This PR was merged into the 5.0-dev branch.
Discussion
----------
[Security] make ExceptionEvent handle all throwables
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| Tickets |
| License | MIT
| Doc PR |
fixes `master` after merging #34309 up
Commits
-------
eba2d8efc9 make ExceptionEvent handle all throwables
This PR was merged into the 5.0-dev branch.
Discussion
----------
[5.0][Security] Minor clarification of the new isGranted signature
| Q | A
| ------------- | ---
| Branch? | 5.0
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| Tickets | n/a
| License | MIT
| Doc PR | n/a
As we now only allow a single attribute for `isGranted()` in Symfony 5, let's adapt the PHPdoc and parameter name as well.
Commits
-------
e41e6b48a9 Clarified single attribute to isGranted() a bit more
This PR was merged into the 4.4 branch.
Discussion
----------
[HttpKernel] make ExceptionEvent able to propagate any throwable
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | no
| New feature? | no
| Deprecations? | yes
| Tickets | -
| License | MIT
| Doc PR | -
An alternative to #34306.
As a reminder, the goal of this series of PRs is to remove the `FatalThrowableError` wrapper that we introduced to seamlessly handle throwables when they were introduced in PHP 7.
From the changelog of `HttpKernel`:
* Deprecated methods `ExceptionEvent::get/setException()`, use `get/setThrowable()` instead
* Deprecated class `ExceptionListener`, use `ErrorListener` instead
And the final target: removed `Symfony\Component\ErrorHandler\Exception\ErrorException` (`FatalThrowableError` is already deprecated.)
Commits
-------
6f67f0e0c0 [HttpKernel] make ExceptionEvent able to propagate any throwable
This PR was merged into the 4.4 branch.
Discussion
----------
[4.4] Disallow symfony/contracts v2
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | N/A
| License | MIT
| Doc PR | N/A
Travis is red at the moment because unit tests on 4.4 are run against the incompatible event dispatcher contracts v2. https://travis-ci.org/symfony/symfony/jobs/609622341#L4719-L4725
~~This PR proposes to switch to individual packages, so we can specifically disallow those incompatible contracts.~~
This PR pins the `symfony/contracts` package to v1.1 on `symfony/symfony`.
Commits
-------
f2dc2d6d8b Disallow symfony/contracts v2.
This PR was merged into the 5.0-dev branch.
Discussion
----------
[Contracts] Add parameter type declarations to contracts
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #32179
| License | MIT
| Doc PR | N/A
This PR proposes to create a php 7.2 version of the contracts that maintains BC with Symfony 4. The PR suggests to bump the contracts version to ~~1.2~~ 2.0 on the master branch. We would still be able to maintain the contracts 1.1 branch on Symfony's 4.4 branch, should we need to patch the current contracts in the future.
This move would allow us to add parameter type declarations to existing contracts interfaces and make use of them in Symfony 5. Especially the Translation and EventDispatcher components benefit a lot from this bump, imho.
Contracts that will be added on the road to Symfony 6 wouldn't be restricted to the capabilities of php 7.1, which would be another benefit in my opinion.
~~<sup>1</sup> Test currently fail because the translator is called with `null` as translation key. That possibility should be deprecated imho.~~
Commits
-------
4de3773979 Add parameter type declarations to contracts.
This PR was merged into the 4.4 branch.
Discussion
----------
[Security] Fix defining multiple roles per access_control rule
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | https://github.com/symfony/symfony-docs/pull/12371 needs to be reverted
#33584 deprecated passing multiple attributes to `AccessDecisionManager::decide()`, but this change must not impact `access_control` as you cannot define multiple rules with the same criteria for request matching (the first match wins).
Commits
-------
338b3dfd9f [Security] Fix defining multiple roles per access_control rule
* 4.4:
[Messenger] Fixed bad event dispatcher mocks.
[Workflow] Simplified EventDispatcherMock.
[Routing] revert the return type for UrlGeneratorInterface::generate to remove null
[HttpFoundation] Add a way to anonymize IPs
This PR was merged into the 4.4 branch.
Discussion
----------
[Messenger] Fixed bad event dispatcher mocks
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | N/A
| License | MIT
| Doc PR | N/A
`EventDispatcherInterface::dispatch()` must return the passed event object. This PR fixes two mocks that violated this contract.
Commits
-------
103930039b [Messenger] Fixed bad event dispatcher mocks.
This PR was merged into the 3.4 branch.
Discussion
----------
[Routing] revert the return type for UrlGeneratorInterface::generate to remove null
…to remove null
| Q | A
| ------------- | ---
| Branch? | 3.4 (only)
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| License | MIT
Bit of a casualty of commit tennis this:
A change to add `null` here as an option for how `UrlGeneratorInterface::generate()` (rather than the concrete `UrlGenerator`) was merged in https://github.com/symfony/symfony/pull/28321, but then [reverted](90494c20cc) for the reason [that this could be seen as a BC break](https://github.com/symfony/symfony/pull/28321#issuecomment-418540080), as the `null` return had not previously been documented (and is still not as part of the interface method docs).
However, in a subsequent change (https://github.com/symfony/symfony/pull/33252) with a wider scope, this doc change was added _back_ in order to reflect the underlying implementation as a result of a PHPStorm plugin complaining. There's no indication though of what a `null` return here though would mean, and for the same reason as the first revert (that this should be seen as a BC break), I'd like to submit this to be reverted for the 3.4 branch. (In 4.4 the `null` has already been removed.)
Having the interface indicating that this method can return `null` necessitates introducing a lot of actually redundant null checks in code that is covered by static analysis tools such as PHPStan.
Commits
-------
9f853f324f [Routing] revert the return type for UrlGeneratorInterface::generate to remove null
This PR was merged into the 4.3 branch.
Discussion
----------
[Workflow] Simplified EventDispatcherMock
| Q | A
| ------------- | ---
| Branch? | 4.3
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| Tickets | N/A
| License | MIT
| Doc PR | N/A
This PR simplifies the Workflow component's mock implementation of the event dispatcher by implementing the much simpler contracts interface instead of the full-blown component interface.
Commits
-------
5aee181c83 [Workflow] Simplified EventDispatcherMock.
This PR was merged into the 4.4 branch.
Discussion
----------
[HttpFoundation] Add a way to anonymize IPs
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR | symfony/symfony-docs#... <!-- required for new features --> TODO
This is helpful for GDPR compliance reasons, and it isn't much code saved but it's also good if you don't have to think about how to do it.
Commits
-------
9e62330bc4 [HttpFoundation] Add a way to anonymize IPs
* 4.4:
[DI] fix locators with numeric keys
Add support for NO_COLOR env var
[DI][FrameworkBundle] add EnvVarLoaderInterface - remove SecretEnvVarProcessor
Fix error when we use VO for the marking property
[DI] Remove LazyString from 4.4, before adding back to the String component
This PR was merged into the 4.4 branch.
Discussion
----------
[DI] Remove LazyString from 4.4, before adding back to the String component
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | -
In #34190 I'm proposing to move LazyString to the Service contracts, but String might be a better fit actually. Let's remove the class from 4.4 where it's not really needed, and add it back on 5.0 in the String component.
Commits
-------
b1a3ee76ac [DI] Remove LazyString from 4.4, before adding back to the String component
This PR was merged into the 4.3 branch.
Discussion
----------
[Workflow] Fix error when we use ValueObject for the marking property
| Q | A
| ------------- | ---
| Branch? | 4.3
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | Fix#28203#22031
| License | MIT
Fix Illegal offset type in `MethodMarkingStore` class when we use Value Object for
the marking property.
Now, we can avoid to use only a string an we can have a Subject class with a Value Object like this :
```php
final class State
{
public const DRAFT = 'draft';
public const REVIEWED = 'reviewed';
public const REJECTED = 'rejected';
public const PUBLISHED = 'published';
/** @var string */
private $state;
public function __construct(string $state)
{
// some validation
$this->state = $state;
}
public function __toString()
{
return $this->state;
}
public static function Draft()
{
return new self(self::DRAFT);
}
...
}
final class Subject
{
private $marking;
public function __construct(State $marking = null)
{
$this->marking = $marking;
}
public function getMarking()
{
return $this->marking;
}
public function setMarking($marking)
{
$this->marking = $marking instanceof State ? $marking : new State($marking);
}
```
Commits
-------
6570d5cbe2 Fix error when we use VO for the marking property
This PR was merged into the 4.4 branch.
Discussion
----------
[Console] Add support for NO_COLOR env var
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | no
| New feature? | yes
| Deprecations? | no
| License | MIT
| Doc PR |
Adds support for https://no-color.org/ - ideally this would be considered a bugfix and added to older releases IMO, but submitting as new feature for now.
cc @johnstevenson
Commits
-------
c1b0a8e956 Add support for NO_COLOR env var
This PR was merged into the 4.4 branch.
Discussion
----------
[DI][FrameworkBundle] add EnvVarLoaderInterface - remove SecretEnvVarProcessor
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | -
This PR allows encrypting any env vars - not only those using the `%env(secret:<...>)%` processor (and the processor is removed actually).
It does so by introducing a new `EnvVarLoaderInterface` (and a corresponding `container.env_var_loader` tag), which are objects that should return a list of key/value pairs that will be accessible via the regular `%env(FOO)%` syntax.
The PR fixes a few issues found meanwhile. One is especially important: files in the vault should end with `.php` to protect against inadvertant exposures of the document root.
Commits
-------
ba2148fff3 [DI][FrameworkBundle] add EnvVarLoaderInterface - remove SecretEnvVarProcessor
