This PR was squashed before being merged into the 3.4 branch (closes#27596).
Discussion
----------
[Framework][Workflow] Added support for interfaces
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| License | MIT
I consider this to be a bugfix in config, because `ClassInstanceSupportStrategy` (`InstanceOfSupportStrategy`) actually works with interfaces. Therefore propose to 3.4.
Commits
-------
6104c28c08 [Framework][Workflow] Added support for interfaces
* 3.4:
[VarDumper] Fix dumping ArrayObject and ArrayIterator instances
[ProxyManagerBridge] Fixed support of private services
[Cache] Fix typo in comment.
Fix bad method call with guard authentication + session migration
This PR was merged into the 3.4 branch.
Discussion
----------
[ProxyManagerBridge] Fixed support of private services
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #...
| License | MIT
| Doc PR |
<!--
Write a short README entry for your feature/bugfix here (replace this comment block.)
This will help people understand your PR and can be used as a start of the Doc PR.
Additionally:
- Bug fixes must be submitted against the lowest branch where they apply
(lowest branches are regularly merged to upper ones so they get the fixes too).
- Features and deprecations must be submitted against the master branch.
-->
Fixed lazy loading of private services, that was broken since Symfony 4.0 release because of renaming
addObjectResource
fa022f05be/src/Symfony/Component/DependencyInjection/CHANGELOG.md (L114)
Commits
-------
198bee0916 [ProxyManagerBridge] Fixed support of private services
This PR was merged into the 2.8 branch.
Discussion
----------
[VarDumper] Fix dumping ArrayObject and ArrayIterator instances
| Q | A
| ------------- | ---
| Branch? | 2.8
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
Properties added on child classes of `ArrayObject` and `ArrayIterator`, or dynamic properties added on instances of them were now properly dumped. This fixes it.
![image](https://user-images.githubusercontent.com/243674/41349429-2660cbc6-6f10-11e8-8015-a3d6ad8b0c9c.png)
Commits
-------
3ecabfc36e [VarDumper] Fix dumping ArrayObject and ArrayIterator instances
This PR was merged into the 4.1 branch.
Discussion
----------
[FrameworkBundle] give access to non-shared services when using test.service_container
| Q | A
| ------------- | ---
| Branch? | 4.1
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #27488
| License | MIT
| Doc PR | -
Commits
-------
516ff5a985 [FrameworkBundle] give access to non-shared services when using test.service_container
This PR was submitted for the master branch but it was merged into the 3.4 branch instead (closes#27598).
Discussion
----------
[Cache] Fix typo in comment.
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | n/a
| License | MIT
| Doc PR | n/a
It's just a typo fix.
Commits
-------
39dd9b2f97 [Cache] Fix typo in comment.
This PR was merged into the 4.1 branch.
Discussion
----------
Avoid calling eval when there is no script embedded in the toolbar
| Q | A
| ------------- | ---
| Branch? | 4.1
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #27583
| License | MIT
| Doc PR | n/a
#27189 changed the way embedded scripts were eval'd for the toolbar. But it also refactored the code in a way triggering `eval` all the time, even when there is no embedded script, which was reported several times as an issue with CSP.
While the debug panel (showing dumps) still requires having `unsafe-eval` in the CSP header (due to embedding scripts that we eval), this PR reverts back to the behavior of Symfony 4.0 and older, where only toolbars actually embedding scripts have this CSP compat issue.
Commits
-------
a0f78a5e0b Avoid calling eval when there is no script embedded in the toolbar
This PR was squashed before being merged into the 2.8 branch (closes#27581).
Discussion
----------
Fix bad method call with guard authentication + session migration
| Q | A
| ------------- | ---
| Branch? | 2.8
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no (but there needs to be on master)
| Tests pass? | yes
| Fixed tickets | #27577
| License | MIT
| Doc PR | n/a
I messed up #27452 :/. Guard is the one class where the session migration is not on the listener, it's on the handler. The tricky part is that there is only ONE handler (unlike listeners where there is 1 listener per firewall). That means that implementing a session migration strategy that avoids stateless firewalls was a bit more tricky: I could only think to inject a map into `GuardAuthenticationHandler`. On the bright side, this also fixes session migration (not happening) when people call the `authenticateUserAndHandleSuccess()` method directly.
On master, we'll need to add a deprecation to make the 3rd argument of `authenticateWithToken()` required - it's optional now for BC. We may also need to re-order the constructor args.
I DID test this in a real 2.8 project, to make sure that things were properly wired up. Apologies for not doing that for the other PR.
Cheers!
Commits
-------
2c0ac93 Fix bad method call with guard authentication + session migration
This PR was merged into the 4.1 branch.
Discussion
----------
[FrameworkBundle] fix for allowing single colon controller notation
| Q | A
| ------------- | ---
| Branch? | 4.1
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #27522
| License | MIT
| Doc PR | -
This fixes a BC break introduced in https://github.com/symfony/symfony/pull/26085#pullrequestreview-126370222.
ping @Tobion
Commits
-------
1680674174 [FrameworkBundle] fix for allowing single colon controller notation
* 4.0:
fixed CS
Avoiding session migration for stateless firewall UsernamePasswordJsonAuthenticationListener
fixed CS
Avoid migration on stateless firewalls
[Serializer] deserialize from xml: Fix a collection that contains the only one element
[PhpUnitBridge] Fix error on some Windows OS
[DI] Deduplicate generated proxy classes
* 3.4:
fixed CS
Avoiding session migration for stateless firewall UsernamePasswordJsonAuthenticationListener
fixed CS
Avoid migration on stateless firewalls
[Serializer] deserialize from xml: Fix a collection that contains the only one element
[PhpUnitBridge] Fix error on some Windows OS
[DI] Deduplicate generated proxy classes
This PR was squashed before being merged into the 3.4 branch (closes#27556).
Discussion
----------
Avoiding session migration for stateless firewall UsernamePasswordJsonAuthenticationListener
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | Related to #27395
| License | MIT
| Doc PR | symfony/symfony-docs#9860
This is the sister PR to #27452, which covered all the other authentication listeners.
Commits
-------
c06f3229de Avoiding session migration for stateless firewall UsernamePasswordJsonAuthenticationListener
This PR was squashed before being merged into the 2.8 branch (closes#27452).
Discussion
----------
Avoid migration on stateless firewalls
| Q | A
| ------------- | ---
| Branch? | 2.8
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | Related to #27395
| License | MIT
| Doc PR | symfony/symfony-docs#9860
This is a proof-of-concept. Once we agree / are happy, I need to add this to all of the other authentication mechanisms that recently got the session migration code & add tests.
Basically, this avoids migrating the session if the firewall is stateless. There were 2 options to do this:
A) Make the `SessionAuthenticationStrategy` aware of all stateless firewalls. **This is the current approach**
or
B) Make each individual authentication listener aware whether or not *its* firewall is stateless.
Commits
-------
cca73bb564 Avoid migration on stateless firewalls
This PR was squashed before being merged into the 3.4 branch (closes#27326).
Discussion
----------
[Serializer] deserialize from xml: Fix a collection that contains the only one element
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #27279
| License | MIT
| Doc PR |
In xml when parent node (`restaurants`) contains several children nodes with the same tag (`restaurant`) it is clear that the children form a collection:
```
restaurants = {array} [1]
restaurant = {array} [2]
0 = {array} [2]
name = "Some restaurant name"
type = "Chinese"
1 = {array} [2]
name = "Another restaurant name"
type = "Italian"
```
Afterwards the object denormalizer has no problem to create a collection of restaurants.
But when there is only one child (`restaurant`) the decoded normalized array will not contain a collection:
```
restaurants = {array} [1]
restaurant = {array} [2]
name = "Some restaurant name"
type = "Chinese"
```
In this situation the object denormalizer threw unexpected exception. This PR modifies `AbstractObjectNormalizer` that is it will fill a collection containing the sole element properly.
Commits
-------
1f346f446d [Serializer] deserialize from xml: Fix a collection that contains the only one element
This PR was squashed before being merged into the 4.1 branch (closes#27562).
Discussion
----------
[HttpKernel] Log/Collect exceptions at prio 0
| Q | A
| ------------- | ---
| Branch? | 4.1
| Bug fix? | yes
| New feature? | no
| BC breaks? | no, fixes one
| Deprecations? | no
| Tests pass? | yes <!-- please add some, will be required by reviewers -->
| Fixed tickets | #27440
| License | MIT
| Doc PR | symfony/symfony-docs#... <!-- required for new features -->
So that it runs after the security exception listener, which runs at prio 1.
Im not sure what to do with the (wrong) changelog entry for 4.1.0 at this point.. should we add a new entry for 4.1.1?
Commits
-------
85b832bcc9 [HttpKernel] Log/Collect exceptions at prio 0
This PR was submitted for the master branch but it was merged into the 3.4 branch instead (closes#27567).
Discussion
----------
[PhpUnitBridge] Fix error on some Windows OS
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #27439
| License | MIT
Bug Fix on PHPUnit Bridge
Commits
-------
50979b5ea4 [PhpUnitBridge] Fix error on some Windows OS