* 3.4: (24 commits)
moved Twig runtime to proper class
fixed deprecated messages in tests
add PHP errors options to XML schema definition
[HttpCache] Unlink tmp file on error
Added LB translation for #26327 (Errors sign for people that do not see colors)
[TwigBridge] Fix rendering of currency by MoneyType
Import InvalidArgumentException in PdoAdapter
[DI] Do not suggest writing an implementation when multiple exist
[Intl] Update ICU data to 61.1
Use 3rd person verb form in command description
[Validator] Add Japanese translation
Support phpdbg SAPI in Debug::enable()
[HttpKernel] DumpDataCollector: do not flush when a dumper is provided
[DI] Fix hardcoded cache dir for warmups
[Routing] fix tests
[Routing] Fixed the importing of files using glob patterns that match multiple resources
[Ldap] cast to string when checking empty passwords
[Validator] sync validator translation id
[WebProfilerBundle] use the router to resolve file links
no type errors with invalid submitted data types
...
* 2.8:
[Intl] Update ICU data to 61.1
[Validator] Add Japanese translation
Support phpdbg SAPI in Debug::enable()
[Ldap] cast to string when checking empty passwords
[Validator] sync validator translation id
no type errors with invalid submitted data types
[FrameworkBundle] Partially revert HttpCache is not longer abstract (4d075da)
[Finder] Fixed leading/trailing / in filename
allow html5 compatible rendering of forms with null names
Change datetime input to datetime-local
* 3.4:
fixed wrong merge
Tweak message to be Flex friendly
[Routing] fixed tests
Fixing wrong class_exists on interface
Preserve percent-encoding in URLs when performing redirects in the UrlMatcher
[Console] Fix a bug when passing a letter that could be an alias
add missing validation options to XSD file
Take advantage of AnnotationRegistry::registerUniqueLoader
[DI] Optimize Container::get() for perf
fix merge
Fix tests
Refactoring tests.
* 3.4:
fixed CS
fixed CS
[Security] Namespace generated CSRF tokens depending of the current scheme
ensure that submitted data are uploaded files
[Console] remove dead code
bumped Symfony version to 3.3.13
updated VERSION for 3.3.12
updated CHANGELOG for 3.3.12
bumped Symfony version to 2.8.31
updated VERSION for 2.8.30
updated CHANGELOG for 2.8.30
bumped Symfony version to 2.7.38
updated VERSION for 2.7.37
updated CHANGELOG for 2.7.37
[Security] Validate redirect targets using the session cookie domain
prevent bundle readers from breaking out of paths
* 2.8:
fixed CS
fixed CS
[Security] Namespace generated CSRF tokens depending of the current scheme
ensure that submitted data are uploaded files
[Console] remove dead code
bumped Symfony version to 2.8.31
updated VERSION for 2.8.30
updated CHANGELOG for 2.8.30
bumped Symfony version to 2.7.38
updated VERSION for 2.7.37
updated CHANGELOG for 2.7.37
[Security] Validate redirect targets using the session cookie domain
prevent bundle readers from breaking out of paths
This PR was merged into the 2.7 branch.
Discussion
----------
Prevent bundle readers from breaking out of paths
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
<!--
- Bug fixes must be submitted against the lowest branch where they apply
(lowest branches are regularly merged to upper ones so they get the fixes too).
- Features and deprecations must be submitted against the master branch.
- Please fill in this template according to the PR you're about to submit.
- Replace this comment by a description of what your PR is solving.
-->
Commits
-------
c8f9f916b4 prevent bundle readers from breaking out of paths
* 3.4: (21 commits)
fixed CS
HttpCache lock update
[Intl] Update ICU data to 60.1
[YAML] Allow to parse custom tags when linting yaml files
[HttpKernel][Debug] Remove noise from stack frames of deprecations
[WebServerBundle] prevent console.terminate from being fired after stopping server
[Validator] Fix Costa Rica IBAN format
[Bridge/ProxyManager] Remove direct reference to value holder property
[Validator] Add Belarus IBAN format
[Config] Fix cannotBeEmpty()
[Debug] More aggressively aggregate silenced notices per file+line
[HttpFoundation] minor session-related fix
[Cache][Lock] Add RedisProxy for lazy Redis connections
[TwigBridge] [Bootstrap 4] Fix validation error design for expanded choiceType
[FrameworkBundle] Specifically inject the debug dispatcher in the collector
[WebserverBundle] fixed the bug that caused that the webserver would …
update the pull request template
[Stopwatch] minor fix
Add default mapping path for validator component
Add default mapping path for serializer component
...
* 2.8:
[Intl] Update ICU data to 60.1
[Validator] Fix Costa Rica IBAN format
[Bridge/ProxyManager] Remove direct reference to value holder property
[Validator] Add Belarus IBAN format
[FrameworkBundle] Specifically inject the debug dispatcher in the collector
update the pull request template
[Stopwatch] minor fix
* 3.4:
[HttpFoundation] refactoring: calculate when need
[Serializer] Fix extra attributes when no group specified
[Intl] Make intl-data tests pass and save language aliases again
[FrameworkBundle][Config] fix: do not add resource checkers for debug=false
[DI] Fix "almost-circular" dependencies handling
[Console] Fix CommandTester::setInputs() docblock
Only enabling validation if it is present
Fix displaying errors for bootstrap 4
[Serializer] readd default argument value
Fix reference dump for deprecated nodes
[PhpUnitBridge] Fixed fatal error in CoverageListener when something goes wrong in Test::setUpBeforeClass
[HttpKernel] Let the storage manage the session starts
[VarDumper] fix trailling comma when dumping an exception
[Validator] Fix TraceableValidator is reset on data collector instantiation
Remove useless docblocks
[FrameworkBundle] Fix docblocks
[PropertyInfo] Remove useless docblocks
* 2.8:
fixed CS
[DI] Fix PhpDumper blank lines around namespace
fixed CS
Filesystem: annotate the one network test with a "network" group.
[DependencyInjection] Don't store default deprecation template in every service definition instance
* 2.8:
fixed obsolete getMock() usage
fixed obsolete getMock() usage
[WebProfilerBundle] Display multiple HTTP headers in WDT
do not remove the Twig ExceptionController service
removed obsolete condition
do not try to register incomplete definitions
* 2.8:
fixed typo
fixed typo
Fixed a minor XML issue in a translation file
Fix merge
Fix merge
Fix merge
Fix merge
Update twig.html.twig
PhpUnitNoDedicateAssertFixer results
Improve Norwegian translations
[2.7] [FrameworkBundle] minor fix tests added by #17569
Fixed the antialiasing of the toolbar text
Simplify markdown for PR template
fixed CS
fixed CS
documented the $url parameter better
[Form] add test for ArrayChoiceList handling null
[Form] fix edge cases with choice placeholder
register commands from kernel when accessing list
Update FileSystem
* 2.8:
[WebProfilerBundle] Don't inherit CSS text-transform property for the toolbar.
Remove duplicate cursor property
Increase the inlining YAML level for config:debug
[Serializer] Minor: fix CS and PHPDoc
[Form] fix tests
[Serializer] Ensure that groups are strings
[Debug] Tell that the extension is for PHP 5 only
Static code analysis
Update AnnotationDirectoryLoader.php
added a test
Escape the delimiter in Glob::toRegex
[FrameworkBundle] Fix template location for PHP templates
[FrameworkBundle] Add path verification to the template parsing test cases
* 2.8:
[Locale] Add missing @group legacy annotations
[Form] Add missing @group legacy annotations
[Form] Use FQCN form types
Fix security-acl deps
Fix typo
[Security] Removed security-acl from the core
fixed typos
Fix doctrine mapping validation type error
Remove skipping of tests based on ICU data version whenever possible
Fix the handling of null as locale in the stub intl classes
do not dump leading backslashes in class names
fix issue #15377
Skip ::class constant
[Config] type specific check for emptiness
[Form] Deprecated FormTypeInterface::getName() and passing of type instances
Conflicts:
UPGRADE-2.8.md
composer.json
src/Symfony/Bridge/Doctrine/composer.json
src/Symfony/Bridge/Twig/composer.json
src/Symfony/Bundle/SecurityBundle/composer.json
src/Symfony/Component/ClassLoader/ClassMapGenerator.php
src/Symfony/Component/DependencyInjection/Tests/ContainerTest.php
src/Symfony/Component/Form/Tests/AbstractExtensionTest.php
src/Symfony/Component/Form/Tests/AbstractLayoutTest.php
src/Symfony/Component/Form/Tests/SimpleFormTest.php
src/Symfony/Component/Locale/Tests/LocaleTest.php
src/Symfony/Component/Locale/Tests/Stub/StubLocaleTest.php
src/Symfony/Component/Security/Acl/README.md
src/Symfony/Component/Security/Acl/composer.json
Many tests being skipped based on the ICU data version don't actually
need it. They might be testing code paths not relying on Intl, or not
performing assertions on the values depending on the ICU data and so not
dependant on the exact ICU version being used.
To let opcode caches optimize cached code, the `PHP_VERSION_ID`
constant is used to detect the current PHP version instead of calling
`version_compare()` with `PHP_VERSION`.