This PR was merged into the 3.4 branch.
Discussion
----------
[PhpUnitBridge] fix installing under PHP >= 8
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | -
[As experimented on Twig](b952011f95), using `simple-phpunit` is not simple enough when testing with PHP 8.
This PR fixes the issue so that we could remove these lines in Twig.
On 3.4 since supporting new versions of PHP is a bugfix according to our policies.
Commits
-------
5aa25ceb41 [PhpUnitBridge] fix installing under PHP >= 8
This PR was merged into the 4.4 branch.
Discussion
----------
Use ">=" for the "php" requirement
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | -
As explained in https://twitter.com/nicolasgrekas/status/1263023258938548225:
Using `"^7.x"` is our composer.json has been a mistake. We should always use `">=7.x"`! 3 reasons:
1. it's either planned obsolescence xor a strong promise to maintain in the long run. None is sustainable.
2. if you actually end up maintaining in the long run (not by promise but by fact), your latest versions will work with PHP 8 by definition.
3. meanwhile, `"^7.x"` prevented all your ecosystem from experimenting with PHP 8, which means they increased the workload on *you* the core maintainer.
Conclusion: always use `">="` for the `"php"` requirement. Hope for the best (it mostly happens) and enable your community to experiment with the next major asap without adding useless impediments.
Commits
-------
f8aa0873cf Use ">=" for the "php" requirement
This PR was merged into the 4.4 branch.
Discussion
----------
[Intl] bump icu 67.1
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| Tickets | Fix #... <!-- prefix each issue number with "Fix #", if any -->
| License | MIT
| Doc PR | symfony/symfony-docs#... <!-- required for new features -->
<!--
Replace this notice by a short README for your feature/bugfix. This will help people
understand your PR and can be used as a start for the documentation.
Additionally (see https://symfony.com/releases):
- Always add tests and ensure they pass.
- Never break backward compatibility (see https://symfony.com/bc).
- Bug fixes must be submitted against the lowest maintained branch where they apply
(lowest branches are regularly merged to upper ones so they get the fixes too.)
- Features and deprecations must be submitted against branch master.
-->
Commits
-------
920e319051 bump icu 67.1
* 3.4:
[Validator] Add missing translations of nn locale
[HttpKernel] Fix that the `Store` would not save responses with the X-Content-Digest header present
[Intl] bump icu 67.1
This PR was squashed before being merged into the 3.4 branch.
Discussion
----------
[Validator] Add missing translations of nn locale
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes/no
| New feature? | no
| Deprecations? | no
| Tickets | Fix#30178
| License | MIT
Added missing translations to validator with locale nn
Commits
-------
040d01e53b [Validator] Add missing translations of nn locale
This PR was squashed before being merged into the 3.4 branch.
Discussion
----------
[HttpKernel] Fix that the `Store` would not save responses with the X-Content-Digest header present
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets |
| License | MIT
| Doc PR |
Responses fetched from upstream sources might have a `X-Content-Digest` header, for example if the Symfony Cache is used upstream. This currently prevents the `Store` from saving such responses. In general, the value of this header should not be trusted.
As I consider this header an implementation detail of the `Store`, the fix tries to be local to that class; we should not rely on the `HttpCache` or other classes to remove untrustworthy headers for us.
This fixes the issue that when using the `HttpCache` in combination with the Symfony HttpClient, responses that have also been cached upstream in an instance of `HttpCache` are not cached locally. It adds the overhead of re-computing the content digest every time the `HttpCache` successfully re-validated a response.
Commits
-------
d8964fb8b7 [HttpKernel] Fix that the `Store` would not save responses with the X-Content-Digest header present
This PR was squashed before being merged into the 3.4 branch.
Discussion
----------
[Intl] bump icu 67.1
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| Tickets | Fix #... <!-- prefix each issue number with "Fix #", if any -->
| License | MIT
| Doc PR | symfony/symfony-docs#... <!-- required for new features -->
mainly some new locales+scripts (see 3a3a9ba)
Commits
-------
29eb271184 [Intl] bump icu 67.1
This PR was squashed before being merged into the 4.4 branch.
Discussion
----------
[Security] Unserialize $parentData, if needed, to avoid errors
Check that the $parentData is an array. If it's a string, the variable is unserialized.
Useful to not break the compatibility with the older versions.
Bug reproduced when upgrading from 3.4 to 4.4
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | Fix#36813
| License | MIT
| Doc PR | symfony/symfony-docs#... <!-- required for new features -->
Commits
-------
b447433b67 [Security] Unserialize $parentData, if needed, to avoid errors
This PR was merged into the 3.4 branch.
Discussion
----------
[HttpKernel] Fix error logger when stderr is redirected to /dev/null
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no <!-- please update src/**/CHANGELOG.md files -->
| Deprecations? | no <!-- please update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| Tickets | n/a <!-- prefix each issue number with "Fix #", if any -->
| License | MIT
| Doc PR | n/a
The HttpKernel Logger is meant to be used as a last resort logging mechanism when no logger has been explicitly configured (Monolog is not a dependency for instance).
For small apps, that can be more than enough.
But under some circumstances, it does not work. When you are using PHP-FPM, `stderr` is ignored by default (`catch_workers_output` is `false`) and so, logs are ignored as well. There is no issue with the official PHP Docker image as the setting has been explicitly set to `true`. Not an issue with Symfony CLI as well, as we also change the setting. Not a problem either with the PHP built-in server as it does not use PHP FPM anyway.
But, in many other places, where the setting has its default value, logs are lost (as you can imagine, it happened to me). As this feature is meant to be a fallback, I think it should always work, or at least, we need to make everything possible to make it work out of the box; that's why I've considered it a bug and hence a PR on 3.4.
This PR changes the default value for the output to `null`, which uses `error_log()` instead of `stderr` to log errors. Why is it better? The output of `error_log()` is controllable by the `error_logs` PHP ini setting and it is well understood by everyone (the default configuration should always work well); so it should work in most/more cases.
The other change (to be discussed) is to also log messages at the `ERROR` level and not just the `CRITICAL` ones.
/cc @dunglas
Commits
-------
5f829bdaeb [HttpKernel] Fix error logger when stderr is redirected to /dev/null (FPM)
This PR was merged into the 4.4 branch.
Discussion
----------
[HttpKernel] Bring back the debug toolbar
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | Fix#36836
| License | MIT
| Doc PR | N/A
This PR effectively reverts #36789 in order to fix a regression caused by that PR.
Commits
-------
9f8d225aa1 Revert "Change priority of KernelEvents::RESPONSE subscriber"
This PR was merged into the 3.4 branch.
Discussion
----------
[BrowserKit] Allow Referer set by history to be overridden
| Q | A
| ------------- | ---
| Branch? | 3.4, see https://github.com/symfony/symfony/pull/36591 for 5.0
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets |
| License | MIT
| Doc PR |
Commits
-------
4774946fbd [BrowserKit] Allow Referer set by history to be overridden (3.4)
This PR was merged into the 4.4 branch.
Discussion
----------
[HttpClient] fix PHP warning + accept status code >= 600
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | Fix#36717
| License | MIT
| Doc PR | -
This fixes the PHP warning reported in the linked issue.
This also relaxes the accepted status codes, with https://www.linkedin.com/company/linkedin/ as an example that returns a non-conformant one (`999`).
These are now handled as 5xx codes, ie they trigger a ServerException.
Commits
-------
c764b5c36e [HttpClient] fix PHP warning + accept status code >= 600
This PR was merged into the 4.4 branch.
Discussion
----------
[Security/Core] fix compat of `NativePasswordEncoder` with pre-PHP74 values of `PASSWORD_*` consts
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | Fix#36451
| License | MIT
| Doc PR | -
Commits
-------
df32171cb2 [Security/Core] fix compat of `NativePasswordEncoder` with pre-PHP74 values of `PASSWORD_*` consts
This PR was merged into the 4.4 branch.
Discussion
----------
[DependencyInjection] Fix register event listeners compiler pass
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets |
| License | MIT
| Doc PR |
I've wanted to use the simpler event listener registration syntax (https://symfony.com/blog/new-in-symfony-4-4-simpler-event-listeners) in my project and it didn't work so I'm sending this fix.
We use the `KnpPaginatorBundle` bundle which also [calls the `RegisterListenersPass` compiler pass](https://github.com/KnpLabs/KnpPaginatorBundle/blob/v5.2.0/src/DependencyInjection/Compiler/PaginatorConfigurationPass.php#L22) in order to register with the event dispatcher their custom tags for listeners and subscribers (`knp_paginator.listener` and `knp_paginator.subscriber`).
Their compiler pass is `TYPE_BEFORE_REMOVING` and priority zero which is the same type and priority as the pass that gets [added by FrameworkBundle](https://github.com/symfony/symfony/blob/v4.4.8/src/Symfony/Bundle/FrameworkBundle/FrameworkBundle.php#L125). Since both the type and priority is the same the order of execution is `undefined` (because [that is how regular sort behaves in PHP which is used by default by `krsort`](https://github.com/symfony/symfony/blob/v4.4.8/src/Symfony/Component/DependencyInjection/Compiler/PassConfig.php#L264)) and the `RegisterListenersPass` currently removes the `eventAliasesParameter` parameter from the container if it is set (which is [set here](https://github.com/symfony/symfony/blob/v4.4.8/src/Symfony/Bundle/FrameworkBundle/Resources/config/services.xml#L9)). So what happens in my app is that the Knp compiler pass runs first, the `event_dispatcher.event_aliases` parameter is removed and then the FrameworkBundle registered compiler pass runs and since the aliases are not present anymore the events do not get aliased properly. The event dispatcher service in the compiled container looks like:
```php
$instance->addListener('Symfony\Component\HttpKernel\Event\RequestEvent', ...);
```
instead of the expected
```php
$instance->addListener('kernel.request', ...);
```
This means that my listener never gets called on the kernel request event.
Another potential fix would be to adjust the Knp compiler pass priority, but seeing as that would fix only that bundle (who knows how many bundles out there have the same problem) and that I don't see any drawback in letting the `event_dispatcher.event_aliases` parameter stay in the container I think that this is better to fix here.
Commits
-------
646878d072 Fix register event listeners compiler pass
* 3.4:
[VarDumper] fix for change in PHP 7.4.6
Added regression test for AccountStatusException behavior (ref #36822)
embed resource name in error message
[Serializer] fix issue with PHP 8
[Yaml] Fix escaped quotes in quoted multi-line string
This PR was merged into the 3.4 branch.
Discussion
----------
[Translator] embed resource name in error message
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| Tickets |
| License | MIT
| Doc PR |
Someone reported on Slack that they accidentally stored a translation file with the `.twig` extension and that the error message was quite confusing.
Commits
-------
507a5963e4 embed resource name in error message
This PR was merged into the 3.4 branch.
Discussion
----------
[Security] Update test to test AccountStatusException behavior
| Q | A
| ------------- | ---
| Branch? | 3.4 (behavior is this way since 2.0)
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | -
See https://github.com/symfony/symfony/pull/36822
This PR updates the `AccountStatusException` test to test the expected behavior of this exception (and its difference from `AuthenticationException`).
Commits
-------
08fbfcf5a0 Added regression test for AccountStatusException behavior (ref #36822)
This PR was submitted for the master branch but it was merged into the 4.4 branch instead.
Discussion
----------
[FrameworkBundle] fix stringable annotation
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | -
Commits
-------
65e6812c1d [FrameworkBundle] fix stringable annotation
This PR was squashed before being merged into the 4.4 branch.
Discussion
----------
Change priority of KernelEvents::RESPONSE subscriber
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| License | MIT
This PR changes the priority of the `KernelEvents::RESPONSE` subscriber of the `ProfilerListener` so that it is the penultimate to be executed (just before `StreamedResponseListener`).
The reason is that other listeners that were executed after this one CAN change the response (such as `SessionListener` for example). This creates a headache when debugging, with a discrepancy between what is shown in a curl command, and by the Symfony profiler.
Commits
-------
6ed624ad16 Change priority of KernelEvents::RESPONSE subscriber
This PR was merged into the 3.4 branch.
Discussion
----------
[Serializer] fix issue with PHP 8
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | -
The current logic is a bit strange but I guess it's some legacy from PHP 5.
This keeps the current behavior while skipping the use of `ReflectionParameter::getClass()`, which [is deprecated in PHP 8](http://git.php.net/?p=php-src.git;a=commitdiff;h=28af364d2ae2261addc21f8830f175baa8fa72cf).
Commits
-------
44b45cbaf1 [Serializer] fix issue with PHP 8
This PR was merged into the 4.4 branch.
Discussion
----------
[WebProfiler] Remove 'none' when appending CSP tokens
| Q | A
| ------------- | ---
| Branch? | 3.4, 4.4, 5.0
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | Fix#36645
| License | MIT
| Doc PR | n/a
@nicolas-grekas asked me to to have a look at this after #36678.
If a user has a CSP policy of `default-src 'none'`, then the WebProfiler copies `'none'` to `script-src` and `style-src` then adds other sources. This creates an invalid policy since `'none'` is only allowed when it's the only item in the source list.
This will probably need to be merged into 3.4 first, I started on 4.4 so I can test in my current symfony project which requires 4.4.
Commits
-------
967bc4a860 [WebProfiler] Remove 'none' when appending CSP tokens
This PR was submitted for the master branch but it was merged into the 4.4 branch instead.
Discussion
----------
[Messenger] Missing description in `messenger:setup-transports` command
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| Tickets | N/A
| License | MIT
| Doc PR | N/A
making `bin/console` to show an empty description when the rest of the commands have one.
![image](https://user-images.githubusercontent.com/351553/81716773-122bc200-947a-11ea-84ef-18ec8d19e479.png)
Commits
-------
d31d1e0111 Missing description in `messenger:setup-transports` command