The test suite does not pass locally because I use a custom
file_link_format. I do it because it works everywhere.
Then, Symfony tries to read this value before the default one.
We could use ini_set before the test but unfortunatelly there are no way
to define the "cfg_var". For recall, get_cfg_var allows to return the
configuration value even if the extension is not loaded. And again it's
my case: I don't enable xdebug to have better performance.
This PR was merged into the 2.7 branch.
Discussion
----------
[FrameworkBundle] fix IPv6 address handling in server commands
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | https://github.com/symfony/symfony/pull/21039#discussion_r93915788
| License | MIT
| Doc PR |
This fixes https://github.com/symfony/symfony/pull/21039#discussion_r93915788 as reported by @sstok for the existing commands by backporting @fabpot's patch from #21039.
Commits
-------
2bb4713 fix IPv6 address handling in server commands
This PR was squashed before being merged into the 2.7 branch (closes#19586).
Discussion
----------
[TwigBundle] Fix bug where namespaced paths don't take parent bundles in account
| Q | A |
| --- | --- |
| Branch? | 2.7 |
| Bug fix? | yes |
| New feature? | no |
| BC breaks? | no |
| Deprecations? | no |
| Tests pass? | yes |
| Fixed tickets | #6919 |
| License | MIT |
| Doc PR | |
Currently namespaced paths for templates such as `{% extends '@App/Layout/layout.html.twig' %}` do not work with bundles that have overruled templates using the `getParent()` method in another bundle. See attached ticket. This change prepends the path of the bundle implementing `getParent()` to the paths of the namespace of bundle returned as a parent.
Commits
-------
0c77ce2355 [TwigBundle] Fix bug where namespaced paths don't take parent bundles in account
This PR was merged into the 2.7 branch.
Discussion
----------
[TwigBundle] Fixing regression in TwigEngine exception handling
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #21176
| License | MIT
Fixing regression after #20831 in TwigEngine exception handling.
Commits
-------
390cb33 Fixing regression in TwigEngine exception handling.
By default, the `DateType` as well as the `DateTimeType` set the choices
being available for the year to a range starting five years in the past.
After some time, this will make tests fail when the year of the fixed
date being used as the initial data is before the first year being part
of the choices.
This PR was merged into the 2.7 branch.
Discussion
----------
[TwigBundle] do not try to register incomplete definitions
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #20212
| License | MIT
| Doc PR |
Commits
-------
2c9dc66 do not try to register incomplete definitions
This PR was merged into the 2.7 branch.
Discussion
----------
[FrameworkBundle] Fix PHP form templates on translatable attributes
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | https://github.com/symfony/symfony/pull/20365#issuecomment-267333293
| License | MIT
| Doc PR | symfony/symfony-docs#... <!--highly recommended for new features-->
Separated from #20365
Commits
-------
10806e0 [FrameworkBundle] Fix PHP form templates on translatable attributes
This PR was merged into the 2.7 branch.
Discussion
----------
Write an exception message in a one heading line
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
It allows quickly `grep`-ing exception messages in console, for example:
```bash
curl localhost/any-path-which-throws-uncaught-exception | grep '<h1>'
```
But it's impossible to use `grep` filter when exception message goes on the next line after `<h1>` tag.
Commits
-------
21925da Write an exception message in a one heading line
This PR was merged into the 2.7 branch.
Discussion
----------
[FrameworkBundle] Fix unresolved parameters from default configs in debug:config
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
When using the `debug:config` command, if the dumped configuration is explicitly defined by the user, then parameters are properly resolved in the output. If it is not, and values come from the bundle default configuration directly, they are not.
Steps to reproduce:
- Checkout the symfony demo
- Run `debug:config twig`
- Look at the `debug` key, it is the `kernel.debug` parameter properly resolved: `true`
- Look at the `cache` key, it is not resolved: `'%kernel.cache_dir%/twig'`
This fixes it by resolving the configs once again after processing the configuration.
ping @weaverryan
Commits
-------
26f588a Fix unresolved parameters from default bundle configs in debug:config
This PR was merged into the 2.7 branch.
Discussion
----------
[FrameworkBundle] Bundle commands are not available via find()
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
The `Symfony\Bundle\FrameworkBundle\Console\Application::find()` method does not retrieve the bundle commands and only checks the ones that were added manually.
Commits
-------
dd69b88 Fix bundle commands are not available via find()
This PR was merged into the 2.7 branch.
Discussion
----------
[WebProfilerBundle] add dependency on Twig
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #20802
| License | MIT
| Doc PR |
Requiring a specific minimum version of the TwigBridge just to be sure
that we end up with the required Twig version does not make much sense
if can simply specify the required version instead (we do in fact depend
on Twig in the WebProfilerBundle).
Commits
-------
91689a7 add dependency on Twig
Requiring a specific minimum version of the TwigBridge just to be sure
that we end up with the required Twig version does not make much sense
if can simply specify the required version instead (we do in fact depend
on Twig in the WebProfilerBundle).
This PR was merged into the 2.7 branch.
Discussion
----------
[FrameworkBundle] Improve performance of ControllerNameParser
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
Today I was searching for bottlenecks in my application using Blackfire. And among other things I found one in Symfony. Blackfire showed that `Symfony\Bundle\FrameworkBundle\Controller\ControllerNameParser::findAlternative()` was called almost 300 times which took 28 miliseconds.
It turns out that `Symfony\Bundle\FrameworkBundle\Routing\DelegatingLoader::load()` is calling `ControllerNameParser::parse()` without actually needing to do so because `$controller` is in the class::method notation already. `ControllerNameParser` threw an exception, DelegatingLoader caught and ignored it - that's ok. The problem is that generating the exception message took a lot of time because findAlternative is slow. In my case it called the levenshtein function over 5000 times which was completely useless because the exception is ignored anyway.
Commits
-------
cf333f3 [FrameworkBundle] Improve performance of ControllerNameParser
This PR was merged into the 2.7 branch.
Discussion
----------
[SecurityBundle] Fix complete config tests
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
Fixes a little bug in `*CompleteConfigurationTest`: if a test fails for one format, subsequent tests for other formats will also fail. This is because subsequent tests actually use the container built from the very first tested config, which is PHP if all tests are ran.
This can be reproduced by changing a value in the PHP config fixtures. `PhpCompleteConfigurationTest` will fail as expected but `XmlCompleteConfigurationTest` and `YamlCompleteConfigurationTest` will fail too, which is not expected.
Commits
-------
b25c1d3 Fix complete config tests
This PR was merged into the 2.7 branch.
Discussion
----------
Enhance GAE compat by removing some realpath()
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #20241
| License | MIT
| Doc PR | -
The remaining ones are in test folders, or in things that don't run/have to run on GAE directly (e.g. commands).
Commits
-------
f2f232d Enhance GAE compat by removing some realpath()
This PR was merged into the 2.7 branch.
Discussion
----------
[FrameworkBundle] Convert null prefix to an empty string in translation:update
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #20044
| License | MIT
| Doc PR | n/a
This command needs the ability to use an empty string as prefix, which is not possible using `bin/console translation:update --prefix=""` because `$argv` doesn't parse empty strings thus the value is converted to `null` by `ArgvInput` (only since #19946, before the option was not considered to be set, giving the default `'__'` thus this should be fine from a BC pov).
Here I propose to explicitly convert the `prefix` value to an empty string if set to `null`, as it is a very specific need and we can't guess that from `ArgvInput`.
An other way to fix it could be to add a `--no-prefix` option to the command but I don't think it is worth it, and it couldn't be treated as a bug fix thus not fixed before `3.2`.
Commits
-------
f02b687 [FrameworkBundle] Convert null prefix to an empty string in translation:update command
This PR was merged into the 2.7 branch.
Discussion
----------
[Yaml][TwigBridge] Use JSON_UNESCAPED_SLASHES for lint commands output
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
Slashes are escaped when sing the `lint:twig` and `lint:yaml` commands with the `format` option set to `json`, giving such results:
```json
[
{
"file": "yaml\/wrong\/1.yml",
"valid": false,
"message": "Unable to parse at line 1 (near \";:cc`\")."
}
]
```
That's not convenient as file paths may be reused (e.g. copy-pasted).
Results stay fine as error messages are already escaped:
```json
[
{
"file": "yaml/wrong/1.yml",
"valid": false,
"message": "Unable to parse at line 1 (near \";:cc`\")."
}
]
```
Commits
-------
0427594 Use JSON_UNESCAPED_SLASHES for lint commands output
This PR was merged into the 2.7 branch.
Discussion
----------
[FrameworkBundle] Check for class existence before is_subclass_of
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
Same as #19342
Commits
-------
8a9e0f5 [FrameworkBundle] Check for class existence before is_subclass_of
This commit fix a bug when using debug function too soon.
For example, if you call dump function during kernel::boot() the
dump output will be sent to stderr, even in a web context.
With this patch, the data collector is used by default, so the
dump output is send to the WDT. In a CLI context, if dump is used
too soon, the datacollector will buffer it, and release it at the
end of the script. So in this case everything will be visible by the
end used.
This PR was squashed before being merged into the 2.7 branch (closes#19373).
Discussion
----------
[Form] Skip CSRF validation on form when POST max size is exceeded
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #19140
| License | MIT
| Doc PR | N/A
In #19140 the CSRF validation listener was not aware that the POST max size had exceeded, and was adding a form error message that wasn't relevant to the actual error.
This introduces the `ServerParams` utility class into the `CsrfValidationListener` and checks that the POST max size has not been exceeded. If it has then it won't bother trying to validate the CSRF token.
My main concern with this change is that it opens up an attack vector around tokens, but I've encapsulated the request size validation in a single method in `ServerParams` now so that the request handlers are using the same logic.
Commits
-------
289531f [Form] Skip CSRF validation on form when POST max size is exceeded
This PR was squashed before being merged into the 2.7 branch (closes#19405).
Discussion
----------
Fixed bugs in names of classes and methods.
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | ~
| License | MIT
| Doc PR | ~
It's related to case sensitive.
I changed only calls of names of called methods but not definition of methods because BC.
Commits
-------
c41aa03 Fixed bugs in names of classes and methods.
This PR was squashed before being merged into the 2.7 branch (closes#18688).
Discussion
----------
[HttpFoundation] Warning when request has both Forwarded and X-Forwarded-For
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR | symfony/symfony-docs#6526
Emit a warning when a request has both a trusted Forwarded header and a trusted X-Forwarded-For header, as this is most likely a misconfiguration which causes security issues.
Commits
-------
ee8842f [HttpFoundation] Warning when request has both Forwarded and X-Forwarded-For
This PR was squashed before being merged into the 2.7 branch (closes#18971).
Discussion
----------
Do not inject web debug toolbar on attachments
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #18965
| License | MIT
| Doc PR | -
Commits
-------
4a7d836 Do not inject web debug toolbar on attachments