This PR was merged into the 2.3 branch.
Discussion
----------
fixed APCu dep version
Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #17428
| License | MIT
Commits
-------
3b7f4c7 fixed APCu dep version
This PR was merged into the 2.7 branch.
Discussion
----------
make apc class loader testable against apcu without apc bc layer
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
Commits
-------
24160b3 make apc class loader testable against apcu without apc bc layer
This PR was merged into the 2.8 branch.
Discussion
----------
[Form][Security] update upgrade files with CSRF related option info
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR | symfony/symfony-docs#6152
Commits
-------
1ecbb32 update upgrade files with CSRF related option info
This PR was submitted for the 2.8 branch but it was merged into the 2.3 branch instead (closes#15706).
Discussion
----------
[framework-bundle] Added support for the `0.0.0.0/0` trusted proxy
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| License | MIT
It is relevant to my other PR: https://github.com/symfony/symfony/pull/14690
The original intention was to start accepting `0.0.0.0/0` as a trusted proxy (which is a valid CIDR notation).
The prupose is to allow all requests to be treated as trusted and to eliminate using dirty `['0.0.0.0/1', '128.0.0.0/1']` workaround.
Commits
-------
3188e1b Added support for the `0.0.0.0/0` trusted proxy
This PR was merged into the 2.3 branch.
Discussion
----------
[HttpKernel] Lookup the response even if the lock was released after two second wait
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
While looking into #15813 I noticed that we [wait for the lock to be released for five seconds, but then only do a lookup if the lock was released in two seconds](fa604d3c6f/src/Symfony/Component/HttpKernel/HttpCache/HttpCache.php (L540-L562)), no more.
I think it's worth to make both values the same (so either two or five seconds). I see no reason why we should wait for the lock for five seconds, but then only do a lookup if we waited for two. One way the wait either takes too long, the other way we loose the opportunity to actually return a response.
Commits
-------
9963170 [HttpKernel] Lookup the response even if the lock was released after 2 seconds
This PR was squashed before being merged into the 2.3 branch (closes#17355).
Discussion
----------
[DoctrineBridge][Validator] >= 2.3 Pass association instead of ID as argument
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
No verification on doctrine-orm version has been provided since the `composer.json` requires `"doctrine/orm": "~2.4,>=2.4.5"` and performing a query with an object as array argument has been added in 2.2.0-BETA1 (see https://github.com/doctrine/doctrine2/blob/2.2.0-BETA1/lib/Doctrine/ORM/Persisters/BasicEntityPersister.php#L1511)
Commits
-------
5c2d534 [DoctrineBridge][Validator] >= 2.3 Pass association instead of ID as argument
This PR was squashed before being merged into the 2.8 branch (closes#17330).
Discussion
----------
Limit the max height/width of icons in the profiler menu
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #17329
| License | MIT
| Doc PR | -
Commits
-------
1f5f81c Limit the max height/width of icons in the profiler menu
This PR was submitted for the master branch but it was merged into the 2.3 branch instead (closes#17095).
Discussion
----------
[HttpFoundation] Added 451 status code
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| License | MIT
https://datatracker.ietf.org/doc/draft-ietf-httpbis-legally-restricted-status/?include_text=1
The HTTP 451 status code was approved by the ISG a few days ago on the 18th December '15.
Commits
-------
df8952f Added 451 status code
This PR was merged into the 2.3 branch.
Discussion
----------
[ClassLoader] Use symfony/polyfill-apcu
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
#17358 updated ApcClassLoader to use polyfill-apcu, but not ApcUniversalClassLoader
2.7 / 2.8 tests are in LegacyApcUniversalClassLoaderTest
Commits
-------
a0dc399 [ClassLoader] Use symfony/polyfill-apcu
This PR was merged into the 2.7 branch.
Discussion
----------
Allow absolute URLs to be displayed in the debug toolbar
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #12221
| License | MIT
| Doc PR | -
If you agree with the original issue, this should do the trick. If you don't agree, please explain the reasons and close#12221. Thanks!
Commits
-------
11b63ff Allow absolute URLs to be displayed in the debug toolbar
* 2.7:
fixed test
[Request] Ignore invalid IP addresses sent by proxies
Throw for missing container extensions
[TwigBridge] add missing unit tests (AppVariable)
Able to load big xml files with DomCrawler
fixed typo
[Form] Fix constraints could be null if not set
[Finder] Check PHP version before applying a workaround for a PHP bug
fixed CS
add defaultNull to version
sort bundles in config:dump-reference command
Fixer findings.
[Translation][Writer] avoid calling setBackup if the dumper is not an instance of FileDumper.
[FrameworkBundle] Compute the kernel root hash only one time
* 2.3:
[Request] Ignore invalid IP addresses sent by proxies
Able to load big xml files with DomCrawler
fixed typo
[Form] Fix constraints could be null if not set
[Finder] Check PHP version before applying a workaround for a PHP bug
fixed CS
sort bundles in config:dump-reference command
Fixer findings.
This PR was submitted for the 2.8 branch but it was merged into the 2.3 branch instead (closes#16736).
Discussion
----------
[Request] Ignore invalid IP addresses sent by proxies
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | ?
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #15525
| License | MIT
| Doc PR | n/a
The [RFC 7239](https://tools.ietf.org/html/rfc7239#section-6.2) allows other values that IP addresses to be passed in `Forwarded`header and [Nginx can add `unknown` to the `X-Forwarded-For`header](http://www.squid-cache.org/Doc/config/forwarded_for/).
To prevent these invalid IP addresses from being returned as "Client IP", this PR ensure that they are excluded.
Commits
-------
6578806 [Request] Ignore invalid IP addresses sent by proxies
This PR was submitted for the master branch but it was merged into the 2.8 branch instead (closes#17459).
Discussion
----------
[EventDispatcher] TraceableEventDispatcher resets event listener priorities
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #15550
| License | MIT
| Doc PR | -
Commits
-------
233e5b8 [EventDispatcher] TraceableEventDispatcher resets listener priorities
This PR was submitted for the master branch but it was merged into the 2.7 branch instead (closes#17486).
Discussion
----------
[FrameworkBundle] Throw for missing container extensions
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | none
| License | MIT
| Doc PR | none
This covers the case when an existing bundle does not have an extension, and its config is dumped. Before, calling `app/console config:dump` on such bundle lead to FatalErrorException with ```Call to a member function getAlias() on null```, now we process such cases and throw an exception with some explanatory text.
Commits
-------
884368e Throw for missing container extensions
This PR was merged into the 2.8 branch.
Discussion
----------
Overriding profiler position in CSS breaks JS positioning
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
The positioning of a profiler info block (open to the left or right) is [calculated using Javascript](https://github.com/symfony/symfony/blob/master/src/Symfony/Bundle/WebProfilerBundle/Resources/views/Profiler/toolbar_js.html.twig#L35). Since Symfony 2.8, the config/version panel is right-aligned and opens to the left. If another panel is added to the right of it, the panel cannot open correctly.
Styles are unset in https://github.com/symfony/symfony/blob/master/src/Symfony/Bundle/WebProfilerBundle/Resources/views/Profiler/toolbar_js.html.twig#L46-L47 but that means it is set back to the stylesheet settings, which results in `right:0, left:0` on the element.
Manual testing is fairly easy: Just add a CSS class `sf-toolbar-block-right` on one or multiple panels (e.g. Doctrine) that result in the Config panel to have enough room to open to the right.
Here's a screenshot of the problem:
The other option would be to set the position in javascript to `right: auto` instead of unsetting, but I prefer to fix invalid CSS ;-)
Commits
-------
79474a6 Profiler CSS position conflicts with JS detection
This PR was submitted for the 2.8 branch but it was merged into the 2.7 branch instead (closes#16859).
Discussion
----------
[TwigBridge] add missing unit tests (AppVariable)
Just add few missing unit tests.
---
| Q | A
| ------------- | ---
| Bug fix? | [no]
| New feature? | [no]
| BC breaks? | [no]
| Deprecations? | [no]
| Tests pass? | [yes]
| Fixed tickets | [n/a]
| License | MIT
| Doc PR | [n/a]
Commits
-------
156cdb5 [TwigBridge] add missing unit tests (AppVariable)
This PR was submitted for the 2.8 branch but it was merged into the 2.3 branch instead (closes#16873).
Discussion
----------
Able to load big xml files with DomCrawler
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
Commits
-------
3dae825 Able to load big xml files with DomCrawler
This PR was squashed before being merged into the 2.3 branch (closes#16897).
Discussion
----------
[Form] Fix constraints could be null if not set
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
If the form options has no key for constraints the default should be an empty array to be ignored by the loop in the FormValidator. The default without this fix is ```null``` and foreach will throw an error.
The "Bug" also still exists in master-Branch.
Commits
-------
f80e0eb [Form] Fix constraints could be null if not set
This PR was merged into the 2.7 branch.
Discussion
----------
[Translation][Writer] avoid calling setBackup if the dumper is not FileDumper
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | ~
| License | MIT
| Doc PR | n/a
Commits
-------
369b2d4 [Translation][Writer] avoid calling setBackup if the dumper is not an instance of FileDumper.
This PR was merged into the 2.7 branch.
Discussion
----------
[FrameworkBundle] Compute the kernel root hash only one time
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
Commits
-------
23431e9 [FrameworkBundle] Compute the kernel root hash only one time
This PR was squashed before being merged into the 2.3 branch (closes#17134).
Discussion
----------
[Finder] Check PHP version before applying a workaround for a PHP bug
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | --
| License | MIT
| Doc PR | --
Commits
-------
cba206a [Finder] Check PHP version before applying a workaround for a PHP bug
This PR was merged into the 2.3 branch.
Discussion
----------
sort bundles in config:dump-reference command
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
This backports #17495 to the `2.3` branch.
Commits
-------
a5c8811 sort bundles in config:dump-reference command
This PR was merged into the 2.3 branch.
Discussion
----------
[2.3] [CS] MethodSeparationFixer - findings.
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| License | MIT
Th goal of this PR is _not_ to have it merged, but to see if the `MethodSeparationFixer` (https://github.com/FriendsOfPHP/PHP-CS-Fixer/pull/1426) is suitable for SF level/configuration in the PHP-CS-Fixer (and thereby might later become part of `fabbot.io`).
Commits
-------
d7b730f Fixer findings.
This PR was merged into the 2.7 branch.
Discussion
----------
[2.7][Asset] Add defaultNull to version configuration
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #14832, #16511
| License | MIT
| Doc PR |
In #16511 PR was omitted defaultNull version for one case.
Commits
-------
65adb72 add defaultNull to version
* 2.7:
Ability to set empty version strategy in packages
CLI: use request context to generate absolute URLs
[SecurityBundle] Optimize dependency injection tests
Sort bundles in config commands
[HttpFoundation] Do not overwrite the Authorization header if it is already set
tag for dumped PHP objects must be a local one
