This PR was merged into the 3.4 branch.
Discussion
----------
[Validator] enter the context in which to validate
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #24246
| License | MIT
| Doc PR |
Commits
-------
7359cbe063 [Validator] enter the context in which to validate
This PR was merged into the 2.7 branch.
Discussion
----------
Fix ambiguous pattern
[Validator][Constraints][UrlValidator] Fix domain name pattern.
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
`\pS` is a unicode character class, `\pS-\.` pretends to be a range which is not. This pattern fails with PCRE2.
Thanks.
Commits
-------
059f59a106 Fix ambiguous pattern
This PR was merged into the 3.4 branch.
Discussion
----------
[DependencyInjection] Prevent service:method factory notation in PHP config
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #24704
| License | MIT
| Doc PR |
Started working on fixing #24704.
@nicolas-grekas, am I on the right way? If yes I will look at the tests and try to add this case.
Commits
-------
49fc677 Throw on service:method factory notation in PHP-based DI configuration
This PR was merged into the 3.4 branch.
Discussion
----------
[HttpKernel] remove services resetter even when it's an alias
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
All the other places in the compiler pass do not care whether the
resetter service is aliased or not. Let's just also properly deal with
the case that the services resetter service was aliased by another
bundle.
Commits
-------
f7e634b remove services resetter even when it's an alias
This PR was merged into the 3.4 branch.
Discussion
----------
[HttpKernel] Fix service arg resolver for controllers as array callables
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #24970
| License | MIT
| Doc PR | ø
Replacing #24970 as I can't push tests directly to @nicolas-grekas' PR.
> As spotted today during a Symfony 4 workshop at SymfonyCon Cluj, setting a controller as an array [SomeController::class, 'helloAction'] works, it is defined as a service, BUT the actions don't get the services as arguments. This is fixing it.
Commits
-------
fc3d3bb [HttpKernel] Fix service arg resolver for controllers as array callables
a9e9f36 Add service value resolver tests Prove that the service value resolver will not work with the array notation
This PR was merged into the 3.4 branch.
Discussion
----------
[FrameworkBundle] Empty event dispatcher earlier in CacheClearCommand
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
Once the cache folder is emptied, the event dispatcher cannot be used because service factories are gone. This currently fails very badly when an error is dispatched, but the error listeners are themselves failing to be loaded for this reason.
Commits
-------
a961392 [FrameworkBundle] Empty event dispatcher earlier in CacheClearCommand
* 3.4:
fixed CS
fixed CS
[Security] Namespace generated CSRF tokens depending of the current scheme
ensure that submitted data are uploaded files
[Console] remove dead code
bumped Symfony version to 3.3.13
updated VERSION for 3.3.12
updated CHANGELOG for 3.3.12
bumped Symfony version to 2.8.31
updated VERSION for 2.8.30
updated CHANGELOG for 2.8.30
bumped Symfony version to 2.7.38
updated VERSION for 2.7.37
updated CHANGELOG for 2.7.37
[Security] Validate redirect targets using the session cookie domain
prevent bundle readers from breaking out of paths
* 3.3:
fixed CS
fixed CS
[Security] Namespace generated CSRF tokens depending of the current scheme
ensure that submitted data are uploaded files
[Console] remove dead code
bumped Symfony version to 3.3.13
updated VERSION for 3.3.12
updated CHANGELOG for 3.3.12
bumped Symfony version to 2.8.31
updated VERSION for 2.8.30
updated CHANGELOG for 2.8.30
bumped Symfony version to 2.7.38
updated VERSION for 2.7.37
updated CHANGELOG for 2.7.37
[Security] Validate redirect targets using the session cookie domain
prevent bundle readers from breaking out of paths
* 2.8:
fixed CS
fixed CS
[Security] Namespace generated CSRF tokens depending of the current scheme
ensure that submitted data are uploaded files
[Console] remove dead code
bumped Symfony version to 2.8.31
updated VERSION for 2.8.30
updated CHANGELOG for 2.8.30
bumped Symfony version to 2.7.38
updated VERSION for 2.7.37
updated CHANGELOG for 2.7.37
[Security] Validate redirect targets using the session cookie domain
prevent bundle readers from breaking out of paths
* 2.7:
fixed CS
fixed CS
[Security] Namespace generated CSRF tokens depending of the current scheme
ensure that submitted data are uploaded files
[Console] remove dead code
bumped Symfony version to 2.7.38
updated VERSION for 2.7.37
updated CHANGELOG for 2.7.37
[Security] Validate redirect targets using the session cookie domain
prevent bundle readers from breaking out of paths
This PR was merged into the 2.7 branch.
Discussion
----------
Validate redirect targets using the session cookie domain
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
<!--
- Bug fixes must be submitted against the lowest branch where they apply
(lowest branches are regularly merged to upper ones so they get the fixes too).
- Features and deprecations must be submitted against the master branch.
- Please fill in this template according to the PR you're about to submit.
- Replace this comment by a description of what your PR is solving.
-->
Commits
-------
52b06f1c21 [Security] Validate redirect targets using the session cookie domain
This PR was merged into the 2.7 branch.
Discussion
----------
Prevent bundle readers from breaking out of paths
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
<!--
- Bug fixes must be submitted against the lowest branch where they apply
(lowest branches are regularly merged to upper ones so they get the fixes too).
- Features and deprecations must be submitted against the master branch.
- Please fill in this template according to the PR you're about to submit.
- Replace this comment by a description of what your PR is solving.
-->
Commits
-------
c8f9f916b4 prevent bundle readers from breaking out of paths
This PR was merged into the 2.7 branch.
Discussion
----------
Ensure that submitted data are uploaded files
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | yes
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
<!--
- Bug fixes must be submitted against the lowest branch where they apply
(lowest branches are regularly merged to upper ones so they get the fixes too).
- Features and deprecations must be submitted against the master branch.
- Please fill in this template according to the PR you're about to submit.
- Replace this comment by a description of what your PR is solving.
-->
Commits
-------
f9e210cc7b ensure that submitted data are uploaded files
This PR was merged into the 2.7 branch.
Discussion
----------
Namespace generated CSRF tokens depending of the current scheme
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
<!--
- Bug fixes must be submitted against the lowest branch where they apply
(lowest branches are regularly merged to upper ones so they get the fixes too).
- Features and deprecations must be submitted against the master branch.
- Please fill in this template according to the PR you're about to submit.
- Replace this comment by a description of what your PR is solving.
-->
Commits
-------
cdb4271975 [Security] Namespace generated CSRF tokens depending of the current scheme
This PR was merged into the 4.0-dev branch.
Discussion
----------
[DomCrawler] Type fix Crawler:: discoverNamespace()
Based on 3.x behavior
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | yes
| New feature? |no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
<!--
- Bug fixes must be submitted against the lowest branch where they apply
(lowest branches are regularly merged to upper ones so they get the fixes too).
- Features and deprecations must be submitted against the master branch.
- Please fill in this template according to the PR you're about to submit.
- Replace this comment by a description of what your PR is solving.
-->
Commits
-------
e39e8c239b [DomCrawler] Fix return type Crawler:: discoverNamespace()