This PR was merged into the 2.7 branch.
Discussion
----------
[Form] keep the context when validating forms
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #25542
| License | MIT
| Doc PR |
Commits
-------
317da3bdf8 keep the context when validating forms
This PR was merged into the 2.7 branch.
Discussion
----------
[DI] minor: use a strict comparison in setDecoratedService
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | no
| New feature? | no <!-- don't forget to update src/**/CHANGELOG.md files -->
| BC breaks? | no
| Deprecations? | no <!-- don't forget to update UPGRADE-*.md files -->
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
Commits
-------
f167b50 [DI] minor: use a strict comparision in setDecoratedService
This PR was squashed before being merged into the 2.7 branch (closes#25373).
Discussion
----------
Use the PCRE_DOLLAR_ENDONLY modifier in route regexes
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
`UrlMatcher::match($pathinfo)` applies `rawurldecode()` to the `$pathinfo` before trying to match it against the routes.
If the URL contains a percent-encoded trailing newline (like in `/foo%0a`), the default PHP PCRE will still consider `#^/foo$#` a match, as the `$` metacharacter will also match *immediately before* the final character *if it is a newline*. This behavior can be changed by applying the [`PCRE_DOLLAR_ENDONLY` modifier](http://php.net/manual/en/reference.pcre.pattern.modifiers.php).
Without this change, URLs with trailing `%0a` lead to weird notices further down the road, for example when the `RedirectableUrlMatcher` or its equivalent in `PhpMatcherDumper` kick in, look at the last character (this time actually the newline), append a `/` and try to redirect to the resulting URL. Ultimately, PHP will complain with `Warning: Header may not contain more than a single header, new line detected` when sending the `Location` header.
Commits
-------
f713a3e Use the PCRE_DOLLAR_ENDONLY modifier in route regexes
This PR was merged into the 3.4 branch.
Discussion
----------
[Form] Make sure errors are a part of the label on bootstrap 4 - this is a requirement for WCAG2
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR | symfony/symfony-docs#... <!--highly recommended for new features-->
I recently let Europe's leading accessibility experts (Funkanu.se) review a site of mine, they gave me (among other) the feedback that errors should be a part of the label.
They said that it makes no sense for blind users to read label, read input and then read errors.
I know the implementation might look strange. But I wish something like this would be merged. That would be great for accessibility for all apps using Symfony.
We *could* also make sure it prints something like:
```
<label for=”name”>Name: <span class=”hidden”>Error message</span></label>
<input id=”name” type=”text”>
<span aria-hidden=”true”>Error message</span>
```
Commits
-------
a0b40f5 [Form] Make sure errors are a part of the label on bootstrap 4 - this is a requirement for WCAG2
This PR was merged into the 3.4 branch.
Discussion
----------
[Config] Only using filemtime to check file freshness
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #25999
| License | MIT
Commits
-------
52c9cb4 [Config] Only using filemtime to check file freshness
This PR was merged into the 3.4 branch.
Discussion
----------
[Config] Handle Service/EventSubscriberInterface in ReflectionClassResource
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #25906
| License | MIT
| Doc PR | -
@weaverryan that should fix an issue you reported.
Commits
-------
67e821b [Config] Handle Service/EventSubscriberInterface in ReflectionClassResource
This PR was merged into the 3.4 branch.
Discussion
----------
[DI][Routing] Fix tracking of globbed resources
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #25904
| License | MIT
| Doc PR | -
The current `GlobFileLoader` in `Config` misses resource tracking, so we can't use it and have to use a per-component one instead.
(deps=high failures will be fixed after merging up to master.)
Commits
-------
945c753 Add tests for glob loaders
ad98c1fa [DI][Routing] Fix tracking of globbed resources
* 2.8:
[CssSelector] For AND operator, the left operand should have parentheses, not only right operand
Removed unused parameter from flattenDataProvider().
Update MongoDB extension on travis to make the builds green again.
* 2.7:
[CssSelector] For AND operator, the left operand should have parentheses, not only right operand
Removed unused parameter from flattenDataProvider().
Update MongoDB extension on travis to make the builds green again.
This PR was merged into the 2.7 branch.
Discussion
----------
[CssSelector] For AND operator, the left operand should have parentheses, not only right operand
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
From https://github.com/symfony/css-selector/pull/3
Commits
-------
76b40dc [CssSelector] For AND operator, the left operand should have parentheses, not only right operand
* 2.8:
[Intl] Fixed the broken link
[Routing] Fix trailing slash redirection for non-safe verbs
[Debug] Fix bad registration of exception handler, leading to mem leak
[Form] Fixed empty data on expanded ChoiceType and FileType
* 2.7:
[Intl] Fixed the broken link
[Routing] Fix trailing slash redirection for non-safe verbs
[Debug] Fix bad registration of exception handler, leading to mem leak
[Form] Fixed empty data on expanded ChoiceType and FileType
This PR was merged into the 2.7 branch.
Discussion
----------
[Intl] Fixed the broken link
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
From https://github.com/symfony/intl/pull/6
Commits
-------
5733e02960 [Intl] Fixed the broken link
This PR was merged into the 3.4 branch.
Discussion
----------
[HttpKernel] collect extension information as late as possible
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #25660
| License | MIT
| Doc PR |
Commits
-------
58cdbd03e1 collect extension information as late as possible
This PR was merged into the 3.4 branch.
Discussion
----------
[DI] Fix tracking of source class changes for lazy-proxies
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
Commits
-------
4f18e4b0dc [DI] Fix tracking of source class changes for lazy-proxies
This PR was merged into the 2.7 branch.
Discussion
----------
[Debug] Fix bad registration of exception handler, leading to mem leak
| Q | A
| ------------- | ---
| Branch? | 27
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #25965
| License | MIT
| Doc PR | -
Commits
-------
926b1bee18 [Debug] Fix bad registration of exception handler, leading to mem leak
This PR was merged into the 2.7 branch.
Discussion
----------
[Routing] Fix trailing slash redirection for non-safe verbs
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
This test dumped matchers using the existing test cases for (Redirectable)UrlMatcher so that we are sure they behave the same. Fixes the differences found while doing so.
Commits
-------
ad593aef2f [Routing] Fix trailing slash redirection for non-safe verbs
This PR was merged into the 2.7 branch.
Discussion
----------
[Form] Fixed empty data on expanded ChoiceType and FileType
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #25896
| License | MIT
| Doc PR | ~
Alternative of https://github.com/symfony/symfony/pull/25924.
I don't think we have to do this by adding overhead in master and getting it properly fixed in 2 years.
This is bug I've introduced while fixing another bug #17822. Which then has been replicated in #20418 and #24993.
I propose instead to clean up the code for all LTS, since this is a wrong behaviour that has never been documented, and most of all unreliable.
The `empty_data` can by anything in the view format as long as the reverse view transformation supports it. Even an object derived from the data class could be invokable.
I think we should remain consistent with https://github.com/symfony/symfony/blob/2.7/src/Symfony/Component/Form/Form.php#L615.
Commits
-------
9722c063fb [Form] Fixed empty data on expanded ChoiceType and FileType
* 2.8:
update test for Twig performance optimizations
[WebProfilerBundle] Increase retry delays between toolbarAction ajax calls
support sapi_windows_vt100_support for php 7.2+
bumped Symfony version to 2.8.35
updated VERSION for 2.8.34
updated CHANGELOG for 2.8.34
bumped Symfony version to 2.7.42
updated VERSION for 2.7.41
update CONTRIBUTORS for 2.7.41
updated CHANGELOG for 2.7.41
[HttpFoundation] Added "null" type on Request::create docblock
Allow trans filter to be safe
* 2.7:
update test for Twig performance optimizations
[WebProfilerBundle] Increase retry delays between toolbarAction ajax calls
support sapi_windows_vt100_support for php 7.2+
bumped Symfony version to 2.7.42
updated VERSION for 2.7.41
update CONTRIBUTORS for 2.7.41
updated CHANGELOG for 2.7.41
[HttpFoundation] Added "null" type on Request::create docblock
Allow trans filter to be safe
This PR was squashed before being merged into the 2.7 branch (closes#25878).
Discussion
----------
[HttpFoundation] Added "null" type on Request::create docblock
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | n/a
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
Continuation of #24902 and #25875
Commits
-------
b18f9e76a5 [HttpFoundation] Added "null" type on Request::create docblock
This PR was merged into the 3.4 branch.
Discussion
----------
Don't stop PSR-4 service discovery if a parent class is missing
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #25929
| License | MIT
| Doc PR | N/A
Commits
-------
3d6c3ba836 Don't stop PSR-4 service discovery if a parent class is missing.
* 3.3:
[HttpFoundation] Use the correct syntax for session gc based on Pdo driver
Removed assertDateTimeEquals() methods.
Revert "bug #24987 [Console] Fix global console flag when used in chain (Simperfit)"
Revert "bug #25487 [Console] Fix a bug when passing a letter that could be an alias (Simperfit)"
Disable CSP header on exception pages only in debug
Fixed submitting disabled buttons
Fixed Button::setParent() when already submitted
Improve assertions
Restore RoleInterface import
Improve assertions
SCA: get rid of repetitive calls
allow null values for root nodes in YAML configs
revert useless tests fixtures changes
[VarDumper] Fix docblock
Improve phpdoc to make it more explicit
* 2.8:
[HttpFoundation] Use the correct syntax for session gc based on Pdo driver
Removed assertDateTimeEquals() methods.
Revert "bug #24987 [Console] Fix global console flag when used in chain (Simperfit)"
Revert "bug #25487 [Console] Fix a bug when passing a letter that could be an alias (Simperfit)"
Disable CSP header on exception pages only in debug
Fixed submitting disabled buttons
Fixed Button::setParent() when already submitted
Improve assertions
Improve assertions
SCA: get rid of repetitive calls
allow null values for root nodes in YAML configs
[VarDumper] Fix docblock
Improve phpdoc to make it more explicit
This PR was merged into the 2.7 branch.
Discussion
----------
Removed assertDateTimeEquals() methods
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | N/A
| License | MIT
| Doc PR | N/A
All PHPUnit versions that we use on Travis support comparing `DateTime` objects via `assertEquals()`. Yet, we have our own code in place to check for equality of `DateTime` objects. This PR removes that code.
Commits
-------
5b73d1c1e6 Removed assertDateTimeEquals() methods.
* 2.7:
[HttpFoundation] Use the correct syntax for session gc based on Pdo driver
Revert "bug #24987 [Console] Fix global console flag when used in chain (Simperfit)"
Revert "bug #25487 [Console] Fix a bug when passing a letter that could be an alias (Simperfit)"
Disable CSP header on exception pages only in debug
Fixed submitting disabled buttons
Fixed Button::setParent() when already submitted
Improve assertions
SCA: get rid of repetitive calls
allow null values for root nodes in YAML configs
[VarDumper] Fix docblock
Improve phpdoc to make it more explicit
This PR was merged into the 2.7 branch.
Discussion
----------
Improve assertions
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
Following #25420 before start other branches.
Btw, the other branches are 2.8, 3.3, 3.4, 4.0 and master?
Commits
-------
3d90a2217d Improve assertions
This PR was merged into the 2.7 branch.
Discussion
----------
Disable CSP header on exception pages only in debug
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #24772
| License | MIT
| Doc PR |
Based on a feedback we received, there are situations on production when it's desired to have CSP header in place even if exception occurred.
This uses now same condition that is used by ExceptionController in TwigBridge to evaluate if styled exception template is going to be shown, minus `showException` request attribute which don't make sense in this context, because it's used by PreviewController only and in such case this listener isn't triggered.
Overriding CSP header via HTML meta tag unfortunately, but not surprisingly, doesn't work.
Commits
-------
b77538c2fe Disable CSP header on exception pages only in debug
This PR was merged into the 2.7 branch.
Discussion
----------
[Form] Fixed Button::setParent() when already submitted
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | ~
| License | MIT
| Doc PR | ~
The `Button` does not respect the [FormInterface](https://github.com/symfony/symfony/blob/master/src/Symfony/Component/Form/FormInterface.php#L28), by extension the `SubmitButton` neither.
Commits
-------
9f0c7bf549 Fixed Button::setParent() when already submitted
This PR was merged into the 3.4 branch.
Discussion
----------
[Console] Provide a DX where an array could be passed
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no <!-- don't forget to update src/**/CHANGELOG.md files -->
| BC breaks? | no
| Deprecations? | no <!-- don't forget to update UPGRADE-*.md files -->
| Tests pass? | yes
| Fixed tickets | #25394
| License | MIT
| Doc PR | none
![img_2941](https://user-images.githubusercontent.com/3451634/33766610-977f77ce-dc1e-11e7-93c1-38dd0038d7f5.jpeg)
I think that this is not fixing the root causes that does not appears in 4.1, so maybe there is something better to do. I did not find the root cause So I think it can bo good to fix the problem too.
Commits
-------
de502f7 [Console] Provide a bugfix where an array could be passed
This PR was merged into the 3.3 branch.
Discussion
----------
Restore RoleInterface import
| Q | A
| ------------- | ---
| Branch? | 3.3
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no <!-- don't forget to update UPGRADE-*.md files -->
| Tests pass? | yes
| License | MIT
The import is use on PHPDoc but was accidentally removed. Maybe because PHPStorm does not match with the import when you use parenthesis.
Not really a bug as it is concerning only PHPDoc, but it make some analysis tools like PHPStan yelling:
```
------ -----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Line src/AppBundle/Security/Authentication/ApiKeyAuthenticator.php
------ -----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
64 Parameter #4 $roles of class Symfony\Component\Security\Core\Authentication\Token\PreAuthenticatedToken constructor expects array<string|Symfony\Component\Security\Core\Authentication\Token\RoleInterface>, array<string|Symfony\Component\Security\Core\Role\Role>
given.
------ -----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
------ -----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Line tests/AppBundle/Controller/WebTestCase.php
------ -----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
59 Parameter #4 $roles of class Symfony\Component\Security\Core\Authentication\Token\PreAuthenticatedToken constructor expects array<string|Symfony\Component\Security\Core\Authentication\Token\RoleInterface>, array<string|Symfony\Component\Security\Core\Role\Role>
given.
------ -----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
```
Commits
-------
8ecfeb1e31 Restore RoleInterface import
This PR was merged into the 2.7 branch.
Discussion
----------
[minor] SCA: reduce repetitive method calls (sequential and in loop)
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
Commits
-------
609372252f SCA: get rid of repetitive calls
This PR was merged into the 3.4 branch.
Discussion
----------
[DI] Fix initialization of legacy containers by delaying include_once
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
Best reviewed ignoring whitespaces:
https://github.com/symfony/symfony/pull/25858/files?w=1
Noticed while removing a package: silencing the failing `include_once` as introduced in #25255 is not working for the `$oldContainer` in `Kernel`, and fails with a fatal error when an include succeeds but the class inside misses a parent.
Delaying the calls to `include_once` to the moment where the fresh container is actually used first, when setting the "kernel" service, works around the situation.
Commits
-------
5e750ec4b5 [DI] Fix initialization of legacy containers by delaying include_once
It confused me a lot that the method took an array and that the phpdoc said we should pass a string instead of an array. This small change should clear up the confusion.
* 3.3:
Have weak_vendors ignore deprecations from outside
[HttpFoundation] fixed return type of method HeaderBag::get
[HttpFoundation] Added "resource" type on Request::create docblock
[Process] Skip environment variables with false value in Process
Revert "bug #25789 Enableable ArrayNodeDefinition is disabled for empty configuration (kejwmen)"
Formatting fix in upgrade 3.0 document
don't split lines on carriage returns when dumping
Revert "bug #25851 [Validator] Conflict with egulias/email-validator 2.0 (emodric)"
[DI] compilation perf tweak
[Validator] Conflict with egulias/email-validator 2.0
[Validator] add missing parent isset and add test
* 2.8:
[HttpFoundation] fixed return type of method HeaderBag::get
[HttpFoundation] Added "resource" type on Request::create docblock
Revert "bug #25789 Enableable ArrayNodeDefinition is disabled for empty configuration (kejwmen)"
Formatting fix in upgrade 3.0 document
Revert "bug #25851 [Validator] Conflict with egulias/email-validator 2.0 (emodric)"
[Validator] add missing parent isset and add test
* 2.7:
[HttpFoundation] fixed return type of method HeaderBag::get
[HttpFoundation] Added "resource" type on Request::create docblock
Revert "bug #25789 Enableable ArrayNodeDefinition is disabled for empty configuration (kejwmen)"
Revert "bug #25851 [Validator] Conflict with egulias/email-validator 2.0 (emodric)"
[Validator] add missing parent isset and add test
This PR was merged into the 2.7 branch.
Discussion
----------
[HttpFoundation] fixed return type of method HeaderBag::get
| Q | A
| ------------- | ---
| Branch? | 3.3
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| License | MIT
<!--
- Bug fixes must be submitted against the lowest branch where they apply
(lowest branches are regularly merged to upper ones so they get the fixes too).
- Features and deprecations must be submitted against the master branch.
- Please fill in this template according to the PR you're about to submit.
- Replace this comment by a description of what your PR is solving.
-->
Commits
-------
6b608e8 [HttpFoundation] fixed return type of method HeaderBag::get
This PR was merged into the 2.7 branch.
Discussion
----------
[HttpFoundation] Added "resource" type on Request::create docblock
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
Replaces #24902
Commits
-------
d1a96ca [HttpFoundation] Added "resource" type on Request::create docblock