This PR was squashed before being merged into the 4.4 branch.
Discussion
----------
[Security] Fixed AbstractToken::hasUserChanged()
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | Fix#36989
| License | MIT
| Doc PR | -
This PR completely reverts #35944.
That PR tried to fix a BC break (ref #35941, #35509) introduced by #31177. However, this broke many authentications (ref #36989), as the User is serialized in the session (as hinted by @stof). Many applications don't include the `roles` property in the serialization (at least, the MakerBundle doesn't include it).
In 5.2, we should probably deprecate having different roles in token and user, which fixes the BC breaks all together.
Commits
-------
f297beb42c [Security] Fixed AbstractToken::hasUserChanged()
This PR was merged into the 3.4 branch.
Discussion
----------
Fix abstract method name in PHP doc block
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| Tickets |
| License | MIT
| Doc PR |
Commits
-------
d6966c3147 Fix abstract method name in PHP doc block
* 3.4:
Fixes sprintf(): Too few arguments in form transformer
[Console] Fix QuestionHelper::disableStty()
validate subforms in all validation groups
Update Hungarian translations
Add meaningful message when Process is not installed (ProcessHelper)
[PropertyAccess] Fix TypeError parsing again.
[Form] add missing Czech validators translation
[Validator] add missing Czech translations
never directly validate Existence (Required/Optional) constraints
This PR was merged into the 3.4 branch.
Discussion
----------
[Validator] never directly validate Existence (Required/Optional) constraints
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | Fix#36637#36723
| License | MIT
| Doc PR |
Using `Optional` or `Required` like "regular" constraints does not make any sense, but doing so didn't break before #36365. I suggest to ignore them for now and deprecate using them outside the `Collection` constraint in 5.2.
Commits
-------
d333aae187 never directly validate Existence (Required/Optional) constraints
This PR was merged into the 3.4 branch.
Discussion
----------
[Console] Fix QuestionHelper::disableStty()
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no>
| Tickets | -
| License | MIT
| Doc PR | -
We broke it when adding `Terminal::hasSttyAvailable()`.
Let's fix it on 3.4 and move it to terminal on master, as suggested in #36977
Commits
-------
5d93b61278 [Console] Fix QuestionHelper::disableStty()
This PR was merged into the 3.4 branch.
Discussion
----------
[PropertyAccess] Fix TypeError parsing again
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | #36872
| License | MIT
| Doc PR | N/A
Apparently, the format of `TypeError`s has changed again in php8. While investigating, I noticed our error message parsing is not handling anonymous classes well, so I've added some test cases for them.
I chose a fuzzier regular expression to parse the expected return type from the error message. Additionally, I'm checking the stack trace if the caught `TypeError` is really caused by the accessor call.
Commits
-------
03b4e98630 [PropertyAccess] Fix TypeError parsing again.
This PR was merged into the 3.4 branch.
Discussion
----------
[Form] validate subforms in all validation groups
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | Fix#36852
| License | MIT
| Doc PR |
Commits
-------
b819d94d14 validate subforms in all validation groups
This PR was merged into the 3.4 branch.
Discussion
----------
Fixes sprintf(): Too few arguments in form transformer
Similar to: #29482
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | none
| License | MIT
| Doc PR | none
Fixes the form reverse transformation when the method viewToNorm is called within a value with the character %:
Before : "sprintf(): Too few arguments"
After : Form reverse transformation works.
Reference : http://php.net/manual/function.sprintf.php
Commits
-------
ff7d3f4f01 Fixes sprintf(): Too few arguments in form transformer
This PR was merged into the 4.4 branch.
Discussion
----------
[Validator] Use Mime component to determine mime type for file validator
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | N/A
| License | MIT
| Doc PR | N/A
When validating the mime type for a file, the Validator component relies on the `Symfony\Component\HttpFoundation\File\File` class, but if the HttpFoundation component is not installed, then you just get the error
```
PHP Fatal error: Uncaught Error: Class 'Symfony\Component\HttpFoundation\File\File' not found
```
This PR uses the Mime component to get the mime type for a file and throws an exception if the Mime component is not installed.
Commits
-------
472883313f [Validator] Use Mime component to determine mime type for file validator
This PR was merged into the 3.4 branch.
Discussion
----------
[Form] Update Hungarian translations
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | no <!-- please update src/**/CHANGELOG.md files -->
| Deprecations? | no <!-- please update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| Tickets | -
| License | MIT
| Doc PR | -
<!--
Replace this notice by a short README for your feature/bugfix. This will help people
understand your PR and can be used as a start for the documentation.
Additionally (see https://symfony.com/releases):
- Always add tests and ensure they pass.
- Never break backward compatibility (see https://symfony.com/bc).
- Bug fixes must be submitted against the lowest maintained branch where they apply
(lowest branches are regularly merged to upper ones so they get the fixes too.)
- Features and deprecations must be submitted against branch master.
-->
Commits
-------
1614595424 Update Hungarian translations
This PR was submitted for the master branch but it was merged into the 3.4 branch instead.
Discussion
----------
Add meaningful message when using ProcessHelper and Process is not installed
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| Deprecations? | no
| Tickets |
| License | MIT
| Doc PR |
When using the process helper without the `Process` component, a php fatal error is triggered (`PHP Fatal error: Uncaught Error: Class 'Symfony\Component\Process\Process' not found`). This PR adds a meaningful exception; allowing to display a console error message instead of a raw php fatal error.
Commits
-------
3ab76e40ff Add meaningful message when Process is not installed (ProcessHelper)
This PR was merged into the 4.4 branch.
Discussion
----------
[TwigBridge] fix fallback html-to-txt body converter
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | -
Right now, the content of the `<head>` and `<style>` are dumped as text. This fixes it.
Of course, use `league/html-to-markdown` if you need a better parser.
Commits
-------
6f59d60508 [TwigBridge] fix fallback html-to-txt body converter
This PR was merged into the 4.4 branch.
Discussion
----------
[ErrorHandler] fix setting $trace to null in FatalError
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | -
Spotted by @nikic in https://github.com/php/php-src/pull/5620#issuecomment-635258024
Commits
-------
aa50c9287c [ErrorHandler] fix setting $trace to null in FatalError
This PR was merged into the 3.4 branch.
Discussion
----------
[Validator] Add missing translations for cs locale (Czech)
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no <!-- please update src/**/CHANGELOG.md files -->
| Deprecations? | no <!-- please update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| License | MIT
Is it enough to submit this only against 3.4 to have it included also in 5.1 version?
Commits
-------
3d18c1c185 [Validator] add missing Czech translations
This PR was merged into the 3.4 branch.
Discussion
----------
Handle fetch mode deprecation of DBAL 2.11.
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | no
| License | MIT
| Doc PR | N/A
See doctrine/dbal#4019
DBAL has deprecated PDO-style fetch modes in favor of more explicit methods.
Commits
-------
ed518551e1 Handle fetch mode deprecation of DBAL 2.11.
This PR was merged into the 4.4 branch.
Discussion
----------
[WebProfilerBundle] changed label of memory usage in time panel (Mb into MiB)
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | Fix#36533
| License | MIT
| Doc PR | -
This PR fixes the memory usage labels in the time panel of the web profiler for 4.4+. PR #36571 already fixed this for 3.4 but since the time panel has been rewritten in 4.3, that minor fix has not correctly been transferred into 4.4+.
Commits
-------
a91204a79d [WebProfilerBundle] changed label of memory usage in time panel (Mb into MiB)
This PR was merged into the 3.4 branch.
Discussion
----------
[Security] Fixed handling of CSRF logout error
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | Fix#36814
| License | MIT
| Doc PR | -
8 years ago, a typo was made while refactoring the `ExceptionListener`, loosing this logic (46071f3238). I think we should fix it.
The `LogoutException` is a very generic name for something only used when the CSRF token is invalid. Should we match the exception message to make sure only this CSRF error is transformed into 403? I didn't yet do it because any usage of `LogoutException` would have resulted in 500, which always is worse than 403.
Commits
-------
50348f2eb7 Fixed handling of CSRF logout error
This PR was squashed before being merged into the 4.4 branch.
Discussion
----------
[DotEnv][WebLink][Templating][ErrorHandler] Updated README with minimal example
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | https://github.com/symfony/symfony-docs/pull/13706
We're about to delete some more component docs. The minimal examples where copy/pasted from the original component docs.
Commits
-------
f3b8a58513 [DotEnv][WebLink][Templating][ErrorHandler] Updated README with minimal example
This PR was merged into the 3.4 branch.
Discussion
----------
[FrameworkBundle] Removed detection of Serializer < 3.2
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | N/A
| License | MIT
| Doc PR | N/A
The test that is changed here contains detection logic for Serializer versions prior 3.2. However, accoring to FrameworkBundle's composer.json, we need at least Serializer 3.3, so that logic is obsolete.
I came across this piece of code because on the 5.1 branch, this test is actually skipped because the `use` statement for `CacheClassMetadataFactory` is missing there.
Commits
-------
9badd71687 [FrameworkBundle] Removed detection of Serializer < 3.2