This PR was merged into the 4.4 branch.
Discussion
----------
[Messenger] Allow to configure the db index on Redis transport
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | no
| New feature? | yes
| Deprecations? | no
| Tickets | Fix#33724
| License | MIT
| Doc PR | todo
Quite useful for testing.
Commits
-------
115a9bbeda [Messenger] Allow to configure the db index on Redis transport
This PR was squashed before being merged into the 4.4 branch (closes#33881).
Discussion
----------
[VarDumper] Added a support for casting Ramsey/Uuid
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | no
| New feature? | yes
| Deprecations? | no
| Tickets |
| License | MIT
| Doc PR |
I worked on a project using ramsey/uuid and I noticed a dumped uuid does
not contain the uuid. So here we go :)
(Note: don't get me wrong, I still do not recommend this lib)
---
Before / After:
![Before / After](https://user-images.githubusercontent.com/408368/66298080-49892d80-e8f1-11e9-969f-95ae5169adb1.png)
Commits
-------
99247bbd47 [VarDumper] Added a support for casting Ramsey/Uuid
This PR was merged into the 4.4 branch.
Discussion
----------
[Intl] Update the ICU data to 65.1 (4.4 branch)
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| Tickets | Followup for #33862
| License | MIT
| Doc PR | -
Commits
-------
5b2da724d7 [Intl] Update the ICU data to 65.1 (4.4 branch)
* 4.3:
[Intl] Update the ICU data to 65.1 (4.3 branch)
Replace deprecated calls in tests
[Intl] Update the ICU data to 65.1
Delete 5_Security_issue.md
[DI] Whitelist validator.auto_mapper in UnusedTagsPass
[HttpClient] Fixed#33832 NO_PROXY option ignored in NativeHttpClient::request() method
[Cache] give 100ms before starting the expiration countdown
[Cache] fix logger usage in CacheTrait::doGet()
[VarDumper] fix dumping uninitialized SplFileInfo
Added missing translations.
Fixed invalid changelog 4.0.0 for VarDumper
Fixed invalid VarDumper upgrade doc.
[HttpFoundation] Check if data passed to SessionBagProxy::initialize is an array
Don't let falsey usernames slip through
This PR was merged into the 4.3 branch.
Discussion
----------
[Cache] give 100ms before starting the expiration countdown
| Q | A
| ------------- | ---
| Branch? | 4.3
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | Fix#31573, Fix#33837
| License | MIT
| Doc PR | -
Because the expiration count-down starts immediately after calling `CachItem::expiresAfter(N)`, it's impossible to actually cache items for more than `N-1` seconds.
This PR adds a 0.1s grace period so that backends that have a second-level resolution can store the items for `N` seconds, provided the time between calling `CachItem::expiresAfter(N)` and saving the value to the backend is lower than 0.1s.
This PR also fixes the calculation of the computation time in `ContractsTrait`.
Commits
-------
ba63e181fd [Cache] give 100ms before starting the expiration countdown
* 3.4:
[Intl] Update the ICU data to 65.1
[VarDumper] fix dumping uninitialized SplFileInfo
Added missing translations.
Fixed invalid VarDumper upgrade doc.
[HttpFoundation] Check if data passed to SessionBagProxy::initialize is an array
Don't let falsey usernames slip through
This PR was merged into the 3.4 branch.
Discussion
----------
[Intl] Update the ICU data to 65.1
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| Tickets | Fix#33548
| License | MIT
| Doc PR | -
Commits
-------
5cc9811fa9 [Intl] Update the ICU data to 65.1
This PR was merged into the 4.4 branch.
Discussion
----------
[Validator] Fix wrong expression language value
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | -
766162c4c7/src/Symfony/Component/Validator/Constraints/ExpressionValidator.php (L28)
```php
(new ExpressionValidator($propertyAccessor))->validate($object, $constraint);
```
Based on the previous method signature (4.3 above), that code would result in an exception in 4.4:
```
Call to undefined method Symfony\Component\PropertyAccess\PropertyAccessor::evaluate()
```
Spotted by @fancyweb in https://github.com/symfony/symfony/pull/33829#discussion_r330995572
Fixed here and updated test case to avoid regression.
Commits
-------
4288f1c9f9 Fix wrong expression language value
This PR was squashed before being merged into the 4.4 branch (closes#33791).
Discussion
----------
[Form] Added CountryType option for using alpha3 country codes
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | no
| New feature? | yes
| Deprecations? | no
| Tickets | Fixes#20313
| License | MIT
| Doc PR | -
In the linked issue #20313 was a proposal to add an alpha3 option to the country type.
Here it is..
Hopefully I've made no mistake, so when the code is fine, I will create a documentation PR.. :-)
Commits
-------
d07f5a33db [Form] Added CountryType option for using alpha3 country codes
I changed CHANGELOG.md to reflect actual changes in the code. The third argument is called $filter, not $context. This mistake was propageted to UPGRADE-4.0.md. I fixed that in https://github.com/symfony/symfony/pull/33821
This PR was merged into the 4.4 branch.
Discussion
----------
[HttpKernel] Inherit Throwable in HttpExceptionInterface
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| **BC BREAKS?**| **YES**
| Tickets | n/a
| License | MIT
| Doc PR | n/a
When using a static analysis tools, it is not possible to do this:
```php
if ($exception instanceof HttpExceptionInterface) {
$exception->getStatusCode();
$exception->getHeaders();
$exception->getMessage(); // ❌ Will fail here
}
```
This is due to `getMessage()` not being a method declared in `HttpExceptionInterface`. Since Symfony now requires PHP 7.1+ to run, it is safe to inherit from the `Throwable` interface (added in PHP 7.0).
### About backward compatibility
Adding new methods to `HttpExceptionInterface` [breaks BC](https://symfony.com/doc/current/contributing/code/bc.html#changing-interfaces), however this interface shouldn't be used on a class other than an exception, so this shouldn't affect much code.
### About tests
I'm not sure this really needs tests, but maybe I'm wrong? Tell me what to test if you think this is required.
Commits
-------
2ac3fbf232 Inherit Throwable in HttpExceptionInterface
This PR was merged into the 3.4 branch.
Discussion
----------
[Security]: Don't let falsy usernames slip through impersonation
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets |
| License | MIT
| Doc PR |
When you try to impersonate users with a falsy username, `SwitchUserListener::handle()` would `return;` and impersonation would fail.
I'm using a third party OAuth provider that allows users to change their usernames with no guaranteed protection against re-use. To overcome that issue, I implemented `UserLoaderInterface::loadUserByUsername()` and query by a `providerId`.
After loading development fixtures, One user has `0` as it's `providerId`.
Commits
-------
64aecab0a7 Don't let falsey usernames slip through
This PR was merged into the 4.4 branch.
Discussion
----------
[DependencyInjection] added Ability to define a priority method for tagged service
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | no
| New feature? | yes
| Deprecations? | no
| Tickets | Fix#32976
| License | MIT
| Doc PR |
Commits
-------
c1917c2999 [DependencyInjection] added Ability to define a priority method for tagged service
- added deprecation message for non-int return value in Command::execute()
- fixed all core commands to return proper int values
- added proper return type-hint to Command::execute() method in all core Commands