This PR was squashed before being merged into the 4.2-dev branch (closes#26261).
Discussion
----------
[Validator] Improvement: provide file basename for constr. violation messages in FileValidator.
| Q | A
| ------------- | ---
| Branch? | 3.4 <!-- see below -->
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | no
| License | MIT
| Doc PR | N/A
`\Symfony\Component\Validator\Constraints\FileValidator` provides absolute path to file on server when user, per example, uploads empty file, too large file, of wrong mime type, etc...
Absolute path to file on server does not have value to the end user, on top of that, exposing it can be a security issue - end user should not be aware of server filesystem.
Basename of file, however, has value (per example: MyAwesomeSheet.xlsx, MyCV.doc, etc..) - if something is wrong with file upload (size, mime, etc...).
If basename is exposed, we can construct messages like: "Your file 'MyCV.doc' is not allowed for upload due to....whatever"...
This PR provides basename of file so end user of `\Symfony\Component\Validator\Constraints\FileValidator` can construct error messages of higher value for end user.
Commits
-------
a77abadf06 [Validator] Improvement: provide file basename for constr. violation messages in FileValidator.
This PR was merged into the 4.2-dev branch.
Discussion
----------
[Finder] make reverse sorting a bit more generic
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | https://github.com/symfony/symfony/pull/27967#issuecomment-406991194
| License | MIT
| Doc PR | -
Commits
-------
ce861d1861 [Finder] make reverse sorting a bit more generic
This PR was merged into the 4.2-dev branch.
Discussion
----------
[Form] allow additional http methods in form configuration
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #26287
| License | MIT
| Doc PR | TBD
In order to allow HTTP methods other than GET, PUT, POST, DELETE and PATCH, the `allowed_methods` option under `framework.form` configuration has been added.
This configuration option adds the specified methods to the `FormConfigBuilder` whitelist, allowing that methods be used in form configuration via `setMethod` or the `method` option.
The use-case, that has been discussed in #26287, required the usage of custom HTTP method for describing a resource in an API application.
Commits
-------
27d228c3ee [Form] remove restriction on allowed http methods
This PR was submitted for the 2.8 branch but it was squashed and merged into the 4.2-dev branch instead (closes#26771).
Discussion
----------
[Filesystem] Fix mirroring a directory with a relative path and a custom iterator
| Q | A
| ------------- | ---
| Branch? | 2.8 up to 4.1
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
The Filesystem::mirror method with a Finder iterator doesn't work if the origin directory is relative.
This is a case where it won't work:
```
$dir = '/data/../data/';
$finder = (new Finder())->in($dir)->getIterator();
(new Filesystem())->mirror($dir, '/tmp', $finder);
```
The finder will return file objects like this :
```
SplFileInfo {
pathname: "/data/file.tmp"
...
}
```
But the following line will fail because because the `$file->getPathname()` and the `$originDir` are differents.
```
$target = $targetDir.substr($file->getPathname(), $originDirLen);
// $file->getPathname() = '/data/file.tmp'
// $originDirLen = strlen('/data/../data/') = 14
// $target = '/tmp' instead of '/tpm/file.tpm'
```
In some case, it's even worse. If the filename length is bigger than the `$originDirLen`, the target file will be a file with a completely wrong name:
```
// $file->getPathname() = '/data/file123456789.tmp'
// $originDirLen = strlen('/data/../data/') = 14
// $target = '/tmp/56789.tmp' instead of '/tpm/file123456789.tmp'
```
I fixed this on my side by using the realpath function everytime i'm calling the mirror method, but i doubt this is the desired behavior.
Commits
-------
27b673cbdd [Filesystem] Fix mirroring a directory with a relative path and a custom iterator
This PR was merged into the 4.2-dev branch.
Discussion
----------
[OptionsResolver] Added support for nesting options definition
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #4833
| License | MIT
| Doc PR | https://github.com/symfony/symfony-docs/pull/9995
I'd like to propose an alternative to #27251 and #18134 with a different approach.
It would allow you to create a nested options system with required options, validation (type, value),
normalization and more.
<details>
<summary><strong>Short documentation</strong></summary>
**To define a nested option, you can pass a closure as the default value of the option with an `OptionsResolver` argument:**
```php
$resolver
->defaults([
'connection' => 'default',
'database' => function (OptionsResolver $resolver) {
$resolver
->setRequired(['dbname', 'host', ...])
->setDefaults([
'driver' => 'pdo_sqlite',
'port' => function (Options $options) {
return 'pdo_mysql' === $options['driver'] ? 3306 : null,
},
'logging' => true,
])
->setAllowedValues('driver', ['pdo_sqlite', 'pdo_mysql'])
->setAllowedTypes('port', 'int')
->setAllowedTypes('logging', 'bool')
// ...
},
]);
$resolver->resolve(array(
'database' => array(
'dbname' => 'demo',
'host' => 'localhost',
'driver' => 'pdo_mysql',
),
));
// returns: array(
// 'connection' => 'default',
// 'database' => array(
// 'dbname' => 'demo',
// 'host' => 'localhost',
// 'driver' => 'pdo_mysql',
// 'port' => 3306,
// 'logging' => true,
// ),
//)
```
Based on this instance, you can define the options under ``database`` and its desired default
value.
**If the default value of a child option depend on another option defined in parent level,
adds a second ``Options`` argument to the closure:**
```php
$resolver
->defaults([
'profiling' => false,
'database' => function (OptionsResolver $resolver, Options $parent) {
$resolver
->setDefault('logging', $parent['profiling'])
->setAllowedTypes('logging', 'bool');
},
])
;
```
**Access to nested options from lazy or normalize functions in parent level:**
```php
$resolver
->defaults([
'version' => function (Options $options) {
return $options['database']['server_version'];
},
'database' => function (OptionsResolver $resolver) {
$resolver
->setDefault('server_version', 3.15)
->setAllowedTypes('server_version', 'numeric')
// ...
},
])
;
```
As condition, for nested options you must to pass an array of values to resolve it on runtime, otherwise an exception will be thrown:
```php
$resolver->resolve(); // OK
$resolver->resolve(['database' => []]); // OK
$resolver->resolve(['database' => null); // KO (Exception!)
```
</details>
---
Demo app https://github.com/yceruto/nested-optionsresolver-demo
Commits
-------
d04e40be5a Added support for nested options definition
This PR was merged into the 4.2-dev branch.
Discussion
----------
[VarDumper] Allow to use a light theme out of the box
| Q | A
| ------------- | ---
| Branch? | master <!-- see below -->
| Bug fix? | no
| New feature? | yes <!-- don't forget to update src/**/CHANGELOG.md files -->
| BC breaks? | no <!-- see https://symfony.com/bc -->
| Deprecations? | no <!-- don't forget to update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| Tests pass? | yes <!-- please add some, will be required by reviewers -->
| Fixed tickets | N/A <!-- #-prefixed issue number(s), if any -->
| License | MIT
| Doc PR | N/A
Wouldn't it be nice to provide this light theme out of the box? (the one we use in the profiler)
Commits
-------
c705b82563 [VarDumper] Allow to use a light theme out of the box
This PR was merged into the 4.2-dev branch.
Discussion
----------
[Finder] Added a way to inverse a previous sorting
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
---
Sometimes, it's useful to inverse the previous sorting.
For exemple when you want to display the most recent uploaded files
Commits
-------
3cd0dcaaee [Finder] Added a way to inverse a previous sorting
This PR was squashed before being merged into the 4.2-dev branch (closes#28061).
Discussion
----------
[Security] add port in access_control
| Q | A
| ------------- | ---
| Branch? | master for features
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #26071
| License | MIT
| Doc PR | https://github.com/symfony/symfony-docs/pull/10359
Add port in access_control
__Please Squash this P.R.__
Commits
-------
6413dcbe75 [Security] add port in access_control
This PR was merged into the 4.2-dev branch.
Discussion
----------
Added different protocols to be allowed as asset base_url
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | fixes#28238
| License | MIT
| Doc PR | symfony/symfony-docs#10347
In some cases you want to use the `file://` as base_url when you are for example generating pdf and want to avoid network requests to improve the pdf generation performance:
```yaml
framework:
assets:
packages:
pdf:
base_url: "file://%kernel.project_dir%/public"
```
usage:
```twig
{{ asset('image.jpg', 'pdf' }}
```
Commits
-------
2e21834b71 added different protocols to be allowed as asset base_urls
This PR was merged into the 4.2-dev branch.
Discussion
----------
[FrameworkBundle] Moving Cache-related CompilerPass to Cache component
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | no
| BC breaks? | yes
| Deprecations? | yes
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
Hi, first PR here 🎉
This is related to #27479 and a first work to move Cache-related CompilerPass out of `FrameworkBundle`, it allows to decouple part of the FrameworkBundle configuration classes.
Since we didn't choosed a fixed directory organization to manage theses, I actually did same as in Bundles and used DependencyInjection folder. If we do choose to follow my [last comment directory organization proposal](https://github.com/symfony/symfony/issues/27479#issuecomment-401307685), I'll move theses CompilerPass to `Framework/DependencyInjection/Compiler` directory (nothing hard here).
Thanks to @DanieleGBX that helped me checking this PR and gave me some good advices !
Here is a list of all CompilerPass I moved, with related component (I also moved related tests when they were present):
- **Cache** - CacheCollectorPass
- **Cache** - CachePoolClearerPass
- **Cache** - CachePoolPass
- **Cache** - CachePoolPrunerPass
Commits
-------
53e7040829 moving Cache-related compiler pass from FrameworkBundle to Cache component
This PR was squashed before being merged into the 4.2-dev branch (closes#28738).
Discussion
----------
[OptionsResolver] Passing Options argument to deprecation closure
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | https://github.com/symfony/symfony/pull/28721#discussion_r222686221
| License | MIT
| Doc PR | https://github.com/symfony/symfony-docs/pull/10439
As spotted here https://github.com/symfony/symfony/pull/28721, we sometimes need more advanced cases, where the deprecation of the value depends on another option:
```php
$resolver->setDeprecated('date_format', function (Options $options, $dateFormat) {
if (null !== $options['date_format'] && 'single_text' === $options['widget']) {
return sprintf('Using the "date_format" option of the %s when the "widget" option is set to "single_text" is deprecated since Symfony 4.2.', self::class);
}
return '';
});
```
There is still a decision to make:
> We're in time to change the arguments position (Options $options, $value) to be consistent with other closure signatures.
WDYT?
Commits
-------
29360510db [OptionsResolver] Passing Options argument to deprecation closure
This PR was merged into the 4.2-dev branch.
Discussion
----------
[Cache] add CacheInterface::delete() + improve CacheTrait
| Q | A
| ------------- | ---
| Branch? | 4.2
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
I've been hesitating a lot on this topic, but I think we should add a `delete()` method to `CacheInterface`.
Deleting is a very common invalidation strategy and invalidating by passing `$beta=INF` to `get()` has the drawback of requiring a fetch+unserialize+save-with-past-expiration. That's complexity that a delete removes.
This PR fixes an issue found meanwhile on `get()`: passing an `ItemInterface` to its callback makes it harder than required to implement on top of PSR-6. Let's pass a `CacheItemInterface`.
Lastly, the early expiration logic can be moved from the component to the trait shipped on contracts.
Here we are for all these steps.
Commits
-------
c6cf690b2f [Cache] add CacheInterface::delete() + improve CacheTrait
This PR was merged into the 4.2-dev branch.
Discussion
----------
[Form] simplify the form type extension registration
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #22833, #27906
| License | MIT
| Doc PR |
Commits
-------
6a1d4c5db4 simplify the form type extension registration
This PR was merged into the 4.2-dev branch.
Discussion
----------
[WebServerBundle] Added ability to display the current hostname address if available when binding to 0.0.0.0
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | ? (no tests for server commands)
| Fixed tickets | #28585
| License | MIT
| Doc PR | symfony/symfony-docs#... <!-- required for new features -->
Tries to get the local hostname into an ip (if available) using the PHP gethostname* methods.
Commits
-------
dfd2e8b4e6 [WebServerBundle] Added ability to display the current hostname address if available when binding to 0.0.0.0
This PR was merged into the 4.2-dev branch.
Discussion
----------
[DI] minor optim for dumped container
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
Spotted while reviewing a real-world dumped container.
Commits
-------
c1863e3a7a [DI] minor optim for dumped container
This PR was merged into the 4.2-dev branch.
Discussion
----------
[WebProfilerBundle] Extract server parameters into their own tab
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes-ish
| BC breaks? | no
| Deprecations? | no <!-- don't forget to update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| Tests pass? | yes <!-- please add some, will be required by reviewers -->
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
As using env vars is important as of Symfony 4, I think they deserves their own tab under the request section.
<!--
Write a short README entry for your feature/bugfix here (replace this comment block.)
This will help people understand your PR and can be used as a start of the Doc PR.
Additionally:
- Bug fixes must be submitted against the lowest branch where they apply
(lowest branches are regularly merged to upper ones so they get the fixes too).
- Features and deprecations must be submitted against the master branch.
-->
Commits
-------
8d477988d7 [WebProfilerBundle] extracted server parameters into their own tab
This PR was merged into the 4.2-dev branch.
Discussion
----------
[Messenger] Fix middleware docblocks
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
<!--
Write a short README entry for your feature/bugfix here (replace this comment block.)
This will help people understand your PR and can be used as a start of the Doc PR.
Additionally:
- Bug fixes must be submitted against the lowest branch where they apply
(lowest branches are regularly merged to upper ones so they get the fixes too).
- Features and deprecations must be submitted against the master branch.
-->
Commits
-------
f06c0c464a [Messenger] Fix middleware docblocks
This PR was merged into the 4.2-dev branch.
Discussion
----------
clarify the cache.pools.provider option
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | -
| Fixed tickets | -
| License | MIT
| Doc PR | https://github.com/symfony/symfony-docs/pull/10390
improve the documentation in Configuration.php with things we found out in https://github.com/symfony/symfony-docs/pull/10390
Commits
-------
ad4aaf151a clarify the cache.pools.provider option
This PR was merged into the 4.2-dev branch.
Discussion
----------
[Translator] Deprecated transChoice and moved it away from contracts
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | yes
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | Issue: https://github.com/symfony/symfony-docs/issues/10264
This will address comment made here: https://github.com/symfony/symfony/pull/27399#pullrequestreview-151929117
This PR moves the `transChoice()` method away from Contracts and back to the component. I also reverted changes in the `IdentityTranslator`. I will still use the deprecated `MessageSelector` but this is not fine since `transChoice()` is also deprecated.
Commits
-------
dc5f3bfff7 Make trans + %count% parameter resolve plurals
d870a850bd [Translator] Deprecated transChoice and moved it away from contracts
This PR was merged into the 4.2-dev branch.
Discussion
----------
[WebServerBundle] Deprecate relying on --env in server:start and server:run
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | yes
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
Commits
-------
31b5615b51 [WebServerBundle] Deprecate relying on --env in server:start and server:run
This PR was merged into the 4.2-dev branch.
Discussion
----------
[Messenger] Remove forgotten experimental annotation in Doctrine bridge
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | no
| BC breaks? | no <!-- see https://symfony.com/bc -->
| Deprecations? | no <!-- don't forget to update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| Tests pass? | yes <!-- please add some, will be required by reviewers -->
| Fixed tickets | -
| License | MIT
| Doc PR | -
<!--
Write a short README entry for your feature/bugfix here (replace this comment block.)
This will help people understand your PR and can be used as a start of the Doc PR.
Additionally:
- Bug fixes must be submitted against the lowest branch where they apply
(lowest branches are regularly merged to upper ones so they get the fixes too).
- Features and deprecations must be submitted against the master branch.
-->
Follow up of #28406
Commits
-------
fe54a3e379 Remove forgotten experimental annotation in Doctrine bridge
This PR was squashed before being merged into the 4.2-dev branch (closes#28505).
Discussion
----------
[Serialized] allow configuring the serialized name of properties through metadata
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #15171
| License | MIT
| Doc PR | https://github.com/symfony/symfony-docs/pull/10422
This leverage the new `AdvancedNameConverterInterface` interface (#27021) to implement a name converter that relies on metadata. The name to use is configured per property using a `@SerializedName` annotation or the `serialized-name` XML attribute or the `serialized_name` key for YAML.
This was exposed by @dunglas in https://github.com/symfony/symfony/pull/19374#issuecomment-418889589.
# Framework integration
For FramworkBundle integration, a ChainNameConverter could be added to allow users to use this name converter with a custom one.
# To do
- [x] add a CHANGELOG.md entry.
- [x] add a fallback.
- [x] add framework integration.
- [x] add local caching to `MetadataAwareNameConverter`.
- [x] add a doc PR.
Commits
-------
d1d1ceb38e [Serialized] allow configuring the serialized name of properties through metadata
This PR was squashed before being merged into the 4.2-dev branch (closes#28669).
Discussion
----------
[Serializer] Object class resolver
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR |
When normalizing an object, it could be useful to use a custom method to resolve the class name of it instead of using `get_class`.
For instance, Doctrine is using proxy classes for lazy-loading and we usually want the real class and not the proxied one.
That's why we are using this trait in API Platform: https://github.com/api-platform/core/blob/master/src/Util/ClassInfoTrait.php
With this feature, we could solve an issue in API Platform with the JSON-LD normalizer when the eager fetching is disabled.
Commits
-------
18d21439e0 [Serializer] Object class resolver
