This PR was merged into the 4.4 branch.
Discussion
----------
[4.4] Disallow symfony/contracts v2
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | N/A
| License | MIT
| Doc PR | N/A
Travis is red at the moment because unit tests on 4.4 are run against the incompatible event dispatcher contracts v2. https://travis-ci.org/symfony/symfony/jobs/609622341#L4719-L4725
~~This PR proposes to switch to individual packages, so we can specifically disallow those incompatible contracts.~~
This PR pins the `symfony/contracts` package to v1.1 on `symfony/symfony`.
Commits
-------
f2dc2d6d8b Disallow symfony/contracts v2.
This PR was merged into the 4.4 branch.
Discussion
----------
[Security] Fix defining multiple roles per access_control rule
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | https://github.com/symfony/symfony-docs/pull/12371 needs to be reverted
#33584 deprecated passing multiple attributes to `AccessDecisionManager::decide()`, but this change must not impact `access_control` as you cannot define multiple rules with the same criteria for request matching (the first match wins).
Commits
-------
338b3dfd9f [Security] Fix defining multiple roles per access_control rule
This PR was merged into the 4.4 branch.
Discussion
----------
[Messenger] Fixed bad event dispatcher mocks
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | N/A
| License | MIT
| Doc PR | N/A
`EventDispatcherInterface::dispatch()` must return the passed event object. This PR fixes two mocks that violated this contract.
Commits
-------
103930039b [Messenger] Fixed bad event dispatcher mocks.
This PR was merged into the 3.4 branch.
Discussion
----------
[Routing] revert the return type for UrlGeneratorInterface::generate to remove null
…to remove null
| Q | A
| ------------- | ---
| Branch? | 3.4 (only)
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| License | MIT
Bit of a casualty of commit tennis this:
A change to add `null` here as an option for how `UrlGeneratorInterface::generate()` (rather than the concrete `UrlGenerator`) was merged in https://github.com/symfony/symfony/pull/28321, but then [reverted](90494c20cc) for the reason [that this could be seen as a BC break](https://github.com/symfony/symfony/pull/28321#issuecomment-418540080), as the `null` return had not previously been documented (and is still not as part of the interface method docs).
However, in a subsequent change (https://github.com/symfony/symfony/pull/33252) with a wider scope, this doc change was added _back_ in order to reflect the underlying implementation as a result of a PHPStorm plugin complaining. There's no indication though of what a `null` return here though would mean, and for the same reason as the first revert (that this should be seen as a BC break), I'd like to submit this to be reverted for the 3.4 branch. (In 4.4 the `null` has already been removed.)
Having the interface indicating that this method can return `null` necessitates introducing a lot of actually redundant null checks in code that is covered by static analysis tools such as PHPStan.
Commits
-------
9f853f324f [Routing] revert the return type for UrlGeneratorInterface::generate to remove null
This PR was merged into the 4.3 branch.
Discussion
----------
[Workflow] Simplified EventDispatcherMock
| Q | A
| ------------- | ---
| Branch? | 4.3
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| Tickets | N/A
| License | MIT
| Doc PR | N/A
This PR simplifies the Workflow component's mock implementation of the event dispatcher by implementing the much simpler contracts interface instead of the full-blown component interface.
Commits
-------
5aee181c83 [Workflow] Simplified EventDispatcherMock.
This PR was merged into the 4.4 branch.
Discussion
----------
[HttpFoundation] Add a way to anonymize IPs
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR | symfony/symfony-docs#... <!-- required for new features --> TODO
This is helpful for GDPR compliance reasons, and it isn't much code saved but it's also good if you don't have to think about how to do it.
Commits
-------
9e62330bc4 [HttpFoundation] Add a way to anonymize IPs
This PR was merged into the 4.4 branch.
Discussion
----------
[DI] Remove LazyString from 4.4, before adding back to the String component
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | -
In #34190 I'm proposing to move LazyString to the Service contracts, but String might be a better fit actually. Let's remove the class from 4.4 where it's not really needed, and add it back on 5.0 in the String component.
Commits
-------
b1a3ee76ac [DI] Remove LazyString from 4.4, before adding back to the String component
This PR was merged into the 4.3 branch.
Discussion
----------
[Workflow] Fix error when we use ValueObject for the marking property
| Q | A
| ------------- | ---
| Branch? | 4.3
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | Fix#28203#22031
| License | MIT
Fix Illegal offset type in `MethodMarkingStore` class when we use Value Object for
the marking property.
Now, we can avoid to use only a string an we can have a Subject class with a Value Object like this :
```php
final class State
{
public const DRAFT = 'draft';
public const REVIEWED = 'reviewed';
public const REJECTED = 'rejected';
public const PUBLISHED = 'published';
/** @var string */
private $state;
public function __construct(string $state)
{
// some validation
$this->state = $state;
}
public function __toString()
{
return $this->state;
}
public static function Draft()
{
return new self(self::DRAFT);
}
...
}
final class Subject
{
private $marking;
public function __construct(State $marking = null)
{
$this->marking = $marking;
}
public function getMarking()
{
return $this->marking;
}
public function setMarking($marking)
{
$this->marking = $marking instanceof State ? $marking : new State($marking);
}
```
Commits
-------
6570d5cbe2 Fix error when we use VO for the marking property
This PR was merged into the 4.4 branch.
Discussion
----------
[Console] Add support for NO_COLOR env var
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | no
| New feature? | yes
| Deprecations? | no
| License | MIT
| Doc PR |
Adds support for https://no-color.org/ - ideally this would be considered a bugfix and added to older releases IMO, but submitting as new feature for now.
cc @johnstevenson
Commits
-------
c1b0a8e956 Add support for NO_COLOR env var
This PR was merged into the 4.4 branch.
Discussion
----------
[DI][FrameworkBundle] add EnvVarLoaderInterface - remove SecretEnvVarProcessor
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | -
This PR allows encrypting any env vars - not only those using the `%env(secret:<...>)%` processor (and the processor is removed actually).
It does so by introducing a new `EnvVarLoaderInterface` (and a corresponding `container.env_var_loader` tag), which are objects that should return a list of key/value pairs that will be accessible via the regular `%env(FOO)%` syntax.
The PR fixes a few issues found meanwhile. One is especially important: files in the vault should end with `.php` to protect against inadvertant exposures of the document root.
Commits
-------
ba2148fff3 [DI][FrameworkBundle] add EnvVarLoaderInterface - remove SecretEnvVarProcessor
This PR was merged into the 4.4 branch.
Discussion
----------
[DependencyInjection] Added option `ignore_errors: not_found` for imported config files
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | yes
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | symfony/symfony-docs#11647
If someone want to add optional config file. The only available choice was to add `ignore_errors: true` option
e.g.
```
imports:
- { resource: parameters.yml, ignore_errors: true }
```
But this will hide all errors in imported file. We ran in many situations that broke our Symfony applications because we had a typo in this imported files.
This PR introduce new possible value `not_found` for `ignore_errors` option. It can be used for optional config files like the `ignore_errors: true`, but it will ignore only the file non-existence, not the possible syntax errors inside.
Usage:
```
imports:
- { resource: parameters.yml, ignore_errors: not_found}
```
Commits
-------
e0ee01c10d [DependencyInjection] Added option `ignore_errors: not_found` while importing config files
This PR was merged into the 4.4 branch.
Discussion
----------
[FrameworkBundle] fix SodiumVault after stof review
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | -
| License | MIT
| Doc PR | -
As spotted by @stof in https://github.com/symfony/symfony/pull/34275#pullrequestreview-313355834
Commits
-------
a594599078 [FrameworkBundle] fix SodiumVault after stof review
* 4.3:
[DI] Dont cache classes with missing parents
[HttpClient] Fix a crash when calling CurlHttpClient::__destruct()
[Validator] Add the missing translations for the Hebrew (\"he\") locale and fix 2 typos
[FrameworkBundle][Translation] Invalidate cached catalogues when the scanned directories change
This PR was merged into the 4.3 branch.
Discussion
----------
[HttpClient] Fix a crash when calling CurlHttpClient::__destruct()
| Q | A
| ------------- | ---
| Branch? | 4.3
| Bug fix? | yes
| New feature? | no <!-- please update src/**/CHANGELOG.md files -->
| Deprecations? | no <!-- please update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| Tickets | n/a
| License | MIT
| Doc PR | n/a
I've not identified the exact issue, but when the profiler is enabled, an HttpClient instance is created and not used, then a crash occurs when `__destruct()` is called because `$this->mutli->handle` value is `0` has this point, while `curl_multi_setopt` expect a `resource`.
This PR fixes the issue, but it's maybe not the good approach.
Reproducer: symfony/mercure-bundle#14
curl version: 7.67.0
```
php -v
PHP 7.3.11 (cli) (built: Oct 24 2019 11:29:52) ( NTS )
Copyright (c) 1997-2018 The PHP Group
Zend Engine v3.3.11, Copyright (c) 1998-2018 Zend Technologies
with Zend OPcache v7.3.11, Copyright (c) 1999-2018, by Zend Technologies
with blackfire v1.27.1~mac-x64-non_zts73, https://blackfire.io, by Blackfire
```
Commits
-------
d2c5ffda52 [HttpClient] Fix a crash when calling CurlHttpClient::__destruct()
This PR was merged into the 4.4 branch.
Discussion
----------
Unallow symfony/http-kernel ^5.0
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| Tickets | https://github.com/symfony/symfony/pull/34265#discussion_r343739637
| License | MIT
| Doc PR | -
The components that have a data collector cannot be compatible with HttpKernel `DataCollectorInterface` 5.0.
Commits
-------
da454db947 Unallow symfony/http-kernel ^5.0
This PR was merged into the 4.4 branch.
Discussion
----------
[HttpClient] allow arbitrary JSON values in requests
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | no
| New feature? | no <!-- please update src/**/CHANGELOG.md files -->
| Deprecations? | no <!-- please update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| Tickets | n/a
| License | MIT
| Doc PR | n/a
Allow arbitrary values in the "json" request option. Previously values were
limitated to arrays and objects of type JsonSerializable. This doesn't account
for scalar values and classes with public properties (which don't need to
implement JsonSerializable), [all of which are perfectly acceptable arguments to
json_encode](https://www.php.net/manual/en/function.json-encode.php):
> value
> The value being encoded. Can be any type except a resource.
It seems silly to expect users to add classes implementing JsonSerializable to represent, say, scalar values or an empty object.
I'm not sure if you consider removed exceptional cases a BC break or not. I'm assuming "no" for now.
Commits
-------
e98731aabf [HttpClient] allow arbitrary JSON values in requests
