```
I also added tests for the TemplateCachePathsWarmer and improved tests for the TemplateLocator.
Commits
-------
6f6139c [FrameworkBundle] Use relative paths in templates paths cache
* 3.1:
[ClassLoader] Fix tests
[Debug][HttpKernel][VarDumper] Prepare for committed 7.2 changes
[DependencyInjection] PhpDumper::isFrozen inconsistency
[DI] Cleanup array_key_exists
include dynamic services in list of alternatives
[Debug] Swap dumper services at bootstrap
* 2.8:
[ClassLoader] Fix tests
[Debug][HttpKernel][VarDumper] Prepare for committed 7.2 changes
[DependencyInjection] PhpDumper::isFrozen inconsistency
[DI] Cleanup array_key_exists
include dynamic services in list of alternatives
[Debug] Swap dumper services at bootstrap
* 2.7:
[ClassLoader] Fix tests
[Debug][HttpKernel][VarDumper] Prepare for committed 7.2 changes
[DependencyInjection] PhpDumper::isFrozen inconsistency
[DI] Cleanup array_key_exists
include dynamic services in list of alternatives
[Debug] Swap dumper services at bootstrap
This PR was merged into the 3.2-dev branch.
Discussion
----------
[FrameworkBundle][Debug] Fix default config and cleaning of traces
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | yes
| Tests pass? | yes
| Fixed tickets | Follow up #19568
| License | MIT
| Doc PR | -
The default value of `framework.php_errors.log` must be `%kernel.debug%` to have deprecations and silenced errors logged in dev as before.
Cleaning the trace was broken because a closure can't be bound to an internal class.
This PR fixes both issues and enhance trace cleaning a bit by removing arguments from traces so that they take less memory when collected as part of the context of log messages.
Commits
-------
f640870 [FrameworkBundle][Debug] Fix default config and cleaning of traces
This PR was squashed before being merged into the 3.2-dev branch (closes#19339).
Discussion
----------
[WebProfilerBundle][Form][DX] To expand the form nodes that contains children with errors
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
Currently when we use nested forms and an error occurs into one of them, it's not displayed "easily" in the form panel profiler:
This happen because only the root form is expanded and the children are shown collapsed "by default".
**The main problem is to search where is the form with error**.
The purpose of this PR is to show expanded all forms that contains children with error, reducing a little bit the developer's time when debugging.
PR result when we access to the form panel profiler:
In red the full path to the error.
Commits
-------
d626b28 [WebProfilerBundle][Form][DX] To expand the form nodes that contains children with errors
* 3.1:
[travis] Use 7.0 until 7.1 is fixed
[DIC] Fix service autowiring inheritance
[Serializer] Fix denormalization of arrays
[SecurityBundle] Add missing deprecation notice for form_login.intention
Verify explicitly that the request IP is a valid IPv4 address
[WebProfilerBundle] replaces tabs characters by spaces.
* 3.1:
Disable CLI color for Windows 10 greater than 10.0.10586
Exception details break the layout
[HttpKernel] Remove wrong docblock
[HttpKernel] Fix HttpCache validation HTTP method
[FrameworkBundle] Fix default lifetime of cache pools
Move space from the before 'if' to the after 'if'
[TwigBundle] Add a check for choice's attributes emptiness before calling block('attributes')
This commit fix a bug when using debug function too soon.
For example, if you call dump function during kernel::boot() the
dump output will be sent to stderr, even in a web context.
With this patch, the data collector is used by default, so the
dump output is send to the WDT. In a CLI context, if dump is used
too soon, the datacollector will buffer it, and release it at the
end of the script. So in this case everything will be visible by the
end used.
* 3.1:
[Routing] Add missing options in docblock
[VarDumper] Fix dumping continuations
[PropertyInfo] Fix an error in PropertyInfoCacheExtractor
[HttpFoundation] fixed Request::getContent() reusage bug
[Form] Skip CSRF validation on form when POST max size is exceeded
Use try-finally where it possible
[DependencyInjection] ContainerBuilder: Remove obsolete definitions
Enhance the phpDoc return types so IDEs can handle the configuration tree.
fixes
Remove 3.0 from branch suggestions for fixes in PR template
[Process] Strengthen Windows pipe files opening (again...)
[Cache] Handle unserialize() failures gracefully
Fix#19531 [Form] DateType fails parsing when midnight is not a valid time
* 2.8:
[Routing] Add missing options in docblock
[VarDumper] Fix dumping continuations
[HttpFoundation] fixed Request::getContent() reusage bug
[Form] Skip CSRF validation on form when POST max size is exceeded
Enhance the phpDoc return types so IDEs can handle the configuration tree.
fixes
Remove 3.0 from branch suggestions for fixes in PR template
[Process] Strengthen Windows pipe files opening (again...)
Fix#19531 [Form] DateType fails parsing when midnight is not a valid time
* 2.7:
[Routing] Add missing options in docblock
[VarDumper] Fix dumping continuations
[HttpFoundation] fixed Request::getContent() reusage bug
[Form] Skip CSRF validation on form when POST max size is exceeded
Enhance the phpDoc return types so IDEs can handle the configuration tree.
fixes
Remove 3.0 from branch suggestions for fixes in PR template
[Process] Strengthen Windows pipe files opening (again...)
Fix#19531 [Form] DateType fails parsing when midnight is not a valid time
This PR was squashed before being merged into the 2.7 branch (closes#19373).
Discussion
----------
[Form] Skip CSRF validation on form when POST max size is exceeded
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #19140
| License | MIT
| Doc PR | N/A
In #19140 the CSRF validation listener was not aware that the POST max size had exceeded, and was adding a form error message that wasn't relevant to the actual error.
This introduces the `ServerParams` utility class into the `CsrfValidationListener` and checks that the POST max size has not been exceeded. If it has then it won't bother trying to validate the CSRF token.
My main concern with this change is that it opens up an attack vector around tokens, but I've encapsulated the request size validation in a single method in `ServerParams` now so that the request handlers are using the same logic.
Commits
-------
289531f [Form] Skip CSRF validation on form when POST max size is exceeded
This PR was merged into the 3.2-dev branch.
Discussion
----------
[Security] Expose the required roles in AccessDeniedException
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| License | MIT
Nowadays it is more and more common to protect some sensitive actions and part of a website using 2FA or some re-authentication mechanism (per example, on Github you have to enter your password again when you add an ssh key). But currently, in Symfony, it is really hard to implement without having to duplicate the logic, provide an explicit list of URLs to protect or hack into the security component.
A good way to achieve that would be to add a special role (like IS_AUTHENTICATED_FULLY) and use it in the access map. But it requires us to be able to have a custom logic in an ExceptionListener depending on the roles behind an AccessDeniedException.
With this patch we could write an ExceptionListener of this kind (a similar logic could also be used in an AccessDeniedHandler):
```php
public function onKernelException(GetResponseForExceptionEvent $event)
{
$exception = $event->getException();
do {
if ($exception instanceof AccessDeniedException) {
foreach ($exception->getAttributes() as $role) {
if ($role === 'IS_AUTHENTICATED_2FA' && !$this->accessDecisionManager->decide($this->tokenStorage->getToken(), $role, $exception->getObject())) {
// Start 2FA
}
}
}
} while (null !== $exception = $exception->getPrevious());
}
```
Replaces #18661
Commits
-------
6618c18 [Security] Expose the required roles in AccessDeniedException
* 2.8:
Relax 1 test failing with latest PHP versions
bumped Symfony version to 2.8.10
Remove usage of __CLASS__ outside of a class
[HttpKernel] Fix variable conflicting name
[Process] Fix double-fread() when reading unix pipes
[Process] Fix AbstractPipes::write() for a situation seen on HHVM (at least)
[Validator] Fix dockblock typehint in XmlFileLoader
bumped Symfony version to 2.8.10
updated VERSION for 2.8.9
updated CHANGELOG for 2.8.9
bumped Symfony version to 2.7.17
updated VERSION for 2.7.16
update CONTRIBUTORS for 2.7.16
updated CHANGELOG for 2.7.16
Minor fixes
[Console] Overcomplete argument exception message tweak.
fixed bad auto merge
Console table cleanup
undefined offset fix (#19406)
[EventDispatcher] Removed unused variable
Conflicts:
CHANGELOG-2.7.md
CHANGELOG-3.0.md
src/Symfony/Bridge/Swiftmailer/DataCollector/MessageDataCollector.php
src/Symfony/Bundle/FrameworkBundle/DependencyInjection/FrameworkExtension.php
src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/FrameworkExtensionTest.php
src/Symfony/Component/Console/Tests/Helper/LegacyDialogHelperTest.php
src/Symfony/Component/Console/Tests/Helper/TableTest.php
src/Symfony/Component/DependencyInjection/Tests/Fixtures/containers/legacy-container9.php
src/Symfony/Component/EventDispatcher/Tests/AbstractEventDispatcherTest.php
src/Symfony/Component/HttpFoundation/Tests/Session/Storage/Handler/LegacyPdoSessionHandlerTest.php
src/Symfony/Component/HttpKernel/Kernel.php
This PR was squashed before being merged into the 3.2-dev branch (closes#18533).
Discussion
----------
[FrameworkBundle] Wire PhpArrayAdapter with a new cache warmer for annotations
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | WIP
| Fixed tickets | -
| License | MIT
| Doc PR | -
Depends on https://github.com/symfony/symfony/pull/18825 and https://github.com/symfony/symfony/pull/18823
This PR implements the usage of the new OpCacheAdapter in the annotations caching system. The idea to use this adapter as much as possible in Symfony (validator, serializer, ...). These other implementations will be the object of different PRs.
Commits
-------
f950a2b [FrameworkBundle] Wire PhpArrayAdapter with a new cache warmer for annotations
* 3.1:
[TwigBundle] Removed redundant return statement.
enable property info
[Cache] Fix default lifetime being ignored
[DependencyInjection] Fixed deprecated default message template with XML
Reference the actual location of the documentation
[TwigBridge] Removed extra arguments in 2 places.
[Cache] Fix incorrect timestamps generated by FilesystemAdapter
[Process] Fix write access check for pipes on Windows
[HttpKernel] Use flock() for HttpCache's lock files
Conflicts:
src/Symfony/Component/Cache/Adapter/FilesystemAdapter.php
* 3.0:
[TwigBundle] Removed redundant return statement.
[DependencyInjection] Fixed deprecated default message template with XML
[TwigBridge] Removed extra arguments in 2 places.
[Process] Fix write access check for pipes on Windows
[HttpKernel] Use flock() for HttpCache's lock files
* 2.8:
[TwigBundle] Removed redundant return statement.
[DependencyInjection] Fixed deprecated default message template with XML
[TwigBridge] Removed extra arguments in 2 places.
[Process] Fix write access check for pipes on Windows
[HttpKernel] Use flock() for HttpCache's lock files
* 2.7:
[TwigBundle] Removed redundant return statement.
[TwigBridge] Removed extra arguments in 2 places.
[Process] Fix write access check for pipes on Windows
[HttpKernel] Use flock() for HttpCache's lock files
