This PR was merged into the 3.4 branch.
Discussion
----------
[Security] Do not mix password_*() API with libsodium one
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | n/a
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
Argon2IPasswordEncoder uses native `password_hash()` and `password_verify()` functions if the current PHP installation embeds Argon2 support (>=7.2, compiled `--with-password-argon2`).
Otherwise, it fallbacks to the libsodium extension.
This was fine at time the encoder was introduced, but meanwhile libsodium changed the algorithm used by `sodium_crypto_pwhash_str()` which is now argon2id, that goes outside of the scope of the encoder which was designed to deal with `argon2i` only.
Nothing we can do as databases may already contain passwords hashed with argon2id, the encoder must keep validating those.
However, the PHP installation may change as time goes by, and could suddenly embed the Argon2 core integration. In this case, the encoder would use the `password_verify()` function which would fail in case the password was not hashed using argon2i.
This PR prevents it by detecting that argon2id was used, avoiding usage of `password_verify()`.
See https://github.com/jedisct1/libsodium-php/issues/194 and https://github.com/symfony/symfony/issues/28093 for references.
Patch cannot be tested as it is platform dependent.
Side note: I'm currently working on a new implementation for 4.3 that will properly supports argon2id (which has been added to the PHP core sodium integration in 7.3) and argon2i, distinctively.
Commits
-------
d6cfde94b4 [Security] Do not mix usage of password_*() functions and sodium_*() ones
This PR was merged into the 3.4 branch.
Discussion
----------
ensure compatibility with older PHPUnit mocks
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | alternative to #29913
| License | MIT
| Doc PR |
Commits
-------
b714419faf ensure compatibility with older PHPUnit mocks
This PR was squashed before being merged into the 3.4 branch (closes#29903).
Discussion
----------
Move from array() to []
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | no <!-- don't forget to update src/**/CHANGELOG.md files -->
| BC breaks? | no <!-- see https://symfony.com/bc -->
| Deprecations? | no <!-- don't forget to update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| Tests pass? | yes <!-- please add some, will be required by reviewers -->
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
<!--
Write a short README entry for your feature/bugfix here (replace this comment block.)
This will help people understand your PR and can be used as a start of the Doc PR.
Additionally:
- Bug fixes must be submitted against the lowest branch where they apply
(lowest branches are regularly merged to upper ones so they get the fixes too).
- Features and deprecations must be submitted against the master branch.
-->
Commits
-------
37ab4cd056 fixed CS
1429267f9c fixed short array CS in comments
25240831e2 fixed CS in ExpressionLanguage fixtures
ec7dcb2784 fixed CS in generated files
afaa13e946 fixed CS on generated container files
7ffd8d3e03 fixed CS on Form PHP templates
0ba1acc82f fixed CS on YAML fixtures
ac9d6cff81 fixed fixtures
33a001e460 switched array() to []
This PR was merged into the 3.4 branch.
Discussion
----------
[TwigBridge] remove unreachable code
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
Since our version constraint is `^1.37.1|^2.6.2` any Twig version that
is below 2.4.5 must be a Twig 1.x release.
Commits
-------
16f97b9769 remove unreachable code
This PR was merged into the 3.4 branch.
Discussion
----------
[DependencyInjection] the string "0" is a valid service identifier
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #29854
| License | MIT
| Doc PR |
Commits
-------
caca373383 the string "0" is a valid service identifier
This PR was merged into the 3.4 branch.
Discussion
----------
Update MimeType extensions
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no <!-- don't forget to update src/**/CHANGELOG.md files -->
| BC breaks? | no <!-- see https://symfony.com/bc -->
| Deprecations? | no <!-- don't forget to update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| Tests pass? | yes <!-- please add some, will be required by reviewers -->
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
<!--
Write a short README entry for your feature/bugfix here (replace this comment block.)
This will help people understand your PR and can be used as a start of the Doc PR.
Additionally:
- Bug fixes must be submitted against the lowest branch where they apply
(lowest branches are regularly merged to upper ones so they get the fixes too).
- Features and deprecations must be submitted against the master branch.
-->
Commits
-------
5183049b73 updated MimeType extensions
This PR was squashed before being merged into the 3.4 branch (closes#29864).
Discussion
----------
[Form] SA fix
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| BC breaks? | no <!-- see https://symfony.com/bc -->
| Deprecations? | no
| Tests pass? | yes <!-- please add some, will be required by reviewers -->
| Fixed tickets | #... <!-- #-prefixed issue number(s), if any -->
| License | MIT
| Doc PR | symfony/symfony-docs#... <!-- required for new features -->
<!--
Write a short README entry for your feature/bugfix here (replace this comment block.)
This will help people understand your PR and can be used as a start of the Doc PR.
Additionally:
- Bug fixes must be submitted against the lowest branch where they apply
(lowest branches are regularly merged to upper ones so they get the fixes too).
- Features and deprecations must be submitted against the master branch.
-->
Commits
-------
1c85707946 [Form] SA fix
This PR was merged into the 3.4 branch.
Discussion
----------
[Debug] remove return type hint for PHP 5 compatibility
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
Commits
-------
1f31471ffe remove return type hint for PHP 5 compatibility
This PR was merged into the 3.4 branch.
Discussion
----------
Fix SwiftMailerHandler to support Monolog's latest reset functionality
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| License | MIT
Monolog 1.24 added the ResettableInterface which is meant to support resetting handlers. Reset should also flush as if the request was ending, and it can be used for long running workers for example in between each job that is processed. Due to SwiftMailer's spool however the emails in case of errors are right now only sent at the very end of the worker's lifetime.
For older Monolog versions, this will be ignored, and is thus harmless.
Commits
-------
ada2d83b67 Fix SwiftMailerHandler to support Monolog's latest reset functionality
This PR was submitted for the master branch but it was merged into the 3.4 branch instead (closes#29798).
Discussion
----------
Component CssSelector tests
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | no <!-- don't forget to update src/**/CHANGELOG.md files -->
| BC breaks? | no <!-- see https://symfony.com/bc -->
| Deprecations? | no
| Tests pass? | yes
| License | MIT
| Doc PR | symfony/symfony-docs#... <!-- required for new features -->
<!--
Write a short README entry for your feature/bugfix here (replace this comment block.)
This will help people understand your PR and can be used as a start of the Doc PR.
Additionally:
- Bug fixes must be submitted against the lowest branch where they apply
(lowest branches are regularly merged to upper ones so they get the fixes too).
- Features and deprecations must be submitted against the master branch.
-->
Commits
-------
c7410bef29 Component CssSelector tests
This PR was merged into the 3.4 branch.
Discussion
----------
Revert "bug #29597 [DI] fix reporting bindings on overriden services as unused"
This reverts commit 44e9a91f30, reversing
changes made to 91b28ff081.
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #29836
| License | MIT
| Doc PR |
4.2.2 release changed the way tagged service are injected
As asked by @nicolas-grekas https://github.com/symfony/symfony/issues/29836#issuecomment-453464500
Commits
-------
b3e17d2101 Revert "bug #29597 [DI] fix reporting bindings on overriden services as unused (nicolas-grekas)"
This PR was submitted for the master branch but it was merged into the 3.4 branch instead (closes#29833).
Discussion
----------
[DebugClassLoader] expose proxyfied findFile() method
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
As bad as it is, some third party libraries expect that at least one autoload function will be the Composer one and have behaviors that relies on the public `findFile` method.
When the `DebugClassLoader` wraps the Composer `ClassLoader`, the function `findFile` is currently lost. So it becomes impossible to use the `DebugClassLoader` with these libraries.
This is for example the case in Drupal 😢 (cf 83bc30ac40/lib/Drupal/Component/ClassFinder/ClassFinder.php).
Fixing these bad implementations in third party libraries can take forever as things move way slower than in Symfony. This is why I think supporting this case directly in Symfony is better. It's easy and will make the `DebugClassLoader` compatible with more cases.
What could be done to go further in this direction would be to proxify any method implementend by wrapped class loaders.
Commits
-------
4f690a31c6 [DebugClassLoader] Readd findFile() method
This PR was merged into the 3.4 branch.
Discussion
----------
[Console] Fix composer.json suggest/provide
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
For using the ConsoleLogger you need to require psr/log, not a psr/log-implementation given ConsoleLogger is an implem.
Commits
-------
4db43f3e76 [Console] Fix composer.json suggest/provide
This PR was merged into the 3.4 branch.
Discussion
----------
[TwigBridge] account for the short array syntax in Twig
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
Commits
-------
59a4dc609d account for the short array syntax in Twig
This PR was submitted for the master branch but it was merged into the 3.4 branch instead (closes#29815).
Discussion
----------
[Console] Fix phpdoc for InputOption shortcut
symfony documentation tells people to pass null, and it is the default, but the method docs don't allow it so static analyzers complain about it (spotted by phan)
| Q | A
| ------------- | ---
| Branch? | 3.4 (careful when merging)
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
Commits
-------
64a65e9cd1 Fix docs
symfony documentation tells people to pass null, and it is the default, but the method docs don't allow it so static analyzers complain about it (spotted by phan)
This PR was merged into the 3.4 branch.
Discussion
----------
[fabbot] enable short arrays
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
Let's move to short arrays, but let's do it in a smooth way.
This PR enables short arrays for php-cs-fixer, making PRs red when they don't follow the CS.
We should then ask all authors of pending PRs to rebase their PR and apply the CS patch.
This will need some time.
Then, in 1-2 months, we'll be able to move all the code base to short arrays without creating hundred merge conflicts with all pending PRs, hopefully.
Commits
-------
84e72e0061 [fabbot] enable short arrays
