This PR was merged into the 4.1 branch.
Discussion
----------
[FrameworkBundle][TwigBridge] Fix BC break from strong dependency on CSRF token storage
| Q | A
| ------------- | ---
| Branch? | 4.1
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
The PR https://github.com/symfony/symfony/pull/25197 introduced the `csrf_token` function in Twig. This extension relies on `CsrfTokenManagerInterface`, which itself relies on the session. In some contexts such as when sessions are stored in Redis and we try to warmup the cache in CLI without Redis available, this makes the process fails.
This PR fixes this by using a Twig runtime instead of a direct extension to avoid a strong dependency on `CsrfTokenManagerInterface`.
Commits
-------
68994a662e [FrameworkBundle][TwigBridge] Fix BC break from strong dependency on CSRF token storage
* 4.0:
[HttpKernel] Fix restoring trusted proxies in tests
Update UPGRADE-4.0.md
CODEOWNERS: some more rules
removed unneeded comments in tests
removed unneeded comments in tests
Change PHPDoc in ResponseHeaderBag::getCookies() to help IDEs
[HttpKernel] fix registering IDE links
[HttpKernel] Set first trusted proxy as REMOTE_ADDR in InlineFragmentRenderer.
[Process] Consider \"executable\" suffixes first on Windows
Triggering RememberMe's loginFail() when token cannot be created
[Serializer] Fix serializer tries to denormalize null values on nullable properties
[FrameworkBundle] Change priority of AddConsoleCommandPass to TYPE_BEFORE_REMOVING
* 3.4:
[HttpKernel] Fix restoring trusted proxies in tests
Update UPGRADE-4.0.md
CODEOWNERS: some more rules
removed unneeded comments in tests
removed unneeded comments in tests
Change PHPDoc in ResponseHeaderBag::getCookies() to help IDEs
[HttpKernel] fix registering IDE links
[HttpKernel] Set first trusted proxy as REMOTE_ADDR in InlineFragmentRenderer.
[Process] Consider \"executable\" suffixes first on Windows
Triggering RememberMe's loginFail() when token cannot be created
[Serializer] Fix serializer tries to denormalize null values on nullable properties
[FrameworkBundle] Change priority of AddConsoleCommandPass to TYPE_BEFORE_REMOVING
This PR was merged into the 4.1 branch.
Discussion
----------
[Messenger] Fix suggested enqueue adapter package
| Q | A
| ------------- | ---
| Branch? | 4.1 <!-- see below -->
| Bug fix? | no
| New feature? | no <!-- don't forget to update src/**/CHANGELOG.md files -->
| BC breaks? | no <!-- see https://symfony.com/bc -->
| Deprecations? | no <!-- don't forget to update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| Tests pass? | yes <!-- please add some, will be required by reviewers -->
| Fixed tickets | N/A <!-- #-prefixed issue number(s), if any -->
| License | MIT
| Doc PR | N/A
https://github.com/sroze/enqueue-bridge was moved to php-enqueue org
Commits
-------
f5703dc6b3 [Messenger] Fix suggested enqueue adapter package
This PR was submitted for the master branch but it was squashed and merged into the 4.1 branch instead (closes#27415).
Discussion
----------
Insert correct parameter_bag service in AbstractController
Reverts this feature being broken in 3051289791 (diff-ef10778bc68793f8c8f4b71a7ba67790R86) - `getParameter` could never work now as it was querying the container itself instead of the parameter bag.
| Q | A
| ------------- | ---
| Branch? | 4.1
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes <!-- please add some, will be required by reviewers -->
| License | MIT
Also see comments at https://github.com/symfony/symfony/pull/25439#issuecomment-392975418
Commits
-------
37270d79a2 Insert correct parameter_bag service in AbstractController
This PR was merged into the 2.8 branch.
Discussion
----------
CODEOWNERS: some more rules
| Q | A
| ------------- | ---
| Branch? | 2.8
| Bug fix? | no
| New feature? | no <!-- don't forget to update src/**/CHANGELOG.md files -->
| BC breaks? | no <!-- see https://symfony.com/bc -->
| Deprecations? | no <!-- don't forget to update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| Tests pass? | yes <!-- please add some, will be required by reviewers -->
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
I missed #27079. It'll help me to deal with GitHub notifications...
Commits
-------
8c62ecfad2 CODEOWNERS: some more rules
* 2.8:
removed unneeded comments in tests
Change PHPDoc in ResponseHeaderBag::getCookies() to help IDEs
[HttpKernel] Set first trusted proxy as REMOTE_ADDR in InlineFragmentRenderer.
[Process] Consider \"executable\" suffixes first on Windows
Triggering RememberMe's loginFail() when token cannot be created
This PR was merged into the 2.8 branch.
Discussion
----------
Remove unneeded comments in tests
| Q | A
| ------------- | ---
| Branch? | 2.8
| Bug fix? | no
| New feature? | no <!-- don't forget to update src/**/CHANGELOG.md files -->
| BC breaks? | no <!-- see https://symfony.com/bc -->
| Deprecations? | no <!-- don't forget to update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| Tests pass? | yes <!-- please add some, will be required by reviewers -->
| License | MIT
<!--
Write a short README entry for your feature/bugfix here (replace this comment block.)
This will help people understand your PR and can be used as a start of the Doc PR.
Additionally:
- Bug fixes must be submitted against the lowest branch where they apply
(lowest branches are regularly merged to upper ones so they get the fixes too).
- Features and deprecations must be submitted against the master branch.
-->
Commits
-------
09c660d454 removed unneeded comments in tests
This PR was merged into the 3.4 branch.
Discussion
----------
[FrameworkBundle] Change priority of AddConsoleCommandPass to TYPE_BEFORE_REMOVING
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #27259
| License | MIT
| Doc PR | no
Hello!
There is fix for #27259 issue. It changes priority of `AddConsoleCommandPass` to `TYPE_BEFORE_REMOVING` as @chalasr advised. I'm not sure about side effects by that.
Commits
-------
e36099503f [FrameworkBundle] Change priority of AddConsoleCommandPass to TYPE_BEFORE_REMOVING
This PR was merged into the 4.1 branch.
Discussion
----------
[Form] mention "help" field option in UPGRADE file
| Q | A
| ------------- | ---
| Branch? | 4.1 <!-- see below -->
| Bug fix? | no
| New feature? | no <!-- don't forget to update src/**/CHANGELOG.md files -->
| BC breaks? | no <!-- see https://symfony.com/bc -->
| Deprecations? | no <!-- don't forget to update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| Tests pass? | yes <!-- please add some, will be required by reviewers -->
| Fixed tickets | #... <!-- #-prefixed issue number(s), if any -->
| License | MIT
When you have your own Form Extension to handle help option (e.g. similar to the one mentioned in the [blog post](https://symfony.com/blog/new-in-symfony-4-1-form-field-help)), it starts to render twice in the form after upgrading to 4.1 (where #26332 was added)
<!--
Write a short README entry for your feature/bugfix here (replace this comment block.)
This will help people understand your PR and can be used as a start of the Doc PR.
Additionally:
- Bug fixes must be submitted against the lowest branch where they apply
(lowest branches are regularly merged to upper ones so they get the fixes too).
- Features and deprecations must be submitted against the master branch.
-->
Commits
-------
744362ad02 update UPGRADE-4.1 for feature #26332 Form field help option
This PR was merged into the 3.4 branch.
Discussion
----------
[HttpKernel] fix registering IDE links
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #27194
| License | MIT
| Doc PR | -
Reverts some changes made in #27074 in `FrameworkBundle::boot()` that create the linked issue. Leverages changes done in #26138 instead.
Commits
-------
92e3023195 [HttpKernel] fix registering IDE links
This PR was merged into the 2.8 branch.
Discussion
----------
[HttpFoundation] Change PHPDoc in ResponseHeaderBag::getCookies() to help IDEs
| Q | A
| ------------- | ---
| Branch? | master <!-- see below -->
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | none
| License | MIT
| Doc PR | none
Hello,
I'm proposing a very small change to `ResponseHeaderBag` in the HttpFoundation component. The change involves changing the PHPDoc return type of `getCookies()` from a simple `array` to `Cookie[]`. This way, IDEs will play nicely and understand that the returned value is in fact an array of Cookie objects. This is the current behavior:
whereas with the proposed change, the IDE correctly understands the type:
Commits
-------
479aa9074b Change PHPDoc in ResponseHeaderBag::getCookies() to help IDEs
This PR was squashed before being merged into the 2.8 branch (closes#26973).
Discussion
----------
[HttpKernel] Set first trusted proxy as REMOTE_ADDR in InlineFragmentRenderer.
| Q | A
| ------------- | ---
| Branch? | 2.7 and up
| Bug fix? | improvement
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | ---
| License | MIT
| Doc PR | ---
SubRequest used in `InlineFragmentRendered` explicitly sets `$server['REMOTE_ADDR']` to `127.0.0.1`. Therefore, it's required to configure `127.0.0.1` address in TRUSTED_PROXIES environment variable. Without that, `Request::isFromTrustedProxy()` will return false.
The current behavior might be a little bit problematic, for instance, in case where images are rendered through subrequests. These might end-up with an incorrect schema in URL (`http` instead of `https`).
Commits
-------
18f55feef8 [HttpKernel] Set first trusted proxy as REMOTE_ADDR in InlineFragmentRenderer.
This PR was squashed before being merged into the 2.8 branch (closes#27303).
Discussion
----------
[Process] Consider "executable" suffixes first on Windows
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR | n/a
Executable finder should consider "executable" suffixes first on Windows because we basically ignore executability on Windows (on the lines below changed), which leads, for example, to finding usually-non-executable `phpunit` file first where both `phpunit` and `phpunit.bat` are present.
I may miss something here, so please tell me if this makes any sense.
Same change against master: #27301
Commits
-------
9372e7a813 [Process] Consider \"executable\" suffixes first on Windows
This PR was submitted for the 2.7 branch but it was merged into the 2.8 branch instead (closes#27297).
Discussion
----------
Triggering RememberMe's loginFail() when token cannot be created
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no (but minor behavior change)
| Deprecations? | no->
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | not needed
This is an edge-case bug fix. If, for example, someone tampers with the remember me cookie, and so it is invalid, this causes the `->autoLogin()` call to throw an `AuthenticationException`. But, this did not call the `loginFail()` method.
Honestly, I'm not sure if the old or new behavior is correct. But, we should discuss and merge or close.
Commits
-------
e3412e6a67 Triggering RememberMe's loginFail() when token cannot be created
This PR was merged into the 4.1 branch.
Discussion
----------
[Routing] Account for greediness when merging route patterns
| Q | A
| ------------- | ---
| Branch? | 4.1
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #27385
| License | MIT
| Doc PR | -
Sub-patterns of variable length should not be considered as common prefixes because their greediness would break in-order matching.
Commits
-------
d5a8237b1c [Routing] Account for greediness when merging route patterns
