This PR was submitted for the master branch but it was merged into the 5.0 branch instead.
Discussion
----------
Fix the supports() method argument type of the security voter
| Q | A
| ------------- | ---
| Branch? | 5.0 and 5.1
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | ~
| License | MIT
| Doc PR | ~
Since adding types to method arguments in the version 5.0 (and therefore also 5.1), there is a type mismatch on the first argument of the `supports()` method of the abstract class `Symfony\Component\Security\Core\Authorization\Voter\Voter`.
Indeed, the `supports()` method had in previous versions (4.x), the phpdoc indicating that the argument `$attribute` must be a `string`, but this one is not compatible with the `isGranted()` method of the interface `Symfony\Component\Security\Core\AuthorizationAuthorizationCheckerInterface` whose the `$attribute` argument is of type `mixed`.
The problem arises when you have voters extending the abstract class `Voter` positioned before a vote with an attribute of a type other than `string`.
Apart from Voters created by third parties, there is the voter `ExpressionVoter` which waits in attribute, an instance of the class `Symfony\Component\ExpressionLanguage\Expression` (you can see the [doc](https://symfony.com/doc/current/security/expressions.html) for an example). Just add a voter extending the abstract class `Voter` with a higher priority than the voter `ExpressionVoter` to get the error:
```
Argument 1 passed to FooVoter::supports() must be of the type string, object given
```
To avoid removing the type of the `$attribute` argument from the method `Symfony\Component\Security\Core\Authorization\Voter\Voter::supports(string $attribute, $subject)`, which can break the backward compatibility, you just have to test in the `vote()` method if the attribute is not a `string` and continue before calling the `supports()` method.
Commits
-------
b8192eecab Fix the 'supports' method argument type of the security voter
This PR was merged into the 4.4 branch.
Discussion
----------
Directly use the driverConnection executeUpdate method
executeUpdate & executeQuery methods do not throw a TableNotFoundException. No need for the try/catch as it is done for executeQuery
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | Fix https://github.com/symfony/symfony/issues/37355
| License | MIT
As explained in https://github.com/symfony/symfony/issues/37355, when doing a write operation, one should avoid using the `executeQuery` method of a Connection, as Doctrine's MasterSlaveConnection can pick a slave instance (usually read-only) for these operations.
Commits
-------
eec12ecd23 Use the driverConnection executeUpdate method
* 5.0:
[HttpClient] Support for cURL handler objects.
[HttpClient] unset activity list when creating CurlResponse
Fixed typo in test name
add .body wrapper element
[HttpFondation] Change file extension of "audio/mpeg" from "mpga" to "mp3"
[VarDumper] Support for cURL handler objects.
Check whether path is file in DataPart::fromPath()
[DI][FrameworkBundle] Remove whitelist occurrences
Avoid accessibility errors on debug toolbar
update cookie test
* 4.4:
[HttpClient] Support for cURL handler objects.
[HttpClient] unset activity list when creating CurlResponse
Fixed typo in test name
add .body wrapper element
[HttpFondation] Change file extension of "audio/mpeg" from "mpga" to "mp3"
[VarDumper] Support for cURL handler objects.
Check whether path is file in DataPart::fromPath()
[DI][FrameworkBundle] Remove whitelist occurrences
Avoid accessibility errors on debug toolbar
* 3.4:
Fixed typo in test name
[HttpFondation] Change file extension of "audio/mpeg" from "mpga" to "mp3"
[VarDumper] Support for cURL handler objects.
[DI][FrameworkBundle] Remove whitelist occurrences
Avoid accessibility errors on debug toolbar
This PR was merged into the 3.4 branch.
Discussion
----------
[HttpFondation] Change file extension of "audio/mpeg" from "mpga" to "mp3"
| Q | A
| ------------- | ---
| Branch? | 3.4 <!-- see below -->
| Bug fix? | yes
| New feature? | no <!-- please update src/**/CHANGELOG.md files -->
| Deprecations? | no <!-- please update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| Tickets | Fix#36068 <!-- prefix each issue number with "Fix #", if any -->
| License | MIT
| Doc PR | no
<!--
Replace this notice by a short README for your feature/bugfix. This will help people
understand your PR and can be used as a start for the documentation.
Additionally (see https://symfony.com/releases):
- Always add tests and ensure they pass.
- Never break backward compatibility (see https://symfony.com/bc).
- Bug fixes must be submitted against the lowest maintained branch where they apply
(lowest branches are regularly merged to upper ones so they get the fixes too.)
- Features and deprecations must be submitted against branch master.
-->
`.mp3` files are more common than `.mpga` files.
Commits
-------
76a744ad91 [HttpFondation] Change file extension of "audio/mpeg" from "mpga" to "mp3"
This PR was merged into the 5.0 branch.
Discussion
----------
[BrowserKit] update cookie test for cookie values with double quotes
| Q | A
| ------------- | ---
| Branch? | 5.0
| Bug fix? | no
| New feature? | noâ
| Deprecations? | no
| Tickets | Fix#37161
| License | MIT
| Doc PR | symfony/symfony-docs#
Provide a test for cookie values with double quotes
Commits
-------
a50c660823 update cookie test
This PR was merged into the 4.4 branch.
Discussion
----------
[HttpClient] Support for cURL handler objects
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | Fix#37378
| License | MIT
| Doc PR | N/A
Commits
-------
7ccc2e1f28 [HttpClient] Support for cURL handler objects.
This PR was merged into the 3.4 branch.
Discussion
----------
[VarDumper] Support for cURL handler objects
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | #37378
| License | MIT
| Doc PR | N/A
Commits
-------
39c1a6373b [VarDumper] Support for cURL handler objects.
This PR was merged into the 4.4 branch.
Discussion
----------
add .body wrapper element
This change makes the notification email responsive.
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | none
| License | MIT
There was a wrapper missing from the foundation template.
This wrapper applies all `table.body table.container` styles from the foundation stylesheet
including font's and the responsive rules that were missing.
Commits
-------
5b74bbd288 add .body wrapper element
This PR was merged into the 4.4 branch.
Discussion
----------
[HttpClient] unset activity list when creating CurlResponse
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | -
This might fix an error that looks like a race condition.
I've seen it, and @Toflar too, but we're unable to reproduce.
> Argument 2 passed to Symfony\Component\HttpClient\Chunk\DataChunk::__construct() must be of the type string, null given
This patch tentatively empties activity lists. If the issue is related to the PHP engine reusing resource ids, this will fix it. Otherwise, we'll know we'll have to look elsewhere.
> looking at https://github.com/symfony/http-client/blob/4.4/Response/ResponseTrait.php#L363 I don’t really see how this can happen other than inflate_add() returning null
> $response->inflate is true before becoming a resource; there must be a race condition in the curl client that ends up listing a data chunk before a FirstChunk in the activity list, which would explain why inflate_add is given a non-resource (`true`).
Commits
-------
b249f00519 [HttpClient] unset activity list when creating CurlResponse
This PR was merged into the 5.1 branch.
Discussion
----------
[DI] Fix call to sprintf in ServicesConfigurator::stack()
| Q | A
| ------------- | ---
| Branch? | 5.1
| Bug fix? | yes
| New feature? | no <!-- please update src/**/CHANGELOG.md files -->
| Deprecations? | no <!-- please update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| Tickets | n/a
| License | MIT
| Doc PR | n/a
This PR fixes a faulty call to `sprintf()` and prevents the following error:
```
Warning: sprintf(): Too few arguments in /Users/dunglas/workspace/activity-pub/vendor/symfony/dependency-injection/Loader/Configurator/ServicesConfigurator.php on line 154
Fatal error: Uncaught Error: Wrong parameters for Symfony\Component\DependencyInjection\Exception\InvalidArgumentException([string $message [, long $code [, Throwable $previous = NULL]]]) in /Users/dunglas/workspace/activity-pub/vendor/symfony/dependency-injection/Loader/Configurator/ServicesConfigurator.php:154 Stack trace: #0 /Users/dunglas/workspace/activity-pub/vendor/symfony/dependency-injection/Loader/Configurator/ServicesConfigurator.php(154): Exception->__construct('', 1, 'api_platform.js...') #1 /Users/dunglas/workspace/activity-pub/src/Bundle/Resources/config/services.php(12): Symfony\Component\DependencyInjection\Loader\Configurator\ServicesConfigurator->stack('api_platform.js...', Array) #2 /Users/dunglas/workspace/activity-pub/vendor/symfony/dependency-injection/Loader/PhpFileLoader.php(50): Symfony\Component\DependencyInjection\Loader\ProtectedPhpFileLoader::Symfony\Component\DependencyInjection\Loader\Configurator\{closure}(Object(Symfony\Component\DependencyInjection\Loader\Configurator\ContainerConfigurat in /Users/dunglas/workspace/activity-pub/vendor/symfony/dependency-injection/Loader/Configurator/ServicesConfigurator.php on line 154
```
Commits
-------
11da9d3c29 [DI] Fix call to sprintf in ServicesConfigurator::stack()
This PR was merged into the 5.1 branch.
Discussion
----------
[Security] Resolve event bubbling of logout + new events in a compiler pass
| Q | A
| ------------- | ---
| Branch? | 5.1
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | Fix#37292
| License | MIT
| Doc PR | -
This PR proposes to create a compiler pass that registers listeners on the main `event_dispatcher` on the firewall-specific event dispatcher during compile time. This allows to still specify listener priorities while listening on a bubbled-up event (instead of a fix moment where the event bubbling occurs). It probably also improves performance, as it doesn't use duplicated event dispatching logic to provide event bubbling.
Nothing changes on the user side. I proposed this as a bugfix, as it fixes the bug mentioned in #37292 (not being able to use listener priorities). I did remove a class, which was introduced in 5.1 and is very internal. I think it's safe, but we can also keep it and remove in master.
Commits
-------
f962c26061 Resolve event bubbling logic in a compiler pass
This PR was submitted for the 5.0 branch but it was squashed and merged into the 4.4 branch instead.
Discussion
----------
Check whether path is file in DataPart::fromPath()
| Q | A
| ------------- | ---
| Branch? | 5.0
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
Method `getBody()` uses stream_get_contents() to retrieve the body, however it fails to do so when the stream is a directory.
Commits
-------
9e3670e140 Check whether path is file in DataPart::fromPath()
This PR was merged into the 3.4 branch.
Discussion
----------
Avoid accessibility errors on symfony web debug toolbar
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | symfony/symfony-docs#...
When for example using the [axe](https://chrome.google.com/webstore/detail/axe-web-accessibility-tes/lhdoppojpmngadmnindnejefpokejbdd) to test the website for accessibility. Axe will fail because a div element without a role or a parent [landmark](https://www.w3.org/TR/wai-aria-practices/examples/landmarks/HTML5.html) is rendered. To avoid this errors I think we should define it as a specific region.
Commits
-------
223b405168 Avoid accessibility errors on debug toolbar
This PR was merged into the 3.4 branch.
Discussion
----------
Relax tests to unlock change on master
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | -
Required to make #37373 green.
Doesn't change any outcome.
Commits
-------
afe596e16a Relax tests to unlock change on master
* This removes duplicate event dispatching logic on event bubbling, which
probably improves performance.
* It allows to still specify listener priorities while listening on a
bubbled-up event (instead of a fix moment where the event bubbling occurs)
This PR was merged into the 5.1 branch.
Discussion
----------
[SecurityBundle] Fix UserCheckerListener registration with custom user checker
| Q | A
| ------------- | ---
| Branch? | 5.1
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | Fix#37365
| License | MIT
| Doc PR | -
The user checker listener was wrongly registered on the global event dispatcher, as it can be customized per firewall. This PR fixes that + correctly uses the configured user checker instead of always trying to use `UserCheckerInterface`.
Commits
-------
d63f59036c Fix UserCheckerListener registration with custom user checkers
* 5.0:
[SecurityBundle] Drop cache.security_expression_language definition if invalid
[DI] disable preload.php on the CLI
collect all transformation failures
* 4.4:
[SecurityBundle] Drop cache.security_expression_language definition if invalid
[DI] disable preload.php on the CLI
collect all transformation failures
This PR was merged into the 4.4 branch.
Discussion
----------
[SecurityBundle] Drop cache.security_expression_language service if invalid
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | -
Definition should be removed when its parent (`cache.system`) does not exist.
Spotted in #37337
Commits
-------
bc96693331 [SecurityBundle] Drop cache.security_expression_language definition if invalid
