This adds an init and terminate event for commands. They are
dispatched from ContainerAwareCommand.
The cache:clear command can't implement this (cf. #3889 on Github).
This PR was merged into the 2.1 branch.
Discussion
----------
[FrameworkBundle] Reuse definition variable in FormPass
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
Commits
-------
f52320d [FrameworkBundle] Reuse definition variable in FormPass
This PR was merged into the master branch.
Discussion
----------
[2.3] [FrameworkBundle] [Serializer] Loads the Serializer component as a service in the Framework Bundle
This PR is the same as
https://github.com/symfony/symfony/pull/5347
but since I am struggling to squash all the commits I better create a new one. Sorry for the inconveniences, :)
Commits
-------
b4e4844 Add the serializer service
This PR was merged into the master branch.
Discussion
----------
[CssSelector] fully rewritted component
The `CssSelector` component is a port of the Python https://github.com/SimonSapin/cssselect library. Previous implementation was a port of the `v0.1` tag, this implementation is a port of the `v0.7.1` tag. As Python and PHP have different philosophies, this is not a simple language-to-language translation, I needed to re-architecture the lib.
**Note about BC:** This new version introduces some changes making fail legacy tests.
New XPath should be equivalents, these changes are:
- When having a condition on an class, legacy condition is prefixed with a test of class existence. Example: `[contains(@class, 'foo')]` is transformed to `[@class and contains(@class, 'foo')]`.
- When having conditions on descendants, `/descendant::*` is transformed to `/descendant-or-self::*/*`.
I updated legacy tests (stored in `CssSelectorTest` class) accordingly.
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | yes
| BC breaks? | see above
| Deprecations? | no
| Tests pass? | yes
Should fix#3615 and #4271
Commits
-------
c6f87d0 [CssSelector] fully rewritted component
This PR was merged into the master branch.
Discussion
----------
[Security] Return 401 when using use_forward for form authentication
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | yes
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
- [x] document the BC breaks in UPDATE and CHANGELOG
Currently, unauthenticated requests gets handled as exceptions and forwarded to the FormAuthenticationEntryPoint::start. When using use_forward = true, this method does not modify the status code, which means that final response to the end user will use a 500 status code. This is not right, as there is not a server problem, the problem is that the user is not authenticated. The status code should be 401.
This PR checks if the sub request to the form view is successful, and sets an X-Status-Code header if it is.This might break applications that rely on the 500 error code being returned for unauthenticated requests.
Commits
-------
b5597e8 [Security] Return 401 when using use_forward for form authentication
This PR was submitted for the 2.2 branch but it was merged into the master branch instead (closes#6950).
Discussion
----------
[2.3] [FrameworkBundle] added route debug information when path matches url
the result of the command `app/console router:match /demo/hello/foo` would be:
instead of just:
Route "_demo_hello" matches
Commits
-------
36098e1 [FrameworkBundle] added route debug information when path matches url
This PR was merged into the master branch.
Discussion
----------
[2.3] [FrameworkBundle] [Templating] added Stopwatch support to the PHP engine
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| License | MIT
I did not include tests nor documentation because there weren't any for TimedTwigEngine (I took it as an example). If I'm mistaken and they are needed, I'll gladly write them.
Commits
-------
3c3d34d [FrameworkBundle] [Templating] added Stopwatch support to the PHP engine
This PR was merged into the master branch.
Discussion
----------
[2.2] [Security] Add an option to disable the hasPreviousSession() check in AbstractAuthenticationListener
Bug fix: no
Feature addition: yes
Backwards compatibility break: no
Symfony2 tests pass: [](http://travis-ci.org/adrienbrault/symfony)
Fixes the following tickets: #3703
Todo: Add this option to the symfony doc security configuration reference
License of the code: MIT
Documentation PR: N/A
As stated in #3703, all authentication listeners that inherit from AbstractAuthenticationListener, only work when a previous session has been created.
This PR allows to change the default behavior in the security.yml file.
Example:
```yml
security:
firewalls:
secured_area:
pattern: ^/demo/secured/
form_login:
check_path: /demo/secured/login_check
login_path: /demo/secured/login
require_previous_session: false # The default value is true
logout:
path: /demo/secured/logout
target: /demo/
#anonymous: ~
#http_basic:
# realm: "Secured Demo Area"
```
PS: While removing my old commit, it closed the #4774 PR ...
Commits
-------
0562463 [Security] Add an option to disable the hasPreviousSession() check in AbstractAuthenticationListener
This PR was merged into the master branch.
Discussion
----------
[2.3] [WIP] Synchronized services...
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #5300, #6756
| License | MIT
| Doc PR | symfony/symfony-docs#2343
Todo:
- [x] update documentation
- [x] find a better name than contagious (synchronized)?
refs #6932, refs #5012
This PR is a proof of concept that tries to find a solution for some problems we have with scopes and services depending on scoped services (mostly the request service in Symfony).
Basically, whenever you want to inject the Request into a service, you have two possibilities:
* put your own service into the request scope (a new service will be created whenever a sub-request is run, and the service is not available outside the request scope);
* set the request service reference as non-strict (your service is always available but the request you have depends on when the service is created the first time).
This PR addresses this issue by allowing to use the second option but you service still always has the right Request service (see below for a longer explanation on how it works).
There is another issue that this PR fixes: edge cases and weird behaviors. There are several bug reports about some weird behaviors, and most of the time, this is related to the sub-requests. That's because the Request is injected into several Symfony objects without being updated correctly when leaving the request scope. Let me explain that: when a listener for instance needs the Request object, it can listen to the `kernel.request` event and store the request somewhere. So, whenever you enter a sub-request, the listener will get the new one. But when the sub-request ends, the listener has no way to know that it needs to reset the request to the master one. In practice, that's not really an issue, but let me show you an example of this issue in practice:
* You have a controller that is called with the English locale;
* The controller (probably via a template) renders a sub-request that uses the French locale;
* After the rendering, and from the controller, you try to generate a URL. Which locale the router will use? Yes, the French locale, which is wrong.
To fix these issues, this PR introduces a new notion in the DIC: synchronized services. When a service is marked as synchronized, all method calls involving this service will be called each time this service is set. When in a scope, methods are also called to restore the previous version of the service when the scope leaves.
If you have a look at the router or the locale listener, you will see that there is now a `setRequest` method that will called whenever the request service changes (because the `Container::set()` method is called or because the service is changed by a scope change).
Commits
-------
17269e1 [DependencyInjection] fixed management of scoped services with an invalid behavior set to null
bb83b3e [HttpKernel] added a safeguard for when a fragment is rendered outside the context of a master request
5d7b835 [FrameworkBundle] added some functional tests
ff9d688 fixed Request management for FragmentHandler
1b98ad3 fixed Request management for LocaleListener
a7b2b7e fixed Request management for RequestListener
0892135 [HttpKernel] ensured that the Request is null when outside of the Request scope
2ffcfb9 [FrameworkBundle] made the Request service synchronized
ec1e7ca [DependencyInjection] added a way to automatically update scoped services
This PR was merged into the master branch.
Discussion
----------
moved the request scope creation to the ContainerAwareHttpKernel class
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | symfony/symfony-docs#2343
While updating the scope documentation, I realized that the request scope was created in the FrameworkBundle while the HttpKernel that manages it was in the HttpKernel component. So, this PR makes things more consistent.
Commits
-------
cec98c1 [DependencyInjection] fixed PHP notice when the scope is not defined
550df5a moved the request scope creation to the ContainerAwareHttpKernel class
This PR was merged into the 2.2 branch.
Discussion
----------
Reverts behavior change to UrlGenerator
I do not want to talk much about the behavior change and whether it makes sense or not because I think it does not matter in this situation anyway.
The ``generate`` method is tagged with ``@api``, there is no security issue that was fixed. According to the rules set forth at http://symfony.com/doc/current/book/stable_api.html, the semantics of such a method must not be changed.
There is some more discussion in #6814 and the commit changing the behavior is this one: c66d1f9de3 (diff-0)
Commits
-------
a765375 reverts some behavior changes made in c66d1f9de30fd1b6a86cca10dd79d12c9ba9ff25
This PR was merged into the 2.2 branch.
Discussion
----------
[2.3] [WebProfiler] added the possibility to override the application name/version in the WDT
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
Commits
-------
d35cb9f [WebProfiler] added the possibility to override the application name/version in the WDT
This PR was merged into the master branch.
Discussion
----------
[2.3][TwigBundle] Use display instead of visibility for exception page icons
Originally spawned from #6612, this allows us to get rid of the ugly margins for the open and close icons on the exception page.
Commits
-------
e66bd14 [TwigBundle] Use display instead of visibility for exception page icons
