This PR was merged into the 2.7 branch.
Discussion
----------
[Validator] Update IpValidatorTest data set with a valid reserved IP
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #19885
| License | MIT
| Doc PR | -
The validator uses PHP filter which was recently fixed (see https://bugs.php.net/bug.php?id=72972).
Commits
-------
86a151c [Validator] Update IpValidatorTest data set with a valid reserved IP
* 2.8:
[travis/appveyor] Wire simple-phpunit
[Console] fixed PHP7 Errors are now handled and converted to Exceptions
Fix#19721
Fix translation:update command count
bumped Symfony version to 2.8.12
updated VERSION for 2.8.11
updated CHANGELOG for 2.8.11
bumped Symfony version to 2.7.19
updated VERSION for 2.7.18
update CONTRIBUTORS for 2.7.18
updated CHANGELOG for 2.7.18
[Security] Optimize RoleHierarchy's buildRoleMap method
* 2.7:
[travis/appveyor] Wire simple-phpunit
[Console] fixed PHP7 Errors are now handled and converted to Exceptions
Fix#19721
bumped Symfony version to 2.7.19
updated VERSION for 2.7.18
update CONTRIBUTORS for 2.7.18
updated CHANGELOG for 2.7.18
[Security] Optimize RoleHierarchy's buildRoleMap method
This PR was squashed before being merged into the 2.7 branch (closes#19813).
Discussion
----------
[Console] fixed PHP7 Errors are now handled and converted to Exceptions
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #18484
| License | MIT
| Doc PR |
Commits
-------
d3c613b [Console] fixed PHP7 Errors are now handled and converted to Exceptions
This PR was squashed before being merged into the 2.7 branch (closes#19868).
Discussion
----------
[Security] Optimize RoleHierarchy's buildRoleMap method
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | no
| License | MIT
| Doc PR | no
I have an issue with a large role hierarchy(~150 roles). Optimized it a little bit
![image](https://cloud.githubusercontent.com/assets/858989/18271257/df6c4ba0-7439-11e6-8406-e13bdcefe9ca.png)
Commits
-------
c3b68b0 [Security] Optimize RoleHierarchy's buildRoleMap method
* 2.7:
[FrameworkBundle] Fix Incorrect line break in exception message (500 debug page)
Minor cleanups and improvements
[form] lazy trans `post_max_size_message`.
[DI] Fix setting synthetic services on ContainerBuilder
[ClassLoader] Fix ClassCollectionLoader inlining with declare(strict_types=1)
* 2.8:
[FrameworkBundle] Check for class existence before is_subclass_of
Update GroupSequence.php
Code enhancement and cleanup
[Form] Fix transformer tests after the ICU update
[DI] Add anti-regression test
Revert "minor #19689 [DI] Cleanup array_key_exists (ro0NL)"
bumped Symfony version to 2.8.11
updated VERSION for 2.8.10
updated CHANGELOG for 2.8.10
[BrowserKit] Fix cookie expiration on 32 bit systems
bumped Symfony version to 2.7.18
updated VERSION for 2.7.17
update CONTRIBUTORS for 2.7.17
updated CHANGELOG for 2.7.17
Update misleading comment about RFC4627
* 2.7:
[FrameworkBundle] Check for class existence before is_subclass_of
Update GroupSequence.php
Code enhancement and cleanup
[DI] Add anti-regression test
Revert "minor #19689 [DI] Cleanup array_key_exists (ro0NL)"
[BrowserKit] Fix cookie expiration on 32 bit systems
bumped Symfony version to 2.7.18
updated VERSION for 2.7.17
update CONTRIBUTORS for 2.7.17
updated CHANGELOG for 2.7.17
Update misleading comment about RFC4627
This PR was merged into the 2.7 branch.
Discussion
----------
Update misleading comment about RFC4627
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | N/A
| License | MIT
| Doc PR | N/A
RFC 4627 does not dictate escaping of HTML special characters
Commits
-------
72b6c9e Update misleading comment about RFC4627
This PR was merged into the 2.7 branch.
Discussion
----------
[FrameworkBundle] Check for class existence before is_subclass_of
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
Same as #19342
Commits
-------
8a9e0f5 [FrameworkBundle] Check for class existence before is_subclass_of
This PR was submitted for the 3.0 branch but it was merged into the 2.7 branch instead (closes#19862).
Discussion
----------
Update GroupSequence.php
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | no
| License | MIT
| Doc PR | no
Corrected the docblock example
Commits
-------
c8f3741 Update GroupSequence.php
This PR was squashed before being merged into the 2.7 branch (closes#19830).
Discussion
----------
Code enhancement and cleanup
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
Commits
-------
325da3c Code enhancement and cleanup
On 32-bit systems the cookie expiration value was not being calculated
correctly as it was being fetched as an integer. When the timestamp exceeded
the PHP_INT_MAX size it would return an invalid value, breaking the cookie
construction.
The BrowserKit cookie has now been updated to get the timestamp as a string
which works around this platform limitation.
This PR was squashed before being merged into the 2.8 branch (closes#19786).
Discussion
----------
Update profiler's layout to use flexbox
| Q | A
| ------------- | ---
| Branch? | 2.8
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
### Problem
The layout of the profiler uses some old CSS tricks to make the sidebar look like a same-height sidebar (`margin-bottom: -99999px;` and `padding-bottom: 99999px;`, a large `min-height` in the content, etc.)
This works most of the time ... but there are some edge cases where the sidebar looks ugly (it doesn't have the same height as the main content).
### Solution
This proposal updates the profiler layout to use CSS flexbox.
* It looks and behaves exactly like before ... but it also fixes all the edge cases.
* flexbox has ~90% of global browser support --> so it should be 100% of Symfony developers
---
~~Sadly **there is one issue that I cannot solve**:~~
~~* The "Performance" panel doesn't work on Chrome and Firefox (but it works on Safari!!)~~
~~* The problem is that the `getContainerWidth()` function in `time.html.twig` template doesn't return the right value and the generated canvas has a wrong width.~~
~~Any clues?~~ It's fixed now!
Commits
-------
d986ac0 Update profiler's layout to use flexbox
This PR was merged into the 2.7 branch.
Discussion
----------
[Yaml] Remove legacy code
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
It looks like these lines were forgotten during the transition to 2.0 as references are already [managed in `Inline`](https://github.com/symfony/symfony/blob/master/src/Symfony/Component/Yaml/Inline.php#L542-L559).
Commits
-------
a88dff3 [Yaml] Remove legacy code
* 2.8:
[VarDumper] Various minor fixes & cleanups
Revert "bug #18935 [Form] Consider a violation even if the form is not submitted (egeloen)"
[HttpKernel] Add missing SsiFragmentRendererTest
[DoctrineBridge] Fix exception message and tests after misresolved merge
Fixes the calendar in constructor to handle null
* 2.7:
[VarDumper] Various minor fixes & cleanups
Revert "bug #18935 [Form] Consider a violation even if the form is not submitted (egeloen)"
[HttpKernel] Add missing SsiFragmentRendererTest
Fixes the calendar in constructor to handle null
This PR was merged into the 2.7 branch.
Discussion
----------
[VarDumper] Various minor fixes & cleanups
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| Tests pass? | yes
| License | MIT
Minor fixes & cleanups found while working on a few VarDumper enhancements.
I'm going to merge this one quickly to unlock the other PRs I'm preparing for master.
Commits
-------
a989491 [VarDumper] Various minor fixes & cleanups
This PR was merged into the 3.1 branch.
Discussion
----------
[Config] Fix DirectoryResourceTest for symlinks
| Q | A
| ------------- | ---
| Branch? | 3.1
| Bug fix? | no (only tests, locally)
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
Tests were failing locally (on my macbook), because the `DirectoryResource` implementation now uses `realpath`.
Which means the path returned by `->getResource()` may differ from the given one in case it is a symlink:
```diff
There were 2 failures:
1) Symfony\Component\Config\Tests\Resource\DirectoryResourceTest::testGetResource
->getResource() returns the path to the resource
Failed asserting that two strings are identical.
--- Expected
+++ Actual
@@ @@
-/var/folders/j0/grc5nstx5b5f95cgg09_cy_h0000gn/T/symfonyDirectoryIterator
+/private/var/folders/j0/grc5nstx5b5f95cgg09_cy_h0000gn/T/symfonyDirectoryIterator
src/Symfony/Component/Config/Tests/Resource/DirectoryResourceTest.php:56
2) Symfony\Component\Config\Tests\Resource\DirectoryResourceTest::testSerializeUnserialize
Failed asserting that two strings are identical.
--- Expected
+++ Actual
@@ @@
-/var/folders/j0/grc5nstx5b5f95cgg09_cy_h0000gn/T/symfonyDirectoryIterator
+/private/var/folders/j0/grc5nstx5b5f95cgg09_cy_h0000gn/T/symfonyDirectoryIterator
src/Symfony/Component/Config/Tests/Resource/DirectoryResourceTest.php:169
```
Commits
-------
56f74eb [Config] Fix DirectoryResourceTest for symlinks
This PR was merged into the 3.1 branch.
Discussion
----------
[Yaml] sync test and actually triggered message
| Q | A
| ------------- | ---
| Branch? | 3.1
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | see failures in #19757
| License | MIT
| Doc PR |
Commits
-------
e8dfd4d [Yaml] sync test and actually triggered message
This PR was merged into the 2.7 branch.
Discussion
----------
[HttpKernel] Add missing SsiFragmentRendererTest
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
One notable difference between ESI/SSI fragments renderers is that [passing options to the strategy doesn't impact the rendered ssi include tag](d666c64eb0 (diff-98eb5db767a1d6600cff43b74800ae46R37)).
Commits
-------
6c89199 [HttpKernel] Add missing SsiFragmentRendererTest
* 2.8:
[Validator][GroupSequence] fixed GroupSequence validation ignores PropertyMetadata of parent classes
[FrameworkBundle][Security] Remove useless mocks
[DoctrineBridge] Enhance exception message in EntityUserProvider
added friendly exception when constraint validator does not exist or it is not enabled
remove duplicate instruction
[FrameworkBundle] Remove TranslatorBagInterface check
[FrameworkBundle] Remove duplicated code in RouterDebugCommand
[Validator] fixed duplicate constraints with parent class interfaces
SecurityBundle:BasicAuthenticationListener: removed a default argument on getting a header value
* 2.7:
[Validator][GroupSequence] fixed GroupSequence validation ignores PropertyMetadata of parent classes
[FrameworkBundle][Security] Remove useless mocks
[DoctrineBridge] Enhance exception message in EntityUserProvider
added friendly exception when constraint validator does not exist or it is not enabled
remove duplicate instruction
[FrameworkBundle] Remove TranslatorBagInterface check
[FrameworkBundle] Remove duplicated code in RouterDebugCommand
[Validator] fixed duplicate constraints with parent class interfaces
SecurityBundle:BasicAuthenticationListener: removed a default argument on getting a header value
This PR was merged into the 2.7 branch.
Discussion
----------
[DoctrineBridge] Enhance exception message in EntityUserProvider
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
Lots of people use the `UserEntityProvider` without having a custom Repository for the user entity configured on the entity provider and in this case, if the `property` key of the provider isn't set, the exception thrown says:
> The Doctrine repository "Doctrine\ORM\EntityRepository" must implement Symfony\Bridge\Doctrine\Security\User\UserLoaderInterface
"Doctrine\ORM\EntityRepository" doesn't feel relevant.
Plus, we can't guess that the exception is thrown first because there is no `property` configured on the corresponding provider, that is useful to have in the trace IMHO.
If accepted, `"Symfony\Component\Security\Core\User\UserProviderInterface"` will need to be replaced by `"Symfony\Bridge\Doctrine\Security\User\UserLoaderInterface"` when merging in newer branches.
Commits
-------
acc0460 [DoctrineBridge] Enhance exception message in EntityUserProvider
This PR was merged into the 2.7 branch.
Discussion
----------
[SecurityBundle] BasicAuthenticationListener: simpler getting value from Request
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| License | MIT
Unless I'm mistaken, the default `null` should be OK. If it's not, I will create a new PR with a test proving that `false` or other "special" value must be used.
Commits
-------
d67f090 SecurityBundle:BasicAuthenticationListener: removed a default argument on getting a header value
* 2.8:
[ClassLoader] Fix tests
[Debug][HttpKernel][VarDumper] Prepare for committed 7.2 changes
[DependencyInjection] PhpDumper::isFrozen inconsistency
[DI] Cleanup array_key_exists
include dynamic services in list of alternatives
[Debug] Swap dumper services at bootstrap
* 2.7:
[ClassLoader] Fix tests
[Debug][HttpKernel][VarDumper] Prepare for committed 7.2 changes
[DependencyInjection] PhpDumper::isFrozen inconsistency
[DI] Cleanup array_key_exists
include dynamic services in list of alternatives
[Debug] Swap dumper services at bootstrap
This PR was merged into the 2.7 branch.
Discussion
----------
[ClassLoader] Fix tests
| Q | A
| ------------- | ---
| Branch? | 2.7
| Tests pass? | yes
| License | MIT
As discussed right now on php-internals, this string is ignored and the docs only tells about null.
Commits
-------
0f95708 [ClassLoader] Fix tests
This PR was merged into the 2.7 branch.
Discussion
----------
[Debug] Swap dumper services at bootstrap
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
---
This commit fix a bug when using debug function too soon.
For example, if you call dump function during kernel::boot() the
dump output will be sent to stderr, even in a web context.
With this patch, the data collector is used by default, so the
dump output is send to the WDT. In a CLI context, if dump is used
too soon, the datacollector will buffer it, and release it at the
end of the script. So in this case everything will be visible by the
end used.
Commits
-------
d80589c [Debug] Swap dumper services at bootstrap
This PR was merged into the 2.7 branch.
Discussion
----------
[DI][2.7] Include dynamic services in alternatives
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | comma-separated list of tickets fixed by the PR, if any
| License | MIT
| Doc PR | reference to the documentation PR, if any
Commits
-------
428b5cc include dynamic services in list of alternatives
This PR was merged into the 2.7 branch.
Discussion
----------
[Debug][HttpKernel][VarDumper] Prepare for committed 7.2 changes (aka "small-bc-breaks")
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| Tests pass? | yes
| License | MIT
On PHP 7.2:
- `is_object()` is going to return `true` for `__PHP_Incomplete_Class` instances
- `gettype($closed_resource);` returns "resource (closed)"
ping @nikic FYI
see https://travis-ci.org/symfony/symfony/jobs/154114269 for fixed tests (except the one on ClassLoader which is a BC break on 7.1 that should be fixed there IMHO).
Commits
-------
feb2cd0 [Debug][HttpKernel][VarDumper] Prepare for committed 7.2 changes
* 2.8:
[travis] Use 7.0 until 7.1 is fixed
[DIC] Fix service autowiring inheritance
[SecurityBundle] Add missing deprecation notice for form_login.intention
Verify explicitly that the request IP is a valid IPv4 address
This PR was merged into the 2.8 branch.
Discussion
----------
[DependencyInjection] Fix service autowiring inheritance
| Q | A
| ------------- | ---
| Branch? | 2.8
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #19615
| License | MIT
| Doc PR | n/a
This makes services inherit the `autowire` attribute from their parent and fix the ability to override it from the child.
Fixed cases:
- Simple inheritance
```yaml
parent:
class: Foo
abstract: true
autowire: true
child:
class: Foo
```
- Set in the child (only)
```yaml
parent:
class: Foo
abstract: true
child:
class: Foo
autowire: true
```
- Set in the parent, changed in the child
```yaml
parent:
class: Foo
abstract: true
autowire: true
child:
class: Foo
autowire: false
```
Commits
-------
fb95bdc [DIC] Fix service autowiring inheritance
This PR was squashed before being merged into the 2.7 branch (closes#19666).
Discussion
----------
Verify explicitly that the request IP is a valid IPv4 address
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
Take the following base code (the array is based on [CloudFlare IP Ranges](https://www.cloudflare.com/ips/)):
```php
use Symfony\Component\HttpFoundation\IpUtils;
$ips = [
"103.21.244.0/22",
"103.22.200.0/22",
"103.31.4.0/22",
"104.16.0.0/12",
"108.162.192.0/18",
"131.0.72.0/22",
"141.101.64.0/18",
"162.158.0.0/15",
"172.64.0.0/13",
"173.245.48.0/20",
"188.114.96.0/20",
"190.93.240.0/20",
"197.234.240.0/22",
"198.41.128.0/17",
"199.27.128.0/21",
"2400:cb00::/32",
"2405:8100::/32",
"2405:b500::/32",
"2606:4700::/32",
"2803:f800::/32",
"2c0f:f248::/32",
"2a06:98c0::/29",
];
```
Before this PR, the following code would have returned `true` instead of the expected `false` value:
```php
IpUtils::checkIp('blablabla', $ips);
```
This due to the `ip2long` function returning `false` for an invalid IP address, thus returning `"00000000000000000000000000000000"` with the following code:
```php
sprintf('%032b', ip2long('blablabla'));
```
To fix this I simply check if the `$requestIp` variable contains a valid IP address.
Commits
-------
17e418c Verify explicitly that the request IP is a valid IPv4 address
This PR was merged into the 2.7 branch.
Discussion
----------
[HttpKernel] Fix too strict test
| Q | A
| ------------- | ---
| Branch? | 2.7
| Tests pass? | yes
| License | MIT
This test is too strict and prevents adding properties to Data objects for no reason.
Commits
-------
2e7301d [HttpKernel] Fix too strict test
* 2.8:
Disable CLI color for Windows 10 greater than 10.0.10586
Exception details break the layout
[HttpKernel] Remove wrong docblock
[HttpKernel] Fix HttpCache validation HTTP method
Move space from the before 'if' to the after 'if'
[TwigBundle] Add a check for choice's attributes emptiness before calling block('attributes')
* 2.7:
Disable CLI color for Windows 10 greater than 10.0.10586
Exception details break the layout
[HttpKernel] Remove wrong docblock
[HttpKernel] Fix HttpCache validation HTTP method
Move space from the before 'if' to the after 'if'
[TwigBundle] Add a check for choice's attributes emptiness before calling block('attributes')
This PR was merged into the 2.7 branch.
Discussion
----------
Exception details break the layout
Exception details break the layout
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| License | MIT
By adding `word-wrap: break-word;` the exception details will wrap inside the block.
Commits
-------
00b4ecb Exception details break the layout
This PR was merged into the 2.7 branch.
Discussion
----------
[TwigBundle] Add a check for choice's attributes emptiness before calling block('attributes')
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| License | MIT
Remove unnecessary block calling for choices without "choice_attr" option. This check gain the performance on a large datasets.
Previous Pull to master #19527
Commits
-------
bf6748d Move space from the before 'if' to the after 'if'
d1cf4d1 [TwigBundle] Add a check for choice's attributes emptiness before calling block('attributes')
This commit fix a bug when using debug function too soon.
For example, if you call dump function during kernel::boot() the
dump output will be sent to stderr, even in a web context.
With this patch, the data collector is used by default, so the
dump output is send to the WDT. In a CLI context, if dump is used
too soon, the datacollector will buffer it, and release it at the
end of the script. So in this case everything will be visible by the
end used.
* 2.8:
[Routing] Add missing options in docblock
[VarDumper] Fix dumping continuations
[HttpFoundation] fixed Request::getContent() reusage bug
[Form] Skip CSRF validation on form when POST max size is exceeded
Enhance the phpDoc return types so IDEs can handle the configuration tree.
fixes
Remove 3.0 from branch suggestions for fixes in PR template
[Process] Strengthen Windows pipe files opening (again...)
Fix#19531 [Form] DateType fails parsing when midnight is not a valid time
* 2.7:
[Routing] Add missing options in docblock
[VarDumper] Fix dumping continuations
[HttpFoundation] fixed Request::getContent() reusage bug
[Form] Skip CSRF validation on form when POST max size is exceeded
Enhance the phpDoc return types so IDEs can handle the configuration tree.
fixes
Remove 3.0 from branch suggestions for fixes in PR template
[Process] Strengthen Windows pipe files opening (again...)
Fix#19531 [Form] DateType fails parsing when midnight is not a valid time
This PR was merged into the 3.1 branch.
Discussion
----------
Use try-finally where it possible
| Q | A
| ------------- | ---
| Branch? | 3.1
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
Just a minior refactoring for using PHP 5.5 feature.
Commits
-------
747ddf6 Use try-finally where it possible
This PR was squashed before being merged into the 3.1 branch (closes#19437).
Discussion
----------
[PropertyInfo] Fix an error in PropertyInfoCacheExtractor
| Q | A
| ------------- | ---
| Branch? | 3.1
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
An argument was forgotten in the ``PropertyInfoCacheExtractor`` class leading to exceptions such as
```
PHP Warning: ucfirst() expects parameter 1 to be string, array given in /home/guilhem/github/ast-test/vendor/symfony/symfony/src/Symfony/Component/PropertyInfo/Extractor/ReflectionExtractor.php on line 318
```
and making it unusable.
ping @dunglas
Commits
-------
d19b151 [PropertyInfo] Fix an error in PropertyInfoCacheExtractor
This PR was squashed before being merged into the 2.7 branch (closes#19549).
Discussion
----------
[HttpFoundation] fixed Request::getContent() reusage bug
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
After calling ```Request::getContent(true)```, subsequent calls to the
same instance method (withouth the ```$asResource``` flag) always returned
```false``` instead of the request body as a plain string.
A unit test already existed to guard against this behaviour (the 'Resource then fetch' case) but it
yielded a false positive because it was comparing ```''``` to ```false``` using
PHPUnit's ```assertEquals``` method instead of ```assertSame```.
For completeness sake I also added the missing usage permutations in
the data provider, which already worked OK.
Commits
-------
c42ac66 [HttpFoundation] fixed Request::getContent() reusage bug
This PR was merged into the 3.1 branch.
Discussion
----------
[DependencyInjection] ContainerBuilder: Remove obsolete definitions
| Q | A
| ------------- | ---
| Branch? | 3.1
| Bug fix? | yes
| New feature? |no
| BC breaks? | may be considered
| Deprecations? | may be considered
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
IIUC, [the obsolete definitions thing was tied to scoped & sync services](https://github.com/symfony/symfony/pull/7007).
Thus, this code [is not meant to be used since 3.0 and can be removed](https://github.com/symfony/symfony/pull/13289).
However, it may be considered as a BC break and would require introducing a new deprecation instead, because the current code allows to set a service on a frozen container if it has an obsolete synthetic definition...which is weird, isn't it ? (I doubt this feature was explicitly intended to allow setting a synthetic service more than once, and it wasn't before sync services introduction)
I suggest this as a patch for 3.1, under the pretext of forgotten code tied to a previous deprecation & feature removal, but let me know if it should be considered differently.
Commits
-------
daa7d00 [DependencyInjection] ContainerBuilder: Remove obsolete definitions
This PR was squashed before being merged into the 2.7 branch (closes#19373).
Discussion
----------
[Form] Skip CSRF validation on form when POST max size is exceeded
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #19140
| License | MIT
| Doc PR | N/A
In #19140 the CSRF validation listener was not aware that the POST max size had exceeded, and was adding a form error message that wasn't relevant to the actual error.
This introduces the `ServerParams` utility class into the `CsrfValidationListener` and checks that the POST max size has not been exceeded. If it has then it won't bother trying to validate the CSRF token.
My main concern with this change is that it opens up an attack vector around tokens, but I've encapsulated the request size validation in a single method in `ServerParams` now so that the request handlers are using the same logic.
Commits
-------
289531f [Form] Skip CSRF validation on form when POST max size is exceeded
This PR was merged into the 2.7 branch.
Discussion
----------
Fix#19531 [Form] DateType fails parsing when midnight is not a valid time
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #19531
| License | MIT
| Doc PR |
Commits
-------
c951bb6Fix#19531 [Form] DateType fails parsing when midnight is not a valid time