This PR was merged into the 2.7 branch.
Discussion
----------
[HttpKernel] Clean test directory on tear down
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
I've been bitten by this leftover too often.
Commits
-------
0a3dc11 [HttpKernel] Clean test directory on tear down
This PR was merged into the 2.7 branch.
Discussion
----------
[DebugBundle] Reword an outdated comment about var dumper wiring
| Q | A
| ------------- | ---
| Branch? | 2.7 <!-- see comment below -->
| Bug fix? | no
| New feature? | no <!-- don't forget updating src/**/CHANGELOG.md files -->
| BC breaks? | no
| Deprecations? | no <!-- don't forget updating UPGRADE-*.md files -->
| Tests pass? | no
| Fixed tickets | N/A <!-- #-prefixed issue number(s), if any -->
| License | MIT
| Doc PR | N/A
This comment is outdated since #19647, as the default config is now the one used all the way through in HTTP mode, while it's overridden in CLI mode by the `DumpListener` on `console.command` event.
Commits
-------
f876fd9 [DebugBundle] Reword an outdated comment about var dumper wiring
This PR was merged into the 2.7 branch.
Discussion
----------
Ignore memcached missing key error on session destroy
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #18574
| License | MIT
| Doc PR | NA
Since PHP 7 session_regenerate_id triggers a warning when the session is not started.
This PR, changes the behaviours of session_destroy in the `MemcachedSessionHandler` by returning true when the user try to delete a non-existing session.
Other handler:
- LegacyPdoSessionHandler => don't check if key exists
- MongoDbSessionHandler => don't check if key exists
- NullSessionHandler => always true
- PdoSessionHandler => don't check if key exists
Commits
-------
29538b621c Ignore memcached missing key error on dession destroy
This PR was merged into the 2.7 branch.
Discussion
----------
[HttpFoundation] Generate safe fallback filename for wrongly encoded filename
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
This handles the case where the encoding of a random string cannot be detected. Until now this causes a PHP Warning `mb_strlen(): Unknown encoding ""`.
Commits
-------
8fd5569 [HttpFoundation] Generate safe fallback filename for wrongly encoded filename
This PR was merged into the 2.7 branch.
Discussion
----------
[Bridge\ProxyManager] Dont call __destruct() on non-instantiated services
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
While working on making #23678 green, I discovered that if a lazy service implements `__destruct`, then that service is not lazy anymore: it is created at destruct time.
That behavior is documented at https://github.com/Ocramius/ProxyManager/issues/258 (+related issues).
While I may understand why this behavior is the default for ProxyManager, it does not fit our "lazy-services" use case to me. Typically, nobody wants a database connection to be created to destruct the uninitialized lazy-proxy.
Blocks #23678
Commits
-------
2d79ffa0ca [Bridge\ProxyManager] Dont call __destruct() on non-instantiated services
This PR was merged into the 2.7 branch.
Discussion
----------
[Console] Fix passing options with defaultCommand
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
Seems like overwriting input for the default command is not needed (anymore?). I don't know where the removed comment comes from originally.
Use case: i want to call default command and use options at the same time:
app/console --abc=true
Commits
-------
761de99552 Fix passing options with defaultCommand
This PR was merged into the 2.7 branch.
Discussion
----------
[ProxyManager] Cleanup fixtures
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
Just noticed that these fixture files are not maintainable. And we don't need them at all in fact, let's drop them.
Commits
-------
31843d6f98 [ProxyManager] Cleanup fixtures
This PR was merged into the 2.7 branch.
Discussion
----------
[Form] Add some phpdocs for IDE autocompletion and better SCA
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
@ogizanagi I've tryed add single phpdoc `@method FormInterface[] getIterator()` to `FormInterface` but it not works correctly in PHPStorm. Have you any ideas?
<!--
- Bug fixes must be submitted against the lowest branch where they apply
(lowest branches are regularly merged to upper ones so they get the fixes too).
- Features and deprecations must be submitted against the 3.4,
legacy code removals go to the master branch.
- Please fill in this template according to the PR you're about to submit.
- Replace this comment by a description of what your PR is solving.
-->
Commits
-------
d30c751781 Add some phpdocs for IDE autocompletion and better SCA
This PR was merged into the 2.7 branch.
Discussion
----------
[Debug] Missing escape in debug output
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
When pretty-printing an exception, the debug handler does not properly escape array keys.
The problem only occurs when debug output is enabled, so this is not considered a [security issue](http://symfony.com/doc/current/contributing/code/security.html) (according to @fabpot), because the debug tools [should not be used in production](https://symfony.com/doc/current/components/debug.html#usage).
A test for this is included in my patch for #18722.
Commits
-------
636777d [Debug] HTML-escape array key
This PR was merged into the 2.7 branch.
Discussion
----------
[DI] use assertStringEqualsFile when possible
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
To make failure reporting more accurate, and maintaining tests easier (assertStringEqualsFile is already heavily used in the same file.)
Commits
-------
eebae7e [DI] use assertStringEqualsFile when possible
This PR was merged into the 2.7 branch.
Discussion
----------
[VarDumper] Adapt to php 7.2 changes
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
As required by this change on PHP 7.2:
https://wiki.php.net/rfc/convert_numeric_keys_in_object_array_casts
Tests pass locally (until we add 7.2 to Travis)
Commits
-------
3c2f5f7 [VarDumper] Adapt to php 7.2 changes
This PR was merged into the 2.7 branch.
Discussion
----------
[DI] Resolve aliases earlier
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
Not a bug fix because a compiler pass already resolves aliases, but makes reasoning locally about the code easier.
Commits
-------
9922827cc2 [DI] Resolve aliases earlier
This PR was merged into the 2.7 branch.
Discussion
----------
[Security] validate empty passwords again
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | https://github.com/symfony/symfony/pull/23341#issuecomment-315341226
| License | MIT
| Doc PR |
It looks like this part of #23341 causes serious security issues for some users who rely on the validator to also compare the empty string with their user's password (see for example https://github.com/symfony/symfony/pull/23341#issuecomment-315341226). Thus I suggest to revert this part of #23341.
Commits
-------
878198cefa [Security] validate empty passwords again
This PR was merged into the 2.7 branch.
Discussion
----------
[DI] Remove irrelevant comment from container
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes-ish
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #... <!-- #-prefixed issue number(s), if any -->
| License | MIT
| Doc PR | symfony/symfony-docs#... <!--highly recommended for new features-->
Spotted in #22811
Commits
-------
595a225a0f [DI] Remove irrelevant comment from container
This PR was merged into the 2.7 branch.
Discussion
----------
[TwigBridge] cleaner implementation of the TwigRenderer
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | no
| New feature? | no <!-- don't forget updating src/**/CHANGELOG.md files -->
| BC breaks? | no
| Deprecations? | no <!-- don't forget updating UPGRADE-*.md files -->
| Tests pass? | yes
| Fixed tickets | https://github.com/symfony/symfony/pull/23432#discussion_r125880092
| License | MIT
| Doc PR |
<!--
- Bug fixes must be submitted against the lowest branch where they apply
(lowest branches are regularly merged to upper ones so they get the fixes too).
- Features and deprecations must be submitted against the 3.4,
legacy code removals go to the master branch.
- Please fill in this template according to the PR you're about to submit.
- Replace this comment by a description of what your PR is solving.
-->
Commits
-------
c7c5ba8 [TwigBridge] cleaner implementation of the TwigRenderer
This PR was squashed before being merged into the 2.7 branch (closes#23468).
Discussion
----------
[DI] Handle root namespace in service definitions
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #... <!-- #-prefixed issue number(s), if any -->
| License | MIT
| Doc PR | symfony/symfony-docs#... <!--highly recommended for new features-->
Fixes
```
Cannot dump definition because of invalid class name ('\\stdClass')
```
for
```yaml
services:
foo: {class: '\stdClass' }
```
`ContainerBuilder` allows it, so `PhpDumper` should as well.
Commits
-------
05170c8 [DI] Handle root namespace in service definitions
This PR was merged into the 2.7 branch.
Discussion
----------
[Security] Fix authentication.failure event not dispatched on AccountStatusException
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | https://github.com/symfony/symfony/issues/18807
| License | MIT
| Doc PR | n/a
Authentication fails if the user exists but its account is disabled/expired/locked, the failure event should be dispatched in this case, so that you can hook into as for any authentication exception.
Commits
-------
64c2efd [Security] Fix authentication.failure event not dispatched on AccountStatusException
This PR was squashed before being merged into the 2.7 branch (closes#23461).
Discussion
----------
Use rawurlencode() to transform the Cookie into a string
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #23255
| License | MIT
| Doc PR | -
Commits
-------
025dfff Use rawurlencode() to transform the Cookie into a string
This PR was squashed before being merged into the 2.7 branch (closes#23261).
Discussion
----------
Fixed absolute url generation for query strings and hash urls
| Q | A
| ------------- | ---
| Branch? | 2.7, ...
| Bug fix? | yes
| New feature? |no
| BC breaks? | yes? absolute_url will change its output but the old was incorrect
| Deprecations? |no
| Tests pass? | yes?
| Fixed tickets | fixes#23260
| License | MIT
Fixed absolute url generation for query strings
Commits
-------
89ad27d544 Fixed absolute url generation for query strings and hash urls
This PR was merged into the 2.7 branch.
Discussion
----------
[Filesystem] Dont copy perms when origin is remote
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #23312
| License | MIT
| Doc PR | -
Commits
-------
7b442211dc [Filesystem] Dont copy perms when origin is remote
This PR was merged into the 2.7 branch.
Discussion
----------
[DoctrineBridge][Security][Validator] do not validate empty values
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #23319
| License | MIT
| Doc PR |
Nearly all validators operating on scalar values (except for some special constraints) do ignore empty values. If you want to forbid them, you have to use the `NotBlank` constraint instead.
Commits
-------
fd7ad234bc do not validate empty values
This PR was squashed before being merged into the 2.7 branch (closes#23274).
Discussion
----------
Display a better error design when the toolbar cannot be displayed
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes (failure unrelated)
| Fixed tickets | https://github.com/symfony/symfony/pull/23266
| License | MIT
| Doc PR | n/a
Fixing the left position of the bar (tested in app without style) and escaping the literal newline (ES5) as some IDEs fails with previous syntax (and Github diff too). Btw, I have added the Symfony icon to make clear that this message comes from Symfony ;)
**Before:**
**After:**
Commits
-------
ed3e403b4b Display a better error design when the toolbar cannot be displayed
This PR was merged into the 2.7 branch.
Discussion
----------
[Validator] Throw exception on Comparison constraints null options
| Q | A
| ------------- | ---
| Branch? | 2.7 <!-- see comment below -->
| Bug fix? | no. There is no bug, but the constraint can be silently created in an invalid state.
| New feature? | no <!-- don't forget updating src/**/CHANGELOG.md files -->
| BC breaks? | no
| Deprecations? | no <!-- don't forget updating UPGRADE-*.md files -->
| Tests pass? | yes (failure unrelated)
| Fixed tickets | N/A <!-- #-prefixed issue number(s), if any -->
| License | MIT
| Doc PR | N/A
Commits
-------
2de59a7381 [Validator] Throw exception on Comparison constraints null options
This PR was merged into the 2.7 branch.
Discussion
----------
Don't call count on non countable object
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | N/A
| License | MIT
| Doc PR |
From PHP 7.2, calling `count` on a non-countable object will emit a warning (https://wiki.php.net/rfc/counting_non_countables).
Based on the current test suit, this is the only place where I found this warning
Commits
-------
635bccdf8f Dont call count on non countable object
This PR was merged into the 2.7 branch.
Discussion
----------
Display a better error message when the toolbar cannot be displayed
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #23264
| License | MIT
| Doc PR | -
In action:
Commits
-------
cc7275bccc Display a better error message when the toolbar cannot be displayed
This PR was merged into the 2.7 branch.
Discussion
----------
[Security] fix switch user _exit without having current token
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #22729
| License | MIT
| Doc PR | -
Attempting to `_exit` from a switched user caused an error when not having any token in the storage (for example happens when not logged in + disallowing anonymous users on that firewall):
`[1] Symfony\Component\Debug\Exception\FatalThrowableError: Type error: Argument 1 passed to Symfony\Component\Security\Http\Firewall\SwitchUserListener::getOriginalToken()
must be an instance of Symfony\Component\Security\Core\Authentication\Token\TokenInterface, null given, called in
symfony/symfony/src/Symfony/Component/Security/Http/Firewall/SwitchUserListener.php on line 164`
Commits
-------
16da6861be [Security] fix switch user _exit without having current token
This PR was merged into the 2.7 branch.
Discussion
----------
[Routing] Fix XmlFileLoader exception message
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| License | MIT
When an `XmlFileLoader` encounters an unknown tag it throws an exception with message like `Unknown tag "foo" used in file "bar". Expected "default", "requirement" or "option".`. A proper message should be `Unknown tag "foo" used in file "bar". Expected "default", "requirement", "option" or "condition".`
Commits
-------
f6a94cb56f [Routing] Fix XmlFileLoader exception message
This PR was squashed before being merged into the 2.7 branch (closes#23195).
Discussion
----------
[FrameworkBundle] [Command] Clean bundle directory, fixes#23177
| Q | A
| ------------- | ---
| Branch? | 2.7 <!-- see comment below -->
| Bug fix? | yes
| New feature? | no <!-- don't forget updating src/**/CHANGELOG.md files -->
| BC breaks? | no
| Deprecations? | no <!-- don't forget updating UPGRADE-*.md files -->
| Tests pass? | no
| Fixed tickets | #23177
| License | MIT
This PR fix#23177
when running an assets:install, it will remove directorys who do not have anymore a valid Bundle
Commits
-------
180f178f43 [FrameworkBundle] [Command] Clean bundle directory, fixes#23177
