This PR was merged into the 4.2-dev branch.
Discussion
----------
[HttpFoundation] make cookies auto-secure when passing them $secure=null + plan to make it and samesite=lax the defaults in 5.0
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | yes
| Tests pass? | yes
| Fixed tickets | #26731
| License | MIT
| Doc PR | -
By creating Cookie instances using `null` for the `$secure` argument, this PR allows making cookies inherit their "secure" attribute from the request.
This PR also adds a forward to make $secure=null and samesite=lax the defaults in Symfony 5.0:
- either define all constructor's arguments explicitly
- or use the new `Cookie::create()` factory
Commits
-------
9493cfd5f2 [HttpFoundation] make cookies auto-secure when passing them $secure=null + plan to make it and samesite=lax the defaults in 5.0
This PR was merged into the 4.2-dev branch.
Discussion
----------
Trigger deprecation notices when inherited class calls parent method but misses adding new arguments
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | yes
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
This Pull Request concern severals components, the purpose here is to notify in dev mode that in a case of inherit class, a function will have a new or severals arguments in Symfony 5.0, therefore not implement it is deprecated since Symfony 4.2
The function is made by these conditions :
1- ```(func_num_args() < $x)``` where [x] is the number of arguments we will have in Symfony 5.0
this check allow to verify that the arguments are missing
2- ```(__CLASS__ !== \get_class($this))```
this check allow to verify that the name of the class is different than the base class, therefore that we are in the child class
3- ```(__CLASS__ !== (new \ReflectionMethod($this, __FUNCTION__))->getDeclaringClass()->getName())```
this check allow to verify that the class of the current function is different than the base class, therefore the function has been rewrote into the child class
Code exemple :
```
public function method(/* void $myNewArgument = null */)
{
if ((func_num_args() < 1) && (__CLASS__ !== \get_class($this)) && (__CLASS__ !== (new \ReflectionMethod($this, __FUNCTION__))->getDeclaringClass()->getName())){
@trigger_error(sprintf('The "%s()" method will have one `void $myNewArgument = null` argument in version 5.0 and higher.Not defining it is deprecated since Symfony 4.2.', __METHOD__ ), E_USER_DEPRECATED);
}
// do something
}
```
The unit test are made by creating a child Class using for the tested function ```return parent::function()``` and by calling this child class and catching the expected depreciation message
Commits
-------
f75fffa997 Trigger deprecation notices when inherited class calls parent method but misses adding new arguments
Uses `session.cookie_samesite` for PHP >= 7.3. For PHP < 7.3 it first
does a session_start(), find the emitted header, changes it, and emits
it again with the value for SameSite added.
This PR was merged into the 4.2-dev branch.
Discussion
----------
[FrameworkBundle] allow turning routes to utf8 mode by default
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | yes
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
This allows building optimized routers that match in a single regexp instead of an alternate of utf8/non-utf8 set of routes.
Commits
-------
8f359cc047 [FrameworkBundle] allow turning routes to utf8 mode by default
This PR was squashed before being merged into the 4.2-dev branch (closes#27675).
Discussion
----------
[DoctrineBridge] always load event listeners lazy via ServiceLocator
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | yes/no
| Tests pass? | yes
| Fixed tickets | https://github.com/symfony/symfony/issues/27661
| License | MIT
| Doc PR | https://github.com/symfony/symfony-docs/pull/9973
As described in https://github.com/symfony/symfony/issues/27661 this PR suggests to always load doctrine event listeners lazily from a service locator instead of the full service container.
If we agree to move forward I could tackle the remaining todos:
- [x] update UPGRADE.md
- [x] documentation PR
- [x] tested on real app
Commits
-------
130ec0525d [DoctrineBridge] always load event listeners lazy via ServiceLocator
This PR was merged into the 4.2-dev branch.
Discussion
----------
[Config] deprecate tree builders without root nodes
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | yes
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
While reviewing #27472 I wondered if we really need support config trees without a root node. If we did not support it, users wouldn't create pseudo configuration classes when they were actually not needed.
Commits
-------
c2ce15301c deprecate tree builders without root nodes
This PR was squashed before being merged into the 4.2-dev branch (closes#26981).
Discussion
----------
No more support for custom anon/remember tokens based on FQCN
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | yes
| Tests pass? | yes
| Fixed tickets | #26940
| License | MIT
| Doc PR | ~
This PR deprecates the ability to configure a custom anonymous and remember me token class, via the AuthenticationTrustResolver. The only change required _if_ you have changed the token classes like this, is to extend the Anonymous/RememberMe token classes.
Commits
-------
860d4549c2 No more support for custom anon/remember tokens based on FQCN