This PR was merged into the 4.2-dev branch.
Discussion
----------
[HttpFoundation] make cookies auto-secure when passing them $secure=null + plan to make it and samesite=lax the defaults in 5.0
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | yes
| Tests pass? | yes
| Fixed tickets | #26731
| License | MIT
| Doc PR | -
By creating Cookie instances using `null` for the `$secure` argument, this PR allows making cookies inherit their "secure" attribute from the request.
This PR also adds a forward to make $secure=null and samesite=lax the defaults in Symfony 5.0:
- either define all constructor's arguments explicitly
- or use the new `Cookie::create()` factory
Commits
-------
9493cfd5f2 [HttpFoundation] make cookies auto-secure when passing them $secure=null + plan to make it and samesite=lax the defaults in 5.0
This PR was merged into the 4.2-dev branch.
Discussion
----------
Trigger deprecation notices when inherited class calls parent method but misses adding new arguments
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | yes
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
This Pull Request concern severals components, the purpose here is to notify in dev mode that in a case of inherit class, a function will have a new or severals arguments in Symfony 5.0, therefore not implement it is deprecated since Symfony 4.2
The function is made by these conditions :
1- ```(func_num_args() < $x)``` where [x] is the number of arguments we will have in Symfony 5.0
this check allow to verify that the arguments are missing
2- ```(__CLASS__ !== \get_class($this))```
this check allow to verify that the name of the class is different than the base class, therefore that we are in the child class
3- ```(__CLASS__ !== (new \ReflectionMethod($this, __FUNCTION__))->getDeclaringClass()->getName())```
this check allow to verify that the class of the current function is different than the base class, therefore the function has been rewrote into the child class
Code exemple :
```
public function method(/* void $myNewArgument = null */)
{
if ((func_num_args() < 1) && (__CLASS__ !== \get_class($this)) && (__CLASS__ !== (new \ReflectionMethod($this, __FUNCTION__))->getDeclaringClass()->getName())){
@trigger_error(sprintf('The "%s()" method will have one `void $myNewArgument = null` argument in version 5.0 and higher.Not defining it is deprecated since Symfony 4.2.', __METHOD__ ), E_USER_DEPRECATED);
}
// do something
}
```
The unit test are made by creating a child Class using for the tested function ```return parent::function()``` and by calling this child class and catching the expected depreciation message
Commits
-------
f75fffa997 Trigger deprecation notices when inherited class calls parent method but misses adding new arguments
Uses `session.cookie_samesite` for PHP >= 7.3. For PHP < 7.3 it first
does a session_start(), find the emitted header, changes it, and emits
it again with the value for SameSite added.
This PR was merged into the 4.2-dev branch.
Discussion
----------
[FrameworkBundle] allow turning routes to utf8 mode by default
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | yes
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
This allows building optimized routers that match in a single regexp instead of an alternate of utf8/non-utf8 set of routes.
Commits
-------
8f359cc047 [FrameworkBundle] allow turning routes to utf8 mode by default
This PR was squashed before being merged into the 4.2-dev branch (closes#27675).
Discussion
----------
[DoctrineBridge] always load event listeners lazy via ServiceLocator
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | yes/no
| Tests pass? | yes
| Fixed tickets | https://github.com/symfony/symfony/issues/27661
| License | MIT
| Doc PR | https://github.com/symfony/symfony-docs/pull/9973
As described in https://github.com/symfony/symfony/issues/27661 this PR suggests to always load doctrine event listeners lazily from a service locator instead of the full service container.
If we agree to move forward I could tackle the remaining todos:
- [x] update UPGRADE.md
- [x] documentation PR
- [x] tested on real app
Commits
-------
130ec0525d [DoctrineBridge] always load event listeners lazy via ServiceLocator
This PR was merged into the 4.2-dev branch.
Discussion
----------
[Config] deprecate tree builders without root nodes
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | yes
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
While reviewing #27472 I wondered if we really need support config trees without a root node. If we did not support it, users wouldn't create pseudo configuration classes when they were actually not needed.
Commits
-------
c2ce15301c deprecate tree builders without root nodes
This PR was squashed before being merged into the 4.2-dev branch (closes#26981).
Discussion
----------
No more support for custom anon/remember tokens based on FQCN
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | yes
| Tests pass? | yes
| Fixed tickets | #26940
| License | MIT
| Doc PR | ~
This PR deprecates the ability to configure a custom anonymous and remember me token class, via the AuthenticationTrustResolver. The only change required _if_ you have changed the token classes like this, is to extend the Anonymous/RememberMe token classes.
Commits
-------
860d4549c2 No more support for custom anon/remember tokens based on FQCN
Fabien Potencier
Robin Chalas
Christian Flothmann
Nicolas Grekas
kevin.nadin
Samuel ROZE
Roland Franssen
Remon van de Kamp
ProgMiner
Thomas Royer
Maxime Steinhausser
David Maicher
Gabriel Ostrolucký
Iltar van der Berg
