This PR was merged into the 3.4 branch.
Discussion
----------
[HttpKernel] Fix HttpKernel Debug requirement
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
The `LoggerDataCollector` is using the `SilencedErrorContext` class that doesn't exists before Symfony 3.2
Commits
-------
69feb49c0d Fix HttpKernel Debug requirement
This PR was merged into the 3.4 branch.
Discussion
----------
[Form] synchronise the form builder docblock
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
Commits
-------
419d3db86c synchronise the form builder docblock
This PR was merged into the 3.4 branch.
Discussion
----------
[Security] use final annotation to allow mocking the class
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #29946
| License | MIT
| Doc PR |
When the class was initially marked as `final`, it did only contain constants. Since #24337 the `Security` class also contains useful shortcut methods so allowing developers to mock the class in tests looks reasonable to me.
Commits
-------
1da00db247 use final annotation to allow mocking the class
This PR was merged into the 3.4 branch.
Discussion
----------
[DependencyInjection] forward the parse error to the calling code
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #29891
| License | MIT
| Doc PR |
This change does not fully solve the linked issue, but improves the exception a bit by providing a bit more context.
The error page will no start like this:
![bildschirmfoto 2019-01-18 um 12 28 14](https://user-images.githubusercontent.com/1957048/51384558-f7af3600-1b1c-11e9-9744-a40c41c821ce.png)
Commits
-------
c5c2d31fef forward the parse error to the calling code
This PR was merged into the 3.4 branch.
Discussion
----------
[Security] Do not mix password_*() API with libsodium one
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | n/a
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
Argon2IPasswordEncoder uses native `password_hash()` and `password_verify()` functions if the current PHP installation embeds Argon2 support (>=7.2, compiled `--with-password-argon2`).
Otherwise, it fallbacks to the libsodium extension.
This was fine at time the encoder was introduced, but meanwhile libsodium changed the algorithm used by `sodium_crypto_pwhash_str()` which is now argon2id, that goes outside of the scope of the encoder which was designed to deal with `argon2i` only.
Nothing we can do as databases may already contain passwords hashed with argon2id, the encoder must keep validating those.
However, the PHP installation may change as time goes by, and could suddenly embed the Argon2 core integration. In this case, the encoder would use the `password_verify()` function which would fail in case the password was not hashed using argon2i.
This PR prevents it by detecting that argon2id was used, avoiding usage of `password_verify()`.
See https://github.com/jedisct1/libsodium-php/issues/194 and https://github.com/symfony/symfony/issues/28093 for references.
Patch cannot be tested as it is platform dependent.
Side note: I'm currently working on a new implementation for 4.3 that will properly supports argon2id (which has been added to the PHP core sodium integration in 7.3) and argon2i, distinctively.
Commits
-------
d6cfde94b4 [Security] Do not mix usage of password_*() functions and sodium_*() ones
* 3.4:
fixed CS
fixed short array CS in comments
fixed CS in ExpressionLanguage fixtures
fixed CS in generated files
fixed CS on generated container files
fixed CS on Form PHP templates
fixed CS on YAML fixtures
fixed fixtures
switched array() to []
This PR was squashed before being merged into the 4.3-dev branch (closes#29862).
Discussion
----------
Add block prefix to csrf token field
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #...
| License | MIT
| Doc PR | https://github.com/symfony/symfony-docs/pull/10867
Currently I use the following code snippet to overwrite the token rendering:
```twig
{%- block hidden_widget -%}
{%- if form.vars.name == '_token' -%}
{{ block('app__token_widget') }}
{%- else -%}
{{ block('hidden_widget', 'form_div_layout.html.twig') }}
{%- endif -%}
{%- endblock hidden_widget -%}
{%- block app__token_widget %}
{{ render_esi(controller('SuluFormBundle:FormWebsite:token', { 'form': form.parent.vars.name })) }}
{%- endblock app__token_widget -%}
```
With the change of https://symfony.com/blog/new-in-symfony-4-3-simpler-form-theming this workaround can now be removed and the following can be used:
```twig
{%- block token_widget %}
{{ render_esi(controller('SuluFormBundle:FormWebsite:token', { 'form': form.parent.vars.name })) }}
{%- endblock token_widget -%}
```
Commits
-------
02bd6893a5 Add block prefix to csrf token field
This PR was merged into the 3.4 branch.
Discussion
----------
[TwigBridge] remove unreachable code
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
Since our version constraint is `^1.37.1|^2.6.2` any Twig version that
is below 2.4.5 must be a Twig 1.x release.
Commits
-------
16f97b9769 remove unreachable code
In #29853 the bugfix made in #29597 was reverted as it did not work as
expected. This fixture file has been modified after the 3.4 branch was
merged up to account for the changes made in #2957 and must now be
reverted to the former state too.
This PR was merged into the 3.4 branch.
Discussion
----------
Update MimeType extensions
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no <!-- don't forget to update src/**/CHANGELOG.md files -->
| BC breaks? | no <!-- see https://symfony.com/bc -->
| Deprecations? | no <!-- don't forget to update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| Tests pass? | yes <!-- please add some, will be required by reviewers -->
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
<!--
Write a short README entry for your feature/bugfix here (replace this comment block.)
This will help people understand your PR and can be used as a start of the Doc PR.
Additionally:
- Bug fixes must be submitted against the lowest branch where they apply
(lowest branches are regularly merged to upper ones so they get the fixes too).
- Features and deprecations must be submitted against the master branch.
-->
Commits
-------
5183049b73 updated MimeType extensions
This PR was merged into the 4.3-dev branch.
Discussion
----------
Update MimeType extensions
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no <!-- don't forget to update src/**/CHANGELOG.md files -->
| BC breaks? | no <!-- see https://symfony.com/bc -->
| Deprecations? | no <!-- don't forget to update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| Tests pass? | yes <!-- please add some, will be required by reviewers -->
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
<!--
Write a short README entry for your feature/bugfix here (replace this comment block.)
This will help people understand your PR and can be used as a start of the Doc PR.
Additionally:
- Bug fixes must be submitted against the lowest branch where they apply
(lowest branches are regularly merged to upper ones so they get the fixes too).
- Features and deprecations must be submitted against the master branch.
-->
Commits
-------
5183049b73 updated MimeType extensions
This PR was squashed before being merged into the 4.3-dev branch (closes#29813).
Discussion
----------
[FrameworkBundle] Remove ControllerTrait::isFormValid()
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | https://github.com/symfony/symfony/pull/24576#issuecomment-452220557
| License | MIT
| Doc PR |
**edit**: During the first draft I made, I did not use the request stack. I finally used it to mimic other shortcut! It was a bad idea. Now there is less code, it's simpler. Love it more
Commits
-------
2be1987ad1 [FrameworkBundle] Remove ControllerTrait::isFormValid()
This PR was squashed before being merged into the 3.4 branch (closes#29864).
Discussion
----------
[Form] SA fix
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| BC breaks? | no <!-- see https://symfony.com/bc -->
| Deprecations? | no
| Tests pass? | yes <!-- please add some, will be required by reviewers -->
| Fixed tickets | #... <!-- #-prefixed issue number(s), if any -->
| License | MIT
| Doc PR | symfony/symfony-docs#... <!-- required for new features -->
<!--
Write a short README entry for your feature/bugfix here (replace this comment block.)
This will help people understand your PR and can be used as a start of the Doc PR.
Additionally:
- Bug fixes must be submitted against the lowest branch where they apply
(lowest branches are regularly merged to upper ones so they get the fixes too).
- Features and deprecations must be submitted against the master branch.
-->
Commits
-------
1c85707946 [Form] SA fix
This PR was squashed before being merged into the 4.1 branch (closes#29745).
Discussion
----------
SCA: minor code tweaks
| Q | A
| ------------- | ---
| Branch? | 4.1
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
Eliminated a few excessive calls, tweaked query parameters sorting
Commits
-------
8887f76b64 SCA: minor code tweaks
This PR was merged into the 3.4 branch.
Discussion
----------
Fix SwiftMailerHandler to support Monolog's latest reset functionality
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| License | MIT
Monolog 1.24 added the ResettableInterface which is meant to support resetting handlers. Reset should also flush as if the request was ending, and it can be used for long running workers for example in between each job that is processed. Due to SwiftMailer's spool however the emails in case of errors are right now only sent at the very end of the worker's lifetime.
For older Monolog versions, this will be ignored, and is thus harmless.
Commits
-------
ada2d83b67 Fix SwiftMailerHandler to support Monolog's latest reset functionality
This PR was squashed before being merged into the 4.3-dev branch (closes#29797).
Discussion
----------
[Dotenv] improved code coverage and removed unreachable code
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| License | MIT
Commits
-------
34dac7c8fd [Dotenv] improved code coverage and removed unreachable code
This PR was squashed before being merged into the 4.3-dev branch (closes#29148).
Discussion
----------
Load original file metadata when loading Xliff 1.2 files
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
At PrestaShop, we maintain our translations catalog automatically using an internal tool based on our [TranslationToolsBundle](https://github.com/PrestaShop/TranslationToolsBundle), which is capable of reverse building a MessageCatalogue by parsing the source code, and then saving it to Xliff files.
Currently, this tool is only capable of building catalogs from scratch. We are currently moving to an incremental catalog where we only add new wordings, and keep old ones even if they are no longer present in the code (because of B/C). To do that, instead of starting from a clean MessageCatalogue, we load our current catalog using XliffLoader, and use that MessageCatalogue as a base. Easy peasy. But then we found a problem...
The Xliff 1.2 standard defines a list of `<trans-unit>` elements within a collection of `<file>` elements. The `<file>` element has a required attribute named `original`, which is supposed to contain the name of the file where the wordings are used in (at least in our case it does). **This attribute is currently ignored by XliffFileLoader**.
This means that it's currently impossible to read a Xliff 1.2 file using XliffFileloader, and save it back to Xliff without losing data.
This Pull Request adds a new `file` element to the messages' metadata (alongside `notes`, `target-attributes` and `id`). Right now, it only contains `original`, but it could be extended to contain all the other attributes from the `<file>` element if needed.
This required a small change in the loader where we loop through `<file>` elements before fetching their `<trans-unit>` children, instead of fetching all `<trans-unit>` elements at once.
Commits
-------
4073319d0f Load original file metadata when loading Xliff 1.2 files
This PR was merged into the 3.4 branch.
Discussion
----------
Revert "bug #29597 [DI] fix reporting bindings on overriden services as unused"
This reverts commit 44e9a91f30, reversing
changes made to 91b28ff081.
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #29836
| License | MIT
| Doc PR |
4.2.2 release changed the way tagged service are injected
As asked by @nicolas-grekas https://github.com/symfony/symfony/issues/29836#issuecomment-453464500
Commits
-------
b3e17d2101 Revert "bug #29597 [DI] fix reporting bindings on overriden services as unused (nicolas-grekas)"
This PR was merged into the 4.3-dev branch.
Discussion
----------
[FrameworkBundle] pass project dir into the assets install command
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | yes
| Tests pass? | yes
| Fixed tickets | https://github.com/symfony/symfony/pull/29708#discussion_r244287106
| License | MIT
| Doc PR |
Commits
-------
b373d4206b pass project dir into the assets install command
* 4.2:
Fix docs
enabled short array notation in CS
[fabbot] enable short arrays
bumped Symfony version to 4.2.3
updated VERSION for 4.2.2
updated CHANGELOG for 4.2.2
bumped Symfony version to 4.1.11
updated VERSION for 4.1.10
updated CHANGELOG for 4.1.10
bumped Symfony version to 3.4.22
updated VERSION for 3.4.21
update CONTRIBUTORS for 3.4.21
updated CHANGELOG for 3.4.21
* 4.1:
Fix docs
enabled short array notation in CS
[fabbot] enable short arrays
bumped Symfony version to 4.1.11
updated VERSION for 4.1.10
updated CHANGELOG for 4.1.10
bumped Symfony version to 3.4.22
updated VERSION for 3.4.21
update CONTRIBUTORS for 3.4.21
updated CHANGELOG for 3.4.21
* 3.4:
Fix docs
enabled short array notation in CS
[fabbot] enable short arrays
bumped Symfony version to 3.4.22
updated VERSION for 3.4.21
update CONTRIBUTORS for 3.4.21
updated CHANGELOG for 3.4.21
symfony documentation tells people to pass null, and it is the default, but the method docs don't allow it so static analyzers complain about it (spotted by phan)