* 2.7:
[DI] use assertStringEqualsFile when possible
[VarDumper] Adapt to php 7.2 changes
[Form][TwigBridge] Don't render _method in form_rest() for a child form
[Validator] Fix IbanValidator for ukrainian IBANs
This PR was merged into the 2.7 branch.
Discussion
----------
[DI] use assertStringEqualsFile when possible
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
To make failure reporting more accurate, and maintaining tests easier (assertStringEqualsFile is already heavily used in the same file.)
Commits
-------
eebae7e [DI] use assertStringEqualsFile when possible
This PR was merged into the 2.7 branch.
Discussion
----------
[VarDumper] Adapt to php 7.2 changes
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
As required by this change on PHP 7.2:
https://wiki.php.net/rfc/convert_numeric_keys_in_object_array_casts
Tests pass locally (until we add 7.2 to Travis)
Commits
-------
3c2f5f7 [VarDumper] Adapt to php 7.2 changes
This PR was squashed before being merged into the 2.7 branch (closes#23649).
Discussion
----------
[Form][TwigBridge] Don't render _method in form_rest() for a child form
The hidden `_method` must only be generated if the form is the top most form.
Always generating the hidden `_method` breaks forms using the POST method when they have children using the PUT method. If `_method` is generated for such a child form, it overrides the parent method and the form fails to validate.
See issue #23254
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #14261
| License | MIT
| Doc PR |
Commits
-------
973b2d3 [Form][TwigBridge] Don't render _method in form_rest() for a child form
This PR was squashed before being merged into the 2.8 branch (closes#23023).
Discussion
----------
[DoctrineBridge][PropertyInfo] Added support for Doctrine Embeddables
| Q | A
| ------------- | ---
| Branch? | 2.8 and higher
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
Note that [Embeddables appeared only in doctrine/orm 2.5](http://docs.doctrine-project.org/projects/doctrine-orm/en/latest/changelog/migration_2_5.html). I added class_exists checks for that.
Commits
-------
7816f3b7c7 [DoctrineBridge][PropertyInfo] Added support for Doctrine Embeddables
This PR was submitted for the master branch but it was merged into the 2.7 branch instead (closes#23619).
Discussion
----------
[Validator] Fix IbanValidator for ukrainian IBANs
The ukrainian bank identifier consists of six digits and not letters.
Also fixes the broken links to the current SWIFT IBAN registry pdf.
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
Commits
-------
1ba95738fb [Validator] Fix IbanValidator for ukrainian IBANs
This PR was merged into the 2.7 branch.
Discussion
----------
use Precise on Travis to keep PHP LDAP support
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
Travis CI [started to roll out Ubuntu Trusty](https://blog.travis-ci.com/2017-07-11-trusty-as-default-linux-is-coming) as the default distribution. However, it seems that the PHP LDAP extension is missing on Trusty (see travis-ci/travis-ci#7067) starting to make our builds fail. Thus, I suggest to keep using Precise until the linked issue has been fixed.
Commits
-------
5441b1a use Precise on Travis to keep PHP LDAP support
This PR was submitted for the 2.8 branch but it was merged into the 2.7 branch instead (closes#23238).
Discussion
----------
[Security] ensure the 'route' index is set before attempting to use it
| Q | A
| ------------- | ---
| Branch? | 2.8
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
```
// matching a request is more powerful than matching a URL path + context, so try that first
if ($this->urlMatcher instanceof RequestMatcherInterface) {
$parameters = $this->urlMatcher->matchRequest($request);
} else {
$parameters = $this->urlMatcher->match($request->getPathInfo());
}
return $path === $parameters['_route'];
```
Hi the issue here is the code is assuming a `_route` has been returned from the `match()` method.. however there is nothing to suggest that is always the case. For example if I just want to return a controller that is perhaps not added as an actual route I can & it works.. Although this will generate a notice warning.
**In terms of what happens if the `_route` is not defined should it return `false?` or actually perform a similar condition as `return $path === rawurldecode($request->getPathInfo());` **
I have an implementation of a router that is just returning a controller path and its arguments without a `_route` which works aside from this notice.
Commits
-------
7ae578cc1a fix(security): ensure the 'route' index is set before attempting to use it
This PR was merged into the 2.8 branch.
Discussion
----------
[WebProfilerBundle] Fix full sized dump hovering in toolbar
| Q | A
| ------------- | ---
| Branch? | 2.8 <!-- see comment below -->
| Bug fix? | yes
| New feature? | no <!-- don't forget updating src/**/CHANGELOG.md files -->
| BC breaks? | no
| Deprecations? | no <!-- don't forget updating UPGRADE-*.md files -->
| Tests pass? | yes
| Fixed tickets | #23563 <!-- #-prefixed issue number(s), if any -->
| License | MIT
| Doc PR | N/A
Since #22953, the dump block shown on hovering the toolbar item takes the full width. But at least on OS X chrome, safari and firefox, the behavior is buggy and makes it unusable as the cursor can't reach the dumped content:
Honestly, I don't really understand the issue here and tried some tweaks until it works everywhere, (including trying to add a `.no-resize` class on `sf-toolbar-info` to avoid executing the related js event listener in case it was conflicting).
As shown in the screenshot, it also fixes the case where the dump wasn't full width under a certain size.
Commits
-------
28930c5 [WebProfilerBundle] Fix full sized dump hovering in toolbar
This PR was squashed before being merged into the 2.7 branch (closes#23580).
Discussion
----------
Fix login redirect when referer contains a query string
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #19026, #23027, #23061, #23411, #23551
| License | MIT
| Doc PR | n/a
In 3.3, #19026 was merged to fix a bug that should have been fixed in 2.7. The fix was wrong anyway, so this PR fixes it the proper way.
The first two commits refactors test (using mocks for data objects is a bad idea and using too many mocks actually makes tests test nothing).
The actual fix is in the third commit.
Commits
-------
022ac0be09 [Security] added more tests
9c7a1406cb [Security] fixed default target path when referer contains a query string
b1f1ae26b4 [Security] simplified tests
3387612451 [Security] refactored tests
* 2.7:
[DI] Resolve aliases earlier
bumped Symfony version to 2.7.33
updated VERSION for 2.7.32
update CONTRIBUTORS for 2.7.32
updated CHANGELOG for 2.7.32
This PR was merged into the 2.7 branch.
Discussion
----------
[DI] Resolve aliases earlier
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
Not a bug fix because a compiler pass already resolves aliases, but makes reasoning locally about the code easier.
Commits
-------
9922827cc2 [DI] Resolve aliases earlier
* 2.7:
[Security] Fix wrong term in UserProviderInterface
[HttpFoundation] Set meta refresh time to 0 in RedirectResponse content
[Security] validate empty passwords again
[DI] Remove irrelevant comment from container
[TwigBridge] cleaner implementation of the TwigRenderer
This PR was merged into the 2.7 branch.
Discussion
----------
[Security] validate empty passwords again
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | https://github.com/symfony/symfony/pull/23341#issuecomment-315341226
| License | MIT
| Doc PR |
It looks like this part of #23341 causes serious security issues for some users who rely on the validator to also compare the empty string with their user's password (see for example https://github.com/symfony/symfony/pull/23341#issuecomment-315341226). Thus I suggest to revert this part of #23341.
Commits
-------
878198cefa [Security] validate empty passwords again
This PR was submitted for the master branch but it was merged into the 2.7 branch instead (closes#23487).
Discussion
----------
[Security] Fix wrong term in UserProviderInterface
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | no <!-- don't forget updating src/**/CHANGELOG.md files -->
| BC breaks? | no
| Deprecations? | no <!-- don't forget updating UPGRADE-*.md files -->
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
The term "account" is the just remnant from the days of AccountInterface, isn't it?
Commits
-------
b5b8c15831 [Security] Fix wrong term in UserProviderInterface
This PR was merged into the 2.7 branch.
Discussion
----------
[DI] Remove irrelevant comment from container
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes-ish
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #... <!-- #-prefixed issue number(s), if any -->
| License | MIT
| Doc PR | symfony/symfony-docs#... <!--highly recommended for new features-->
Spotted in #22811
Commits
-------
595a225a0f [DI] Remove irrelevant comment from container
This PR was submitted for the master branch but it was merged into the 2.7 branch instead (closes#23526).
Discussion
----------
[HttpFoundation] Set meta refresh time to 0 in RedirectResponse content
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #23524
| License | MIT
Set meta refresh time to 0 in RedirectResponse content
Commits
-------
5508a00e74 [HttpFoundation] Set meta refresh time to 0 in RedirectResponse content
This PR was merged into the 2.8 branch.
Discussion
----------
Disable inlining deprecated services
| Q | A
| ------------- | ---
| Branch? | 2.8
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #23536
| License | MIT
Deprecation errors are not triggered for inlined services.
Disabling inlining for those services will fix this issue.
Commits
-------
6ab8ca0d36 disable inlining deprecated services
