This PR was merged into the 5.1 branch.
Discussion
----------
[Security] Removed "services" prototype node from "custom_authenticator"
| Q | A
| ------------- | ---
| Branch? | 5.1
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | -
This was discussed multiple times in the original authenticators PR. It's a bit hacky to implement, but I think it's worth the win on DX side.
I have no idea if and how this should be documented in the CHANGELOG.
---
**Before**
```yaml
security:
# ...
firewalls:
custom_authenticator:
services:
- App\Security\MyCustomAuthenticator
```
**After**
```yaml
security:
# ...
firewalls:
custom_authenticator: App\Security\MyCustomAuthenticator
```
---
**Before**
```yaml
security:
# ...
firewalls:
custom_authenticator:
services:
- App\Security\MyCustomAuthenticator
- App\Security\OtherCustomAuthenticator
```
**After**
```yaml
security:
# ...
firewalls:
custom_authenticators:
- App\Security\MyCustomAuthenticator
- App\Security\OtherCustomAuthenticator
```
Commits
-------
387ed4a0a3 Removed "services" prototype node from "custom_authenticator"
This PR was submitted for the master branch but it was merged into the 5.1 branch instead.
Discussion
----------
[Form] don't add the inputmode attribute on fields whose type is the same
| Q | A
| ------------- | ---
| Branch? | 5.1
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| Tickets | Fix https://github.com/symfony/symfony/pull/34986
| License | MIT
These is no need to add the `inputmode` attribute on fields whose `type` is the same.
From https://html.spec.whatwg.org/multipage/interaction.html#attr-inputmode
> When inputmode is unspecified (or is in a state not supported by the user agent), the user agent should determine the default virtual keyboard to be shown. Contextual information such as the input type or pattern attributes should be used to determine which type of virtual keyboard should be presented to the user.
From https://developer.mozilla.org/en-US/docs/Web/HTML/Global_attributes/inputmode
> **tel**
> Inputs that *require* a telephone number should typically use `<input type="tel">` instead.
> **search**
> Inputs that *require* a search query should typically use `<input type="search">` instead.
> **email**
> Inputs that *require* email addresses should typically use `<input type="email">` instead.
As such there is no point in adding `inputmode` for those types.
Symfony’s `UrlType` uses `inputmode` **only** when the `type` has to be `text` because the `default_protocol` option is set.
Commits
-------
d933fa136f Revert https://github.com/symfony/symfony/pull/34986
This PR was submitted for the master branch but it was merged into the 5.1 branch instead.
Discussion
----------
[Validator] Make ExpressionLanguageSyntax validator usable with annotation
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | NA
| License | MIT
| Doc PR | NA
When using the new on an entity ExpressionLanguageSyntax (basicaly copy/pasted the sample from https://symfony.com/blog/new-in-symfony-5-1-expressionlanguage-validator), I face a first error:
> Constraint validator "" does not exist or is not enabled. Check the "validatedBy" method in your constraint class "Symfony\Component\Validator\Constraints\ExpressionLanguageSyntax".
indeed, the `service` is [need to generate a valide alias](430b884570/src/Symfony/Component/Validator/Constraints/ExpressionLanguageSyntax.php (L38-L41))
Which looks weird for a Constraint
This PR makes the ExpressionLanguage dependency optionnal in `ExpressionLanguageSyntaxValidator`, and removes the `service` than is not needed anyore
Commits
-------
a010a87373 Make ExpressionLanguageSyntax validator usable with annotation
This PR was merged into the 5.1 branch.
Discussion
----------
[Messenger] Fixed check for allowed options in AwsSqs configuration
| Q | A
| ------------- | ---
| Branch? | 5.1
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | no
| License | MIT
Before this fix it was unavailable to create Connection with access_key and secret_key in options, because they were added to $clientConfiguration var, and check for extra options was against $configuration var. Which lead to exception.
The idea is to check input options against self::DEFAULT_OPTIONS (which contains all available options)
Commits
-------
fb1967210e [Messenger] Fixed check for allowed options in AwsSqs configuration
This PR was merged into the 5.1 branch.
Discussion
----------
[Messenger] Add suggestion for Amazon SQS transport and make check more readable
| Q | A
| ------------- | ---
| Branch? | 5.1
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | -
Copy-paste of https://github.com/symfony/symfony/pull/36890
Commits
-------
de7f3fceec [Messenger] Add suggestion for Amazon SQS transport and make check more readable
This PR was merged into the 3.4 branch.
Discussion
----------
[PhpUnitBridge] fix installing under PHP >= 8
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | -
[As experimented on Twig](b952011f95), using `simple-phpunit` is not simple enough when testing with PHP 8.
This PR fixes the issue so that we could remove these lines in Twig.
On 3.4 since supporting new versions of PHP is a bugfix according to our policies.
Commits
-------
5aa25ceb41 [PhpUnitBridge] fix installing under PHP >= 8
This PR was merged into the 4.4 branch.
Discussion
----------
Use ">=" for the "php" requirement
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | -
As explained in https://twitter.com/nicolasgrekas/status/1263023258938548225:
Using `"^7.x"` is our composer.json has been a mistake. We should always use `">=7.x"`! 3 reasons:
1. it's either planned obsolescence xor a strong promise to maintain in the long run. None is sustainable.
2. if you actually end up maintaining in the long run (not by promise but by fact), your latest versions will work with PHP 8 by definition.
3. meanwhile, `"^7.x"` prevented all your ecosystem from experimenting with PHP 8, which means they increased the workload on *you* the core maintainer.
Conclusion: always use `">="` for the `"php"` requirement. Hope for the best (it mostly happens) and enable your community to experiment with the next major asap without adding useless impediments.
Commits
-------
f8aa0873cf Use ">=" for the "php" requirement
This PR was merged into the 4.4 branch.
Discussion
----------
[Intl] bump icu 67.1
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| Tickets | Fix #... <!-- prefix each issue number with "Fix #", if any -->
| License | MIT
| Doc PR | symfony/symfony-docs#... <!-- required for new features -->
<!--
Replace this notice by a short README for your feature/bugfix. This will help people
understand your PR and can be used as a start for the documentation.
Additionally (see https://symfony.com/releases):
- Always add tests and ensure they pass.
- Never break backward compatibility (see https://symfony.com/bc).
- Bug fixes must be submitted against the lowest maintained branch where they apply
(lowest branches are regularly merged to upper ones so they get the fixes too.)
- Features and deprecations must be submitted against branch master.
-->
Commits
-------
920e319051 bump icu 67.1
This PR was merged into the 5.1 branch.
Discussion
----------
[Validator] allow passing a validator to Validation::createCallable()
| Q | A
| ------------- | ---
| Branch? | 5.1
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | -
As spotted by @stof in https://github.com/symfony/symfony/pull/31466#issuecomment-630054227
Commits
-------
1357cbf8ed [Validator] allow passing a validator to Validation::createCallable()
This PR was merged into the 5.1 branch.
Discussion
----------
[DI][Preload] Remove preload primitive types
| Q | A
| ------------- | ---
| Branch? | 5.1
| Bug fix? | no, but it could be for the future
| New feature? | no
| Deprecations? | no
| Tickets |
| License | MIT
| Doc PR |
After bump my project to 5.1.x-dev I saw the generated file of `*.preload.php` contains classes that are primitive types like int, string, bool.
```
composer create-project symfony/website-skeleton preload "5.1.x-dev"
cat preload/var/cache/dev/App_KernelDevDebugContainer.preload.php | grep "bool\|string\|int"
```
```
$ cat test/var/cache/dev/App_KernelDevDebugContainer.preload.php | grep "bool\|string\|int"
$classes[] = 'int';
$classes[] = 'string';
$classes[] = 'Symfony\Bridge\Doctrine\Validator\Constraints\UniqueEntityValidator';
$classes[] = 'Symfony\Component\Security\Http\EntryPoint\RetryAuthenticationEntryPoint';
$classes[] = 'Symfony\Component\Security\Core\Validator\Constraints\UserPasswordValidator';
$classes[] = 'Symfony\Component\Serializer\Normalizer\ConstraintViolationListNormalizer';
$classes[] = 'bool';
$classes[] = 'Symfony\Component\Validator\ContainerConstraintValidatorFactory';
$classes[] = 'Symfony\Component\Validator\Constraints\EmailValidator';
$classes[] = 'Symfony\Component\Validator\Constraints\ExpressionValidator';
$classes[] = 'Symfony\Component\Validator\Constraints\NotCompromisedPasswordValidator';
$classes[] = 'Symfony\\Component\\Form\\Extension\\Validator\\Constraints\\Form';
```
I don't know if it is expected behaviour, but if not - then PR fix it.
~~In addition, classes are sorted for better reading.~~
Commits
-------
4d05dbbfb5 [DI] Remove preload primitive types
* 5.0:
[Validator] Add missing translations of nn locale
[HttpKernel] Fix that the `Store` would not save responses with the X-Content-Digest header present
[Intl] bump icu 67.1
* 4.4:
[Validator] Add missing translations of nn locale
[HttpKernel] Fix that the `Store` would not save responses with the X-Content-Digest header present
[Intl] bump icu 67.1
* 3.4:
[Validator] Add missing translations of nn locale
[HttpKernel] Fix that the `Store` would not save responses with the X-Content-Digest header present
[Intl] bump icu 67.1
This PR was squashed before being merged into the 3.4 branch.
Discussion
----------
[Validator] Add missing translations of nn locale
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes/no
| New feature? | no
| Deprecations? | no
| Tickets | Fix#30178
| License | MIT
Added missing translations to validator with locale nn
Commits
-------
040d01e53b [Validator] Add missing translations of nn locale
This PR was squashed before being merged into the 3.4 branch.
Discussion
----------
[HttpKernel] Fix that the `Store` would not save responses with the X-Content-Digest header present
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets |
| License | MIT
| Doc PR |
Responses fetched from upstream sources might have a `X-Content-Digest` header, for example if the Symfony Cache is used upstream. This currently prevents the `Store` from saving such responses. In general, the value of this header should not be trusted.
As I consider this header an implementation detail of the `Store`, the fix tries to be local to that class; we should not rely on the `HttpCache` or other classes to remove untrustworthy headers for us.
This fixes the issue that when using the `HttpCache` in combination with the Symfony HttpClient, responses that have also been cached upstream in an instance of `HttpCache` are not cached locally. It adds the overhead of re-computing the content digest every time the `HttpCache` successfully re-validated a response.
Commits
-------
d8964fb8b7 [HttpKernel] Fix that the `Store` would not save responses with the X-Content-Digest header present
This PR was squashed before being merged into the 3.4 branch.
Discussion
----------
[Intl] bump icu 67.1
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| Tickets | Fix #... <!-- prefix each issue number with "Fix #", if any -->
| License | MIT
| Doc PR | symfony/symfony-docs#... <!-- required for new features -->
mainly some new locales+scripts (see 3a3a9ba)
Commits
-------
29eb271184 [Intl] bump icu 67.1
Before this fix it was unavailable to create Connection with access_key and secret_key in options, because they were added to $clientConfiguration var, and check for extra options was against $configuration var. Which lead to exception.
The idea is to check input options against self::DEFAULT_OPTIONS (which contains all available options)
* 5.0:
[PhpUnitBridge] fix bad detection of unsilenced deprecations
[Security] Unserialize $parentData, if needed, to avoid errors
[HttpKernel] Fix error logger when stderr is redirected to /dev/null (FPM)
* 4.4:
[PhpUnitBridge] fix bad detection of unsilenced deprecations
[Security] Unserialize $parentData, if needed, to avoid errors
[HttpKernel] Fix error logger when stderr is redirected to /dev/null (FPM)
This PR was squashed before being merged into the 4.4 branch.
Discussion
----------
[Security] Unserialize $parentData, if needed, to avoid errors
Check that the $parentData is an array. If it's a string, the variable is unserialized.
Useful to not break the compatibility with the older versions.
Bug reproduced when upgrading from 3.4 to 4.4
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | Fix#36813
| License | MIT
| Doc PR | symfony/symfony-docs#... <!-- required for new features -->
Commits
-------
b447433b67 [Security] Unserialize $parentData, if needed, to avoid errors
This PR was merged into the 3.4 branch.
Discussion
----------
[HttpKernel] Fix error logger when stderr is redirected to /dev/null
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no <!-- please update src/**/CHANGELOG.md files -->
| Deprecations? | no <!-- please update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| Tickets | n/a <!-- prefix each issue number with "Fix #", if any -->
| License | MIT
| Doc PR | n/a
The HttpKernel Logger is meant to be used as a last resort logging mechanism when no logger has been explicitly configured (Monolog is not a dependency for instance).
For small apps, that can be more than enough.
But under some circumstances, it does not work. When you are using PHP-FPM, `stderr` is ignored by default (`catch_workers_output` is `false`) and so, logs are ignored as well. There is no issue with the official PHP Docker image as the setting has been explicitly set to `true`. Not an issue with Symfony CLI as well, as we also change the setting. Not a problem either with the PHP built-in server as it does not use PHP FPM anyway.
But, in many other places, where the setting has its default value, logs are lost (as you can imagine, it happened to me). As this feature is meant to be a fallback, I think it should always work, or at least, we need to make everything possible to make it work out of the box; that's why I've considered it a bug and hence a PR on 3.4.
This PR changes the default value for the output to `null`, which uses `error_log()` instead of `stderr` to log errors. Why is it better? The output of `error_log()` is controllable by the `error_logs` PHP ini setting and it is well understood by everyone (the default configuration should always work well); so it should work in most/more cases.
The other change (to be discussed) is to also log messages at the `ERROR` level and not just the `CRITICAL` ones.
/cc @dunglas
Commits
-------
5f829bdaeb [HttpKernel] Fix error logger when stderr is redirected to /dev/null (FPM)
