* 2.7:
Various fixes esp. on Windows
Fix the validation of form resources to register the default theme
Fix the retrieval of the value with property path when using a loader
[appveyor] minor enhancements
[Process] Disable failing tests on Windows
[Translation] Fix the string casting in the XliffFileLoader
Windows and Intl fixes
Add appveyor.yml for C.I. on Windows
[VarDumper] fixed HtmlDumper to target specific the head tag
[travis] merge php: nightly and deps=high test-matrix lines
consistently use str_replace to unify directory separators
Support omitting the <target> node in an .xlf file.
Fix the handling of values for multiple choice types
moved PHP nightly to PHP 7.0
[Security] Add missing docblock in PreAuthenticatedToken
Conflicts:
.travis.yml
This PR was merged into the 2.3 branch.
Discussion
----------
Fix the validation of form resources to register the default theme
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
https://github.com/symfony/symfony/pull/14173 made some wrong changes, changing the behavior of the code. This reverts to the right behavior in affected places
Commits
-------
ea92610 Fix the validation of form resources to register the default theme
* 2.7:
fixed CS
[DependencyInjection] Add missing file headers
fixed typo
made Symfony compatible with both Twig 1.x and 2.x
[FrameworkBundle] Fix precedence of xdebug.file_link_format
* 2.7:
[Form] fixed BC-break on grouped choice lists
[WebProfilerBundle] add import for Twig macro
made Symfony compatible with both Twig 1.x and 2.x
[Debug/VarDumper] minor cleanups
[Form] only use PropertyPath if not already callable
[Form] fix reworked choice list phpdoc
[DoctrineBridge][Form] Add old tests to legacy group
Fixed warning when command alias is longer than command name
removed _self usage when not needed
Implement the support of timezone objects in the stub IntlDateFormatter
typofix - https://github.com/vlajos/misspell_fixer
make doctrine mappings compiler pass exception message more understandable
fix debug-ext 003.phpt
[Yaml] Nested merge keys
[FrameworkBundle] [Command] removed unused variable.
[Debug] Enhance DebugClassLoader performance on MacOSX
Add support for variadic arguments in the GetSetNormalizer
[DoctrineBridge][Form] Fix IdReader when indexing by primary foreign key
[DoctrineBridge][Form] Fix EntityChoiceList when indexing by primary foreign key
This PR was merged into the 2.7 branch.
Discussion
----------
removed _self usage when not needed
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
As those calls are macros, there are already imported via the `from` call, so accessing them directly is not need, nor desired.
Commits
-------
3d0577d removed _self usage when not needed
* 2.7:
[Locale] Add missing @group legacy annotations
Fix security-acl deps
Fix doctrine mapping validation type error
Remove skipping of tests based on ICU data version whenever possible
Fix the handling of null as locale in the stub intl classes
do not dump leading backslashes in class names
fix issue #15377
Skip ::class constant
[Config] type specific check for emptiness
Conflicts:
src/Symfony/Bridge/Twig/composer.json
src/Symfony/Bundle/SecurityBundle/composer.json
src/Symfony/Component/DependencyInjection/Dumper/GraphvizDumper.php
src/Symfony/Component/Form/Tests/Extension/Core/Type/DateTypeTest.php
src/Symfony/Component/Form/Tests/Extension/Core/Type/TimeTypeTest.php
* 2.3:
Fix security-acl deps
Fix doctrine mapping validation type error
Remove skipping of tests based on ICU data version whenever possible
Fix the handling of null as locale in the stub intl classes
do not dump leading backslashes in class names
Skip ::class constant
[Config] type specific check for emptiness
Conflicts:
src/Symfony/Bridge/Twig/composer.json
src/Symfony/Bundle/SecurityBundle/composer.json
src/Symfony/Component/Config/Tests/Definition/ScalarNodeTest.php
src/Symfony/Component/DependencyInjection/Dumper/GraphvizDumper.php
src/Symfony/Component/DependencyInjection/Dumper/PhpDumper.php
src/Symfony/Component/DependencyInjection/Tests/Fixtures/containers/container9.php
src/Symfony/Component/Form/Tests/Extension/Core/DataTransformer/IntegerToLocalizedStringTransformerTest.php
src/Symfony/Component/Form/Tests/Extension/Core/Type/DateTimeTypeTest.php
src/Symfony/Component/Form/Tests/Extension/Core/Type/DateTypeTest.php
src/Symfony/Component/Locale/Tests/LocaleTest.php
src/Symfony/Component/Locale/Tests/Stub/StubLocaleTest.php
src/Symfony/Component/Validator/Tests/Constraints/CountryValidatorTest.php
src/Symfony/Component/Validator/Tests/Constraints/CurrencyValidatorTest.php
This PR was squashed before being merged into the 2.8 branch (closes#15013).
Discussion
----------
[Security] Removed security-acl from the core
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | part of #14718
| License | MIT
| Doc PR | ~
The `Security\Acl` is removed from the core and is loaded from its own repository. All tests were passing and this is fully backwards compatible. I have removed all but the Test files in the first step and added the dependency to verify the Test were still working with the package dependency. The second step was to remove the remaining test files and tests are still running for both the Bundle and the Framework. Once the Read-Only repository is a full standalone repository, this PR can be merged.
- [x] Remove component from the core
- [ ] Remove read-only from https://github.com/symfony/security-acl
Once this PR is merged, I can start working on splitting the SecurityBundle and extracting the ACL part to the AclBundle.
/cc @fabpot
Commits
-------
b26a449 [Security] Removed security-acl from the core
This PR was merged into the 2.8 branch.
Discussion
----------
[Form] Deprecated FormTypeInterface::getName() and passing of type instances
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | yes
| Tests pass? | yes
| Fixed tickets | #5321, #15008
| License | MIT
| Doc PR | TODO
#### Type Names
This PR deprecates the definition of the `getName()` method of form types. See #15008 for a more detailed description.
Before:
```php
class MyType extends AbstractType
{
public function getName()
{
return 'mytype';
}
// ...
}
```
After:
```php
class MyType extends AbstractType
{
// ...
}
```
You should always reference other types by their fully-qualified class names. Thanks to PHP 5.5, that's easy:
Before:
```php
$form = $this->createFormBuilder()
->add('name', 'text')
->add('age', 'integer')
->getForm();
```
After:
```php
$form = $this->createFormBuilder()
->add('name', TextType::class)
->add('age', IntegerType::class)
->getForm();
```
#### Type Instances
Furthermore, passing of type instances is deprecated.
Before:
```php
$form = $this->createForm(new AuthorType());
```
After:
```php
$form = $this->createForm(AuthorType::class);
```
#### DIC Aliases
When registering a type in the DIC, you should omit the "alias" attribute now.
Before:
```xml
<service id="my.type" class="Vendor\Type\MyType">
<tag name="form.type" alias="mytype" />
<argument type="service" id="some.service.id" />
</service>
```
After:
```xml
<service id="my.type" class="Vendor\Type\MyType">
<tag name="form.type" />
<argument type="service" id="some.service.id" />
</service>
```
Types without dependencies don't need to be registered in the DIC as they can be instantiated right away.
#### Template Block Prefixes
By default, the class name of the type in underscore notation minus "Type" suffix is used as Twig template block prefix (e.g. `UserProfileType` => `user_profile_*`). If you want to customize that, overwrite the new `getBlockPrefix()` method in your type:
```php
class UserProfileType extends AbstractType
{
public function getBlockPrefix()
{
return 'profile';
}
// ...
}
```
Commits
-------
3d9e5de [Form] Deprecated FormTypeInterface::getName() and passing of type instances
This PR was merged into the 2.8 branch.
Discussion
----------
[2.8][FrameworkBundle] Allow parameter use_cookies in session configuration
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #13668
| License | MIT
| Doc PR | none
This PR adds support for the `use_cookies` parameter to the session configuration of Symfony's FrameworkBundle. It is a rebase of #13671 against the 2.8 branch.
Commits
-------
08bf50a Allow parameter use_cookies in session configuration.
This PR was merged into the 2.8 branch.
Discussion
----------
[FrameworkBundle] Change the default value of cookie_httponly
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | yes
| BC breaks? | yes
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #15303
| License | MIT
| Doc PR | symfony/symfony-docs#5561
Commits
-------
a7bef1e Change the default value of cookie_httponly to fix#15303
* 2.7:
[php7] Fix for substr() always returning a string
[Security] Do not save the target path in the session for a stateless firewall
Fix calls to HttpCache#getSurrogate triggering E_USER_DEPRECATED errors.
[DependencyInjection] fixed FrozenParameterBag and improved Parameter…
* 2.3:
[php7] Fix for substr() always returning a string
[Security] Do not save the target path in the session for a stateless firewall
[DependencyInjection] fixed FrozenParameterBag and improved Parameter…
Conflicts:
src/Symfony/Component/Debug/Tests/ErrorHandlerTest.php
src/Symfony/Component/Security/Http/Firewall/ExceptionListener.php
* 2.7:
[HttpKernel] Fix lowest dep
[Security] fix check for empty usernames
[Form] updated exception message of ButtonBuilder::setRequestHandler()
[travis] Fix deps=high jobs
Fix typo 'assets.package' => 'assets.packages' in UPGRADE-2.7
[Serializer] Simplify AbstractNormalizer::prepareForDenormalization()
[HttpFoundation] [PSR-7] Allow to use resources as content body and to return resources from string content
[DependencyInjection] Remove unused code in XmlFileLoader
[HttpFoundation] Behaviour change in PHP7 for substr
bumped Symfony version to 2.3.32
updated VERSION for 2.3.31
update CONTRIBUTORS for 2.3.31
updated CHANGELOG for 2.3.31
Conflicts:
src/Symfony/Bridge/Twig/composer.json
src/Symfony/Bundle/FrameworkBundle/composer.json
src/Symfony/Component/HttpKernel/composer.json
* 2.6:
[Security] fix check for empty usernames
[Form] updated exception message of ButtonBuilder::setRequestHandler()
[travis] Fix deps=high jobs
[HttpFoundation] [PSR-7] Allow to use resources as content body and to return resources from string content
[DependencyInjection] Remove unused code in XmlFileLoader
[HttpFoundation] Behaviour change in PHP7 for substr
bumped Symfony version to 2.3.32
updated VERSION for 2.3.31
update CONTRIBUTORS for 2.3.31
updated CHANGELOG for 2.3.31
Conflicts:
src/Symfony/Bridge/Twig/composer.json
src/Symfony/Bundle/FrameworkBundle/composer.json
* 2.3:
[Security] fix check for empty usernames
[Form] updated exception message of ButtonBuilder::setRequestHandler()
[travis] Fix deps=high jobs
[HttpFoundation] [PSR-7] Allow to use resources as content body and to return resources from string content
[DependencyInjection] Remove unused code in XmlFileLoader
[HttpFoundation] Behaviour change in PHP7 for substr
bumped Symfony version to 2.3.32
updated VERSION for 2.3.31
update CONTRIBUTORS for 2.3.31
updated CHANGELOG for 2.3.31
Conflicts:
src/Symfony/Bridge/Twig/composer.json
src/Symfony/Bundle/FrameworkBundle/composer.json
src/Symfony/Component/DependencyInjection/Loader/XmlFileLoader.php
src/Symfony/Component/HttpKernel/Kernel.php
* 2.7:
Added 'default' color
[HttpFoundation] Reload the session after regenerating its id
[HttpFoundation] Add a test case to confirm a bug in session migration
[Serializer] Fix ClassMetadata::sleep()
[2.6] Static Code Analysis for Components and Bundles
[Finder] Command::addAtIndex() fails with Command instance argument
[DependencyInjection] Freeze also FrozenParameterBag::remove
[Twig][Bridge] replaced `extends` with `use` in bootstrap_3_horizontal_layout.html.twig
fix CS
fixed CS
Add a way to reset the singleton
[Security] allow to use `method` in XML configs
[Serializer] Fix Groups tests.
Remove duplicate example
Remove var not used due to returning early (introduced in 8982c32)
[Serializer] Fix Groups PHPDoc
Enhance hhvm test skip message
fix for legacy asset() with EmptyVersionStrategy
[Form] Added upgrade notes for #15061
* 2.6:
Added 'default' color
[HttpFoundation] Reload the session after regenerating its id
[HttpFoundation] Add a test case to confirm a bug in session migration
[2.6] Static Code Analysis for Components and Bundles
[Finder] Command::addAtIndex() fails with Command instance argument
[DependencyInjection] Freeze also FrozenParameterBag::remove
[Twig][Bridge] replaced `extends` with `use` in bootstrap_3_horizontal_layout.html.twig
fix CS
fixed CS
Add a way to reset the singleton
[Security] allow to use `method` in XML configs
Remove duplicate example
Remove var not used due to returning early (introduced in 8982c32)
Enhance hhvm test skip message
* 2.3:
Added 'default' color
[HttpFoundation] Reload the session after regenerating its id
[HttpFoundation] Add a test case to confirm a bug in session migration
[Finder] Command::addAtIndex() fails with Command instance argument
[DependencyInjection] Freeze also FrozenParameterBag::remove
fix CS
fixed CS
Add a way to reset the singleton
[Security] allow to use `method` in XML configs
Remove var not used due to returning early (introduced in 8982c32)
Enhance hhvm test skip message
Before this change, you always had to use the `methods` key which is
inconsistent compared to other options like `roles` and `ips` for which
it was possible to use their singular versions.
This PR was merged into the 2.8 branch.
Discussion
----------
[2.8] Fix lowest deps
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
Looks like that by testing the lowest deps on 5.3, we missed some constraints in our test suite.
Commits
-------
a036a77 [2.8] Fix lowest deps
This PR was squashed before being merged into the 2.8 branch (closes#15141).
Discussion
----------
[DX] [Security] Renamed Token#getKey() to getSecret()
There are 2 very vague parameter names in the authentication process: `$providerKey` and `$key`. Some tokens/providers have the first one, some tokens/providers the second one and some both. An overview:
| Token | `providerKey` | `key`
| --- | --- | ---
| `AnonymousToken` | - | yes
| `PreAuth...Token` | yes | -
| `RememberMeToken` | yes | yes
| `UsernamePasswordToken` | yes | -
Both names are extremely general and their PHPdocs contains pure no-shit-sherlock-descriptions :squirrel: (like "The key."). This made me and @iltar think it's just an inconsistency and they have the same meaning.
...until we dived deeper into the code and came to the conclusion that `$key` has a Security task (while `$providerKey` doesn't really). If it takes people connected to Symfony internals 30+ minutes to find this out, it should be considered for an improvement imo.
So here is our suggestion: **Rename `$key` to `$secret`**. This explains much better what the value of the string has to be (for instance, it's important that the string is not easily guessable and cannot be found out, according to the Spring docs). It also explains the usage better (it's used as a replacement for credentials and to hash the RememberMeToken).
**Tl;dr**: `$key` and `$providerKey` are too general names, let's improve DX by renaming them. This PR tackles `$key` by renaming it to `$secret`.
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | yes
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
*My excuse for the completely unrelated branch name*
Commits
-------
24e0eb6 [DX] [Security] Renamed Token#getKey() to getSecret()
* 2.6:
[2.6] Towards 100% HHVM compat
[Security/Http] Fix test
[Stopwatch] Fix test
Minor fixes
Towards 100% HHVM compat
unify default AccessDeniedExeption message
trigger event with right user (add test)
[Security] Initialize SwitchUserEvent::targetUser on attemptExitUser
[Form] Fixed: Data mappers always receive forms indexed by their names
Conflicts:
src/Symfony/Bundle/FrameworkBundle/Controller/Controller.php
src/Symfony/Component/VarDumper/Tests/CliDumperTest.php
src/Symfony/Component/VarDumper/Tests/HtmlDumperTest.php
The `server:start` command will report an error message when a lock file
does exist.
However, this means that you cannot restart the web server process if
the previously running process terminated accidentally or if it was
terminated by the user without executing the `server:stop` command (e.g.
by using the system's `kill` command or the task manager).
This commit adds a `--force` option that makes it possible to launch the
web server process even if a lock file does exist.
This PR was merged into the 2.8 branch.
Discussion
----------
[FrameworkBundle] Add a doctrine cache service definition for validator mapping
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | https://github.com/symfony/symfony-docs/pull/5409
Following #12975, this PR only registers a new service so it's possible to use the new doctrine based cache implementation instead of the deprecated one. To use it, the end user would need to configure it in his `config.yml`:
```yaml
framework:
validation:
cache: validator.mapping.cache.doctrine.apc
```
In 3.0 we'll be able to replace the deprecated definition by aliasing `validator.mapping.cache.apc` to `validator.mapping.cache.doctrine.apc`.
I thought of automatic wrapping of services which implement doctrine interface, but decided it would be too magic.
I'm not convinced if APC is a good default anymore and hope for some discussion. I've used it as it's also used in serializer, and probably translation (see #13986). Since there's a built in opcache in more recent PHP versions, and apcu doesn't seem to be stable, there are better choices. Perhaps a better default would be a filesystem cache (not better performing, but it works anywhere).
Commits
-------
0642911 [FrameworkBundle] Add a doctrine cache service definition for validator mapping
This PR was merged into the 2.6 branch.
Discussion
----------
[Translation][debug cmd] taken account into bundle overrides path.
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Fixed tickets | #14942 (partially)
| Tests pass? | yes
| License | MIT
Commits
-------
c3a077a [Translation][debug cmd] taken account into bundle overrides path.
* 2.7:
[FrameworkBundle] Reuse PropertyAccessor service for ObjectNormalizer
[VarDumper] Fix dump output for better readability
[PhpUnitBridge] Enforce @-silencing of deprecation notices according to new policy
This PR was squashed before being merged into the 2.7 branch (closes#14989).
Discussion
----------
[FrameworkBundle] Reuse PropertyAccessor service for ObjectNormalizer
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
Inject the `property_accessor` service if available in the `ObjectNormalize` instead of creating a new instance.
Commits
-------
256d441 [FrameworkBundle] Reuse PropertyAccessor service for ObjectNormalizer
* 2.7: (36 commits)
[DoctrineBridge] Bypass the db when no valid identifier is provided in ORMQueryBuilderLoader
[Serializer] Fixed typo in comment
[Form] Fixed: Filter non-integers when selecting entities by int ID
Fix merge
Fix merge
Add test for HHVM FatalErrors
[2.6][Debug] Fix fatal-errors handling on HHVM
[Debug] Fix log level of stacked errors
[VarDumper] Fix uninitialized id in HtmlDumper
Fixed fluent interface
[Console] Fix tests on Windows
[2.7] Fix unsilenced deprecation notices
[2.3][Debug] Fix fatal-errors handling on HHVM
[Debug] fix debug class loader case test on windows
Standardize the name of the exception variables
[Debug+VarDumper] Fix handling of PHP7 exception/error model
Do not trigger deprecation error in ResolveParameterPlaceHoldersPass
[2.3] Static Code Analysis for Components
Added a small Upgrade note regarding security.context
added missing deprecation in CHANGELOG
...
Conflicts:
src/Symfony/Bundle/WebProfilerBundle/Resources/views/Collector/logger.html.twig
src/Symfony/Component/HttpKernel/Kernel.php
* 2.6:
Add test for HHVM FatalErrors
[2.6][Debug] Fix fatal-errors handling on HHVM
[2.3][Debug] Fix fatal-errors handling on HHVM
Standardize the name of the exception variables
[2.3] Static Code Analysis for Components
Remove duplicated paths
Conflicts:
src/Symfony/Component/Debug/ErrorHandler.php
src/Symfony/Component/Security/Http/Firewall/BasicAuthenticationListener.php
src/Symfony/Component/Security/Http/Firewall/ContextListener.php
src/Symfony/Component/Security/Http/Firewall/RememberMeListener.php
src/Symfony/Component/Security/Http/RememberMe/AbstractRememberMeServices.php
* 2.3:
[2.3][Debug] Fix fatal-errors handling on HHVM
Standardize the name of the exception variables
[2.3] Static Code Analysis for Components
Remove duplicated paths
Conflicts:
src/Symfony/Component/Debug/ErrorHandler.php
src/Symfony/Component/HttpFoundation/Session/Storage/MockArraySessionStorage.php
src/Symfony/Component/Security/Acl/Dbal/AclProvider.php
src/Symfony/Component/Security/Core/Authentication/Provider/UserAuthenticationProvider.php
This PR was merged into the 2.7 branch.
Discussion
----------
Added a small Upgrade note regarding security.context
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | ~
| Fixed tickets | #14889
| License | MIT
| Doc PR | ~
I've added a note in the 2.7 upgrade file on which extending implementations should be updated when using 2.7. Along with it, I've removed an unused use statement, fixed some typos and removed a redundant session check as this check is already done at the start of the method.
For #14889 I have also done a search through the docs (2.7), but I couldn't find any remaining examples encouraging the usage of the `SecurityContext(Interface)` anywhere.
Commits
-------
ade1fef Added a small Upgrade note regarding security.context