This PR was merged into the 4.3 branch.
Discussion
----------
[SecurityBundle] display the correct class name on the deprecated notice
| Q | A
| ------------- | ---
| Branch? | 4.3 <!-- see below -->
| Bug fix? | yes
| New feature? |no <!-- please update src/**/CHANGELOG.md files -->
| BC breaks? | no <!-- see https://symfony.com/bc -->
| Deprecations? |no <!-- please update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| Tests pass? | yes <!-- please add some, will be required by reviewers -->
| Fixed tickets | - <!-- #-prefixed issue number(s), if any -->
| License | MIT
| Doc PR | - <!-- required for new features -->
<!--
Replace this notice by a short README for your feature/bugfix. This will help people
understand your PR and can be used as a start for the documentation.
Additionally (see https://symfony.com/roadmap):
- Bug fixes must be submitted against the lowest maintained branch where they apply
(lowest branches are regularly merged to upper ones so they get the fixes too).
- Features and deprecations must be submitted against branch 4.4.
- Legacy code removals go to the master branch.
-->
Commits
-------
8e64b9a7ec [SecurityBundle] display the correct class name on the deprecated notice
This PR was merged into the 3.4 branch.
Discussion
----------
Fix return statements
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
Discovered while working on #30323
This will sync the code from 3.4 up to master, where adding return types will require these.
Commits
-------
2bc05c83b4 Fix return statements
This PR was merged into the 3.4 branch.
Discussion
----------
[Form] fix return type on FormDataCollector
| Q | A
| ------------- | ---
| Branch? | master <!-- see below -->
| Bug fix? | yes
| New feature? |no <!-- please update src/**/CHANGELOG.md files -->
| BC breaks? | no <!-- see https://symfony.com/bc -->
| Deprecations? |no <!-- please update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| Tests pass? | yes <!-- please add some, will be required by reviewers -->
| Fixed tickets | - <!-- #-prefixed issue number(s), if any -->
| License | MIT
| Doc PR | - <!-- required for new features -->
<!--
Replace this notice by a short README for your feature/bugfix. This will help people
understand your PR and can be used as a start for the documentation.
Additionally (see https://symfony.com/roadmap):
- Bug fixes must be submitted against the lowest maintained branch where they apply
(lowest branches are regularly merged to upper ones so they get the fixes too).
- Features and deprecations must be submitted against branch 4.4.
- Legacy code removals go to the master branch.
-->
Commits
-------
de6b9efddd [Form] fix return type on FormDataCollector
This PR was merged into the 3.4 branch.
Discussion
----------
Disable PHPUnit result cache on the CI
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
We don't need it and disabling it works around the segfault on 4.3
Commits
-------
912d7db7dd Disable PHPUnit result cache on the CI
This PR was merged into the 4.3 branch.
Discussion
----------
[Security] Cleanup "Digest nonce has expired." translation
| Q | A
| ------------- | ---
| Branch? | 4.3
| Bug fix? | yes
| New feature? | no
| BC breaks? | no <!-- see https://symfony.com/bc -->
| Deprecations? | no
| Tests pass? | yes <!-- please add some, will be required by reviewers -->
| Fixed tickets | #... <!-- #-prefixed issue number(s), if any -->
| License | MIT
| Doc PR | symfony/symfony-docs#... <!-- required for new features -->
Same as #31243 actually
Commits
-------
7aa1120993 [Security] Cleanup "Digest nonce has expired." translation
This PR was merged into the 3.4 branch.
Discussion
----------
[Translation] Highlight invalid translation status
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| BC breaks? | no <!-- see https://symfony.com/bc -->
| Deprecations? | no
| Tests pass? | yes <!-- please add some, will be required by reviewers -->
| Fixed tickets | #... <!-- #-prefixed issue number(s), if any -->
| License | MIT
| Doc PR | symfony/symfony-docs#... <!-- required for new features -->
Highlights translation locales with overflow in red, which is currently the case in 4.3 :)
Commits
-------
2d8015551e [Translation] Highlight invalid translation status
This PR was squashed before being merged into the 3.4 branch (closes#33096).
Discussion
----------
Added translations in validator for Serbian Cyrillic
Resolves#30188
Should be able for merges in branches >3.4, not sure how to do that tho :(
Commits
-------
23d4a23b46 Added translations in validator for Serbian Cyrillic
This PR was squashed before being merged into the 3.4 branch (closes#33097).
Discussion
----------
Added translations in validator for Serbian Latin
[Validator] Added translations
Related to #30188
Working on Serbian Cyrillic I saw that Latin translations are also missing some translations so this is a PR related to that. As said in the Cyrillic PR this should be able to be merged in all branches above 3.4, but I am not sure how to do that.
Commits
-------
fbe7362362 Added translations in validator for Serbian Latin
This PR was merged into the 4.3 branch.
Discussion
----------
[EventDispatcher] wrong Request class
| Q | A
| ------------- | ---
| Branch? | 4.3 <!-- see below -->
| Bug fix? | yes
| New feature? |no <!-- please update src/**/CHANGELOG.md files -->
| BC breaks? | no <!-- see https://symfony.com/bc -->
| Deprecations? |no <!-- please update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| Tests pass? | yes <!-- please add some, will be required by reviewers -->
| Fixed tickets | - <!-- #-prefixed issue number(s), if any -->
| License | MIT
| Doc PR | - <!-- required for new features -->
<!--
Replace this notice by a short README for your feature/bugfix. This will help people
understand your PR and can be used as a start for the documentation.
Additionally (see https://symfony.com/roadmap):
- Bug fixes must be submitted against the lowest maintained branch where they apply
(lowest branches are regularly merged to upper ones so they get the fixes too).
- Features and deprecations must be submitted against branch 4.4.
- Legacy code removals go to the master branch.
-->
Commits
-------
97d6184 [EventDispatcher] wrong Request class
This PR was merged into the 4.3 branch.
Discussion
----------
[DependencyInjection] Improve an exception message
| Q | A
| ------------- | ---
| Branch? | 4.3
| Bug fix? | yes
| New feature? | no <!-- please update src/**/CHANGELOG.md files -->
| BC breaks? | no <!-- see https://symfony.com/bc -->
| Deprecations? | no <!-- please update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| Tests pass? | yes <!-- please add some, will be required by reviewers -->
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
When defining a service with an id that is also a class name, you might have an error message like `Class “” used for service “\App\Some\Service” cannot be found.` if your is starts with a backslash.
The new error message is now hopefully less cryptic: `Service definition "\App\Some\Service" has no class, and its name looks like a FQCN but it starts with a backslash; remove the leading backslash.`
Commits
-------
3647ccaeca [DependencyInjection] improved exception message
This PR was merged into the 3.4 branch.
Discussion
----------
Use PHPUnit 8.3 on Travis when possible
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
Followup #33072 to fix dependency resolution
Commits
-------
41d94c3226 Bump minimal requirements
de5256b78b Use PHPUnit 8.3 on Travis when possible
This PR was submitted for the 4.4 branch but it was merged into the 4.3 branch instead (closes#32541).
Discussion
----------
[HttpKernel] trim the leading backslash in the controller init
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | no
| New feature? | no <!-- please update src/**/CHANGELOG.md files -->
| BC breaks? | no <!-- see https://symfony.com/bc -->
| Deprecations? | no <!-- please update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| Tests pass? | yes <!-- please add some, will be required by reviewers -->
| Fixed tickets | #29945
| License | MIT
| Doc PR | none <!-- required for new features -->
<!--
Replace this notice by a short README for your feature/bugfix. This will help people
understand your PR and can be used as a start for the documentation.
Additionally (see https://symfony.com/roadmap):
- Bug fixes must be submitted against the lowest maintained branch where they apply
(lowest branches are regularly merged to upper ones so they get the fixes too).
- Features and deprecations must be submitted against branch 4.4.
- Legacy code removals go to the master branch.
-->
This fixes an error where the classes exists when using a leading backslash in the controller, it's not invalid to do so.
see https://github.com/symfony/symfony/pull/30045#discussion_r271716906
Commits
-------
3c8d395d0d [HttpKernel] fixed class having a leading \ in a route controller
6fdf2527d6 [HttpKernel] trim the leading backslash in the controller init
This PR was merged into the 3.4 branch.
Discussion
----------
Fix unitialized variable in DeprecationErrorHandler
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
In some case the variable `isAtLeastPhpUnit83` were not initialized (see https://github.com/symfony/symfony/pull/33079/files#r312406060).
This PR initialize it when needed.
Commits
-------
310e5c7549 Fix unitialized variable in DeprecationErrorHandler
This PR was merged into the 3.4 branch.
Discussion
----------
Added the missing translations for the Slovak 'sk' locale.
| Q | A
| ------------- | ---
| Branch? | 3.4 <!-- see below -->
| Bug fix? | yes
| New feature? | no <!-- please update src/**/CHANGELOG.md files -->
| BC breaks? | no <!-- see https://symfony.com/bc -->
| Deprecations? | no <!-- please update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| Tests pass? | yes <!-- please add some, will be required by reviewers -->
| Fixed tickets | <!-- #-prefixed issue number(s), if any -->
| License | MIT
| Doc PR | <!-- required for new features -->
Added the missing translations for the Slovak 'sk' locale.
<!--
Replace this notice by a short README for your feature/bugfix. This will help people
understand your PR and can be used as a start for the documentation.
Additionally (see https://symfony.com/roadmap):
- Bug fixes must be submitted against the lowest maintained branch where they apply
(lowest branches are regularly merged to upper ones so they get the fixes too).
- Features and deprecations must be submitted against branch 4.4.
- Legacy code removals go to the master branch.
-->
Commits
-------
32a085a75f Added the missing translations for the Slovak 'sk' locale.
This PR was submitted for the 4.2 branch but it was squashed and merged into the 4.3 branch instead (closes#32455).
Discussion
----------
[HttpFoundation] Clear invalid session cookie
| Q | A
| ------------- | ---
| Branch? | 4.2 (actually maybe should also go to 3.4, see below)
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | TODO
| Fixed tickets |
| License | MIT
| Doc PR | not required
Currently, invalid session cookies are not cleaned up.
If the session is empty, the `AbstractSessionHandler::write()` destroys the session. If a new session has been started in the current process (meaning `session_start()` has sent the `Set-Cookie` header) then the `AbstractSessionHandler` will make sure this cookie is not sent to the client. If, however, `session_start()` did not send a cookie (meaning there was already a valid session ID in your request cookie), the `AbstractSessionHandler` will clear the session cookie (send a 0-lifetime cookie).
If, however, the request does contain a session ID cookie but it is not valid, `session_start()` will send a new cookie which is then again cleared by the `AbstractSessionHandler`. But it will not clear the old cookie sent by the request.
Here's a more complex example of what happens in the code flow when a user logs out and we regenerate a new session id for security reasons:
1. You have no `PHPSESSID` cookie yet.
2. You log into the system, you get a new `PHPSESSID` assigned. Let's go for session ID `1`.
3. You log out of the system, for security reasons you get session ID `2` regenerated.
4. The `AbstractSessionListener` pops in and calls `->save()` on your session handler.
5. The `NativeSessionStorage` calls the `StrictSessionHandler` (in fact the abstract parent, `AbstractSessionHandler`) which `write()`s the session data. In case the session data is empty, it will actually `destroy()` the session which means it will invalidate the session cookie. In that case, however, it won't send a 0-lifetime cookie because `$cookie = SessionUtils::popSessionCookie($this->sessionName, $sessionId);` will **not** return `null`. That is because after regeneration we actually do have a `Set-Cookie: PHPSESSID=2` header present.
6. This means, our `PHPSESSID=1` cookie is never deleted.
Why is this a problem?
Well, we have an invalid cookie that remains floating around forever. Loads of reverse proxies consider requests with cookies as being private and thus disable caching.
I'm not sure this is the correct fix here but it felt like the only place we can do this because it has to happen during or after `$session->save()`.
Looking for feedback first before we finish this with tests etc.
Regarding Symfony 3.4: Not sure how this is affected because there's not even a `SessionUtils` class so I'd prefer to leave that fix to somebody who feels more comfortable with that code base 😄
/cc @aschempp
Commits
-------
b22a7263b9 [HttpFoundation] Clear invalid session cookie
This PR was merged into the 3.4 branch.
Discussion
----------
[Serializer] Fix negative DateInterval
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #33052
| License | MIT
| Doc PR | NA
This PR adds support for negative and signed DateInterval
Commits
-------
abb8a676ba Fix negative DateInterval
