This PR was merged into the 3.4 branch.
Discussion
----------
[FrameworkBundle][Form] Fix XSS issues in the form theme of the PHP templating engine
Based on #88
Commits
-------
ab4d05358c Fix XSS issues in the form theme of the PHP templating engine
This PR was merged into the 3.4 branch.
Discussion
----------
[Security] Add a separator in the remember me cookie hash
Based on #89
Commits
-------
a29ce2817c [Security] Add a separator in the remember me cookie hash
This PR was merged into the 3.4 branch.
Discussion
----------
[HttpFoundation] reject invalid method override
Based on #86
Commits
-------
944e60f083 [HttpFoundation] reject invalid method override
* 4.2:
bumped Symfony version to 4.2.7
updated VERSION for 4.2.6
updated CHANGELOG for 4.2.6
bumped Symfony version to 3.4.26
updated VERSION for 3.4.25
update CONTRIBUTORS for 3.4.25
updated CHANGELOG for 3.4.25
Workaround for \DateInterval::createFromDateString()
[DoctrineBridge] [DX] Update exception text in ManagerRegistry::resetService to avoid confusion.
Missing Lithuanian translations added to validator component.
* 3.4:
bumped Symfony version to 3.4.26
updated VERSION for 3.4.25
update CONTRIBUTORS for 3.4.25
updated CHANGELOG for 3.4.25
Workaround for \DateInterval::createFromDateString()
Missing Lithuanian translations added to validator component.
This PR was merged into the 4.3-dev branch.
Discussion
----------
[Messenger] Remove base64_encode & use addslashes
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | none
| License | MIT
| Doc PR | already covered by existing issue
In #30814, we base64_encoded messages because some transports (specifically DoctrineTransport + Postgresql & SQS) do not allow binary data.
The downside is that the messages become unreadable, which makes it much less convenient to debug your messages with 3rd party monitoring tools, for example.
This PR replaces base64_encode with addslashes. Another alternative (that I first tried in this PR) was to use a blob type, which Drupal does in its code (https://www.drupal.org/project/drupal/issues/690746). But, it still meant that binary data could cause problems with other transports, like SQS.
I also put all the serializer config under a nice, neat `serializer` key under messenger.
Best seen with `?w=1`.
Cheers!
Commits
-------
70b448d120 Reorganizing messenger serializer config and replacing base64_encode with addslashes
This PR was squashed before being merged into the 4.3-dev branch (closes#31040).
Discussion
----------
[BrowserKit] Fixed BC-break introduced by rename of Client to Browser
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | https://github.com/symfony/symfony/issues/31039
| License | MIT
| Doc PR |
Since #30541 the inheritance hierarchy of `\Symfony\Component\BrowserKit\Client` has changed. Notably the test.client no longer is an instance of `\Symfony\Component\BrowserKit\Client`.
This PR uses `class_alias` to fix the class hierarchy similarly as has been done in Twig. In this case I copied the approach of `Twig_TokenParser_AutoEscape` and `\Twig\TokenParser\AutoEscapeTokenParser`
Commits
-------
6a94dea5cd [BrowserKit] Fixed BC-break introduced by rename of Client to Browser
This PR was merged into the 4.3-dev branch.
Discussion
----------
[HttpClient] fix too high timeout in test
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
This makes tests pass without waiting for no reasons.
Commits
-------
8f699541f5 [HttpClient] fix too high timeout in test
This PR was merged into the 3.4 branch.
Discussion
----------
[Form] Workaround for \DateInterval::createFromDateString()
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
This patch makes test `Symfony\Component\Form\Tests\Extension\Core\Type\DateIntervalTypeTest::testSubmitNullUsesDateEmptyData()` pass in PHP 7.2.17 and 7.3.4
PHP bug reference : https://bugs.php.net/bug.php?id=77896
See also : https://3v4l.org/sQjh2
Commits
-------
54247ec05f Workaround for \DateInterval::createFromDateString()
This PR was merged into the 4.3-dev branch.
Discussion
----------
[Serializer] Use name converter when normalizing constraint violation list
| Q | A
| ------------- | ---
| Branch? | master <!-- see below -->
| Bug fix? | no
| New feature? | yes <!-- don't forget to update src/**/CHANGELOG.md files -->
| BC breaks? | no <!-- see https://symfony.com/bc -->
| Deprecations? | no <!-- don't forget to update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| Tests pass? | yes <!-- please add some, will be required by reviewers -->
| Fixed tickets | #... <!-- #-prefixed issue number(s), if any -->
| License | MIT
| Doc PR | symfony/symfony-docs#... <!-- required for new features -->
When using name converter with serializer and the default ConstraintViolationListNormalizer, returned propertyPaths was not converted to the same format.
<!--
Write a short README entry for your feature/bugfix here (replace this comment block.)
This will help people understand your PR and can be used as a start of the Doc PR.
Additionally:
- Bug fixes must be submitted against the lowest branch where they apply
(lowest branches are regularly merged to upper ones so they get the fixes too).
- Features and deprecations must be submitted against the master branch.
-->
Commits
-------
dd93b707cc Use name converter when normalizing constraint violation list
This PR was squashed before being merged into the 4.3-dev branch (closes#28846).
Discussion
----------
[Intl] Simplify API
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| BC breaks? | no <!-- see https://symfony.com/bc -->
| Deprecations? | no
| Tests pass? | yes <!-- please add some, will be required by reviewers -->
| Fixed tickets | #18368
| License | MIT
| Doc PR | https://github.com/symfony/symfony-docs/issues/11221
Simplifies the Intl API. It greatly reduces the no. of boilerplate classes in this component. Very over complicated, much wow :)
Solving (IMHO):
```php
class LanguageBundle extends LanguageDataProvider implements LanguageBundleInterface
```
Which seems very over complicated just to provide static data.
```php
// before
Intl::getLanguageBundle()->getLanguageName() // string | null
// after
Languages::getName() // string
Languages::exists() // bool
```
I left out Canonicalization on puropose, that's a new topic to me.
- [x] Languages
- [x] Locales
- [x] Currencies
- [x] Regions
- [x] Scripts
- [ ] Timezones (#28831)
- [x] Update constraints
- [x] Update form types
Thoughts?
Commits
-------
d6b67d469a [Intl] Simplify API
This PR was submitted for the master branch but it was merged into the 4.2 branch instead (closes#31047).
Discussion
----------
[DoctrineBridge] [DX] Update exception text in ManagerRegistry to avoid confusion.
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yesish <!-- don't forget to update src/**/CHANGELOG.md files -->
| BC breaks? | no <!-- see https://symfony.com/bc -->
| Deprecations? | no <!-- don't forget to update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| Tests pass? | yes <!-- please add some, will be required by reviewers -->
| Fixed tickets | #29659 <!-- #-prefixed issue number(s), if any -->
| License | MIT
| Doc PR |
<!--
Write a short README entry for your feature/bugfix here (replace this comment block.)
This will help people understand your PR and can be used as a start of the Doc PR.
Additionally:
- Bug fixes must be submitted against the lowest branch where they apply
(lowest branches are regularly merged to upper ones so they get the fixes too).
- Features and deprecations must be submitted against the master branch.
-->
Since the last PR was closed and the ticket is still open, taking it since it was already done by Nicolas in the comments.
Commits
-------
9ade232533 [DoctrineBridge] [DX] Update exception text in ManagerRegistry::resetService to avoid confusion.
