This PR was merged into the 2.7 branch.
Discussion
----------
[DI] Resolve aliases earlier
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
Not a bug fix because a compiler pass already resolves aliases, but makes reasoning locally about the code easier.
Commits
-------
9922827cc2 [DI] Resolve aliases earlier
This PR was merged into the 2.7 branch.
Discussion
----------
[Security] validate empty passwords again
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | https://github.com/symfony/symfony/pull/23341#issuecomment-315341226
| License | MIT
| Doc PR |
It looks like this part of #23341 causes serious security issues for some users who rely on the validator to also compare the empty string with their user's password (see for example https://github.com/symfony/symfony/pull/23341#issuecomment-315341226). Thus I suggest to revert this part of #23341.
Commits
-------
878198cefa [Security] validate empty passwords again
This PR was merged into the 2.7 branch.
Discussion
----------
[DI] Remove irrelevant comment from container
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes-ish
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #... <!-- #-prefixed issue number(s), if any -->
| License | MIT
| Doc PR | symfony/symfony-docs#... <!--highly recommended for new features-->
Spotted in #22811
Commits
-------
595a225a0f [DI] Remove irrelevant comment from container
This PR was squashed before being merged into the 2.7 branch (closes#23468).
Discussion
----------
[DI] Handle root namespace in service definitions
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #... <!-- #-prefixed issue number(s), if any -->
| License | MIT
| Doc PR | symfony/symfony-docs#... <!--highly recommended for new features-->
Fixes
```
Cannot dump definition because of invalid class name ('\\stdClass')
```
for
```yaml
services:
foo: {class: '\stdClass' }
```
`ContainerBuilder` allows it, so `PhpDumper` should as well.
Commits
-------
05170c8 [DI] Handle root namespace in service definitions
This PR was merged into the 2.7 branch.
Discussion
----------
[Security] Fix authentication.failure event not dispatched on AccountStatusException
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | https://github.com/symfony/symfony/issues/18807
| License | MIT
| Doc PR | n/a
Authentication fails if the user exists but its account is disabled/expired/locked, the failure event should be dispatched in this case, so that you can hook into as for any authentication exception.
Commits
-------
64c2efd [Security] Fix authentication.failure event not dispatched on AccountStatusException
This PR was merged into the 2.7 branch.
Discussion
----------
[Filesystem] Dont copy perms when origin is remote
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #23312
| License | MIT
| Doc PR | -
Commits
-------
7b442211dc [Filesystem] Dont copy perms when origin is remote
This PR was merged into the 2.7 branch.
Discussion
----------
[DoctrineBridge][Security][Validator] do not validate empty values
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #23319
| License | MIT
| Doc PR |
Nearly all validators operating on scalar values (except for some special constraints) do ignore empty values. If you want to forbid them, you have to use the `NotBlank` constraint instead.
Commits
-------
fd7ad234bc do not validate empty values
This PR was merged into the 2.7 branch.
Discussion
----------
[Validator] Throw exception on Comparison constraints null options
| Q | A
| ------------- | ---
| Branch? | 2.7 <!-- see comment below -->
| Bug fix? | no. There is no bug, but the constraint can be silently created in an invalid state.
| New feature? | no <!-- don't forget updating src/**/CHANGELOG.md files -->
| BC breaks? | no
| Deprecations? | no <!-- don't forget updating UPGRADE-*.md files -->
| Tests pass? | yes (failure unrelated)
| Fixed tickets | N/A <!-- #-prefixed issue number(s), if any -->
| License | MIT
| Doc PR | N/A
Commits
-------
2de59a7381 [Validator] Throw exception on Comparison constraints null options
This PR was merged into the 2.7 branch.
Discussion
----------
[Security] fix switch user _exit without having current token
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #22729
| License | MIT
| Doc PR | -
Attempting to `_exit` from a switched user caused an error when not having any token in the storage (for example happens when not logged in + disallowing anonymous users on that firewall):
`[1] Symfony\Component\Debug\Exception\FatalThrowableError: Type error: Argument 1 passed to Symfony\Component\Security\Http\Firewall\SwitchUserListener::getOriginalToken()
must be an instance of Symfony\Component\Security\Core\Authentication\Token\TokenInterface, null given, called in
symfony/symfony/src/Symfony/Component/Security/Http/Firewall/SwitchUserListener.php on line 164`
Commits
-------
16da6861be [Security] fix switch user _exit without having current token
This PR was merged into the 2.7 branch.
Discussion
----------
[Routing] Fix XmlFileLoader exception message
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| License | MIT
When an `XmlFileLoader` encounters an unknown tag it throws an exception with message like `Unknown tag "foo" used in file "bar". Expected "default", "requirement" or "option".`. A proper message should be `Unknown tag "foo" used in file "bar". Expected "default", "requirement", "option" or "condition".`
Commits
-------
f6a94cb56f [Routing] Fix XmlFileLoader exception message
This PR was squashed before being merged into the 2.7 branch (closes#23129).
Discussion
----------
Fix two edge cases in ResponseCacheStrategy
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
While reviewing how `ResponseCacheStrategy` calculates the caching-related headers for responses that embed subrequests, I came across two cases that I think are currently implemented incorrectly.
a) When the main response is public and cacheable with an expiration time, but it embeds (via ESI) a controller that does not set any caching-related headers, this embedded response is more constrained. So, the resulting (combined) response must not be cacheable, especially it may not keep the s-maxage.
b) When the main response is public and cacheable with an expiration time, but it embeds (via ESI) a controller that explicitly creates a "private" response, the resulting (combined) response must be private as well.
Commits
-------
c6e8c07e4d Fix two edge cases in ResponseCacheStrategy
This PR was squashed before being merged into the 2.7 branch (closes#23092).
Discussion
----------
[Filesystem] added workaround in Filesystem::rename for PHP bug
[Filesystem] added workaround in Filesystem::rename for https://bugs.php.net/bug.php?id=54097
Standard PHP rename() of dirs across devices/mounted filesystems produces confusing copy error & throws IOException in Filesystem::rename. I got it during console cache:clear in the Docker environment. This PR possible fixes https://github.com/symfony/symfony/issues/19851 and other environment related issues.
Workaround is on \rename() fails try to Filesystem::mirror & Filesystem::remove if $origin is directory
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
Commits
-------
3ccbc479da [Filesystem] added workaround in Filesystem::rename for PHP bug
This PR was squashed before being merged into the 2.7 branch (closes#23123).
Discussion
----------
Add tests for ResponseCacheStrategy to document some more edge cases
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
Adds some test cases for possible combinations of master/subrequest responses to better document behaviour in edge cases. Should now cover the entire `ResponseCacheStrategy`.
I hope 2.7 is the right target branch because having more tests for all releases should be a good thing™️.
Commits
-------
69e84633dd Add tests for ResponseCacheStrategy to document some more edge cases
This PR was merged into the 2.7 branch.
Discussion
----------
[HttpFoundation] fix for Support for new 7.1 session options
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #21606
| License | MIT
| Doc PR | n/a
Commits
-------
71c1b6f5bffixes#21606
This PR was merged into the 2.7 branch.
Discussion
----------
[FormBuilderInterface] Fixed PHPdoc return references
| Q | A
| ------------- | ---
| Branch? | 2.7 and higher
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | N/A (phpdoc)
| License | MIT
In a case where the method `createFormBuilder()` was used where the methods `add()` and `getForm()` were chained onto it, the final resulting object was no longer a FormBuilder object as the `add()` and `remove()` methods was using a return variable that didn't work.
Should reference `self` as interfaces do not have a `$this` object.
Commits
-------
2f350d1d38 Fixed PHPdoc return references in FormBuilderInterface
This PR was squashed before being merged into the 2.7 branch (closes#22931).
Discussion
----------
SCA with Php Inspections (EA Extended): 2.7
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
Static Code Analysis with Php Inspections (EA Extended): dead code and control flow tweaks.
Commits
-------
598ae56cc9 SCA with Php Inspections (EA Extended): 2.7
This PR was merged into the 2.7 branch.
Discussion
----------
Cache ipCheck (2.7)
In our app we use trusted proxies. Using Blackfire we found `IpUtils::checkIp` was being called 454 times taking 3.15ms.
Caching the result saves those 3ms.
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
Commits
-------
bcb80569cb Cache ipCheck
This PR was merged into the 2.7 branch.
Discussion
----------
[Form] Mix attr option between guessed options and user options
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #19871
| License | MIT
Commits
-------
84f5de902d mix attr options between type-guess options and user options
This PR was squashed before being merged into the 2.7 branch (closes#22847).
Discussion
----------
[Console] ChoiceQuestion must have choices
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #22842
| License | MIT
| Doc PR | symfony/symfony-docs#... <!--highly recommended for new features-->
<!--
-->
Commits
-------
96e307fd5c [Console] ChoiceQuestion must have choices
This PR was squashed before being merged into the 2.7 branch (closes#22718).
Discussion
----------
[Console] Fixed different behaviour of key and value user inputs in multiple choice question
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #22706
| License | MIT
| Doc PR | -
Fixed a bug when value from multiple choice list could not be selected by user's input
while it could be selected by typing its index in the list.
Commits
-------
2861bd7b01 [Console] Fixed different behaviour of key and value user inputs in multiple choice question
This PR was merged into the 2.7 branch.
Discussion
----------
Fix missing abstract key in XmlDumper
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | none
| License | MIT
| Doc PR | n/a
Unless I'm missing something, the abstract key was missing in the XmlDumper. I noticed it when using `debug:container some_abstract_service` and was seeing "no" for abstract.
When this merges to 3.3, the `services-abstract.xml` will need to change to this:
```xml
<?xml version="1.0" encoding="utf-8"?>
<container xmlns="http://symfony.com/schema/dic/services" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://symfony.com/schema/dic/serviceshttp://symfony.com/schema/dic/services/services-1.0.xsd">
<services>
<service id="service_container" class="Symfony\Component\DependencyInjection\ContainerInterface" synthetic="true"/>
<service id="foo" class="Foo" abstract="true"/>
<service id="Psr\Container\ContainerInterface" alias="service_container" public="false"/>
<service id="Symfony\Component\DependencyInjection\ContainerInterface" alias="service_container" public="false"/>
</services>
</container>
```
Commits
-------
40f60ec60d Fixing missing abstract attribute in XmlDumper
This PR was squashed before being merged into the 2.7 branch (closes#22748).
Discussion
----------
[Intl] Fix bin/common.php PHP7 compatibility
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #22735
| License | MIT
Created for Symfony 2.7 version which is the oldest maintained impacted branch.
Commits
-------
c2ccf36 [Intl] Fix bin/common.php PHP7 compatibility
This PR was squashed before being merged into the 2.7 branch (closes#22627).
Discussion
----------
[Intl] Update ICU data to 59.1
| Q | A
| ------------- | ---
| Branch? | 2.7
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
The [GMT timezone has been split from the UTC](http://site.icu-project.org/download/59) timezone [in CLDR](http://cldr.unicode.org/index/downloads/cldr-31) (which ICU is based on).
For example, the code blow:
* before ICU 59.1 would return "GMT" in all cases
* with ICU 59.1 it returns "UTC" for the first three ('z', 'zz', 'zzz')
and "Coordinated Universal Time" for the last two ('zzzz', 'zzzzz').
```php
foreach (['z', 'zz', 'zzz', 'zzzz', 'zzzzz'] as $pattern) {
$formatter = new \IntlDateFormatter('en', IntlDateFormatter::MEDIUM, IntlDateFormatter::SHORT, new \DateTimeZone('UTC'), IntlDateFormatter::GREGORIAN, $pattern);
var_dump($formatter->format(new \DateTime('@0')));
}
```
Similarly Form's `DateTimeToLocalizedStringTransformer` is also affected:
```php
$transformer = new DateTimeToLocalizedStringTransformer('UTC', 'UTC', null, \IntlDateFormatter::FULL);
var_dump($transformer->transform(new \DateTime('2010-02-03 04:05:06 UTC')));
// ICU 58.2: '03.02.2010, 04:05:06 GMT'
// ICU 59.1: '03.02.2010, 04:05:06 Koordinierte Weltzeit'
```
Refer to added and modified test cases for more changes. I split this PR in two commits for easier review. First commit updates ICU data (generated files), the second updates code and test cases to be compatible with updated data.
Commits
-------
5d3d1b25e0 [Intl][Form] Update tests, TimeZoneTransformer, and DateTimeToLocalizedStringTransformer for the GMT and UTC split in ICU
00acb37205 [Intl] Update ICU data to 59.1
