This PR was merged into the 4.3 branch.
Discussion
----------
[Lock] Don't allow mysqli to be used as it doesn't work
| Q | A
| ------------- | ---
| Branch? | 4.3
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets |
| License | MIT
| Doc PR |
Mysqli doesn't support named parameters, so if you pass a doctrine connection using `mysqli` then you get the following error:
`You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ':id, :token, UNIX_TIMESTAMP() + 300)'`
This PR ensures a clear error is provided and suggests to use `pdo_mysql` instead
Commits
-------
ef3bcda5e3 Mysqli doesn't support the named parameters used by PdoStore
This PR was merged into the 3.4 branch.
Discussion
----------
[Security] Use supportsClass in addition to UnsupportedUserException
| Q | A
| ------------- | ---
| Branch? | 3.4+
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | Fix#35045
| License | MIT
| Doc PR | ~
This PR fixes the issue where user providers rely on just the UnsupportedUserException from `refreshUser()`, causing a flow where users are wrongfully re-authenticated.
There's one issue where `refreshUser()` can do far more sophisticated checks on the user class, which it will never reach if the class is not supported. As far as I know it was never intended to support instances that are rejected by `supportsClass()`, though people could've implemented this (by accident). So the question is more if we should add a BC layer for this; for example:
```php
try {
$refreshedUser = $provider->refreshUser($user);
$newToken = clone $token;
$newToken->setUser($refreshedUser);
if (!$provider->supportsClass($userClass)) {
if ($this->shouldCheckSupportsClass) {
continue;
}
// have to think of a proper deprecation here for 6.0
@trigger_error('Provider %s does not support user class %s via supportsClass() while it does support it via refreshUser .. please set option X and fix %s::supportsUser() ', E_USER_DEPRECATED);
}
```
This would prevent behavior from breaking but also means we can't fix this on anything less than 5.1.
Commits
-------
d3942cbe17 Use supportsClass where possible
* 3.4:
chown and chgrp should also accept int as owner and group
Fix RememberMe with null password
[Validator] Fix plurals for sr_Latn (Serbian language written in latin script) validation messages
[PhpUnitBridge][SymfonyTestsListenerTrait] Remove some unneeded code
fix PHP const mapping keys using the inline notation
Fix that no-cache requires positive validation with the origin, even for fresh responses
This PR was merged into the 3.4 branch.
Discussion
----------
[PhpUnitBridge][SymfonyTestsListenerTrait] Remove some unneeded code
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | -
Risky errors when there are no assertions are added before the test end listeners are called (ie, before the code in endTest is executed) so forcing beStrictAboutTestsThatDoNotTestAnything to false when there is a expectedDeprecation annotation is enough.
If the goal is to reset the value to the original value, then I think we should not do it since we basically "lie" to the next listeners. Let's assume that when a test expect a deprecation, it can have 0 assertions. Also this flag is not used anymore by PHPUnit after we reset it.
Ref https://github.com/symfony/symfony/pull/21786 btw
Commits
-------
fb48bbc05b [PhpUnitBridge][SymfonyTestsListenerTrait] Remove some unneeded code
This PR was merged into the 3.4 branch.
Discussion
----------
[Filesystem] chown and chgrp should also accept int as owner and group (3.4)
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| Tickets |
| License | MIT
| Doc PR |
Reference: https://github.com/symfony/symfony/pull/35356#issuecomment-575526299
Commits
-------
6b811e6b4c chown and chgrp should also accept int as owner and group
This PR was merged into the 3.4 branch.
Discussion
----------
[Validator] Fix plurals for sr_Latn validation messages
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | Fix#35276
| License | MIT
validators.sr_Latn.xlf (Serbian, written with latin script) has wrong plurals for all validation message translations that require them (only two where there should be three). This commit fixes that by adding the missing third plural-translation.
Commits
-------
207cdafd54 [Validator] Fix plurals for sr_Latn (Serbian language written in latin script) validation messages
This PR was merged into the 4.3 branch.
Discussion
----------
[DI] Suggest typed argument when binding fails with untyped argument
| Q | A
| ------------- | ---
| Branch? | 4.3
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | #33470
| License | MIT
I've added a condition that looks for arguments and if the typehint doesn’t match, throws an `InvalidArgumentException`
Commits
-------
0e92399daa [DI] Suggest typed argument when binding fails with untyped argument
This PR was merged into the 3.4 branch.
Discussion
----------
[HttpKernel] Fix that no-cache MUST revalidate with the origin
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets |
| License | MIT
| Doc PR |
From [RFC 7234 Section 5.2.2](https://tools.ietf.org/html/rfc7234#section-5.2.2)
> The "no-cache" response directive indicates that the response MUST NOT be used to satisfy a subsequent request without successful validation on the origin server. This allows an origin server to prevent a cache from using it to satisfy a request without contacting it, even by caches that have been configured to send stale responses.
This is unconditional – the response must be revalidated right away.
(`must-revalidate`, to the contrary, requires revalidation only once the response has become stale.)
Commits
-------
c8bdcb3408 Fix that no-cache requires positive validation with the origin, even for fresh responses
* 3.4:
Avoid stale-if-error if kernel.debug = true, because it hides errors
[Console] Fix SymfonyQuestionHelper tests sometimes failing on AppVeyor
[DI] deferred exceptions in ResolveParameterPlaceHoldersPass
This PR was merged into the 3.4 branch.
Discussion
----------
[DI] deferred exceptions in ResolveParameterPlaceHoldersPass
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | Fix#30428
| License | MIT
| Doc PR | n/a
fixes case #30428
implemented as in AutowiringPass
Commits
-------
b3a2173c8e [DI] deferred exceptions in ResolveParameterPlaceHoldersPass
This PR was merged into the 4.3 branch.
Discussion
----------
[EventDispatcher] expand listener in place
| Q | A
| ------------- | ---
| Branch? | 4.3
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | Fix#35259
| License | MIT
| Doc PR |
Commits
-------
f5d407318d expand listener in place
* 3.4:
[PHPUnitBridge] file_get_contents() expects parameter 3 to be resource
[PHPUnit-Bridge] Fail-fast in simple-phpunit if one of the passthru() commands fails
This PR was squashed before being merged into the 3.4 branch.
Discussion
----------
[PHPUnitBridge] file_get_contents() expects parameter 3 to be resource
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | -
file_get_contents 3rd parameter (context) expects resource or NULL to ignore them
Commits
-------
a28a42187c [PHPUnitBridge] file_get_contents() expects parameter 3 to be resource
This PR was squashed before being merged into the 3.4 branch.
Discussion
----------
[PHPUnit-Bridge] Fail-fast in simple-phpunit if one of the passthru() commands fails
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets |
| License | MIT
| Doc PR |
Some commands executed by the `simple-phpunit` script are not checked for success. For example [here](https://travis-ci.org/twigphp/Twig/jobs/634110681), Composer fails with the message
```
[InvalidArgumentException]
Could not find package phpunit/phpunit with version 7.5.* in a version inst
allable using your PHP version 7.0.25.
```
Yet, the `simple-phpunit` script happily continues, going over failing `chdir()`, `file_get_contents()` and `include()` calls and eventually returns a successful `0` exit code. So CI tests look OK when in fact PHPUnit was not even downloaded.
Commits
-------
576e18561f [PHPUnit-Bridge] Fail-fast in simple-phpunit if one of the passthru() commands fails