This PR was submitted for the master branch but it was merged into the 2.3 branch instead (closes#11497).
Discussion
----------
Use separated function to resolve command and related arguments
Hi,
This PR split command and related arguments resolution into two distinct functions.
It will help to solve the HHVM issue sensiolabs/SensioDistributionBundle#150 .
Thanks,
Jérémy
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | yes
| BC breaks? | yes
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | ~
| License | MIT
| Doc PR | ~
Commits
-------
ee75af0 Use separated function to resolve command and related arguments
Current version of Swiftmailer is 5.2.1, while (previously to this commit)
the version installed by composer was 5.0.3.
This is rather important, since 5.2.1 closes a security issue that 5.0.3 is
vulnarable to (https://github.com/swiftmailer/swiftmailer/issues/494).
This PR was merged into the 2.3 branch.
Discussion
----------
[Security] Use hash_equals for constant-time string comparison (again)
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
Use the `hash_equals` function (introduced in PHP 5.6) for timing attack safe string comparison when available.
Add in the DocBlock that length will leak (https://github.com/symfony/symfony/pull/11797#issuecomment-53990712).
Commits
-------
3071557 [Security] Add more tests for StringUtils::equals
03bd74b [Security] Use hash_equals for constant-time string comparison
This PR was merged into the 2.6-dev branch.
Discussion
----------
[Bundle][FrameworkBundle] make the stopwatch service always available
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #11347
| License | MIT
| Doc PR |
Previously, one had to be careful to check if the ``debug.stopwatch`` service was available before using it. Otherwise, the application would break in the prod environment.
Commits
-------
ffc4090 make the stopwatch service always available
This PR was merged into the 2.3 branch.
Discussion
----------
[DI] Added safeguards against invalid config in the YamlFileLoader
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #11333
| License | MIT
| Doc PR | n/a
Exceptions explaining the mistake are better than fatal errors or weird notices appearing when trying to deal with such invalid data.
The XML file loader is not affected by this because the data are validated with the XSD before being processed
Commits
-------
5183501 [DI] Added safeguards against invalid config in the YamlFileLoader
This PR was submitted for the 2.5 branch but it was merged into the 2.3 branch instead (closes#11897).
Discussion
----------
[FrameworkBundle] Remove invalid markup
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #11896
| License | MIT
| Doc PR | n/a
Commits
-------
1fe8e31 [FrameworkBundle] Remove invalid markup
This PR was merged into the 2.3 branch.
Discussion
----------
[Intl] Added "internal" tag to all classes under Symfony\Component\Intl\ResourceBundle
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | yes?
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
We didn't have this tag yet when this component was first written. The code in that
namespace is only used for resource bundle generation and was never meant for public
use.
We need to include in the update notes that users should check for usage of these classes.
Commits
-------
7fd5e8b [Intl] Added "internal" tag to all classes under Symfony\Component\Intl\ResourceBundle
We didn't have this tag yet when this component was first written. The code in that
namespace is only used for resource bundle generation and was never meant for public
use.
This PR was merged into the 2.3 branch.
Discussion
----------
[FrameworkBundle] improve handling router script paths
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
The `server:run` command switches the working directory before starting the built-in web server. Therefore, the path to a custom router script had to be specified based on the document root path and not based on the user's working directory.
Another option is to update the documentation (as started in symfony/symfony-docs#4194). Though I think the current behaviour is a bug. The intended behaviour can be derived from the command's help message:
> ```
If you have custom docroot directory layout, you can specify your own
router script using --router option:
> ./app/console server:run --router=app/config/router.php
```
As you can see, the path is specified based on the current working directory.
Commits
-------
0a16cf2 improve handling router script paths
This PR was merged into the 2.6-dev branch.
Discussion
----------
[Monolog] added NotFoundActivationStrategy from MonologBundle
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
The NotFoundActivationStrategy class from MonologBundle is totally independent of the framework and should be part of the bridge instead. That would allow people to use it easily with Silex for instance.
ping @Seldaek
Commits
-------
b064d2f [Monolog] changed the not found activation strategy to use the request stack
1a239af [Monolog] added NotFoundActivationStrategy from MonologBundle
This PR was submitted for the master branch but it was merged into the 2.3 branch instead (closes#11868).
Discussion
----------
Remove routes for removed WebProfiler actions
The import/export functionality was moved to commands in f38536ab79, but the routes were not removed.
Commits
-------
1421449 Remove routes for removed WebProfiler actions
This PR was merged into the 2.6-dev branch.
Discussion
----------
[FrameworkBundle][Translation] moved cache to Translation component (new PR)
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #10628
| License | MIT
| Doc PR |
This supersedes the PR #11197 (while including the changes made by it). I removed the `$options` argument for `Symfony\Component\Translation\Translator` and replaced it by a public method `enableCache($cacheDir, $debug = false)`. It aims to solve what @fabpot said about passing an array of options in #11197 <s>while not modifying the existing constructors</s>.
Commits
-------
30fed6a [Translation][Cache] Removed the options from the arguments of Translator
8b2d9a8 [FrameworkBundle][Translation] moved cache to Translation component
This PR was submitted for the master branch but it was merged into the 2.3 branch instead (closes#11860).
Discussion
----------
[Security] Fix usage of unexistent method in DoctrineAclCache.
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #10328
| License | MIT
| Doc PR |
The method `deleteByPrefix` does not exist. I replaced it by `deleteAll`: as @guilhermeblanco said, this method is not available in the interface `Cache` but it is present in the abstract class `CacheProvider`.
Commits
-------
131abd8 [Security] Fix usage of unexistent method in DoctrineAclCache.
Fixed phpdoc
Aligned variables and description
Removed enableCache and added cache setup in constructor
Added tests for locales with . and @ with caching
This PR was merged into the 2.3 branch.
Discussion
----------
[FrameworkBundle] backport more error information from 2.6 to 2.3
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #11724
| License | MIT
| Doc PR |
Commits
-------
87449e0 backport more error information from 2.6 to 2.3
The commit on master was:
server:run command: provide more error information
The server:run command didn't provide many information when the executed
command exited unexpectedly. Now, the process' exit code is passed through
and an error message is displayed.
This PR was merged into the 2.5 branch.
Discussion
----------
[Process] add missing exceptions to docblock
| Q | A
| ------------- | ---
| Fixed tickets |
| License | MIT
Commits
-------
1be80c6 add missing exceptions to docblock
This PR was merged into the 2.6-dev branch.
Discussion
----------
[HttpKernel] Escape SSI virtual in generated response
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR | NA
If a template with an `<!--#inlude -->` tag is configured with an "virtual" containing a `'` ; the HttpCache will generate invalide php code.
See #11845 for the same issue on `<esi>` tags
Commits
-------
b50a434 Fix CS
1862427 Escape SSI virtual in generated response
This PR was merged into the 2.3 branch.
Discussion
----------
[HttpKernel] Escape ESI url in generated response
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR | NA
If a template with an `<esi>` tag is configured with an URL containing a `'` (in `src` or `alt`) ; the HttpCache will generate invalide php code.
It's not a security issue, given the template and the `<esi>` tag is written by the developper, but, as the character quote is allowed in URL (https://tools.ietf.org/html/rfc3986) it coud be a potential bug.
Commits
-------
b044c45 Escape parameter on generated response
This PR was merged into the 2.6-dev branch.
Discussion
----------
[FileSystem] Fix Throw Exception on copying from an unreadable file
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR | NA
Two commits on `Filesystem::copy` was merged on diffrentes branches c056a9c426 and cd5da9b3c8 but on the merge operation a `@fopen` was transformed to `fopen` . Thas why, actualy, travis is down on master branch (https://travis-ci.org/symfony/symfony/jobs/34427199#L434)
Commits
-------
b30317e Ignore warning on fopen
This PR was merged into the 2.3 branch.
Discussion
----------
[Yaml] improve error message when detecting unquoted asterisks
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #11835
| License | MIT
| Doc PR |
Asterisks in unquoted strings are used in YAML to reference variables. Before Symfony 2.3.19, Symfony 2.4.9 and Symfony 2.5.4, unquoted asterisks in inlined YAML code were treated as regular strings. This was fixed for the inline parser in #11677. However, an unquoted * character now led to an error message like this:
```
PHP Warning: array_key_exists(): The first argument should be either a string or an integer in vendor/symfony/symfony/src/Symfony/Component/Yaml/Inline.php on line 409
[Symfony\Component\Yaml\Exception\ParseException]
Reference "" does not exist at line 171 (near "- { foo: * }").
```
Commits
-------
854e07b improve error when detecting unquoted asterisks
The `server:run` command switches the working directory before
starting the built-in web server. Therefore, the path to a custom
router script had to be specified based on the document root path
and not based on the user's working directory.
Asterisks in unquoted strings are used in YAML to reference
variables. Before Symfony 2.3.19, Symfony 2.4.9 and Symfony 2.5.4,
unquoted asterisks in inlined YAML code were treated as regular
strings. This was fixed for the inline parser in #11677. However, an
unquoted * character now led to an error message like this:
```
PHP Warning: array_key_exists(): The first argument should be either a string or an integer in vendor/symfony/symfony/src/Symfony/Component/Yaml/Inline.php on line 409
[Symfony\Component\Yaml\Exception\ParseException]
Reference "" does not exist at line 171 (near "- { foo: * }").
```
