This PR was merged into the 3.4 branch.
Discussion
----------
[SecurityBundle] Properly escape regex in AddSessionDomainConstraintPass
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | https://github.com/symfony/symfony/issues/34774
| License | MIT
| Doc PR | -
`%s` should be escaped, so it is dumped as `%%s` (it ends up being properly unescaped at load time, so the passed value to the service is the same).
Commits
-------
de03cee846 [SecurityBundle] Properly escape regex in AddSessionDomainConstraintPass
This PR was merged into the 3.4 branch.
Discussion
----------
[FrameworkBundle] resolve service locators in `debug:*` commands
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | Fix#34470
| License | MIT
| Doc PR | -
Because of the way ServiceClosureArgument are dumped, we need to resolve locators after loading the xml dump of the container:
https://github.com/symfony/symfony/blob/3.4/src/Symfony/Component/DependencyInjection/Dumper/XmlDumper.php#L273
Commits
-------
820da66346 [FrameworkBundle] resolve service locators in `debug:*` commands
This PR was merged into the 3.4 branch.
Discussion
----------
[3.4][Validator] Allow underscore character "_" in URL username and password
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| License | MIT
Hello!
It's been a long time since my last push on Symfony :)
Here's a bug fix. I think URL usernames and password may contain an underscore. Let me know!
Commits
-------
869518bc7e [Validator] Allow underscore character "_" in URL username and password
This PR was merged into the 3.4 branch.
Discussion
----------
[SecurityBundle] Passwords are not encoded when algorithm set to "true"
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | Fix#34725
| License | MIT
| Doc PR | -
If the algorithm is set to `true`, password will be encode as plain password.
```
security:
encoders:
App\User\User:
algorithm: true
```
The reason for this is the not strict comparison of php switches.
```
switch ($config['algorithm']) {
case 'plaintext':
}
```
`true == 'plaintext'` is `true`, so the first case is hit. My first solution was to cast the algorithm to a string, to prevent this. After some feedback I have catch this problem earlier and does not allow true as valid value to the algorithm option.
Ps. This is my first PR for Symfony, any feedback is welcome :-)!
Commits
-------
83a5517c01 [SecurityBundle] Passwords are not encoded when algorithm set to \"true\"
This PR was merged into the 3.4 branch.
Discussion
----------
[Security] do not validate passwords when the hash is null
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | Fix#34775
| License | MIT
| Doc PR |
Commits
-------
5699cb22bb do not validate passwords when the hash is null
This PR was merged into the 3.4 branch.
Discussion
----------
Allow copy instead of symlink for ./link script
| Q | A
| ------------- | ---
| Branch? | 3.4 <!-- see below -->
| Bug fix? | no
| New feature? | no <!-- please update src/**/CHANGELOG.md files -->
| Deprecations? | no <!-- please update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| Tickets | N/A <!-- prefix each issue number with "Fix #", if any -->
| License | MIT
| Doc PR | N/A
Not the most efficient way to work, but sometimes it helps to test a bug fix/feature within an existing project for which symlinks can't be resolved due to the dev environment (e.g: a Vagrant where only the current project directory is mounted).
Commits
-------
b28fe66363 Allow copy instead of symlink for ./link script
This PR was merged into the 3.4 branch.
Discussion
----------
[DI] Fix making the container path-independent when the app is in /app
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | Fix#34750, Fix#34611
| License | MIT
| Doc PR | -
Right now, we mandate the app to be nested in a directory of level 2 minimum. This means apps cannot be made path-independent if they are built in e.g. `/app`.
Commits
-------
b33b9a6ad9 [DI] Fix making the container path-independent when the app is in /app
This PR was merged into the 3.4 branch.
Discussion
----------
more robust initialization from request
Request::getPort is declared as int|string but can actually return null.
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | -
I discovered this problem with a functional test where i dispatch the RequestEvent with a `new Request()`. This used to work in symfony 4 and now triggers an error `Argument 1 passed to Symfony\Component\Routing\RequestContext::setHttpPort() must be of the type int, null given`
In regular web requests, this should probably never happen, but it seems to me if Request is not robust, the RequestContext should be robust about it.
Commits
-------
c6ed0f0208 more robust initialization from request
This PR was merged into the 3.4 branch.
Discussion
----------
[Security] Fix clearing remember-me cookie after deauthentication
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | Fix#26379
| License | MIT
| Doc PR | -
If you are using the `remember_me` listener and the refreshed user is deauthenticated, you are still logged in because the remember-me cookie does not get cleared.
This fixes it.
Commits
-------
d625a73705 [Security] Fix clearing remember-me cookie after deauthentication
This PR was merged into the 3.4 branch.
Discussion
----------
Fix the translation commands when a template contains a syntax error
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no <!-- please update src/**/CHANGELOG.md files -->
| Deprecations? | no <!-- please update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| Tickets | Fix#34586
| License | MIT
| Doc PR | n/a
When using `debug:translation` or `translation:update`, we should catch exceptions to avoid breaking the command. It was not really an issue before Symfony 4.4/5 as we didn't have templates in the core that use features from optional dependencies.
Commits
-------
7f803bc674 Fix the translation commands when a template contains a syntax error
This PR was merged into the 3.4 branch.
Discussion
----------
[Validator] Update Slovenian translations
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| Tickets | Fix#30186
| License | MIT
| Doc PR | N/A
Hello, this fixes the https://github.com/symfony/symfony/issues/30186
Commits
-------
b2ae60a73b [Validator] Update Slovenian translations
This PR was merged into the 3.4 branch.
Discussion
----------
[Config][ReflectionClassResource] Handle parameters with undefined constant as their default values
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | https://github.com/symfony/symfony/issues/34053
| License | MIT
| Doc PR | -
Basically we can fix this bug by "reimplementing" php src way of building the __toString() of the method except that we avoid to call the undefined constant. Obviously we cannot invalidate the resource if the value of the constant changes since we never knew it. However, it's still better than now.
Commits
-------
8de2a226a8 [Config][ReflectionClassResource] Handle parameters with undefined constant as their default values
This PR was merged into the 3.4 branch.
Discussion
----------
[Console] Fix autocomplete multibyte input support
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | https://github.com/symfony/symfony/issues/34254
| License | MIT
| Doc PR | -
Added it just where it's needed.
Commits
-------
a1129f938c [Console] Fix autocomplete multibyte input support
This PR was merged into the 3.4 branch.
Discussion
----------
[Console] Fix commands description with numeric namespaces
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | https://github.com/symfony/symfony/issues/34111
| License | MIT
| Doc PR | -
This PR fixes the linked ticket case.
It also changes the keys sorting to display the numeric namespaces first.
It also fixes another bug if your command name starts with `_global:`. In this special case the command is considered global but its full name is still `_global:xxx`. We can't do better without more refactoring since the final array of namespaces and global commands is shared, `_global` just being a special key. Currently, if your command starts with `_global`, all global commands are not displayed at all so it's better like this anyway.
It also fixes another bug if your command starts with `0:` (cf `'' ===` comparison).
Commits
-------
4d47868125 [Console] Fix commands description with numeric namespaces
This PR was merged into the 3.4 branch.
Discussion
----------
[DI] Missing test on YamlFileLoader
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? |no
| Deprecations? |no
| Tickets | -
| License | MIT
| Doc PR | -
Missing test on YamlFileLoader
Commits
-------
b9d5237f67 [DI] Missing test on YamlFileLoader
This PR was submitted for the master branch but it was merged into the 3.4 branch instead.
Discussion
----------
Simpler example for Apache basic auth workaround
Uses a simpler regex and existing back-reference instead of reading header twice.
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| Tickets | #1813
| License | MIT
Improvement to code documentation, no change to executed code.
Commits
-------
388528da50 Simpler example for Apache basic auth workaround
