* 3.4:
[Security] Adding a GuardAuthenticatorHandler alias
fixed tests
moved method to function
marked method as being internal
Disallow viewing dot-files in Profiler
This PR was submitted for the master branch but it was squashed and merged into the 3.4 branch instead (closes#25274).
Discussion
----------
[Security] Adding a GuardAuthenticatorHandler alias
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | kinda
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | none
| License | MIT
| Doc PR | This feature is not currently documented
The `security.authentication.guard_handler` service *is* actually meant to be available for users to use. Specifically, the `authenticateUserAndHandleSuccess()` method is useful to auto-login the user after, for example, registration, but maintain all the behavior of a normal login (success behavior, trigger the login event).
So, it should have an autowiring alias.
Commits
-------
844c402171 [Security] Adding a GuardAuthenticatorHandler alias
This PR was merged into the 3.3 branch.
Discussion
----------
[FrameworkBundle] Fix a bug where a color tag will be shown when passing an antislash
| Q | A
| ------------- | ---
| Branch? | 3.3
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #25193
| License | MIT
| Doc PR | none
You can see in the [reproducer](e6509ffcb4) when running `bin/console debug:container` that there an error in the ouput (like in the issue) when using a class with `\` in the service name.
This PR fix this wrong output. (even if that feels more developer thingy when there are xml everywhere ;)
Commits
-------
890edf7c38 [FrameworkBundle] Fix a bug where a color tag will be shown when passing an antislash
* 3.4:
[DI] Fix missing unset leading to false-positive circular ref
[DI] Fix deep-inlining of non-shared refs
parse newlines in quoted multiline strings
Fix collision between view properties and form fields
Fix collision between view properties and form fields
[SecurityBundle] Fix compat with HttpFoundation >=3.4
Fix collision between view properties and form fields
This PR was merged into the 2.7 branch.
Discussion
----------
Fix for missing whitespace control modifier in form layout
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #25252
| License | MIT
| Doc PR | -
That single missing whitespace control modifier results in e.g. new line in `data-prototype` attribute when using CollectionType field type in form.
Commits
-------
369075a282 Fix for missing whitespace control modifier in form layout
This PR was merged into the 3.3 branch.
Discussion
----------
[WebProfiler] Disallow viewing dot-files in Profiler
| Q | A
| ------------- | ---
| Branch? | 3.3
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| License | MIT
The file viewer in the profiler should not open files that were specifically intended to be hidden, like specifically .env files, but similarly files like .htaccess that might expose server configuration knowledge.
Added tests validating both the new and old behavior.
Commits
-------
6a2f518e74 Disallow viewing dot-files in Profiler
This PR was merged into the 3.4 branch.
Discussion
----------
[Form][TwigBridge] Fix collision between view properties and form fields
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
Require https://github.com/symfony/symfony/pull/25236 merged in 3.4
Commits
-------
c330965cfb Fix collision between view properties and form fields
This PR was merged into the 3.3 branch.
Discussion
----------
[Form][TwigBridge] Fix collision between view properties and form fields
| Q | A
| ------------- | ---
| Branch? | 3.3
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
Require https://github.com/symfony/symfony/pull/25236 merged in 3.3
Commits
-------
888b48a89c Fix collision between view properties and form fields
This PR was merged into the 4.0 branch.
Discussion
----------
[DI] turn $private to protected in dumped container, to make cache:clear BC
| Q | A
| ------------- | ---
| Branch? | 4.0
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
Turning this property to protected changes nothing to its visibility in practice as the class is final anyway,
but when migrating to SF4.0 from 3.4, the `cache:clear` command chokes with "Compile Error: Access level to srcDevDebugProjectContainer::$privates must be protected".
Let's make it protected to remove this WTF.
Commits
-------
c98d967b0c [DI] turn $private to protected in dumped container, to make cache:clear BC
The file viewer in the profiler should not open files that were meant
to be hidden, like specifically .env files, but similarly files like
.htaccess that might expose server configuration knowledge.
* 3.4:
SCA with Php Inspections (EA Extended)
Add test case for #25264
Fixed the null value exception case.
Remove rc/beta suffix from composer.json files
Throw an exception is expression language is not installed
Fail as early and noisily as possible
[Console][DI] Fail gracefully
[FrameworkBundle] Fix visibility of a test helper
[link] clear the cache after linking
[DI] Trigger deprecation when setting a to-be-private synthetic service
[link] Prevent warnings when running link with 2.7
[Validator] ExpressionValidator should use OBJECT_TO_STRING to allow value in message
do not eagerly filter comment lines
[WebProfilerBundle], [TwigBundle] Fix Profiler breaking XHTML pages (Content-Type: application/xhtml+xml)
This PR was merged into the 3.4 branch.
Discussion
----------
[DI] Throw an exception if Expression Language is not installed
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #25277
| License | MIT
| Doc PR | ø
The [`PhpDumper` already has this check](https://github.com/symfony/symfony/blob/master/src/Symfony/Component/DependencyInjection/Dumper/PhpDumper.php#L1688-L1690) but it is missing here.
Commits
-------
75b21e9 Throw an exception is expression language is not installed
* 3.3:
Fail as early and noisily as possible
[FrameworkBundle] Fix visibility of a test helper
[link] clear the cache after linking
[link] Prevent warnings when running link with 2.7
[Validator] ExpressionValidator should use OBJECT_TO_STRING to allow value in message
do not eagerly filter comment lines
[WebProfilerBundle], [TwigBundle] Fix Profiler breaking XHTML pages (Content-Type: application/xhtml+xml)
* 2.8:
[FrameworkBundle] Fix visibility of a test helper
[link] clear the cache after linking
[link] Prevent warnings when running link with 2.7
[Validator] ExpressionValidator should use OBJECT_TO_STRING to allow value in message
* 2.7:
[FrameworkBundle] Fix visibility of a test helper
[link] clear the cache after linking
[link] Prevent warnings when running link with 2.7
[Validator] ExpressionValidator should use OBJECT_TO_STRING to allow value in message
This PR was merged into the 3.3 branch.
Discussion
----------
[Yaml] do not eagerly filter comment lines
| Q | A
| ------------- | ---
| Branch? | 3.3
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
Trying to be clever by filtering commented lines inside
`getNextEmbedBlock()` does not work as expected. The `#` may as well be
part of a multi-line quoted string where it must not be treated as the
beginning of a comment. Thus, we only must ensure that a comment-like
line does not skip the process of getting the next line of the embed
block.
Commits
-------
d594038 do not eagerly filter comment lines
This PR was merged into the 4.0 branch.
Discussion
----------
[DI] Cast ids to string, as done on 3.4
| Q | A
| ------------- | ---
| Branch? | 4.0
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
As reported on slack, we're now missing cast-to-string.
This PR puts them explicitly at the places where 3.4 has a call to the removed "normalizeId" method.
Commits
-------
11c6b38 Ensure services & aliases can be referred to with `__toString`able objects
483dd13 [DI] Cast ids to string, as done on 3.4
This PR was merged into the 3.3 branch.
Discussion
----------
Fail as early and noisily as possible
| Q | A
| ------------- | ---
| Branch? | 3.3
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n / a
| License | MIT
An alternative would be to use a custom error handler
Commits
-------
3bdeda0 Fail as early and noisily as possible
This PR was merged into the 3.4 branch.
Discussion
----------
[Validator] Fixed the @Valid(groups={"group"}) against null exception case
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
When `@Valid(groups={"group"})` has non-empty groups and the value is `null`, validator throws `Cannot validate values of type "NULL" automatically. Please provide a constraint.` at `RecursiveContextualValidator:164`.
I don't really understand, why everything is okay for `@Valid()` without groups, but hope that my fix is correct anyway.
Commits
-------
56f24d0 Fixed the null value exception case.
