* 5.1:
[Console] Reset question validator attempts only for actual stdin (bis)
Fix CookieClearingLogoutListener DI configuration
[HttpFoundation] use InputBag for Request::$request only if data is coming from a form
Make PhpDocExtractor compatible with phpDocumentor v5
fixed prototype block prefixes hierarchy of the CollectionType
Reset question validator attempts only for actual stdin
fixed block prefixes hierarchy of the CollectionType
bumped Symfony version to 5.0.11
updated VERSION for 5.0.10
updated CHANGELOG for 5.0.10
bumped Symfony version to 4.4.11
updated VERSION for 4.4.10
updated CHANGELOG for 4.4.10
This PR was squashed before being merged into the 5.2-dev branch.
Discussion
----------
SCA: file_exists -> is_dir|is_file in foundation and kernel
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | no
| Deprecations? | no
| Tickets | n/a
| License | MIT
| Doc PR | n/a
Inspired by #36556 and replaces file_exists with is_dir|is_file alternative in order to leverage built-in cache advantages.
Commits
-------
0c467691b2 SCA: file_exists -> is_dir|is_file in foundation and kernel
* 5.1:
[FrameworkBundle] Fix MicroKernelTrait for php 8
[DependencyInjection] Fixed tests for wither with static return type.
[HttpFoundation] Avoid TypeError when calling \SessionHandlerInterface::gc().
Don't call method_exists() with non-objects.
[Lock] skip tests when ext-mongo is not installed
[HttpClient] Adjust AmpResponse to the stricter trait handling in php 8.
[FrameworkBundle] don't use abstract methods in MicroKernelTrait, their semantics changed in PHP 8
* 5.1: (33 commits)
[Cache] $lifetime cannot be null
[Serializer] minor cleanup
fix merge
Run PHP 8 as 7.4.99
Remove calls to deprecated ReflectionParameter::getClass().
[VarDumper] fix PHP 8 support
Removed "services" prototype node from "custom_authenticator"
Add php 8 to travis.
[Cache] Accessing undefined constants raises an Error in php8
[Cache] allow DBAL v3
Skip Doctrine DBAL on php 8 until we have a compatible version.
[DomCrawler] Catch expected ValueError.
Made method signatures compatible with their corresponding traits.
[ErrorHandler] Apply php8 fixes from Debug component.
[DomCrawler] Catch expected ValueError.
[Validator] Catch expected ValueError.
[VarDumper] ReflectionFunction::isDisabled() is deprecated.
[BrowserKit] Raw body with custom Content-Type header
Revert https://github.com/symfony/symfony/pull/34986
Make ExpressionLanguageSyntax validator usable with annotation
...
* 5.0: (28 commits)
[Cache] $lifetime cannot be null
[Serializer] minor cleanup
fix merge
Run PHP 8 as 7.4.99
Remove calls to deprecated ReflectionParameter::getClass().
[VarDumper] fix PHP 8 support
Add php 8 to travis.
[Cache] Accessing undefined constants raises an Error in php8
[Cache] allow DBAL v3
Skip Doctrine DBAL on php 8 until we have a compatible version.
[DomCrawler] Catch expected ValueError.
Made method signatures compatible with their corresponding traits.
[ErrorHandler] Apply php8 fixes from Debug component.
[DomCrawler] Catch expected ValueError.
[Validator] Catch expected ValueError.
[VarDumper] ReflectionFunction::isDisabled() is deprecated.
[BrowserKit] Raw body with custom Content-Type header
[PropertyAccess] Parse php 8 TypeErrors correctly.
[Intl] Fix call to ReflectionProperty::getValue() for static properties.
[HttpKernel] Prevent calling method_exists() with non-string values.
...
* 4.4: (27 commits)
[Serializer] minor cleanup
fix merge
Run PHP 8 as 7.4.99
Remove calls to deprecated ReflectionParameter::getClass().
[VarDumper] fix PHP 8 support
Add php 8 to travis.
[Cache] Accessing undefined constants raises an Error in php8
[Cache] allow DBAL v3
Skip Doctrine DBAL on php 8 until we have a compatible version.
[DomCrawler] Catch expected ValueError.
Made method signatures compatible with their corresponding traits.
[ErrorHandler] Apply php8 fixes from Debug component.
[DomCrawler] Catch expected ValueError.
[Validator] Catch expected ValueError.
[VarDumper] ReflectionFunction::isDisabled() is deprecated.
[BrowserKit] Raw body with custom Content-Type header
[PropertyAccess] Parse php 8 TypeErrors correctly.
[Intl] Fix call to ReflectionProperty::getValue() for static properties.
[HttpKernel] Prevent calling method_exists() with non-string values.
Fix wrong roles comparison
...
* 3.4:
Skip Doctrine DBAL on php 8 until we have a compatible version.
[DomCrawler] Catch expected ValueError.
[Validator] Catch expected ValueError.
[VarDumper] ReflectionFunction::isDisabled() is deprecated.
[PropertyAccess] Parse php 8 TypeErrors correctly.
[Intl] Fix call to ReflectionProperty::getValue() for static properties.
[HttpKernel] Prevent calling method_exists() with non-string values.
[Debug] php 8 does not pass $context to error handlers.
[Config] Removed implicit cast of ReflectionProperty to string.
[Debug] Undefined variables raise a warning in php 8.
[Debug] Skip test that would trigger a fatal error on php 8.
Address deprecation of ReflectionType::getClass().
Properties $originalName and $mimeType are never null in UploadedFile
* 5.1:
[PhpUnitBridge] fix leftover
[PhpUnitBridge] fix installing under PHP >= 8
Use ">=" for the "php" requirement
bump icu 67.1
[DI] Remove preload primitive types
[Validator] Add missing translations of nn locale
[HttpKernel] Fix that the `Store` would not save responses with the X-Content-Digest header present
[Intl] bump icu 67.1
[Validator] allow passing a validator to Validation::createCallable()
* 5.0: (26 commits)
[Filesystem] Handle paths on different drives
[WebProfiler] Do not add src-elem CSP directives if they do not exist
[Yaml] fix parse error when unindented collections contain a comment
Execute docker dependent tests with github actions
Update exception.html.php
[3.4][Inflector] Improve testSingularize() argument name
[Inflector] Fix testPluralize() arguments names
[PhpUnitBridge] fix PHP 5.3 compat again
Skip validation when email is an empty object
fix sr_Latn translation
[Validator] fix lazy property usage.
Fix annotation
[Debug][ErrorHandler] cleanup phpunit.xml.dist files
[Translation] Fix for translation:update command updating ICU messages
[PhpUnitBridge] fix compat with PHP 5.3
bumped Symfony version to 5.0.9
updated VERSION for 5.0.8
updated CHANGELOG for 5.0.8
bumped Symfony version to 4.4.9
updated VERSION for 4.4.8
...
* 4.4: (23 commits)
[Filesystem] Handle paths on different drives
[WebProfiler] Do not add src-elem CSP directives if they do not exist
[Yaml] fix parse error when unindented collections contain a comment
Execute docker dependent tests with github actions
Update exception.html.php
[3.4][Inflector] Improve testSingularize() argument name
[Inflector] Fix testPluralize() arguments names
[PhpUnitBridge] fix PHP 5.3 compat again
Skip validation when email is an empty object
fix sr_Latn translation
[Validator] fix lazy property usage.
Fix annotation
[Debug][ErrorHandler] cleanup phpunit.xml.dist files
[Translation] Fix for translation:update command updating ICU messages
[PhpUnitBridge] fix compat with PHP 5.3
bumped Symfony version to 4.4.9
updated VERSION for 4.4.8
updated CHANGELOG for 4.4.8
provide a useful message when extension types don't match
[Cache] Fixed not supported Redis eviction policies
...
* 4.4:
[HttpFoundation] workaround PHP bug in the session module
[SecurityBundle] fix accepting env vars in remember-me configurations
[Form] Fixed handling groups sequence validation
[Cache] Avoid memory leak in TraceableAdapter::reset()
This PR was merged into the 5.1-dev branch.
Discussion
----------
[HttpFoundation] Add InputBag
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| Deprecations? | yes
| License | MIT
When ppl read a request attribute, they never check if an array is returned
This means many apps just fail with a 500 when adding `[]` in the query string.
This PR turns them to 400 basically (with a deprecation for now)
Commits
-------
0a2ef70c04 [HttpFoundation] add InputBag
* 5.0:
[PropertyAccess] fix tests
[WebProfilerBundle] fix test
remove assertions that can never be reached
[PropertyAccess] Improve message of unitialized property in php 7.4
[HttpFoundation] Fixed session migration with custom cookie lifetime
[HttpKernel][FrameworkBundle] fix compat with Debug component
[Serializer] Remove unused variable
Allow URL-encoded special characters in basic auth part of URLs
[Serializer] Fix unitialized properties (from PHP 7.4.2) when serializing context for the cache key
[Validator] Add missing Ukrainian and Russian translations
Track session usage when setting the token
[4.4][MonologBridge] Fix $level type
[5.0][MonologBridge] Fix $level type
No need to reconnect the bags to the session
Support for Content Security Policy style-src-elem and script-src-elem in WebProfiler
[PropertyInfo][ReflectionExtractor] Check the array mutator prefixes last when the property is singular
[Security][Http][SwitchUserListener] Ignore all non existent username protection errors
Add installation and minimal example to README
* 4.4:
[PropertyAccess] fix tests
[WebProfilerBundle] fix test
remove assertions that can never be reached
[PropertyAccess] Improve message of unitialized property in php 7.4
[HttpFoundation] Fixed session migration with custom cookie lifetime
[HttpKernel][FrameworkBundle] fix compat with Debug component
[Serializer] Remove unused variable
Allow URL-encoded special characters in basic auth part of URLs
[Serializer] Fix unitialized properties (from PHP 7.4.2) when serializing context for the cache key
[Validator] Add missing Ukrainian and Russian translations
Track session usage when setting the token
[4.4][MonologBridge] Fix $level type
No need to reconnect the bags to the session
Support for Content Security Policy style-src-elem and script-src-elem in WebProfiler
[PropertyInfo][ReflectionExtractor] Check the array mutator prefixes last when the property is singular
[Security][Http][SwitchUserListener] Ignore all non existent username protection errors
Add installation and minimal example to README
* 3.4:
[PropertyAccess] fix tests
[WebProfilerBundle] fix test
remove assertions that can never be reached
[PropertyAccess] Improve message of unitialized property in php 7.4
[HttpFoundation] Fixed session migration with custom cookie lifetime
[Serializer] Remove unused variable
Allow URL-encoded special characters in basic auth part of URLs
[Serializer] Fix unitialized properties (from PHP 7.4.2) when serializing context for the cache key
[Validator] Add missing Ukrainian and Russian translations
No need to reconnect the bags to the session
Support for Content Security Policy style-src-elem and script-src-elem in WebProfiler
[PropertyInfo][ReflectionExtractor] Check the array mutator prefixes last when the property is singular
This PR was squashed before being merged into the 3.4 branch.
Discussion
----------
[HttpFoundation] Fixed session migration with custom cookie lifetime
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | Fix#28577
| License | MIT
| Doc PR |
This PR adds the fix proposed in https://github.com/symfony/symfony/issues/28577#issuecomment-578052397
Commits
-------
3e824de385 [HttpFoundation] Fixed session migration with custom cookie lifetime
This PR was merged into the 5.1-dev branch.
Discussion
----------
[HttpFoundation][HttpKernel][Security] Improve UnexpectedSessionUsageException backtrace
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes <!-- please update src/**/CHANGELOG.md files -->
| Deprecations? | no <!-- please update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| Tickets |
| License | MIT
| Doc PR |
Improve `UnexceptedSessionUsageException` backtrace so that it leads to the place in the userland where it was told to use session.
Commits
-------
1e1d332c7c Improve UnexcpectedSessionUsageException backtrace
* 5.0:
[HttpFoundation] Do not set the default Content-Type based on the Accept header
[Security] Fix access_control behavior with unanimous decision strategy
* 4.4:
[HttpFoundation] Do not set the default Content-Type based on the Accept header
[Security] Fix access_control behavior with unanimous decision strategy
* 5.0: (27 commits)
Fix versions
[Security/Http] Allow setting cookie security settings for delete_cookies
[DI] fix generating TypedReference from PriorityTaggedServiceTrait
[FrameworkBundle] revert to legacy wiring of the session when circular refs are detected
bumped Symfony version to 3.4.40
updated VERSION for 3.4.39
update CONTRIBUTORS for 3.4.39
updated CHANGELOG for 3.4.39
[DomCrawler] Fix BC break in assertions breaking Panther
[BrowserKit] fixed missing post request parameters in file uploads
update Italian translation
[Validator] Add missing Hungarian translations
[Validator] Add the missing translations for the Arabic (ar) locale
[Validator] Add missing vietnamese translations
[Console] Fix OutputStream for PHP 7.4
add missing gitattributes for phpunit-bridge
add German translations
Bump Symfony version to 5.0.7
Update VERSION for 5.0.6
Update CHANGELOG for 5.0.6
...
* 5.0:
[Http Foundation] Fix clear cookie samesite
[Security] Check if firewall is stateless before checking for session/previous session
[Form] Support customized intl php.ini settings
[Security] Remember me: allow to set the samesite cookie flag
[Debug] fix for PHP 7.3.16+/7.4.4+
[Validator] Backport translations
[Mailer] Use %d instead of %s for error code in error messages
[HttpKernel] fix locking for PHP 7.4+
[Security] Fixed hardcoded value of SODIUM_CRYPTO_PWHASH_MEMLIMIT_INTERACTIVE
Prevent warning in proc_open()
[FrameworkBundle] Fix Router Cache
Fix deprecation messages
* 4.4:
[Http Foundation] Fix clear cookie samesite
[Security] Check if firewall is stateless before checking for session/previous session
[Form] Support customized intl php.ini settings
[Security] Remember me: allow to set the samesite cookie flag
[Debug] fix for PHP 7.3.16+/7.4.4+
[Validator] Backport translations
[Mailer] Use %d instead of %s for error code in error messages
[HttpKernel] fix locking for PHP 7.4+
[Security] Fixed hardcoded value of SODIUM_CRYPTO_PWHASH_MEMLIMIT_INTERACTIVE
Prevent warning in proc_open()
[FrameworkBundle] Fix Router Cache
Fix deprecation messages
* 3.4:
[Http Foundation] Fix clear cookie samesite
[Security] Check if firewall is stateless before checking for session/previous session
[Form] Support customized intl php.ini settings
[Security] Remember me: allow to set the samesite cookie flag
[Debug] fix for PHP 7.3.16+/7.4.4+
[Validator] Backport translations
Prevent warning in proc_open()
* 5.0:
[DI] Fix CheckTypeDeclarationPass
[Security/Http] don't require the session to be started when tracking its id
[DI] fix preloading script generation
* 4.4:
[DI] Fix CheckTypeDeclarationPass
[Security/Http] don't require the session to be started when tracking its id
[DI] fix preloading script generation
