* 3.3:
fixed CS
fixed CS
[Security] Namespace generated CSRF tokens depending of the current scheme
ensure that submitted data are uploaded files
[Console] remove dead code
bumped Symfony version to 3.3.13
updated VERSION for 3.3.12
updated CHANGELOG for 3.3.12
bumped Symfony version to 2.8.31
updated VERSION for 2.8.30
updated CHANGELOG for 2.8.30
bumped Symfony version to 2.7.38
updated VERSION for 2.7.37
updated CHANGELOG for 2.7.37
[Security] Validate redirect targets using the session cookie domain
prevent bundle readers from breaking out of paths
* 2.8:
fixed CS
fixed CS
[Security] Namespace generated CSRF tokens depending of the current scheme
ensure that submitted data are uploaded files
[Console] remove dead code
bumped Symfony version to 2.8.31
updated VERSION for 2.8.30
updated CHANGELOG for 2.8.30
bumped Symfony version to 2.7.38
updated VERSION for 2.7.37
updated CHANGELOG for 2.7.37
[Security] Validate redirect targets using the session cookie domain
prevent bundle readers from breaking out of paths
* 2.7:
fixed CS
fixed CS
[Security] Namespace generated CSRF tokens depending of the current scheme
ensure that submitted data are uploaded files
[Console] remove dead code
bumped Symfony version to 2.7.38
updated VERSION for 2.7.37
updated CHANGELOG for 2.7.37
[Security] Validate redirect targets using the session cookie domain
prevent bundle readers from breaking out of paths
This PR was merged into the 2.7 branch.
Discussion
----------
Validate redirect targets using the session cookie domain
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
<!--
- Bug fixes must be submitted against the lowest branch where they apply
(lowest branches are regularly merged to upper ones so they get the fixes too).
- Features and deprecations must be submitted against the master branch.
- Please fill in this template according to the PR you're about to submit.
- Replace this comment by a description of what your PR is solving.
-->
Commits
-------
52b06f1c21 [Security] Validate redirect targets using the session cookie domain
This PR was merged into the 3.4 branch.
Discussion
----------
[FrameworkBundle] Add default translations path option and convention
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | ToDo
Similar to Twig default path, this proposal adds a `default_path` option under `translator` config:
```yaml
framework:
translator:
default_path: '%kernel.project_dir%/config/translations'
```
adding this default path to the discovered translations dirs. Thus, overriding bundle translations is possible by using this new convention: `config/translations/<BundleName>/messages.en.xlf`.
Also a new container parameter `%translator.default_path%` is defined by external purpose (similar to https://github.com/symfony/symfony/pull/24840)
Note: The current convention `%kernel.root_dir%/Resources/translations` path has priority over the new one.
TODO:
- [x] Add more tests about the new path
- [x] Update changelog
Commits
-------
1a8b1b41c9 Add default translations path option and convention
* 3.3:
[Intl] Update ICU data to 60.1
[YAML] Allow to parse custom tags when linting yaml files
[HttpKernel][Debug] Remove noise from stack frames of deprecations
[Validator] Fix Costa Rica IBAN format
[Bridge/ProxyManager] Remove direct reference to value holder property
[Validator] Add Belarus IBAN format
[FrameworkBundle] Specifically inject the debug dispatcher in the collector
[WebserverBundle] fixed the bug that caused that the webserver would …
update the pull request template
[Stopwatch] minor fix
* 2.8:
[Intl] Update ICU data to 60.1
[Validator] Fix Costa Rica IBAN format
[Bridge/ProxyManager] Remove direct reference to value holder property
[Validator] Add Belarus IBAN format
[FrameworkBundle] Specifically inject the debug dispatcher in the collector
update the pull request template
[Stopwatch] minor fix
* 2.7:
[Intl] Update ICU data to 60.1
[Validator] Fix Costa Rica IBAN format
[Bridge/ProxyManager] Remove direct reference to value holder property
[Validator] Add Belarus IBAN format
[FrameworkBundle] Specifically inject the debug dispatcher in the collector
update the pull request template
[Stopwatch] minor fix
This PR was merged into the 3.4 branch.
Discussion
----------
[FrameworkBundle] Add default mapping path for validator component in bundle-less app
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | ToDo
Same approach of https://github.com/symfony/symfony/pull/24833
Commits
-------
4e0daecc63 Add default mapping path for validator component
This PR was merged into the 3.4 branch.
Discussion
----------
[FrameworkBundle] Add default mapping path for serializer component in bundle-less app
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | ToDo
> http://symfony.com/doc/current/serializer.html#using-serialization-groups-annotations:
> In addition to the @Groups annotation, the Serializer component also supports Yaml or XML files. These files are automatically loaded when being stored in one of the following locations:
>* The `serialization.yml` or `serialization.xml` file in the `Resources/config/` directory of a bundle;
>* All `*.yml` and `*.xml` files in the `Resources/config/serialization/` directory of a bundle.
Inspired by the second convention, this proposal adds one more but for bundle-less structure. Theoretically this is what it does for you:
```yaml
framework:
serializer:
mapping:
paths:
- '%kernel.project_dir%/config/serializer/'
```
Commits
-------
43895b8dae Add default mapping path for serializer component
This PR was merged into the 3.4 branch.
Discussion
----------
[TwigBundle] Add default Twig templates path as a container param
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #24839
| License | MIT
| Doc PR | N/A
Adds a `twig.default_path` container param for easier access to this config in compiler passes.
Commits
-------
81b38ec215 [TwigBundle] Add default Twig templates path as a container param
This PR was merged into the 2.7 branch.
Discussion
----------
[FrameworkBundle] Specifically inject the debug dispatcher in the collector
| Q | A
| ------------- | ---
| Branch? | 2.7 <!-- see comment below -->
| Bug fix? | yes
| New feature? | no <!-- don't forget to update src/**/CHANGELOG.md files -->
| BC breaks? | no
| Deprecations? | no <!-- don't forget to update UPGRADE-*.md files -->
| Tests pass? | yes
| Fixed tickets | N/A <!-- #-prefixed issue number(s), if any -->
| License | MIT
| Doc PR | N/A
This ensures we always collect data about events, even when the `event_dispatcher` service is decorated, no matter the decoration order.
Commits
-------
7b3a641acc [FrameworkBundle] Specifically inject the debug dispatcher in the collector
This PR was merged into the 3.4 branch.
Discussion
----------
[DI] Add "container.hot_path" tag to flag the hot path and inline related services
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
This PR is the result of my quest to squeeze some performance out of 3.4/4.0.
It builds on two ideas:
- a new `container.inline` tag that identifies the services that are *always* needed. This tag is only applied to a very short list of bootstrapping services (`router`, `event_dispatcher`, `http_kernel` and `request_stack` only). Then, it is propagated to all dependencies of these services, with a special case for event listeners, where only listed events are propagated to their related listeners.
- replacing the PHP autoloader by plain inlined `require_once` in generated service factories, with the benefit of completely bypassing the autoloader for services and their class hierarchy.
The end result is significant, even on a simple Hello World.
Here is the Blackfire profile, results are consistent with `ab` benchmarks:
https://blackfire.io/profiles/compare/b5fa5ef0-755c-4967-b990-572305f8f381/graph
![capture du 2017-11-08 16-54-28](https://user-images.githubusercontent.com/243674/32558666-a3f439b2-c4a5-11e7-83a3-db588c3e21e5.png)
Commits
-------
f7cb559a06 [DI] Add "container.hot_path" tag to flag the hot path and inline related services
* 3.3:
Random fixes
Docblock fixes
[HttpKernel] Enhance deprecation message
[SecurityBundle] Fix the datacollector to properly support decision.object being null
This PR was merged into the 3.3 branch.
Discussion
----------
[SecurityBundle] Fix the datacollector to properly support decision.object being null
| Q | A
| ------------- | ---
| Branch? | 3.3 <!-- see comment below -->
| Bug fix? | yes
| New feature? | no <!-- don't forget to update src/**/CHANGELOG.md files -->
| BC breaks? | no
| Deprecations? | no <!-- don't forget to update UPGRADE-*.md files -->
| Tests pass? | yes
| Fixed tickets | #24804 <!-- #-prefixed issue number(s), if any -->
| License | MIT
| Doc PR | N/A
Similar to https://github.com/symfony/symfony/pull/23050, when accessing a `Data` clone property through `__get()` and the value is `null` for instance, you'll really get `null` instead of a `Data` instance. The solution is to use `seek` instead whenever we access and try to use `profiler_dump` on a `Data` property that can be a simple scalar like `null` or `false`. AFAIK, `decision.object` is the only one here.
Commits
-------
769a5f204f [SecurityBundle] Fix the datacollector to properly support decision.object being null
This PR was merged into the 2.8 branch.
Discussion
----------
Fix dump panel hidden when closing a dump
| Q | A
| ------------- | ---
| Branch? | 2.8
| Bug fix? | yes-ish
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
In the dump panel of the debug bar, when closing a dump the panel sometimes get hidden:
![before](https://user-images.githubusercontent.com/1736542/31867025-615e9c48-b788-11e7-8329-96716c211523.gif)
This is because when the size of the panel is reduced, if the mouse is not over it anymore, the `:hover` pseudo-class does not apply anymore.
I "fixed" it by setting a min-height on the panel when closing a dump. The min-height is removed when leaving the panel _on purpose_:
![after](https://user-images.githubusercontent.com/1736542/31867054-d01a01cc-b788-11e7-9ef7-8418ae2b3094.gif)
For now I only tested it on Firefox 56 on Arch Linux.
Commits
-------
2e0b263d9c Fix dump panel hidden when closing a dump
* 3.3:
[Serializer] Fix extra attributes when no group specified
[Intl] Make intl-data tests pass and save language aliases again
[Console] Fix CommandTester::setInputs() docblock
[Serializer] readd default argument value
[VarDumper] fix trailling comma when dumping an exception
Remove useless docblocks
[FrameworkBundle] Fix docblocks
[PropertyInfo] Remove useless docblocks
This PR was squashed before being merged into the 2.7 branch (closes#24666).
Discussion
----------
[WebProfilerBundle] add missing tests
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | none
| License | MIT
This PR fixes one test in WebDebugToolbarListenerTest and adds one that was missing (more detailed description is available in the commits description)
Commits
-------
363d3a8cf2 [WebProfilerBundle] add missing tests
This PR was merged into the 2.7 branch.
Discussion
----------
[FrameworkBundle][Routing] Remove unused logger argument
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | no
| New feature? | no <!-- don't forget to update src/**/CHANGELOG.md files -->
| BC breaks? | no
| Deprecations? | no <!-- don't forget to update UPGRADE-*.md files -->
| Tests pass? | yes
| Fixed tickets | N/A <!-- #-prefixed issue number(s), if any -->
| License | MIT
| Doc PR | N/A
This argument was never used as far as the FrameworkBundle Router was.
But actually don't we want to add the `$logger` argument to this class? It's used by the `UrlGenerator` when `router.strict_requirements` is `false` for instance:
<img width="1064" alt="screenshot 2017-10-29 a 09 57 31" src="https://user-images.githubusercontent.com/2211145/32142080-482bc64e-bc90-11e7-8382-b78b507bae48.PNG">
Commits
-------
dc9492eb6f [FrameworkBundle][Routing] Remove unused logger argument
This PR was merged into the 3.4 branch.
Discussion
----------
symfony/form auto-enables symfony/validator, even when not present
| Q | A
| ------------- | ---
| Branch? | 3.4 or master / 2.7, 2.8 or 3.3 <!-- see comment below -->
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | not needed
In #24303, we allowed form to be used without the validator component. But, there is a small problem with the logic: the validation system is set to enabled, even if it is not present. If you install form but NOT validator, you see the error:
> Validation support cannot be enabled as the Validator component is not installed.
Assuming the form system really is usable without validation, this should be an easy merge.
Commits
-------
03c0254296 Only enabling validation if it is present