This PR was merged into the 4.4 branch.
Discussion
----------
[FrameworkBundle] Fix deprecation message for booting a kernel twice
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | no
| New feature? | no <!-- please update src/**/CHANGELOG.md files -->
| Deprecations? | no <!-- please update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| Tickets | - <!-- prefix each issue number with "Fix #", if any -->
| License | MIT
| Doc PR | - <!-- required for new features -->
<!--
Replace this notice by a short README for your feature/bugfix. This will help people
understand your PR and can be used as a start for the documentation.
Additionally (see https://symfony.com/releases):
- Always add tests and ensure they pass.
- Never break backward compatibility (see https://symfony.com/bc).
- Bug fixes must be submitted against the lowest maintained branch where they apply
(lowest branches are regularly merged to upper ones so they get the fixes too.)
- Features and deprecations must be submitted against branch master.
-->
Commits
-------
a0a6243a21 Fix deprecation messages
This PR was merged into the 4.4 branch.
Discussion
----------
[DI] fix preloading script generation
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | -
(fabbot failure is a false positive)
On master, we should work on being able to preload more classes (esp. all cache-warmup artifacts).
But for 4.4, this is good enough. Submitted as a bug fix because 1. the current code that deals with preloading kinda-works, but only on "dev" mode... and 2. fixing it provides a nice boost!
Small bench on a hello world:
- before: 380 req/s
- after: 580 req/s
That's +50%!
Pro-tip: adding a few `class_exists()` as done in this PR for the classes that are always used in the implementations (e.g. `new Foo()` in the constructor) will help the preload-script generator to work optimally. Without them, it will discover the symbols to preload only if they're found on methods.
Some of those `class_exists()` are mandatory, in relation to anonymous classes and https://bugs.php.net/79349
Commits
-------
a10fc4da5d [DI] fix preloading script generation
This PR was squashed before being merged into the 3.4 branch.
Discussion
----------
[FrameworkBundle] start session on flashbag injection
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | Fix [#33084](https://github.com/symfony/symfony/issues/33084)
| License | MIT
This PR addresses an issue whereby if the FlashBag is injected into the application using the default service configuration, we cannot rely that the session has been started. This behaviour is in contradiction to [the docs](https://symfony.com/doc/current/session.html#avoid-starting-sessions-for-anonymous-users):
> Sessions are automatically started whenever you read, write or even check for the existence of data in the session.
This is because symfony ensures the session has been started on calls to getFlashBag() which is normally how the flashbag will be accessed but this is not called if you inject the FlashBag directly into the container.
I have addressed this issue by changing the way the Flashbag service is built so that it uses Session as a factory service and getFlashBag as a factory method. This means that anywhere in symfony where FlashBag is injected can now rely on the fact the session is started.
I have also added a new functional test to verify this behaviour.
Commits
-------
e8b4d35616 [FrameworkBundle] start session on flashbag injection
* 3.4:
[Yaml] fix dumping strings containing CRs
[DI] Fix XmlFileLoader bad error message
Tweak message
improve PlaintextPasswordEncoder docBlock summary
[Validator] Add two missing translations for the Arabic (ar) locale
Use some PHP 5.4 constants unconditionally
Revert "bug symfony#28179 [DomCrawler] Skip disabled fields processing in Form"
Add Spanish translation
Fix typo
[Validator] add Japanese translation
Fix typo
Add Polish translation
[SecurityBundle] Minor fixes in configuration tree builder
bumped Symfony version to 3.4.39
updated VERSION for 3.4.38
update CONTRIBUTORS for 3.4.38
updated CHANGELOG for 3.4.38
This PR was merged into the 5.1-dev branch.
Discussion
----------
[FrameworkBundle] Add missing items in the unused tag pass whitelist
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | yes
| New feature? | no <!-- please update src/**/CHANGELOG.md files -->
| Deprecations? | no <!-- please update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| Tickets | n/a <!-- prefix each issue number with "Fix #", if any -->
| License | MIT
| Doc PR | n/a
We have some missing tags in the whitelist. I've added a script that adds the missing ones, and added a test to avoid forgetting about updating the whitelist.
Commits
-------
d1bcc0fc5e [FrameworkBundle] Add a script that checks for missing items in the unused tag whitelist
* 3.4:
fix unix root dir issue
sync validator translation files with master
fix anchor
fix links to releases page (formerly known as "roadmap")
[Console] Don't load same-namespace alternatives on exact match found
* 3.4:
[FrameworkBundle] fix "samesite" in XSD
Update UserPasswordEncoderCommand.php
[HttpFoundation][FrameworkBundle] fix support for samesite in session cookies
[DoctrineBridge] Fixed submitting ids with query limit or offset
This PR was merged into the 3.4 branch.
Discussion
----------
[HttpFoundation][FrameworkBundle] fix support for samesite in session cookies
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | Fix#35520
| License | MIT
| Doc PR | -
This PR cherry-picks #28168 on 3.4, with a rationale given by @ConneXNL in https://github.com/symfony/symfony/issues/35520#issuecomment-582296847:
> I hope I am wrong but I see the impact of not making any changes to Symfony 3.4 will have a tons of sites break if we cannot set the cookie's samesite setting (in the framework session and remember me) before Chrome pushes this update.
>
> Very soon all existing cookies are no longer going to work with cross-domains if you do not specify 'None' for the cookie_samesite. All external APIs that use cookies and are running SF 3.4 will break and devs will have no quick solution to fix their auth process.
>
> If you are using PHP 7.4, yes you can most likely use ini_set to workaround this issue.
>
> However, ini_set('cookie_samesite') does not work in PHP Version <= 7.2.
I am not even sure PHP 7.3 supports the value 'None' as php.watch/articles/PHP-Samesite-cookies says it has support for 'Lax' and 'Scrict'.
>
> This effectively means SF 3.4 on PHP 7.2 (or PHP 7.3) is no longer supported for cross domain APIs with cookies. People would have to either update PHP to 7.4 (if they even can?) or go to Symfony 4 (with a dead live site is going to be a complete disaster).
>
> Since the impact of the change that chrome is about to roll out is so fundamentally changing our way to set cookies, I consider configuring samesite configuration in the framework an absolute requirement, not a feature, especially since SF 3.4 is still supported.
>
> What am i missing?
>
> Note: SF3 HTTPFoundation already supports the new cookie settings, it's just the framework that doesn't support it.
Our BC policy embeds the promise that one should be able to keep the same app on a newest infrastructure (eg that's why supporting a PHP version is a bug fix). I think we can consider this for browsers here also. WDYT?
Commits
-------
f46e6cb8a0 [HttpFoundation][FrameworkBundle] fix support for samesite in session cookies
This PR was merged into the 4.4 branch.
Discussion
----------
Fix HTTP client config handling
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | -
Defining a `key` parameter in the `query` option of a scoped HTTP client triggers an error:
```
Undefined index: value
```
This PR fixes this issue but an edge case still remains with YAML and PHP config. If one wants to define parameters `key=foo`, `value=bar` and nothing else, the query will actually be `foo=bar` instead of `key=foo&value=bar`. Not sure how to fix this case without breaking the tests I added here.
Commits
-------
963d0cce86 Fix HTTP client config handling
* 3.4:
[Phpunit] Fix running skipped tests expecting only deprecations
[DependencyInjection] #35505 Fix typo in test name
[Yaml][Inline] Fail properly on empty object tag and empty const tag
Check non-null type for numeric type
Check value isset to avoid PHP notice
bug symfony#28179 [DomCrawler] Skip disabled fields processing in Form
This PR was merged into the 3.4 branch.
Discussion
----------
[FrameworkBundle] Check non-null type for numeric type
$maxAge and $sharedAge can both be zero
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | no <!-- please update src/**/CHANGELOG.md files -->
| Deprecations? | no <!-- please update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| License | MIT
Commits
-------
2797867ae9 Check non-null type for numeric type
This PR was squashed before being merged into the 4.4 branch (closes#35486).
Discussion
----------
[Translator] Default value for 'sort' option in translation:update should be 'asc'
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets |
| License | MIT
| Doc PR |
The value for 'sort' option for `bin/console translation:update --sort` is optional, but no default value is defined. So the list isn't sorted if no value is explicitly defined.
This MR brings a default value "asc" if no value is defined, so the list is correctly sorted.
Commits
-------
fdb13c8ab8 [Translator] Default value for 'sort' option in translation:update should be 'asc'
This PR was merged into the 4.4 branch.
Discussion
----------
Fixes a runtime error when accessing the cache panel
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | Fix#35419
| License | MIT
| Doc PR | symfony/symfony-docs#... <!-- required for new features -->
Fixes a runtime error (_Impossible to access an attribute ("value") on a double variable..._) when accessing the cache panel on 4.4.3
Commits
-------
4740b10132 Fixes a runtime error (Impossible to access an attribute ("value") on a double variable...) when accessing the cache panel (@see #35419)
This PR was merged into the 4.4 branch.
Discussion
----------
[FrameworkBundle] Add --show-arguments example to debug:container command help text
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | no
| New feature? | no <!-- please update src/**/CHANGELOG.md files -->
| Deprecations? | no <!-- please update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| Tickets | - <!-- prefix each issue number with "Fix #", if any -->
| License | MIT
| Doc PR | - <!-- required for new features -->
I like this option a lot and I think it deserves to be mentioned in the command help text :-)
Commits
-------
f703a58215 [FrameworkBundle] Add --show-arguments example to debug:container command help text
This PR was squashed before being merged into the 4.4 branch.
Discussion
----------
Revert #34797 "Fixed translations file dumper behavior" and fix#34713
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | Fix#35264
| License | MIT
| Doc PR | -
Revert https://github.com/symfony/symfony/pull/34797
See also https://github.com/symfony/symfony/issues/35328
It's very likely that the new way will be completely different from this one that is being reverted. That's why I'm reverting rather than fixing it.
Commits
-------
9ca872054bFixed#34713 Move new messages to intl domain when possible
56e79fefa1 Revert "Fixed translations file dumper behavior"
This PR was merged into the 4.4 branch.
Discussion
----------
[FrameworkBundle] Fix small typo in output comment
| Q | A
| ------------- | ---
| Branch? | 4.4 <!-- see below -->
| Bug fix? | no
| New feature? | no <!-- please update src/**/CHANGELOG.md files -->
| Deprecations? | no <!-- please update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| Tickets | - <!-- prefix each issue number with "Fix #", if any -->
| License | MIT
| Doc PR | - <!-- required for new features -->
<!--
Replace this notice by a short README for your feature/bugfix. This will help people
understand your PR and can be used as a start for the documentation.
Additionally (see https://symfony.com/roadmap):
- Always add tests and ensure they pass.
- Never break backward compatibility (see https://symfony.com/bc).
- Bug fixes must be submitted against the lowest maintained branch where they apply
(lowest branches are regularly merged to upper ones so they get the fixes too.)
- Features and deprecations must be submitted against branch master.
-->
Commits
-------
d18f5ed851 [FrameworkBundle] Fix small typo in output comment
* 4.3:
[FrameworkBundle] remove messenger cache if not enabled
[HttpClient] Fix strict parsing of response status codes
[DI] Suggest typed argument when binding fails with untyped argument
* 4.3:
Avoid stale-if-error if kernel.debug = true, because it hides errors
[Console] Fix SymfonyQuestionHelper tests sometimes failing on AppVeyor
[Workflow] Fix configuration node reference for "initial_marking"
expand listener in place
[DI] deferred exceptions in ResolveParameterPlaceHoldersPass
* 3.4:
Avoid stale-if-error if kernel.debug = true, because it hides errors
[Console] Fix SymfonyQuestionHelper tests sometimes failing on AppVeyor
[DI] deferred exceptions in ResolveParameterPlaceHoldersPass
This PR was merged into the 4.4 branch.
Discussion
----------
[FrameworkBundle] Do not throw exception on value generate key
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | N/A
| License | MIT
| Doc PR | N/A
When using env variable instead of key files and creating a new Secret, the check in `generateKeys` (called by the command `SecretsSetCommand`) prevents generating a secret.
reproducer:
```
$ rm config/secrets/prod/prod.decrypt.private.php
$ export SYMFONY_DECRYPTION_SECRET=XXX
$ ./bin/console secret:set FOO
In SodiumVault.php line 50:
Cannot generate keys when a decryption key has been provided while instantiating the vault.
```
This PR converts the exception in a warning message.
Commits
-------
2f608b4dfa Do not throw exception on valut generate key
* 4.3:
[Debug] fix ClassNotFoundFatalErrorHandler
[Routing] Fix using a custom matcher & generator dumper class
[Dotenv] Fixed infinite loop with missing quote followed by quoted value
[HttpClient] Added missing sprintf
[TwigBridge] button_widget now has its title attr translated even if its label = null or false
[PhpUnitBridge] When using phpenv + phpenv-composer plugin, composer executable is wrapped into a bash script
[Messenger] Added check if json_encode succeeded
[Security] Prevent canceled remember-me cookie from being accepted
[FrameworkBundle][TranslationUpdateCommand] Do not output positive feedback on stderr
[Security\Guard] Fix missing typehints
* 3.4:
[Debug] fix ClassNotFoundFatalErrorHandler
[Dotenv] Fixed infinite loop with missing quote followed by quoted value
[TwigBridge] button_widget now has its title attr translated even if its label = null or false
[PhpUnitBridge] When using phpenv + phpenv-composer plugin, composer executable is wrapped into a bash script
[Security] Prevent canceled remember-me cookie from being accepted
[FrameworkBundle][TranslationUpdateCommand] Do not output positive feedback on stderr
This PR was merged into the 3.4 branch.
Discussion
----------
[Security\Http] Prevent canceled remember-me cookie from being accepted
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | Fix#35198
| License | MIT
| Doc PR | -
`RememberMeServices::autoLogin()` only checks that the cookie exists in `$request->cookies` while `loginFail()` only alter `$request->attributes` (which allows child implementations to read the canceled cookie for e.g. removing a persistent one).
This makes `autoLogin()` checks for `request->attributes` first, which fixes the linked issue.
Failure expected on deps=high build.
Commits
-------
9b711b87fe [Security] Prevent canceled remember-me cookie from being accepted
This PR was merged into the 4.4 branch.
Discussion
----------
[SecurityBundle] fix version when "anonymous: lazy" was introduced
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| Tickets |
| License | MIT
| Doc PR |
Commits
-------
c280a01724 fix version when "anonymous: lazy" was introduced
* 4.3:
[Mailer] Remove line breaks in email attachment content
Update links to documentation
[Validator] Add the missing translations for the Arabic (ar) locale
ensure to expect no validation for the right reasons
[PhpUnitBridge] Add test case for @expectedDeprecation annotation
[PhpUnitBridge][SymfonyTestsListenerTrait] Remove $testsWithWarnings stack
[Mailer][MailchimpBridge] Fix missing attachments when sending via Mandrill API
[Mailer][MailchimpBridge] Fix incorrect sender address when sender has name
[HttpClient] fix capturing SSL certificates with NativeHttpClient
[TwigBridge][Form] Added missing help messages in form themes
Update year in license files
Update year in license files
[HttpClient] fix typo
[Console][FormatterHelper] Use helper strlen statically and remove duplicated code
[Routing] Fix i18n routing when the url contains the locale
Fix BC issue in phpDoc Reflection library
[Translator] Performance improvement in MessageCatalogue and catalogue operations.
* 3.4:
Update links to documentation
[Validator] Add the missing translations for the Arabic (ar) locale
ensure to expect no validation for the right reasons
[PhpUnitBridge] Add test case for @expectedDeprecation annotation
Update year in license files
[Console][FormatterHelper] Use helper strlen statically and remove duplicated code
Fix BC issue in phpDoc Reflection library
[Translator] Performance improvement in MessageCatalogue and catalogue operations.
