This PR was merged into the 3.4 branch.
Discussion
----------
[HttpKernel] Correctly Render Signed URIs Containing Fragments
| Q | A
| ------------- | ---
| Branch? | `3.4`
| Bug fix? | yes
| New feature? | no
| BC breaks? | no?
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
- Rebuild the URL with the computed hash instead of appending it onto the end of the fragment.
- Update unit tests, and add new unit test to cover URIs that include fragments.
Commits
-------
b9ece6bde7 [HttpKernel] Correctly Render Signed URIs Containing Fragments
Rebuild the URL with the computed hash instead of appending it onto the end of the URI, preventing incorrect formatting when dealing with URIs containing fragments.
Since https://github.com/symfony/symfony/pull/25733 the Kernel attempts to unlink the legacy container while being built.
This throws an error if the file did not exist, for example on a clean install, on the build, which is then silenced.
That's fine on production systems, but on our build we have enabled "xdebug.scream" in order to visualise every errors, which basically un-silences the errors. I believe there should not be a need to silence anything on a usual, clean usage of the system.
Making this `unlink` conditional fixes it.
Could you please approve and merge this PR?
Thanks
Some attributes being used in the phpunit configuration files, namely
failOnRisky and failOnWarning were introduced in phpunit 5.2.0. The
Composer configuration shows that tests should run with old versions of
phpunit, but phpunit only validates the configuration against the XSD
since phpunit 7.2.0.
These changes can be tested as follows:
wget http://schema.phpunit.de/5.2/phpunit.xsd
xargs xmllint --schema phpunit.xsd 1>/dev/null
find src -name phpunit.xml.dist| xargs xmllint --schema phpunit.xsd 1>/dev/null
See 7e06a82806
See 46e3745a03/composer.json (L98)
This PR was merged into the 3.4 branch.
Discussion
----------
[VarDumper] fix dump of closures created from callables
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
We are missing displaying full information about closures created using `ReflectionMethod::getClosure()` or `Closure::fromCallable()`.
This PR fixes it. For VarDumper but also other places where we have logic to display them.
Commits
-------
1c1818b876 [VarDumper] fix dump of closures created from callables
* 2.8:
[php_cs] disable fopen_flags
[CS] Remove unused variables passed to closures
[CS] Remove empty comment
[CS] Enforces null type hint on last position in phpDocs
[CS] Use combined assignment operators when possible
Fix a typo in error messages
[Console] Add missing null to input values allowed types
[PHPUnitBridge] Fix microtime() format
bumped Symfony version to 2.8.47
update CONTRIBUTORS for 2.8.46
updated VERSION for 2.8.46
updated CHANGELOG for 2.8.46
This PR was merged into the 2.8 branch.
Discussion
----------
[CS] Enforces null type hint on last position in phpDocs
| Q | A
| ------------- | ---
| Branch? | 2.8
| Bug fix? | no
| New feature? | no <!-- don't forget to update src/**/CHANGELOG.md files -->
| BC breaks? | no <!-- see https://symfony.com/bc -->
| Deprecations? | no <!-- don't forget to update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| Tests pass? | yes <!-- please add some, will be required by reviewers -->
| Fixed tickets | - <!-- #-prefixed issue number(s), if any -->
| License | MIT
| Doc PR | - <!-- required for new features -->
As a majority in our codebase, the `null` typehint usually comes in the last position in phpDocs.
Commits
-------
efbba25577 [CS] Enforces null type hint on last position in phpDocs
* 2.8:
improve docblocks around group sequences
[WebProfilerBundle] added a note in the README
[Filesystem] Skip tests on readable file when run with root user
[FWBundle] Fix an error in WebTestCase::createClient's PHPDoc
[HttpFoundation][Security] forward locale and format to subrequests
[Console] Send the right exit code to console.terminate listeners
Caching missed templates on cache warmup
* 2.8:
KernelInterface can return null container
[Ldap] Use shut up operator on connection errors at ldap_start_tls
[HttpFoundation] don't override StreamedResponse::setNotModified()
Added relevent links for parsing to the phpdoc
Add stricter checking for valid date time string
[Form] Fix DateTimeType html5 input format
This PR was merged into the 3.4 branch.
Discussion
----------
[Controller][ServiceValueResolver] Making method access case insensitive
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #28254
| License | MIT
| Doc PR | -
Fix#28254 by making the method access insensitive in `ServiceValueResolver`.
Commits
-------
cc6f82769b [Controller][ServiceValueResolver] Making method access case insensitive
* 2.8:
[appveyor] fix
Revert "minor #28321 [Routing] Fixed the interface description of the url generator interface (Toflar)"
remove cache warmers when Twig cache is disabled
[HttpKernel][FrameworkBundle] Fix escaping of serialized payloads passed to test clients
chore: rename Appveyor filename
Fixed the interface description of the url generator interface
Format file size in validation message according to binaryFormat option
* 2.8:
Use the real image URL for the filesystem tests
[Finder] Update PHPdoc append()
[DI] Fix phpdoc
Fix code examples in PHPDoc
[HttpKernel] Fix inheritdocs
* 2.8:
[HttpKernel] Fixed invalid REMOTE_ADDR in inline subrequest when configuring trusted proxy with subnet
[HttpFoundation] fixed using _method parameter with invalid type
[Intl] Replace svn with git in the icu data update script
[HttpFoundation] Fix Cookie::isCleared
* 2.8:
Fix Clidumper tests
Enable the fixer enforcing fully-qualified calls for compiler-optimized functions
Apply fixers
Disable the native_constant_invocation fixer until it can be scoped
Update the list of excluded files for the CS fixer
* 2.8:
updated VERSION for 2.8.43
update CONTRIBUTORS for 2.8.43
updated CHANGELOG for 2.8.43
backported translations
Fixed templateExists on parse error of the template name
This PR was merged into the 2.8 branch.
Discussion
----------
[HttpKernel] Fixed templateExists on parse error of the template name
| Q | A
| ------------- | ---
| Branch? | 2.8
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #28001
| License | MIT
| Doc PR | -
9bfa971bc5/src/Symfony/Bundle/FrameworkBundle/Templating/TemplateNameParser.php (L49-L51)
Commits
-------
53347c42fd Fixed templateExists on parse error of the template name
This PR was squashed before being merged into the 3.4 branch (closes#27659).
Discussion
----------
[HttpKernel] Make AbstractTestSessionListener compatible with CookieClearingLogoutHandler
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
#26157 started to send a new cookie in `AbstractTestSessionListener`, but is incompatible with `CookieClearingLogoutHandler` as it overrides its `Set-Cookie` by setting a new cookie (breaking my test that checked to see that the cookie was removed after a log out).
Commits
-------
f54d96926a [HttpKernel] Make AbstractTestSessionListener compatible with CookieClearingLogoutHandler
* 2.8:
[HttpKernel] fix PHP 5.4 compat
Fix surrogate not using original request
[Finder] Update RealIteratorTestCase
[Routing] remove unneeded dev dep on doctrine/common
[Validator] Remove BOM in some xlf files
This PR was merged into the 3.4 branch.
Discussion
----------
[HttpKernel] fix session tracking in surrogate master requests
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
Spotted while looking at ESI fragments resolved by`HttpCache`: right now when the master request starts the session, fragments are not cacheable anymore, even when they do not use the session.
Commits
-------
146e01cb44 [HttpKernel] fix session tracking in surrogate master requests
* 2.8:
removed unneeded comments in tests
Change PHPDoc in ResponseHeaderBag::getCookies() to help IDEs
[HttpKernel] Set first trusted proxy as REMOTE_ADDR in InlineFragmentRenderer.
[Process] Consider \"executable\" suffixes first on Windows
Triggering RememberMe's loginFail() when token cannot be created
This PR was squashed before being merged into the 2.8 branch (closes#26973).
Discussion
----------
[HttpKernel] Set first trusted proxy as REMOTE_ADDR in InlineFragmentRenderer.
| Q | A
| ------------- | ---
| Branch? | 2.7 and up
| Bug fix? | improvement
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | ---
| License | MIT
| Doc PR | ---
SubRequest used in `InlineFragmentRendered` explicitly sets `$server['REMOTE_ADDR']` to `127.0.0.1`. Therefore, it's required to configure `127.0.0.1` address in TRUSTED_PROXIES environment variable. Without that, `Request::isFromTrustedProxy()` will return false.
The current behavior might be a little bit problematic, for instance, in case where images are rendered through subrequests. These might end-up with an incorrect schema in URL (`http` instead of `https`).
Commits
-------
18f55feef8 [HttpKernel] Set first trusted proxy as REMOTE_ADDR in InlineFragmentRenderer.
This PR was squashed before being merged into the 3.4 branch (closes#27344).
Discussion
----------
[HttpKernel] reset kernel start time on reboot
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #27319
| License | MIT
| Doc PR | n/a
I created branch from 3.4, since the furthest thing I could find for the reboot feature was a4fc49294e and it originated during stabilization phase of 3.4.
ping @nicolas-grekas
Commits
-------
b7feef00ae [HttpKernel] reset kernel start time on reboot
This PR was merged into the 3.4 branch.
Discussion
----------
[HttpKernel] do file_exists() check instead of silent notice
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #27234
| License | MIT
| Doc PR | -
Commits
-------
f8cde70ba1 [HttpKernel] do file_exists() check instead of silent notice
This PR was merged into the 3.4 branch.
Discussion
----------
[HttpKernel] Catch HttpExceptions when templating is not installed
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| BC breaks? | ?
| Deprecations? | no
| Tests pass? | ?
| Fixed tickets | #25844
| License | MIT
| Doc PR | symfony/symfony-docs#... <!--highly recommended for new features-->
- [x] Test manually
- [x] Check for BC breaks
- [x] Needs tests
<!--
- Bug fixes must be submitted against the lowest branch where they apply
(lowest branches are regularly merged to upper ones so they get the fixes too).
- Features and deprecations must be submitted against the master branch.
- Replace this comment by a description of what your PR is solving.
-->
Commits
-------
4e527aa bug #25844 [HttpKernel] Catch HttpExceptions when templating is not installed
This PR was merged into the 3.4 branch.
Discussion
----------
[HttpKernel] Don't clean legacy containers that are still loaded
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? |
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #27053
| License | MIT
| Doc PR | -
Commits
-------
be8dbc3 [HttpKernel] Don't clean legacy containers that are still loaded
* 2.8:
[Security] guardAuthenticationProvider::authenticate cannot return null according to interface specification
[VarDumper] Remove decoration from actual output in tests
[PropertyInfo] Minor cleanup and perf improvement
[Bridge/Doctrine] fix count() notice on PHP 7.2
[Security] Skip user checks if not implementing UserInterface
[HttpFoundation] Add HTTP_EARLY_HINTS const
[DoctrineBridge] Improve exception message at `IdReader::getIdValue()`
fixed CS
Use new PHP7.2 functions in hasColorSupport
[VarDumper] Fix dumping of SplObjectStorage
Fixed being logged out on failed attempt in guard
* 2.7:
[VarDumper] Remove decoration from actual output in tests
[Bridge/Doctrine] fix count() notice on PHP 7.2
[Security] Skip user checks if not implementing UserInterface
[HttpFoundation] Add HTTP_EARLY_HINTS const
[DoctrineBridge] Improve exception message at `IdReader::getIdValue()`
fixed CS
Use new PHP7.2 functions in hasColorSupport
[VarDumper] Fix dumping of SplObjectStorage
This PR was merged into the 3.4 branch.
Discussion
----------
[HttpFoundation] Send cookies using header() to fix "SameSite" ones
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #25344
| License | MIT
| Doc PR | -
Commits
-------
73fec237da [HttpFoundation] Add functional tests for Response::sendHeaders()
e350ea000f [HttpFoundation] Send cookies using header() to fix "SameSite" ones
* 2.8:
fixed Twig URL
Don't assume that file binary exists on *nix OS
Fix that ESI/SSI processing can turn a \"private\" response \"public\"
[Form] Fixed trimming choice values
* 2.7:
fixed Twig URL
Don't assume that file binary exists on *nix OS
Fix that ESI/SSI processing can turn a \"private\" response \"public\"
[Form] Fixed trimming choice values
This PR was squashed before being merged into the 2.7 branch (closes#26643).
Discussion
----------
Fix that ESI/SSI processing can turn a "private" response "public"
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
Under the condition that
* we are merging in at least one *embedded* response,
* all *embedded* responses are `public`,
* the *main* response is `private` and
* all responses use expiration-based caching (note: no `s-maxage` on the *main* response)
... the resulting response will turn to `Cache-Control: public`.
The real issue is that when all responses use expiration-based caching, a combined max age is computed. This is set on the *main* response using `Response::setSharedMaxAge()`, which implicitly sets `Cache-Control: public`.
The fix provided in this PR solves the problem by applying the same logic to the *main* response that is applied for *embedded* responses, namely that responses with `!Response::isCacheable()` will make the resulting response have `Cache-Control: private, no-cache, must-revalidate` and have `(s)max-age` removed.
This makes the change easy to understand, but makes responses uncacheable too often. This is because the `Response::isCacheable()` method was written to determine whether it is safe for a shared cache to keep the response, which is not the case as soon as a `private` response is involved. This might be improved upon in another PR.
Commits
-------
3d27b5946d Fix that ESI/SSI processing can turn a \"private\" response \"public\"
* 2.8:
Add PHPDbg support to HTTP components
bumped Symfony version to 2.8.38
updated VERSION for 2.8.37
updated CHANGELOG for 2.8.37
bumped Symfony version to 2.7.45
updated VERSION for 2.7.44
update CONTRIBUTORS for 2.7.44
updated CHANGELOG for 2.7.44
Fix check of color support on Windows
* 2.7:
Add PHPDbg support to HTTP components
bumped Symfony version to 2.7.45
updated VERSION for 2.7.44
update CONTRIBUTORS for 2.7.44
updated CHANGELOG for 2.7.44
Fix check of color support on Windows
* 2.8:
fixed deprecated messages in tests
[HttpCache] Unlink tmp file on error
Added LB translation for #26327 (Errors sign for people that do not see colors)
[TwigBridge] Fix rendering of currency by MoneyType
[HttpKernel] DumpDataCollector: do not flush when a dumper is provided
* 2.7:
[HttpCache] Unlink tmp file on error
Added LB translation for #26327 (Errors sign for people that do not see colors)
[TwigBridge] Fix rendering of currency by MoneyType
[HttpKernel] DumpDataCollector: do not flush when a dumper is provided
This PR was squashed before being merged into the 3.4 branch (closes#26041).
Discussion
----------
Display the Welcome Page when there is no homepage defined
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | https://github.com/symfony/symfony-docs/issues/9178
| License | MIT
| Doc PR | -
In 3.4 we added a trick to display the Welcome Page when the user browses `/` and there are no routes defined. However, when using the `website-skeleton` (which is what most newcomers use ... and they are the ones that mostly need the "Welcome Page") the premise about *"no routes are defined"* is never true and the Welcome Page is never shown (see https://github.com/symfony/symfony-docs/issues/9178 for one of the multiple error reports we've received).
So, I propose to make this change to always define the "Welcome Page" as the fallback:
* If no routes are defined for `/`, the Welcome Page is displayed.
* If there is a route defined for `/`, this code will never be executed because it's the last condition of the routing matcher.
Commits
-------
5b0d9340d7 Display the Welcome Page when there is no homepage defined
* 2.8:
[Bridge\PhpUnit] Exit as late as possible
Update Repository Symlink Helper
Document explicitly that dotfiles and vcs files are ignored by default
do not mock the container builder in tests
* 2.7:
[Bridge\PhpUnit] Exit as late as possible
Update Repository Symlink Helper
Document explicitly that dotfiles and vcs files are ignored by default
do not mock the container builder in tests
This PR was merged into the 3.4 branch.
Discussion
----------
Make kernel build time optionally deterministic
| Q | A
| ------------- | ---
| Branch? | master for features / 2.7 up to 4.0 for bug fixes <!-- see below -->
| Bug fix? | yes
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
As part of the effort to enable reproducible builds, this PR allows setting a deterministic build time for the dumped kernel. Parent issue is symfony/symfony#25958.
Commits
-------
48e8249 Make kernel build time optionally deterministic