* 3.4:
Fix Clidumper tests
Enable the fixer enforcing fully-qualified calls for compiler-optimized functions
Apply fixers
Disable the native_constant_invocation fixer until it can be scoped
Update the list of excluded files for the CS fixer
* 2.8:
Fix Clidumper tests
Enable the fixer enforcing fully-qualified calls for compiler-optimized functions
Apply fixers
Disable the native_constant_invocation fixer until it can be scoped
Update the list of excluded files for the CS fixer
* 3.4:
do not mock the session in token storage tests
[DependencyInjection] resolve array env vars
Add Occitan plural rule
Fix security/* cross-dependencies
[Lock] Skip test if posix extension is not installed
[DI] Allow defining bindings on ChildDefinition
use strict compare in url validator
Disallow illegal characters like "." in session.name
[HttpKernel] do file_exists() check instead of silent notice
fix rounding from string
* 2.8:
do not mock the session in token storage tests
Add Occitan plural rule
Fix security/* cross-dependencies
Disallow illegal characters like "." in session.name
fix rounding from string
* 2.7:
do not mock the session in token storage tests
Add Occitan plural rule
Disallow illegal characters like "." in session.name
fix rounding from string
This PR was merged into the 2.7 branch.
Discussion
----------
Disallow invalid characters in session.name
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #27023
| License | MIT
| Doc PR |
PHP saves cookie with correct name, but upon deserialization to
`$_COOKIE`, it replaces "." characters with "_".
This is probably also reason why \SessionHandler is not able to find
a session.
https://harrybailey.com/2009/04/dots-arent-allowed-in-php-cookie-names/https://bugs.php.net/bug.php?id=75883
Commits
-------
16ebb43bd4 Disallow illegal characters like "." in session.name
* 3.4:
[appveyor] set memory_limit=-1
[Console] Keep the modified exception handler
[Console] Fix restoring exception handler
[Router] Skip anonymous classes when loading annotated routes
allow dashes in cwd pathname when running the tests
Fixed Request::__toString ignoring cookies
Make sure we only build once and have one time the prefix when importing routes
[Security] Fix fatal error on non string username
[FrameworkBundle] Automatically enable the CSRF if component *+ session* are loaded
* 3.4:
fixed wrong merge
Tweak message to be Flex friendly
[Routing] fixed tests
Fixing wrong class_exists on interface
Preserve percent-encoding in URLs when performing redirects in the UrlMatcher
[Console] Fix a bug when passing a letter that could be an alias
add missing validation options to XSD file
Take advantage of AnnotationRegistry::registerUniqueLoader
[DI] Optimize Container::get() for perf
fix merge
Fix tests
Refactoring tests.
* 3.4:
[HttpKernel] Better handling of legacy cache
modify definitions only if the do exist
[DI] Prevent a ReflectionException during cache:clear when the parent class doesn't exist
[FrameworkBundle] Make MicroKernelTraitTest green
don't override existing verbosity env var
[HttpKernel] Read $_ENV when checking SHELL_VERBOSITY
Remove unreachable code
Automatically enable the CSRF protection if CSRF manager exists
bumped Symfony version to 3.4.0
adding checks for the expression language
updated VERSION for 3.4.0-RC2
updated CHANGELOG for 3.4.0-RC2
* 3.4:
[HttpKernel] Disable container inlining when legacy inlining has been used
Let getFlashes starts the session
Update default translations path
[FrameworkBundle] Ignore failures when removing the old cache dir
* 3.4:
[TwigBridge] Fixed the .form-check-input class in the bs4 templates
[Console] Fix traversable autocomplete values
[SecurityBundle] Improve deprecations
[DI] Friendlier name for generated container in "as_files" mode
[Debug] Remove false-positive deprecation from DebugClassLoader
[SecurityBundle] Add missing quotes in deprecation messages
[ExpressionLanguage] Fix PhpDoc type-hints on Token value
bumped Symfony version to 3.3.12
Add default translations path option and convention
updated VERSION for 3.3.11
updated CHANGELOG for 3.3.11
bumped Symfony version to 2.8.30
updated VERSION for 2.8.29
updated CHANGELOG for 2.8.29
bumped Symfony version to 2.7.37
updated VERSION for 2.7.36
update CONTRIBUTORS for 2.7.36
updated CHANGELOG for 2.7.36
* 3.4:
[TwigBridge] Bootstrap 4 form theme fixes
[VarDumper] HtmlDumper: fix collapsing nodes with depth <= maxDepth
Fixing a bug where non-existent classes would cause issues
Do not activate the cache if Doctrine's cache is not present
[SecurityBundle] hotfix: update phpdocs on logout url
[FrameworkBundle] Do not load property_access.xml if the component isn't installed
[HttpFoundation] Mark new methods on Response as final
Fixed a few spelling mistakes in Luxembourgish translation
[TwigBridge] Fix template paths in profiler
* 3.4:
bumped Symfony version to 3.4.0
updated VERSION for 3.4.0-BETA1
updated CHANGELOG for 3.4.0-BETA1
Do not process bindings in AbstractRecursivePass
don't bind scalar values to controller method arguments
Add extra autowiring aliases
adding AdapterInterface alias for cache.app
Adding a new debug:autowiring command
[HttpFoundation] Make sessions secure and lazy
[Routing] Ensure uniqueness without repeated check
[Console] Sync ConsoleLogger::interpolate with the one in HttpKernel
* 3.4:
fixed CS
[Serializer] Add Support for in CustomNormalizer
Remove Validator\TypeTestCase and add validator logic to base TypeTestCase
[Lock] Include lock component in framework bundle
[WebProfilerBundle] Render file links for twig templates
CsvEncoder handling variable structures and custom header order
Saltless Encoder Interface
[Serializer] throw more specific exceptions
# Conflicts:
# src/Symfony/Bundle/FrameworkBundle/composer.json
# src/Symfony/Bundle/SecurityBundle/Command/UserPasswordEncoderCommand.php
# src/Symfony/Component/Serializer/Encoder/XmlEncoder.php
# src/Symfony/Component/Serializer/Normalizer/AbstractNormalizer.php
# src/Symfony/Component/Serializer/Serializer.php
* 3.4:
[PhpUnitBridge] Added a CoverageListener to enhance the code coverage report
Add a method to check if any results were found
[SecurityBundle] Deprecate ACL related code
[FrameworkBundle] Enable assets with templates only if the Asset component is installed
* 3.4:
[travis] fix minor php7.0 version
[travis] add ldap.so for php70
[HttpFoundation] Fix logic when JsonSerializable is missing
[travis] update to trusty
Add help description to debug:form command
Don't use return on Assert::markTestSkipped.
[TwigBridge] Show Twig's loader paths on debug:twig command
[FrameworkBundle] Fix Di config to allow for more private services
Create directories recursively in the PHPUnit bridge
[Dotenv] Add a BC break note
[Cache] Use options from Memcached DSN
Fix ArrayInput::toString() for VALUE_IS_ARRAY options/args
be able to enable workflow support explicitly
[Yaml] add inline parser context initializer
[ExpressionLanguage] throws an exception on calling uncallable method
This PR was merged into the 3.4 branch.
Discussion
----------
[FrameworkBundle] be able to enable workflow support explicitly
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #24051
| License | MIT
| Doc PR |
Commits
-------
eaa506f562 be able to enable workflow support explicitly
* 3.4:
Implemented PruneableInterface on TagAwareAdapter
Do not trigger deprecation if node has not been explicitly filled
Improve microseconds support in date caster
Use new configuration node depreciation method
